[HN Gopher] Operation Gunman - how the Soviets bugged IBM typewr...
___________________________________________________________________
Operation Gunman - how the Soviets bugged IBM typewriters (2015)
Author : mtmail
Score : 203 points
Date : 2022-07-03 08:01 UTC (14 hours ago)
(HTM) web link (www.cryptomuseum.com)
(TXT) w3m dump (www.cryptomuseum.com)
| twoodfin wrote:
| With all the sophistication that went into uncovering and
| analyzing these bugs, it's fairly surprising that the Selectrics
| weren't secured during delivery or thoroughly inspected upon
| installation. Embassy typewriters seem like a natural vector for
| espionage but somehow weren't previously perceived as such?
| agumonkey wrote:
| This article is such an engineering joy to read. I love
| electromechanics.
| soufron wrote:
| This is such a good example of an ad-hoc technology - that most
| people dont even understand to exit.
|
| People usually believe that state agencies or powerful
| institutions and individuals will use the same technology that
| they are used to. But when a specific goal is in mind, it means
| new ideas, new stuff, new ad-hoc technologies.
| mrtksn wrote:
| There are specialised tools in all kinds of industries that can
| be considered unconventional or even alien for by a regular
| consumer. Even things like industrial dishwashers are very
| different that the regular household ones. Most of these are
| not even custom made but simply designed for different needs
| alien to typical household needs.
|
| The spycraft gadgets, I believe, resemble industry-specialised
| tech. When you don need something custom there are engineers
| and companies that can build it for you.
| bobowzki wrote:
| Cryptomuseum.com is such an amazing website.
| Cockbrand wrote:
| How's that? I mean, it doesn't even mention bitcoin _once_ /s
| bryanrasmussen wrote:
| That in itself is a source of amazement and wonder!
| LaputanMachine wrote:
| The existence of the Selectric bug was mentioned in an issue of
| Popular Science from 1987 [1].
|
| In the article, a typewriter salesman from New York correctly
| describes the working principle of the bug, even though the exact
| working principle of the bug was not publicly known at the time.
| The six metal bars as well as magnetic switches are mentioned.
|
| See the paragraph "Low-Tech bugging" at the bottom of page 87, as
| well as the subsequent paragraph "The cold (bugging) war" on page
| 88.
|
| [1]:
| https://books.google.com/books?id=mgAAAAAAMBAJ&pg=PA87#v=one...
| TedDoesntTalk wrote:
| Back when Popular Science was worth reading. Thanks for the
| link.
| dang wrote:
| Related:
|
| _IBM Selectric Bug_ -
| https://news.ycombinator.com/item?id=21947924 - Jan 2020 (4
| comments)
|
| _Operation Gunman - how the Soviets bugged IBM typewriters
| (2015)_ - https://news.ycombinator.com/item?id=16246432 - Jan
| 2018 (18 comments)
|
| _Operation Gunman - how the Soviets bugged IBM typewriters_ -
| https://news.ycombinator.com/item?id=13255334 - Dec 2016 (9
| comments)
|
| _Selectric bug_ - https://news.ycombinator.com/item?id=10773214
| - Dec 2015 (17 comments)
|
| _Learning from the Enemy: The Gunman Project (2007) [pdf]_ -
| https://news.ycombinator.com/item?id=9954159 - July 2015 (43
| comments)
| rcurry wrote:
| What was so impressive about all that was the level of
| technical ingenuity that went into it. I thought this one was
| pretty cool as well:
|
| https://en.m.wikipedia.org/wiki/The_Thing_(listening_device)
|
| If my memory is still holding up I think they also pulled off
| another passive bug in a State Department conference room one
| time but I can't remember enough about it to find a reference
| online. It was the same deal though - short piece of wire
| attenuated to a certain frequency and they'd illuminate it with
| a microwave truck parked on the street.
| kevin_thibedeau wrote:
| They bugged some molding in 1999:
|
| https://www.cnn.com/2017/08/23/us/spyhunter-russia-bug-us-
| st...
