Secret Radio Stations by the Numbers

One thing has stayed with the James Bond movie franchise through the decades: Mr. Bond always has the most wonderful of gadgets. Be it handheld, car-based, or otherwise, there’s always something to thrill that is mostly believable.

The biggest problem with all of those gadgets is that they mark Commander Bond as an obvious spy. “So Mr. Bond, I see you have a book with many random five character groups. Nothing suspicious about that at all!” And we all know that import/export specialists often carry exploding cufflinks or briefcases full of unknown electronics in hidden compartments.

Just as steganography hides data in plain sight, the best spy gadgets are the ones that don’t seem to be a spy gadget. It is no wonder some old weapons are little more than sticks or farm implements. You can tell a peasant he can’t have a sword, but it is hard to ban sticks.

Imagine you were a cold war era spy living in a hostile country with a cover job with Universal Exports. Would you rather get caught with a sophisticated encryption machine or an ordinary consumer radio? I’m guessing you went with the radio. You aren’t the only one. That was one of the presumed purposes to the mysterious shortwave broadcasts known as number stations. These were very common during the cold war, but there are still a few of them operating.

About Number Stations

There are actually several types of number stations, but the prototypical one is simply someone on the air reading lists of numbers (or sending them via Morse code). Some read off other coded messages (like phonetic alphabet letters) or have sounds in the background that may or may not be digitally-encoded messages. One even used a sound clip from a Yosemite Sam cartoon to separate bursts of data.

Conet Number Station Poster
Conet Number Station poster

According to the Conet Project, number stations were heard as early as World War I. In most cases, no one knows for sure what the purpose of the stations are, but there are dedicated groups that try to locate them and even decode what they are saying. However, it is thought that most of them use some form of one time pad cryptography which makes trying to decode them a very long shot. It is pretty widely accepted, though, that the purpose of most (if not all) of these stations is to deliver clandestine messages.

For example, suppose I wanted to send you secret messages so I give you a shortwave receiver. I tell you to listen to a certain frequency at a certain time and I read off a series of numbers. To decode my message, you treat the numbers I read as a page number followed by a word number in, for example, a newspaper that is a day or two old. As long as you keep a copy of the newspaper and you have the radio, I can send you messages that would be very hard to decipher unless someone told you what newspaper we agreed to use. This is a form of one time pad, and if you keep the secrets, the method is practically unbreakable. The key, though, is that when they search your hotel room and find a shortwave receiver and a few days of newspapers, that’s not particularly suspicious.

enigma-2000-screenshotThere’s a group called ENIGMA 2000 that catalogs and analyzes number stations, producing the Enigma Control List (although the latest one is a few years old). They have a naming scheme that identifies stations based on language or other characteristics of the signal. For example, stations starting with E broadcast in English, while stations starting with S broadcast in a Slavic language. M stations use Morse code. Naturally, these are just handy designations (like E22). In most cases, we don’t know what the stations call themselves.

FBI Catches Spies Using Number Stations

Cinco_heroes_cuban_five_2In 1998, the FBI arrested five Cuban intelligence officers. The spies received messages via a numbers station (using Sony shortwave radios) and the coded messages were a big part of the FBI’s court case. The FBI acquired the software the spies used to decode the messages and were able to read them (and present them in court). This may be the only time that a government has admitted that these stations are tied to covert operations.

The Cuban Five, also known as the Miami Five (Gerardo Hernández, Antonio Guerrero, Ramón Labañino, Fernando González, and René González) were tried and convicted of conspiracy to commit espionage, conspiracy to commit murder, acting as an agent of a foreign government, and other charges.

In 2001 the Cuban government finally acknowledged that the men were intelligence agents. They did, however, maintain that they were spying on Miami’s Cuban exile community, not the United States government.

Why Now?

NumbersStation ThumbYou have to wonder, in this day of Internet and satellite phones, why these stations still operate. After all, a shortwave receiver is a bit more unusual today than it used to be. Maybe the receivers are camouflaged as standard radios and need some James Bond-style gadget to put them on the shortwave band. After all, a satellite phone implies you are talking to someone and Internet usage is traceable. Short of being caught in the act (or using software like the Cubans), there’s no proof of what you are listening to on a radio.

Still, it seems incredible that there are apparently still operatives somewhere right now copying encoded instructions from these number stations. You can only wonder what they are up to.

How Can I Hear Them?

If you have a software defined radio setup, that’s perfect. Of course, a general coverage receiver or a ham radio that has a wide receive range will do the trick too. An easy way to find common stations is to look at the online page that shows what is on the radio at the current time. Look for entries with the word “spy” in them. Another site that reports spots of these kind of stations is Spy Numbers. You can search their database to see what other people have recently heard and enter your own spots, although activity there is relatively low (there have been about 30 entries in the database this year). There’s also a pretty active logging forum you can try for tips.

Of course, it is even more fun to find them on your own. If you don’t have a radio handy, this might be a good use of one of the Web SDRs we’ve covered in the past. This also gives you the opportunity to listen from some location other than your own (as well as making it easy to record what you hear).

Just be careful. Eavesdropping on spies can give you the creeps. Especially if while you are listening, you hear a knock on the door….

122 thoughts on “Secret Radio Stations by the Numbers

    1. Read the wiki article. Basically the Cuban Gov’t tried to use the FBI to arrest one guy but the FBI used the info to dismantle their spy cell instead. But the Feds had been watching the cell for a while prior to this, they just didn’t have enough.

  1. I would encode secret messages into spam mails and send them to thousands of random people and one spy. Spammails today often include random words to fool spamfilters and sometimes garbage, i think those might be secret messages unseen by the eyes of the NSA-lineeater. :)

      1. @thoriumbr- True ‘dat! The script-kiddies at the Puzzle Palace at Ft Meade (No Such Agency) just love reading HaD posts to get fresh ideas, Keeps our tax dollars working to defeat the bad-guys (and there are a lot more of them than the usual suspects in caves in the news). There are some really smart cookies in the “vault” 100x smarter than Snowden ever was. And they are not college drop-outs like Ed was either. Actually anything we post was already old school stuff to them. The latest cyber-tech is 25-years ahead of what citizens & bad-guys THINK these guys have in their arsenal of toys. We need to stop bashing them and let them do their job in protecting us from the bad-guys.

        1. >Protecting us from bad-guys.

          The morality they use is wrong and twisted. They SHOULD be protecting citizens and individuals and DON’T realize the greatest threat to the US isn’t a foreign power or individuals. It is the multi-national corporates, their foreign interests and the collection, trade and sales of citizen person information.

