Random numbers, Persian code: A mysterious signal transfixes radio sleuths (rferl.org)
81 points by thinkingemote 8 hours ago
andyjohnson0 26 minutes ago
> Fernandez, who more than two decades ago published a four-CD audio compendium of hundreds of recordings from around the world called the Conet Project. It's considered the Bible for numbers-station enthusiasts.
The Conet Project is an interesting listen -- very analogue, Cold War-ish, and a bit sinister. Seems to be available on the Internet Archive at https://archive.org/details/The-Conet-Project
NitpickLawyer 7 hours ago
I wonder why they keep using a dedicated numbers station instead of embedding the code in a regular radio broadcast on a traditional channel? I'm sure that even before LLMs one could find a way to create a story where certain numbers / code words would be embedded without altering the underlying story too much. And they could probably get BBC / whatever station to air it. It would be a bit less inconspicuous to listen to BBC than to a dedicated numbers station, even if the message would be undecryptable either way.
daneel_w an hour ago
> "I'm sure that even before LLMs one could find a way to create a story where certain numbers / code words would be embedded without altering the underlying story too much."
It's called steganography, and it's a centuries if not millennia old technique.
shagie a few seconds ago
[delayed]
coldpie 6 hours ago
Seems to me like coordinating with an entity outside of the spooks' control, such as the BBC, would give more opportunities for leaks. It would also reveal some information about who is controlling the signal--someone with some kind of relationship with the broadcaster.
user982 4 minutes ago
The previous time that the US and UK overthrew Iran's government (https://en.wikipedia.org/wiki/1953_Iranian_coup_d'%C3%A9tat), they used the BBC in that way.
Roosevelt told the Shah that he was in Iran on behalf of the American and British secret services, and that this would be confirmed by a code word the Shah would be able to hear on the BBC the next night. Churchill had arranged that the BBC would end its broadcast day by saying not 'it is now midnight' as usual, but 'it is now exactly midnight'b00ty4breakfast 6 hours ago
who's to say they aren't doing both? They may not even be sending anything over the number station; these stations will continue on a schedule even when there is nothing to say and nobody is listening because it makes it harder to eek out a foothold in the event of a weakness in the encryption.
nhecker 6 hours ago
I can't find it immediately, but I've read about something even sneakier than this. A standard broadcast station was modified such that its carrier signal was modulated by a PSK signal. The intended listener would use e.g., a PSK-31 modem to listen to the carrier signal and would be able to obtain the encoded digital data. Everyday listeners would hear the regular broadcast. The station involved _might_ have been a BBC station, but I don't recall.
mbirth an hour ago
You could technically just transmit data via RDS, too. Change a letter here and there and nobody would know whether that’s a decoding error or actual ciphertext. (Would need some kind of checksum or so, of course.)
@windytan did a fascinating audio clip highlighting the RDS data stream in a radio recording some while ago:
some_random 2 hours ago
I think you're massively overestimating the amount of control the US has over news broadcasters.
zitterbewegung 6 hours ago
Shortwave propagates better and also its just a one time pad being distributed so embedding doesn't matter as much as long as the one time pad is longer than the intended message to send. There is no way to decrypt it because once you encrypt a message using a one time pad it is impossible to decrypt without the exact one time pad that it was encrypted with.
zikduruqe 8 minutes ago
And it is faster than the internet. That's why high speed traders are starting to use HF.
https://spectrum.ieee.org/wall-street-tries-shortwave-radio-...
bluGill 3 hours ago
One time pads work only if only the sender and receiver have a copy of the pad - and they destroy each sheet on use. Distributing the pads is hard, but often it can be done easier than the message.
Distributing a one time pad like this is a stupid idea: it isn't hard to collect everything you ever send, and it takes a computer a few ms to check every encrypted message against every possible sequence. That is breaking a distribute one time pad via shortwave like this is something a single layperson can do, it doesn't even need a government scale attacker to break it.