| MomoXenosaga wrote:
| Countries spying on eachother is what keeps them from going to
| war. Without it you are left guessing if your opponent is gearing
| up for war.
| birdyrooster wrote:
| It also triggers wars (looks at FSB in Ukraine)
| mhh__ wrote:
| MI5 were supposedly spying on the French in the 1950s by lifting
| cipher keys being typed with microphones through a wall
| politelemon wrote:
| I wonder what the response was. I know they removed the devices,
| but not detailed us whether they did anything to mess up the
| listening stations, muddy the waters, that sort of thing. But
| then it could be, of itself, not responding was a response
| enough.
| elzbardico wrote:
| Probably they used it to feed counter-intelligence. Hence, all
| the precautions to substitute the devices without alarming the
| soviets.
| cs702 wrote:
| So, back then, countries were going to extremes like
| _retrofitting electronic typewriters_ with spying devices, and
| secretly placing them inside the offices of their enemies, so
| they could spy on their enemies.
|
| Nowadays, there's no need to do anything so extreme, because
| everyone everywhere is already carrying a supercomputer with a
| camera and a microphone, 24x7, and willingly agreeing to
| _install_ and _share a ridiculous amount of information with_
| random apps!
| a-dub wrote:
| > Nowadays, there's no need to do anything so extreme, because
| everyone everywhere is already carrying a supercomputer with a
| camera and a microphone, 24x7, and willingly agreeing to
| install and share a ridiculous amount of information with
| random apps!
|
| i don't think that government employees who handle secrets are
| allowed to use commodity smartphones.
| [deleted]
| SoftTalker wrote:
| At some level, maybe not. But the majority of government
| employees and contractors with secret clearance do use
| commodity smartphones in their private lives. They might not
| be able to enter the workplace with them.
|
| It's also not clear how well this is enforced. Don't forget
| Hillary Clinton was running her own email server as Secretary
| of State.
| ffhhj wrote:
| https://itigic.com/minix-the-hidden-operating-system-in-inte...
| bayindirh wrote:
| And, even a half-bad implementation of encryption is powerful
| enough to make people lose enough time trying to decrypt them.
|
| This is why everyone is trying to ban cryptography on daily
| apps. Because it's getting really good.
|
| Addendum: Don't forget Crypto AG shenanigans.
| Agamus wrote:
| Why in the name of science is this being downvoted?
| LaputanMachine wrote:
| Nowadays, technology firms are going to the extremes like
| _implementing virtual machines with a custom instruction set
| inside of PDF files_ [1], so they can sell exploits to
| governments who use them to spy on their enemies.
|
| I think not much has changed. Highly sophisticated spying
| activities are still happening in today's world. The advanced
| techniques required are very valuable, and are thus only used
| in cases where the desired info is valuable enough, and cannot
| be obtained through simpler means.
|
| Users voluntarily sharing "a ridiculous amount of information"
| are not the target group of today's sophisticated hacks, and
| were not the target group of the Selentric bug either.
|
| [1]: https://googleprojectzero.blogspot.com/2021/12/a-deep-
| dive-i...
| stavros wrote:
| Users sharing "a ridiculous amount of information" are
| definitely not the target group, but it sure as hell is
| easier when your target is in that group.
|
| Nowadays you don't need to bug a Selectric, you just need to
| pay some ops person half a world away a few thousand to send
| you all the info you need.
| peter_d_sherman wrote:
| First of all, excellent link!
|
| Virtual machines with custom instruction sets -- seem to be a
| broader problem -- that they can apparently exist within a
| PDF file is one specific instance of this broader problem...
|
| A selected quote from the article linked:
|
| >"Short of not using a device, there is no way to prevent
| exploitation by a zero-click exploit; _it 's a weapon against
| which there is no defense._"
|
| To the author of that article:
|
| Well, _" short of not using it"_, that is! <g>
___________________________________________________________________
(page generated 2022-07-03 23:00 UTC)