The Numbers Stations Analyzed, Discussed

GMontag wrote to mention a Washington Post article about the always-intriguing 'number' radio broadcasts. The numbers stations, as they are known, are 'hiding in plain sight' spycraft. Random digits broadcast at little-used frequencies are known to be intelligence agencies broadcasting their secrets in encrypted form. The Post article gives a nice run-down on the truth behind the transmissions, and touches a bit on the odd community that has grown fascinated by them. From the article: "On 6840 kHz, you may hear a voice reading groups of letters. That's a station nicknamed 'E10,' thought to be Israel's Mossad intelligence. Chris Smolinski runs SpyNumbers.com and the 'Spooks' e-mail list, where 'number stations' hobbyists log hundreds of shortwave messages transmitted every month. 'It's like a puzzle. They're mystery stations,' explained Smolinski, who has tracked the spy broadcasts for 30 years." This article made me recall a great All Things Considered story from a few years back about Akin Fernandez's 'Numbers' CD, a CD compilation of some of the most interesting strings of randomly read numbers reaching out across the airwaves.

1258965

[TechnoLust (528463)]

1258965

1258965

1258965

Re:

[Servo (9177)]

5 035 860

Re:1258965

[Servo (9177)]

42

Re:1258965

[quokkapox (847798)]

In Soviet Russia, this would be modded "Informative".

Re:1258965

[Mozk (844858)]

Oh my god... The single funniest and most fitting Soviet Russia joke I have ever seen. People looked at me weird because I was laughing at a computer.

Re:1258965

[nmb3000 (741169)]

8675309

Re:

[j00r0m4nc3r (959816)]

You have just illegally transmitted the first 10 bytes of Britney Spears' new album. The RIAA will be contacting you shortly.

Re:

[qbwiz (87077)]

8008? I always knew that Intel was filled with perverts, but finally I have proof....

Slash has its own numbers station

[LiquidCoooled (634315)]

It was discussed on slash previously in the following article:

Numbers Stations Move From Shortwave To VoIP [slashdot.org].

I've picked these up on short wave

[andy314159pi (787550)]

If you have a cheap short wave radio, even a "radio shack" one, you can pick up voice audio coded messages to spies that the CIA sends to agents. You will only find them by pure chance, but I have managed to find them and record them but I would say that for every 6 or 8 months of listening to short wave radio I will hear only 1 of these broadcasts. It's usually the same female voice. It's great fun when you find one, you feel like you hit the lottery.

Re:I've picked these up on short wave

[Konster (252488)]

I won the lottery.

Twice.

I spent a lot on booze and whores.

I wasted the rest.

Re:I've picked these up on short wave

[titzandkunt (623280)]

And if you're going to steal, get it right! George's wording was far better:

"I spent a lot of money on booze, birds and fast cars. The rest I just squandered."

See? That word: squandered. Much, much better than wasted. You can waste anything but only riches can be squandered. And you forgot the fast cars [photobucket.com]. Unforgivable.

Re:I've picked these up on short wave

[lowe0 (136140)]

Dude, a slashdotter said he heard a female voice. That's pretty much the same as winning the lottery around here.

Re:CIA? I suspect not.

[i_ate_god (899684)]

You're a spy. You're sent in to infiltrate a terrorist organization in some self sustaining desert town full of impoverished potential recruits for the terrorist organization. Shortwave is a common technology amongst these kinds of towns. Radios have been around for over 100 years now I believe (if not almost 100 years). Your laptop, PDA, or other fancy high tech equipment is going to give you away.

Re:CIA? I suspect not.

[hazem (472289)]

If you are in the US military and go to the language school in Monterey, a big portion of your "lab" training is learning how to transcribe groups of numbers read in your target language. It's a big part of your "grade" in your coursework.

Now, it's hard to say if the US transmits numbers, but it's pretty clear that there appears to be some intelligence value in teaching the electronic warfare people how to listen to streams of numbers in other languages.

It's probably a great way to send one-way messages to the field. A simple AM radio can be modified work in different frequencies. With that and a normal-looking one-time-pad code book can go a long way to providing secure communication that is inconspicuous.

So, the CIA might not do it, but other countries and services probably do.

