VoIP Numbers Stations were Social Experiment 116
IO ERROR writes "The mysterious phone number stations appearing on Craigslist for the last three months, which resembled their shortwave radio cousins, and which Slashdot reported on in June, were an experiment devised by security researcher Strom Carlson and a group of Los Angeles hackers to determine if encrypted messages could be passed using unwitting third parties to foil traffic analysis by hostile intelligence agencies. Carlson and the hackers presented their findings at DEFCON earlier today and gave away CDs with "Make your own Mein Fraulein station" kits and posted one final number station for people to try to decrypt."
summary (Score:2, Informative)
It seems to have worked.
Re:One Time Pads (Score:5, Informative)
OTP has two huge problems associated with it, despite the mathematics being sound (assuming you have good random numbers):
Stenography vs. Steganography (Score:5, Informative)
I'm sure someone has pointed it out by now, but stenography [wikipedia.org] (shorthand) is not the same as steganography [wikipedia.org].
The mistake is apparently common enough that the first line of the wikipedia entry for steganography says, "Not to be confused with stenography".
Traffic Analysis (Score:5, Informative)
This is a method of sending a message out, and having someone you want to receive the message, without other third parties being able to tell that a message has been exchanged. I can send you encrypted emails using any one of a number of secure protocols, and you can reply in kind. This is good on one level as reasonably no-one can read these emails, however it is trivial to work out that we're communicating - and this forms a pattern. Even if you can't work out what's being said, just knowing that certain parties are talking to each other is enough to build up a web of who's connected with who.
Exchanging data in the way mentioned above is a way that an interested third party is unable to work out who's sending, and who is receiving the message - if lots of people can receive it then it becomes harder to tell out of those who can receive it, who is able to read it, or make anything of it - ie, who is actually able to exchange useful information in this fashion.