For three months, mysterious telephone numbers have been appearing on the Craigslist classified ad site which, when called, play recordings which sound much like shortwave numbers stations used by certain governments to communicate with intelligence agents in the field who are unreachable by other means. Now the secret behind these phone numbers stations has been revealed.
The numbers stations, placed on Voice over Internet Protocol (VoIP) telephone numbers, were created by several people who attended the Los Angeles 2600 meeting in May of this year, apparently just for the hell of it.
The stations, which used one-time pads for encryption, “were an experiment to try to estimate the size, power, and organizational capacity of the online cryptographic community,” according to a statement on the group’s web site.
The group of hackers, Strom Carlson, Vidiot, datagram and skrooyoo, presented their findings at this year’s DEFCON hacker conference in Las Vegas, Nev.
The presentation detailed how third parties could be used unwittingly to create a virtually untraceable communications channel between two parties in order to foil traffic analysis attempts by hostile intelligence agencies. It seems to have worked.
According to the Web site the group set up to explain the numbers stations, they posted a message May 11 to the Spooks mailing list in order to generate interest in the initial message. From there, hacker bernieS discovered the message and it was aired on WBAI’s Off The Hook radio show. This is where I found it.
It perhaps seems natural that one group of hackers should find and publicize a message sent by another group of hackers.
Carlson, Vidiot and skrooyoo, who were getting drunk in a Las Vegas hotel bar this afternoon, all separately apologized for “putting you through all this trouble,” and Vidiot said that “I hope you took it in the way it was intended.” I certainly did.
Carlson also explained how he sampled each of the numbers zero through nine: “We called people (MP3) on Craigslist who were advertising erotic services,” he said. “You know how when you call someone up and just say the same thing over and over again, like ‘3, 3, 3,’ eventually they will repeat it back to you in order to get you to stop. That’s how we did it.”
The group said on its web site that after Mike from Off The Hook created a “fake” numbers station to promote the HOPE Number Six conference that interest in the numbers stations faded, as people began to think they were all pranks. I can attest to that: each subsequent message generated less and less interest after that point.
The group then met to try to figure out how to rekindle interest in the numbers stations, and decided to post them more frequently. All but the last two have previously been documented here, but the ninth station was as follows:
This message was posted to Fort Lauderdale, Fla., Craigslist on July 28 at 5:25 pm:
For Mein Fraulein
Mein Fraulein,
Absence makes the heart grow fonder, but can also lead to questions. I have many. Call me.
///954///622///9338///
Calling the number (it’s not answering today) yields the following message:
Group 216
01306 90090 29080 03207 70120
15010 08501 80050 31013 01207
80400 02004 06807 90180 79089
02801 60690 73016 08200 00150
21004 02502 70170 29000 01202
90790 20011 00108 60180 15012
01106 80840 24069 02902 50790
27019 06903 10890 65006 06509
20660 89094 07103 00790 71040
02007 30130 04093 06900 00480
09085 08902 40200 78017 08601
70290 00027 02200 00680 77017
06902 70020 69084 04004 10380
58110 07708 30710 12000 01206
80160 29067 00401 20670 40076
02707 1
The number is owned by Global Crossing, again. I have no recording of the station, since it is not currently answering.
The group admitted that all but one of the messages used a one-time pad and has provided solutions for several of the messages, but not all of them, for “reasons that will become clear shortly.”
Several of the messages for which the hackers provided decrypts are shout outs to various people in the hacker community.
Carlson said that he passed out “Make your own Mein Fraulein station” CDs at the presentation, which contain the sound samples and Asterisk AGI code to run your own VoIP number station. He made a copy of the CD available for those who were unable to attend.
And the group today posted its tenth and final numbers station at 12:27 pm today to Gulfport, Miss., Craigslist.
For Mein Fraulein
Mein Fraulein,
I regret the burden I have placed upon you. Confer with me once again on the river’s west bank, and I will take you home. Call me.
///228///702///0304///
The number, when called, plays the following message (MP3):
Group 254
07508 20770 80086 06906 70710
83070 06506 70760 74085 06907
20710 80073 07209 00760 82074
08408 80790 78079 09007 90730
72086 07708 60800 86079 07607
20790 81073 07308 80870 74074
08007 90880 87065 07107 80790
86072
A note on the group’s web site says that this message does not use a one time pad. Perhaps that means that it can be broken easily. Carlson hinted to me that the message should be breakable.
