Crack A "Numbers" Station

boss soul writes: "On Friday, NPR did an excellent story on those infamous 'Numbers Stations' that broadcast on shortwave radio. Since the 1950s, these stations have been broadcasting nothing but an unidentified human voice reading a string of numbers. Though most people believe that these broadcasts are used by intelligence agencies to communicate with their agents abroad, there has never been any way to confirm this ... until now! The makers of "The Conet Project" (a four-CD set of numbers-station recordings) have thrown down the proverbial gauntlet and announced a series of "cryptographic challenges" -- the object of which is to crack an actual numbers station broadcast. Dust off your Crypto caps, everyone -- I want to see a slashdotter win this one! "

Re:Very Likely This is IMPOSSIBLE

they used to transmit "data" when there was no message, but now they sending downloads of Dr. Dre and Metallica to agents in the field who have been thrown off of Napster

Has anybody checked that the 4-cd set isn't just audio? wouldn't that been a good joke to pull on the crypto community ;)

Re:Worst job.

As you can probably guess, most stations use a synthesized voice. In the past, some stations (pre computer days) used either spliced tapes, or an interesting contraption that was a rotating drum with several tracks, one for each number or word spoken. It turned, and the correct track was read to play a digit (the phone company used this as well to handle messages when a number changed).

Some still do "live" transmissions, the Bored Man and Babbler stations come to mind.

Visit http://www.spynumbers.com for more information about spy numbers stations.

I have a CDROM out, with about ten hours of recordings, and lots of information, all organized as a web site, so it's cross platform.

Numbers Stations..

As a little birthday gift to myself, I picked up a fairly high-end handheld digital shortwave radio like a week ago. Its an amazing little device, when you think about it.. In your hands you hold a box capable of opening a window into the communications of every technologically advanced culture on the planet, runs on three AA batteries, and will run forever if you take care of it. Not a bad deal for $219.00 :)

That being said, here's a little something about numbers stations: Alot of them have already been linked directly to intelligence agencies, so, thats not a rumor anymore. Its a fact. Our on CIA, and Israel's Mossad are among a growing list of agencies known to be running numbers stations, as the broadcast source has been proven to be on land owned by these agencies.

On a totally different not, my own father ran crypto for the Navy (even had clearance at the Pentagon for a short time!) for a few years during the mid-late 1950's. During his stint in the Navy, he was stationed in Adak, Alaska where he and and a bunch of other guys jobs' were to monitor Russian shortwave radio traffic..mostly stuff in the Bering Strait, and from stations in and around the Kamchatka. To this day he can copy morse code by hand fast as fuck. :) A few weeks ago, I played some of the "numbers" station recordings for him, and he says he has never heard them before. I told them theyre linked with foreign intelligence agencies and his response was "Not surprising. Theyre all over the dial." :)

Whatever that means. :)



Bowie J. Poag

Strategic Air Command

The U.S. Air Force Strategic Air Command had something similar with their "Sky King" broadcasts on the high frequency bands. They sent out coded messages at regular intervals using SSB (single sideband) voice. This was one of the systems for sending EAMs (emergency action messages) to SAC's nuclear armed bombers. When listening, you never knew if the message was "testing" or "nuke Moscow".

Re:Hmm ... what prize? A visit from Men In Black?

There are 5 different messages to crack :

1.E3 (The Lincolnshire Poacher) [ibmpcug.co.uk]
2.E5 (CIA Counting Station) [ibmpcug.co.uk]
3.E22 (New Station!) [ibmpcug.co.uk]
4.E10 (Phonetic Alphabet Station) [ibmpcug.co.uk]
5.G2 (The Swedish Rhapsody) [ibmpcug.co.uk]

And (look at the last line) " The Prize for the first person to email us a deciphered text along with the method employed in the crack will be an ancient Gold Roman coin. The Judges decision is final. "

Also you have to encrypt using their PGP key, not yours, so you aren't 'proving your identity', just (hopefully) making sure nobody besides them can read your email. However that doesn't mean the NSA/Men In Black won't say hello if you crack it.

