Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security Government

Russian Federal Guard Service "Upgrades" To Electric Typewriters 163

Razgorov Prikazka writes "The Russian Federal Guard Service (FSO), who are in charge of protecting high level politicians like president Putin (amongst others), are 'upgrading' to electric typewriters for writing sensitive documents. They have found out that computers pose a security risk and this is their answer to it. On first sight this seems like a very pragmatic and cost-efficient thing to do. However, the FSO has its roots in the KGB and those were the ones who placed keystroke loggers on the popular IBM Selectric electric typewriter 40 years ago! So how much safer does this make them?"
This discussion has been archived. No new comments can be posted.

Russian Federal Guard Service "Upgrades" To Electric Typewriters

Comments Filter:
  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Thursday July 11, 2013 @10:39AM (#44251209)
    Comment removed based on user account deletion
    • by gl4ss ( 559668 )

      I suspect having a device that has only one purpose, as compared to a computer, it is much less likely to be compromised and much easier to detect.

      actually it would be very hard to detect. but the attack would have to be pretty local at least initially, or in the supply chain.

      and at least it's not networked by default.

      however - could just as well upgrade to 8mhz xt's booted from read only media.. and a printer attached.

      • by plover ( 150551 )

        The attacker would have to physically implant the bug in the machine, which would take training. Once it's in, however, the bug can isn't limited to wired networks or short range technologies like Bluetooth or WiFi. It could use GSM or SMS with nothing more than parts bought at a Radio Shack.

        • by kimvette ( 919543 ) on Thursday July 11, 2013 @11:41AM (#44252059) Homepage Journal

          Radio shack still sells parts?

          Are you sure you mean Radio Shack? The place where their motto is apparently "You've got questions, we've got blank stares?" THAT Radio Shack?

          • by plover ( 150551 )

            Surprisingly, yes. There's one in the building next to ours, and we often browse the shop during lunch. They have Seeed Studios Seeeduinos, Arduinos, and various shields including a GSM shield. A friend bought one which he wired to remotely operate an outlet via SMS.

          • Yes they do. Granted they have a bigger selection of phones or RC vehicles it seems. The parts are basically relegated to a few shelf feet off in a back corner of the store, usually the one farthest from the door. At least that is how the one near my house is. I only go there when I want something today and micro center doesn't have it as they tend to be fairly expensive.
          • No the Other Radio Shack: "You can get better, but you cant pay more"
        • by weeble ( 50918 )

          The attacker would have to physically implant the bug in the machine, which would take training. Once it's in, however, the bug can isn't limited to wired networks or short range technologies like Bluetooth or WiFi. It could use GSM or SMS with nothing more than parts bought at a Radio Shack.

          Not at all and the technology for monitoring the output for typewriters is decades old.

          They can be monitored remotely using the vibration in the office windows or using the fluctuation in the electrical current. Monitoring the vibration in the office windows can be done from across the street or further away.

    • by Idbar ( 1034346 )
      I was thinking, why not mechanical? Wouldn't that save on electricity costs as well?
    • Yes that's the way I am understanding it as well, there may also be a loss in productivity; Basically the office staff is wasting too much time cruising the internet. We'll see if this is a better solution or not...
    • by icebike ( 68054 )

      Less likely to be compromises?

      It may be easier to detect an electric typewriter, because each key-press triggers one or more solenoids, which emit a small electromagnetic radio signal, detectable through walls.

      Further you have the burn requirement of the ribbon, because you can often recover the message from the ribbon, especially single use plastic ribbons.

      A smarter choice might have been an purely mechanical typewriter, which emits no radio signal, and has a ribbon that is intended to be used repeatedly,

      • by mirix ( 1649853 )

        Electromechanical typewriters, like the IBM selectric, have no solenoids. They are powered by an electric motor that drives a couple shafts with cams and clutches. The keys are hand powered, and engage the clutches / hit cams/ something along these lines, which in turn rotate and smack the type ball.

        You could replace the motor with a gerbil or something, and it would be entirely mechanical.

        • You could replace the motor with a gerbil or something

          The way Russian army works, this would probably be the first-month conscript.

  • cost. (Score:5, Funny)

    by gandhi_2 ( 1108023 ) on Thursday July 11, 2013 @10:40AM (#44251221) Homepage

    It's probably cheaper than trying to out-bid American hipsters for old Remington typewriters.

    • by Hartree ( 191324 )

      Darn. There goes my chance to get rich. All 3 of mine are Royal typewriters.