(No Ratings Yet)
Loading ...
Gardner Goldsmith explains why claims by politicians that consumers can become "irrational" and why claims by the same politicians that government can help "fix" markets are both false and misleading. He also explains what the terms Praxeology and Epistemology mean, which is key in understanding how to place free markets in their proper place among human history.
Join the members of the Liberty Conspiracy as they discuss issues ranging from the "Incorporation Doctrine" and gun rights, to the NBA, to protests conducted at military funerals, protests that are being challenged by government, and which will be heard by the philosopher kings in the U.S. Supreme Court.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works license.
Video published by this site is licensed under a Creative Commons Sampling+ license.
Facebook
Digg
del.icio.us
reddit.com
Newsvine
Anarchyx67
Aug 05, 2006
Don’t we feel st00pid now. I hope they rot in hell for doing it. What a waste of time and effort. And just to give them statistics. Nice…
Michael Hampton
Aug 05, 2006
Well, they did say they were sorry…after I finally got them on the phone.
Matt
Aug 05, 2006
I think it’s cool.
I havent got the brain power for something like that
darren
Aug 05, 2006
ok,
So what are these clowns saying now? Are they saying messages 1-4 and message 10 dont use a one time pad.
simon
Aug 05, 2006
Good read, to bad the numbers dont work still.
Anarchyx67
Aug 05, 2006
Yea, I think they should really provide on what their intent is ont he messages that don’t use a OTP. I mean really, we’ve wasted enough time guessing, and would imagine that after this, many from the community just won’t care anymore. I could be wrong though, not trying to speak for anyone else.
I think it would be funny if the NSA picked these guys up…for something…
:-)
Michael Hampton
Aug 05, 2006
My understanding is that only the final message posted today doesn’t use a one-time pad; all of the rest do, though they haven’t released the keys or the plaintext for the first four messages.
Their original intent was to have two of the messages use the same key from the one-time pad, so if you still want to take a crack at them, this might be the best line of attack.
Aug 05, 2006
>> DefCon Chronicles: untraceable voice communication channels @ Gadgets, tech and links
Frank
Aug 05, 2006
Anyone have a recording of the DEFCON presentation?
Fake Rake
Aug 05, 2006
At DEFCON I think they said that if you want to try to crack the first four, the best bet is probably to just try random XORs against the cyphertext.
The one time pads are all quotes from e-mails from someone else in their 2600 group. If you can get those old e-mails to their mailing list, you should have all the potential pads.
Fortyseven
Aug 05, 2006
…
bernieS
Aug 05, 2006
This was a good spoof and social experiment…it generated so much interest in the online cryptographic community that 2600 couldn’t resist spoofing it ourselves.
Anonymous
Aug 06, 2006
I still don’t know what they did..
Brad L.
Aug 06, 2006
… Paging Elonka Dunin, Paging Ms. Dunin …
Aug 06, 2006
TechBlog
Michael Hampton
Aug 06, 2006
Well, all of you trying to solve the last message are too late. Looks like it was a classic Vignère cipher. Very easy. I have no idea why it took some guy 16 hours. Maybe he was drunk.
The first four are still up for grabs…
Aug 06, 2006
» Phone numbers stations mystery revealed at DEFCON - Haiku Headlines | Headlines of Today. In 17 syllables. What more do you need?
Q-ball
Aug 06, 2006
bernieS: how is it a spoof when you use the exact same content as these guys did? That sounds more like plagiarism to me.
bernieS
Aug 06, 2006
Before almost anyone knew these PSTN-based numbers tranmissions themselves were a spoof, 2600 did an actual radio broadcast (simulcast on international shortwave, no less) spoof of them with our own encrypted content to give away tickets to HOPE Number Six to the first person to figure it out: http://blog.hopenumbersix.net/2006/06/22/numbers-station-solved/
Parody is not plagiarism, according to SCOTUS. This was all in good fun. Sorry if you didn’t get the joke or figure it out.
