Russian Federal Guard Service "Upgrades" To Electric Typewriters

Razgorov Prikazka writes "The Russian Federal Guard Service (FSO), who are in charge of protecting high level politicians like president Putin (amongst others), are 'upgrading' to electric typewriters for writing sensitive documents. They have found out that computers pose a security risk and this is their answer to it. On first sight this seems like a very pragmatic and cost-efficient thing to do. However, the FSO has its roots in the KGB and those were the ones who placed keystroke loggers on the popular IBM Selectric electric typewriter 40 years ago! So how much safer does this make them?"

How much safer

[schneidafunk]

I suspect having a device that has only one purpose, as compared to a computer, it is much less likely to be compromised and much easier to detect.

Re:How much safer

[gl4ss]

I suspect having a device that has only one purpose, as compared to a computer, it is much less likely to be compromised and much easier to detect.

actually it would be very hard to detect. but the attack would have to be pretty local at least initially, or in the supply chain.

and at least it's not networked by default.

however - could just as well upgrade to 8mhz xt's booted from read only media.. and a printer attached.

Re:How much safer

[Idbar]

I was thinking, why not mechanical? Wouldn't that save on electricity costs as well?

Re:How much safer

I suspect having a device that has only one purpose, as compared to a computer, it is much less likely to be compromised and much easier to detect.

^This.

^That.

Re:How much safer

I suspect having a device that has only one purpose, as compared to a computer, it is much less likely to be compromised and much easier to detect.

^This.

^That.

^The other thing.

Re:How much safer

I suspect having a device that has only one purpose, as compared to a computer, it is much less likely to be compromised and much easier to detect.

^This.

^That.

^The other thing.

^ Down with this sort of thing

Re:How much safer

[Russ1642]

That's like a totally true story dude.

Re:How much safer

I suspect having a device that has only one purpose, as compared to a computer, it is much less likely to be compromised and much easier to detect.

^This.

^That.

^ The other thing.

Re:How much safer

Bullshit, pencil shavings get into equipment and short circuit things

http://www.snopes.com/business/genius/spacepen.asp

Re:How much safer

[nozzo]

^ Feck

Re:How much safer

[ackthpt]

I suspect having a device that has only one purpose, as compared to a computer, it is much less likely to be compromised and much easier to detect.

^This.

^That.

^The other thing.

^ Down with this sort of thing

^Poppadom?

Re:How much safer

[plover]

The attacker would have to physically implant the bug in the machine, which would take training. Once it's in, however, the bug can isn't limited to wired networks or short range technologies like Bluetooth or WiFi. It could use GSM or SMS with nothing more than parts bought at a Radio Shack.

Re:How much safer

Actually, they do it the half-assed, russkie way. Why do they need ANY electronics in the typewriters ? Considering

A) TEMPEST

and

B) This: http://www.infoworld.com/d/security/in-his-own-words-confessions-of-cyber-warrior-222266

I don't think they got seriously more secure than using a computer with physically destroyed USB and ethernet ports.

Uncle Samuel and great-uncle David surely have an exploit for these typewriters in their arsenal already. All you need to do is to open the typewriters with a screwdriver and put a little custom-built chip/connector/transmitter thing on a certain chip. Have that thing labbelled as "chip 781267-121, (C) All-russian typewriter corporation, Novosibirsk" and the humint guys of this org will never figure anything fishy.

Re:How much safer

[kimvette]

Radio shack still sells parts?

Are you sure you mean Radio Shack? The place where their motto is apparently "You've got questions, we've got blank stares?" THAT Radio Shack?

Re:How much safer

[msmonroe]

Yes that's the way I am understanding it as well, there may also be a loss in productivity; Basically the office staff is wasting too much time cruising the internet. We'll see if this is a better solution or not...

Re:How much safer

[hawguy]

I don't think they got seriously more secure than using a computer with physically destroyed USB and ethernet ports.

I think it's hard to reliably destroy the USB ports for someone that has physical access to the machine and is motivated to get data off - USB is integrated into the core logic chips on the motherboard, so even if you destroy the actual ports, someone could tap into the traces on the motherboard to access the port. Though I guess if he has that much access to the machine, he'd just find a way to write it unencrypted to the hard drive and would take the hard drive with him. (I know there are operating system controls that make it hard to use USB ports or write data where it shouldn't go, but those controls can be bypassed)

If he can find a way to run a binary on the machine, then it's even easier to get data off -- he can just have his app flash QR codes on the screen at 15 frames per second and record it with a camera to get a 45kbyte/sec stream of data. With a good camera and a high res screen he can probably achieve much higher bitrates.

Re:How much safer

[icebike]

Less likely to be compromises?

It may be easier to detect an electric typewriter, because each key-press triggers one or more solenoids, which emit a small electromagnetic radio signal, detectable through walls.

Further you have the burn requirement of the ribbon, because you can often recover the message from the ribbon, especially single use plastic ribbons.

A smarter choice might have been an purely mechanical typewriter, which emits no radio signal, and has a ribbon that is intended to be used repeatedly, lessening the chance of reading the ribbon.

