Numbers Stations Move From Shortwave To VoIP

IO ERROR writes "For decades, intelligence agencies have been sending secret messages to their agents in the field using shortwave numbers stations broadcasting encrypted messages for all to hear and puzzle over. Now someone is putting numbers stations on VoIP telephone numbers for anyone to call, and posting messages to Craigslist to alert the recipients to the existence of their messages. One of them went up last month and now a second one has appeared. Will there be a third? Who's behind them? And can you crack the code?"

Numbers Station here on slashdot - OUTGOING!

[LiquidCoooled]

I'm sure a lot of us have noticed the stange messages like this:

OUTGOING
(Score:-1, Offtopic)
by Anonymous Coward on 21:04 1st August, 2005 (#13217474)
HELLO WORLD
38836 38836
HELLO WORLD
98481 98481 14101 14101 27700 27700 35003 35003 78743 78743
55984 55984 36482 36482 48376 48376 17577 17577 25568 25568
41432 41432 33120 33120 71600 71600 37482 37482 72016 72016
18165 18165 97172 97172 06235 06235 09179 09179 66815 66815
39131 39131 02234 02234 37138 37138 05015 05015 18609 18609
15481 15481 26568 26568 76909 76909 14869 14869 84844 84844
98467 98467 15173 15173 91438 91438 01957 01957 83393 83393
55263 55263 02335 02335 39565 39565 33152 33152 48263 48263
85656 85656 69752 69752 84232 84232 87361 87361 24560 24560
98390 98390 28772 28772 59461 59461 31312 31312 14942 14942
68574 68574 70946 70946 49109 49109 19694 19694 45323 45323
65157 65157 98866 98866 64012 64012 72983 72983
K-BYE

They have been an oddity until now, but hearing about these numbers stations makes me think our very own slashdot is being used as a covert channel.

Certainly piqued my curiosity more than once, it would be good to get to the bottom of it.

Couple of examples here and here, I've seen a few more, but they get lost quickly due to moderation.
The second one I posted has a bit of info about its origins here and links to a user and an apparent initial source of the messages.

Re:Numbers Station here on slashdot - OUTGOING!

[dgatwood]

My guess as to what the messages say?

Dearest Love,

Meet me behind the abandoned warehouse. Don't wear underwear.

Just a hunch.

Re:Numbers Station here on slashdot - OUTGOING!

Info @ Wikipedia: http://en.wikipedia.org/wiki/Slashdot_trolling_phe nomena#HELLO_WORLD

The person who originally added that to Wikipedia also added info to the "Islamic extremist terrorism" entry: http://en.wikipedia.org/w/index.php?title=Special: Contributions&target=85.226.168.107

Re:Numbers Station here on slashdot - OUTGOING!

[Gogo0]

They must be dupes!

I deciphered it!

[ScaryMonkey]

Always... drink... your... Ovaltine?

Doesn't that defeat secrecy?

[gd23ka]

I know it's the first thing that comes to mind but I'm sure They can monitor who calls ("tunes into") that phone number regularily. Broadcasts are anonymous and many people own shortwave radios, VOIP can be traced to a subscriber so what gives?

Re:Doesn't that defeat secrecy?

[Technician]

I know it's the first thing that comes to mind but I'm sure They can monitor who calls ("tunes into") that phone number regularily. Broadcasts are anonymous and many people own shortwave radios, VOIP can be traced to a subscriber so what gives?

You are thinging traditional VOIP subscriber. Buy an adaptor at ______ with cash. Activate it with a stolen card and ID. Hook it directly to a wireless access point in client mode. Wardrive near hotels. Park nearby for a couple days.

It's much harder to pinpoint the source than a radio signal. RF Direction equipment can triangulate a HF signal quite quickly.

Re:Doesn't that defeat secrecy?

[daranz]

Still, number stations are pretty much a one way means of communication. The whole idea behind them is that they can be broadcast from a secure location (ie, from the territory of the state running the agents), and received by any number of recipients, without anyone being able to detect the fact that the transmission was received. In case of voip, both sides are detectable - even if not eaisly traceable.