Aug 06, 2006
A Day in the Life of an Information Security Investigator
Jake (Phoenix)
Aug 06, 2006
Hey there, just thought I’d point out that ToT was a group of people who started work on it, without cryptologists, without any information regarding the authors, etc. We merely had a piece of paper to go off (without Internet) to begin with. It took a long time to figure out because none of us had any experience in this area, but were rather just trying to have a good time. Thanks to Project Evil for providing us with a day filled with good times :). Cheers!
datagram
Aug 07, 2006
Look, I finally get to post!
For the record, I was especially drunk when they called you. : )
I also take full responsibility for the initial talk that started the local number station interest. All apologies :)
I got alot of questions after the talk, I assume some of you will have the same:
1. How will we get to see the first four messages? Like I told people during the talk, brute force it. Generate a random key of length N (length of message) and XOR it against the ciphertext. (Note: Push all the decimals in the ciphertext back to ASCII first) A simple script can be done to do this that only uses < 10 lines of code. You can even be fancy with word recognition, if you so desire : )
2. So…the first 4 aren’t OTPs? They are, the last (10) isn’t.
3. What’s the point? The point is that it’s blatantly easy to create a public channel to send messages to other people while getting your recipient lost in the noise.
4. The advantage of VOIP? Increased anonymity of the station (in a general sense) for decreased anonymity of the callers, but this only applies when it is feasible to search for identifiable recipients (generally, you only have their name/number to go on…but, payphones can be used and at worst give a location of a recipient at a SINGULAR point and time. This of course assumes the recipients don’t have the capabilities to spoof their caller ID, which may or may not be worth taking into account (it’s easy, but how many people do it?).) Cost and ease of setup are also big here. Hammies will probably find you and report you for shortwave without the necessary paperwork while VOIP is very simple.
Random thoughts: Alot of people wondered why go through the “trouble” of this when other means of crypto and communication (mainly global net based) can be used. This approach is barebones, you assume that all factors will remain secure, and this is foolhardy. In this approach, it is assumed that all systems (assume a webserver handing out sensitive data by whatever means) involved have no other problems. What happens when the zero-day apache worm comes out? When there is a problem with your OS? What if the PKI program is flawed? If the encryption algorithm itself is flawed? Of course, Asterisk is not immune to all of these problems, but it is extremely simplified in terms of maintenance and paranoia. OTP should be the ONLY choice for one way communications in terms of security (assuming a random, or generally “obscure,” key is used) and reliability. Its also easy to do on paper, leaving out the need for computers or any other devices.
Next time something like this happens, real or not, brute force the OTP. This encryption is the obvious choice, and it’s not viable to waste time using other methods, for the most part. Given how long our messages were it should not be hard to spot the real message (the longer the OTP the easier it is to decrypt and identify a “real” message) There is no need for all the obfuscation of “if I shift the bits one to the left then multiply by nine, etc etc” because it doesn’t help to add very much to the strength of the ciphertext.
Also, don’t run frequency analysis techniques on OTPs. Because each letter is tied to a different part of the key, duplicate letters will be encrypted differently, making letter/number frequency useless.
If you have any questions ask me here and I’ll be happy to answer.
Frank
Aug 07, 2006
Your argument, datagram, that you can bruteforce the key is completely wrong. A correctly implemented one-time pad allows for any message you desire to be returned after decryption, it’s just a matter of generating the right key. This is why they are mathematically proven to be unbreakable.
Also, is the audio (or video) of the presenetation up anywhere? I’d like to complete the collection.
CodeAc
Aug 07, 2006
Well I’m glad the mystery is over. I think a few of us towards the later messages started thinking it was some elaborate prank or social experiment. What strikes me as funny though is how PO’ed people got when the source of these messages were revealed. eg look at the start of this thread. Lighten up people and take it in stride. No harm was done.
as far as saying that 2600 wasen’t original and they stole the whole idea from the messages, then it can be said that the messages on Craigslist are just derrived from the old Shortwave numbers station so that not neccessaraly original. It was fun though none the less. People just need to not be so serious about everything and sit back and just say “ahhh you got me, hahaha”
darren
Aug 07, 2006
Datagram,
Why did you pick the aha music?
Q-ball
Aug 07, 2006
CodeAc, bernieS: I think I may not have explained my point as well as I could have.
The objection here is not to HOPE using the same idea, but rather taking the audio content these guys had put together and re-cutting it to make their own station.
