2 hours ago
> Fernandez, who more than two decades ago published a four-CD audio compendium of hundreds of recordings from around the world called the Conet Project. It's considered the Bible for numbers-station enthusiasts.
The Conet Project is an interesting listen -- very analogue, Cold War-ish, and a bit sinister. Seems to be available on the Internet Archive at https://archive.org/details/The-Conet-Project
8 hours ago
I wonder why they keep using a dedicated numbers station instead of embedding the code in a regular radio broadcast on a traditional channel? I'm sure that even before LLMs one could find a way to create a story where certain numbers / code words would be embedded without altering the underlying story too much. And they could probably get BBC / whatever station to air it. It would be a bit less inconspicuous to listen to BBC than to a dedicated numbers station, even if the message would be undecryptable either way.
3 hours ago
> "I'm sure that even before LLMs one could find a way to create a story where certain numbers / code words would be embedded without altering the underlying story too much."
It's called steganography, and it's a centuries if not millennia old technique.
2 hours ago
I recall reading about this in The Code Book by Simon Singh when I was dabbling with writing single and double substitution cypher solvers.
https://en.wikipedia.org/wiki/Steganography#History
> The first recorded uses of steganography can be traced back to 440 BC in Greece, when Herodotus mentions two examples in his Histories. Histiaeus sent a message to his vassal, Aristagoras, by shaving the head of his most trusted servant, "marking" the message onto his scalp, then sending him on his way once his hair had regrown, with the instruction, "When thou art come to Miletus, bid Aristagoras shave thy head, and look thereon." Additionally, Demaratus sent a warning about a forthcoming attack to Greece by writing it directly on the wooden backing of a wax tablet before applying its beeswax surface. Wax tablets were in common use then as reusable writing surfaces, sometimes used for shorthand.
8 hours ago
Seems to me like coordinating with an entity outside of the spooks' control, such as the BBC, would give more opportunities for leaks. It would also reveal some information about who is controlling the signal--someone with some kind of relationship with the broadcaster.
an hour ago
During WWII, the BBC would daily have a section after the news dedicated to "personal messages" - which everyone knew were instructions to the resistance in France, or similar. "William waits for Mary" was one of the more famous ones related to D-Day, I think.
7 hours ago
who's to say they aren't doing both? They may not even be sending anything over the number station; these stations will continue on a schedule even when there is nothing to say and nobody is listening because it makes it harder to eek out a foothold in the event of a weakness in the encryption.
an hour ago
Even if the encryption is one-time pads, if you broadcast a bit every day then you don't warn the enemy that something's up by the fact that you're transmitting at all.
7 hours ago
Shortwave propagates better and also its just a one time pad being distributed so embedding doesn't matter as much as long as the one time pad is longer than the intended message to send. There is no way to decrypt it because once you encrypt a message using a one time pad it is impossible to decrypt without the exact one time pad that it was encrypted with.
4 hours ago
One time pads work only if only the sender and receiver have a copy of the pad - and they destroy each sheet on use. Distributing the pads is hard, but often it can be done easier than the message.
Distributing a one time pad like this is a stupid idea: it isn't hard to collect everything you ever send, and it takes a computer a few ms to check every encrypted message against every possible sequence. That is breaking a distribute one time pad via shortwave like this is something a single layperson can do, it doesn't even need a government scale attacker to break it.
Don't get me wrong, this can be used for good encryption. However it isn't a one time pad they are doing, it is something more complex.
4 hours ago
Every message is equally likely when you attempt this kind of brute-force decryption with a one-time pad. The code you get is actually 100% unbreakable if the pad isn't intercepted.
3 hours ago
I think there's some confusion in this thread. GGP talks about distributing the one time pad via the numbers station. GP (rightly) says that's a stupid idea.
The numbers station should be transmitting a message encoded with a one time pad. The one time pad itself should be physically given in person to the spies who you want to communicate with.
11 minutes ago
Or, if one is uncertain whether to trust the courier between you and your spy - one can send two different one time pads by two different couriers. If the spy is trained to xor those pads together before using, an enemy must intercept both pads to be able to read your messages.
There are many variants on this, including pads which you hope your enemy will intercept.
2 hours ago
It's not a one-time pad being distributed, because leaking the pad leaks all your communications. It's almost certainly the actual messages being distributed, at specific times of day. The listener records the numbers for the known time period to get the message, then decodes it with their pad for that period. Then they destroy that pad. Continually broadcasting numbers makes it impossible to tell the length of the messages.