Worst job.

That has got to be one of the worst jobs ever, reading a very long string of numbers... I can only assume they recorded 'em though,

"One Five Seven...no Two...sorry. Eight"

This Looks Like A Job For...

Distributed.net...

It would seem that there must somehow be a way to implement distribute.net into solving this (if there is any solution). Why work against each other if we can all work together and nail this?

I'm not a crytpo-expert, but my guess is that you would need to use a wide variety of formulaes to even ever discern that there is a pattern, let alone what the patterns signify. But the formulae could be well-tested on a mass-scale via distributed.net and then once a group of likely candidates is discovered, attack them on a massive scale and see if anything hits.

But like I say, I'm not an expert whatsoever. This just sounds like a way to approach it. But, unlike RC5 and DSS, this doesn't have a known answer hiding somewhere with any manner of known mathamatical processes of resolution, so brute-force would be out of the question, no? Unless there is a way to massively process *methods* and *formulaes* to see if they're even appropriate to ever do brute-force decryption along side.
---
icq:2057699
seumas.com

Re:One-Time Pads With Added Obscurity

2) A one-time pad usually encodes phrases, not letters or single words. A complex one can have multiple phrases available from which one can construct a complete message, ie 48 = "meet me," 47 = "at the courthouse steps," 97 = "at phillip's house," and so on. Both the numbers and the phrases can be chosen arbitrarily, and can be changed every week or even every day.

No!

That's a codebook, not a one-time pad. If you'll notice, the frequencies of different digit pairs (using your example) will likely be different. That's no good. A one-time pad is a long string of true random numbers. They would most often be combined with the message with a simple XOR algorithm, although something else might be more appropriate when using pencil and paper. The point of a "one-time" pad is that the same numbers are never used more than once, hence the name one-time. It's not changed once a day or week, it's destroyed immediatelly after use!

Re:Worst job.

...As read by James Earl Jones... ;)
---
icq:2057699
seumas.com

Re:Very Likely This is IMPOSSIBLE

There just isn't enought information to do anything but put a bunch of smart people in front of the data and see what they can figure out.

Of course that could be the goal. If you really want to mess with the other guys, you could use a scheme like this to do it. The process would be pretty simple:

1. Develop a decent cryptographic random number generator and have it spew out a bunch of random numbers. Even better, mix in a bunch of encrypted, realistic sounding, but bogus messages to your international spy network. Use an encryption scheme that's likely to be very tough to break, but not quite impossible.
2. Hire a bunch of poor schlubs to read off your list of numbers into a microphone. You can save yourself some time and effort by rebroadcasting the messages several times in rapid succession; this might actually be helpful in the real world in case your agents have to transcribe the thing without aid of tape recordings.
3. Watch as your poor enemy wastes a lot of effort trying to decode the thing. Even better, if you think that they've actually succeeded in decoding it, you can use it to sow disinformation.

All it takes is a bit of effort: one cryptographic algorithm, a creative guy or two to write bogus messages, and a bunch of people you can hire pretty cheap to read off your lists of numbers. If you're lucky, you can tie up several capable cryptographers trying to decode it, which is probably a net win. If you're really lucky, they'll succeed, buy it hook, line, and sinker, and you can start using it to give them disinformation. Sounds like a reasonable thing to try.

The Message, Deciphered!

"o...r...p...h...a...n.....a...n...n...i...e.....s ...a...y...s.....'A...l...w...a...y.. .s. ....d...r...i...n...k.....y...o...u...r......O...V ...A...L...T...I...N...E'"

Credit goes to our top codebreaker, Ralphie.

One-Time Pads With Added Obscurity

Yes, the "numbers stations" are almost certainly using one-time pads, but there are levels of obscurity they may use that go beyond that:

1) There is no reason all the numbers broadcast 24/7 must have any meaning, so a "key" could contain instructions that tell a recipient to listen for the string "24 41 00 65" after 12:32 p.m. and that the numbers between that string and "24 41 00 56" are the message.