While it makes sense from a copycat perspective to do this, I don’t think they’d like it if I were to rip off their website’s design wholesale to promote an event I might be organizing. Anyone can set up a numbers station or website, but it’s the content that it contains that makes it unique. It’s the content that was plagiarised, not the idea (though you could make an argument that the idea and the content are inseparable in this case, but that’s not where I want to go with this).
If ‘reusing’ someone else’s content without permission is perfectly acceptable, then I could go ahead and open, say, a scat fetish site and just lift the HOPE site’s design wholesale for it, right?
It’s no wonder 2600 is in the toilet if they can’t event sit someone in front of a microphone long enough to record ten numbers being read. Copying the idea (and let’s face it: it was a blatant copy, even using the same name) was one thing, but using THEIR OWN CONTENT THAT THEY HAD CREATED to do it with was just plain poor form. While I’m all for harmless pranks carried out in good fun, it still doesn’t change the fact that the execution in this case left a lot to be desired on HOPE’s behalf.
skroo
Aug 07, 2006
darren,
The music was actually chosen by Strom. Basically, one day while driving around with his iPod on shuffle, it played a selection from the CONET project followed by A-Ha’s ‘Little Black Heart’. It hit him that the bridge on that song had a certain numbers-station quality to it, and we ended up using it. Probably the best station to compare it to to see what I mean is Lincolnshire Poacher; while not exactly identical, there’s a lot of the same feel to them.
datagram
Aug 07, 2006
Frank: This is true, but only if the source of the keys is truly random. We disclosed where the keys came from, so cracking the others is still possible (and generally trivial, with a small amount of work).
Strom Carlson
Aug 07, 2006
I’m really impressed by the ToT guys (“Team Only Team”). When we handed out the crypto challenge flyers at 11 AM, we figured a couple of crypto geeks would pick it up, bang on it for a few hours, and have it solved by the afternoon. Instead, a friend of mine called me up while I was having dinner that night and said “there are some guys here who are working on this that would love to talk to you about it.”
Imagine my surprise when I discover a team of about 15-20 people sitting in a circle in one corner of the DEFCON chill-out room, surrounded by a ring of discarded food wrappers and beverage containers, who have been working on this for ten hours solid without a break. I was immensely impressed by the enthusiasm and creativity these guys put into solving this, even though they had almost zero information at the start. They eventually solved it at the sixteen and a half hour mark after we gave them some hints and clues.
My hat goes off to these guys. They’ve certainly managed to impress and inspire me with their creativity and enthusiasm. Never would I have imagined that anyone would get this involved in our silly little impromptu crypto challenge. Congratulations, guys! :D
Ryan
Aug 07, 2006
I guess I’m mainly still curious about the technical aspect of the whole thing–particularly how a VoIP number was set up with an “auto-responder,” for lack of a better term. What sort of piece of technology was used? An Asterisk server, or something simpler than that?
skroo
Aug 07, 2006
Ryan,
You’re exactly right when you say it was run over Asterisk, but there was no auto-responder per se. Basically, each number was functionally equivalent to just calling a pre-recorded information line such as for movie showtimes or lottery numbers: there was no interactivity involved at all. We noticed that some folks sat there pressing keys (judging from comments on various forums) to see what would happen – good thinking, but the line really was as non-interactive as you could get :)
Michael Hampton
Aug 07, 2006
If you weren’t able to get to DEFCON, I’ve put a copy of the Make your own Mein Fraulein station CD up on BitTorrent. (Thanks Strom!)
bernieS
Aug 07, 2006
CodeAc, get over it and get a sense of humor. The 2600 spoof was an obvious *parody* of a PSTN numbers “station”. Anyone familiar with the history of the numbers station monitoring community knows there’s been parodies of these broadcasts, and the content of the 2600 numbers *message* was a unique puzzle.
It would’ve much easier for 2600 to record our own numbers or use telco recordings, etc, but we intended the parody to sound similar to this numbers “station.” We certainly had no intention of diminishing interest in Project EVIL’s brilliant social experiment, because nobody knew that’s what it was.
If you’re that much into the whole scat fetish thing (which you seem to be by using terms like “toilet”) then feel free to use the HOPE website as your design inspiration. It’s not copyrighted any more than this amusing thought experiment was.
