espionage

13 Articles

It’s Numbers All The Way Down With This Tape Measure Number Station Antenna

September 6, 2023 by 12 Comments

For all their talk of cooperation and shared interests, the nations of the world put an awful lot of effort into spying on each other. All this espionage is an open secret, of course, but some of their activities are so mysterious that no one will confirm or deny that they’re doing it. We’re talking about numbers stations, the super secret shortwave radio stations that broadcast seemingly random strings of numbers for the purpose of… well, your guess is as good as ours.

If you want to try to figure out what’s going on for yourself, all you need is a pair of tape measures and a software defined radio (SDR), as [Tom Farnell] demonstrates. Tape measure antennas have a long and proud history in amateur radio and shortwave listening, being a long strip of conductive material rolled up in a convenient package. In this case, [Tom] wanted to receive some well-known numbers stations in the 20- to 30-meter band, and decided that a single 15-meter conductor would do the job. Unlike other tape measure antennas we’ve seen, [Tom] just harvested the blades from two 7.5-meter tape measures, connected them end-to-end, and threw the whole thing out the window in sort of a “sloper” configuration. The other end is connected to an RTL-SDR dongle and a smartphone running what appears to be SDRTouch, which lets him tune directly into the numbers stations.

Copying the transmissions is pretty simple, since they transmit either in voice or Morse; the latter can be automatically decoded on a laptop with suitable software. As for what the long strings of numbers mean, that’ll remain a mystery. If they mean anything at all; we like to think this whole thing is an elaborate plan to get other countries to waste time and resources intercepting truly random numbers that encode nothing meaningful. It would serve them right.

Continue reading “It’s Numbers All The Way Down With This Tape Measure Number Station Antenna”

Circumvent Facial Recognition With Yarn

April 16, 2023 by 38 Comments

Knitwear can protect you from a winter chill, but what if it could keep you safe from the prying eyes of Big Brother as well? [Ottilia Westerlund] decided to put her knitting skills to the test for this anti-surveillance sweater.

[Westerlund] explains that “yarn is a programable material” containing FOR loops and other similar programming concepts transmitted as knitting patterns. In the video (after the break) she also explores the history of knitting in espionage using steganography embedded in socks and other knitwear to pass intelligence in unobtrusive ways. This lead to the restriction of shipping handmade knit goods in WWII by the UK government.

Back in the modern day, [Westerlund] took the Hyperface pattern developed by the Adam Harvey and turned it into a knitting pattern. Designed to circumvent detection by Viola-Jones based facial detection systems, the pattern presents a computer vision system with a number of “faces” to distract it from covered human faces in an image. While the knitted jumper (sweater for us Americans) can confuse certain face detection systems, [Westerlund] crushes our hope of a fuzzy revolution by saying that it is unsuccessful against the increasingly prevalent neural network-based facial detection systems creeping on our day-to-day activities.

The knitting pattern is available if you want to try your hands at it, but [Westerlund] warns it’s a bit of a pain to actually implement. If you want to try knitting and tech mashup, check out this knitting clock or this software to turn 3D models into knitting patterns.

Continue reading “Circumvent Facial Recognition With Yarn”

Recreating One Of History’s Best Known Spy Gadgets

March 25, 2023 by 21 Comments

[Machining and Microwaves] got an interesting request. The BBC asked him to duplicate the Great Seal Bug — the device the Russians used to listen covertly to the US ambassador for seven years in 1945. Turns out they’re filming a documentary on the legendary surveillance device and wanted to demonstrate how it worked.

The strange thing about the bug is that it wasn’t directly powered. It was actually a resonant cavity that only worked when it was irradiated with an external RF energy. Most of the video is background about the bug, with quite a few details revealed. We particularly liked the story of using a software defined radio (SDR) to actually make the bug work.

As you might expect, things didn’t go smoothly. Did they ever get results on camera? Watch the video, and you can find out. This is just the first of six videos he plans to make on the topic, and we can’t wait for future videos that cover the machining and more technical details.

We’ve examined the Theremin bug before. There’s a definite cat-and-mouse dynamic between creating bugging devices and detecting them.

Continue reading “Recreating One Of History’s Best Known Spy Gadgets”

Number Stations Gone Wild

November 17, 2022 by 18 Comments

[Ringway Manchester] has an interest in numbers stations. These mysterious stations send presumably coded numbers or other coded information. However, it is rare that anyone claims credit for these stations. Normally they operate with military-like precision, adhering to strict operating schedules and sending out their messages error-free. [Ringway] looks at five times when things didn’t go as planned for these spy stations.

