espionage

14 Articles

Hackaday Links Column Banner

Hackaday Links: July 4, 2021

July 4, 2021 by 9 Comments

With rescue and recovery efforts at the horrific condo collapse in Florida this week still underway, we noted with interest some of the technology being employed on the site. Chief among these was a contribution of the Israeli Defense Force (IDF), whose secretive Unit 9900 unveiled a 3D imaging system to help locate victims trapped in the rubble. The pictures look very much like the 3D “extrusions” that show up on Google Maps when you zoom into a satellite view and change the angle, but they were obviously built up from very recent aerial or satellite photos that show the damage to the building. The idea is to map where parts of the building — and unfortunately, the building’s occupants — ended up in the rubble pile, allowing responders to concentrate their efforts on the areas most likely to hold victims. The technology, which was developed for precision targeting of military targets, has apparently already located several voids in the debris that weren’t obvious to rescue teams. Here’s hoping that the system pays off, and that we get to learn a little about how it works.

Radio enthusiasts, take note: your hobby may just run you afoul of authorities if you’re not careful. That seems to be the case for one Stanislav Stetsenko, a resident of Crimea who was arrested on suspicion of treason this week. Video of the arrest was posted which shows the equipment Stetsenko allegedly used to track Russian military aircraft on behalf of Ukraine: several SDR dongles, a very dusty laptop running Airspy SDR#, an ICOM IC-R6 portable communications receiver, and various maps and charts. In short, it pretty much looks like what I can see on my own desk right now. We know little of the politics around this, but it does give one pause to consider how non-technical people view those with technical hobbies.

If you could choose a superpower to suddenly have, it really would take some careful consideration. Sure, it would be handy to shoot spider webs or burst into flames, but the whole idea of some kind of goo shooting out of your wrists seems gross, and what a nuisance to have to keep buying new clothes after every burn. Maybe just teaching yourself a new sense, like echolocation, would be a better place to start. And as it turns out, it’s not only possible for humans to echolocate, but it’s actually not that hard to learn. Researchers used a group of blind and sighted people for the test, ranging in age from 21 to 79 years, and put them through a 10-week training program to learn click-based echolocation. After getting the basics of making the clicks and listening for the returns in an anechoic chamber, participants ran through a series of tasks, like size and orientation discrimination of objects, and virtual navigation. The newly minted echolocators were also allowed out into the real world to test their skills. Three months after the study, the blind participants had mostly retained their new skill, and most of them were still using it and reported that it had improved their quality of life.

As with everything else he’s involved with, Elon Musk has drawn a lot of criticism for his Starlink satellite-based internet service. The growing constellation of satellites bothers astronomers, terrestrial ISPs are worried the service will kill their business model, and the beta version of the Starlink dish has been shown to be flakey in the summer heat. But it’s on equipment cost where Musk has taken the most flak, which seems unfair as the teardowns we’ve seen clearly show that the phased-array antenna in the Starlink dish is being sold for less than it costs to build. But still, Musk is assuring the world that Starlink home terminals will get down in the $250 to $300 range soon, and that the system could have 500,000 users within a year. There were a couple of other interesting insights, such as where Musk sees Starlink relative to 5G, and how he’s positioning Starlink to provide backhaul services to cellular companies.

Well, this is embarrassing. Last week, we mentioned that certain unlucky users of an obsolete but still popular NAS device found that their data had disappeared, apparently due to malefactors accessing the device over the internet and forcing a factory reset. Since this seems like something that should require entering a password, someone took a look at the PHP script for the factory restore function and found that a developer had commented out the very lines that would have performed the authentication:

    function get($urlPath, $queryParams=null, $ouputFormat='xml'){
//        if(!authenticateAsOwner($queryParams))
//        {
//            header("HTTP/1.0 401 Unauthorized");
//            return;
//        }

It’s not clear when the PHP script was updated, but support for MyBook Live was dropped in 2015, so this could have been a really old change. Still, it was all the hacker needed to get in and wreak havoc; interestingly, the latest attack may be a reaction to a three-year-old exploit that turned many of these devices into a botnet. Could this be a case of hacker vs. hacker?

Spy Tech: CIA Masks In Five Minutes Or Less

May 18, 2021 by 23 Comments

You know the old trope: James Bond is killed but it turns out to be someone else in an incredibly good-looking Sean Connery mask. Mission: Impossible and Scooby Doo regularly had some variation of the theme. But, apparently, truth is stranger than fiction. The CIA has — or at least had — a chief of disguise. A former holder of that office now works for the International Spy Museum and has some very interesting stories about the real masks CIA operatives would use in the field.

