German NSA Committee May Turn To Typewriters To Stop Leaks 244
mpicpp (3454017) writes with news that Germany may be joining Russia in a paranoid switch from computers to typewriters for sensitive documents. From the article: Patrick Sensburg, chairman of the German parliament's National Security Agency investigative committee, now says he's considering expanding the use of manual typewriters to carry out his group's work. ... Sensburg said that the committee is taking its operational security very seriously. "In fact, we already have [a typewriter], and it's even a non-electronic typewriter," he said. If Sensburg's suggestion takes flight, the country would be taking a page out of the Russian playbook. Last year, the agency in charge of securing communications from the Kremlin announced that it wanted to spend 486,000 rubles (about $14,800) to buy 20 electric typewriters as a way to avoid digital leaks.
So what? they can be tapped to. (Score:5, Interesting)
My father used to work for the NSA as a cryptologic studies teacher and told me stories about how back in the 70s they had tech that could read back what was being typed simply by listening to the pattern of the clicks the type writer was making.
Re:So what? they can be tapped to. (Score:5, Insightful)
The difference is that its a lot harder for the NSA to get a microphone into the office of a German agency (and a lot worse for international relations if the NSA did it and the Germans found out) than it is for the NSA to hack into the computers at a German agency from a computer room at Ft Meade.
Re:So what? they can be tapped to. (Score:5, Interesting)
Re: (Score:2, Redundant)
Re: (Score:2)
Re:So what? they can be tapped to. (Score:5, Insightful)
Certainly, it's not as cost effective as other methods and requires elaborate planning. But no matter the technological level of advancement this has been, and most likely will continue to be, a very serious security threat. Simply because it targets a vulnerability that will be very hard to fix - our social, human nature.
Re: (Score:2)
No no no! Money's no object!
While that seems like a lot, keep in mind the US government would commission electronic typewriters, making sure they had USB and WiFi and network printing capabilities and access to cloud storage and run Windows apps and Internet Explorer.
They would finally be delivered for $38k per unit about 12 years after everybody has a Matrix jack in their neck.
Re:So what? they can be tapped to. (Score:5, Funny)
You laugh, but it just goes to show that you have no idea what kind of trouble we are having in integrating Internet Explorer with that project.
Re: (Score:3)
Re:So what? they can be tapped to. (Score:5, Informative)
Not cost effective? You're kidding right?
Even Windows is more secure than humans. Modern viruses and Trojans are relying on social engineering to get themselves installed all the time because it's easier and cheaper to do so than to try to sniff a vulnerability out and shell code your way in.
Hell, we used to joke about the "honor system virus" (where it asks you to do the destruction and send it to 10 of your contacts). Truth be told, it actually is kind of successful these days.
There are still elaborate attacks, but social engineering remains one of the cheapest, most effective ways to get through any security measure.
Re:So what? they can be tapped to. (Score:5, Informative)
Thats a huge risk in Germany. Generations of post ww2 Germans know nothing but helping the NSA and GCHQ over their decades in every level of the West and later German bureaucracies.
The men and woman who helped the UK and USA post 1950's would have chosen like minded staff to work with them or replace them.
Thats the entire upper structures of vital German security lost to 5+ other Five Eyes countries by default over decades.
Then you have the tame German political leaders watched, dropped, advanced thanks to insider help.
The East Germans got some staff next to generations of top West German political leaders or top NATO staff.
The US and UK got all the communication networks of West Germany and then Germany with the help of cleared Germans.
Re: (Score:2)
The acceptance of identify cards is a another indication.
Re: (Score:2)
The KGB have used Romeo spies to seduce the secretaries before now - one poor woman killed her self when she found out - the "Americans" series has this as a plot point.
Citation needed
Re: (Score:3)
Re:So what? they can be tapped to. (Score:4, Insightful)
The difference is that its a lot harder for the NSA to get a microphone into the office of a German agency
Only if they make sure everyone leaves their cell phones out the door.
Re: (Score:2)
It's pretty easy to block phone signals.
Re:So what? they can be tapped to. (Score:5, Insightful)
Smart phones can record and upload later.
Re: (Score:2)
Ok, perfect for team building on those rare occasions where you are planning something in secret that will not take less than eight hours to plan and execute using technology from the nineteenth century.