Re:

[andy314159pi (787550)]

the main reason they still use short wave is the that some of "short wave" isn't so short... the frequencies that they use are the ones that carry long distances so that the origin of broadcast can be very far away from the agent. Also, the devices required to listen to particular frequencies can be made very small so that agents in difficult places can hide the devices. Finally and most importantly, the broadcast voice of the coded messages is distinctly American. Maybe another country could use the voi

HF, VHF, UHF...

[Kadin2048 (468275)]

You're correct, but just in the interests of preventing confusion, the idea of what was a "long wave" in the early 20th century was very different from what an electrical engineer might think of today. What are today rather low frequencies for radio communication were at the time rather high, hence the term 'short waves.' The preferred frequencies for communication at the time are now barely used by anyone, with the possible exception of naval communication with submarines and the like. Their data-carrying capacity is just too low, and the antennas they require are obnoxiously large.

Of course, by calling things in the 1-30 MHz range "high frequency," those engineers forced us to use such terms as "very high frequency," and "ultra high frequency" when equipment finally became capable of transmitting at those wavelengths.

Re:

[leighklotz (192300)]

>I'll just add to my previous comment that it was once widely believed that long wave radio signals propagate the longest distance, then for a while that idea was less well believed....

Terms such as "short wave" and "long wave" have largely passed into disuse, replaced by High Frequency (roughly short wave) and Medium Frequency (roughly long wave), and then for mostly point-point communications, VHF, UHF, and above.

Except for the exotic moonbounce and tropospheric ducting mentioned, all long distance rad

EME/Moonbounce

[Kadin2048 (468275)]

You definitely can, it's (as you stated) usually called "moonbounce" or EME, for Earth-Moon-Earth. I'm not sure that it's really a particularly useful form of communication, but that doesn't stop hams from doing it just for the hell of it. (Though I've wondered if there are some 'Mad Max' style disaster scenarios where EME would conceivably be useful...)

To do it right you need a very directional beam antenna. There are particular regions of VHF that are known to be good for EME, because of the way they pene

There was a BBC radio programme about this...

[terrencefw (605681)]

There was a BBC radio programme about this a few months ago:

http://jamesholden.net/2005/04/23/the-lincolnshire -poacher/ [jamesholden.net]

That explains it...

[creimer (824291)]

So the little voices I been hearing is from the spooks instead of the green little men. Maybe I been watching too much X-Files.

Shortwave

[finalbroadcast (1030452)]

As an avid Shortwave fan, there are less and less clear stations broadcasting to NA, as more and more world service broadcasts move to the Internet. (YEAH I'm talking about you BBC) I wonder how long until the only people who own shortwave radios are spies? Although propaganda stations are well worth the price of the radio. Listen to Cuba's hour loop of things we blame on the US today, and keep a straight face, I dare you.

Source code

[mcrbids (148650)]

I don't know if I should do this - releasing secrets from the FBI like this commonly leads to life in Gitmo Bay - but information wants to be free!

The "numbers" stations only exist to confuse people. On Wednesdays, we have "beer" day, where you are entitled to a beer from the cooler if the number 12725 comes out.

So we had one day, last year, where somebody (I think it was the Chinese) hacked our main server, and made it broadcast 12725 continuously all day. So there we were, plastered out of our mind, when 270 Lbs of fissionable material was stolen from our floor. The investigation is due to be completed sometime around 2021 - we don't talk about that very much.

Anyway, here's the source code:

#! /bin/sh
cat /dev/urandom > /dev/bcast;

Information wants to be free!

Neat

[Perseid (660451)]

I remember when I was 12 or so and heard one of these for the first time. A woman reading numbers in Spanish. Damned if I didn't feel like James Bond sitting there listening to it. I still have that radio, too. Too bad it doesn't pick up anything besides evangelical stations now. Yes, technology has advanced and the world has moved on. So have I. I accept that. But there was a certain thrill of finding that clandestine guerrilla propaganda station that just can't be replaced with web surfing.

Ad revenue

[Kennric (22093)]

With these stations becoming so popular, isn't it time to sell ads? After all, spy agencies can always use the extra cash, and the people who listen to these things probably constitute a solid geek demographic.

Or worse:

1) Create personal numbers station with especially intriguing sequences to draw audience
2) Sell ads on your personal number station
3) Profit! ... why do I feel like I've missed a step there?

Re:

[xs650 (741277)]

You missed numbers porn

4 8 15 16 23 42

[GaelTadh (916987)]

four eight fifteen sixteen twentythree fortytwo

Re:

[currivan (654314)]

Great, now we have to post this every 108 minutes.