Don't get me wrong, this can be used for good encryption. However it isn't a one time pad they are doing, it is something more complex.
pclmulqdq 2 hours ago
SAI_Peregrinus an hour ago
It's not a one-time pad being distributed, because leaking the pad leaks all your communications. It's almost certainly the actual messages being distributed, at specific times of day. The listener records the numbers for the known time period to get the message, then decodes it with their pad for that period. Then they destroy that pad. Continually broadcasting numbers makes it impossible to tell the length of the messages.
fortran77 an hour ago
I think they do this, too.
However, the numbers stations transmissions are never a big secret. They're intentionally powerful so someone can pick them up on simple equipment without raising suspicion. A person can modify an off-the-shelf AM radio to pick up shortwave, for example, even in an oppressive regime.
It's a one-time pad, so the encryption is unbreakable.
gorfian_robot 6 hours ago
regular AM/FM stations are not broadcasting on shortwave bands
NitpickLawyer 6 hours ago
Sure, but that would be a benefit, I would think. Most old cars come with an AM/FM radio, most cheap phones now have FM (? I don't know about AM, don't think so) and so on. So it would be more inconspicuous to listen to a regular radio than to a special station on special hardware. You don't even have to broadcast from EU, you could probably purchase some Radio Quatar Classical Rock or something :)
JohnFen 5 hours ago
lxgr 6 hours ago
There are still quite a few shortwave radio stations broadcasting.
aswegs8 8 hours ago
srean 7 hours ago
Does this move around geographically ? Triangulating broadcast location is a well understood craft.
rustyhancock 7 hours ago
Shortwave radio is more challenging than you might imagine.
Near to the transmitter it's received by ground wave, further it's scattered off the ionosphere. In-between it's undetectable due to the skip zone. This might also explain why Amelia Earhart went missing [1]
Coverage is obtained from multipath and reflections. Leading to variable strength and timing. Not as bad as DXing on HF with low power but much harder than you might imagine.
Fine for someone to transcribe some numbers but useless for people trying to identify sources.
So locally you get an apparent direction to the source which is clearly not the source.
Add to that the complex local terrain and a well placed number stations can be very difficult to locate with precision.
Edit: unrelated but interesting there are some mysteries in HF transmission including long delayed echoes where a signal takes far longer than reasonable to travel out and back over several seconds [0] which given its travelling light milliseconds is a conundrum.
Supermancho 7 hours ago
My father regailed tales of his college years where it was a game to have a HAM radio operator start broadcasting and to have teams try to find where they were hiding, first.
More challenging? Not really. It does require multiple boots on the ground to do it.
BenjiWiebe 2 hours ago
misnome 7 hours ago
srean 7 hours ago
IAmBroom 4 hours ago
srean 7 hours ago
Thanks that was quite illuminating. I knew about ionospheric reflections to be a problem but not the others.
JohnFen 5 hours ago
The broadcast locations aren't really secret, and don't need to be.
srean 4 hours ago
Known locations can be taken out, no ?
JohnFen 3 hours ago
IAmGraydon 2 hours ago
The location of this transmitter is a shortwave transmission facility within a US military base in Böblingen, 15 km southwest of Stuttgart, Germany. The coordinates:
48°41'26"N 9°05'12"E
https://www.google.com/maps/place/48%C2%B041'26.0%22N+9%C2%B...
andyjohnson0 33 minutes ago
Interesting. I have no reason to disbelieve you.
So...
If its being broadcast by the US military or the CIA, why Persian?
Because they're issueing activation orders to their network of ani-regime operatives inside Iran? Who, mysteriously for spies, only know that language?
Or because they want the Iranian government to think that? And a numbers station broadcasting in - unusually - Persian, is an easy way to get the attention of the Iranians?
I'm thinking the latter.
butler14 7 hours ago
"We don't need NATO." But we do need our bases in Germany plz.
Cthulhu_ 6 hours ago
These two don't have to be related per se, but it sure helps with maintaining a healthy mutually beneficial military relationship.
