Numbers Stations

On numbers stations.

Tags: , , ,

Posted on May 30, 2018 at 6:04 AM • 6 Comments

Comments

yet another BruceMay 30, 2018 7:46 AM

The article refers to "false addition" in the use of one time pads. Anyone know what this is?

TatütataMay 30, 2018 8:21 AM

As a kid back in the 70's I used to listen to a lot of shortwave radio.

A numbers station came on frequently booming on the 49m band. I must have jotted down several pages of numbers groups in the vain hope of making sense of them. The signal was solid with no fading whatsoever. I always assumed that it was radiated from the state broadcaster's HF facility across town, which has long since been dismantled. Might be worthwhile to FOIA, but the request would have to be rather indirect.

It's something of a pity that shortwave broadcasting mostly went out of fashion. It died perhaps with the last illusions of western and eastern moral superiority... With the present availability of dirt cheap signal processing power, and standards such as DRM (Digital Radio Mondiale), the possibility of a channel mostly impervious to state censorship would surely make the cold war propagandists of yesteryear drool.

Can there really be that many deep implanted agents ready to accomplish their dastardly deeds at any moment on instructions radioed by foreign spy master?

Just owning a good shortwave receiver in 2018 might be considered suspicious in Beijing or Teheran.

If one wanted to implement from scratch the equivalent of a numbers station today, what would one use? Satellite radio and TV? But connecting a computer to such receivers might be too conspicuous.

Steganography in a video stream? But youtube/dailymotion/etc. can be censored wholesale. I believe I heard of low power radios used along the iron curtain, but never saw details about them.

SpookyMay 30, 2018 8:25 AM

@ yet another Bruce,

It is a sketchy reference to modular arithmetic; I've never before heard it referred to as 'false' addition/subtraction. In the article, they are probably imagining that the letters of the alphabet can be numbered 1-26 and then modularly incremented against the random numbers of a one-time pad (each number in the pad is a random value from 1-26). For instance, if you have the letter 'Y' or 25 and your one-time pad value is '3' you would move forward three positions in a circular fashion to arrive at the letter 'B' and so forth. The person decoding the message has the same pad, so when they encounter 'B' at that position they will know to roll back three positions to 'Y', etc.

Normally, when you are processing digital data against the modern equivalent of a 'one-time pad' (e.g. a randomized stream), the 1's and 0's of your data are XOR'd (Exclusive OR'd) against the random 1's and 0's of your pad to produce the ciphertext. The person receiving your enciphered message then XOR's the ciphertext against the same binary digits of their copy of the 'one-time pad' to recover the original plaintext. You'll see the term and concept referred to in these forums as a OTP, as it gets used quite a lot... :-)

Cheers,
Spooky

David RudlingMay 30, 2018 9:02 AM

Numbers stations are inextricably linked to short wave radio. In the days when short wave radio was widespread for public broadcasting, possession of such a set was innocent enough. As has been pointed out possession of a short wave radio these days is sufficient in itself to be suspicious. The universal communications medium today is the internet. My own view of image steganography is that it is too easy to detect and fatally suspicious because it is not widely used by a mainstream app. Hiding in plain view has to be the preferred means of hidden delivery. One time pad numbers embedded within e.g. a spreadsheet of otherwise innocent data should be easy in a world of international e-commerce. Others on this forum can doubtless offer much better suggestions. That encrypted data needs to be effectively invisible should be a fundamental tenet of overcoming universal surveillance, not just for the former users of numbers stations.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

← Kidnapping Fraud

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.