[HN Gopher] Modern-day spying: sometimes old technology is more ...
___________________________________________________________________
Modern-day spying: sometimes old technology is more secure
Author : hilux
Score : 68 points
Date : 2024-07-07 18:32 UTC (4 hours ago)
(HTM) web link (www.economist.com)
(TXT) w3m dump (www.economist.com)
| tahoeskibum wrote:
| Sounds like the storyline for Battlestar Galactica :-)
| trod123 wrote:
| The technical director on that remake had a sound head on his
| or her shoulders.
|
| They correctly treated many aspects and details that today go
| ignored and addressed many of the issues that apply to us today
| with regards to adversaries who can by nature react faster than
| we can perceive.
|
| The solution had cost tradeoffs, but in the end it proved the
| correct decision through virtue of the fact that the story
| continued (and they weren't all killed off in episode one).
| czl wrote:
| > it proved the correct decision through virtue of the fact
| that the story continued (and they weren't all killed off in
| episode one).
|
| In the show's fictional plot, the decision seems correct
| because the story continued and the characters survived.
| However, we shouldn't judge decisions in real life by how
| they are portrayed in fiction. In modern fiction, decisions
| are often shaped to please audiences, not to reflect real-
| world correctness. Thus, it may not be wise to judge these
| fictional decisions by the same standards we use in real
| life.
| schmidtleonard wrote:
| Exactly. This is a pet peeve of mine, with the most common
| incarnation being: no, the dinosaurs in Jurassic Park do
| not escape because the writers proved that chaos theory
| makes a dinosaur zoo mathematically impossible, they escape
| because otherwise you and I would not pay to see the movie.
| andoando wrote:
| Reminds me of all the high school prompts like "What does
| the Lord of the Flies teach us about human nature".
| Nothing, its a complete work of fiction
| walterbell wrote:
| _> What does the Lord of the Flies teach us about human
| nature "._
|
| It teaches us about the human propensity for propaganda.
| jowea wrote:
| I think that can be understood as "What does the Lord of
| the Flies opines about human nature"
| heinrich5991 wrote:
| https://archive.is/G9g7P
| bmurray7jhu wrote:
| Matt Blaze's analysis of the flawed OTPs used by Cuban numbers
| stations: https://www.mattblaze.org/blog/neinnines/
| _n_b_ wrote:
| And his recording of the Cuban numbers station, if you want to
| hear what these sound like:
| https://www.mattblaze.org/private/17435khz-200810041700.mp3
|
| Here's a sample of the referenced "Linconshire Poacher":
| https://priyom.org/media/247818/e3.mp3
| ghayes wrote:
| Trying to understand why the Nein Nines could happen. My first
| thought for a "fill" algorithm would be to just fill with
| zeros, and hence read out the pad, since it is going to be used
| up anyway. But I suppose that's bad since if it did
| accidentally get re-used then that cyphertext would be fully
| compromised (versus say having two cyphertexts from the same
| pad to run a frequency analysis against). Another fill would be
| to add random data and pad against it, but then if your random
| data is flawed, you may still leak the OTP. So, I guess the
| actual algorithm must be derived from the OTP, but not padded
| with it? (Since if it were padded, there is no way to avoid a 9
| digit). It just seems like zero or semi-random fill seems
| safer...
| pwg wrote:
| > My first thought for a "fill" algorithm would be to just
| fill with zeros, and hence read out the pad, since it is
| going to be used up anyway.
|
| That also would use up the pad when there are no messages,
| requiring some secure way to get a new pad to the operatives
| when their existing pad is consumed. This is difficult enough
| (secure delivery of new pad) that it is unlikely that spy-HQ
| wishes to consume pad data for fill.
|
| > But I suppose that's bad since if it did accidentally get
| re-used then that cyphertext would be fully compromised
|
| Yes, if they reused any part of any pad for more than one
| single message, they have compromised (and revealed) the
| contents of the reused pad messages. This is the other
| difficulty with OTP's. The OTP data must never be reused.
| Which is alo why spy-HQ would not want to use it (the OTP) up
| for the fill, because to avoid reuse then they have to get
| new pad material to the operatives in some secure way.
|
| > So, I guess the actual algorithm must be derived from the
| OTP, but not padded with it?
|
| The 'implication' of the article is that the fill is just
| random data (without using up any pad material). Possibly
| with the appropriate headers in place so that it looks
| indistinguishable from a read message in the same slot.
|
| The further implication is that the Cuban station did
| something essentially like this: for
| (count=0; count<20; count++) {
| send(int(rand()*9)); }
|
| With a rand() implementation that returned a number from zero
| to 1.0 exclusive of 1.0 and an int() implementation that
| merely truncated any fraction from the multiplication. With
| the result that 9 is never sent.
| andix wrote:
| I think those old technologies are still around, because it's
| hard to train older spies on new technology. They learned that
| knowledge decades ago and would have a hard time to learn new
| things. So they let them use the stuff they know, instead of
| risking some boomer making an opsec mistake by updating their
| Facebook status on a secure device while doing sensitive
| communication.
| jrexilius wrote:
| I would wager that is has more to do with leveraging existing
| infrastructure that is commonly deployed to more than just G7
| nations and working with people in those countries who may not
| have a Q branch handy nor could afford to be caught with gear-
| turned-evidence.
|
| As well, as any honest engineer knows, new tech is rarely
| reliable and bug free. You may adopt it for other benefits, but
| assurance is generally not one of them. So if lives depend on
| something, you may keep using things that have been proven
| reliable.