Re:How much safer

^ Too Slow

Re:How much safer

[plover]

Surprisingly, yes. There's one in the building next to ours, and we often browse the shop during lunch. They have Seeed Studios Seeeduinos, Arduinos, and various shields including a GSM shield. A friend bought one which he wired to remotely operate an outlet via SMS.

Re:How much safer

[ackthpt]

Bullshit, pencil shavings get into equipment and short circuit things

http://www.snopes.com/business/genius/spacepen.asp

Me holding up dripping keyboard: "Were you drinking coffee around this thing?"

Secretary: "No."

Were this an ideal world, her nose would have grown out about 2 inches.

Re:How much safer

[Bob+the+Super+Hamste]

Yes they do. Granted they have a bigger selection of phones or RC vehicles it seems. The parts are basically relegated to a few shelf feet off in a back corner of the store, usually the one farthest from the door. At least that is how the one near my house is. I only go there when I want something today and micro center doesn't have it as they tend to be fairly expensive.

Re:How much safer

Radio Shack stores are franchises, while they can carry corporate Radio Shack lines, they are also free to add their own inventory to compliment with other items.

Many long time Radio Shack owners who started off with the parts and gadgets will still carry those.

It seems newer owners basically carry phones.

Re:How much safer

[ColdWetDog]

Wrong body part, methinks.

Re:How much safer

You've got questions, we've got cell phones.

Re:How much safer

[AMDinator]

Exactly. I live in a university town and the local Radio Shack stocks all sorts of parts, soldering tools & supplies, Arduinos, soldering kits, and other gadgetry. The EE dept's electronic shop is still the place to go for specific parts though.

Re:How much safer

[RenderSeven]

No the Other Radio Shack: "You can get better, but you cant pay more"

Re:How much safer

That's assuming they use PC's and not terminals that connect to a server in a deep bunker hidden somewhere.

Anyway, compare how USA and the USSR approached the Cold War, and you'll see it's all ways the meat-bag part of the equation that's easiest to compromise.

Re:How much safer

[mirix]

I can't say I've ever seen a (c) on a Russian chip, ever.

Usually just a part number, date code, and almost always the manufacturer's symbol.

But all that is neither here nor there. Mechanical, and electromechanical typewriters... have no chips. Any chip would be out of place, russian made or not.

Re:How much safer

[mirix]

Electromechanical typewriters, like the IBM selectric, have no solenoids. They are powered by an electric motor that drives a couple shafts with cams and clutches. The keys are hand powered, and engage the clutches / hit cams/ something along these lines, which in turn rotate and smack the type ball.

You could replace the motor with a gerbil or something, and it would be entirely mechanical.

Re:How much safer

[weeble]

The attacker would have to physically implant the bug in the machine, which would take training. Once it's in, however, the bug can isn't limited to wired networks or short range technologies like Bluetooth or WiFi. It could use GSM or SMS with nothing more than parts bought at a Radio Shack.

Not at all and the technology for monitoring the output for typewriters is decades old.

They can be monitored remotely using the vibration in the office windows or using the fluctuation in the electrical current. Monitoring the vibration in the office windows can be done from across the street or further away.

Re:How much safer

[shutdown+-p+now]

You could replace the motor with a gerbil or something

The way Russian army works, this would probably be the first-month conscript.

Re:How much safer

Why type writers when you can just use pen and paper? Much safer. (I think?)

cost.

[gandhi_2]

It's probably cheaper than trying to out-bid American hipsters for old Remington typewriters.

Re:cost.

[Hartree]

Darn. There goes my chance to get rich. All 3 of mine are Royal typewriters.

Re:cost.

[mendax]

Hey! I have an old manual typewriter (K-Mart brand but might be a Royal on the inside) and I'm not a hipster. For one thing, I wear my hair short and when I grew a beard I couldn't get rid of it quickly enough. Second, I'm a registered Republican.... (but I usually vote for Democrats). However, I learned to touch type (that's to type without looking at the keyboard) on a manual typewriter so, unlike most of you kids here, I know how to properly use it.

Re:cost.

cool story bro

Safer than an Internet Connected Computer?

To place a keylogger on a typewriter you need physical access to the typewriter... to place a keylogger on a computer you need the internet...

I can see the advantage...

Nothing is safe

When your opponent has access to your hardware, you've already lost. That's true whether its a mechanical typewriter, electric typewriter, or a computer.

Re:Nothing is safe

They don't, strictly speaking, even need that. All they need is access to someone who has access to your hardware.

Re:Nothing is safe

you entirely count out physical and mechanical counter measures, such as tamper evidence, tamper resistance, locking service covers/disassembly points, etc...

you can also do "least access" with hardware, as in secure everything except what the user needs to function, such as screens and keyboards, and lock access to the rest.

access to hardware is also vauge. What kind of access? unsupervised access? how long?

There are many things you can do to deter physical attacks, where you can expect the hardware to be in an area with opponents, or at least untrusted inviduals.

Re:Nothing is safe

This is true. However it must be said, physical access to the device only makes device compromise possible, it does not guarantee compromise.

The opponent must have enough skill, determination, time and money to make good on the physical access. Lots of things are possible in principle, but in practice never happen.