          1. @GuiltyOvEverything – I don’t disagree with you. However, we have no idea what NSA’s POI target lists look like. You have to understand the MSM hype about ECHELON and others is just hype. EVERYONE is not the target. Agreed they are sifting (data mining) through petabytes of data for metadata, keywords, and phrases but they have strict guidelines on what goes to File 13 (i.e. circular file?) and ignored. Basically any CONUS to CONUS traffic is 13’d. But any CONUS to/from foreign target gets flagged for FISA Warrant. But that could be a multi-national in DC doing a business related phone call about Caspian Sea oil refinery pipelines to Gulf of Hormuz. That’s a keeper. But what do they do with it after they gather the intel is another story all together. During last admin that would be a special interest telephone call flagged by VPOTUS for special handling (file 13?). Because it dealt with his shenanigans. But Angela Merkel talking to a Kennebukport Maine VIP is something really need-to-know. What type of shenanigans is that? Even her own spooks need-to-know that.

            You globe trotting cheating on your taxes, sexting, porn surfing. etc. Is interesting for about 5 milliseconds before it goes to file 13. Probably even less. If you dont have a POI profile you are not important enuf’ to spy on. But let that be some Falafel-eaters in a cave near Lahore Pakistan chatting with a kid in Camden NJ… well that’s a different story. Just stay off the alphabet-soup’s radar on you wont get on a POI list (or wont stay on it for long). Keep phuqing around with all the anti-snooping rhetoric then not so much. It’s hard to figure out who the real threats are with so much chatter these days.

            But what do I know… I’m off my meds and hanging out with dumb and dumber, “You know the most annoying sound is? Me!” (LOL)

    1. Why? Simply post your secret encoded message to pastebin or some other anon location that is publicly viewable. do it from a burner device at a different location and the NSA will never track you unless you use that location and method again.

      1. “unless you use that location and method again”

        So… if you’re a nation-state intelligence agency who’s communicating with thousands, or tens of thousands, or covert agents around the world on a regular basis…

      2. One interesting method I’ve heard of in the mainstream media is to create an email account at, say, gmail, and write your message for someone else, but save it as a draft in the account. Then the intended recipient logs into gmail and accesses your draft folder, reads the message and deletes it.

        Having never crossed the Internet, interception is impossible, and the names of the sender/recipient are never known.

        Of course, gmail may do their own tracking, so a less-popular/nosey email provider may be a better choice…

          1. As random key presses, not a compartments lizard, addressed, easily-intercepted/subpoena’ message.

            It is the electronic equivalent of a ‘blind drop’ – neither need know the other to share info.

            >

          2. Viewing a draft email on a web server allows the reader to access the email without a copy of the message ever passing through an outside mail server and never leaving a copy of the email on the reader’s device.

            As I originally said, using gmail would not be the most secure option – but, if you had a private server you could enjoy a degree of ‘security through obscurity’.

            >

        1. Ken – Of course your last comment is real as hell. Look who helped that guy create and continues to innovate Google. Google: In-Q-Tel. Guess who that is?

          Your best bet is to use HUSHMAIL in BC Canada. If you send HM to another HM user it is in PGP (end to end). They also claim that they ignore subpoenas and warrants from USA unless the Canadian guberment’ makes them give in.What really tickles me is how the creator of the website ANONYMIZER knuckled under and is one of “them” now. Don’t use his product if you have something to hide from prying eyes. It used to be a great hiding spot – not any more!

          Remember that old bad-guy UBL? Or OBL to some? He had the perfect system that worked for a minute. He would just type up something in Arabic on his Windows NOTEPAD.EXE, convert it to a simple transposition cipher, save it to 3.5″ diskette (ie euphemistically called floppy disk), and send one of his kid runners to run it down to the local bad-guy for a hand-off (or dead drop) or allow himself to be pick pocketed in a crowd. Or the runner would go into town to the local Internet cafe and upload it to a field bad-guy somewhere in the world somehow. I think this is called SNEAKER-NET, Because the kids wore American sneakers?

          USN ST6 discovered this method when they smoked ol’ UBL in Pakistan back in 2011. Old techniques are coming back I guess. Sometimes the old-timers need to be re-deployed to show the youngsters how HUMINT really works, 8-P

    2. Brilliant idea and such trick was actually featured in some tv-series.. I just can’t remember the show’s name, shame on me!
      It was a spam mail about selling house or some travel plan, where they hid the passcode.. Was it Continuum? I really can’t remember.. will post again once I do remember..

  2. Some British official came as close to admitting it as we’ll prolly ever get. He said something along the lines of, “They’re exactly what you think they are.”
    Also if it’s a true one time pad, there’s no chance of decoding it unless they use it twice (honestly I’m still not sure how that even works). Since that’s the only known weakness, I doubt any government would be dumb enough to do so.
    The Conet Project is really creepy to listen to late at night. You wonder whose lives were ended just because of some random numbers

      1. @lwatcdr – Why risk an agent when you can risk a private contractor instead. It’s called “PLAUSIBLE DENIABILITY”. IOW instead of taking the hit with Congressional Oversight you could say: “Who me?” “Unh-uh sir… it was those crazy Blackwater dudes Mr. Congressman!”. Any way that creepy TV series Breaking Bad (TV Series 2008–2013) has given too many bad people some really bad ideas on this… 8-/

    1. “Also if it’s a true one time pad, there’s no chance of decoding it unless they use it twice (honestly I’m still not sure how that even works).”

      There’s a relationship formed between the pad (P) and the numbers (N1) such that the orignal message (M1) is basically some formulation like M1 = P X N1. Now if you use the same pad twice you would then also have M2 = P X N2. Since P is the same you can re-arrange the relationship to show N1 X N2 = M1 X M2.

      Since you know N1 and N2, you have a clue, but that doesn’t necessarily give you the answer. Each addtional message recieved with the same pad will give you a clue into what the pad is. If you know the format of the original message (like english text), you can brute force values for M1 computing the pad and then decoding N2 to see if M2 is valid information.

      1. Or setting your enigma machine predictably :P
        “Good operating procedures, properly enforced, would have made the cipher unbreakable” however they “continued to use its machines in the old way with the same indicator setting for all messages” – Source Wikipedia

        1. Same thing as how Japan never caught on to the fact that before they attacked Pearl Harbor we’d already broken their main naval code and had their list of Pacific targets and knew ahead of time the time frame for the attack. The only part we didn’t know was exactly which target on the list they were going to attack. They didn’t mention the specific target using that code. IIRC, the target order was sent out with the fleet instead of transmitted by radio.

          Anyone in intel in 1941 who had all that info and didn’t figure out that Pearl was obviously Japan’s #1 target… They probably did, which is likely why the radar that spotted the Japanese attack coming in was ordered to shut down and why our aging fighter planes were ordered to be lined up on the ground in neat rows to be more easily strafed and destroyed.

          Japan never changed that code, kept using it through the whole war. Someone over there wasn’t too bright when we kept showing up at the same places their ships did.

          1. I don’t think they used the same ‘indicators’ (which I take to mean ‘wheel settings’ – I believe the downfall of Enigma was their inability to maintain physical security of the boxes and their insistence on including certain phrases in many/most messages and sending a very predictable message right after resetting their enigma machine decoder rings each day.