2) A one-time pad usually encodes phrases, not letters or single words. A complex one can have multiple phrases available from which one can construct a complete message, ie 48 = "meet me," 47 = "at the courthouse steps," 97 = "at phillip's house," and so on. Both the numbers and the phrases can be chosen arbitrarily, and can be changed every week or even every day.

3) The date/time key can be kept separate from the decode key; that is, which strings to listen to, and when to listen for them, can be kept as a "key book" in an embassy safe, while the number/phrase "code book" can be in the possession of a staff member who does not live or work on the premises. If someone gets hold of the key book it does them no good without the code book, and vice versa.

This is good old-fahioned human stuff. To "decode" a message, you have to both suborn the embassy staff and find the code book. And if the person who has the code book doesn't report in, that code won't be used again, so capturing a code book does not allow you to decode future messages. Key books, too, can be changed if there is any suspicion that one has fallen into wrong hands.

Bill Gates might be able to crack this kind of code - not with computers, but by bribing both embassy staff members and the outside people to whom the actual messages are being sent, assuming the above message-passing method is the one being used, which may not be the case.

Humans are always the weak link. Even with "unbreakable" codes or ciphers, if the person who writes the original message is an enemy agent all the transmission security in the world won't keep it away from the enemy (or commercial competitor).

In light of all this, if I wanted to "prove" I could crack a "number station" code, I'd bribe someone at the transmitting end to send a message with content I already knew, at a predetermined time that I also knew.

This is not a particularly original thought, BTW. It's been used in at least a few spy novels as a way for a turncoat agent to gain a new master's trust.

- Robin

Proof... or disproof?

With so many nations and agencies broadcasting number stations, some of them have to be solely for disinformation purposes.

If these are actual encryptions are using one-time pads as keys, then a brute-force attack (ala distributed.net) would be worthless, unless they're actually using the 'one-time' pads more than once.

What seems more approachable is taking a look at these streams of numbers, looking for the patterns inherient in random number generators. If the method of generating random numbers can be found (which really shouldn't be that hard if the 'disinformation code' is being generated by two guys in a hut and an old PC), then specific stations can be singled out as disinformation stations, sending out 'predictable' random numbers.

Chances are that most of these stations are just that, disinformation beacons.

On the other hand, if they're not, then there must be some header information to identify whether a given broadcast is intended for you (a specific spy) or another agent. This sort of info would likely be the first step of a decryption process, because it would be unlikely that they would force every agent to use up part of a one-time pad at every broadcast just to determine if the broadcast was for them. More likely, there would be some algorithm performed on the header, so an agent can get a reasonably certain idea if the broadcast is meant for them.

My first guess would be something combinitorial, like multiplying the 'agent IDs' of each agent the message applies to, so the agents have only to take the header numbers and see if it's divisable by their number. If so, grab a pen and dig out your one-time pad.

I wonder how many of these sorts of things are already on the net. It makes me want to start a page (that people should mirror, for obfuscation's sake) with random numbers that change every day. Heck, LavaRand [sgi.com] is probably doing that right now. Sure they say it's coming from lava lamps, but it could just as easily be messages to spies all over the world, and with 50,000 hits every day, who could trace each one down to find a mobile spy?

Kevin Fox

Re:Worst job.

Given that the telephone company does this all the time (The number you requested is ...), it's undoubtedly a recorded voice.

But it's not. Unless they also pre-recorded sneezes and coughs, too.

I've listened to these broadcasts since the early '80s, both the English- and Spanish-language stations. Definitely a human reading from a sheaf of papers.

"...dos, ocho, zero, zero, cuatro...ocho, ocho, uno, zero, dos...achoo!...excusame...dos, dos, ocho, cinco, siete..."

k.

p.s.: The Cold War may be over, but the Cobra Dane over-the-horizon radar still drones on, too.

