The mid-1980s were a time of drastic change. In the United States, the Reagan era was winding down, the Cold War was heating up, and the IBM PC was the newest of newnesses. The comparatively few wires stitching together the larger university research centers around the world pulsed with a new heartbeat — the Internet Protocol (IP) — and while the World Wide Web was still a decade or so away, The Internet was a real place for a growing number of computer-savvy explorers and adventurers, ready to set sail on the virtual sea to explore and exploit this new frontier.
In 1986, having recently lost his research grant, astronomer Clifford Stoll was made a computer system admin with the wave of a hand by the management of Lawrence Berkeley Laboratory’s physics department. Commanded to go forth and administer, Stoll dove into what appeared to be a simple task for his first day on the job: investigating a 75-cent error in the computer account time charges. Little did he know that this six-bit overcharge would take over his life for the next six months and have this self-proclaimed Berkeley hippie rubbing shoulders with the FBI, the CIA, the NSA, and the German Bundeskriminalamt, all in pursuit of the source: a nest of black-hat hackers and a tangled web of international espionage.
Ever hear of the Soviet Luna program? In the west, it was often called Lunik, if you heard about it at all. Luna was a series of unmanned moon probes launched between 1959 and 1976. There were at least 24 of them, and 15 were successful. Most of the failures were not reported or named. Luna craft have a number of firsts, but the one we are interested in is that it may have been the first space vehicle to be stolen — at least temporarily — in a cold war caper worthy of a James Bond novel.
Luna-1 Payload
Around 1960, the Soviet Union toured several countries with exhibits of their industrial and technological accomplishments. One of the items on display was the upper stage of a Luna vehicle with windows cut out to show the payload inside. At first, the CIA suspected the vehicle was just a model. But they wanted to be sure.
The story is laid out in a CIA document from 1967 that was only declassified in 1994. Even then, the document has a lot of redactions in it. The paper is sparse on how they managed it, but when the exhibit closed — somehow — a group of intelligence operatives wound up inside the exhibition hall alone for 24 hours.
What they found was surprising. While the engine and most of the avionics were gone, the vehicle was the real article. They took measurements and photos, hoping that analysis would reveal more about the vehicle’s performance characteristics.
Here’s where you start getting into the redacted material. The team was able to get something from the probe — probably machine tooling marks — but there wasn’t enough detail to identify where and how they were made. They decided to get a team specializing in this kind of analysis to examine it more closely.
Sometimes when researching one Hackaday story we as writers stumble upon the one train of thought that leads to another. So it was with a recent look at an unmanned weather station buoy from the 1960s, which took us on a link to a much earlier automated weather station.
The restored Kurt in the Canadian National War Museum.
Weather Station Kurt was the only successful installation among a bold attempt by the German military during the Second World War to gain automated real-time meteorological data from the Western side of the Atlantic. Behind that simple sentence hides an extremely impressive technical and military achievement for its day. This was the only land-based armed incursion onto the North American continent by the German military during the entire war. Surrounded as it was though by secrecy, and taking place without conflict in an extremely remote part of Northern Labrador, it passed unnoticed by the Canadian authorities and was soon forgotten as an unimportant footnote in the wider conflagration.
Kurt took the form of a series of canisters containing a large quantity of nickel-cadmium batteries, meteorological instruments, a telemetry system, and a 150W high frequency transmitter. In addition there was a mast carrying wind speed and direction instruments, and the transmitting antenna. In use it was to have provided vital advance warning of weather fronts from the Western Atlantic as they proceeded towards the European theatre of war, the establishment of a manned station on enemy territory being too hazardous.
A small number of these automated weather stations were constructed by Siemens in 1943, and it was one of them which was dispatched in the U-boat U537 for installation on the remote Atlantic coast of what is now part of modern-day Canada. In late October 1943 they succeeded in that task after a hazardous trans-Atlantic voyage, leaving the station bearing the markings of the non-existent “Canadian Meteor Service” in an attempt to deceive anybody who might chance upon it. In the event it was not until 1977 that it was spotted by a geologist, and in 1981 it was retrieved and taken to the Canadian War Museum.
