Slashdot Mirror

← Back to Stories (view on slashdot.org)

German NSA Committee May Turn To Typewriters To Stop Leaks

Posted by Unknown on from the how-to-tell-wikileaks-is-winning dept.

mpicpp (3454017) writes with news that Germany may be joining Russia in a paranoid switch from computers to typewriters for sensitive documents. From the article: Patrick Sensburg, chairman of the German parliament's National Security Agency investigative committee, now says he's considering expanding the use of manual typewriters to carry out his group's work. ... Sensburg said that the committee is taking its operational security very seriously. "In fact, we already have [a typewriter], and it's even a non-electronic typewriter," he said. If Sensburg's suggestion takes flight, the country would be taking a page out of the Russian playbook. Last year, the agency in charge of securing communications from the Kremlin announced that it wanted to spend 486,000 rubles (about $14,800) to buy 20 electric typewriters as a way to avoid digital leaks.

46 of 244 comments (clear)

  1. So what? they can be tapped to. by Anonymous Coward · · Score: 5, Interesting

    My father used to work for the NSA as a cryptologic studies teacher and told me stories about how back in the 70s they had tech that could read back what was being typed simply by listening to the pattern of the clicks the type writer was making.

    1. Re:So what? they can be tapped to. by jonwil · · Score: 4, Insightful

      The difference is that its a lot harder for the NSA to get a microphone into the office of a German agency (and a lot worse for international relations if the NSA did it and the Germans found out) than it is for the NSA to hack into the computers at a German agency from a computer room at Ft Meade.

    2. Re:So what? they can be tapped to. by mjwalshe · · Score: 5, Interesting

      The KGB have used Romeo spies to seduce the secretaries before now - one poor woman killed her self when she found out - the "Americans" series has this as a plot point.

    3. Re:So what? they can be tapped to. by Anonymous Coward · · Score: 4, Insightful

      The difference is that its a lot harder for the NSA to get a microphone into the office of a German agency

      Only if they make sure everyone leaves their cell phones out the door.

    4. Re:So what? they can be tapped to. by Anonymous Coward · · Score: 5, Insightful

      Smart phones can record and upload later.

    5. Re:So what? they can be tapped to. by Megol · · Score: 2

      That is well known - even computer keyboards (where unlike mechanical typewriters each key use essentially the same mechanism) can be tapped using audio alone with reasonable good results. That spent color ribbons can be used to extract text is also well known.

      This is just another layer of defense. Unlike the /. meme even security by obscurity can be a good defense when used in a multi-layer system.

    6. Re: So what? they can be tapped to. by K.+S.+Kyosuke · · Score: 3, Funny

      I've heard that a quill made of goose feathers is very soft and makes hardly any noise when writing...

      --
      Ezekiel 23:20
    7. Re:So what? they can be tapped to. by fazig · · Score: 4, Insightful

      Social Engineering.
      Certainly, it's not as cost effective as other methods and requires elaborate planning. But no matter the technological level of advancement this has been, and most likely will continue to be, a very serious security threat. Simply because it targets a vulnerability that will be very hard to fix - our social, human nature.

    8. Re:So what? they can be tapped to. by clickclickdrone · · Score: 2

      In the 80's a UK bank experimented with signature recognition by listening to the pen on the paper. The dynamics and pressure etc were much harder to fake than the actual signature so it made sense but ultimately didn't go anywhere.

      --
      I want a list of atrocities done in your name - Recoil
    9. Re:So what? they can be tapped to. by AHuxley · · Score: 5, Informative

      Re the human factor.
      Thats a huge risk in Germany. Generations of post ww2 Germans know nothing but helping the NSA and GCHQ over their decades in every level of the West and later German bureaucracies.
      The men and woman who helped the UK and USA post 1950's would have chosen like minded staff to work with them or replace them.
      Thats the entire upper structures of vital German security lost to 5+ other Five Eyes countries by default over decades.
      Then you have the tame German political leaders watched, dropped, advanced thanks to insider help.
      The East Germans got some staff next to generations of top West German political leaders or top NATO staff.
      The US and UK got all the communication networks of West Germany and then Germany with the help of cleared Germans.

      --
      Domestic spying is now "Benign Information Gathering"
    10. Re:So what? they can be tapped to. by spacefight · · Score: 2

      So, how hard do you think it is, to hack into a nearby computer (laptop, cell phone, building automation controller etc) and use that as a next hop to get an audio signal of the typewriter?

    11. Re:So what? they can be tapped to. by jandersen · · Score: 2

      I always feel vaguely amused when people say that you 'just' or 'simply' do so and so. I'm pretty sure the Germans know that these things can be done - they are clever people, you know.