Conet Project MP3 Download

[3mpire (953036)]

You can download the mp3's for free: http://irdial.hyperreal.org/the%20conet%20project/ [hyperreal.org]

Try cracking a "numbers station" on your own

[chrisgagne (605844)]

For those of you who like this sort of thing, check out 202-386-6909 and http://code-cracker.cerbumi.org [cerbumi.org]. This is a test project that I developed for Cerbumi.org, a new and entirely non-commercial (no ads, fees, etc) website designed to help with real-world problem solving. (Think of it as a "Sourceforge.net" for projects like the "Open Prosthetics Project." [openprosthetics.org]) The first person to solve the puzzle and post the answer to the code-breaker project can choose where the Cerbumi.org team will make a $100 donation on their behalf.

If this sounds like fun, please consider signing up for the Cerbumi.org site at http://public.cerbumi.org/goons [cerbumi.org] (a "secret back door for a site that normally requires registration) and try to crack the code. Also, please consider checking out the main planning project at http://cerbumi.cerbumi.org [cerbumi.org] and our Flash-based demo at http://cerbumi.org/flash [cerbumi.org]. I'd love to hear your thoughts, too... just reply. :)

Top Of The Pops!

[qengho (54305)]

Yankee [wikipedia.org]
Hotel [archive.org]
Foxtrot [wilcoworld.net]

I try so hard...

[jeffmeden (135043)]

I am a habitual NPR listener, but everyone I know finds it slow, uninteresting, easily dismissed radio. I try to expose them to intriguing news material that's delivered spin free and very palatable, but have not yet impressed a single person. It's times like these that I just shake my head and sigh.

"a great All Things Considered story from a few years back about Akin Fernandez's 'Numbers' CD, a CD compilation of some of the most interesting strings of randomly read numbers"

Interesting... random numbers... Ok, so my friends were right.

Shortwave Station Leaders - nothing sinister

[flyingfsck (986395)]

I listened to some of those recordings and they were clearly the leaders transmitted by commercial stations, to indicate where the real transmission is. Over the course of the day, shortwave stations move to different frequencies, that are better propagated by the ionosphere.

When a station moves to a new frequency, they continue to play a unique identifier tune and read out the frequencies where the station may be received better. For example, 39715 would be 39MHz715.

Others may simply be a station transmitting automated junk, in order to 'occupy' the channel, so that someone cannot apply to the IETF to use the unused channel. Since they all have these number voice systems to announce their frequencies, it is logical to use that system to occupy the channel with random junk.

Re:Shortwave Station Leaders - nothing sinister

[Hasai (131313)]

I beg to disagree. Number stations are quite real. What possibly confused you is how some number stations operate.

Take the old Radio Moscow transmitter in East Berlin, for example. You are quite right that such HF broadcasts would often end with a looping tape containing info on what freq(s) the site would be transmitting next. Well and good.

Eventually, though, the tape ends and the transmitter shuts down. Fine. Now all you're listening to is a whole lot of nothing but white noise, right? STAY ON THE FREQ FOR ANOTHER 5-10 MINUTES. Suddenly another carrier comes up, and a woman's voice starts. On the Radio Moscow freq she would always start with "Achtung, achtung," then proceed to read-off a long string of number groups (NOT freqs!). When done, she would finish with "Ende," and the carrier would immediately drop.

Still sound like a freq change notice to you? :)

Triangulation to locate sources?

[dircha (893383)]

Shouldn't it be possible to use a directional antenna or some similar technology, from several points around the globe to locate the source of the transmissions with a reasonably high degree of precision?

I don't have any shortwave equipment myself, but it seems that would be a very interesting project.

It would be quite exciting, say, to discover signals originating from a mountain in Wyoming :)

This is pretty sweet. It's a very interesting strategy. Shortwave receivers are easy to come by, do not arouse suspicion, and no one can detect that you are listening in.

Re:Triangulation to locate sources?

[KillerBob (217953)]

The thing with HF is that there's really no way to reliably determine where the signal is coming from, because it's operating at a frequency that can bounce around in the ionosphere indefinitely. That's how they're able to send a signal from distances beyond line of sight... it's not penetrating the Earth, it's bouncing around in the atmosphere.