2 hours ago
And it is faster than the internet. That's why high speed traders are starting to use HF.
https://spectrum.ieee.org/wall-street-tries-shortwave-radio-...
4 hours ago
I think you're massively overestimating the amount of control the US has over news broadcasters.
7 hours ago
I can't find it immediately, but I've read about something even sneakier than this. A standard broadcast station was modified such that its carrier signal was modulated by a PSK signal. The intended listener would use e.g., a PSK-31 modem to listen to the carrier signal and would be able to obtain the encoded digital data. Everyday listeners would hear the regular broadcast. The station involved _might_ have been a BBC station, but I don't recall.
3 hours ago
You could technically just transmit data via RDS, too. Change a letter here and there and nobody would know whether that’s a decoding error or actual ciphertext. (Would need some kind of checksum or so, of course.)
@windytan did a fascinating audio clip highlighting the RDS data stream in a radio recording some while ago:
2 hours ago
The previous time that the US and UK overthrew Iran's government (https://en.wikipedia.org/wiki/1953_Iranian_coup_d'%C3%A9tat), they used the BBC in that way.
Roosevelt told the Shah that he was in Iran on behalf of the American and British secret services, and that this would be confirmed by a code word the Shah would be able to hear on the BBC the next night. Churchill had arranged that the BBC would end its broadcast day by saying not 'it is now midnight' as usual, but 'it is now exactly midnight'3 hours ago
I think they do this, too.
However, the numbers stations transmissions are never a big secret. They're intentionally powerful so someone can pick them up on simple equipment without raising suspicion. A person can modify an off-the-shelf AM radio to pick up shortwave, for example, even in an oppressive regime.
It's a one-time pad, so the encryption is unbreakable.
8 hours ago
regular AM/FM stations are not broadcasting on shortwave bands
7 hours ago
Sure, but that would be a benefit, I would think. Most old cars come with an AM/FM radio, most cheap phones now have FM (? I don't know about AM, don't think so) and so on. So it would be more inconspicuous to listen to a regular radio than to a special station on special hardware. You don't even have to broadcast from EU, you could probably purchase some Radio Quatar Classical Rock or something :)
7 hours ago
Radios capable of receiving shortwave bands aren't exactly rare among normal people. They're not really "special hardware". Just owning one would not be inherently suspicious.
What would be suspicious is being in possession of the one-time pad needed to decode the messages, regardless of which media those messages are transmitted through.
For the record, "numbers stations" can be found in nearly every communication medium, including the web. The advantage of using shortwave (range, primarily) are large enough that the benefits outweigh the drawbacks.
2 hours ago
> What would be suspicious is being in possession of the one-time pad needed to decode the messages
Would it though?
All you need is something with sufficient entropy. I reckon you could do a "good enough" job with any plausible-looking data you have lying around on your hard disk right now. Say for example if you took a couple of sha256s of any random image you might post on social media, you'd have quite a lot of key right there.
8 hours ago
There are still quite a few shortwave radio stations broadcasting.
9 hours ago
8 hours ago
Does this move around geographically ? Triangulating broadcast location is a well understood craft.
8 hours ago
Shortwave radio is more challenging than you might imagine.
Near to the transmitter it's received by ground wave, further it's scattered off the ionosphere. In-between it's undetectable due to the skip zone. This might also explain why Amelia Earhart went missing [1]
Coverage is obtained from multipath and reflections. Leading to variable strength and timing. Not as bad as DXing on HF with low power but much harder than you might imagine.
Fine for someone to transcribe some numbers but useless for people trying to identify sources.
So locally you get an apparent direction to the source which is clearly not the source.
Add to that the complex local terrain and a well placed number stations can be very difficult to locate with precision.
Edit: unrelated but interesting there are some mysteries in HF transmission including long delayed echoes where a signal takes far longer than reasonable to travel out and back over several seconds [0] which given its travelling light milliseconds is a conundrum.
an hour ago
I would guess that the combined EU/NATO counterintelligence forces could find the station if they wanted to, especially for the rough location in the article.
EDIT: apparently the source is on a U.S. military base in Germany (other posts on this topic). Looks like its "ours" then.
