Forgot your password?
typodupeerror
Security

German NSA Committee May Turn To Typewriters To Stop Leaks 244

Posted by Unknown Lamer
from the how-to-tell-wikileaks-is-winning dept.
mpicpp (3454017) writes with news that Germany may be joining Russia in a paranoid switch from computers to typewriters for sensitive documents. From the article: Patrick Sensburg, chairman of the German parliament's National Security Agency investigative committee, now says he's considering expanding the use of manual typewriters to carry out his group's work. ... Sensburg said that the committee is taking its operational security very seriously. "In fact, we already have [a typewriter], and it's even a non-electronic typewriter," he said. If Sensburg's suggestion takes flight, the country would be taking a page out of the Russian playbook. Last year, the agency in charge of securing communications from the Kremlin announced that it wanted to spend 486,000 rubles (about $14,800) to buy 20 electric typewriters as a way to avoid digital leaks.
This discussion has been archived. No new comments can be posted.

German NSA Committee May Turn To Typewriters To Stop Leaks

Comments Filter:
  • by Anonymous Coward on Tuesday July 15, 2014 @04:11AM (#47455157)

    My father used to work for the NSA as a cryptologic studies teacher and told me stories about how back in the 70s they had tech that could read back what was being typed simply by listening to the pattern of the clicks the type writer was making.

    • by jonwil (467024) on Tuesday July 15, 2014 @04:20AM (#47455181)

      The difference is that its a lot harder for the NSA to get a microphone into the office of a German agency (and a lot worse for international relations if the NSA did it and the Germans found out) than it is for the NSA to hack into the computers at a German agency from a computer room at Ft Meade.

      • by mjwalshe (1680392) on Tuesday July 15, 2014 @04:30AM (#47455233)
        The KGB have used Romeo spies to seduce the secretaries before now - one poor woman killed her self when she found out - the "Americans" series has this as a plot point.
        • Re: (Score:2, Redundant)

          by K. S. Kyosuke (729550)
          So did Clancy's Clear and Present Danger, if I'm not mistaken - only with Colombians.
        • by fazig (2909523) on Tuesday July 15, 2014 @05:35AM (#47455467)
          Social Engineering.
          Certainly, it's not as cost effective as other methods and requires elaborate planning. But no matter the technological level of advancement this has been, and most likely will continue to be, a very serious security threat. Simply because it targets a vulnerability that will be very hard to fix - our social, human nature.
          • No no no! Money's no object!

            it wanted to spend 486,000 rubles
            (about $14,800) to buy 20 electric typewriters as a way to avoid digital leaks.

            While that seems like a lot, keep in mind the US government would commission electronic typewriters, making sure they had USB and WiFi and network printing capabilities and access to cloud storage and run Windows apps and Internet Explorer.

            They would finally be delivered for $38k per unit about 12 years after everybody has a Matrix jack in their neck.

          • by fractoid (1076465)
            Not as cost effective? If I was working on a budget, I would be far more likely to succeed by employing a smokin' hot woman with leet skills to seduce an enemy tech than I would by trying to crack 4096-bit encryption.
          • by tlhIngan (30335) <.slashdot. .at. .worf.net.> on Tuesday July 15, 2014 @10:13AM (#47457343)

            Social Engineering.
              Certainly, it's not as cost effective as other methods and requires elaborate planning. But no matter the technological level of advancement this has been, and most likely will continue to be, a very serious security threat. Simply because it targets a vulnerability that will be very hard to fix - our social, human nature.

            Not cost effective? You're kidding right?

            Even Windows is more secure than humans. Modern viruses and Trojans are relying on social engineering to get themselves installed all the time because it's easier and cheaper to do so than to try to sniff a vulnerability out and shell code your way in.

            Hell, we used to joke about the "honor system virus" (where it asks you to do the destruction and send it to 10 of your contacts). Truth be told, it actually is kind of successful these days.

            There are still elaborate attacks, but social engineering remains one of the cheapest, most effective ways to get through any security measure.

        • by AHuxley (892839) on Tuesday July 15, 2014 @06:09AM (#47455541) Homepage Journal
          Re the human factor.
          Thats a huge risk in Germany. Generations of post ww2 Germans know nothing but helping the NSA and GCHQ over their decades in every level of the West and later German bureaucracies.
          The men and woman who helped the UK and USA post 1950's would have chosen like minded staff to work with them or replace them.
          Thats the entire upper structures of vital German security lost to 5+ other Five Eyes countries by default over decades.
          Then you have the tame German political leaders watched, dropped, advanced thanks to insider help.
          The East Germans got some staff next to generations of top West German political leaders or top NATO staff.
          The US and UK got all the communication networks of West Germany and then Germany with the help of cleared Germans.
          • by mjwalshe (1680392)
            Not so sure most of the police carried on postwar Denazification wasn't very rigorous doctors involved in action T carried on practicing in a some cases.