      Of course it is possible to penetrate whatever security measures are put in place, but using simpler technology has advantages:

      - simple technology is easier to screen for spying devices; there is no networking, no firmware with backdoors, etc
      - it is less easy to make copies on an industrial scale, when things are typed on paper instead of being stored electronically
      - it is riskier to try to steal information, when you have to be physically present

      And of course, just because it is possible to guess what a person is typing from the sound emitted, that is probably only true for a subset of typewrites, and in any case, it only works when somebody is typing something. The typewriter can be moved around, so you would have to plant microphones everywhere; and then, of course, you'll have to record everything in the hope that you'll catch something useful. All in all, you'd have to make a significant effort, which would then be more easily spotted. Possible is not the same as feasible.

    12. Re:So what? they can be tapped to. by StripedCow · · Score: 4, Funny

      My father used to work for the NSA as a cryptologic studies teacher and told me stories about how back in the 70s they had tech that could read back what was being typed simply by listening to the pattern of the clicks the type writer was making.

      Perhaps you can ask your father what this man was typing:
      https://www.youtube.com/watch?...

      --
      If Pandora's box is destined to be opened, *I* want to be the one to open it.
    13. Re:So what? they can be tapped to. by Impy+the+Impiuos+Imp · · Score: 2

      No no no! Money's no object!

      it wanted to spend 486,000 rubles
      (about $14,800) to buy 20 electric typewriters as a way to avoid digital leaks.

      While that seems like a lot, keep in mind the US government would commission electronic typewriters, making sure they had USB and WiFi and network printing capabilities and access to cloud storage and run Windows apps and Internet Explorer.

      They would finally be delivered for $38k per unit about 12 years after everybody has a Matrix jack in their neck.

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    14. Re:So what? they can be tapped to. by fractoid · · Score: 2

      Not as cost effective? If I was working on a budget, I would be far more likely to succeed by employing a smokin' hot woman with leet skills to seduce an enemy tech than I would by trying to crack 4096-bit encryption.

      --
      Rampant carbon sequestration destroyed the Dinosaurs' tropical paradise. I'm here to help repair the damage.
    15. Re:So what? they can be tapped to. by ComputerGeek01 · · Score: 5, Funny

      You laugh, but it just goes to show that you have no idea what kind of trouble we are having in integrating Internet Explorer with that project.

    16. Re:So what? they can be tapped to. by mjwalshe · · Score: 2

      This isn't Wikipedia but http://intelligenceref.blogspo... If mentioned kim philby would you want documentary evidence for that as well - the KGB's romeo spies are very well-known what do you think ana chapman was doing when she married tim "nice but dim" to get an English passport

    17. Re:So what? they can be tapped to. by tlhIngan · · Score: 4, Informative

      Social Engineering.
        Certainly, it's not as cost effective as other methods and requires elaborate planning. But no matter the technological level of advancement this has been, and most likely will continue to be, a very serious security threat. Simply because it targets a vulnerability that will be very hard to fix - our social, human nature.

      Not cost effective? You're kidding right?

      Even Windows is more secure than humans. Modern viruses and Trojans are relying on social engineering to get themselves installed all the time because it's easier and cheaper to do so than to try to sniff a vulnerability out and shell code your way in.

      Hell, we used to joke about the "honor system virus" (where it asks you to do the destruction and send it to 10 of your contacts). Truth be told, it actually is kind of successful these days.

      There are still elaborate attacks, but social engineering remains one of the cheapest, most effective ways to get through any security measure.

  2. New Snowden by clickety6 · · Score: 2

    A suspected security mole was today apprehended with 5 reams of carbon copy paper...

    --
    ----------------------------------- My Other Sig Is Hilarious -----------------------------------
    1. Re:New Snowden by mwvdlee · · Score: 4, Funny

      5 reams of carbon copy paper contains much less information than a single USB stick.
      This is security by volume.

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    2. Re:New Snowden by Anonymous Coward · · Score: 2, Interesting

      The mole was paid off. NSA antics are seriously pissing off Germany and this issue has become another foreign policy faux pas of this presidential administration. As goes Germany, so goes other EU countries. They're slowly turning away from the US. I don't think alienating allies is a smart thing to do, but what would you expect from a president who allows warrantless wiretapping?

    3. Re:New Snowden by gnasher719 · · Score: 2

      He was paid 25,000 euros.

      What an idiot. Destroying your career and going to jail for 25,000 euros for someone in a western country is pure idiocy.

  3. foolproof by chentiangemalc · · Score: 3, Funny

    It's a great security initiative! Everybody should do this. Considering it is impossible to electronically monitor what is typed on a manual type writer, and certainly it would be near impossible to copy the manually typed paper with today's technology.

    1. Re:foolproof by joh · · Score: 4, Funny

      It would also significantly cut down Slashdot comments if they had to be typed on paper and mailed.