According to the video you can see below, the agency enlisted the help of Hollywood — particularly the mask maker from Planet of the Apes — to help them with this project. Of course, in the movies, you can take hours to apply a mask and control how it is lit, how closely the camera examines it, and if something goes wrong you just redo the scene. If you are buying secret plans and your nose falls off, it would probably be hard to explain.

Continue reading “Spy Tech: CIA Masks In Five Minutes Or Less”

France Questions Russian Satellite With “Big Ears”

September 13, 2018 by 34 Comments

French Defense Minister Florence Parly took a page out of Little Red Riding Hood when she recently called out a Russian satellite for having “big ears”. While she stopped short of giving any concrete details, it was a rare and not terribly veiled accusation that Russia is using their Luch-Olymp spacecraft to perform orbital espionage.

Luch satellite conceptual drawing from NASA

At a speech in Toulouse, Parly was quoted as saying: “It got close. A bit too close. So close that one really could believe that it was trying to capture our communications.” and “this little Stars Wars didn’t happen a long time ago in a galaxy far away. It happened a year ago, 36,000 kilometers above our heads.”

The target of this potential act of space piracy is the Athena-Fidus satellite, a joint venture between France and Italy to provide secure communication for the military and emergency services of both countries. Launched in 2014, it provides 3 Gbit/s throughput via the Ka-band for mobile receivers on the ground and in drones.

This isn’t the first time Russia’s Luch class of vehicles has been the subject of scrutiny. In 2015 it was reported that one such craft maneuvered to within 10 kilometers of the Intelsat 7 and Intelsat 901 geostationary communications satellites, prompting classified meetings at the United States Defense Department. As geostationary satellites orbit the Earth at 3.07 km/s, a 10 km approach is exceptionally dangerous. Even a slight miscalculation could cause an impact within seconds.

Could Stealth Satellites Be In Our Future?

Much to the chagrin of shadowy spy agencies everywhere, this sort of orbital cat and mouse is easily detectable from the ground. When spy planes became easy to detect using radar, the next step was to evade that detection. Are we on a path to satellites that are transparent to radar?

Gregory Charvat, author of Small and Short-Range Radar Systems and occasional contributor here at Hackaday, tells us that building a stealth satellite is no easy task. “Just like how we had to re-invent the aircraft to make the first stealth aircraft, to make a stealth satellite one would have to fundamentally re-invent the satellite as we know it today.”

Likening it to the immense cost and effort it took to develop stealth aircraft like the Lockheed F-117 Nighthawk, Gregory says developing a satellite which could hide from radar would likely be more trouble than it’s worth for most applications. Space is already hard enough. “Maintaining that special shape that reflects radar away from your aircraft and including all of these essential peripherals is a big challenge” Gregory says, which results in “compromise and high maintenance costs.”

Beyond attempting to eavesdrop on communications, military insiders say that these close passes by Luch satellites could also be “dry-runs” for anti-satellite operations; either by using a directed energy weapon to disable the target spacecraft, or simply running into it. With events like these, and the commitment by the United States to establish a Space Force in the coming years, efforts to militarize space seem to be on the rise.

[via DefenseNews]

Tiny Transmitter Brings Out The Spy Inside You

May 18, 2018 by 10 Comments

When it comes to surveillance, why let the government have all the fun? This tiny spy transmitter is just the thing you need to jumpstart your recreational espionage efforts.

We kid, of course — you’ll want to stay within the law of the land if you choose to build [TomTechTod]’s diminutive transmitter. Barely bigger than the 337 button cell that powers it, the scrap of PCB packs a fair number of surface mount components, most in 0201 packages. Even so, the transmitter is a simple design, with a two transistor audio stage amplifying the signal from the MEMS microphone and feeding an oscillator that uses a surface acoustic wave (SAW) resonator for stability. The bug is tuned for the 433-MHz low-power devices band, and from the video below, it appears to have decent range with the random wire antenna — maybe 50 meters. [TomTechTod] has all the build files posted, including Gerbers and a BOM with Digikey part numbers, so it should be easy to make one for your fieldcraft kit.

If you want to dive deeper into the world of electronic espionage, boy, have we got you covered. Here’s a primer on microphone bugs, a history of spy radios, or how backscatter was used to bug an embassy.