Keep it simple

[fustakrakich]

No written communications. This whole writing and reading thing is overrated, and apparently can be dangerous.

Re:Keep it simple

"Conversation was invented by humans to reveal secrets. We use it to sweet talk our way into people's business. You know who has safe conversations? Ants. They talk by vomiting chemicals into each other’s mouths. They get right down to brass tacks. Bleh! Which way’s the picnic? Bleh! That way. Humans are more evolved. We spy."

Re:Keep it simple

[magic+maverick+]

Why do *insert cop type here* travel in threes?

One to do the writin', one to do the readin', and one to keep an eye on the two intellectuals.

Here's the NSA historical document

http://www.nsa.gov/public_info/_files/cryptologic_histories/Learning_from_the_Enemy.pdf

Re:Here's the NSA historical document

You think I'm going to visit nsa.gov? Next time the NSA is reading my communications they can leave me a copy.

Re:Here's the NSA historical document

[plover]

Thanks, AC, for the link. Very interesting story!

In an ironic twist, I present this paragraph from page 23 of the report:

"Eight months after the GUNMAN discovery, the story broke in the press. By highlighting the damage, press coverage helped to focus the attention of the U.S. government on improving the security of its information."

Perhaps Ed Snowden or Bradley Manning can present this in their trials.

Re:Here's the NSA historical document

If Manning only released relevant information of wrong doing, he might get some sympathy.

Instead he released every document he could get his hands on; completely shooting himself off his moral high-horse and showing that he was just another disgruntled employee looking to get back at his boss in every way possible.

There is nothing but malicious intent in Manning's case.

Re:Here's the NSA historical document

[plover]

If Manning only released relevant information of wrong doing, he might get some sympathy.

He actually has a lot of sympathy from a lot of people. I'm not exactly pleased with what he did, especially the betrayal of trust, and so I very much agree with his prosecution.

But I'm also interested in history, and the documents are an interesting look at our country from a perspective we rarely get to see. When you line up the State Department negotiations with the info that made the nightly news, you can see a lot of things more clearly.

This isn't that different than the Venona decrypts revealing the nature and extent of Soviet espionage activity in the US during the post-war era, corroborating the information that was made publicly available at that time (especially when crossed with information now available from the KGB archives.) More information is always good, even though it may be embarrassing to the parties involved.

So Awesome

[Sparticus789]

I was driving by Fort Meade today and I heard a collective scream of "PUUUUUTTTTTIIIIINNNNNNNNNNNNN!!!" coming from the NSA headquarters. Every single PRISM employee screamed in agony.

Sound

[Dan+East]

I remember reading a slashdot story years ago where researchers were able to determine which keys on a computer keyboard were pressed just by the sound they produced mechanically. I would think it would be even easier to use this technique against a typewriter.

Re:Sound

[Dan+East]

Wow, I'm citing 8 year old Slashdot stories.
http://it.slashdot.org/story/05/09/13/1644259/keyboard-sound-aids-password-cracking

Re:Sound

[cffrost]

I remember reading a slashdot story years ago where researchers were able to determine which keys on a computer keyboard were pressed just by the sound they produced mechanically. I would think it would be even easier to use this technique against a typewriter.

That technique is called "acoustic cryptanalysis" — though if these documents are typed in plaintext, it might be more accurately described as "acoustic transcription."

Re:Sound

[plover]

Except it turned out not to be the case when the Soviets were bugging the U.S. Embassy's typewriters. CBS News had learned about the original typewriter bugging from a leaker, and in their reporting sought out an expert to explain how the bugs worked. The expert guessed that it was an audio bug. But this technique was refuted in the NSA paper "Learning from the Enemy", on page 18:

"In an article entitled "Tapping the Keys," a bugging expert offered the following explanation of the Soviet bug:

The Soviets must have taken advantage of the way the Selectric types. A metal ball covered with characters spins so that the appropriate character strikes the paper and then spins back to its starting point. The time it takes to accomplish the rotation to each letter is different. A lowtech listening device planted in the room could transmit the sounds of a typing Selectric to a computer. The computer could then easily measure the time intervals between each key stroke and the character being put on the paper, and thus determine which character had been tapped.

[ ], an engineer in the COMSEC organization, who was involved in reverse engineering the GUNMAN bug, explained that the press had a good idea, but it was inaccurate: "IBM Selectric typewriters used a spinning ball to get the right character on the paper. The bug was not based on sound or timing." [ ] further elaborated: "The Soviets were very good with metal. Housing the bug in a metal bar was ingenious. The bar was difficult to open and it really concealed the bug from inspection." [ ], an engineer from R9 who also worked on this project, agreed:

To the naked eye, the bar looked like a single unit. You could not see that it could be opened. The use of low power and short transmission bursts also made it difficult to detect this bug. The bug contained integrated circuits that were very advanced for that time period. The implant was really very sophisticated."

Elsewhere in the paper, the NSA explains the bug was hidden in a metal bar, and magnetically detected the ball moving mechanism.

Re:Sound

[operagost]

So is the front page.