    • by mendax ( 114116 )

      Hey! I have an old manual typewriter (K-Mart brand but might be a Royal on the inside) and I'm not a hipster. For one thing, I wear my hair short and when I grew a beard I couldn't get rid of it quickly enough. Second, I'm a registered Republican.... (but I usually vote for Democrats). However, I learned to touch type (that's to type without looking at the keyboard) on a manual typewriter so, unlike most of you kids here, I know how to properly use it.

  • by Anonymous Coward on Thursday July 11, 2013 @10:40AM (#44251227)

    To place a keylogger on a typewriter you need physical access to the typewriter... to place a keylogger on a computer you need the internet...

    I can see the advantage...

    • To place a keylogger on a typewriter you need physical access to the typewriter... to place a keylogger on a computer you need the internet...

      And if said computer is never connected to any networks how do you propose to install said keylogger?

      • to place a keylogger on a computer you need the internet

        Only if you buy your keyloggers at radio shack!

        And if said computer is never connected to any networks how do you propose to install said keylogger?

        With a screwdriver perhaps?

      • Then what's the point of having the computer if all you're doing is printing reports with it? Do you want to be able to play Galaga and hope noone notices?
        • Then what's the point of having the computer if all you're doing is printing reports with it?

          You've never actually tried to type something on a typewriter have you? No one who has used both a word processor and a typewriter would possibly ask such a ridiculous question.

      • Re:Physical access? (Score:4, Informative)

        by Bill, Shooter of Bul ( 629286 ) on Thursday July 11, 2013 @11:38AM (#44252023) Journal

        Stuxnet jumped the air gap just fine via jump drives and other sneakernet tech.

      • USB device, CD/DVD/Floppy, however they transfer documents.

      • by pellik ( 193063 )
        That's where social engineering comes in. You call up the grunt employees and start saying big words like 'firmware update' until they just start doing whatever you tell them to.
  • Nothing is safe (Score:4, Insightful)

    by Anonymous Coward on Thursday July 11, 2013 @10:43AM (#44251269)

    When your opponent has access to your hardware, you've already lost. That's true whether its a mechanical typewriter, electric typewriter, or a computer.

    • by Anonymous Coward

      you entirely count out physical and mechanical counter measures, such as tamper evidence, tamper resistance, locking service covers/disassembly points, etc...

      you can also do "least access" with hardware, as in secure everything except what the user needs to function, such as screens and keyboards, and lock access to the rest.

      access to hardware is also vauge. What kind of access? unsupervised access? how long?

      There are many things you can do to deter physical attacks, where you can expect the hardware to be

  • by fustakrakich ( 1673220 ) on Thursday July 11, 2013 @10:43AM (#44251271) Journal

    No written communications. This whole writing and reading thing is overrated, and apparently can be dangerous.

    • Re: (Score:2, Interesting)

      by Anonymous Coward
      "Conversation was invented by humans to reveal secrets. We use it to sweet talk our way into people's business. You know who has safe conversations? Ants. They talk by vomiting chemicals into each other’s mouths. They get right down to brass tacks. Bleh! Which way’s the picnic? Bleh! That way. Humans are more evolved. We spy."
    • Why do *insert cop type here* travel in threes?

      One to do the writin', one to do the readin', and one to keep an eye on the two intellectuals.

  • by Anonymous Coward on Thursday July 11, 2013 @10:44AM (#44251289)

    http://www.nsa.gov/public_info/_files/cryptologic_histories/Learning_from_the_Enemy.pdf

    • by plover ( 150551 ) on Thursday July 11, 2013 @01:11PM (#44253279) Homepage Journal

      Thanks, AC, for the link. Very interesting story!

      In an ironic twist, I present this paragraph from page 23 of the report:

      "Eight months after the GUNMAN discovery, the story broke in the press. By highlighting the damage, press coverage helped to focus the attention of the U.S. government on improving the security of its information."

      Perhaps Ed Snowden or Bradley Manning can present this in their trials.

  • So Awesome (Score:5, Funny)

    by Sparticus789 ( 2625955 ) on Thursday July 11, 2013 @10:44AM (#44251293) Journal

    I was driving by Fort Meade today and I heard a collective scream of "PUUUUUTTTTTIIIIINNNNNNNNNNNNN!!!" coming from the NSA headquarters. Every single PRISM employee screamed in agony.