Re: (Score:3)
Re: (Score:2)
A microphone placed on top of a PC, beside or behind a PC will pick up more noise from the cooling fans. Even if you are not use a combination of cooling fans and an open-plan PC case that work as a white noise generator for the whole room :)
Re: (Score:2)
They could still hack into the nearest smartphone and listen to the clicks that way. Just about everyone has a smartphone on their desk. Or they could collect the used printer ribbons and read back the text that way.
Re: (Score:2)
The difference is that its a lot harder for the NSA to get a microphone into the office of a German agency (and a lot worse for international relations if the NSA did it and the Germans found out) than it is for the NSA to hack into the computers at a German agency from a computer room at Ft Meade.
Even I own a laser mic; I'm sure the NSA has way cooler stuff at their disposal for extracting sound remotely.
Does this whole hipster throw back move to antiquated technology seem ass backward to anyone else? Is it that hard to simply not plug a PC into a network? You're worried about someone with a thumb drive? Fill the USB slots with non-conductive wood glue and let's see what they do then.
Re: (Score:2)
Is that non-networked PC in a TEMPEST-compliant location? How sure are you of that?
SIGINT is some fascinating stuff.
Re: (Score:2)
Contradictions do not exist. Whenever you think that you are facing a contradiction, check your premises. You will find that one of them is wrong.
Re: (Score:3)
That is well known - even computer keyboards (where unlike mechanical typewriters each key use essentially the same mechanism) can be tapped using audio alone with reasonable good results. That spent color ribbons can be used to extract text is also well known.
This is just another layer of defense. Unlike the /. meme even security by obscurity can be a good defense when used in a multi-layer system.
Re: (Score:3)
Re: (Score:3)
I always feel vaguely amused when people say that you 'just' or 'simply' do so and so. I'm pretty sure the Germans know that these things can be done - they are clever people, you know.
Of course it is possible to penetrate whatever security measures are put in place, but using simpler technology has advantages:
- simple technology is easier to screen for spying devices; there is no networking, no firmware with backdoors, etc
- it is less easy to make copies on an industrial scale, when things are typed on pap
Re: (Score:2)
Okay, but how are you going to conceal a microphone in a room that has gone purely mechanical? A computer gives off all sorts of RF, and is complex enough that there may be other tricky ways of getting information out. Not to mention that America may be the only source of processors and other components.
I'm sure the germans are capable of producing the typewriters completely in-house. Stick them in a well-shielded, soundproofed, unelectrified room, treat any signal as a bug, and it's much harder to get ac
Re:So what? they can be tapped to. (Score:5, Funny)
My father used to work for the NSA as a cryptologic studies teacher and told me stories about how back in the 70s they had tech that could read back what was being typed simply by listening to the pattern of the clicks the type writer was making.
Perhaps you can ask your father what this man was typing:
https://www.youtube.com/watch?... [youtube.com]
Re: (Score:2)
Electric and Electronic typewriters are far more susceptible to intercept as each key would generate a distinct RF signature and were much more suitable for spies.
Could one capture the same using a manual typewriter? Maybe. But, it would require highly sensitive and dynamic range microphones and recording technology to detect the sounds of the key being pressed vs the time it takes for the hammer to strike the paper and wait for the sound that it has returned of an older electric typewriter. SELECTRICs p
Re: (Score:2)
That is easily defeated by playing music in the background:
http://www.youtube.com/watch?v=g2LJ1i7222c [youtube.com]
Re: (Score:2)
Re: (Score:2)
could just as well use an old pc and bust the floppy drive..
Re: So what? they can be tapped to. (Score:4, Funny)
New Snowden (Score:3)
Re:New Snowden (Score:5, Funny)
5 reams of carbon copy paper contains much less information than a single USB stick.
This is security by volume.
Re: (Score:2)
Re: (Score:2, Interesting)
The mole was paid off. NSA antics are seriously pissing off Germany and this issue has become another foreign policy faux pas of this presidential administration. As goes Germany, so goes other EU countries. They're slowly turning away from the US. I don't think alienating allies is a smart thing to do, but what would you expect from a president who allows warrantless wiretapping?
Re: (Score:3)
He was paid 25,000 euros.
What an idiot. Destroying your career and going to jail for 25,000 euros for someone in a western country is pure idiocy.
foolproof (Score:4, Funny)
Re:foolproof (Score:5, Funny)
It would also significantly cut down Slashdot comments if they had to be typed on paper and mailed.