            The acceptance of identify cards is a another indication.
        • The KGB have used Romeo spies to seduce the secretaries before now - one poor woman killed her self when she found out - the "Americans" series has this as a plot point.

          Citation needed

          • by mjwalshe (1680392)
            This isn't Wikipedia but http://intelligenceref.blogspo... [blogspot.co.uk] If mentioned kim philby would you want documentary evidence for that as well - the KGB's romeo spies are very well-known what do you think ana chapman was doing when she married tim "nice but dim" to get an English passport
      • by Anonymous Coward on Tuesday July 15, 2014 @04:44AM (#47455283)

        The difference is that its a lot harder for the NSA to get a microphone into the office of a German agency

        Only if they make sure everyone leaves their cell phones out the door.

      • So, how hard do you think it is, to hack into a nearby computer (laptop, cell phone, building automation controller etc) and use that as a next hop to get an audio signal of the typewriter?
        • by mikael (484)

          A microphone placed on top of a PC, beside or behind a PC will pick up more noise from the cooling fans. Even if you are not use a combination of cooling fans and an open-plan PC case that work as a white noise generator for the whole room :)

      • by mikael (484)

        They could still hack into the nearest smartphone and listen to the clicks that way. Just about everyone has a smartphone on their desk. Or they could collect the used printer ribbons and read back the text that way.

      • The difference is that its a lot harder for the NSA to get a microphone into the office of a German agency (and a lot worse for international relations if the NSA did it and the Germans found out) than it is for the NSA to hack into the computers at a German agency from a computer room at Ft Meade.

        Even I own a laser mic; I'm sure the NSA has way cooler stuff at their disposal for extracting sound remotely.

        Does this whole hipster throw back move to antiquated technology seem ass backward to anyone else? Is it that hard to simply not plug a PC into a network? You're worried about someone with a thumb drive? Fill the USB slots with non-conductive wood glue and let's see what they do then.

        • by bsDaemon (87307)

          Is that non-networked PC in a TEMPEST-compliant location? How sure are you of that?

          SIGINT is some fascinating stuff.

      • Contradictions do not exist. Whenever you think that you are facing a contradiction, check your premises. You will find that one of them is wrong.

    • by Megol (3135005)

      That is well known - even computer keyboards (where unlike mechanical typewriters each key use essentially the same mechanism) can be tapped using audio alone with reasonable good results. That spent color ribbons can be used to extract text is also well known.

      This is just another layer of defense. Unlike the /. meme even security by obscurity can be a good defense when used in a multi-layer system.

    • In the 80's a UK bank experimented with signature recognition by listening to the pen on the paper. The dynamics and pressure etc were much harder to fake than the actual signature so it made sense but ultimately didn't go anywhere.
    • by jandersen (462034)

      I always feel vaguely amused when people say that you 'just' or 'simply' do so and so. I'm pretty sure the Germans know that these things can be done - they are clever people, you know.

      Of course it is possible to penetrate whatever security measures are put in place, but using simpler technology has advantages:

      - simple technology is easier to screen for spying devices; there is no networking, no firmware with backdoors, etc
      - it is less easy to make copies on an industrial scale, when things are typed on pap

    • Okay, but how are you going to conceal a microphone in a room that has gone purely mechanical? A computer gives off all sorts of RF, and is complex enough that there may be other tricky ways of getting information out. Not to mention that America may be the only source of processors and other components.

      I'm sure the germans are capable of producing the typewriters completely in-house. Stick them in a well-shielded, soundproofed, unelectrified room, treat any signal as a bug, and it's much harder to get ac

    • by StripedCow (776465) on Tuesday July 15, 2014 @06:58AM (#47455757)

      My father used to work for the NSA as a cryptologic studies teacher and told me stories about how back in the 70s they had tech that could read back what was being typed simply by listening to the pattern of the clicks the type writer was making.

      Perhaps you can ask your father what this man was typing:
      https://www.youtube.com/watch?... [youtube.com]

    • Electric and Electronic typewriters are far more susceptible to intercept as each key would generate a distinct RF signature and were much more suitable for spies.