Re:Sound

"Sonic Shroom!" this article certainly presents some guile...
add to the room a television (with Infra-Red rc) and a telephone (with microphone) and let the integrated sensors play piggyback and leap-frog! /. , do you find it more productive to string everyone along, i mean, c`mon, even the good `ol Russkis have to plug their "electric" devices into the power grid, no?

Don't forget about tempest!

I... huh... mean the game, of course!

Re:Don't forget about tempest!

[oPless]

The Game.

You have lost it.

Not all typewriters are ball-type

[davidwr]

The Ball-type IBM Selectric typewriters had a flaw that made it easy to tell what was being said just by the sound and delay between characters. You didn't even have to have the listening device in the typewriter, it could be across the room if it was "directional" enough.

While you could probably decode a lever-type typewriter's activity from just a good sound recording, it's probably much harder.

Oh, and as for trying to decode an inkjet- or thermal- electric typewriters just by the noise, "good luck with that."

Of course, today, if you can plant spy equipment in the room where the person is typing and you are good and well-funded, you don't need to rely on the noise the typewriter makes. Or, to put it another way, if you have a determined adversary who is significantly better than you, it's probably "game over" before the game even begins.

Re:Not all typewriters are ball-type

[mlts]

I remember some electric typewriters using a wheel. Perhaps if the typewriter would spin the wheel at random so the distance between where the current letter is versus where it needs to go would be random (and thus unusable assuming a good RNG.) When someone is typing, it could also vary speed as well, so going from an "A" to a "B" may be the same time as going to something spaced 180 degrees away, or may not.

Add to that a small RAM buffer that scrubs data after it gets typed, and that would be decently secure.

Re:Not all typewriters are ball-type

The Russians also use Cone of Silence technology stolen from Control

Like new...

I hear Johannes Gutenberg's estate has some pretty sweet deal on printing press... low millage, never used in the winter!

Easy to answer

[Idarubicin]

However, the FSO has its roots in the KGB and those were the ones who placed keystroke loggers on the popular IBM Selectric electric typewriter 40 years ago! So how much safer does this make them?

"Somewhat".

If your adversary has physical access to any piece of hardware, it's impossible to secure. Period. One can install a keystroke logger on a modern computer keyboard as well. Switching to non-networked, 'dumb', electric typewriters doesn't block this avenue for attack.

On the other hand, depending on the typewriter's features, it will be very difficult or impossible to remotely compromise, or to compromise using non-hardware approaches. Entire classes of attacks are rendered irrelevant.

To be fair, this does introduce some new potential avenues for attack--increased physical document handling means additional risks related to moving and securing bits of paper.

Re:Easy to answer

[plover]

When you go that old school, you have to be sure to shred your carbon paper, too.

I'm not sure if my son has ever seen a sheet of carbon paper.

Re:Easy to answer

[GodfatherofSoul]

Ditto!

Re:Easy to answer

[Bob+the+Super+Hamste]

Mine has, but then there are still some places that send out paper forms that need to be filled out in duplicate (don't ask me why they haven't moved to 1970s technology). I give left over carbon paper to my kids to draw with.

Cylons

[thatDBA]

Can Toasters type ?

Gotta Love Ruskie's Pragmatism

[luis_a_espinal]

"The Russian Federal Guard Service (FSO), who are in charge of protecting high level politicians like president Putin (amongst others), are 'upgrading' to electric typewriters for writing sensitive documents. They have found out that computers pose a security risk and this is their answer to it. On first sight this seems like a very pragmatic and cost-efficient thing to do.

This kind of reminds me of the Colonial solution to Cylon infiltration in the re-imagined BSG TV series. Obviously not perfect, but also simple and good enough. It is not something we in the U.S. - with so much resources to waste (and fall into further debt) would think about.

However, the FSO has its roots in the KGB and those were the ones who placed keystroke loggers on the popular IBM Selectric electric typewriter 40 years ago! So how much safer does this make them?"

It makes them safer from UNWANTED/EXTERNAL infiltration. Infiltration by them is just fine. In the world of political/military security and intelligence, safety does not mean impenetrability. It means resilient to infiltration that you do not want. This is a completely different requirement from the requirement of "safety" as understood in the commercial/private sector.

Re:Gotta Love Ruskie's Pragmatism

well put, Hitler

Physical access?

[sjbe]

To place a keylogger on a typewriter you need physical access to the typewriter... to place a keylogger on a computer you need the internet...

And if said computer is never connected to any networks how do you propose to install said keylogger?

Re:Physical access?

[FranTaylor]

to place a keylogger on a computer you need the internet

Only if you buy your keyloggers at radio shack!

And if said computer is never connected to any networks how do you propose to install said keylogger?

With a screwdriver perhaps?

Re:Physical access?

[kelarius]

Then what's the point of having the computer if all you're doing is printing reports with it? Do you want to be able to play Galaga and hope noone notices?

Re:Physical access?

[Bill,+Shooter+of+Bul]

Stuxnet jumped the air gap just fine via jump drives and other sneakernet tech.

Re:Physical access?

[davester666]

USB device, CD/DVD/Floppy, however they transfer documents.

Re:Physical access?

Youre asking whats the point of having a computer if its not connected to the internet? Are you fucking kidding?