AlphaGeekZulu 7 hours ago
N 48.690438° E 9.086693°
ttul 2 hours ago
Street View nearby reveals this sign at the edge of the Street View area: "Forstarbeiter und Militär Frei," which means "Forestry Workers and Military [are free to enter]". The red circle around the sign implies that everyone else is forbidden to enter. So, it's some kind of military installation.
Cthulhu_ 6 hours ago
Neat, there's no Street View coverage but there is clear sattelite imagery: https://maps.app.goo.gl/RjGUAMExUrD6aqs59
Apple's maps version has that section blurred out though.
Bing's sattelite images seem to be older, the antenna isn't visible on there yet and there's just building foundations: https://www.bing.com/maps?cp=48.690103%7E9.086240&lvl=18.8&s.... Can't determine how old those images are though.
AlphaGeekZulu 4 hours ago
Until around 2000-2004 there have even been 2 Antennas. The whole surrounding forest is a military training ground, obviously used by German Bundeswehr and US forces. There are German and US barracks on opposite ends of the area. Within the vicinity there are an UXO clearance service, K9 school, CQB training village, shooting ranges, lots of bunkers and who knows what.
ndiddy 6 hours ago
If anyone is interested in further reading, this group are the world's leading experts on number stations (outside of intelligence services of course). They've done a detailed article on the new station, including recordings, technical mishaps, and analysis of why they believe the station is CIA run. https://priyom.org/number-stations/other/v32
> Considering the topical interest in this station, the Priyom team shares its further expertise regarding V32's attribution, beyond being transmitted from a US military facility. While this remains unconfirmed speculation, and not facts, a prime candidate for the operator of this station would be the CIA. Contrary to popular belief, US intelligence has not entirely moved away from numbers stations. Sources in the intelligence community indicate that the CIA provides extra training about numbers stations and one-time pads to clandestine agents assigned to locations with a very hostile operating environment, such as Iran or North Korea: it is envisioned as a last-resort means of communication with high-value sources. So according to this, numbers stations are actually still an institutional part of the CIA playbook. The war in Iran, and the Internet blackout installed by the regime, fulfill the very circumstances for which the CIA would have planned this.
> We already know that the CIA has a significant presence in Iran and involvement in the war, having provided crucial intelligence tracking Iranian leaders that enabled the assassination strikes that kickstarted the war. They most probably have had a network of infiltrated assets already in place and organized, ready to be reached through a numbers station if need be right when the war started - which makes the CIA a candidate for running V32 consistent with a legitimate intelligence operation. However, what we've observed from V32's operations - technical quirks and shifting formats - suggest that the technical deployment of the numbers station and shortwave transmissions themselves may have been a little rushed by the circumstances.
> Another noteworthy feature of V32 is how all its transmissions take place on the same frequency. Most other numbers stations in general are comprehensive operations targeting many different recipients in different countries, and making use of many different transmission times and frequencies suited to the particular signal propagation needs corresponding to all those areas. In contrast, the fact that V32 always uses a single, same frequency, at always two given times of the day, would be consistent with an operation that only needs to target a single geographical area: Iran.
kreetx 4 hours ago
Thanks for the link, really interesting!
chinathrow 6 hours ago
cathyfin8 2 hours ago
Interesting. Some sort of sync signal?
ada1981 2 hours ago
over / under it's just some kid broadcasting an encrypted Phish Prague 7/6/98 GHOST on repeat?
philipwhiuk 7 hours ago
Sounds like a CIA numbers station transmitting info to agents on the ground.
hypeatei 7 hours ago
This reminds me of UVB-76[0], a shortwave military radio in Russia. It would be interesting know why they're using this method to communicate covertly rather than beaming down messages to a phone via satellite or something. I'm not an expert on radios, though, so maybe it's not as clunky as I'm imagining where an undercover asset is hauling around bulky equipment.
teeray 7 hours ago
It’s simple, reliable, and effective. Shortwave receivers can be made fairly compact. They’re also very prevalent in most countries (every ham transciever), so there’s nothing suspicious to pack. People find numbers stations interesting, so they are often streamed online. One time pads have their logistical shortcomings, but are still the best encryption possible. The OTP can be compromised in known, visible ways, where a phone has myriad invisible ways to be compromised.