| CapitalistCartr wrote:
| At least the USA and our allies are extremely conservative in
| adoption of unproven tech and have extremely high standards for
| security. The article states "modern methods are not safe" and
| is correct, in my experience. Numbers stations and One-Time
| Pads are a well-known and proven method, not just the
| encryption, but the entire process from delivering the pads to
| receiving the messages.
| localfirst wrote:
| how do you create encrypted communication that isn't easily
| triangulated?
|
| some youtubers are pushing LoRa but its hardly secure or
| encrypted
|
| creating your own number station requires shortwave broadcast
| which takes up a ton of power and your station is known
|
| the only way to break 5E is good old paper with one time pad
| encryption with dead drops but its hardly efficient
| oceanplexian wrote:
| This is exactly what Meshtastic is designed to do. Messages are
| encrypted with AES256, its extremely low power (And thus hard
| to triangulate), and can use a low powered repeater, hiding the
| location of a sender using a directional antenna. Nothing is
| impossible in terms of tracing or finding vulnerabilities but
| Meshtastic makes it a pain for an adversary.
| KaiserPro wrote:
| meshtastic is terrible for avoiding triangulation. you
| operate in receiver mode _and_ you have a unique ID. so you
| can send nonsense packets to that ID repeatedly and it 'll
| send them right out again.
|
| Any kind of forwarding system with static IDs is very much
| not triangulation resistant.
| user32489318 wrote:
| Instinct tells me that you can have one of three, non
| triangulatable, secure/encrypted or high bandwidth
| jrexilius wrote:
| LoRa is just a transport layer. You can do whatever encryption
| you want and LoRaWAN has some basic encryption built in. It's
| hard(er) to triangulate if you don't have constant traffic
| (like route updates in mesh, or heavy concentrated users like
| at a concert or protest), but be aware that AWS sidewalk (and
| all the alexa devices fielded in peoples homes, etc.) run LoRa
| antennas and traffic. So in the US, Amazon could do a
| reasonable job at triangulation of frequent emitters. In China
| and EU there is infrastructure in place (5G/SDR stuff overtly)
| that can do a pretty good job at triangulating a wide band of
| RF emitters.
|
| Meshtastic is not really designed to avoid that, but more for
| resiliency and off-grid type scenarios. Your best bet of really
| avoiding triangulation by state or telco level infratructure is
| to get creative with frequency and even transport layer
| hopping. None of which is really consumer friendly.
|
| [edit-to-add] another tactic to for low probability detection
| is to hide in noise on high traffic channels. basically figure
| out what their filter sensitivty is and see if you can go below
| that threshold and still maintain coherent channel, etc.
| immibis wrote:
| On the subject of hiding in high traffic channels, I wonder
| if I can even mention satellite piracy without getting on
| more watchlists. It's a thing that exists. Many satellites
| are relatively unsophisticated signal repeaters, and the
| antenna that receives their uplink signal isn't very
| directional, either. Or so I heard. Some companies have been
| known to go crazy trying to find out who's transmitting to
| their satellite that shouldn't, because they could be almost
| anywhere. Of course, if caught, they go to prison for a long
| time.
| jrexilius wrote:
| Yeah, it's also worth noting that Starlink and a few other
| commercial companies are offering text-based services to
| _unmodified_ cell phones (no special sat hardware), which
| means they can get signal, IMEI, etc. LoRa is also used as
| transport layer for some cube sats and edu type sats. A new
| company just tested Bluetooth-to-sat. So even on the
| commercial side there are overhead sensors that you may
| need to be concerned about on the triangulation front. It's
| a hard problem to crack...
| immibis wrote:
| Starlink satellites are not dumb signal repeaters. They
| also use relatively localised spot beams. But yes,
| anything you transmit through one probably can't be
| localised to within more than about a hundred km, if the
| only available information is which beam you're in at
| which time.
|
| You'd need to avoid providing information about the time
| the beam crosses over your position, which means you'd
| only activate your connection sporadically, at carefully
| planned times. You might pick a location relatively near
| you and down-orbit from you, and connect when _that_
| location comes into view of a new spot beam, and
| disconnect when it 's directly over that location,
| perhaps.
| blantonl wrote:
| The United States military has legacy UHF satcom satellites
| that are essentially bent-pipes that operate on UHF
| frequencies. There is an entire subculture of South
| American and European pirates that uses these transponders
| for everything from clear voice to encrypted data.
|
| and they do this right alongside active, legit meant US
| military users. It's wild.
| immibis wrote:
| If you're an average Hacker News user, you use Tor over the
| Internet. If you're a more paranoid one, you use Tor to access
| your Protonmail account that you use with Mixmaster.
| KaiserPro wrote:
| > isn't easily triangulated?
|
| Depends.
|
| Anything with high enough power is triangulateable, if you have
| either enough time, or enough listening equipment.
|
| also what precision are we talking about?
|
| on longwave you can bounce radio signals about quite a lot, but
| you lack bandwith, and the antenna are huge.
|
| If you have a high band width transmitter, and you are doing
| async transmission, ie send a message when you are far away,
| then its not as critical.
| guardianbob wrote:
| Fax Machines FTW baby
| nicbou wrote:
| If that were the case, German intelligence would have a far
| better track record
| dfc wrote:
| This is the article by Ingesson and Andersson.
|
| Clandestine communications in cyber-denied Environments: Numbers
| stations and radio in the 21st century
|
| https://www.tandfonline.com/doi/epdf/10.1080/18335330.2023.2...
| barbs wrote:
| Sort of related - someone uses Windows 98 and tries to install a
| virus, but can't.
|
| https://youtu.be/mbbRUDexuBk
| sreejithr wrote:
| No shit
___________________________________________________________________
(page generated 2024-07-07 23:00 UTC)