            Source – recent Hollywood movie

            >

    1. In the early 2000s or maybe late 90s Nova (on PBS) dud an EXCELLENT show explaining how one time pads are used. It is amazingly simple but awesomely secure just sol long as the users are well disciplined. One spy was caught because he used one page of his pad twice and that is all the CIA, FBI or whomever needed yo catch him. Many spies added an extra level of complexity by converting the numbers to the shortest Morse code letters because letters are simpler, faster and cheaper to send by Morse back in the telegram days. If you find the show give it a watch and you’ll be really amazed by what can be done with paper and pencil and a little discipline. One time pads are fricken’ sweet.

      1. @Sgt Sandbox – True! But the motel Gideon Bible is the best. There’s one in every hotel/motel (kinda sorta). You could use a OTP based on the page number and number of characters form the first character on the page. It’s old school and PI’s and GRIFTERS use it too. You don’t need to get a newspaper from the front desk as the bible is in your room’s desk drawer courtesy of those ubiquitous evangelicals from 1899. You can use a simple changing transposition code to keep it different each time. A steganography stencil grid is cool too, to reveal words needed but don’t get caught with one in-country as it does look quite suspicious to be carrying around in your luggage.

        You can still use MORSE CODE with a really cool Google Play app that turns your smartphone’s camera and flash into a text to slow-Morse transceiver. You don’t even need to know how to use MC. The range can be extended with a simple Fresnel Lens reader card from Walmart opticians department or a cheap smartphone 8x telescope mail order from Hong Kong.

        1. Just to point out to everyone, using a commonly available entropy source (newspaper, Gideon bible etc) for a OTP is a really bad idea. In this modern world, it is a trivial matter to throw a received message and the transcript of all these sources at a computer and very quickly break the message.

          That said OTP encryption is uncrackable, but only if:-
          a) The pad is truly random
          b) Each section of the pad is used once and once only
          c) The pad content is known ONLY to the sender and receiver
          Break even one of these and it falls apart. That the amount of key material needed and the difficulty of safely transporting the key material is why this form of encryption is rare and for small messages only.

          The only real advantage of number stations as one way agent comms is that the receiver can remain anonymous by the fact that they can be anywhere in the SW footprint of the signal which is Millions of square miles.

          1. JUST BRAINSTORMING WITH YOU

            @Gary Marriott – Could a randomizer-based secret comm system (voice or text) be based on two agents pointing a telescope at the same star within the same geographical area? It would have to be the same area at no more than same hemisphere because the twinkle effect is different in different areas due to the atmospherics causing it.

            The telescope would have a sensitive photo diode in the eye-piece which is fed into say a NE555 and generates random tones based on the star’s twinkle. I’ve seen low-horizon stars twinkle almost like it was Morse Code speed. I couldn’t tell if it was a star or an airplane flashing it’s running lights. If you watch it long enough you can tell it’s a star though.

            Using a simple inversion scrambler you might be able to cloak your speech over a common communication channel. The two agents would either have a list of Yale Bright Star Catalog of 9,110 stars to work with or a pre-arranged time table and same star like Ursae Minoris.

            Of course local atmospherics could make the pattern different if viewed from several miles away. So maybe two agents in the same town would be successful even with local air pollution changing the pattern, They’d both see the same changes.

            I personally like the idea of a one-way VLC system that uses a red laser reflecting off of a giant silver gazing ball on top of a tall building with a photo detector under the ball. The PD feeds into a hard-line comm system to somewhere or a omnidirectional rf channel. The agent simply uses a tripod-based laser communicator to paint (illuminate) the base of the ball from any ground point in a 360° circle around the building from miles away. Couple that with a web cam telescope for aiming. Once pinpointed and locked on they switch to bore-sighted IR laser to hide the laser beam. Now just say what you need to say into the one-way VLC channel, Answer back is via another method.

        2. the “person” doing the recitation of the numbers is usually just a robot of some sort. Think Siri, Cortana it that friendly operator who just told you, “The number you have just reached is no longer in service.” It’s pretty easy to find samples of the numbers stations online, I used to have a small collection of English, Spanish, Chinese, Korean and Slavic numbers readers as WAV files.Most of them sounded like samples of each number being used over and over.
          A station or two has been found, but they have almost nothing in them or they were just repeater beacons.
          Watch that Nova documentary and you’ll understand why they did it the way they did.

          1. If you have Windows 8, and up I think you not only have built-in voice recognition but also voice synthesis called TTS..http://www.youtube.com/watch?v=xNLygOujiW4

            Turn of all reading. Set voice to HAZEL (UK) as she does not convert numbers to hundreds and thousands. However if you give each number a new line and put space between each number.

            There is a JavaScript app that allows you to do TTS in Chrome and IE but not Firefox. Its cakked “speak.js”

          2. All the common numbers stations locations are well known, they are all part of government shortwave transmitter sites (which are impossible to hide considering the wavelength of sw is in the hundreds of feet).

    2. I would think sending the next pad would be insecure since if you are broken. In Philip K Dick’s novel A Scanner Darkly, Archer got his pay and orders by putting a special coin in a vending machine. It would also give him the next coin. But that’s a physical token.

  3. @Al Williams – Technically JAMES BOND was not a actual MI6 “spy” (per se). He was actually what is called a “mechanic” in the parlance. The euphemism suggests that he “fixes” things that need to be fixed with a little “wet work” (old KGB term for murder). That’s why the writers say he has a “License to kill”. Only a mechanic is usually an outside independent contractor or a matrixed military person. The double oh’s were paid UK government employees answerable to the MoD (Ministry of Defence). The actual original writer was in fact a spy during WW2 but mainly did it from a desk job (i.e. Ian Fleming).

    Today’s USA “mechanics” aren’t answerable to anybody (per se). They are usually Academi (aka Blackwater) employees (and others) and you can see from the news media they are usually loose canons (literally). Look up the incident in Lahore Pakistan re: Raymond Allen Davis incident back in 2011.

    Regarding your subject matter: NUMBERS STATIONS (NS)- Sometimes the numbers mean absolutely nothing at all. They could just be red herring transmissions to throw number crunchers into a lot of busy work which only bogs down the system (e.g. the intent). A good movie with John Cusack was The Numbers Station (2013).

    A really cool hypothetical remote NS setup could be an internet-attached PC running at a anonymous dead-drop station (ADDS) with a streaming text receiving app (via blog, email, or sms reader) and a streaming broadcaster app. The text receiver would take in OTP text codes from field agents who knew the email address or static IP address of the ADDS. The device would repeat the codes verbally (voice synth) into some streaming voice app like Open Broadcaster Software (OBS is free). Then any other field agent could dial into the ADDS to anonymously listen to the stream at prearranged broadcast times or on-demand database (i.e. send last transmission button). However, the IP addresses would all still be traceable but to where? And what do the OTP NS messages say? Who knows?

