
Kremlin security agencies buying typewriters "to avoid leaks" - ComputerGuru
http://www.bbc.co.uk/news/world-europe-23282308
======
Luc
Accompanying the article is a stock picture of an olive Olivetti Lettera 32.
It's got its cover missing, poor thing, and it appears to have had a photoshop
job to remove the label at the front. It looks like this is an Italian QZERTY
version, which makes sense because the olive green is rare with other keyboard
layouts. Millions were sold. They're nice machines - I have one with a cursive
font that gives me a headache from the hammering noise whenever I use it.

~~~
pasbesoin
I have an Olivetti... Studio, IIRC, that you can pry from my cold hands.
Lovely machine.

It had a sister; unfortunately, we recently lost her to a flood. I would have
preferred a rescue/rehabilitation, but it wasn't my call -- and, past a point,
there's only so much you can hang onto.

Kind of negating my original point... But, that's nostalgia.

I don't want to live on one, but a good typewriter is a bit of a monument that
deserves continuing respect. And sometimes, the quality of the engineering --
and design -- is timeless.

~~~
Luc
Look at the picture of the showroom - the Apple store of its time perhaps?
[http://idreamlo-tech.blogspot.be/2012/07/olivetti-
studio-44-...](http://idreamlo-tech.blogspot.be/2012/07/olivetti-
studio-44-meets-its-match.html)

Their Venice showroom is a museum now:
[http://www.negoziolivetti.it/photogallery-0](http://www.negoziolivetti.it/photogallery-0)

------
sheri
I worked for a short while in a national lab. They used to call this "air-gap"
security. i.e., there would be computers which would have no internet
connection and no usb/harddrive inputs etc. If they needed data in there, they
would have one person read data from one computer and type it into the secure
one. Essentially there would be a literal air-gap between the secure computer
and the non-secure ones.

~~~
iuguy
The modern way of doing this is to have something called a 'sheep dip'
station. This is an unconnected system that's used to check the contents of
any import/export. The idea is that you cryptographically sign the material
you want to import/export, burn it to write once media, pop it in the sheep
dip box, confirm it's all hunky dory and if it is, import/export to/from the
network. The media is then archived so it can be traced back.

Typically the sheep dip station has AV and some other antimalware tools, but
depending on what you're trying to do you might have a dedicated sheep dip
person that manually checks the content of what you're importing/exporting
(particularly for sensitive IP in large engineering and research
organisations). When this happens, it usually takes weeks to get anything
approved for import/export.

~~~
makmanalp
This is fascinating! Let me understand one thing: The sheep dip station is
network connected to the sealed computer? Doesn't that still pose a risk and
violate the principle? It seems you'd be better off checking at the dip
station and then reimporting on the sealed computer.

Then again, I suppose in that case you could have malware that detects what
system it's on and decides not to activate on the dip station :)

~~~
pasbesoin
I think you misunderstood iuguy's description.

> unconnected system

I understood this to be a literal description.

I presume that this sheep dip station is maintained and updated, from time to
time. However, that would be done using controlled, vetted media. And, if
something goes wrong there, it has to been in the nature of something that
will cause the masking of problems existing on the written/finalized media
that the sheep dip station is in turn vetting. (Unless it's something that can
"un-finalize" the vetting media and further write to it.)

Or is the sheep dip station periodically connected while it is itself
maintained/updated? That I could see presenting problems.

In any event, I read this to mean in particular that the sheep dip station is
_not_ networked with the air gapped system.

~~~
iuguy
If ewe think the sheep dip station is connected to anything, then you're
wrong.

~~~
pasbesoin
Bah... ;-)

------
aaron695
"The FSO has not commented on why it needs the old-fashioned devices.

But an agency source told Russia's Izvestiya newspaper the aim was to prevent
leaks from computer hardware."

So someone already leaked they are trying to stop leaks. Very "Yes Minister"

~~~
solomatov
Nobody leaked it. The contract for buying typewriters was posted on the public
board of government contract accessible to everybody.

------
nwh
Hopefully they remember not to throw out the ink ribbon.

------
vilda
A friend of mine worked for defence research center. He had two computers on
the table, one with Internet access and one for intranet access. The intranet
was a completely independent network with separate cable wiring. Even cables
have different color.

I mindly remember that was based on some NATO requirements.

~~~
jabbernotty
I'm browsing from my separate internet-enabled machine right now. I'm not
working in defense, but just a place that has secrets to keep. If you ask me,
I'd say that is true for almost every organization, because most organizations
have computer files on original research, sensitive sales-related or private
information.

------
eksith
Somehow I felt like network/usb disabled computers and typewriters would have
sudden spike in sales. How long that will remain is the question unless
there's an ink reservoir feed system for the print head (cause everyone hates
ribbons).

Now there's a Kickstarter project waiting to happen!

Edit: Just found a very old model that had an ink roller system.
[http://machinesoflovinggrace.com/ptf/Sun.html](http://machinesoflovinggrace.com/ptf/Sun.html)
(First one, Sun Standard No.2 )

Surely, some industrious person(s) can come up with a more elegant way to do
away with ribbons.

------
csense
> Unlike printers, every typewriter had its own individual typing pattern
> which made it possible to link every document to a particular machine

Many printers have this capability. Researchers cracked and published one of
the codes way back in 2005 [1] [2]. Whether the manufacturers would provide
the coding scheme to Russian intelligence services is another question.

[1] [https://www.eff.org/issues/printers](https://www.eff.org/issues/printers)

[2]
[http://en.wikipedia.org/wiki/Printer_steganography](http://en.wikipedia.org/wiki/Printer_steganography)

------
nwombosi

      Unlike printers, every typewriter had its own individual typing pattern which made it possible to link every document to a particular machine, Izvestiya said.
    

I thought printouts could also be traced back to individual printers? Leaks
didn't start with printers. Just ask people who leaked during the Cold War and
even long before then. Leaks go as far back as when text was used for
communicating confidential information. Going back to typewriters isn't going
to put an end to leaks, especially when leaks having occurring since long
before the digital age.

~~~
pampa
It is not about leaks. It is about backdoors in hardware.

~~~
drdaeman
According to various news sources, they're buying Triumph-Adler Twen 180 and
Olympia Comfort typewriters. Don't know about the former, but the latter seems
to be a full-fledged computer, even having an option of a disk drive.

Certainly, the architecture must be ranges of magnitude simpler, compared to
modern desktop computers, but still you won't know what's really implemented
inside the CPU die disassembling the device and reverse-engineering all
significant chips using scanning electron microscope.

------
olegbl
Before: copy file to thumbdrive/cellphone. Now: take picture with cellphone.

~~~
16s
Collect cellphones at door. Put them in steel cabinet. When workers leave,
they can get the phones on the way out.

~~~
nwombosi
How about one of the microfilm devices they used to use in 60s spy movies?

~~~
lelf
You mean Google Glass?

------
cenhyperion
Watergate was done copying purely physical media.