  • Sound (Score:5, Interesting)

    by Dan East ( 318230 ) on Thursday July 11, 2013 @10:48AM (#44251361) Journal

    I remember reading a slashdot story years ago where researchers were able to determine which keys on a computer keyboard were pressed just by the sound they produced mechanically. I would think it would be even easier to use this technique against a typewriter.

    • Re:Sound (Score:5, Interesting)

      by Dan East ( 318230 ) on Thursday July 11, 2013 @10:54AM (#44251429) Journal

      Wow, I'm citing 8 year old Slashdot stories.
      http://it.slashdot.org/story/05/09/13/1644259/keyboard-sound-aids-password-cracking [slashdot.org]

    • You still need to physically get a bug into the room where the typewriter is. I imagine this is a lot harder and certainly carries far more personal risk than siting half way around the world and connecting via the net.
      • RTFA.

        [...]reports about Dmitry Medvedev being listened in on during his visit to the G20 summit in London[...]

        Apparently the whole listening in to things is somehow covered in the spy-training curriculum. Who would have guessed that huh? </sarcasm>
      • by plover ( 150551 )

        In a related story (also quite old), researchers were able to pick up enough leaked RF to read a USB keyboard from an adjacent room. Again, you have to get physically close, but not necessarily into the exact room.

        • In a related story to that, some researchers had a proof of concept that they could filter out the keyboardstrokes from a power line. Everytime a button on a usb-keyboard is pressed in it will give off some 'fingerprint' on the grounded bit. They somehow got information out of that. Then again, this was in a controlled lab-environment, where the power source was completely stripped of any distortion and the return was examined for little changes. Nevertheless I thought it was quite clever.
          I dont think that
      • No you don't. Devices have existed for decades which reflect a laser beam off of a glass window to pick up vibrations. Basically a window acts like a giant microphone diagram and vibrates as sound waves inside the room strike it

        • by lxs ( 131946 )

          *diaphragm.

          Unless your windows are decorated with annotated drawings of microphones. Which would make you my hero.

          • You should have seen some of the windows at my place of work. No diagrams of microphones but after running out of white board space (we even took all the movable ones from around the rest of the floor) we migrated to drawing diagrams on the windows. By the end of that project the room was reminiscent of the movie "A Beautiful Mind"
        • by tftp ( 111690 )

          Devices have existed for decades which reflect a laser beam off of a glass window to pick up vibrations.

          That's probably why a SCIF has no windows. Look at the Pentagon. Most of the rooms are inside the building.

    • by cffrost ( 885375 )

      I remember reading a slashdot story years ago where researchers were able to determine which keys on a computer keyboard were pressed just by the sound they produced mechanically. I would think it would be even easier to use this technique against a typewriter.

      That technique is called "acoustic cryptanalysis" [wikipedia.org] — though if these documents are typed in plaintext, it might be more accurately described as "acoustic transcription."

    • by plover ( 150551 )

      Except it turned out not to be the case when the Soviets were bugging the U.S. Embassy's typewriters. CBS News had learned about the original typewriter bugging from a leaker, and in their reporting sought out an expert to explain how the bugs worked. The expert guessed that it was an audio bug. But this technique was refuted in the NSA paper "Learning from the Enemy" [nsa.gov], on page 18:

      "In an article entitled "Tapping the Keys," a bugging expert offered the following explanation of the Soviet bug:

      The Soviets must have taken advantage of the way the Selectric types. A metal ball covered with characters spins so that the appropriate character strikes the paper and then spins back to its starting point. The time it takes to accomplish the rotation to each letter is different. A lowtech listening device planted in the room could transmit the sounds of a typing Selectric to a computer. The computer could then easily measure the time intervals between each key stroke and the character being put on the paper, and thus determine which character had been tapped.

      [ ], an engineer in the COMSEC organization, who was involved in reverse engineering the GUNMAN bug, explained that the press had a good idea, but it was inaccurate: "IBM Selectric typewriters used a spinning ball to get the right character on the paper. The bug was not based on sound or timing." [ ] further elaborated: "The Soviets were very good with metal. Housing the bug in a metal bar was ingenious. The bar was difficult to open and it really concealed the bug from inspection." [ ], an engineer from R9 who also worked on this project, agreed:

      To the naked eye, the bar looked like a single unit. You could not see that it could be opened. The use of low power and short transmission bursts also made it difficult to detect this bug. The bug contained integrated circuits that were very advanced for that time period. The implant was really very sophisticated."