    2. Re:foolproof by some+old+guy · · Score: 5, Funny

      True, but it would make "first post" a lovely double entendre.

      --
      Scruting the inscrutable for over 50 years.
  4. Leaks or spying? by jovius · · Score: 2

    Using typewriters will definitely make spying the documents a bit harder, but leaking them is as easy as ever. The next level could be a new version of watermarked paper, which knows when it has been accessed or photographed.
     

  5. Secure until it gets fax'd or scan'd and email'd by Anonymous Coward · · Score: 2, Insightful

    And of course there are type writer ribbons to destroy and so forth.

    But on the whole, it forces spying back to having physical access to the document and that's not a bad security mechanism.

  6. Re:Alternative strategy: by CRCulver · · Score: 4, Informative

    Even if the computers have no network connectivity, their screens and keystrokes may spied on through a Tempest attack by an adversary in the vicinity. Buying typewriters may be cheaper than Tempest shielding.

  7. GCHQ and the NSA... by Anonymous Coward · · Score: 3, Interesting

    Working together to return the world back to the stone age!

  8. Re:Photocopy by Zumbs · · Score: 2

    True, but it still requires continual physical access to sensitive areas as well as agents that continually steal and post copies, putting themselves at risk of exposure every time.

    --
    The truth may be out there, but lies are inside your head
  9. I enthusiastically approve by petrus4 · · Score: 3, Insightful

    I salute the German government in adopting this measure, quite seriously. I am migrating to virtualised NetBSD/amd64 myself, and aside from using pkgsrc in order to install Xorg, am probably going to rely on manual installation of packages in named directories in either /usr/local or /opt.

    I fully believe that maximising simplicity, to the point of adopting seemingly primitive solutions, is the most effective means of maintaining reliability and security. There truly is no school like the old school. Others can call me a Luddite if they wish, but that is a title that I will wear with pride.

    1. Re:I enthusiastically approve by Anonymous Coward · · Score: 2, Insightful

      You did personally review all of the source code right?

  10. Xerox called by laffer1 · · Score: 2

    Wait until they here about copy machines!

    --
    MidnightBSD: The BSD for Everyone
  11. The one thing to take away from this by Anonymous Coward · · Score: 4, Interesting

    Turning to typewriters is of course ridiculous blind activism, but there is one thing to take away from this: The mere possibility that someone is spying on them has made them uneasy about using normal and efficient tools and made them turn to antiquated tools instead which still won't protect them. Perhaps now they understand why blanket observation of the entire population is completely unacceptable.

  12. Get a doctor by Anonymous Coward · · Score: 5, Funny

    Get a doctor to write memos with a pen. Completely indecipherable.

  13. Re:Alternative strategy: by Krymzn · · Score: 2

    Acoustic keyloggers (http://www.keylogger101.com/acoustic-keyloggers/) could be used to detect which typewriter keys are being pressed (http://en.wikipedia.org/wiki/Keystroke_logging).

  14. The problem is.... by Lumpy · · Score: 5, Funny

    Once they are done typing the documents they will have a secretary scan them and sent via email....

    --
    Do not look at laser with remaining good eye.
  15. Re:Alternative strategy: by c · · Score: 2

    Buying typewriters may be cheaper than Tempest shielding.

    Of course, they do have to work a lot harder to avoid someone just eavedropping on the keypresses...

    --
    Log in or piss off.
  16. Listening to keystrokes + HMM = Profit! by Theovon · · Score: 3, Interesting

    Passwords have been stolen just by listening to keyboard click noises. Why could a typewriter be any different? A relatively straightforward codebook analysis of keypress noises plus a hidden markov model plus a Viterbi algorithm will allow you calculate the highest probability sequence of letters for a given sequence of sounds and timings between sounds even in German!

    Mind you, they have to be able to get a sound bug in there, but that might be malware-infected computers nearby the typewriters.

    Anyhow, basically, the technology used to do automatic speech recognition would make short work of tapping typewriters, so they’re fooling themselves if they think this’ll make much difference.

    BTW, I have a strong suspicion that the Germans’ outrage is all a big charade. Every major country has big spy operations. The NSA is neither unique nor the first of its kind. The Germans could not have been ignorant of at least the general nature NSA’s dealings before Snowden, so while they openly object, secretly, this is business as usual. By doing this, they fool their people into thinking they’re not being spied on by their own government and, using the US as a scapegoat, they also generate a degree of solidarity. Russians spy operations, of course, are way worse, so their objections are the same bullshit. And the Chinese government is all about lying to, well, basically everyone while they use both capitalism and cyberwarfare to take over the world and control everyone, so their recent statement about the iPhone is also a crock of shit.

    This reminds me of Andrew Cuomo’s push to restore trust in government. The whole idea is disingenuous. Governments, like any large organization, are only going to do what the people need only with checks & balances and transparency.