Re: (Score:2)
Re:foolproof (Score:5, Funny)
True, but it would make "first post" a lovely double entendre.
Re: (Score:2)
First posted?
Re: (Score:2)
I've been thinking about that. I wonder if it's possible to determine what is being typed from the sound of the keystrokes. Surely it's possible that there are minute differences between keystrokes from different keys?
Re: (Score:2)
In other news, they're also dusting off all their old bottles invisible ink, newspapers with holes cut so you can see through while 'reading' and that box of old fake moustaches and noses from the basement. From now on, be on the lookout for anyone reading a paper from the 1960s sporting a massive nose neighbour. Extra points if they're writing into a notebook with a pen that appears to have run out of ink.
Re: (Score:2)
Photocopy (Score:2)
When they get photocopied for distribution a copy can easily go "missing" are the data file from the digital copier can be sent somewhere.
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
When they get photocopied for distribution
You just said photocopied for distribution. The digital photocopier takes an image of the document and then reproduces it ---- the photocopier is a perfect place to save a copy of the image to a hard drive or USB stick for later dissemination/leakage.
Re: (Score:2)
Isn't that what I just said? I guess you got distracted half way through the sentence. And people say I have a short attention span. ;-)
Photocopy (Score:2)
A trusted person with access to paper work is a huge risk.
Re: (Score:2)
They'll be bringing in a mimeograph machine to make the copies. Oh gods, the recollections of primary school and helping the secretary run off the couple of hundred copies of the latest school raffle sheet. By hand crank.
Leaks or spying? (Score:3)
Using typewriters will definitely make spying the documents a bit harder, but leaking them is as easy as ever. The next level could be a new version of watermarked paper, which knows when it has been accessed or photographed.
Re: (Score:2)
Can you explain how paper, with presumably some type of magical substance applied to it, would know the difference between a human eye reading it vs a camera lens? Both are operating by receiving light that has been reflected, or more correctly, not reflected, off the ink.
I suppose you could use some type of photosensitive chemical that could detect a flash...but that would easily be defeated
Secure until it gets fax'd or scan'd and email'd (Score:2, Insightful)
And of course there are type writer ribbons to destroy and so forth.
But on the whole, it forces spying back to having physical access to the document and that's not a bad security mechanism.
Secure until it gets fax'd or scan'd and email'd (Score:2)
They broke the structure down so that eg 3 files would be stored in separated physical areas. If you wanted the full file you needed top staff to turn up in person to put a spies full background together. Later East Germany went digital and the CIA walked out with all the East German spy contact files from a safe.
You can also share sli
ib4 voodoo key sound decription (Score:2)
A phone or nearby computer will be hacked and the secrets will be extracted by recording with the mic the relative sounds of the typewriter keys.
Alternative strategy: (Score:2)
Comment removed (Score:5, Informative)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Of course, they do have to work a lot harder to avoid someone just eavedropping on the keypresses [wikipedia.org]...
Re: (Score:2)
Magicians train themselves in pencil reading, so that they can tell what you write from the movements of the pencil.
Re: (Score:2)
Yes. Just add more magicians.
And, as an extra bonus, for a sufficient amount of network traffic, you'd have both the analysis and the complete works of Shakespeare.
Alternative strategy: (Score:2)
The NSA and GCHQ can cover that air gap with some extra hardware added when shipped.
A tiny burst wireless then sends logged text over a short range to a waiting collection device for storage or other networking.
"NSA Spying Includes Wireless Transmitters To Get Data Off 'Air Gapped' Computers" (Jan 14, 2014)
https://www.techdirt.com/artic... [techdirt.com]
ie the ideas behind RF transceivers eg SPECULATION, HOWLERMONKEY and CONJECTURE
NS
Re: (Score:2)
GCHQ and the NSA... (Score:3, Interesting)
Working together to return the world back to the stone age!
Re: (Score:2)
In other news, Reuters reported that Stonemasons were in huge demand for 'tablet' work.
I enthusiastically approve (Score:4, Insightful)
I salute the German government in adopting this measure, quite seriously. I am migrating to virtualised NetBSD/amd64 myself, and aside from using pkgsrc in order to install Xorg, am probably going to rely on manual installation of packages in named directories in either /usr/local or /opt.
I fully believe that maximising simplicity, to the point of adopting seemingly primitive solutions, is the most effective means of maintaining reliability and security. There truly is no school like the old school. Others can call me a Luddite if they wish, but that is a title that I will wear with pride.