    However, take a lesson from the MI6 huge cluster-phuq (Brits call it a cockup) in Moscow back in 2012 with the fake spy rock incident. It used a similar technique above using a repeating PDA hidden at a ADDS in a plastic rock in a Moscow park. It was battery operated. The agent screwed up and tried to repair a dead battery and was spotted by FSB agents who were tailing him. Lesson learned: NEVER go back to check on your ADDS. Once installed it’s gone forever to you. So use cheap parts or just don’t do it… ;->

    SOTB

    1. I was surprised that Ames would signal his handlers by making a chalk mark on a mailbox. If you were under surveillance, they know you were doing something. Better to say my blinds are half open I the right and closed on the left or something.

      1. @Al Williams – Aldrich was not very bright. He drug his wife into this mess too. There was a lot of trade-craft he could have used that would have been better to make contact with his KGB handlers. Con-Artists and Grifters have a secret code system they leave on bus stops and other signs to indicate secret messages. You probably see them everyday on your way to work and think they are just urban gang codes or something. Deep Throat (FBI agent) used that blinds technique with the Washington Post reporters I think. Crack Dealers throw tennis shoes over telephone lines to indicate “Crack house here!” to their customers. For some reason local yokels (cops) haven’t caught on to that yet. DEA does but LY don’t like listening to feds I guess…

        Defacing a USPO mailbox is a federal offense I think. If the mail carrier sees a chalk mark or duck tape he/she will either clean it off and/or report it to their supervisor. The supervisor will probably contact local FBI field office too. So all in all its a bad idea. Pesky kids could even change the mark and the handlers will be confused. I think the dead drop methods used by Walker, Boyce, Hansen, and Pollard were pretty creative. Nowadays you could just post something obtuse in CRAIGSLIST community section and that would suffice. Another quick & dirty idea would to transmit in the blind something quick and obtuse periodically on a common cheap CB or FRS radio on a prearranged channel. You would only get a number of enigmatic clicks back meaning message received or nothing at all – just show up at dead drop.

  4. How are so many of the stations’ operators unknown? Any RF-emitting device can be located fairly easily, so is it just a matter of tracking down the owners of the property from which the stations are broadcasting?

    1. @YohannesR – Well it doesn’t really matter where the numbers station girl is. She’s just a overt government employee doing her SQUARE JOHN job. She’s not a spy and is not read into any ops. She is clueless. She just reads numbers. She has no idea what they mean. Watch the movie THE NUMBER STATION (2013) to get a flavor for it. Also the owners of the property are usually an array of dummy shell corporations that lead a tracker down the garden path of anonymity. Like chasing a wild goose. Numbers stations hide in plain sight.

    2. Nowadays the location of most long term operational number stations is fairly well known, but exact pinpointing is difficult as they are often located “somewhere on military installation XXX”. Many of those bases then share operations between different nations. Especially in Russia and the Balkans these bases are MASSIVE and very remote.
      Lots of number stations also operate only for a short timespan, popping up, transmitting for a few days and then shutting down again. I’ve read reports of numbers stations that only operated on certain days of the week, at (seemingly) random times, possibly from different locations. It becomes very hard to track a station like that

    3. It’s generally easy to work out the nation that’s operating a particular numbers station, but the recipient(s) could be anyone with a radio within range, and they use very large transmitters that can cover most of Europe (for example).

      1. I personally don’t like the SWL method because all of those radios receivers have supehetrodyne local oscillators which are nothing more than tiny traceable RF transmitters.If someone had a super sensitive mobile listening post with directional antenna, you could find anyone in a local area listening to the numbers station in question. You need a direct conversion radio with no local oscillator. I think SDR qualifies for that. Not sure. There’s a scene in the movie ENEMY OF THE STATE (1998) in where the NSA does just that and catches Will Smith listening to a wireless mic on Gene Hackman posing as a police officer.

        BTW has anyone else noticed that Gene Hackman was just acting out his movie THE CONVERSATION (1974) in ENEMY OF THE STATE?

        1. Determining the frequency someone is receiving by detecting his superhetrodyne radio’s local oscillator frequency only works because commercial radio receivers use standard intermediate frequencies, generally 455 KHz or 10.7 MHz. I think that SDRs are safe from this since any local oscillator is used only to tune to a particular band of frequencies. This means that the local oscillator frequency will be the same as the user tunes through a range of frequencies within the bandwidth of the ADC used to digitize the signal. For baseband SDR, there is no local oscillator at all, with the arguable exception of the clock oscillator for the DSP, but that is fixed and therefore not useful.

          I think this makes SDR better for surreptitious receiving of radio signals. In the US for example, only a small fraction of people even own receivers capable of tuning to shortwave frequencies, so the ownership of a Grundig or Sony SWR (which are kind of expensive) is a red flag if discovered during a cursory search, leading to a more thorough search. Since SDRs are widely used for USB TV tuners, plausible deniability goes a lot further if one of these is found. BUT, you have to have receiver software that keeps no record (even short-term) of the frequency you’re listening to, since computers are notorious security leaks. Even displaying the tuning frequency on the screen can be detected by various means.

          1. @John – I agree I think that is the essence of direct conversion radios I mentioned. However, superregen’s are very noisy and give off a lot of white noise (I think). Superregens MIGHT be able to detect FHSS (freq hopping spread spectrum) as they are incredibly wide-band. You can use a AM recv to SLOPE detect FM transmitters too (I think). Also using non-standard IF system doesn’t really help if the trackers are using a direct-access SA (spectrum analyzer). They detect a spike at let’s say at an arbitrary IF offset. They click on it and listen to the feed (I think). – I’m not sure about anything anymore since I am off my meds and incredibly dumb – I think! 8->

            Like BrightJim said SDR’s are pretty safe from that technique. However, they are not safe from NSA’s TEMPEST system. That ChipWhisper system too also can be deployed. The simple and cheap coil and crystal set with the piezo earphone that you hook to a radiator (still available at Radio Shack) can only detect very powerful AM transmitters, I agree that TTS is used for NS (as I proposed to the Sgt to create on his own with Windows 8 TTS or JavaScript speak.js).. However, I just saw a YouTube video of female NS operators practicing their Morse Code. They were Russians, I particularly like the RHAPSODY NS in Netherlands. They use a child’s voice. I think it’s one of ours (USA used for assets in Russia).