--
"In spite of everything, I still believe that people
are really good at heart." - Anne Frank

Re:Very Likely This is IMPOSSIBLE

D'oh! IANACE either, but I was looking forward to showing off my limited knowledge of this topic by pointing that out first. You beat me to it.

I agree, it seems very likely that these stations are using one-time-pad encryption, particularly since the messages are so short, and (presumably) intended to be decoded by hand. I thought that was pretty common knowledge. It makes me wonder why they'd even bother... Although a thought just occurred to me: with a little imagination, I'm sure you could "decode" these broadcasts and find messages about alien abductions, government conspiracies, terrorist plots, or anything else. It's just like the "Bible Code" [csicop.org]... a modern-day Rorsarch test.

This might be interesting...

Actually, we have several possible pieces of information, which could help in breaking this code. NOTE that I use the word "code", rather than cypher.

IMHO, this is the first clue that we have. Cyphers are great for electronic or mechanical delivery, but don't work so well with the spoken word. The output isn't designed that way. Codes, on the other hand, are optimised to be spoken or written, and are often not much more than simple substitution.

Let's assume, then, that these numbers are some kind of basic word or phrase substitution. How many numbers there are in the transmission will give you a much clearer indication of what kind of code is being used. This is the second clue. Lots of numbers = a simple meaning for each. Few numbers = a complex meaning for each.

This brings me to the third clue. The more numbers the simpler the difference between each of the transmissions. If you've only one or two numbers, you can have some very complex operations going on but if you're using lots, then you can't. The message HAS to be decypherable in a practical length of time, BY HAND, BY A HUMAN. Humans are not designed to be memory gurus.

Now for the final clue. The messages have been sent since the 1950's. This was at the height of Cold War paranoia. At that time, I doubt anybody in an intelligence agency would have trusted short wave radio -that- much. Too unreliable, especially over the distances that would be implicitly involved.

But the military weren't the only ones gripped in psychotic paranoia, gun-fever and a cult-like power craze. Most of America was (and is) gripped in exactly the same delusion.

Now, short-wave radio to communicate between gun cults is entirely believable. Far more so than to believe the CIA or whoever would care for such primitive tools.

IMHO, it's more likely a splinter faction of the NRA than the CIA. More believable still is that it is groups of survivalists, trying to avoid Government mind-control rays with tin-foil helmets and earthed pick-ups (with the obligatory dog in the back).

The most extreme possibility I can think of, which remains plausable, is that some survivalists have convinced themselves that World War 3 happened in the 1950's, and that all evidence to the contrary is an enemy plot to lure them out from their shelters. (Sufficiently isolated areas, and leaders every bit as charismatic as David Koresh -might- be able to pull that kind of stunt off. Those Dr Who fans in the audience might also like to re-read "Enemy of the World".)

Pictures of one time pads..

This page has pictures of what they claim are the one time pads taken from captured foreign agents. They were hidden in hollowed out bars of soap and talcum powder containers.

http://www.btinternet.com/~simon .mason/page30.html [btinternet.com]

-kms1

Another possible explanation

is that the numbers are really random - they are simply channelsquatting. The HF spectrum is an expensive resource because it's quite narrow and it propagates to such long distances. If you want to ensure you have your channel when you really need it just keep it busy. It's not that different than cybersquatting except that it's harder to argue with a foreign government and a few kilowatts of RF power.

----

This is *NOT* a pure brute-force problem

This cryptographic challenge is more daunting than the RSA challenge, because nothing is known about the algorithm used to encipher LP transmissions. We do not even know for sure who the transmitting party is.

http://www.ibmpcug.co.uk/%7Eirdial/E 3crack.htm [ibmpcug.co.uk]

Someone needs to have an insight as to a useful crypanalytic attack, to use all that hardware.

Easy way to crack it

Why not triangulate one of these stations, go there, and ask the guy what the hell he thinks he's doing?

Re:Venona Cache

NSA's site is up (different link):

here [nsa.gov].

sounds bad

"Thanks for cracking the code! Your prize is a bullet in the head from a black helicopter in your back yard."