Re: (Score:2)
Re: (Score:2, Insightful)
You did personally review all of the source code right?
Re: (Score:2)
Xerox called (Score:3)
Wait until they here about copy machines!
Re: (Score:2)
Here, here!
Good side effect? (Score:2)
Re: (Score:2)
The one thing to take away from this (Score:4, Interesting)
Turning to typewriters is of course ridiculous blind activism, but there is one thing to take away from this: The mere possibility that someone is spying on them has made them uneasy about using normal and efficient tools and made them turn to antiquated tools instead which still won't protect them. Perhaps now they understand why blanket observation of the entire population is completely unacceptable.
Get a doctor (Score:5, Funny)
Get a doctor to write memos with a pen. Completely indecipherable.
The problem is.... (Score:5, Funny)
Once they are done typing the documents they will have a secretary scan them and sent via email....
Handwriting (Score:2)
Physician handwriting is as indecipherable as Navajo code talk.
Its a step in "rightish" direction (Score:2)
The trick is to use technology so alien from the attacker that they can't interface with it.
To that end, I think it would be more practical to redesign certain computer systems especially involving networking.
Totally alien networking protocols. Stuff so different that nothing else on earth can interface with it or even knows how it works.
I'm talking about something beyond encryption. Totally divergent interface languages. Different to the machine code level. Ideally with no precedent.
And while you're at it,
Re:Its a step in "rightish" direction (Score:4, Interesting)
Totally alien networking protocols. Stuff so different that nothing else on earth can interface with it or even knows how it works.
Like.. um.. Novell Netware on ARCnet? :D
Re: (Score:2)
Ada and BeOS?
Listening to keystrokes + HMM = Profit! (Score:4, Interesting)
Passwords have been stolen just by listening to keyboard click noises. Why could a typewriter be any different? A relatively straightforward codebook analysis of keypress noises plus a hidden markov model plus a Viterbi algorithm will allow you calculate the highest probability sequence of letters for a given sequence of sounds and timings between sounds even in German!
Mind you, they have to be able to get a sound bug in there, but that might be malware-infected computers nearby the typewriters.
Anyhow, basically, the technology used to do automatic speech recognition would make short work of tapping typewriters, so they’re fooling themselves if they think this’ll make much difference.
BTW, I have a strong suspicion that the Germans’ outrage is all a big charade. Every major country has big spy operations. The NSA is neither unique nor the first of its kind. The Germans could not have been ignorant of at least the general nature NSA’s dealings before Snowden, so while they openly object, secretly, this is business as usual. By doing this, they fool their people into thinking they’re not being spied on by their own government and, using the US as a scapegoat, they also generate a degree of solidarity. Russians spy operations, of course, are way worse, so their objections are the same bullshit. And the Chinese government is all about lying to, well, basically everyone while they use both capitalism and cyberwarfare to take over the world and control everyone, so their recent statement about the iPhone is also a crock of shit.
This reminds me of Andrew Cuomo’s push to restore trust in government. The whole idea is disingenuous. Governments, like any large organization, are only going to do what the people need only with checks & balances and transparency.
And as a final note, I believe that the stated purpose of the NSA is a good one: Mine publically available data to identify terrorist activity. That sounds like a good thing to do. It’s the illegal violations of privacy that are wrong. They violate our rights because it’s inconvenient to get the info they need some other way. It’s also inconvenient for me to work a regular job instead of selling drugs. There are much more convenient ways to achieve my goals that I avoid because they are wrong. To do their job, the NSA needs to find clever ways to acquire the information they need WITHIN THE LAW.
Re: (Score:2)
A much stronger mechanical action which generates multiple (the keypress itself plus the imprint on paper action) strong and distinct signatures. I'd expect it would be far easier to pick up than even the loudest Model M keyboard...
I'd be curious how much a highly sensitive seismic sensor on the ceiling below the typewriter would pick up, or even on the foundation of the building.
The only way to combat NSA masturbation fantasies (Score:3)
Poison the well. Everybody, anywhere in the world, whether it be a government, corporation, or individual, needs to become skilled at disinformation. If everybody's default behaviour is to muddy the waters by generating all kinds of contradictory data, the background noise level becomes so high that discerning fact from fiction is very difficult. Governments and corporations already use this tactic against the population; I consider much of Prime Time and 'reality' television to be propaganda, a kind of cultural disease vector.