            Here’s an obtuse technique I wont expand on but it is old school and I never saw it hacked yet: remember the old telephone dial-able VHF FM voice pagers and a police scanner? Need I say more or do you guys need more…

            SWEDISH RHAPSODY (Starts at time-stamp 02:00)

            ————————–
            If anyone gets access to Internet version (i,e ala Megashare) of new Bond thriller SPECTRE please share!
            ————————–

          2. I’m not 100% sure on this one, but I believe most of the “leakage” in superhet radios is just the pure local oscillator signal getting coupled back to the antenna input, BUT if the radio isn’t well designed, then there is a certain amount of modulation of the power supply by the audio amplifier, which in turn affects the L.O. frequency, so the actual signal you’re listening to can show up as weak frequency modulation of the L.O.. This would probably not help that much with detection, though, since the L.O. leakage to the antenna is not all that strong, and would require being very close to the receiver in order to be strong enough to show up as more than a small blip on a spectrum analyzer. I worked on repairing and calibrating spectrum analyzers in the 1980s, and we often got portable units owned by cable companies. They used these for detecting people watching pay channels who weren’t paying for the service. They even had grease pencil markings on the screen marked “HBO” and “ST” for example, showing where the L.O. signals will be for TVs watching these channels.

            Thing is, there’s a relationship between sensitivity and bandwidth: the sensitivity of a receiver (or spectrum analyzer) is inversely proportional to its bandwidth. This makes it pretty easy if the person doing the monitoring is looking for a specific frequency – say the numbers station is at 3855 kHz, you can look very closely for L.O. emissions at +/- 455 kHz (the typical I.F. frequency for AM radios), or 3400 and 4310 kHz, and you can zoom right in on these and use a very narrow bandwidth filter to see if any standard radio in your vicinity is listening to that station, then point your antenna in different directions to narrow in on it. But if you don’t know what I.F. frequency the radio is using (because it’s non-standard), you have to look at every one of the thousands of very weak signals in the spectrum, and it quickly becomes a futile task.

          3. BrightBlueJim – I’m only guessing here but if you were arriving in Moscow (i.e. Sheremetyevo), a KGB officer (now FSB) spots you and thinks you are a POI. He bumps into you and secretly marks you with female field cricket pheromone. He does this with a dozen or more other POIs that arrive everyday. His operatives carry a male cricket in a matchbox. When the cricket goes wild in the box the operative tails you all over town. You go to your hotel room and take out your really cool looking Grundig digital LCD SWL radio to copy your Numbers Station instructions. They have a hotel room one room away from yours either vertically or horizontally. They point a yagi-uda antenna at your room. They are trying to pickup if your SWLing. Failing that they have the maid bring you some towels and she plants a passive cavity resonator bug in your room (probably the bottom of your drinking cup or some other innocuous location) . You RF sweep the room and detect nothing. You use your nifty silicon junction detector and find NOTHING! So you think your OK to fire up the SWL again or make contact with your handler from your room on your satphone. They turn on the microwave or ultrasonic dish pointing at your room and the passive cavity resonator goes to work picking up your audible conversations.

            Those guys are so damn good at this stuff…

    1. You probably already know this, but I’ll bite anyway: Numbers stations are only useful for getting information from the big, strong organization to the small, vulnerable field agent. So no, nothing you hear there is going to be someone’s dinner order. It COULD be an advertisement for Jimmy John’s, though. To avoid giving up information to traffic analysis, numbers stations will transmit sequences on their regular schedule, even if they have nothing to say. So I could just see McDonalds or Target making a deal with the TLA to transmit ads whenever there’s no real message traffic…

      1. Oh! OH! But wait, there’s more: as an incentive to your field agents to actually decode their message traffic every day, on slow days you can send coupon codes that get them a free cheezburger!

          1. The US Navy has secure one-way communications links world-wide, that can be used to transfer very low bandwidth data to submerged submarines as well as surface fleets. This is pretty much limited to coded messages decoding to things like “execute plan 25”, or “surface for detailed orders”. This is very similar to a numbers station in that a) the agency sending the message doesn’t have to know the location of the recipient, and b) nobody intercepting the message can determine where it is being sent, since it is being sent everywhere.

            It seems at first that it should be safe to use some of the unused bandwidth of systems like this for sending personal messages, but there are operational security considerations. For example, if there was a way for a family member to send messages, and there was any way at all to confirm when the message was received, then a network of agents could send personal messages at random times to various submariners, and glean some information from whether or not a message got through, and when. This applies even if the confirmation occurs after a delay. Like if the submariners wrote and dated replies to those messages, but couldn’t send those replies until days or weeks later. The agency could then make educated guesses on a submarine’s mission based on when it was and was not allowing sending of personal messages.

            And yes, the US Military takes this seriously, or at least it was during the Cold War. I have no reason to expect that they would have gotten lax about this since then.

          2. True FamilyGrams are still sent via ELF/VLF but not so much these days. Now I think they are sent via SLC. Of course all messages including EAM’s are sent with heavy encryption. Sailors names are never used. And the DoD is careful to structure the message not to be revealing of anything sensitive just in case there is a traitor aboard like that Jewish kid submariner working for for our “friends” (?). And of course there is no reply from the actual sailor until they return with the “broom” flying on the bridge – could be 1-6 months later. Same thing with spooks but no broom flying… either a star or no star on the wall. Your handler will just fudge it to your wife (i.e. lie to her?).

            You’re right about Hollywood. They have technical advisers too but they just feed BS to the directors and they buy it. Like the late Tony Scott’s Enemy of the State (1998) was really wrong about a lot of things (but right about other things) but what can you expect from their adviser an ex-DEA agent. Any movie with Bazel Baz or Beardon as TA is pretty right on the money. The GMAIL thing is good against private contractors like PI’s and such but a determined alphabet-soup geek analyst can get by that. Yes no SMTP is going out but TCP/UDP packets are still going from your router to the external GMAIL(et al – that’s dead latin) server. That’s detectable even with Phoebe’s (i.e. FBI) CARNIVORE system. I assume the IT guy helping Mrs. Clinton hide her Bengazi F.U.B.A.R. was thinking like you. That’s why she kept her mailserver BEHIND her private router in Long Island NY. She probably had a pinhole in the firewall to allow trusted outsiders to it (like only herself while in DC).

            In EOS did you notice the tumbling satellite was transmitting CQ CQ CQ DX? or something in slow Morse (LOL) And all that double-talk from Jack Black was hilarious. He’s funny anyway. Jon Voight said “Write it up as a FBI approval…” I guess to cover the FISA-less domestic surveillance angle? I’m sure all the Phoebe’s out there are going “I wonder if the NSA actually does that shiat?” I hope not or the USAG and Congress will go nuts! He got the “…,get two military cut-outs…” right. That would fit Academi perfectly. Bumping off the Lisa Bonnet was not correct at all. That;s way too messy and hard to explain. NSA CSS leaves that crap to the sociopaths on the other-side of the Potomac. ;->

          3. For sub’s they use SATCOM, like any other ship: http://www.militaryaerospace.com/articles/2015/04/raytheon-to-provide-submarine-satcom-antennas.html

            Obviously, submerged they’ll rely on VLF/ELF: http://www.globalsecurity.org/military/systems/ship/sub-comm.htm

            But, I’ve never heard of a FamilyGram when I was in the US Navy from 2002-2010, Not Once. We just used good ol’ email via a MS Outlook server with associated account. Obviously, OPSEC entails so depending on the situation depends if you can TX/RX, RX, or nothing. If no OPSEC we could even make phone calls.