      Elsewhere in the paper, the NSA explains the bug was hidden in a metal bar, and magnetically detected the ball moving mechanis

  • by davidwr ( 791652 ) on Thursday July 11, 2013 @10:49AM (#44251371) Homepage Journal

    The Ball-type IBM Selectric typewriters had a flaw that made it easy to tell what was being said just by the sound and delay between characters. You didn't even have to have the listening device in the typewriter, it could be across the room if it was "directional" enough.

    While you could probably decode a lever-type typewriter's activity from just a good sound recording, it's probably much harder.

    Oh, and as for trying to decode an inkjet- or thermal- electric typewriters just by the noise, "good luck with that."

    Of course, today, if you can plant spy equipment in the room where the person is typing and you are good and well-funded, you don't need to rely on the noise the typewriter makes. Or, to put it another way, if you have a determined adversary who is significantly better than you, it's probably "game over" before the game even begins.

    • Mylar ink tape (Score:2, Informative)

      by Anonymous Coward

      A record of all keystrokes is stored on the mylar ink tape used in the Selectric. You need to incinerate the ink cartridge after use to keep things secure.

    • by mlts ( 1038732 ) *

      I remember some electric typewriters using a wheel. Perhaps if the typewriter would spin the wheel at random so the distance between where the current letter is versus where it needs to go would be random (and thus unusable assuming a good RNG.) When someone is typing, it could also vary speed as well, so going from an "A" to a "B" may be the same time as going to something spaced 180 degrees away, or may not.

      Add to that a small RAM buffer that scrubs data after it gets typed, and that would be decently s

  • Easy to answer (Score:5, Interesting)

    by Idarubicin ( 579475 ) on Thursday July 11, 2013 @10:52AM (#44251415) Journal

    However, the FSO has its roots in the KGB and those were the ones who placed keystroke loggers on the popular IBM Selectric electric typewriter 40 years ago! So how much safer does this make them?

    "Somewhat".

    If your adversary has physical access to any piece of hardware, it's impossible to secure. Period. One can install a keystroke logger on a modern computer keyboard as well. Switching to non-networked, 'dumb', electric typewriters doesn't block this avenue for attack.

    On the other hand, depending on the typewriter's features, it will be very difficult or impossible to remotely compromise, or to compromise using non-hardware approaches. Entire classes of attacks are rendered irrelevant.

    To be fair, this does introduce some new potential avenues for attack--increased physical document handling means additional risks related to moving and securing bits of paper.

    • by plover ( 150551 )

      When you go that old school, you have to be sure to shred your carbon paper, too.

      I'm not sure if my son has ever seen a sheet of carbon paper.

  • Can Toasters type ?
  • by luis_a_espinal ( 1810296 ) on Thursday July 11, 2013 @10:55AM (#44251445)

    "The Russian Federal Guard Service (FSO), who are in charge of protecting high level politicians like president Putin (amongst others), are 'upgrading' to electric typewriters for writing sensitive documents. They have found out that computers pose a security risk and this is their answer to it. On first sight this seems like a very pragmatic and cost-efficient thing to do.

    This kind of reminds me of the Colonial solution to Cylon infiltration in the re-imagined BSG TV series. Obviously not perfect, but also simple and good enough. It is not something we in the U.S. - with so much resources to waste (and fall into further debt) would think about.

    However, the FSO has its roots in the KGB and those were the ones who placed keystroke loggers on the popular IBM Selectric electric typewriter 40 years ago! So how much safer does this make them?"

    It makes them safer from UNWANTED/EXTERNAL infiltration. Infiltration by them is just fine. In the world of political/military security and intelligence, safety does not mean impenetrability. It means resilient to infiltration that you do not want. This is a completely different requirement from the requirement of "safety" as understood in the commercial/private sector.

  • by PPH ( 736903 ) on Thursday July 11, 2013 @11:02AM (#44251533)

    ... should adopt this. It will make spotting people like Snowden easier. Just look for the carbon paper smudges on his fingers. On the other hand, it will make them stand out at DEFCON [slashdot.org] when they break out their travel typewriters to make reports. And don't forget all of them lining up to use the bank of payphones in the lobby to call in reports.

  • by TheCarp ( 96830 ) <sjc@carpa[ ].net ['net' in gap]> on Thursday July 11, 2013 @11:03AM (#44251551) Homepage

    A while back someone did some research and published it on keystroke logging via audio capture. They found they were able to reliably determine what someone was typing just from the sound of their typing. I have to imagine that would work here.

    http://www.berkeley.edu/news/media/releases/2005/09/14_key.shtml [berkeley.edu]

    Though, maybe they also run white noise generators in the office?