Given the right atmospheric conditions, you can pick up the signal decades later: one of the coolest things that ever happened to me was picking up battle chatter from Vietnam while on a training exercise with Army Signals. I'm 25. It was eerie people die in a transmission that was sent before I was born.

Re:Triangulation to locate sources?

[Macgyver7017 (629825)]

Not to be rude, but I call BS.

The number of reflections that an HF signal would undergo in a decade of bouncing around anything the size of the earth, is simply astronomical. The efficiency of reflection would have to be similarly astronomical.

Let alone enough of the signal staying intact to still hear several seconds of it (enough to identify it as Vietnam chatter).

Re:Triangulation to locate sources?

[Phrogman (80473)]

I have not experienced this firsthand when I was in Military Signals, but I have certainly been told it can happen - by my instructors, in class and apparently in all seriousness. Its pretty rare but evidently some signals can survive up in the ionosphere for extremely long periods of time. The example they mentioned was having heard message traffic over HF that apparently dated from an exercise shortly after WWII, but received in the late 80's sometime.

I know I have heard a signal I sent, bounce right around the earth and come back to our receiver a few mins later. I also remember picking up a signal on Military frequences in Northern Ontario (I was in the Canadian Military) that originated down in Florida, evidently on a Taxi transmitter, judging by the conversation I had with the guy when I asked him to leave our channel.

Radio is fascinating stuff, its a shame its losing its popularity to the Internet and computers, because its still a very neat and geeky technology.

Not code but keys?

[plopez (54068)]

OK, what if the sequences are one time pad keys or other crypto keys? Then there would be nothing to crack, there is no message. The end user and the transmitter agree on a protocol, e.g., only use the sequence generated at 1620 UTC. Then after each day that sequence is discarded.

The info is then sent by email, ground mail, radio, etc. encrypted with that key.

So not only would there be nothing to crack, but the vast majority of the numbers would just be noise.

The Moscow Radiotelephone Station

[AB3A (192265)]

Years ago, some friends of mine used to find sport listening to "Numbers Stations". One in particular, during the Soviet era, used to identify itself as "The Moscow Radiotelephone Station." They would get on the air and proclaim "This data is for Testing Purposes Only, from the Moscow Radio Telephone Station, Book xx, Page yy, Group zz..." and then proceed with five letter cipher groups in perfect english phonetics. (Substitute xx, yy, and zz with whatever numbers of book, page and group they were sending at the time).

They were once reputed to have closed their broadcast on New Year's Eve with "and greetings to our friends in the CIA." Who says spies have no sense of humor?

Re:IP Addresses

[Rosco P. Coltrane (209368)]

Actually no, it's spies reading the content of a suspicious #chatzone IRC log file, only they don't quite get it. See for example this transcript:


C0016UY: 1337641: 69?
1337641: 637 1057!

Re:IP Addresses

[Xaroth (67516)]

A translation for the weak of leet:

A fine, upstanding gentleman: Dearest, skilled lady... wouldst thou join me in mine bedchambers for some chaste frolicking?
Skilled lady: Alas! No, I must not! For thou art neither truly updstanding, nor the gentleman thou claim'st to be. Now, leav'st me be posthaste!

Re:IP Addresses

[mrogers (85392)]

What's 1057?

The joke. On you.

Re:locating

[Technician (215283)]

shouldn't it be fairly straightforward to locate the origin of these transmissions?

Yes. Automatic radio direction finding is common and was often used in the cold war. The spectrum is constantly monitored and when a new broadcast pops up, it is automaticaly DF'ed and logged. When several DF sites pickup the same broadcast, triangulation to the source is a simple task.

Here is what a typical DF site looks like. Both the US and Russia have them.

http://www1.shore.net/~mfoster/FLA_Wullen.htm [shore.net]

Re:

[Technician (215283)]

The ionosphere bounce is most often like a flat mirror in the sky much like seeing the sky reflected on a hot road in the desert (looks like water on the road). Even though the direction of the wave appears to be from a few degrees above the horizon, the azmith is not skewed much most of the time. Most of the CDAA antennas have the delays set to focus not on signals from the horizon, but from a few degrees above the horizon. The more antennas you have which are spread out increases the antenna apature an

Re:Time Bomb.

[Detritus (11846)]

A quantum computer is useless against a message encrypted with a properly constructed one-time pad.