Re:Physical access?

[pellik]

That's where social engineering comes in. You call up the grunt employees and start saying big words like 'firmware update' until they just start doing whatever you tell them to.

John Le Carre just perked up

Three words: Whited out text

Re:John Le Carre just perked up

For Russian aesthetic requirements, using a soldering iron to burn out redacted words would be just fine, I think.

Here some other brutally un-aesthetic, but quite efficient and somewhat more secure thing:

http://sourceforge.net/p/sappeurcompiler/code-0/2/tree/trunk/

Not of the Russian sort, though.

Humans are the biggest weakness

Given modern technology and the ability to extract information from the brain via radio, the biggest threat this department will face over the next decade will be information leaked by people thinking about certain plans outside of shielded environments.

I suppose the next big thing in security training, will be people with extensive experience on such systems and the ability to withhold information.

Looks like all those "targeted individuals" will be the only ones able to operate in such an environment.

Physical bug needed

[Roger+W+Moore]

You still need to physically get a bug into the room where the typewriter is. I imagine this is a lot harder and certainly carries far more personal risk than siting half way around the world and connecting via the net.

Re:Physical bug needed

[Razgorov+Prikazka]

RTFA.

[...]reports about Dmitry Medvedev being listened in on during his visit to the G20 summit in London[...]

Apparently the whole listening in to things is somehow covered in the spy-training curriculum. Who would have guessed that huh? </sarcasm>

Re:Physical bug needed

[plover]

In a related story (also quite old), researchers were able to pick up enough leaked RF to read a USB keyboard from an adjacent room. Again, you have to get physically close, but not necessarily into the exact room.

Re:Physical bug needed

True, and we all know that spies are terrible at spying, -especially- when it comes to day-to-day tasks like bugging and listening into a room.

Re:Physical bug needed

[Dan+East]

No you don't. Devices have existed for decades which reflect a laser beam off of a glass window to pick up vibrations. Basically a window acts like a giant microphone diagram and vibrates as sound waves inside the room strike it

Re:Physical bug needed

[lxs]

*diaphragm.

Unless your windows are decorated with annotated drawings of microphones. Which would make you my hero.

Re:Physical bug needed

Typical. Instead of the microphone wearing a condom, the window has to use a diaphragm.

Re:Physical bug needed

[Bob+the+Super+Hamste]

You should have seen some of the windows at my place of work. No diagrams of microphones but after running out of white board space (we even took all the movable ones from around the rest of the floor) we migrated to drawing diagrams on the windows. By the end of that project the room was reminiscent of the movie "A Beautiful Mind"

Re:Physical bug needed

[Razgorov+Prikazka]

In a related story to that, some researchers had a proof of concept that they could filter out the keyboardstrokes from a power line. Everytime a button on a usb-keyboard is pressed in it will give off some 'fingerprint' on the grounded bit. They somehow got information out of that. Then again, this was in a controlled lab-environment, where the power source was completely stripped of any distortion and the return was examined for little changes. Nevertheless I thought it was quite clever.
I dont think that it would work on a big office with hundreds of usb-keyboards, coffeemachines, electric pencilsharpeners and whatnot. But it is a good story around the camp fire on the next NSA camping trip :-)

Re:Physical bug needed

[tftp]

Devices have existed for decades which reflect a laser beam off of a glass window to pick up vibrations.

That's probably why a SCIF has no windows. Look at the Pentagon. Most of the rooms are inside the building.

Re:Physical bug needed

I tried one of those old fashioned outside rooms once. It's a real bitch when it rains.

All US TLAs ...

[PPH]

... should adopt this. It will make spotting people like Snowden easier. Just look for the carbon paper smudges on his fingers. On the other hand, it will make them stand out at DEFCON when they break out their travel typewriters to make reports. And don't forget all of them lining up to use the bank of payphones in the lobby to call in reports.

Re:in soviet russia

[kurt555gs]

UEFI?

Anyone else remember...

[TheCarp]

A while back someone did some research and published it on keystroke logging via audio capture. They found they were able to reliably determine what someone was typing just from the sound of their typing. I have to imagine that would work here.

http://www.berkeley.edu/news/media/releases/2005/09/14_key.shtml

Though, maybe they also run white noise generators in the office?

Re:Anyone else remember...

Focus on the walls, as something called Körperschall in my language is a very serious threat. The mic could be located in an entirely different room. So transmit the noise in the walls and the windows.

Captcha: Sausages. Yeah, with Sauerkraut. I know. Stereotypes.

Re:Anyone else remember...

Or maybe even have a number of employees responsible for typing documents all gathered in one place while typing them. We'll need a name for this idea. Maybe "office".

Re:Anyone else remember...

It's really very simple: You get someone somewhere else to type misinformation. Then you play that back in the room very loudly.

I'm sure that it wouldn't drive anyone working there insane.

and

Now lets go to Leon Panetta for his comments:

http://www.youtube.com/watch?v=WWaLxFIVX1s

Re:@Software Engineers: YOU brought this upon US !