      Could one capture the same using a manual typewriter? Maybe. But, it would require highly sensitive and dynamic range microphones and recording technology to detect the sounds of the key being pressed vs the time it takes for the hammer to strike the paper and wait for the sound that it has returned of an older electric typewriter. SELECTRICs p

    • That is easily defeated by playing music in the background:

      http://www.youtube.com/watch?v=g2LJ1i7222c [youtube.com]

  • by clickety6 (141178) on Tuesday July 15, 2014 @04:17AM (#47455173)
    A suspected security mole was today apprehended with 5 reams of carbon copy paper...
    • by mwvdlee (775178) on Tuesday July 15, 2014 @04:22AM (#47455187) Homepage

      5 reams of carbon copy paper contains much less information than a single USB stick.
      This is security by volume.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      The mole was paid off. NSA antics are seriously pissing off Germany and this issue has become another foreign policy faux pas of this presidential administration. As goes Germany, so goes other EU countries. They're slowly turning away from the US. I don't think alienating allies is a smart thing to do, but what would you expect from a president who allows warrantless wiretapping?

  • foolproof (Score:4, Funny)

    by chentiangemalc (1710624) on Tuesday July 15, 2014 @04:19AM (#47455177) Homepage
    It's a great security initiative! Everybody should do this. Considering it is impossible to electronically monitor what is typed on a manual type writer, and certainly it would be near impossible to copy the manually typed paper with today's technology.
    • by joh (27088) on Tuesday July 15, 2014 @04:25AM (#47455207)

      It would also significantly cut down Slashdot comments if they had to be typed on paper and mailed.

    • I've been thinking about that. I wonder if it's possible to determine what is being typed from the sound of the keystrokes. Surely it's possible that there are minute differences between keystrokes from different keys?

    • by coofercat (719737)

      In other news, they're also dusting off all their old bottles invisible ink, newspapers with holes cut so you can see through while 'reading' and that box of old fake moustaches and noses from the basement. From now on, be on the lookout for anyone reading a paper from the 1960s sporting a massive nose neighbour. Extra points if they're writing into a notebook with a pen that appears to have run out of ink.

  • When they get photocopied for distribution a copy can easily go "missing" are the data file from the digital copier can be sent somewhere.

    • by Zumbs (1241138)
      True, but it still requires continual physical access to sensitive areas as well as agents that continually steal and post copies, putting themselves at risk of exposure every time.
      • by chalkyj (927554)
        Or photograph/scan them. It's not like being in physical form prevents instant digitisation, especially with how good OCR tech is now.
    • by mysidia (191772)

      When they get photocopied for distribution

      You just said photocopied for distribution. The digital photocopier takes an image of the document and then reproduces it ---- the photocopier is a perfect place to save a copy of the image to a hard drive or USB stick for later dissemination/leakage.

      • by jklovanc (1603149)

        Isn't that what I just said? I guess you got distracted half way through the sentence. And people say I have a short attention span. ;-)

    • Countries have lost aircraft designs and lack of photocopy paper counts did allow the Soviet Union to get material from the UK in bulk.
      A trusted person with access to paper work is a huge risk.
    • They'll be bringing in a mimeograph machine to make the copies. Oh gods, the recollections of primary school and helping the secretary run off the couple of hundred copies of the latest school raffle sheet. By hand crank.

  • by jovius (974690) on Tuesday July 15, 2014 @04:23AM (#47455195)

    Using typewriters will definitely make spying the documents a bit harder, but leaking them is as easy as ever. The next level could be a new version of watermarked paper, which knows when it has been accessed or photographed.
     

    • by cdrudge (68377)

      The next level could be a new version of watermarked paper, which knows when it has been accessed or photographed.

      Can you explain how paper, with presumably some type of magical substance applied to it, would know the difference between a human eye reading it vs a camera lens? Both are operating by receiving light that has been reflected, or more correctly, not reflected, off the ink.

      I suppose you could use some type of photosensitive chemical that could detect a flash...but that would easily be defeated

  • by Anonymous Coward

    And of course there are type writer ribbons to destroy and so forth.

    But on the whole, it forces spying back to having physical access to the document and that's not a bad security mechanism.

    • After East Germany lost its entire Western spy network early on due to the files been given to West Germany they thought about what their next file system would be like.
      They broke the structure down so that eg 3 files would be stored in separated physical areas. If you wanted the full file you needed top staff to turn up in person to put a spies full background together. Later East Germany went digital and the CIA walked out with all the East German spy contact files from a safe.
      You can also share sli
  • A phone or nearby computer will be hacked and the secrets will be extracted by recording with the mic the relative sounds of the typewriter keys.