          4. George – Like I said “… but not so much these days.” I know they let you guys bring almost anything aboard except the kitchen sink. The Familygram (no upper case G this time) was primarily a Cold War and before kinda’ thing: http://americanhistory. si .edu/subs/ashore/subfamily/index . html and also Wikipedia: Familygram.
            Remove all spaces to make the above americanhistory URL work. Done to prevent HaD moderation alert!

            I’ve questioned that habit you speak of as a OPSEC potential “situation” waiting to happen. Imagine that you are at ULTRA QUIET and an AKULA is looking for you hiding in the thermals. Let’s say the COB said it was OK to play your SONY MPEG player with earbuds only! But this one is SPECIAL. “Someone” smuggled a “buzzer” into yours. WTF is that? Sounds made up. Well yes it is. A “fictional” device that emits a high-pitch sound-wave at high decibels. The pitch is higher than 20 Khz so no adult aboard can hear it. Sounds like a frickin’ mosquito buzzing around to kids under 18 years old, Guess what? The STS on the Akula can hear it and track it too. Oona (HaD inventor) would love this thing as she would make it modulate data too.

            I read (or saw a movie) somewhere that some sneaky “rider” put a magnetic hydraulic-powered rotary device on a sub’s sail plane. It emitted high-pitched sound waves only whales and dolphins can hear. To a STG it probably sounds like biologicals or geologic rather than self-emitting “noise”. Either way some phuqing rider has boned you or failing that forcing the skipper to do this to the Akula trying to hide in your baffles: http://tinyurl.com/oqnr2wj

            We having fun yet?! (LOL)

    2. Having worked with various non-intelligence-related government agencies, I wonder if these are just bureaucratic carryovers:

      “What’s this line item for ‘$372,300 – Station Operation’ ”

      “I dunno…power bill, maybe. We just send it a bunch of random numbers to keep the equipment operating. Doesn’t mean anything.”

      “Okay….carry on.”

  5. Also “Baconian Cypher” is and interesting technique, you code 2 stories into one coded message, use one password to get one and the other password to get the other message.

    Also altering pixel values in photos is a good one, say a picture thats 1280x1024x16bit color, (= 1280x1024x2^16 = 1.310.720 x 2^16 = 85.899.345.920 possibilities per image) you could start at a random number and have an algorithm that points to the next pixel that contains part of the message, every pinpointed pixel could be altered slightly, i.e. one color number up or down, or even use the pixels surrounding it, combine that with yesterdays newspaper or an obscure book and send a message..

    Or use similar techniques on small video files, in the vid you could be talking about how great your aunts pancakes taste and at the same time send a secret message… That would create 1280x1024x2^16×24 possibilities per second at 24 frames…

  6. Concerning undetectable monitoring, not so. Read Peter Wright’s account of how he determined what frequencies listeners were tuned to back in the 50s. Certainly it depends on the type of receiver (superheterodyne, etc).

  7. 3141 5926 5358 9793 2384 6264 3383 2795 0288 4197 1693 9937 5105 8209 7494 4592
    3078 1640 6286 2089 9862 8034 8253 4211 7067 9821 4808 6513 2823 0664 7093 8446
    0955 0582 2317 2535 9408 1284 8111 7450 2841 0270 1938 5211 0555 9644 6229 4895
    4930 3819 6442 8810 9756 6593 3446 1284 7564 8233 7867 8316 5271 2019 0914 5648

  8. I didn’t think about it at the time, but I once operated a numbers station for a few hours, for an unspecified customer. They gave me pages of 5-letter code groups, I read them over a shortwave transmitter in phonetic alphabet. This was a long time ago.

    1. Yeah “unspecified customer” – I like that. Yes 5-character groupings. I keep seeing 4-character groupings here in this thread. That’s not S.O.P. I think its supposed to be 5 just like you say. I think if you listen to NS its always 5. Did you play those silly tunes before and after every transmission too? Whats that for to wake up the agent just in case they fell asleep waiting for the NS reading to start?

      I love hearing about those WW2 BBC readings of innocuous messages to no one. I guess that has evolved to CRAIGSLIST COMMUNITY section today. Craigslist has proven to be a uncontrolled morass of dangerous stuff these days. Here in Connecticut you could get whacked by some kid showing up at the Craigslist exchange site. Our local yokels (cops) setup Craigslist Safezones now…

      But I’m sure some people never leave home without it… ;-> (wink wink)

      1. No silly music on the transmitter I operated. The music on numbers stations couldn’t have been for any measure of authentication, since it would be child’s play to spoof that. But in those days, the music could have just been a really easy way to find the station. This was before consumer SW receivers had digital tuners, so it would be easy to catch while slewing through the band, and you couldn’t rely on the dial calibration being better than about +/- 50 kHz anyway. Maybe we were sending to a more sophisticated class of receivers.

        Definitely 5-letter codes, phonetic alphabet sent SSB over a frequency somewhere in the 7-30 MHz range (based on what equipment I had in front of me – no specific recollection of the frequency). No clue what the mission was – this was just an extra duty that day and I was glad for the change in routine. They brought me into a small room with a desk full of commercial Collins radio gear I’d never seen put to use before, but had been given some basic instruction on months before.

        They gave me some simple instructions and a page of hand-written code, and told me exactly what time to start reading. Nobody even said, “don’t tell anybody about this”. I think we may have been filling in for another transmitter somewhere else in the world that was down, since it was a one-time thing.

        I guessed at the time that it was a test to determine that our regular military traffic could be sent over an alternate communications mode, but we never identified ourselves nor the intended recipient, nor was there any response at all, which seemed a bit odd. Just the codes, just transmitting, nothing else. Pause of a couple minutes, then more as more pages were brought in – I was given one page at a time, maybe so that I couldn’t possibly transmit them out of order. That, or maybe somebody in another room was receiving them over some other band and mode and they were passing them to me as he finished them. We had a lot of radio equipment on site, but nothing else I knew about that covered the HF bands.

        I didn’t learn about numbers stations until years later.

        1. Cool!

          Some poor cold-warrior (spook) out in the cold behind the curtain or in east asia, looking at his luminox while smoking his expensive black sobranies, waiting for you to start your sequence. His turban-headed partner says “Hey get ready! He’s starting!” He fervently scribbles down the numbers while his partner decodes. Someone knocks at the door. He instinctively aims his p226 at the door… Comically (like Bill Murray) asks “Who is it?”… “You called for room service sir?”… “Whew… yes just leave it at the door!”… “Whew I’m glad they repeat these damn codes… let’s start over…”. “OK Hadji what does it say?”