Re:Time Bomb.

[spaceyhackerlady (462530)]

In ten years someone who has been recording them for thirty years will have quantum breakers to decode them with.

No.

Decrypting one-time pads isn't hard because there isn't enough compute power to throw at it. It's hard because it can't be broken, no matter what you do to it. Given a message to decrypt, the best an enemy cryptanalyst can do is random chance. There are better ways of compromising secrets.

This is a well-established result in encryption and there is no point in arguing about it. The only time one-time pad encryption has ever been broken was when the agents misused their one-time pads. The Venona [nsa.gov] decrypts are a good example of this.

(Wow! First time I've ever linked to the NSA!)

...laura

Re:Time Bomb.

[FooAtWFU (699187)]

There's a couple ways to generate one-time pads. The first I read was described at HotBits [fourmilab.ch]. They take a little radioactive bit of cesium, and a radiation detector which can detect atomic decay:

What we do, then, is measure a pair of these intervals, and emit a zero or one bit based on the relative length of the two intervals. If we measure the same interval for the two decays, we discard the measurement and try again, to avoid the risk of inducing bias due to the resolution of our clock.

You can find more at Wikipedia's article on hardware random number generators [wikipedia.org]:

There are two fundamental sources of practical quantum mechanical physical randomness: quantum mechanics at the atomic or sub-atomic level and thermal noise [wikipeda.org] (some of which is quantum mechanical in origin). Quantum mechanics predicts that certain physical phenomena, such as the nuclear decay [wikipeda.org] of atoms, are fundamentally random and cannot, in principle, be predicted. (For a discussion of empirical verification of quantum unpredictability, see Bell test experiments [wikipeda.org].) And, because we live at a finite, non-zero temperature, every system has some random variation in its state; for instance, molecules of air are constantly bouncing off each other in a random way. (See statistical mechanics [wikipeda.org].) This randomness is a quantum phenomenon as well. (See phonon [wikipeda.org].)

Because the outcome of quantum-mechanical events cannot in principle be predicted, they are the 'gold standard' for random number generation. Some quantum phenomena used for random number generation include:

• Shot noise [wikipeda.org], a quantum mechanical noise source in electronic circuits. A simple example is a lamp shining on a photodiode. Due to the uncertainty principle [wikipeda.org], arriving photons create noise in the circuit. Collecting the noise for use poses some problems, but this is an especially simple random noise source.

• A nuclear decay [wikipeda.org] radiation source (as, for instance, from some kinds of commercial smoke detectors [wikipeda.org]), detected by a Geiger counter [wikipeda.org] attached to a PC.

• Photons [wikipeda.org] travelling through a semi-transparent mirror [wikipeda.org], as in the commercial product, Quantis from id Quantique SA. The mutually exclusive events [wikipeda.org] (reflection -- transmission) are detected and associated to "0" or "1" bit values respectively.

Thermal phenomena are easier to detect. They are (somewhat) vulnerable to attack by lowering the temperature of the system, though most systems will stop operating at temperatures (e.g., ~150 K) low enough to reduce noise by a factor of two. Some of the thermal phenomena used include:

• thermal noise [wikipeda.org] from a resistor [wikipeda.org], amplified to provide a random voltage source.

• Avalanche noise [wikipeda.org] generated from an avalanche diode [wikipeda.org], or Zener breakdown noise from a reverse-biased zener diode [wikipeda.org].

Re:

[FooAtWFU (699187)]

You want your one-time pads to be very, very secret; that's why you can spread the actual cryptotext anywhere and not have to worry about a thing. If it were as simple as comparing one numbers station to another, any intelligence agency with a few computers to throw at the problem could check the numbers against each other and look for meaningful messages. While you might think that's oh-so-slightly unlikely, is it something you're willing to bet your security as an intelligence agency on?

Re:

[swillden (191260)]

Which raises the obvious question: If you have a way to transport the one-time pads with absolute security, why not just use that to transport your messages?

Because you have something sensitive to say later.

But why not just use the same secure channel later?

No, there has to be another reason. I mentioned the most common reason -- that the secure channel is too slow. There can be others, of course, such as that the secure channel is only temporarily available, or that it can only be used a limited amount, or that it is one-way, etc..

A secure channel is required to be able to use an OTP, but it must be deficient in some way (other than its security) or it doesn't make any sense to bother with an OTP.