[Sparticus789]

Can you tell me about the HOSTS file too?

old word processing hardware

article reminds me of an electronic typewriter that had its own keyboard, screen and word processor. i think it had its ow floppy drive to save documents on it and its own printer too. i forgot the name or brand of the electronic typewriter.

Re: old word processing hardware

An iMac?

Bull Shit

[RobertLTux]

http://www.snopes.com/business/genius/spacepen.asp

1 pencils are a FIRE HAZARD in space
2 the pen in question was developed by Fisher and sold to NASA (and the russian counterpart)

Re:Bull Shit

[cheesybagel]

Actually the fun thing is that a ball point pen works just fine in space.

Re:Bull Shit

Actually the fun thing is that a ball point pen works just fine in space.

The funny thing is, they work better in space. You can write in any direction without the ink having to fight gravity.

Re:in soviet russia

[ackthpt]

Pre-flight instructions for passengers about to depart Russian airports:

Please turn off all electronic devices, including mobile phones, laptop computers, tablet computers and electric typewriters...

Still hackable...

Ah, but the age-old problem of the ribbon can remain on ribbon units, even with a manual unit. The detective stories of yesteryear often involve reading the ribbon to see what was typed...one can sometimes even decipher the last paragraph from impressions on the rubber roller the keys strike.

Handwritten notes, written on a hard surface instead of a pad where impressions can be left, is a fairly "hack-proof" method.

If they're smart, they'll have a policy of burning the ribbons after typing a page of gobbledygook...every time the operator leaves the machine.

Re:Still hackable...

[Sparticus789]

The system you describe is used by many intelligence agencies and is also known as a one-time pad. However, those are only used for the most sensitive of information. My guess would be that these typewriters are not meant to replace one-time pads, but are being used so that when someone needs to write a report (say a report on the Russian intelligence gathering from Yahoo.ru, Google.ru, etc.) that they can only present the information on paper with no electronic record that can be stolen by a low-level contractor working as an analyst.

Re:Still hackable...

[Mr.+Freeman]

Actually, one-time pads have been used for quite mundane information. You can easily convert a teletypewriter to make use of one-time-tape. The US and the Soviets did exactly this in order to establish a secure line between both governments. This method is preferred for the following reasons:
- It is the only crypto algorithm that has been proven to be secure. (Others are simply "likely" secure, but may contain undiscovered flaws and are not mathematically provably secure.)
- It's dirt simple. The hardware to implement it is cheap and widely available (at least, it was at the time). This prevents an equipment failure from bringing down the link for more than a short period of time.
- It does not require either side to disclose any crypto secrets. One-time pad technology is older than dirt and is known to everyone. Neither side has to provide the other with technology that it does not already posses. Each side simply needs to drop off a bunch of one-time tape at the other's embassy. This is easily accomplished with a messenger during routine business.

Re:Still hackable...

[Mr.+Freeman]

I should have been more clear. Any information going over that link would be encrypted, whether it was important or not, simply because it would be more difficult to start and stop the crypto system all the time.

Re:Still hackable...

[mlts]

OTPs are very useful these days, and they can be used in other ways as well.

For the highest security of information, just XOR the data with the pad and send it on.

For data that doesn't need that much security, it allows a Diffie-Hellman key exchange with both sides XORing the critical parts of the exchange with the OTP stream. Then, the session key is used for bulk stuff with a conventional symmetric algorithm. This isn't as secure as a OTP, but it allows for data to be sent without burning up the bits on the stored OTP.

Of course, one needs to make sure the RNG making the OTP data is as unpredictable as possible, but that is a science all to itself.

Re:Still hackable...

Quite right, but then akamai would be out of a job, and the israelis wouldnt have their economic-blackmail advantage....

Protect the ribbons

[T.E.D.]

In this modern era many people forget that typewriters had a *huge* security hole. The ink ribbons they used, in the right hands, were practically a "tape backup" of everything typed at that typewriter.

Re:Protect the ribbons

[EkriirkE]

Moreso carbon deposit ribbons like what selectric used, the cloth & ink ones usually reversed and re-typed over previous letters several times before needing replacement

Re:Protect the ribbons

[mlts]

I remember in the mid-1980s, some "word processors" which used dot-matrix printers, so one can type a line, backspace/edit that line, then once they hit return, the line gets printed, and that's that.

Maybe something similar, but using an inkjet printer instead?

Of course, there is always the issue of modern electronic devices having the ability to hide functionality a lot easier from than a mechanical device, but it might be a useful compromise.

Re:Protect the ribbons

There is a simple solution to that: destroy the ribbon. Shredding or incineration ought to do the job, just like these agencies would shred or incinerate paperwork that they're getting rid of.

Mylar ink tape

A record of all keystrokes is stored on the mylar ink tape used in the Selectric. You need to incinerate the ink cartridge after use to keep things secure.

Re:Mylar ink tape

[davidwr]

Yeah, I forgot about that. That's not unique to Selectrics. I'm sure there were one-time-use ribbons for most typewriters back in the day. They made crisper, more professional-looking output.