8 hours ago
My father regailed tales of his college years where it was a game to have a HAM radio operator start broadcasting and to have teams try to find where they were hiding, first.
More challenging? Not really. It does require multiple boots on the ground to do it.
3 hours ago
Yes, more challenging. Ham radio fox hunting is usually VHF/UHF. Waaay easier to direction-find, since the signal isn't bouncing off the ionosphere, and also the much shorter wavelength means that you can get highly directional antennas that are small enough to be held, and don't need to be 50 feet in the air to work well.
8 hours ago
Presumably doing it locally within a known few mile radius is different from nation-scale broadcast areas bounced from god-knows-where?
8 hours ago
If you can receive a shortwave signal, you can triangulate the source.
4 hours ago
Besides the problem caused by reflections and by the fact that unless you are very close to the transmitter you do not receive a direct wave but one reflected from the ionosphere, there is an additional difficulty.
Antennas with high directivity, which are needed for accurate triangulation, must be very big in the shortwave range (wavelength from 100 meter to 10 meter). Moreover, if they are too big it would be difficult to move them, to be able to measure an angle.
So traditional triangulation is inaccurate in this frequency range.
With modern technologies, using highly accurate synchronized clocks, one could distribute shortwave antennas over a large area, to create a synthetic aperture array, enabling a precise triangulation. However this would be expensive. An amateur would certainly not have such a thing. I doubt that even a state would bother to build such a thing, because it would not be worthwhile.
While precise triangulation of a shortwave transmitter from far away is very difficult, such a transmitter would not be hard to find during a local search wherever it is placed, because there not only the direction, but also the intensity gradient of the signal would allow finding it.
8 hours ago
Reflections will pose a problem though.
Two receivers of the same signal may not be from the same proximate source. One could from the original antenna the other from a reflection. Both could be reflected but by different reflectors. Even if the proximate source was the same for both the receivers, triangulation might yield the location of a virtual image of the original source.
BTW I am just going by geometry and may be way off because radiowaves behave quite differently compared to visible light.
One might need effectively the inverse of beamforming to nail it.
8 hours ago
Exactly I have friends who have had voice contacts reflecting off aurora at VHF
8 hours ago
That made my day. Thanks for the laughs.
6 hours ago
See content of post you initially replied in the context of:
> Shortwave radio is more challenging than you might imagine.
8 hours ago
This seems to be a common treasure hunt game conducted by HAM clubs.
8 hours ago
That was it. Treasure hunt.
8 hours ago
Also known as fox hunting.
5 hours ago
Multiple boots on Iranian ground is tricky for Americans right now.
8 hours ago
Thanks that was quite illuminating. I knew about ionospheric reflections to be a problem but not the others.
7 hours ago
The broadcast locations aren't really secret, and don't need to be.
5 hours ago
Known locations can be taken out, no ?
4 hours ago
Yes, but the locations of the big transmitters are in well-defended areas and smaller transmitters are easy to replace.
4 hours ago
Nothing much in Iran is well defended from air I suppose.
Assuming, of course, the hypothetical that it's a signal emanating from Iran. The current fix seems to indicate Germany, in which case you would be correct.
8 hours ago
N 48.690438° E 9.086693°
4 hours ago
Street View nearby reveals this sign at the edge of the Street View area: "Forstarbeiter und Militär Frei," which means "Forestry Workers and Military [are free to enter]". The red circle around the sign implies that everyone else is forbidden to enter. So, it's some kind of military installation.
a few seconds ago
7 hours ago
Neat, there's no Street View coverage but there is clear sattelite imagery: https://maps.app.goo.gl/RjGUAMExUrD6aqs59
Apple's maps version has that section blurred out though.
Bing's sattelite images seem to be older, the antenna isn't visible on there yet and there's just building foundations: https://www.bing.com/maps?cp=48.690103%7E9.086240&lvl=18.8&s.... Can't determine how old those images are though.
6 hours ago
Until around 2000-2004 there have even been 2 Antennas. The whole surrounding forest is a military training ground, obviously used by German Bundeswehr and US forces. There are German and US barracks on opposite ends of the area. Within the vicinity there are an UXO clearance service, K9 school, CQB training village, shooting ranges, lots of bunkers and who knows what.
8 hours ago
"We don't need NATO." But we do need our bases in Germany plz.
7 hours ago
These two don't have to be related per se, but it sure helps with maintaining a healthy mutually beneficial military relationship.