    And as a final note, I believe that the stated purpose of the NSA is a good one: Mine publically available data to identify terrorist activity. That sounds like a good thing to do. It’s the illegal violations of privacy that are wrong. They violate our rights because it’s inconvenient to get the info they need some other way. It’s also inconvenient for me to work a regular job instead of selling drugs. There are much more convenient ways to achieve my goals that I avoid because they are wrong. To do their job, the NSA needs to find clever ways to acquire the information they need WITHIN THE LAW.

  17. The only way to combat NSA masturbation fantasies by jenningsthecat · · Score: 2

    Poison the well. Everybody, anywhere in the world, whether it be a government, corporation, or individual, needs to become skilled at disinformation. If everybody's default behaviour is to muddy the waters by generating all kinds of contradictory data, the background noise level becomes so high that discerning fact from fiction is very difficult. Governments and corporations already use this tactic against the population; I consider much of Prime Time and 'reality' television to be propaganda, a kind of cultural disease vector.

    Given that the genie is out of the bottle and privacy is dead, it would be best for everybody to know everything about everybody else, until the data becomes meaningless because of its sheer volume and commonness. If all possible information about what's going on is available to everyone everywhere, then it becomes essentially worthless. But the TLAs and corporations won't let that happen - they'll always be one up on mere citizens when it comes to info gathering. So maybe it's time for everyone to start sowing disinformation. That would make the world really, really suck; but it would probably suck a lot less than it will if the ultimate goals of Big Brother are achieved.

    --
    'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
  18. Re:Don't forget to burn the ribbon by whitis · · Score: 3, Interesting

    Typewriters make many copies
          - The paper copies
        - all the drafts you have to redo.
          - the ribbon, especially film ribbons which often make a nearly perfect unencrypted ticker tape copy
          - the carbon paper between sheets
          - the impression on the platten
          - The unique accoustic signature of each key
          - the electrical signature on an electrical typewriter which is radiated through the air and power line.

    In addtion, sensors can easily be put in the typewriter and some typewriters have electronics that can be tapped into. Documents are stored in the filing cabinet unencypted and any copy logging has to be done manually. The typewriter doesn't log when someone accesses a document or types up a copy. It dowsn't lock automatically when you walk away from your desk. To make up for the lost efficiency, entire armies of near minimum wage typists and filing clerks (two legged security holes) will be needed.

  19. Re:Its a step in "rightish" direction by duke_cheetah2003 · · Score: 3, Interesting

    Totally alien networking protocols. Stuff so different that nothing else on earth can interface with it or even knows how it works.

    Like.. um.. Novell Netware on ARCnet? :D

  20. Enigma by aviators99 · · Score: 2

    Check the museums and see if the Enigma Machines (http://en.wikipedia.org/wiki/Enigma_machine) are mysteriously missing. A layperson might call that a "typewriter".

  21. Security requires availability! by bbasgen · · Score: 4, Interesting

    The core components of information security are often misunderstood. The triad of confidentiality, integrity and availability are important to consider. There is a symbiosis between these three components. For example, if confidentiality and availability is highly restrictive, can we really be confident in the integrity of the data with so few people who have such limited access?

    The old adage, being so tragically expressed here in real world terms, that the only "secure" computer is locked in a vault at the bottom of an ocean belies the very nature of security. For data to be useful and meaningful, it must be accessible to the people who need it when they need it. Failure to properly deliver accessibility will consequently build pressure on confidentiality (e.g. it will be shared inappropriately) and/or data integrity (e.g. the data will grow stale/irrelevant/etc).

    A typewriter is a medieval instrument for data security. Because they have rockets, they might as well start building castle walls. They are, in essence and by design, surrendering. Sun Tzu would be proud of such an adversary that could create this result. Masterful.

  22. Re:The only way to combat NSA masturbation fantasi by Anonymous Coward · · Score: 2, Informative

    If all possible information about what's going on is available to everyone everywhere, then it becomes essentially worthless.

    No. I can still single you out and destroy your life with that information. Well funded entities don't even need to single out anyone to take advantage of that flood of information. What seems like vast, insurmountable amounts of data to you is but a challenge to data scientists. Just because you couldn't make use of the information to your advantage doesn't mean nobody else can use it to their advantage, and that is precisely the problem. The small amount of disinformation any individual could sow is easily separated from the ubiquitous sources of accurate information which are beyond the control of the individual.

  23. Re:Don't forget to burn the ribbon by DNS-and-BIND · · Score: 2

    You go on and on about these supposed weaknesses - but each and every one of them requires physical access. None of these can be done over the internet. I think the idea is that they'll consciously choose to accept these risks as the others are worse. Nice to see you're slagging the idea as idiotic, though. Nicely done.

    --
    Shutting down free speech with violence isn't fighting fascism. It IS fascism!