Stories
Slash Boxes
Comments

SoylentNews is people

posted by hubie on Wednesday July 10, @03:54AM   Printer-friendly

https://www.mattblaze.org/blog/neinnines/

I picked up the new book Compromised last week and was intrigued to discover that it may have shed some light on a small (and rather esoteric) cryptologic and espionage mystery that I've been puzzling over for about 15 years. Compromised is primarily a memoir of former FBI counterintelligence agent Peter Strzok's investigation into Russian operations in the lead up to the 2016 presidential election, but this post is not a review of the book or concerned with that aspect of it.

Early in the book, as an almost throwaway bit of background color, Strzok discusses his work in Boston investigating the famous Russian "illegals" espionage network from 2000 until their arrest (and subsequent exchange with Russia) in 2010. "Illegals" are foreign agents operating abroad under false identities and without official or diplomatic cover. In this case, ten Russian illegals were living and working in the US under false Canadian and American identities. (The case inspired the recent TV series The Americans.)

Strzok was the case agent responsible for two of the suspects, Andrey Bezrukov and Elena Vavilova (posing as a Canadian couple under the aliases Donald Heathfield and Tracey Lee Ann Foley). The author recounts watching from the street on Thursday evenings as Vavilova received encrypted shortwave "numbers" transmissions in their Cambridge, MA apartment.

Given that Bezrukov and Vaviloa were indeed, as the FBI suspected, Russian spies, it's not surprising that they were sent messages from headquarters using this method; numbers stations are part of time-honored espionage tradecraft for communicating with covert agents. But their capture may have illustrated how subtle errors can cause these systems to fail badly in practice, even when the cryptography itself is sound.


Original Submission

This discussion was created by hubie (1068) for logged-in users only. Log in and try again!
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 5, Interesting) by looorg on Wednesday July 10, @08:37AM

    by looorg (578) on Wednesday July 10, @08:37AM (#1363623)

    ... , the Russian numbers intended for them were sent not by a transmitter in Russia ... but relayed by the Cuban shortwave numbers station. This is perhaps a bit surprising, since the period in question (2000-2010) was well after the Soviet Union, the historic protector of Cuba's government, had ceased to exist.

    Not that surprising at all. Governments and leaders change. Agency cooperation is more or less eternal. Built on trust and personal connections that in some regard transend who the current leaders are.

    The Cuban numbers station is somewhat legendary.

    "AtenciĆ³n"

    https://priyom.org/number-stations/other/v02 [priyom.org]
    https://priyom.org/number-stations/other/v02a [priyom.org]

    some messages completely lacked the digit 9 ("nueve"). Most messages had, as they always did and as you'd expect with OTP ciphertext, a uniform distribution of the digits 0-9. But other messages, at random times, suddenly had no 9s at all. I wasn't the only (or the first) person to notice this; apparently the 9s started disappearing from messages some time around 2005.

    The 9-less messages went on for almost ten years.

    The FBI (or NSA) no doubt noticed the lack of 9s just as I (and others) did, and likely came to the same conclusions I did. The difference is that they were in a position to confirm the hypothesis through real-time surveillance of actual espionage suspects.

    If it was missing for almost 10 years I think they would have noticed it and fixed it. Unless they wanted it to be like that. Otherwise it's kind of bad and sort of defeats the purpose of filler traffic. They might as well just have stopped sending that then since it was so obvious and clear. Also it would/could explain why they changed system in 1997 and then again then again just a few years later going all digital.

    https://priyom.org/number-stations/digital/hm01 [priyom.org]

  • (Score: 3, Interesting) by turgid on Wednesday July 10, @11:32AM

    by turgid (4318) Subscriber Badge on Wednesday July 10, @11:32AM (#1363632) Journal

    No manual entry for strzok in section 3.

  • (Score: 2, Interesting) by shrewdsheep on Wednesday July 10, @04:23PM (1 child)

    by shrewdsheep (5215) on Wednesday July 10, @04:23PM (#1363660)

    I guess, if a transmission takes as long as 15 min, it seems trivial to scan frequencies and jam the transmission.

    • (Score: 5, Interesting) by bussdriver on Wednesday July 10, @04:58PM

      by bussdriver (6876) Subscriber Badge on Wednesday July 10, @04:58PM (#1363665)

      Not if you want to monitor them and if you crack the code and if you have double agents who need to do their job.

  • (Score: 3, Informative) by SomeRandomGeek on Wednesday July 10, @10:47PM

    by SomeRandomGeek (856) on Wednesday July 10, @10:47PM (#1363700)

    The author theorizes that the messages with no nines were fill, while the messages with an equal distribution of digits were real messages. My own intuition is the reverse of that. It is easy to make a fill generator that produces each digit at the same frequency. It is more difficult to make a cipher that does. The Russians probably had a simple cipher suitable to being encoded/decoded by hand. By way of illustration, imagine that your messages contain 26 possible letters. The one time pad contains a sequence of numbers between 0 and 25. To encode, you convert the letter to a number between 1 and 26 and add the number from the pad, then if the number is greater than 26 subtract 26. The encrypted text will now contain an equal distribution of the numbers between 1 and 26. Someone intercepting the message will not be able to decode it. But they will notice a pattern to the numbers. You never see a 35, for example, because 35 is not between 1 and 26.

(1)