4 hours ago
The location of this transmitter is a shortwave transmission facility within a US military base in Böblingen, 15 km southwest of Stuttgart, Germany. The coordinates:
48°41'26"N 9°05'12"E
https://www.google.com/maps/place/48%C2%B041'26.0%22N+9%C2%B...
2 hours ago
Interesting. I have no reason to disbelieve you.
So...
If its being broadcast by the US military or the CIA, why Persian?
Because they're issueing activation orders to their network of ani-regime operatives inside Iran? Who, mysteriously for spies, only know that language?
Or because they want the Iranian government to think that? And a numbers station broadcasting in - unusually - Persian, is an easy way to get the attention of the Iranians?
I'm thinking the latter.
an hour ago
Locally and recently recruited spies inside Iran?
8 hours ago
If anyone is interested in further reading, this group are the world's leading experts on number stations (outside of intelligence services of course). They've done a detailed article on the new station, including recordings, technical mishaps, and analysis of why they believe the station is CIA run. https://priyom.org/number-stations/other/v32
> Considering the topical interest in this station, the Priyom team shares its further expertise regarding V32's attribution, beyond being transmitted from a US military facility. While this remains unconfirmed speculation, and not facts, a prime candidate for the operator of this station would be the CIA. Contrary to popular belief, US intelligence has not entirely moved away from numbers stations. Sources in the intelligence community indicate that the CIA provides extra training about numbers stations and one-time pads to clandestine agents assigned to locations with a very hostile operating environment, such as Iran or North Korea: it is envisioned as a last-resort means of communication with high-value sources. So according to this, numbers stations are actually still an institutional part of the CIA playbook. The war in Iran, and the Internet blackout installed by the regime, fulfill the very circumstances for which the CIA would have planned this.
> We already know that the CIA has a significant presence in Iran and involvement in the war, having provided crucial intelligence tracking Iranian leaders that enabled the assassination strikes that kickstarted the war. They most probably have had a network of infiltrated assets already in place and organized, ready to be reached through a numbers station if need be right when the war started - which makes the CIA a candidate for running V32 consistent with a legitimate intelligence operation. However, what we've observed from V32's operations - technical quirks and shifting formats - suggest that the technical deployment of the numbers station and shortwave transmissions themselves may have been a little rushed by the circumstances.
> Another noteworthy feature of V32 is how all its transmissions take place on the same frequency. Most other numbers stations in general are comprehensive operations targeting many different recipients in different countries, and making use of many different transmission times and frequencies suited to the particular signal propagation needs corresponding to all those areas. In contrast, the fact that V32 always uses a single, same frequency, at always two given times of the day, would be consistent with an operation that only needs to target a single geographical area: Iran.
5 hours ago
Thanks for the link, really interesting!
8 hours ago
4 hours ago
Interesting. Some sort of sync signal?
4 hours ago
over / under it's just some kid broadcasting an encrypted Phish Prague 7/6/98 GHOST on repeat?
8 hours ago
Sounds like a CIA numbers station transmitting info to agents on the ground.
9 hours ago
This reminds me of UVB-76[0], a shortwave military radio in Russia. It would be interesting know why they're using this method to communicate covertly rather than beaming down messages to a phone via satellite or something. I'm not an expert on radios, though, so maybe it's not as clunky as I'm imagining where an undercover asset is hauling around bulky equipment.
8 hours ago
It’s simple, reliable, and effective. Shortwave receivers can be made fairly compact. They’re also very prevalent in most countries (every ham transciever), so there’s nothing suspicious to pack. People find numbers stations interesting, so they are often streamed online. One time pads have their logistical shortcomings, but are still the best encryption possible. The OTP can be compromised in known, visible ways, where a phone has myriad invisible ways to be compromised.
3 hours ago
You could probably cheat with the one time pad and use a book as a key, pick a pre determined starting point go diagonally down accross the page convert the letters to numbers and xor that against the message. It would be near enough to random and less conspicuous than a pad of random numbers when searched.
an hour ago
That feels like something that could suffer from frequency analysis.
8 hours ago
Like the article says, satellite messages can be traced while radio is broadcast to everyone so it's impossible to find out who's listening. Shortwave radios are also cheap and widespread, so it's easy to get one anywhere in the world and if your house gets searched, it won't be suspicious if you have one.