Also, the VoIP method is missing another point of the stations: with a radio station, you can remain tuned for as long as you wish, without the risk of detection increasing. Staying connected to a "number station" via VoIP means that you have to stay connected for prolonged amounts of time, increasing chances of detection, if only by a hotel employee who notes that someone was sitting on the hotel's wifi network for 24 hours. Besides, if one wants to use "number stations" over the Internet, one can simply post the numbers in any amount of places. It is easier and probably also safer to grab one text file off some FTP server, than it is to stay connected somewhere for a longer time. You might not get the message as fast then, but at least you're not sitting in a van next to your local Motel 6 for 3 days.

Re:Doesn't that defeat secrecy?

[harlows_monkeys]

You are thinging traditional VOIP subscriber. Buy an adaptor at ______ with cash. Activate it with a stolen card and ID. Hook it directly to a wireless access point in client mode. Wardrive near hotels. Park nearby for a couple days.

So, basically, instead of using a fairly innocuous radio, which is easy to explain away if apprehended, you propose that the secret agent go around carrying stolen cards and stolen ID and wardrive? I think the general idea is for spies to not call attention to themselves, and engaging in two or three activities that might be illegal even if not connected with spying is probably not the best procedure!

It's much harder to pinpoint the source than a radio signal. RF Direction equipment can triangulate a HF signal quite quickly.

The numbers stations broadcast on shortwave frequencies whose signals carry very far, with plenty of bounces off the ionosphere. You can triangulate them to approximately what quarter-hemisphere they come from. And even if the exact location were found, it wouldn't help catch the spy receiving the signal, nor even give any indication that the signal is for a spy in your country.

Eh, ok

[dk.r*nger]

The point of shortwave is that you can listen from anywhere, undetected.
Calling a phone leaves a bunch of traces. There is really no discreet way for our man in Havana to call longdistance and listening to numbers for a few minutes.
You could just put the numbers on a free website somewhere, or use email..

Re:it's a joke

[__aaclcg7560]

Haven't you heard? No one wants to be a computer scientist these days to figure out hard-to-crack computer codes. The CIA is hiring high school students with Microsoft certifications to create their secret codes. The fact that they got VOIP to work was a miracle in itself.

The Numbers?

4 8 15 16 23 42

Re:it's a joke

[abscissa]

there are a lot more sophisticated ways of hiding and transferring secret information. including texts, images, video and audio streams, ssl, gpg, tunneling, etc. why would anyone bother with a child games like that?

Because the publicity and simplicity of the cipher makes it very difficult to determine the intended recipent. Also, it may not be AES, but if it's a one-time-pad it's pretty damn secure.

Re:hmmm....

[Sentri]

Thats why the choice of VOIP is so odd, because although it does provide easy access, the prepaid account was emptied, meaning that its no longer accessible.

So its not the best way of doing it if you are really trying ot create a secure comms network. What would be better (though just as traceable) would be posting here, like first post said.

but the shortwave system still trumps it.

Lets analyse it:
What do you want from a secure comms network aimed (as these are supposedly meant to be) at undercover agents
1. Untraceable to the sender
2. Untraceable to the reciever
3. Universally Accessible
4. Undecodable

So we need something that is hard to find, easy to access and secure but hard to trace. Using something as logged and monitored as the internet would probably be a bad decision unless you use something like a coin operated internet kiosk to post and to retrieve, making it less accessible (in the here and now sense, a radio can arguably recieve information anywhere).

So why leave shortwave?
You wouldnt.

Thus this is probably a hobbyist, or a practical joker, or a viral marketing meme, or an elaborate hoax.

Waste of time

[caller9]

So some ham radio freaks or cryptologists are playing tricks. Who gives half a crap?

Want something really secure? Use one of those messages that self destruct like inspector gadget. As a bonus, it could really jack somebody up if thrown into their face. Also, they can be easily delivered by any method of transportation no matter how impossible, as evidenced by numerous Inspector Gadget episodes, where "the chief" maneuvers into some unthinkable situation only to have the tossed, usually over the shoulder, crumpled message end up giving him severe burns to his face and uppper body upon detination. Even when you go phew! because it totally missed you, guess what, you were wrong and you blow up anyway. Try and get with that hype shit NSA!