There is frustratingly little information to be found on the exact workings on the telemetry system, save that it made a transmission every few hours on 3940kHz. A Google Books result mentions that the transmission was encoded in Morse code using the enigmatic Graw’s Diaphragm, a “sophisticated contact drum” named after a Dr. [Graw], from Berlin. It’s a forgotten piece of technology that defies our Google-fu in 2017, but it must in effect have been something of a mechanical analogue-to-digital converter.
Should you happen to be visiting the Canadian capital, you can see Kurt on display in the Canadian War Museum. It appears to have been extensively restored from the rusty state it appears in the photograph taken during its retrieval, it would be interesting to know whether anything remains of the Graw’s Diaphragm. Do any readers know how this part of the station worked? Please let us know in the comments.
Weather station Kurt retrieval image, Canadian National Archives. (Public domain).
Weather station Kurt in museum image, SimonP (Public domain).
Encryption is one of the pillars of modern-day communications. You have devices that use encryption all the time, even if you are not aware of it. There are so many applications and systems using it that it’s hard to begin enumerating them. Ranging from satellite television to your mobile phone, from smart power meters to your car keys, from your wireless router to your browser, and from your Visa to your Bitcoins — the list is endless.
One of the great breakthroughs in the history of encryption was the invention of public key cryptography or asymmetrical cryptography in the 70’s. For centuries traditional cryptography methods were used, where some secret key or scheme had to be agreed and shared between the sender and the receiver of an encrypted message.
Asymmetric cryptography changed that. Today you can send an encrypted message to anyone. This is accomplished by the use of a pair of keys: one public key and one private key. The key properties are such that when something is encrypted with the public key, only the private key can decrypt it and vice-versa. In practice, this is usually implemented based on mathematical problems that admit no efficient solution like certain integer factorization, discrete logarithm and elliptic curve relationships.
But the game changer is that the public key doesn’t have to be kept secret. This allows cryptography to be used for authentication — proving who someone is — as well as for encryption, without requiring you to have previously exchanged secrets. In this article, I’ll get into the details of how to set yourself up so that anyone in the world is able to send you an e-mail that only you can read. Continue reading “Practical Public Key Cryptography”→
We recently ran a post about a cute little 3D printed elephant that could dispense booze. The design didn’t actually have the plastic touching the liquid — there was a silicone tube carrying the shots. However, it did spark a conversation at the secret Hackaday bunker about how safe it is to use 3D printed objects for food. In particular, when I say 3D printing, I’m talking fused deposition modeling. Yes, there are other technologies, but most of us are printing using filament laid out in layers with a hot nozzle.
There’s a common idea that ABS is bad in general, but that PET and PLA are no problem because there are food-safe versions of those plastics available. However, the plastic is only a small part of the total food safety picture. Let me be clear: I am not a medical professional and although my computers have run a few plastics plants in years past, I am not really an expert on polymer chemistry, either. However, I don’t use 3D printed materials to hold or handle food and while you might not drop dead if you do, you might want to reconsider.
People talk about active and passive components like they are two distinct classes of electronic parts. When sourcing components on a BOM, you have the passives, which are the little things that are cheaper than a dime a dozen, and then the rest that make up the bulk of the cost. Diodes and transistors definitely fall into the cheap little things category, but aren’t necessarily passive components, so what IS the difference?
Passwords are in a pretty broken state of implementation for authentication. People pick horrible passwords and use the same password all over the place, firms fail to store them correctly and then their databases get leaked, and if anyone’s looking over your shoulder as you type it in (literally or metaphorically), you’re hosed. We’re told that two-factor authentication (2FA) is here to the rescue.
Well maybe. 2FA that actually implements a second factor is fantastic, but Google Authenticator, Facebook Code Generator, and any of the other app-based “second factors” are really just a second password. And worse, that second password cannot be stored hashed in the server’s database, which means that when the database is eventually compromised, your “second factor” blows away with the breeze.
Second factor apps can improve your overall security if you’re already following good password practices. We’ll demonstrate why and how below, but the punchline is that the most popular 2FA app implementations protect you against eavesdropping by creating a different, unpredictable, but verifiable, password every 30 seconds. This means that if someone overhears your login right now, they wouldn’t be able to use the same login info later on. What 2FA apps don’t protect you against, however, are database leaks.