Perhaps it isn’t surprising, however, as machines have likely replaced human operators. That makes them prone to errors when the computers go awry. Many of the errors are ones of frequency, where two number stations wind up transmitting at once. We suppose spies all use the same few frequencies. Some, however, also had computers go haywire and start going through the alphabet which, of course, could have been part of some secret message protocol, but appeared more likely to be a simple mistake.

We were amused, though, to hear the story of a Czech spy station that not only had a licensed call sign but would send QSL cards to people who reported reception. Perhaps they didn’t get the memo about secrecy!

We’ve listened to a few number stations in our time. If you don’t have a suitable antenna, you can always try hunting them online. But don’t expect to catch them making any mistakes.

Continue reading “Number Stations Gone Wild”

Hackaday Links Column Banner

Hackaday Links: September 19, 2021

September 19, 2021 by 12 Comments

Things might be getting a bit dicey out in Jezero crater for Ingenuity. The little helicopter that could is starting to have trouble dealing with the thinning Martian atmosphere, and may start pressing against its margin of safety for continued operation. Ingenuity was designed for five flights that would all take place around the time its mothership Perseverance touched down on Mars back in February, at which time the mean atmospheric pressure was at a seasonal high. Over the last few months, the density of the Martian atmosphere has decreased a wee bit, but when you’re starting with a plan for a pressure that’s only 1.4% of Earth’s soupy atmosphere, every little bit counts. The solution to keeping Ingenuity flying is simple: run the rotors faster. NASA has run a test on that, spinning the rotors up to 2,800 RPM, and Ingenuity handled the extra stresses and power draw well. A 14th flight is planned to see how well the rotors bite into the rarefied air, but Ingenuity’s days as a scout for Perseverance could be numbered.

If you thought privacy concerns and government backdoors into encryption technology were 21st-century problems, think again. IEEE Spectrum has a story about “The Scandalous History of the Last Rotor Cipher Machine,” and it’s a great read — almost like a Tom Clancy novel. The story will appeal to crypto — not cryptocurrency — fans, especially those fascinated by Enigma machines, because it revolves around a Swiss rotor cipher machine called the HX-63, which was essentially a refinement of the original Enigma technology. With the equivalent of 2,000-bit encryption, it was considered unbreakable, and it was offered for sale to any and all — at least until the US National Security Agency sprung into action to persuade the inventor, Boris Hagelin, to shelve the HX-63 project in favor of electronic encryption. The NSA naturally helped Hagelin design this next generation of crypto machines, which of course all had backdoors built into them. While the cloak and dagger aspects of the story — including a possible assassination of Boris Hagelin’s son in 1970, when it became clear he wouldn’t “play ball” as his father had — are intriguing, the peek inside the HX-63, with its Swiss engineering, is the real treat.

One of the great things about the internet is how easy it is to quickly answer completely meaningless questions. For me, that usually involves looking up the lyrics of a song I just heard and finding out that, no, Robert Plant didn’t sing “Whoopie Cat” during Misty Mountain Hop. But it also let me answer a simple question the other day: what’s the largest single-piece metal object ever created? I figured it would have to be a casting of some sort, and likely something from the middle of the previous century. But as it turns out, the largest casting ever appears to have been manufactured in Sheffield, England in 2015. The company, Sheffield Forgemaster International, produced eleven castings for the offshore oil industry, each weighing in at over 320 tonnes. The scale of each piece is mind-boggling, and the technology that went into making them would be really interesting to learn about. And it goes without saying that my search was far from exhaustive; if you know of a single-piece metal part larger than 320 tonnes, I’ll be glad to stand corrected.

Have you heard about “teledriving” yet? On the face of it, a remote-controlled car where a qualified driver sits in an office somewhere watching video feeds from the car makes little sense. But as you dig into the details, the idea of remotely piloted cars starts to look like one of those “Why didn’t I think of that?” ideas. The company behind this is called Vay, and the idea is to remotely drive a ride-share vehicle to its next customer. Basically, when you hail a ride, a remote driver connects to an available car and drives it to your location. You get in and take over the controls to drive to your destination. When you arrive, another remote drive pilots the car to its next pickup. There are obvious problems to work out, but the idea is really the tacit admission that all things considered, humans are way better at driving than machines are, at least right now.

Eavesdropping By LED

August 25, 2021 by 23 Comments

If you ever get the feeling someone is watching you, maybe they are listening, too. At least they might be listening to what’s coming over your computer speakers thanks to a new attack called “glow worm.” In this novel attack, careful observations of a power LED on a speaker allowed an attacker to reproduce the sound playing thanks to virtually imperceptible fluctuations in the LED brightness, most likely due to the speaker’s power line sagging and recovering.