I think this is obvious.

[ScentCone]

It's the promo for Dan Brown's new book. All of the fashionable Masons are using VoIP for their rituals and world control these days.

Conet Project

[gEvil+(beta)]

Wow! 30 comments and no mention of the Conet Project. There's lots of great sound files there to make your officemates wonder what the hell you're up to...

or it's just a creative troll...

[SuperBanana]

They have been an oddity until now, but hearing about these numbers stations makes me think our very own slashdot is being used as a covert channel.

Or it's just a creative troll, hoping someone will spend hours or days trying to figure out meaning behind what's really just the numeric output of /dev/random or something.

I've honestly always though "number stations" were pretty much the same thing...someone having their jollies. Has anyone actually tried to get a fix on them? I thought HAMs loved doing "hunts"...why don't they do a "hunt" on some number stations some time?

Re:or it's just a creative troll...

Someone tracked down the Lincolnshire Poacher: http://home.luna.nl/~ary/lp.htm

I also thought someone used radio direction finding to follow one of the CIA stations to, well, the CIA.

Re:or it's just a creative troll...

[leathered]

No, they're not somebody trolling the airwaves, most governments are very careful to whom they issue SW broadcasting licenses, and anyone pulling stunts like that would have them revoked in a flash.

As another poster said one of the most infamous numbers station, the Lincolnshire Poacher, has been traced to an RAF base in Cyprus and a number of others have been triangulated, all of them leading to some sort of military or security service base.

Re:Silly

[Dachannien]

I'm not sure about that. VoIP has an unrelated and legitimate commercial interest behind it to support it not being blocked solely based on the virtue of it being VoIP, and thus anybody wanting to jam/block particular VoIP calls would have to know ahead of time at what phone number the message was going to appear. And there are a lot of phone numbers ;)

On the other hand, the various intelligence services have some pretty powerful jamming equipment that can render shortwave transmissions at least partially unintelligible. Numbers stations often work based on a schedule (in terms of both time and radio frequency), and once an intelligence service determines this schedule, they can wash out the frequency with crap at the appropriate time. Since the whole reason for numbers stations are that spies in the field are relatively incommunicado with their handlers, figuring out the schedule can have a fairly long-term impact on the spy being able to receive information and orders. In fact, the biggest question is likely where the jammer antenna should be positioned to ensure that the transmission will be jammed.

It's a *code* not a cipher

[crmartin]

Very likely you can't easily crack the code. reason: it's a true code, not a cipher. A real code assigns a symbol like '34187' to a word or phrase arbitrarily. Unlike ciphers, true codes are very difficult to crack without getting the key somehow, because there is very little redundancy to exploit statistically.

The next one should be in Boston

[CleverNickName]

I am a huge Numbers Station geek, and I've been known to listen to the Conet Project just for fun at parties, shortly before I'm asked to leave. So I've been following this story on the Spy Numbers mailing list for at least two weeks, now. If you're intrigued by this mystery, you will probably love the resources at SpyNumbers.com, or the Enigma2000 group at Yahoo.

Anyway, my prediction: The next message will be posted on Craigslist for Boston. The first message announced Group 415, and the second message was posted on Craigslist for San Francisco.

The second message announces group 617, which means the next message will probably show up on Craigslist for Boston. If that proves to be true, it is 99% certain that this is just a prank, or something being done by amateurs having a bit of fun. There's no way a real spook or someone sending messages of any importance would use a scheme that some piker like me can figure out.

So what's going on here? Eh. If there's anything really in there, now that it's been on Slashdot and boingboing, it's quite likely to be cracked within a few days, unless it's encrypted with a one time pad. Whatever it is, part of me is afraid that it's part of that stupid DaVinci Code promotion, and the same part of me hopes that it's somehow related to the Hanso Foundation.

Or maybe Publius has finally returned . . . are there any Pink Floyd albums coming out soon?