Michael Hampton
Aug 07, 2006
Q-ball, I’ll note for the record that Strom passed out CDs at DEFCON with all the audio files on them for anyone to use, and also provided the copy which is now on my BitTorrent tracker. You can’t get much more permission than that. :)
Ryan
Aug 07, 2006
I’d be happy to seed that Torrent as well if someone would get it started.
Michael Hampton
Aug 07, 2006
Get started? I’ve got two seeds going and I can see a third seed and several other people connecting. Start it up and go do something else for a while.
I’m using BT 4.4.0 (yes, I suck) so it might be a few minutes before your download starts.
Ryan
Aug 07, 2006
Could just be that my work connection is blocking the Bit Torrent client. I’ll give it a whirl when I get home.
SKYWALKER107
Aug 07, 2006
I can’t connect to get it.
It also kinda urks me that i should have noticed something was up. I had been monitoring who came and grabbed a copy of my army crypto file. I didn’t even notice that a bunch of the IP’s where from the LA area until just now when i went back and looked at the log files. Oh well. Hopefully someone will post a transcript or recording of the speech they gave a DEFCON.
skroo
Aug 07, 2006
SKYWALKER107,
If it’s any consolation, nobody noticed that our talk had been on the Defcon schedule for nearly a month prior to letting the cat out of the bag. We were pretty sure that that alone would be what caused us to be called out, if anything – but I guess that the HOPE diversion pulled speculation far enough away from Defcon that nobody put two and two together and came up with the right integer ;)
SKYWALKER107
Aug 07, 2006
Do you guys have a copy of your discussion anywhere for download?
bernieS
Aug 07, 2006
skroo,
very nice job on the numbers “station” experiment. while i’m glad
that 2600 / Off The Hook helped to publicize the mystery (which was
later picked up by Slashdot) we’re also saddened that our spoof of it
caused interest in your (unbenounced to us) experiment to
wane. please accept our sincere apologies.
i’m sure some appreciated the irony that (some of your) original
numbers message was broadcast over a 50KW international shortwave
transmitter (7415KHz) that was heard across north and south america. no doubt
havana moon was probably smiling that night ;-)
cheers,
-bernieS
2600 Magazine
Off The Hook
Michael Hampton
Aug 07, 2006
Okay, lots of people are complaining about the BitTorrent. I can’t help you with your work firewalls. But I did test it and one BT client downloads the whole thing successfully from my two seeds. And someone else was able to download the whole thing also (but isn’t seeding). Please leave your downloaders running and seed! This will help out other people as well as take some burden off my server, which got hit fairly hard this weekend. :)
skroo
Aug 07, 2006
BernieS,
Just got around to replying to your email. No worries about the diversion – you guys couldn’t've know what you were walking into, so not a big deal at all. And the irony of the VoIP stations ending up going out over SW in the end certainly was *not* lost on us :)
Cheers!
Fortyseven
Aug 07, 2006
Torrent flying at 150k/sec, just finished, and I’ll seed it as long as possible. :)
Much thanks to all those involved with doing this, it certainly filled my life with a bit of exciting intrigue for a couple months, not to mention kicked my ass making me finally take a more active role in learning about crypto. I ended up buying ‘The Code Book’ and finishing that, which makes me crave it even more.
CodeAc
Aug 08, 2006
Yeah I had fun with this as well. Reading these threads over the past couple of months made me take an interest in Cryptography as well.
I think I might have been misunderstood as a previous post blasted me for not having a sense of humor.
I had a lot of fun and it gave me something to read over the past couple of months. I was just making note of how upset people got.
Now that its all revealed I’m gonna kinda miss it when the talk dies down.
SKYWALKER107
Aug 08, 2006
Yeah the torrent worked for me. But it looks like I only seeded about 3 or 4 copies before I lost my connection last night. Any word from anyone on a recording or a transcript of the DEFCON Talk?
Michael Hampton
Aug 08, 2006
Oops, tracker decided it wanted a vacation. It’s back up.
As for audio of the conference, unfortunately it appears you have to buy it.
SKYWALKER107
Aug 08, 2006
That blows. I wanted to see what they had to say specifically about all of us talking about this.
Q
Aug 08, 2006
ha.
skroo
Aug 08, 2006
SKYWALKER107,
I know this isn’t as good as the audio would be, but the Reader’s Digest version basically runs as follows: we were pretty impressed with the effort that the community put into cracking the messages as well as tracking down their source, but the lack of organisation between people working on it probably hampered efforts somewhat.