Given that the genie is out of the bottle and privacy is dead, it would be best for everybody to know everything about everybody else, until the data becomes meaningless because of its sheer volume and commonness. If all possible information about what's going on is available to everyone everywhere, then it becomes essentially worthless. But the TLAs and corporations won't let that happen - they'll always be one up on mere citizens when it comes to info gathering. So maybe it's time for everyone to start sowing disinformation. That would make the world really, really suck; but it would probably suck a lot less than it will if the ultimate goals of Big Brother are achieved.
Re: (Score:2, Informative)
If all possible information about what's going on is available to everyone everywhere, then it becomes essentially worthless.
No. I can still single you out and destroy your life with that information. Well funded entities don't even need to single out anyone to take advantage of that flood of information. What seems like vast, insurmountable amounts of data to you is but a challenge to data scientists. Just because you couldn't make use of the information to your advantage doesn't mean nobody else can use it to their advantage, and that is precisely the problem. The small amount of disinformation any individual could sow is easil
New Typewriter? (Score:2)
Enigma (Score:3)
Check the museums and see if the Enigma Machines (http://en.wikipedia.org/wiki/Enigma_machine [wikipedia.org]) are mysteriously missing. A layperson might call that a "typewriter".
Security requires availability! (Score:5, Interesting)
The core components of information security are often misunderstood. The triad of confidentiality, integrity and availability are important to consider. There is a symbiosis between these three components. For example, if confidentiality and availability is highly restrictive, can we really be confident in the integrity of the data with so few people who have such limited access?
The old adage, being so tragically expressed here in real world terms, that the only "secure" computer is locked in a vault at the bottom of an ocean belies the very nature of security. For data to be useful and meaningful, it must be accessible to the people who need it when they need it. Failure to properly deliver accessibility will consequently build pressure on confidentiality (e.g. it will be shared inappropriately) and/or data integrity (e.g. the data will grow stale/irrelevant/etc).
A typewriter is a medieval instrument for data security. Because they have rockets, they might as well start building castle walls. They are, in essence and by design, surrendering. Sun Tzu would be proud of such an adversary that could create this result. Masterful.
Good idea (Score:2)
I'm for it.
Good luck with those PIVOT tables! (Score:2)
Maybe for flat-text documents, this'll work okay.
But I'm fairly sure intel documentation is a damn sight richer than "wall of text" in many cases.
Wait until someone gets a hold of the ribbon (Score:2)
Good for retro spy movies, bad for actual security. Stick with open software+hardware solution like BeagleBoard. I am sure Russia and any developed European country is capable of creating their own ARM SoC from ground up if needed.
I wonder what the Mafia techniques are (Score:2)
for avoiding eavesdroppers. And is this a direction that non-criminal organizations are going towards?
Re: (Score:2)
using secret ink so the paper blank until you hold it over a candle. We used to do that as kids.
I suggest, since they are going back to "old school tech" they should use the "Mission impossible" reel to reel taprecorder that catches alight once played. Maybe Apple are working on a digital version [appleinsider.com].
Re: (Score:2)
Yes, there is security vulnerabilities. But compared to a computer, containing millions of lines of code, and the capability of running arbitary software, a typewriter is a very simple envirorment, with fewer unknown and bugs.
Securing a simple envirorment is easier than securing the complex. Take a Selectric typewriter - yo
Re: (Score:2)
Manual typewriters with a fabric ribbon that is re-used might still need to be burned.
Except they won't burn easily, given that they're often made of metal.
Re:Don't forget to burn the ribbon (Score:4, Interesting)
Typewriters make many copies
- The paper copies
- all the drafts you have to redo.
- the ribbon, especially film ribbons which often make a nearly perfect unencrypted ticker tape copy
- the carbon paper between sheets
- the impression on the platten
- The unique accoustic signature of each key
- the electrical signature on an electrical typewriter which is radiated through the air and power line.
In addtion, sensors can easily be put in the typewriter and some typewriters have electronics that can be tapped into. Documents are stored in the filing cabinet unencypted and any copy logging has to be done manually. The typewriter doesn't log when someone accesses a document or types up a copy. It dowsn't lock automatically when you walk away from your desk. To make up for the lost efficiency, entire armies of near minimum wage typists and filing clerks (two legged security holes) will be needed.