Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

VoIP Numbers Stations were Social Experiment 116

Posted by ScuttleMonkey from the mysteries-always-draw-the-crowds dept.
IO ERROR writes "The mysterious phone number stations appearing on Craigslist for the last three months, which resembled their shortwave radio cousins, and which Slashdot reported on in June, were an experiment devised by security researcher Strom Carlson and a group of Los Angeles hackers to determine if encrypted messages could be passed using unwitting third parties to foil traffic analysis by hostile intelligence agencies. Carlson and the hackers presented their findings at DEFCON earlier today and gave away CDs with "Make your own Mein Fraulein station" kits and posted one final number station for people to try to decrypt."
This discussion has been archived. No new comments can be posted.

VoIP Numbers Stations were Social Experiment More

VoIP Numbers Stations were Social Experiment

Comments Filter:

  • summary (Score:2, Informative)

    by superphreak ( 785821 ) on Saturday August 05, 2006 @09:51PM (#15854003) Homepage
    from the article:
    It seems to have worked.

  • Re:One Time Pads (Score:5, Informative)

    by QuantumFTL ( 197300 ) * on Saturday August 05, 2006 @10:27PM (#15854079)
    A sound implementation of a OTP is a formidable foe.

    OTP has two huge problems associated with it, despite the mathematics being sound (assuming you have good random numbers):
    1. Key distribution - do you like sending long messages? You'll need a key that's at least as long as the compressed message, and that distribution system must be absolutely secure. Also you'll need to make sure no one ever has a chance to access your key before or after the message is sent, otherwise you're screwed.
    2. Overconfidence - Congratulations, if you've done it correctly you have 100% secure communications channel. The endpoints, however, are not protected by this mathematics, and are succeptable to everything from hidden bugs to software hacking or even "rubber hose" cryptoanalysis.

  • Stenography vs. Steganography (Score:5, Informative)

    by sshore ( 50665 ) on Sunday August 06, 2006 @04:35AM (#15854587)

    I'm sure someone has pointed it out by now, but stenography [wikipedia.org] (shorthand) is not the same as steganography [wikipedia.org].

    The mistake is apparently common enough that the first line of the wikipedia entry for steganography says, "Not to be confused with stenography".

  • Traffic Analysis (Score:5, Informative)

    by PhunkySchtuff ( 208108 ) <kai@automatic[ ]om.au ['a.c' in gap]> on Sunday August 06, 2006 @05:36AM (#15854645) Homepage
    They've done it in this fashion to defeat Traffic Analysis [wikipedia.org].
    This is a method of sending a message out, and having someone you want to receive the message, without other third parties being able to tell that a message has been exchanged. I can send you encrypted emails using any one of a number of secure protocols, and you can reply in kind. This is good on one level as reasonably no-one can read these emails, however it is trivial to work out that we're communicating - and this forms a pattern. Even if you can't work out what's being said, just knowing that certain parties are talking to each other is enough to build up a web of who's connected with who.
    Exchanging data in the way mentioned above is a way that an interested third party is unable to work out who's sending, and who is receiving the message - if lots of people can receive it then it becomes harder to tell out of those who can receive it, who is able to read it, or make anything of it - ie, who is actually able to exchange useful information in this fashion.

Slashdot Top Deals

Get hold of portable property. -- Charles Dickens, "Great Expectations"

Close