Note that this isn’t a criticism of the community. But there’s no central place that people can go to work on crypto-related projects in general and share information (mainly to avoid repeating effort, as well as take advantage of peer review); this probably meant that effort may not have been as sustained or focused as would’ve been beneficial.
But yeah, the fact that approximately 700 different attacks were tried was pretty impressive, and we certainly saw a lot of good thinking. Again, this response was honestly way more than we ever could’ve imagined would happen.
Fortyseven
Aug 08, 2006
Sounds like there’s a need for a community-focused site for amateur crypto enthusiasts. (Unless there’s already one out there — I didn’t exactly do a hunt for an existing one.)
Anarchyx67
Aug 09, 2006
SKROO,
Did you ever think that maybe the reason there was no organization, was because there’s never been a need for one?? Why do we need a central place to go to to work on Crypto related cases? Are we going to start breaking government codes to the point that it does draw the NSA into it and starts getting people harassed?
Maybe I’m missing something here, but I wonder if maybe you’ve got a couple of matches in your hands looking to play with fire.
A.
skroo
Aug 09, 2006
Anarchyx67,
I’m not sure I understand where you’re coming from – having read through your posts both here and in other related threads you’ve seemed to want to crack the messages, but then suggest that having somewhere where people can get together to do so in an organised way is ‘playing with fire’. How are we getting from one to the other?
Group effort != automatic magnet for unwanted attention by TLAs. Amateur cryptographers have been around for as long as cryptography’s existed, and quite openly so too for the most part. This wouldn’t really change anything.
Vidiot
Aug 09, 2006
I just wanted to let you know I’ve updated the http://www.projectevil.org website with some more info. It now has some decryptions for the first four messages, as well as an overview of our DEFCON talk in the ‘Conclusions’ section.
Darren
Aug 09, 2006
I think were all ready to finish off krytos now.
Everyone begin. :)
Darren
Aug 09, 2006
Kryptos
Darren
Aug 09, 2006
cool site
http://rumkin.com/tools/cipher/vigenere-keyed.php
anarchyx67
Aug 10, 2006
SKROO,
Sorry for the confusion. My point is that if it’s something clandestine in nature, sure I’d love to crack it. But when it’s nothing more than a group of “Vidiots” doing something just as an experiment, it’s nothing more than irritating.
That thought then made me wonder, without my knowing that the community had existed for so long, why it exists. What other messages have people intercepted that the community would try to decrypt? I guess with the numbers stations out there, I can see it. But are there more messages going around that people are getting access to, other than the numbers stations?
skroo
Aug 10, 2006
Anarchyx67,
Okay, that makes more sense. However: if it weren’t, as you put it, a “group of “Vidiots†doing something just as an experiment,” would that make it any less irritating? I notice from your earlier comments that you feel as though we wasted your time, but in all fairness I should point out that we weren’t twisting your arm to follow what was going on either. A coded message is a coded message regardless of the source, and nobody is compelled to pay any more attention to it than they choose. Some people tried to crack them, some decided to sit back and see how things unfolded, and some called it a fake and ignored it.
Shortwave numbers stations are a good example of this: in the time that I’ve been following them, I’m not aware of a case where a single message has been cracked by a member of the public – yet I still keep an eye on what’s happening with them. And if someone does manage to successfully decrypt a message and it turns out to be a bunch of bored military radio operators sending each other clandestine fart jokes rather than North Korean nuclear secrets, big deal. It’s still been entertaining, and filled in what would’ve otherwise likely been some rather dull moments in my life.
Moving on: it’s hard to say quantitatively what other messages may be being intercepted that people are working on decrypting – again, with a lack of organisation behind individual efforts, work tends to remain fairly cloistered with the result that . However, cryptographers are typically keen on setting challenges for each other and seeing who can break them; sort of a wargame in the absence of anything really juicy to work on. Hell, even the CIA plays this game: if you’re not familiar with the Kryptos sculpture, I’d strongly recommend reading up on it. There are a *lot* of folks trying to break the final part of that one.
skroo
Aug 10, 2006
Gah, low on caffeine. “work tends to remain fairly cloistered with the result that .” in the final paragraph above should have read, “work tends to remain fairly cloistered with the result that knowing the breadth and depth of what is actually being worked on by the community isn’t really possible, though there are a few high-profile cases such as with numbers stations.”
