How to catch a spy that is using a numbers station – The KGB Experience(numbers-stations.com) |
How to catch a spy that is using a numbers station – The KGB Experience(numbers-stations.com) |
Peter started as a radio engineer so there first part of the book is slightly technical. Last chapters are more psychological, also very interesting.
1977. Video equipment was VERY different then, especially on that side of the iron curtain. It would have had moving parts, motors, probably requiring a degree of soundproofing. I want to see pictures of where/how they hid this stuff because it wasn't easy.
- How do you know the KGB is surveilling you?
- A new wardrobe has just appeared in your apartment.https://www.independent.co.uk/news/world/asia/china-uighurs-...
"China sends state spies to live in Uighur Muslim homes and attend private family weddings and funerals"
Talk about power though, imagine getting a knock on your door and being told "you're moving apartments, and don't ask why or who we are.".
(Indeed, the story as written does have Hollywood MacGuffin floppy disk written all over it, in that I'd find it implausible that, even in a war zone, no one kept anything on-prem, or at least backups? At least performing a "kill -9" via Hellfire missile does upstage Stanford gangstas https://www.youtube.com/watch?v=Fow7iUaKrq4 .)
[1] Compare https://www.haaretz.com/israel-news/.premium.MAGAZINE-why-wh... and remember that the case of TFA starts in 1974 with social engineering via "Nadia." I'm pretty sure the Arthashastra mentions social engineering via thirst trap, and https://en.wikipedia.org/wiki/Xi_Shi has a similar story. Then there's https://www.theatlantic.com/magazine/archive/2001/12/all-you... 's account of deradicalisation via honey trap.
Q. How did Adam and Eve anticipate the twenty-first century?
A. They failed to read Apple's Terms & Conditions and got in trouble for misunderstanding the Privacy Policy.
Seems like the "Negus" device is a photo-camera with a large magnifying attachment, sturdy base, stereo viewfinder, and knobs for focus. I found a description and some pictures here: http://ussrphoto.com/Wiki/default.asp?WikiCatID=46&ParentID=...
https://en.wikipedia.org/wiki/Hershey_fonts
Edit: the bus stop has been replaced, and the kerbside tree is gone: https://www.google.com/maps/place/Druzhby+St/@55.7139414,37....
(it was conveniently located between an "embassy row" and a nice park with scenic overlook)
https://www.google.com/maps/@55.709541,37.5422738,3a,75y,90t...
https://www.google.com/maps/@55.7272732,37.5479753,3a,75y,15...
(unfortunately nowhere near close enough to see if the sign is still there)
Do you have any idea what they are talking about here? I'm imagining dispersing some invisible chemical (or isotope maybe?) in his house and then looking for increases in concetrations in areas where he might have been to.
In SpyCatcher, Peter Wright describes contemplating a similar system to catch spies removing sensitive documents from MI5. From the book:
"I was asked if there was any technical way we could prove Vassall was removing documents from the Admiralty. I had been experimenting for some time with Frank Morgan on a scheme to mark classified documents using minute quantities of radioactive material. The idea was to place a Geiger counter at the entrance of the building where the suspected spy was operating so that we could detect if any marked documents were being removed. We tried this with Vassall, but it was not a success. There were too many exits in the Admiralty for us to be sure we were covering the one which Vassall used, and the Geiger counter readings were often distorted by luminous wristwatches and the like. Eventually the scheme was scrapped when fears about the risks of exposing people to radiation were raised by the management"
Peter Wright also described a radioactive agent for discovering secret writing, which may be similar to how the secret writing that tipped them off was detected on the letters to the embassy to begin with:
"The techniques of secret writing are the same the world over. First the spy writes his cover letter. Then he writes the secret message on top, using a special sheet of carbon paper treated with a colorless chemical. Tiny particles of the chemical are transferred to the letter, which can then be developed by the recipient. Most developing agents make the chemical traces grow, so that the message becomes legible, and unless the correct agent is known, the message remains undetectable. But Morgan created a universal developing agent, using radioactivity, which transformed the possibilities of detection."
Makes you wonder if the person removing the documents was management.
I had been joking about www.duckdascism.gov in https://news.ycombinator.com/item?id=24458630 but https://news.ycombinator.com/item?id=24526075 has people who've used that channel. (for the record, ~64kbps is more than most people had over dialup in the early days of the web)
Unless you co-opt a page everyone "listens" to, such as facebook or something.
1. Do not try to sneak stuff past the Russians in invisible ink.
2. If you are a spy and your friendly neighbours suddenly have to move, consider taking an unscheduled vacation in GTFO.
After release he demanded compensation from the US embassy, but was denied as a non citizen.Additionally a lot of "weather stations" around the world are simply number stations. They vary the numbers reported, and wherever they diverge from whatever is determined in advance as the "canonical" source is how information is communicated. This paragraph and the above are just my personal observations please note.