  • Couldn't they just buy a bunch of computers with no network hardware whatsoever?
    • by CRCulver (715279) <crculver@christopherculver.com> on Tuesday July 15, 2014 @04:33AM (#47455249) Homepage
      Even if the computers have no network connectivity, their screens and keystrokes may spied on through a Tempest [wikipedia.org] attack by an adversary in the vicinity. Buying typewriters may be cheaper than Tempest shielding.
      • Isn't TEMPEST defeated today by simple HDCP, or another system of transferring image data encrypted? The display itself should be reasonably shieldable.
      • by Krymzn (1812686)
        Acoustic keyloggers (http://www.keylogger101.com/acoustic-keyloggers/) could be used to detect which typewriter keys are being pressed (http://en.wikipedia.org/wiki/Keystroke_logging).
      • by c (8461)

        Buying typewriters may be cheaper than Tempest shielding.

        Of course, they do have to work a lot harder to avoid someone just eavedropping on the keypresses [wikipedia.org]...

    • "Couldn't they just buy a bunch of computers with no network hardware whatsoever?"
      The NSA and GCHQ can cover that air gap with some extra hardware added when shipped.
      A tiny burst wireless then sends logged text over a short range to a waiting collection device for storage or other networking.
      "NSA Spying Includes Wireless Transmitters To Get Data Off 'Air Gapped' Computers" (Jan 14, 2014)
      https://www.techdirt.com/artic... [techdirt.com]
      ie the ideas behind RF transceivers eg SPECULATION, HOWLERMONKEY and CONJECTURE
      NS
      • Which is why you don't source the hardware via US companies. Maybe they should switch to German-built Raspberry Pi clones in in transparent cases.
  • GCHQ and the NSA... (Score:3, Interesting)

    by Anonymous Coward on Tuesday July 15, 2014 @04:45AM (#47455289)

    Working together to return the world back to the stone age!

  • by petrus4 (213815) on Tuesday July 15, 2014 @05:07AM (#47455347) Homepage Journal

    I salute the German government in adopting this measure, quite seriously. I am migrating to virtualised NetBSD/amd64 myself, and aside from using pkgsrc in order to install Xorg, am probably going to rely on manual installation of packages in named directories in either /usr/local or /opt.

    I fully believe that maximising simplicity, to the point of adopting seemingly primitive solutions, is the most effective means of maintaining reliability and security. There truly is no school like the old school. Others can call me a Luddite if they wish, but that is a title that I will wear with pride.

  • Wait until they here about copy machines!

  • With computers, you can store vast amounts of data and run a lot of analysis on it. With paper, not so much. Good for the privacy conscious citizen.
  • by Anonymous Coward on Tuesday July 15, 2014 @05:19AM (#47455409)

    Turning to typewriters is of course ridiculous blind activism, but there is one thing to take away from this: The mere possibility that someone is spying on them has made them uneasy about using normal and efficient tools and made them turn to antiquated tools instead which still won't protect them. Perhaps now they understand why blanket observation of the entire population is completely unacceptable.

  • by Anonymous Coward on Tuesday July 15, 2014 @05:21AM (#47455415)

    Get a doctor to write memos with a pen. Completely indecipherable.

  • by Lumpy (12016) on Tuesday July 15, 2014 @05:33AM (#47455459) Homepage

    Once they are done typing the documents they will have a secretary scan them and sent via email....

  • Physician handwriting is as indecipherable as Navajo code talk.

  • The trick is to use technology so alien from the attacker that they can't interface with it.

    To that end, I think it would be more practical to redesign certain computer systems especially involving networking.

    Totally alien networking protocols. Stuff so different that nothing else on earth can interface with it or even knows how it works.

    I'm talking about something beyond encryption. Totally divergent interface languages. Different to the machine code level. Ideally with no precedent.

    And while you're at it,

  • by Theovon (109752) on Tuesday July 15, 2014 @07:23AM (#47455847)

    Passwords have been stolen just by listening to keyboard click noises. Why could a typewriter be any different? A relatively straightforward codebook analysis of keypress noises plus a hidden markov model plus a Viterbi algorithm will allow you calculate the highest probability sequence of letters for a given sequence of sounds and timings between sounds even in German!

    Mind you, they have to be able to get a sound bug in there, but that might be malware-infected computers nearby the typewriters.

    Anyhow, basically, the technology used to do automatic speech recognition would make short work of tapping typewriters, so they’re fooling themselves if they think this’ll make much difference.

    BTW, I have a strong suspicion that the Germans’ outrage is all a big charade. Every major country has big spy operations. The NSA is neither unique nor the first of its kind. The Germans could not have been ignorant of at least the general nature NSA’s dealings before Snowden, so while they openly object, secretly, this is business as usual. By doing this, they fool their people into thinking they’re not being spied on by their own government and, using the US as a scapegoat, they also generate a degree of solidarity. Russians spy operations, of course, are way worse, so their objections are the same bullshit. And the Chinese government is all about lying to, well, basically everyone while they use both capitalism and cyberwarfare to take over the world and control everyone, so their recent statement about the iPhone is also a crock of shit.