Re:Mylar ink tape

[Joiseybill]

+1's The older tech was a lot easier to track. Basic stuff I did to my babysitters/brother at around 7 years of age: .. on the typewriter carriage, imprints and ink carry through, especially if you have a letter like "o" or "p" that can cut through paper on a hard mechanical stroke. .. read back the ribbon (sometimes 2-color red/black), sometimes even a correction white ribbon. >> destroy or one-time use ribbons Sure, until the budget gets tight, then those ribbons get re-wound. Depending on the importance of the document, corrections may not be permissable = hard copy in the trash or shredder Later stuff, and law enforcement lernin' .. carbon paper or similar material if in use by user.. NCR copies ( those multi-part forms that say "press hard" so your writing goes through several copies) are all different colors. Most places give up on trying to stock white, canary, blue, and pink correction fluids. -- replace or modify carriage pad (rubber roll) with something like carbon paper or piezo-electric layer -- sound / visual cues to typewriter actions. - I haven't tried this.. but it should work, too - VanEyck .. power at the outlet and field generated by relays and movement all vary measurably. - laser pointer on glass to listen to sounds Plus all the other "spy" gear.. hidden cameras, passive sound resonators, HUMINT, etc.

It's not as unsecure as you'd think

[chemosh6969]

Unlike a computer, a typewriter isn't going to get a keylogger installed by clicking on a link that's on a piece of paper. They're also within a security group, so there's some decent security going on with them. They aren't just leaving them out in unlocked buildings all day.

Re:It's not as unsecure as you'd think

[ponraul]

You don't need to install a keylogger, it already has one built in; the ribbon.

Re:It's not as unsecure as you'd think

[tftp]

You don't need to install a keylogger, it already has one built in; the ribbon.

It's a known vulnerability, and as such it is trivial to defeat. Just keep the used but still good ribbon in a safe, along with the originals and other secret documents. A worn out ribbon will be incinerated. On top of that, keep the equipment in a locked room, under guard. Those are simple technical measures that can be easily understood and implemented, as opposed to dealing a custom virus that may be embedded in one of the reference documents that you cut and paste.

Re:It's not as unsecure as you'd think

[chemosh6969]

It's the same deal as printers and that's why we don't use standard printers to copy classified documents.

Re:in soviet russia

Would you believe that Maxwell Smart (agent 86) figured that out years ago while working for Control. Not only computers but shoe phones pose a security risk. That's why we have Cell phone and not Shoe phones. The only way to have secure communications is to use the "Cone of Silence" when discussing anything of importance.

Re:@Software Engineers: YOU brought this upon US !

Is that what you just did? Because nobody sane will see an actual argument in your OP.

Re:@Software Engineers: YOU brought this upon US !

Whoosh @ u, n00bster.

Ever used a typewriter?

[sjbe]

Then what's the point of having the computer if all you're doing is printing reports with it?

You've never actually tried to type something on a typewriter have you? No one who has used both a word processor and a typewriter would possibly ask such a ridiculous question.

Re:@Software Engineers: YOU brought this upon US !

Oh really ? My argument is that software has gotten a reputation for being extremely insecure. And that means people will stop using computers for many critical tasks completely. Can't you see how this will affect employment of computer experts (for a lack of a better general term) ?

Good in one sense

[GodfatherofSoul]

I bet it improves the error rate. I learned to type on electric typewriters. As PCs took over for word processing, my error rate has gotten terrible. On an electric typewriter, making one mistake is a pain in the butt to fix, even with the ones that have the built-in correction tape.

Re:Good in one sense

[Mr.+Freeman]

You just XXXX wind up with XX lots of XXXXXXXXXXXXXX typed-over words instead.

Re:Good in one sense

[plover]

You're missing the bigger picture. Typing error rates only matter on actual letter-at-a-time typewriters (regardless of any correction technology.) Once word processors arrived, though, the error rate ceased to have any meaning. If you can maintain 80 WPM while making 10 errors that you went back and corrected, you are twice as productive as someone who can type 40 WPM with no errors.

Typing teachers harped on error rates long after the point where they made sense. We have to remember they were "typing" teachers, and they were just passing on the way they learned.

The ultimate vulnerability

[gmuslera]

... is always people. Even if is just by stupidity (like going to one of those meetings with a cellphone), but could be plain malice, double agents or blackmailed "safe" people (and with all the data of the world you have plenty of material to blackmail anyone).

And thats the most worrying thing about NSA and associates snooping, you are getting 5 millon extra vulnerabilities in everything that surrounds all your data.

Re:in soviet russia

[JustOK]

WHAT?

Pigeons

[cute_orc]

I think it is right time to train pigeons.

Re:@Software Engineers: YOU brought this upon US !

Despite the fact HP could not avoid the "Ping Of Death",

http://en.wikipedia.org/wiki/Ping_of_death

I can hear all the C and C++ developers tell me, my cat and the entire world that "good programmers can write secure C and C++ code". It appears all the operating system developers at HP, SUN, IBM and the like were simply shitty programmers. That's one explanation.

The other explanation is that C and C++ are horribly dangerous programming languages and should not be used, AS PEOPLE WILL OTHERWISE STOP USING COMPUTERS. That will affect all of us as in "NO MORE JOBS FOR DEVELOPERS AND OTHER IT FIDDLERS OF INSECURE CRAP ".