smegger001 an hour ago
You could probably cheat with the one time pad and use a book as a key, pick a pre determined starting point go diagonally down accross the page convert the letters to numbers and xor that against the message. It would be near enough to random and less conspicuous than a pad of random numbers when searched.
ndiddy 7 hours ago
Like the article says, satellite messages can be traced while radio is broadcast to everyone so it's impossible to find out who's listening. Shortwave radios are also cheap and widespread, so it's easy to get one anywhere in the world and if your house gets searched, it won't be suspicious if you have one.
tdeck 7 hours ago
> Shortwave radios are also cheap and widespread, so it's easy to get one anywhere in the world
I always hear this in discussions about number stations, but I don't think this is true in the US. In fact, I don't think I've ever seen a general consumer "shortwave radio". Unless the regular AM band counts, which seems to be medium wave.
ndiddy 5 hours ago
smegger001 2 hours ago
JohnFen 5 hours ago
gorfian_robot 6 hours ago
lxgr 6 hours ago
Satellite unicast receivers also can't be located. Iridium pagers were (maybe still are?) a thing, for example.
However, carrying one of these is probably highly suspicious compared to a world band radio receiver.
ErroneousBosh an hour ago
> Like the article says, satellite messages can be traced while radio is broadcast to everyone
I don't buy it.
Satellite downlinks are broadcast to everyone under a potentially massive footprint. Take a look at the footprint for QO-100 which you could use with very inexpensive equipment that looks pretty much like a normal satellite TV dish.
https://jeremyclark.ca/wp/telecom/sdr-for-qo-100-satellite-r...
nemomarx 7 hours ago
Phones usually contain the hardware for radio too, so making sure agents have some set of models for that doesn't sound bad. Even if you had to use a dedicated one having a radio at home isn't that conspicuous? Or in a car, etc
gorfian_robot 6 hours ago
a consumer phone usually would only have an FM receiver
eichin an hour ago
ooh, new fodder for conspiracies about electric cars not having AM radios :-)
jacknews 7 hours ago
perhaps they're not directed at deeply embedded lone spies with radios in their attics, but at 'military assets' which as a matter of course can receive these transmissions on a designated schedule.
j16sdiz 7 hours ago
dang 3 hours ago
Ok, we've changed to that from https://www.wired.com/story/a-mysterious-numbers-station-is-... above, and I've put the latter link in the toptext. Thanks!
lazyguythugman 7 hours ago
I've been off put by WIRE recently. Thanks for this.
srean 6 hours ago
For intelligence agencies,
it is important to
communicate with their
spies to gather intelligence,”
says John Sipher, a former
US intelligence officer
Sifr is also a valid word both in Farsi, I think. An Ironic and cruel pun.
OJFord 3 hours ago
> Sifr is also a valid word both in Farsi, I think
That is the root of 'cipher'; meaning zero/empty/nothingness.
srean 2 hours ago
Indeed and used cleverly in Casino Royale by naming Le Chiffre that way.
I knew 'sifr' was an Arabic word and only today I came to know that it works in Farsi too.
The double pun/irony is that the John Sipher's surname is related to the topic of cryptography and that the etymological roots is Middle-Eastern.
akssri an hour ago
More so if you know the etymology,
https://www.etymonline.com/word/cipher
(Al Jabr, the translator of Indian Mathematical texts was a Persian IIRC)
lioeters 43 minutes ago
Al-Jabr, from where we get the word albebra, is an abbreviated name of the book (The Compendious Book on Calculation by Completion and Balancing). The translator's name was al-Khwarizmi, from where we get the word *algorithm`. He was of Persian origin.
buildbot 6 hours ago
Random chance has a really good sense of humor!
Obscurity4340 4 hours ago
1/10 dentists hates nominative determinism. That dentist? Dr. Procter
ErroneousBosh an hour ago
You'd be amazed how many firefighters I know called "Burns", even leaving aside Ayrshire where lots of people are not-too-distantly related to a famous poet who, to put it mildly, put it about a bit.