Lastly good examples of weather stations in general (not actual spying things please note) can be found here [1] and here [2].
Wouldn't a MQTT station be lacking one of the major advantages of a radio number station - that it is very difficult to know who is listening to the broadcast.
Using weather reports (or obituaries in newspapers etc) are not number stations, though they can be used as covert channels.
Money Ideology Conscious/Coercion Ego Revenge and Sex
(The last two are less relevant in hacking/tech but more relevant in straight espionage.)
Interesting story back when I worked for Poptel which was the ISP the labour party used back then.
I had to look up something on our internal system, and was distracted and just hit return when searching and pulled up Tonys's a account details.
When we had uploaded all our data from the internal system some one thought it would be fun to make Tony the first entry in the data base.
Of course hacking Us would have pissed off our ops guys in Manchester who where members of the UK arm of alt 2600
(Compared to sweden[1], the PLO[2], or even a japanese 財閥[3], either ISIS took a cavalier approach to hooking up their "Cyber Caliphate" or he was not as important as the article, and british tabs, made out.)
[1] https://en.wikipedia.org/wiki/House_of_Bernadotte#History_of...
"On 21 August 1810, the Riksdag elected Jean Baptiste Jules Bernadotte, a Marshal of France, as heir presumptive to the Swedish throne."
[2] https://www.theatlantic.com/magazine/archive/2001/12/all-you...
[3] https://www.kalzumeus.com/2014/11/07/doing-business-in-japan...
This approach offers a way of transmitting much more data, on demand, with very little risk of detection of either the existence of the communication channel itself, or of the recipient.
The recipient could casually watch on wifi in a food court, using a modified app, while eating lunch. They would obviously need to exercise good secops, presumably as part of their trade... it seems quite a reasonable approach to me, but I’m no expert, it was just a thought.
So the counterespionage personnel may be able to track who has watched one specific video, but only if they know which video to track.
It’s clear that the poster you’re condescending to understands this.
In an ideal situation. In a realworld situation that means running wires through walls, not something done easily in this situation. Hiding a camera in a bookcase is easy. Secretly running wires from that bookcase to a recorder in the next room is not.
Modern receivers use quadrature sampling detectors rather than traditional superheterodyne. In that setup any leakage would be on the same frequency and harder to detect.
More importantly, there's a lot of background noise on HF bands that will mask that weak signal.
These days, of course, our communications pass through various boxes that can automate inspections, so no need to involve wetware.
Keyword search in 1960s US: https://en.wikipedia.org/wiki/IBM_7950_Harvest#Usage
If you've never built a radio and tried to shield this unintended export than I can totally see how you might think this is just a matter of careful design and more shielding but it really is a lot harder than that and you will simply never reach zero to the point where even an ordinary spectrum analyzer hooked up to the input of your radio will not show the oscillator frequency as a nice fat peak.
I learned a lot during that project, especially how hard it is to make an oscillator that does not radiate. So, it got to the point where I could reliably detect the receiver from about 100 meters away, fortunately the counterparty never started out from the assumption that it would be in that particular location to begin with. Trawling for a signal is a lot harder than verifying that is is there. But if you know the modulation and the frequency the receiver uses for its mixing stage this is a very hard problem to solve in such a way that there is absolutely no power radiated out of the reception antenna. Any kind of magnetic or capacitive coupler is bi-directional. Maybe with today's hardware capabilities it would be possible to pull the whole thing into the digital domain at a very early stage and that way I can see a few options to make it 100% clean but in the analog domain I do not see a bullet proof way of achieving this.
[0] http://www.kr1st.com/swlloop.htm
[1] https://www.fmuser.org/fm-receiver/receiver-antenna/DE31MS-l...
Number stations on short waves all use AM, so you know the modulation. But you don't need to know it, superhet works the same way with any modulation. You need to know the number station frequency, receiver's intermediate frequency, and guess whether its above or below.
> in such a way that there is absolutely no power radiated out of the reception antenna.
I'm not saying there is absolutely no power radiated out of the reception antenna, only that there is not enough power to reliably detect and localize, given the noise and interference from other sources.
If you want absolutely no power radiated out of the reception antenna, you can still do it. Feed some local oscillator frequency, inverted, into the antenna to cancel the remaining leak. But as far as I know, nobody bothers since some leakage is not a problem.
> Any kind of magnetic or capacitive coupler is bi-directional.
True, but in many designs there's also at least one transistor stage in the preamp, and that is not bi-di. There is some stray capacitance between collector and base, but not much.
> Maybe with today's hardware capabilities it would be possible to pull the whole thing into the digital domain at a very early stage
It is possible, but unnecessary. The last radio I built has quadrature sampling detector with FST3253 and handful of op-amps. Most SDRs also do I/Q sampling with two slow ADCs, much simpler than a single high-speed ADC.