Here is my little attempt to improve Software Security:

http://sourceforge.net/p/sappeurcompiler/code-0/2/tree/trunk/

And if you still think C and C++ are a great idea, read this:

http://www.infoworld.com/d/security/in-his-own-words-confessions-of-cyber-warrior-222266

Since I'm a computer expert, I've decided to soup-up your post with bleeding-edge, World Wide Web 1.0 "Hyper-Link" technology. Now all you have to do is point your cursor (computer mouse*) at a "URL" and click the button (on the computer mouse) and Netscape Navigator will automatically go to the new web "page." Amazing!

* If you have a newer computer mouse, it might have more than one button... Check your owner's manual for which button to press.

Now all you need are two typewriters that are...

[aristotle-dude]

joined by quantum entanglement and you can send messages across vast distances like they do in Fringe across universes.

Re:in soviet russia

Apparently it was funny 40 years ago.

They don't tell the whole story...

Room 1. type document
Room 2. typed document is scanned and OCR is performed then a validation is performed, validated document is transferred to SD-card.
Room 3. SD-card read room, document is transferred from SD-card to FSO servers
Now all of the security cleared Duma members can read the document wherever they are in the world on their iPads or iPhones.

Is this really much safer

[phorm]

Than using a computer with no network connection?
I mean, you'd probably want to make sure it has no wifi, etc, but that could also be accomplished by putting it in a faraday cage of some sort.

Re:in soviet russia

[gmanterry]

Apparently it was funny 40 years ago.

Trust me it was.

How will the documents be distributed?

[ponraul]

Typing them on an Underwood won't make it any more secure, if the documents are scanned and emailed.

Old School:

[Hartree]

I think I'd go with a manual in that situation, since electromechanical typewriters and teletypes have their own problems.

There was a lot of shielding and filtering put into crypto systems that used teletypes to avoid leaking information out the power leads, or radiating it directly.

I recall there being tempest rated versions of electric typewriters to avoid this. But a manual typewriter is an easy way around it.

Re:Old School:

[tmjva]

Agree. A van with the right equipment parked outside their facilities can pick up TEMPEST emanations. But I think the Russian Federal Guards would start asking themselves, "Why is there a van parked outside our secure facility?"

Because it's obscure

[Plumpaquatsch]

If the DOD can't find COBOL programmers to fix their accounting system, who'll still be able to install a key-logger in a electric typewriter?

human beings are the security issue

[FranTaylor]

Technology is just papering over the basic truism that the humans are the weakness in any security system.

It is in their very nature to be inquisitive about the unknown, hiding secrets is intrinsically difficult for humans, given their social behavior. The human mind is not a secure vault, it can be tricked or forced or otherwise convinced to reveal its secrets in a wide variety of ways.

All of the technology for secrecy is moot when people simply open up and communicate directly with each other.

For example the government spends unknown gazillions protecting secret information and a single person can unravel large portions of it by simply standing in front of a microphone and speaking some words.

Answer to question:

[vikingpower]

a lot. At least for the time being, and at least within the current "security" context. A lot.

Re:in soviet russia

[JustOK]

WHAT ?

It's Called BIOS

From the BIOS, just disable all network chips. This act will give you a computer that can't be connected and it will be the same as a typewriter although much more versatile.

Re:in soviet russia

[RenderSeven]

Not the only way! If the Cone Of Silence was broken, they also had the Cough Code.

(Oh Max, you're twice the agent 43 is)

Re:@Software Engineers: YOU brought this upon US !

Yeah, I was too lazy to add HTML HREF tags and hoped my arguments would be countered as opposed to my stylistic laziness.

Re:@Software Engineers: YOU brought this upon US !

And that means people will stop using computers for many critical tasks completely.

Citation needed.

All keystrokes logged by default

Just fish the ribbon out of the trash.

History of the typewriter recited by M. Winslow

https://www.youtube.com/watch?v=eVzEB_CJLNY

Re:Now all you need are two typewriters that are..

Oflline computer is not safe. How do you there is no Chip (or more than one), that will brodcast radio fo your screen, you keystrokes, etc?

3d print it!

It's totally unsafe. The typewriter should be mechanical and printed on a homemade 3d printer from local materials [just in case of presence of nanologgers in plastic]

DURRR

Or they could just use VMS. An operating system that doesn't allow for all the cutesy little built in back doors like Winblows, Linsux, or Eunuchs!

God damn, some things in life are just so easy, you know??

BTW, it shouldn't be that hard, since the USSR made its own version of VMS and plenty of VAXen clone hardware to boot. It's A LOT fuckin better then goofy ass typewriters

cracked in 2005

[RalfM]

They really need to do more research. Listening to key boards to detect what's written was shown possible 8 years ago...

Ralf

Electric Typewriter Security

The answer is no regarding whether an electric typewriter is secure, though it might be considered more secure in some regards. Electric appliances will reflect signal noise back into the AC supply grid and signature analysis can be peformed to trace and trap every letter struck. A simple non-electric typewriter energized by human muscle is far more secure, and yet handwriting is preferable -though what happens to the trashcan when the note is thrown away?