[HN Gopher] Operation Gunman - how the Soviets bugged IBM typewr... ___________________________________________________________________ Operation Gunman - how the Soviets bugged IBM typewriters (2015) Author : mtmail Score : 203 points Date : 2022-07-03 08:01 UTC (14 hours ago) (HTM) web link (www.cryptomuseum.com) (TXT) w3m dump (www.cryptomuseum.com) | twoodfin wrote: | With all the sophistication that went into uncovering and | analyzing these bugs, it's fairly surprising that the Selectrics | weren't secured during delivery or thoroughly inspected upon | installation. Embassy typewriters seem like a natural vector for | espionage but somehow weren't previously perceived as such? | agumonkey wrote: | This article is such an engineering joy to read. I love | electromechanics. | soufron wrote: | This is such a good example of an ad-hoc technology - that most | people dont even understand to exit. | | People usually believe that state agencies or powerful | institutions and individuals will use the same technology that | they are used to. But when a specific goal is in mind, it means | new ideas, new stuff, new ad-hoc technologies. | mrtksn wrote: | There are specialised tools in all kinds of industries that can | be considered unconventional or even alien for by a regular | consumer. Even things like industrial dishwashers are very | different that the regular household ones. Most of these are | not even custom made but simply designed for different needs | alien to typical household needs. | | The spycraft gadgets, I believe, resemble industry-specialised | tech. When you don need something custom there are engineers | and companies that can build it for you. | bobowzki wrote: | Cryptomuseum.com is such an amazing website. | Cockbrand wrote: | How's that? I mean, it doesn't even mention bitcoin _once_ /s | bryanrasmussen wrote: | That in itself is a source of amazement and wonder! | LaputanMachine wrote: | The existence of the Selectric bug was mentioned in an issue of | Popular Science from 1987 [1]. | | In the article, a typewriter salesman from New York correctly | describes the working principle of the bug, even though the exact | working principle of the bug was not publicly known at the time. | The six metal bars as well as magnetic switches are mentioned. | | See the paragraph "Low-Tech bugging" at the bottom of page 87, as | well as the subsequent paragraph "The cold (bugging) war" on page | 88. | | [1]: | https://books.google.com/books?id=mgAAAAAAMBAJ&pg=PA87#v=one... | TedDoesntTalk wrote: | Back when Popular Science was worth reading. Thanks for the | link. | dang wrote: | Related: | | _IBM Selectric Bug_ - | https://news.ycombinator.com/item?id=21947924 - Jan 2020 (4 | comments) | | _Operation Gunman - how the Soviets bugged IBM typewriters | (2015)_ - https://news.ycombinator.com/item?id=16246432 - Jan | 2018 (18 comments) | | _Operation Gunman - how the Soviets bugged IBM typewriters_ - | https://news.ycombinator.com/item?id=13255334 - Dec 2016 (9 | comments) | | _Selectric bug_ - https://news.ycombinator.com/item?id=10773214 | - Dec 2015 (17 comments) | | _Learning from the Enemy: The Gunman Project (2007) [pdf]_ - | https://news.ycombinator.com/item?id=9954159 - July 2015 (43 | comments) | rcurry wrote: | What was so impressive about all that was the level of | technical ingenuity that went into it. I thought this one was | pretty cool as well: | | https://en.m.wikipedia.org/wiki/The_Thing_(listening_device) | | If my memory is still holding up I think they also pulled off | another passive bug in a State Department conference room one | time but I can't remember enough about it to find a reference | online. It was the same deal though - short piece of wire | attenuated to a certain frequency and they'd illuminate it with | a microwave truck parked on the street. | kevin_thibedeau wrote: | They bugged some molding in 1999: | | https://www.cnn.com/2017/08/23/us/spyhunter-russia-bug-us- | st... | MomoXenosaga wrote: | Countries spying on eachother is what keeps them from going to | war. Without it you are left guessing if your opponent is gearing | up for war. | birdyrooster wrote: | It also triggers wars (looks at FSB in Ukraine) | mhh__ wrote: | MI5 were supposedly spying on the French in the 1950s by lifting | cipher keys being typed with microphones through a wall | politelemon wrote: | I wonder what the response was. I know they removed the devices, | but not detailed us whether they did anything to mess up the | listening stations, muddy the waters, that sort of thing. But | then it could be, of itself, not responding was a response | enough. | elzbardico wrote: | Probably they used it to feed counter-intelligence. Hence, all | the precautions to substitute the devices without alarming the | soviets. | cs702 wrote: | So, back then, countries were going to extremes like | _retrofitting electronic typewriters_ with spying devices, and | secretly placing them inside the offices of their enemies, so | they could spy on their enemies. | | Nowadays, there's no need to do anything so extreme, because | everyone everywhere is already carrying a supercomputer with a | camera and a microphone, 24x7, and willingly agreeing to | _install_ and _share a ridiculous amount of information with_ | random apps! | a-dub wrote: | > Nowadays, there's no need to do anything so extreme, because | everyone everywhere is already carrying a supercomputer with a | camera and a microphone, 24x7, and willingly agreeing to | install and share a ridiculous amount of information with | random apps! | | i don't think that government employees who handle secrets are | allowed to use commodity smartphones. | [deleted] | SoftTalker wrote: | At some level, maybe not. But the majority of government | employees and contractors with secret clearance do use | commodity smartphones in their private lives. They might not | be able to enter the workplace with them. | | It's also not clear how well this is enforced. Don't forget | Hillary Clinton was running her own email server as Secretary | of State. | ffhhj wrote: | https://itigic.com/minix-the-hidden-operating-system-in-inte... | bayindirh wrote: | And, even a half-bad implementation of encryption is powerful | enough to make people lose enough time trying to decrypt them. | | This is why everyone is trying to ban cryptography on daily | apps. Because it's getting really good. | | Addendum: Don't forget Crypto AG shenanigans. | Agamus wrote: | Why in the name of science is this being downvoted? | LaputanMachine wrote: | Nowadays, technology firms are going to the extremes like | _implementing virtual machines with a custom instruction set | inside of PDF files_ [1], so they can sell exploits to | governments who use them to spy on their enemies. | | I think not much has changed. Highly sophisticated spying | activities are still happening in today's world. The advanced | techniques required are very valuable, and are thus only used | in cases where the desired info is valuable enough, and cannot | be obtained through simpler means. | | Users voluntarily sharing "a ridiculous amount of information" | are not the target group of today's sophisticated hacks, and | were not the target group of the Selentric bug either. | | [1]: https://googleprojectzero.blogspot.com/2021/12/a-deep- | dive-i... | stavros wrote: | Users sharing "a ridiculous amount of information" are | definitely not the target group, but it sure as hell is | easier when your target is in that group. | | Nowadays you don't need to bug a Selectric, you just need to | pay some ops person half a world away a few thousand to send | you all the info you need. | peter_d_sherman wrote: | First of all, excellent link! | | Virtual machines with custom instruction sets -- seem to be a | broader problem -- that they can apparently exist within a | PDF file is one specific instance of this broader problem... | | A selected quote from the article linked: | | >"Short of not using a device, there is no way to prevent | exploitation by a zero-click exploit; _it 's a weapon against | which there is no defense._" | | To the author of that article: | | Well, _" short of not using it"_, that is! <g> ___________________________________________________________________ (page generated 2022-07-03 23:00 UTC)