          “UMMM… not sure what this means Mr. Bannon… But its from JOHNNY QUEST… he says to be sure to drink your ovaltine! What’s ovaltine?” Agent Race Bannon slaps his palm to his forehead. “PHUQ ME!!!” – 8-P

          —————————–
          OK I found a new kind of communications mode over SSB here on HaD that will blow your mind! I think it was from Brian again (I love his HaD posts- always intriguing as hell). It uses a form of PSK but is voice not text data. It has a 5 by 5 copy about 80-90% of the time that is superior to normal SSB but uses SSB as the medium. There was demonstrations by the inventor too. I forget the name of it – but if someone can find it on HaD please post it here. Maybe a great future medium for NS too.
          —————————–

          1. But don’t you see? This is where cheezburger coupon codes would be so much better for “filler” messages. No face-palm. Just never know when you turn on your radio whether you’re going to get an intriguing assignment, a “burn everything”, or just a tasty treat, but everybody’s a winner! No more #%!!*@ Ovaltine ads!

  9. There is also priyom.org which contains a vast array of information and plenty of recordings. Hop into the IRC channel too! #priyom on freenode, or use the client on the website.

  10. Years ago I knew a person whose car radio (factory installed, not aftermarket) had a glitch on the FM band where two of the digital tuner preset buttons could be set to two stations next to each other, for example 105.1 and 105.3, then if both pressed so the switches closed at exactly the same moment, the radio would tune to the even number between, 105.2.

    He was able to pick up a few pirate stations operating on those illegal frequencies.

  11. This is interested because there are ready-made digital shortwave modems out there you could just send encrypted ASCII over with strong ciphers or even queued A/V or even bind it to TCP/IP…

  12. The “Cuban Five” is a good example of how NOT to use numbers stations. The point of numbers stations is that all of the specialized technology is supposed to be on the transmitting end. By broadcasting the code in all directions, it is not possible to detect who the transmission is being sent to. This protects your field assets, who are vulnerable. But it only works if the recipients of the messages have nothing on them that can be identified as a key. By using a computer program to do the deciphering, the field assets were carrying evidence on their computers, and were compromised. Sure, it’s a lot easier to train a field agent to use a computer program than it is to teach them how to use a book code, but you lose the plausible deniability factor that is supposed to protect the field agent.

    By the way, one-time pads aren’t the best thing for field agents either, since they have to be in possession of the key! This is why book codes are safer, even though not as secure.

    I wouldn’t be the slightest bit surprised if spam was being used as a modern alternative to numbers stations, but again the problem is providing a method of decoding that doesn’t require the recipient to have a particular program installed on his computer, or a copy of a written key.

    Fun subject.

  13. Back during Cold War days, both West and East Germany ran numbers stations. You could tell who was who by the way they pronounced the number 5 (funf). The West German readers would say ‘funf’, while the East German readers always said ‘fen-nef’. Numbers station messages have been broken in the past, but usually only when the opposing spy agency got their hands on the one-time pad book before the agent could destroy it. They often were printed on very thin paper, such that a sheet could be eaten once used. If the messages that have been cracked are any indication, much of the traffic is pretty ininteresting stuff. ‘Wish our female comrades a happy International Women’s Day’, that sort of thing. Most of the spies who do get caught for reasons other than betrayal of some sort are found out because of mistakes or greed. Most of the methods mentioned are sound, but the devil is often in the details. For instance, if you’re going to carry a small shortwave set with you, make it one of the travel models with a wakeup alarm feature. And when you finish receiving your message, tune the radio to an AM or FM station local to wherever you are. One that follows a format or type of music you find enjoyable. That way, if the radio is discovered, very little will be questionable. Details.

    1. NATASHA FATALE: “Ver’ is moose and skvirel’ dahlink’?”
      BORIS BADENOV: “I dunno’ Natasha. Not my day to watch dem’… you passive-aggressive suka!”
      NATASHA: “Calm down you old Vodka soaked tiny tarakan!”
      BULLWINKLE: “Hey Rocky! Watch me pull a minox outta’ my hat!”
      ROCKY: “Whew! I thought you were gonna’ pull it outta’ somewhere else Bullwinkle!”
      BULLWINKLE: “Come on Rocky this is children programmin’ dont ya’ know?”
      ROCKY: “Now here’s something you’ll really like…”
      http://tinyurl.com/owat9rm

      :-D 8-> ;->

  14. There’s plenty of officially documented evidence that numbers stations are spy stations, broadcasting one-time pad encrypted messages (these days, most broadcasts however are digital tones). And yes, the pen-and-paper based one-time pad is mathematically unbreakable, both in theory and in practice, unless you make the mistake of trying to shortcut some of the pen-and-paper work by using computers (by definition, there’s no such thing as a secure computer, tables or smartphone). In such cases they often mistakenly refer to it as “breaking one-time pads”. In reality, these are simply implementation errors.

    Paper on how you can crew up a perfectly secure encryption, based on official FBI and court documents (pdf):

    http://users.telenet.be/d.rijmenants/papers/cuban_agent_communications.pdf

    About numbers stations and more documented cases;

    http://users.telenet.be/d.rijmenants/en/numbers.htm

    And here’s how they do it correctly:

    http://users.telenet.be/d.rijmenants/papers/one_time_pad.pdf

    Finally, all you wanna know about one-time pad, but were afraid to ask:

    http://users.telenet.be/d.rijmenants/en/onetimepad.htm

  15. There’s plenty of officially documented evidence that numbers stations are spy stations, broadcasting one-time pad encrypted messages (these days, most are digital tone broadcasts). And yes, the pen-and-paper based one-time pad is mathematically unbreakable, both in theory and in practice, unless you make the mistake of trying to shortcut some of the pen-and-paper work by using computers (by definition totally insecure). In such case, they often mistakenly refer to it as ébreaking one-time padsé. In reality, these are simply implementation errors.

    About how you can crew up a perfectly secure encryption, based of FBI and court documents (pdf):

    http://users.telenet.be/d.rijmenants/papers/cuban_agent_communications.pdf

    About numbers stations and documented cases;

    http://users.telenet.be/d.rijmenants/en/numbers.htm

    Here’s how it is done the right way:

    http://users.telenet.be/d.rijmenants/papers/one_time_pad.pdf

    And all you wanna know about one-time pad, but were afraid to ask:

    http://users.telenet.be/d.rijmenants/en/onetimepad.htm

  16. Well a new trick instead of Number Stations is too create a webmail account like Gmail or hotmail and only You and HQ know the password, you draft an email a coded message and DO NOT send it but save it as a draft, you the spy later on log into that webmail and read/copy the coded draft message and delete it. message was never sent and can’t be traced, yes logins can but with millions of webmail accounts it would be difficult to track them all.

    1. However, all of the data traffic you generate from clicking save or send can be tracked by Echelon (or is it called PRISM today?) If your a POI they can call your CPU from the Mykotronx chip embedded in or next to your Intel CPU chip. It can be called from your router which “they” interdicted via FedEx, UPS, or USPS after you ordered it from New Egg or something (i.e. Flaps and Seals Operation). They embed NSA BEACON in the router’s firmware. Then they can just watch you type in real time. Or they can point a TEMPEST unit at your vacant house from next door or from that semi or step-van sitting in the parking lot across the street.