You might think that if you could see the LED, you could just hear the output of the speaker, but a telescope through a window 100 feet away appears to be sufficient. You can imagine that from a distance across a noisy office you might be able to pull the same trick. We don’t know — but we suspect — even if headphones were plugged into the speakers, the LED would still modulate the audio. Any device supplying power to the speakers is a potential source of a leak.

Continue reading “Eavesdropping By LED”

Hackaday Links Column Banner

Hackaday Links: July 4, 2021

July 4, 2021 by 9 Comments

With rescue and recovery efforts at the horrific condo collapse in Florida this week still underway, we noted with interest some of the technology being employed on the site. Chief among these was a contribution of the Israeli Defense Force (IDF), whose secretive Unit 9900 unveiled a 3D imaging system to help locate victims trapped in the rubble. The pictures look very much like the 3D “extrusions” that show up on Google Maps when you zoom into a satellite view and change the angle, but they were obviously built up from very recent aerial or satellite photos that show the damage to the building. The idea is to map where parts of the building — and unfortunately, the building’s occupants — ended up in the rubble pile, allowing responders to concentrate their efforts on the areas most likely to hold victims. The technology, which was developed for precision targeting of military targets, has apparently already located several voids in the debris that weren’t obvious to rescue teams. Here’s hoping that the system pays off, and that we get to learn a little about how it works.

Radio enthusiasts, take note: your hobby may just run you afoul of authorities if you’re not careful. That seems to be the case for one Stanislav Stetsenko, a resident of Crimea who was arrested on suspicion of treason this week. Video of the arrest was posted which shows the equipment Stetsenko allegedly used to track Russian military aircraft on behalf of Ukraine: several SDR dongles, a very dusty laptop running Airspy SDR#, an ICOM IC-R6 portable communications receiver, and various maps and charts. In short, it pretty much looks like what I can see on my own desk right now. We know little of the politics around this, but it does give one pause to consider how non-technical people view those with technical hobbies.

If you could choose a superpower to suddenly have, it really would take some careful consideration. Sure, it would be handy to shoot spider webs or burst into flames, but the whole idea of some kind of goo shooting out of your wrists seems gross, and what a nuisance to have to keep buying new clothes after every burn. Maybe just teaching yourself a new sense, like echolocation, would be a better place to start. And as it turns out, it’s not only possible for humans to echolocate, but it’s actually not that hard to learn. Researchers used a group of blind and sighted people for the test, ranging in age from 21 to 79 years, and put them through a 10-week training program to learn click-based echolocation. After getting the basics of making the clicks and listening for the returns in an anechoic chamber, participants ran through a series of tasks, like size and orientation discrimination of objects, and virtual navigation. The newly minted echolocators were also allowed out into the real world to test their skills. Three months after the study, the blind participants had mostly retained their new skill, and most of them were still using it and reported that it had improved their quality of life.

As with everything else he’s involved with, Elon Musk has drawn a lot of criticism for his Starlink satellite-based internet service. The growing constellation of satellites bothers astronomers, terrestrial ISPs are worried the service will kill their business model, and the beta version of the Starlink dish has been shown to be flakey in the summer heat. But it’s on equipment cost where Musk has taken the most flak, which seems unfair as the teardowns we’ve seen clearly show that the phased-array antenna in the Starlink dish is being sold for less than it costs to build. But still, Musk is assuring the world that Starlink home terminals will get down in the $250 to $300 range soon, and that the system could have 500,000 users within a year. There were a couple of other interesting insights, such as where Musk sees Starlink relative to 5G, and how he’s positioning Starlink to provide backhaul services to cellular companies.

Well, this is embarrassing. Last week, we mentioned that certain unlucky users of an obsolete but still popular NAS device found that their data had disappeared, apparently due to malefactors accessing the device over the internet and forcing a factory reset. Since this seems like something that should require entering a password, someone took a look at the PHP script for the factory restore function and found that a developer had commented out the very lines that would have performed the authentication:

    function get($urlPath, $queryParams=null, $ouputFormat='xml'){
//        if(!authenticateAsOwner($queryParams))
//        {
//            header("HTTP/1.0 401 Unauthorized");
//            return;
//        }

It’s not clear when the PHP script was updated, but support for MyBook Live was dropped in 2015, so this could have been a really old change. Still, it was all the hacker needed to get in and wreak havoc; interestingly, the latest attack may be a reaction to a three-year-old exploit that turned many of these devices into a botnet. Could this be a case of hacker vs. hacker?