Aug 15, 2006
SecondAgenda : For Mein Haha?
Aug 22, 2006
BFW Local 734 » Numba
Aug 30, 2006
EveryDigg » Blog Archive » Phone numbers stations mystery revealed at DEFCON
Conrad Slater
Sep 02, 2006
Whatever their meaning I thought they sounded great. Really scared the shit out of me.
Sep 02, 2006
Number station mystery revealed -
Sep 17, 2006
Crietzman.Org Weblog » Blog Archive » Mein Fraulien
CryptoCat
Oct 07, 2006
More Mein Fraulein Mayhem?
I recently saw this ad in the Baltimore Craigslist, Who can crack this code? What is this all about anyway?
baltimore craigslist > missed connections > Mein(e) Fraulein
http://baltimore.craigslist.org/mis/217192532.html
Mein(e) Fraulein
besucht mir jetzt http meinfraulein.blogspot.com
thank you for our wonderful voip conversations this summer but now my phone is broken
QHYSI KMKUH GMLOG KBXKO FWHUK
FESGR LAMYG GYXCO JXJUF XNXAF
WFIYG SZIYH ZTXCW DEFKS EUIJR
WWMTX HXKYT GKQTC OHRNH LIACK
VTXKB KVLAH RSITH JNQJS KXPHG
LWEZS FLGNI LSMTH WKRKH KMIMO
FHKXO HAMKX HAWNH E
Liebe,
Klaus
this is in or around Not Specifically Attributable
Roy
Oct 10, 2006
The concept seems to have caught on. I’ve identified at least two covert streams in the “Casual Encounters” section of craigslist. One is distinct. The other has at least two variations that may or may not indicate separate sources. An interesting diversion.
sam
Nov 01, 2006
Well back in the days, they used to use music for people to properly tune into the station they wanted to listen to..it would be played so a proper frequency was established..if its a telephone why would you need to ‘tune’ in? why the music at all? i say its a prank..since there is no need for music to properly tune in..just my opinion though
Pete
Nov 23, 2006
Fair enough putting a one time pad together, but why go in that direction in sharing the message to be decrypted? What was the point of their pseudo-secretive approach?
Also, I’m not sure they have the coding right. Compare what they use to number station codes and you can immediately tell the difference. For starters, all those zeroes!
Actually, I wouldn’t be surprised if the Defcon people are taking credit for something for which the real reason won’t come out anytime soon. No, not saying this is a genuine covert message, but I’m sure people have been lining up to say this was me/us! Seen it before….
Anyways, whatever, it’s all good fun!
Karl
Nov 27, 2006
I have been noticing someone posting what appears to be
ONE TIME PAD style code number groups under videos in a site
called YOUTUBE. I wonder if it is these same people!
Karl Lawson
Daryl
Nov 27, 2006
ATTENTION THERESA:
3484 1696 8847 1912 6973 6893 6716 0334
1976 0989 3669 6119 2378 6330 1970 2384
9726 3314 1022 5385 3935 6079 0215 6918
8714 3792 5565 1894 0713 8383 1858 8224
7581 7018 2224 9933 4916 8603 9545 6631
0115 2454 0391 0747 2660 7757 0711 2576
1984 9319
END MESSAGE
DEBORAH
Nov 27, 2006
I was reading the posts and I can promise you that based on what I have studied in math and probability, that IF the person using a one time pad code is using a code based on
TRULY randomly chosen characters, there is virtually no way
to brute force decrypt the message. This is especially true
if the person generating the pad used something as low tech
as shuffling cards , tossing role playing “dice”, or had numbered or lettered balls in a rotating basket BINGO style.
I do not know if this is true, but I have heard that even today whenever countries without supercomputer technology at
their command want to generate truly random OTPs, they
actually have roomfuls of people picking balls or slips of
paper out of mechnical “randomizers” and typing it down on
paper that is later copied. On the other hand, the high tech
nations use a computer or computers that pipe in Cosmic
Background Radiation, and convert it into whatever characters
they are using for that operation. The CMB “noise” is so chaotic as to provide THE best source of randomness for the
speed and volume they are looking for.
Deb
Choybalsan
Feb 23, 2007
“Number owned by Global crossing”…..