      The US field agent today uses a common sundry looking PDA with the latest and greatest secure communication technology in it.Foreign powers can tear it apart literally and find NOTHING unusual. But secret squirrel can call home whenever s/he wants to in complete secrecy. POTUS Obama has one but not the same one spooks have but very similar. He uses a General Dynamics Sectera Edge. Secret squirrels use http://watchdogwire.wpengine.netdna-cdn.com/florida/files/2013/04/redacted-600×286.jpg.

      8-P

      SOTB

      1. A person of interest can always be surrounded and monitored… Tactics like the one described are employed to avoid becoming a person of interest… No radio set, one-time pad books, nothing a conventional search would turn up to implicate the person as a spy?

        The point of a ‘blind drop’ like this is to isolate a compromised agent (they have no idea who the sender/recipient is, can’t ‘give them up’ if caught).

        >

        1. Ken – I really liked the fancy tiny laser pointer thingy Mark Wahlberg used in BOURNE series. It had the Swiss bank account number and it could project on a wall. I think it was embedded under his skin. I saw that and said DAMN I would have never thought of that in a million years! That was creative on someone’s part and very DO-ABLE! What if that was the the private-key to a NS received cipher? Digging i out is fun too (ouch!!!) 8-)

    2. This strikes me as a planted-in-Hollywood idea – it sounds plausible enough, and some people will be dumb enough to think they’ve got a secure comm link using a fundamentally non-secure trick like this. It’s kind of like the notion that Hollywood propagated, that a law enforcement agent can’t lie to you if you ask, “are you a cop?”. Knock yourself out. Me? I’ll keep things I want to stay confidential OFF the Internet and the phone network.

      1. BrightBlueJim – So true. And UBL and his boys knew/know this so what “chatter” are they listening to? Can’t be them as they know better now. That’s why I think the target is someone else like maybe multinational corporations and politicians. I mean they ARE still listening to Angela Merkel even though she and her spooks complained about it. I wonder why.

        When prostitutes ask John Law “Are you a cop?” they are using a tricky legal loop-hole. Spooks are under no aegis of any law other than obeying their handler and the executives above him/her all the way up to POTUS. However, you are right about “Hollywood” “burner phones” and smashing a cellie with your foot. Or re-routing calls through hub cities or avoiding a line traces – ALL SILLY HOLLYWOOD FICTION! With ANI they already KNOW your phone number BEFORE anyone picks up. And AT&T Verizon et al give them carte blance access to CN&A. You have to totally destroy a cell phone like in a fire or acid bath. And burner phones are not a secure comm device as they can find you within seconds. Taking the SIM card out is doing what??? What if it doesn’t have a SIM card?

        But that HaD project called AirChat has promise. Its a digipeater over a pirate radio. Also that remote wifi device Brian was talking about – cant remember the name of it. I know DoD IT (and DARPA) is all in a twitter over stuff like that and are asking their cadre of defense contractors to come up with a solution. Also Wi-Fi VOIP over Skype USED to be a major issue when it was still run out of Estonia and Luxembourg but not any more since Microsoft (i.e. NSA) took it over. Talin Estonia boys want Skype back but Bill Gates says no way – MINE!

        Google (with help from inQtel) is mapping out all wi-fi hotspots with the Google Street View cars. They want a huge geo-based map of wi-fi hotspots with GPS coordinates. Imagine what they could leverage with that data.

        1. My favorite Hollywood fictions are the ultimate traceability of ‘burner phones’ and ‘magical chips’ that can not only divine an accurate location via GPS with no discernible antenna but can also TRANSMIT their long/Lat coordinates back up to a satellite, again with no discernible antenna or even power source.

          I think that fiction fed the RFID fear craze a few years ago, where people thought RFID-enabled devices were continuously ‘sending’ location information back to some unknown data center.

          >

          1. @Ken – So true. Some anti-RFID’ers think those things can reach satellites in space. When in fact they can only reach a few inches to a radio integrator unit. However, somebody in the MILINDCMPLX recently invented RFID “thread”. It is said to have a little more range than normal and can be used for tracking. It could be sewn into your coat lining. Have you ever gone to “their” job posting website (??? .gov) and found leather workers and tailor job openings? True story… go look… Here’s a likely entrance exam YouTube video: http://tinyurl.com/qzwrgld

          2. I worked with rfid – it isn’t magical. To be read, the tag needs to be within range of a reader, which typically has a useful range measured in inches, not feet. Can a tag be read from 5′ away? Possibly, but it takes a huge amount of power to do so. I have been discussing ‘passive’ rfid tags – active tags, tags with their own internal power source (as found on shipping pallets, heavy equipment and shipping containers) can have tremendous range, but they either work like wifi or cellular radios – not satellite radios.

            >

          3. Burner phones – ANY cell phone – can be located. Not by using GPS, but by using e911. Since around 2004, all cell phones sold in the U.S. have been required to have “enhanced” 911 location capability. This generally doesn’t use GPS; it uses interpolation between relative signal levels from two or three of the nearest cell towers.

            Furthermore, most cell phones don’t do this by default, but all can with modified firmware: even if you have the phone turned off, it can periodically “wake up” and report its location. It’s simple, since no cell phone made in the last couple of decades has an actual power switch. Power is turned on and off by the microcontroller, which is ALWAYS on.

            As for “magical chips” with “no discernible antenna or power source”, RFID key cards have been around for thirty years. These use a coil of wire wrapped around a very thin coin cell, both connected to a small, flat microchip. They don’t LOOK like they have a power source or antenna, but there they have both. And technology has advanced a little since then. Now we are surrounded by WiFi networks that can be accessed using very little energy, so something no larger than an Altoids mint can “phone home” at will. Where are you right now? Look at the list of WiFi hotspots on your phone. See “xfinitywifi” on the list? Then any Comcast customer account has a connection. Other providers have similar services.

            Bottom line is, this much is NOT a Hollywood fiction: they may not know who you are, but if you have a cell phone on your person, they can track you. If you leave your coat unattended for a minute, you can be tracked. If you ever park your car in a public place, you can be tracked. Easily.

          4. I apologize, I didn’t finish my thought on ‘traceability of phones’ – I did not mean the signals they emit (obviously easily traced/located), I was thinking about how the police call the Mfg. and find out where that model is sold locally, contact the stores, then determine who bought it based on credit card the phone was purchased with…

            Small, stuck inside a box of pills, RFID tags do not have power sources – they have circuits that absorb RF energy, convert it to usable electricity, and emit their pre-coded sequence. Absent a reader, RFID tags do not emit signals.

            >

          5. I’m not talking about RFID. I’m saying that’s 30-year-old technology. I’m talking about chips with built-in WiFi, which can use really small antennas and really small batteries.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s