Very Likely This is IMPOSSIBLE

Well, IANACEBIHTGC. (I am not a crypto expert but I've had two graduate classes. In cryptographic protocols and advanced cryptanalysis.
These strings of numbers are very likely to be from a one time pad which given certain assumptions are fundamentally unbreakable. The assumptions are: you never lose the pad (codebook), you never reuse the pad, the pad is truly cryptographically random. The proof of this is fundamental information theory.

If they are not one time pads, then it is possible, but a brute force attack like distributed net only works when you know the algorithm or the general family of them anyway. Also, it helps alot if you know something of the plaintext that you're after. If say, the number stations are transmitting encrypted random data such as the encryption keys for other other communications, then how the hell would you know that you'd found something when you decrypted it.

There just isn't enought information to do anything but put a bunch of smart people in front of the data and see what they can figure out.

You can't

break it. It's a one time pad. The following string:

a8dmldk38f7ekal3973jdm43kaeqq

could be either:

my hovercraft is full of eels

or:

Hello, I love Natalie Portman

or a million other phrases that fit within the length limitation.

Hmm ... what prize? A visit from Men In Black?

Humor ... I think ...
I notice they don't describe the prize, and require: All email concerning this challenge must be PGP encrypted.

I wonder just how wise it would be to try to claim victory:

"Thank you for telling us you broke this supersecret code. And thanks for proving your identity with PGP. Please remain where you are, our representatives will arrive shortly with your reward ..."

IPO?

Personally, I can't wait until the NSA has its own IPO - what, with all the demand for privacy-invading software and hardware, employers spying on employee e-mail and phone calls. I'd daresay it might even fund Echelon II ("This time, it's really, really personal").

Unwinnable challenge?

I honestly don't see how someone could hope to succeed at this. Let's say you get distributed.net to jump on the bandwagon. Great. Now what exactly are you going to do? You have arbitrary strings of numbers. This could be a fragment of a single text, parts of multiple texts, multiple complete texts, and so on. Sure, you could scan for patterns first and try to identify delimiters, but were I sending data through this, I wouldn't do you the favor of using a fixed separation string. I'd base it on conditions at the time of broadcast, or on some computation on the ciphertext, or some other thing that's not trivially detectable. In short, you don't know which decryption method to try. It's been pointed out that it's probably a one-time pad anyway.

Even if you can find an algorithm, how big are the keys? How will you know when you've got the plaintext? Something transmitted by the NSA is likely to be in highly obfuscated English at best. Like the handmade strong crypto [jdueck.org] challenge, the true plaintext might be very strange. How will you recognize that this is the correct decryption and not just a coincidental decryption into random gibberish?

Finally, while I agree that some numbers stations probably are espionage related, I'll bet they keep the noise very high. Many of them are probably reading right off the random number generator of the nearest computer. Did the challenge supervisors pick ones that are actual signal?

This is not to say it's impossible, but the benefit/difficulty ratio seems so high that anybody wizardly enough to succeed should probably be working on developing better algorithms for us instead.

Waste of time. Answer clear. Bingo!

Of course they are intelligence broadcasts. That has been known for a long time. What has not been known until this day is that it is not crypto. They are just playing Bingo [vic.gov.au]

Re:there ain't no cracking numbers stations folks

The message is encoded into numbers before it is encrypted and transmitted. Here is an example of an encoding table:

0 1 2 3 4 5 6
S N E G O P A
7 B C D F H I J
8 K L M Q R T U
9 V W X Y Z / .

The letters on the first line (S N E G O P A) are encoding to the single digits 0 through 6. The letters on the second, third and fourth lines are encoded to double digit numbers. For example:

F = 73
I = 75
R = 84
S = 0
T = 85

P = 5
O = 4
S = 0
T = 85

In code groups:

73758 40855 4085X

(X indicates null padding to fill last group)

You got it all wrong.

These are not broadcasts used by intelligence agencies, they're from ordinary people trying to beat the world record of "reciting the digits of Pi on radio".

You fool! You see global conspiracy everywhere!