8 hours ago
> Shortwave radios are also cheap and widespread, so it's easy to get one anywhere in the world
I always hear this in discussions about number stations, but I don't think this is true in the US. In fact, I don't think I've ever seen a general consumer "shortwave radio". Unless the regular AM band counts, which seems to be medium wave.
7 hours ago
The term for shortwave radios targeting the general consumer market is "world band radio". They look like a standard portable AM/FM radio except they'll also pick up long wave, medium wave, short wave, and maybe weather band. They're more of a niche in the US now that internet streaming is a thing, but you should still be able to get one at most electronics stores. Of course like most niche products, you'll get much better selection and pricing online.
3 hours ago
I used to have little battery powered AM/FM/Shortwave/weather radio lost it a couple house moveings ago. Kept it around for the emergacy weather radio during flood events and other extreme weather when internet/power isnt reliable. Should probably pick up a replacement come to think of it.
7 hours ago
I'm in the US. At least half of the people I know own shortwave radios, although most don't think of them as "shortwave radios". They're more often called "world radios" or some other such synonym. I could run out to a consumer electronics store right now and buy one.
The younger people I know tend to own such a radio in the form of the Baofeng UV-5R or the like.
6 hours ago
A Baofeng UV-5R cannot receive shortwave, it's in the VHF/UHF range for receive/transmit and can receive commercial FM broadcast.
4 hours ago
Ah, true. My mistake.
8 hours ago
def a niche consumer item these days. but pretty easy to make your own.
7 hours ago
Satellite unicast receivers also can't be located. Iridium pagers were (maybe still are?) a thing, for example.
However, carrying one of these is probably highly suspicious compared to a world band radio receiver.
3 hours ago
> Like the article says, satellite messages can be traced while radio is broadcast to everyone
I don't buy it.
Satellite downlinks are broadcast to everyone under a potentially massive footprint. Take a look at the footprint for QO-100 which you could use with very inexpensive equipment that looks pretty much like a normal satellite TV dish.
https://jeremyclark.ca/wp/telecom/sdr-for-qo-100-satellite-r...
8 hours ago
Phones usually contain the hardware for radio too, so making sure agents have some set of models for that doesn't sound bad. Even if you had to use a dedicated one having a radio at home isn't that conspicuous? Or in a car, etc
8 hours ago
a consumer phone usually would only have an FM receiver
3 hours ago
ooh, new fodder for conspiracies about electric cars not having AM radios :-)
8 hours ago
perhaps they're not directed at deeply embedded lone spies with radios in their attics, but at 'military assets' which as a matter of course can receive these transmissions on a designated schedule.
9 hours ago
5 hours ago
Ok, we've changed to that from https://www.wired.com/story/a-mysterious-numbers-station-is-... above, and I've put the latter link in the toptext. Thanks!
9 hours ago
I've been off put by WIRE recently. Thanks for this.
7 hours ago
For intelligence agencies,
it is important to
communicate with their
spies to gather intelligence,”
says John Sipher, a former
US intelligence officer
Sifr is also a valid word both in Farsi, I think. An Ironic and cruel pun.
5 hours ago
> Sifr is also a valid word both in Farsi, I think
That is the root of 'cipher'; meaning zero/empty/nothingness.
4 hours ago
Indeed and used cleverly in Casino Royale by naming Le Chiffre that way.
I knew 'sifr' was an Arabic word and only today I came to know that it works in Farsi too.
The double pun/irony is that the John Sipher's surname is related to the topic of cryptography and that the etymological roots is Middle-Eastern.
3 hours ago
More so if you know the etymology,
https://www.etymonline.com/word/cipher
(Al Jabr, the translator of Indian Mathematical texts was a Persian IIRC)
2 hours ago
Al-Jabr, from where we get the word albebra, is an abbreviated name of the book (The Compendious Book on Calculation by Completion and Balancing). The translator's name was al-Khwarizmi, from where we get the word algorithm. He was of Persian origin.
an hour ago
Why do say "translator's name" ?
Al-Khwarizmi authored the book Al-Jabr.
7 hours ago
Random chance has a really good sense of humor!
5 hours ago
1/10 dentists hates nominative determinism. That dentist? Dr. Procter
3 hours ago
You'd be amazed how many firefighters I know called "Burns", even leaving aside Ayrshire where lots of people are not-too-distantly related to a famous poet who, to put it mildly, put it about a bit.