Continue reading “Tiny Transmitter Brings Out The Spy Inside You”

A TEMPEST In A Dongle

November 26, 2017 by 27 Comments

If a couple of generations of spy movies have taught us anything, it’s that secret agents get the best toys. And although it may not be as cool as a radar-equipped Aston Martin or a wire-flying rig for impossible vault heists, this DIY TEMPEST system lets you snoop on computers using secondary RF emissions.

If the term TEMPEST sounds familiar, it’s because we’ve covered it before. [Elliot Williams] gave an introduction to the many modalities that fall under the TEMPEST umbrella, the US National Security Agency’s catch-all codename for bridging air gaps by monitoring the unintended RF, light, or even audio emissions of computers. And more recently, [Brian Benchoff] discussed a TEMPEST hack that avoided the need for thousands of dollars of RF gear, reducing the rig down to an SDR dongle and a simple antenna. There’s even an app for that now: TempestSDR, a multiplatform Java app that lets you screen scrape a monitor based on its RF signature. Trouble is, getting the app running on Windows machines has been a challenge, but RTL-SDR.com reader [flatfishfly] solved some of the major problems and kindly shared the magic. The video below shows TempestSDR results; it’s clear that high-contrast images at easiest to snoop on, but it shows that a $20 dongle and some open-source software can bridge an air gap. Makes you wonder what’s possible with deeper pockets.

RF sniffing is only one of many ways to exfiltrate data from an air-gapped system. From power cords to security cameras, there seems to be no end to the ways to breach systems.

Continue reading “A TEMPEST In A Dongle”

Books You Should Read: The Cuckoo’s Egg

October 19, 2017 by 62 Comments

The mid-1980s were a time of drastic change. In the United States, the Reagan era was winding down, the Cold War was heating up, and the IBM PC was the newest of newnesses. The comparatively few wires stitching together the larger university research centers around the world pulsed with a new heartbeat — the Internet Protocol (IP) — and while the World Wide Web was still a decade or so away, The Internet was a real place for a growing number of computer-savvy explorers and adventurers, ready to set sail on the virtual sea to explore and exploit this new frontier.

In 1986, having recently lost his research grant, astronomer Clifford Stoll was made a computer system admin with the wave of a hand by the management of Lawrence Berkeley Laboratory’s physics department. Commanded to go forth and administer, Stoll dove into what appeared to be a simple task for his first day on the job: investigating a 75-cent error in the computer account time charges. Little did he know that this six-bit overcharge would take over his life for the next six months and have this self-proclaimed Berkeley hippie rubbing shoulders with the FBI, the CIA, the NSA, and the German Bundeskriminalamt, all in pursuit of the source: a nest of black-hat hackers and a tangled web of international espionage.

Continue reading “Books You Should Read: The Cuckoo’s Egg”

Swans, Pigs, And The CIA: An Unlikely Radio Story

November 23, 2015 by 27 Comments

Shortwave radio is boring, right? Maybe not. You never know what intrigue and excitement you might intercept. We recently covered secret number stations, and while no one knows for sure exactly what their purpose is, it is almost surely involving cloaks and daggers. However, there’s been some more obvious espionage radio, like Radio Swan.

The swan didn’t refer to the animal, but rather an island just off of Honduras that, until 1972, was disputed between Honduras and the United States. The island got its name–reportedly–because it was used as a base for a pirate named Swan in the 17th century. This island also had a long history of use by the United States government. The Department of Agriculture used it to quarantine imported beef and a variety of government departments had weather stations there.

You might wonder why the United States claimed a tiny island so far away from its shores. It turns out, it was all about guano. The Guano Islands Act of 1856 allowed the president to designate otherwise unclaimed territory as part of the United States for the purpose of collecting guano which, in addition to being bird excrement, is also important because it contains phosphates used in fertilizer and gunpowder. (Honestly, you couldn’t make this stuff up if you tried.)

However, the most famous occupant of Swan Island was Radio Swan which broadcast on the AM radio band and shortwave. The station was owned by the Gibraltar Steamship Company with offices on Fifth Avenue in New York. Oddly, though, the company didn’t actually have any steamships. What it did have was some radio transmitters that had been used by Radio Free Europe and brought to the island by the United States Navy. Did I mention that the Gibraltar Steamship Company was actually a front for the Central Intelligence Agency (CIA)?

Continue reading “Swans, Pigs, And The CIA: An Unlikely Radio Story”