    This reminds me of Andrew Cuomo’s push to restore trust in government. The whole idea is disingenuous. Governments, like any large organization, are only going to do what the people need only with checks & balances and transparency.

    And as a final note, I believe that the stated purpose of the NSA is a good one: Mine publically available data to identify terrorist activity. That sounds like a good thing to do. It’s the illegal violations of privacy that are wrong. They violate our rights because it’s inconvenient to get the info they need some other way. It’s also inconvenient for me to work a regular job instead of selling drugs. There are much more convenient ways to achieve my goals that I avoid because they are wrong. To do their job, the NSA needs to find clever ways to acquire the information they need WITHIN THE LAW.

    • by c (8461)

      Passwords have been stolen just by listening to keyboard click noises. Why could a typewriter be any different?

      A much stronger mechanical action which generates multiple (the keypress itself plus the imprint on paper action) strong and distinct signatures. I'd expect it would be far easier to pick up than even the loudest Model M keyboard...

      I'd be curious how much a highly sensitive seismic sensor on the ceiling below the typewriter would pick up, or even on the foundation of the building.

  • Poison the well. Everybody, anywhere in the world, whether it be a government, corporation, or individual, needs to become skilled at disinformation. If everybody's default behaviour is to muddy the waters by generating all kinds of contradictory data, the background noise level becomes so high that discerning fact from fiction is very difficult. Governments and corporations already use this tactic against the population; I consider much of Prime Time and 'reality' television to be propaganda, a kind of cultural disease vector.

    Given that the genie is out of the bottle and privacy is dead, it would be best for everybody to know everything about everybody else, until the data becomes meaningless because of its sheer volume and commonness. If all possible information about what's going on is available to everyone everywhere, then it becomes essentially worthless. But the TLAs and corporations won't let that happen - they'll always be one up on mere citizens when it comes to info gathering. So maybe it's time for everyone to start sowing disinformation. That would make the world really, really suck; but it would probably suck a lot less than it will if the ultimate goals of Big Brother are achieved.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      If all possible information about what's going on is available to everyone everywhere, then it becomes essentially worthless.

      No. I can still single you out and destroy your life with that information. Well funded entities don't even need to single out anyone to take advantage of that flood of information. What seems like vast, insurmountable amounts of data to you is but a challenge to data scientists. Just because you couldn't make use of the information to your advantage doesn't mean nobody else can use it to their advantage, and that is precisely the problem. The small amount of disinformation any individual could sow is easil

  • If I have it correctly there is no longer a single new typewriter manufacturer in the entire world.
  • by aviators99 (895782) on Tuesday July 15, 2014 @07:56AM (#47456047) Homepage

    Check the museums and see if the Enigma Machines (http://en.wikipedia.org/wiki/Enigma_machine [wikipedia.org]) are mysteriously missing. A layperson might call that a "typewriter".

  • by bbasgen (165297) on Tuesday July 15, 2014 @07:56AM (#47456051) Homepage

    The core components of information security are often misunderstood. The triad of confidentiality, integrity and availability are important to consider. There is a symbiosis between these three components. For example, if confidentiality and availability is highly restrictive, can we really be confident in the integrity of the data with so few people who have such limited access?

    The old adage, being so tragically expressed here in real world terms, that the only "secure" computer is locked in a vault at the bottom of an ocean belies the very nature of security. For data to be useful and meaningful, it must be accessible to the people who need it when they need it. Failure to properly deliver accessibility will consequently build pressure on confidentiality (e.g. it will be shared inappropriately) and/or data integrity (e.g. the data will grow stale/irrelevant/etc).

    A typewriter is a medieval instrument for data security. Because they have rockets, they might as well start building castle walls. They are, in essence and by design, surrendering. Sun Tzu would be proud of such an adversary that could create this result. Masterful.

  • I'm for it.

  • Maybe for flat-text documents, this'll work okay.

    But I'm fairly sure intel documentation is a damn sight richer than "wall of text" in many cases.

  • Good for retro spy movies, bad for actual security. Stick with open software+hardware solution like BeagleBoard. I am sure Russia and any developed European country is capable of creating their own ARM SoC from ground up if needed.

  • for avoiding eavesdroppers. And is this a direction that non-criminal organizations are going towards?

Life would be so much easier if we could just look at the source code. -- Dave Olson

Working...