  • Protect the ribbons (Score:5, Interesting)

    by T.E.D. ( 34228 ) on Thursday July 11, 2013 @11:13AM (#44251679)
    In this modern era many people forget that typewriters had a *huge* security hole. The ink ribbons they used, in the right hands, were practically a "tape backup" of everything typed at that typewriter.
    • Moreso carbon deposit ribbons like what selectric used, the cloth & ink ones usually reversed and re-typed over previous letters several times before needing replacement
    • by mlts ( 1038732 ) *

      I remember in the mid-1980s, some "word processors" which used dot-matrix printers, so one can type a line, backspace/edit that line, then once they hit return, the line gets printed, and that's that.

      Maybe something similar, but using an inkjet printer instead?

      Of course, there is always the issue of modern electronic devices having the ability to hide functionality a lot easier from than a mechanical device, but it might be a useful compromise.

  • Unlike a computer, a typewriter isn't going to get a keylogger installed by clicking on a link that's on a piece of paper. They're also within a security group, so there's some decent security going on with them. They aren't just leaving them out in unlocked buildings all day.
    • You don't need to install a keylogger, it already has one built in; the ribbon.
      • by tftp ( 111690 )

        You don't need to install a keylogger, it already has one built in; the ribbon.

        It's a known vulnerability, and as such it is trivial to defeat. Just keep the used but still good ribbon in a safe, along with the originals and other secret documents. A worn out ribbon will be incinerated. On top of that, keep the equipment in a locked room, under guard. Those are simple technical measures that can be easily understood and implemented, as opposed to dealing a custom virus that may be embedded in one of the

  • I bet it improves the error rate. I learned to type on electric typewriters. As PCs took over for word processing, my error rate has gotten terrible. On an electric typewriter, making one mistake is a pain in the butt to fix, even with the ones that have the built-in correction tape.

    • You just XXXX wind up with XX lots of XXXXXXXXXXXXXX typed-over words instead.
    • by plover ( 150551 )

      You're missing the bigger picture. Typing error rates only matter on actual letter-at-a-time typewriters (regardless of any correction technology.) Once word processors arrived, though, the error rate ceased to have any meaning. If you can maintain 80 WPM while making 10 errors that you went back and corrected, you are twice as productive as someone who can type 40 WPM with no errors.

      Typing teachers harped on error rates long after the point where they made sense. We have to remember they were "typing"

  • by gmuslera ( 3436 ) on Thursday July 11, 2013 @11:51AM (#44252189) Homepage Journal

    ... is always people. Even if is just by stupidity (like going to one of those meetings with a cellphone), but could be plain malice, double agents or blackmailed "safe" people (and with all the data of the world you have plenty of material to blackmail anyone).

    And thats the most worrying thing about NSA and associates snooping, you are getting 5 millon extra vulnerabilities [salon.com] in everything that surrounds all your data.

  • I think it is right time to train pigeons.
  • by aristotle-dude ( 626586 ) on Thursday July 11, 2013 @12:10PM (#44252481)
    joined by quantum entanglement and you can send messages across vast distances like they do in Fringe across universes.
  • Than using a computer with no network connection?
    I mean, you'd probably want to make sure it has no wifi, etc, but that could also be accomplished by putting it in a faraday cage of some sort.

  • Typing them on an Underwood won't make it any more secure, if the documents are scanned and emailed.
  • I think I'd go with a manual in that situation, since electromechanical typewriters and teletypes have their own problems.

    There was a lot of shielding and filtering put into crypto systems that used teletypes to avoid leaking information out the power leads, or radiating it directly.

    I recall there being tempest rated versions of electric typewriters to avoid this. But a manual typewriter is an easy way around it.

  • If the DOD can't find COBOL programmers to fix their accounting system, who'll still be able to install a key-logger in a electric typewriter?

  • Technology is just papering over the basic truism that the humans are the weakness in any security system.

    It is in their very nature to be inquisitive about the unknown, hiding secrets is intrinsically difficult for humans, given their social behavior. The human mind is not a secure vault, it can be tricked or forced or otherwise convinced to reveal its secrets in a wide variety of ways.

    All of the technology for secrecy is moot when people simply open up and communicate directly with each other.

    For example

  • a lot. At least for the time being, and at least within the current "security" context. A lot.
  • They really need to do more research. Listening to key boards to detect what's written [berkeley.edu] was shown possible 8 years ago...

    Ralf

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...