Hacker News new | past | comments | ask | show | jobs | submit login
Cypherpunks Tapping Bitcoin via Ham Radio (wired.com)
123 points by xd1936 on June 27, 2019 | hide | past | favorite | 73 comments

Much of the article is about Brian Goss's setup. Goss is not using ham radio. He is receiving satellite broadcasts and re-transmitting them with a goTenna device into the goTenna mesh network.

goTenna is a Part 15 (unlicensed) device, like a Wi-Fi router or Bluetooth device. It does not transmit on Amateur Radio frequencies. Unless I missed something, there is no connection with ham radio here.

The article also mentions how Elaine Ou sent a Lightning payment over the 40 meter amateur radio band. This may have been a violation of the Part 97 Amateur Radio regulations, as noted by other commenters.

It may be a violation if it involved a business transaction that was not related to ham radio equipment. Buying, selling and trading equipment related to ham radio is the only exception to the rule against business transactions that I am aware of.

The exception you're referring to is this one in Part 97.113 (3), which is part of a list of prohibited communications:

(3) Communications in which the station licensee or control operator has a pecuniary interest, including communications on behalf of an employer. Amateur operators may, however, notify other amateur operators of the availability for sale or trade of apparatus normally used in an amateur station, provided that such activity is not conducted on a regular basis.


It appears that the exception is limitied to notifying other amateurs of equipment for sale or trade, not making the actual payment over the air. For example, if I got a one-time virtual credit card number and read it over the air to another amateur to pay for equipment, I don't believe that would fall under this exception, so it would be prohibited.

Especially if it was a low value transaction or a transaction between two accounts held by the same person, they could argue it falls under experimentation, I guess?

Any form of encryption on amateur radio frequencies is prohibited under FCC Rules Part §97.113 Prohibited transmissions Section 4 http://www.arrl.org/part-97-text. This makes things like TCP/IP over HAM frequencies legal (as seen here https://en.wikipedia.org/wiki/AMPRNet) but not SSL traffic. No business transaction required.

Bitcoin doesn't use encryption. I don't know whether LN does.

LN does not either.

So, that GoTenna is basically a modern day Cybiko?

I don't think this is allowed under USA Amateur radio rules.

> §97.113 Prohibited transmissions.

> (b) An amateur station shall not engage in any form of broadcasting, nor may an amateur station transmit one-way communications except as specifically provided in these rules; nor shall an amateur station engage in any activity related to program production or news gathering for broadcasting purposes, except that communications directly related to the immediate safety of human life or the protection of property may be provided by amateur stations to broadcasters for dissemination to the public where no other means of communication is reasonably available before or at the time of the event.


Why are hams the closest thing to the equivalent of tech tattle-tales?

Any time I see someone doing something neat and legally grey on radio, some ham operator has to come in, quote their understanding of the law, and chastise everyone. What's the point? Do they get to feel some sense of authority and privilege that the rest of the nerd world don't for a few minutes?

Just let people do cool stuff and don't snitch.

Hams are continuously fighting to keep their spectrum (and slowly losing it to commercial interests). It is a commonly held belief that unlicensed hackers or hams breaking the law hurts the community’s arguments for keeping their spectrum.

So it’s not viewed in the ham community as tattling, but rather self policing. Because if they don’t do it themselves then papa FCC is just going to take away everyone’s toys. Responsible and lawful use of radios is the name of the game.

Source: I’m a general class licensed ham.

I’m an extra class and I’ve heard this argument my entire life. I think it’s bunk. If Congress wants to take away anything they don’t need a reason.

You know what will make ham radio lose its spectrum? Have zero constituency, which will happen once we have run off anyone who wants to experiment on the edge of what is possible with ham radio.

No users means no one left to object when the band is taken away and given to someone else.

I have zero interest in unencrypted over-the-air communications. The Internet can already trivially reach stations all the way out to the antipode of the planet, at any time of day or night, with my choice of public or private messaging. I can't wait until the spectrum-protectionist people die off and yield the bandwidth to the SDR robot builders that can use it for a digital transport layer.

Once the technical capabilities surpass the administrative permissions, the fun of hacking anything dies, for exactly the reason mentioned. Rather than the hardware saying "you can't do that", it's some old-guard buttinsky, and when the hacker says "wanna bet?", rather than slowly yielding to relentless experimentation, they make a call or two and then the hacker gets fined or their equipment is seized.

When every interesting application I can think of for ham radio has a regulation explicitly saying "no, that's not allowed", people just find another hobby to get into.

Yup, similar thing in model rocketry circles for similar reasons.

Tattle-tales? These are federal laws, not some personal guidelines we're talking about. Screwing with them not only lands you in trouble but all of ham radio, because the government is always looking for reasons to take away spectrum and sell it to the highest bidder. Radio spectrum is a finite resource, you can't make more of it. So expect hams to be cranky when people are fucking around and trying to ruin it for us.

Be thankful you only have to deal with irritated hams and not a team of Verizon lawyers.

Technically CFR Title 47 part 97 are not federal laws but are instead FCC regulations. Consider talking to a lawyer about the difference.

Because breaking the rules ruins it for everyone. With very little equipment and effort, you can completely shut down portions of the ham band worldwide. A handful of people decide to do this, and the ability is gone for everyone.

What little space we do have allocated to us is constantly under attack, because there's always money to be made from selling RF spectrum. If VHF/UHF becomes just a place for computers sending cryptocurrency to each other, eventually the FCC is going to step in and decide "hey, we could be selling this!" Then it's gone forever, and the age of radio experimentation is over.

If you want to go interfere with licensed transmissions to protest the FCC, go for it! I hope you enjoy the inside of federal courtrooms, though.

Hams care about people following FCC rules in much the same way gun owners care about ATF regulations, or car-club members care about whether modifications are steet-legal (or CA Smog-legal), or DIY forum people care about work being permitted and done to code, etc. etc.

Some of it is people being cranky, sure, but breaking the rules and regulations of a federal agency is generally not the best idea even if you don't mean any harm by it.

The rules are a major part of the exam required to get a license so most hams know them well. The FCC and the ARRL make a big deal out of knowing and following the rules. It's simply part of the culture.

Maybe they care about the law.

Well it wouldn't be cyberpunk without breaking a few rules.

> Well it wouldn't be cyberpunk without breaking a few rules.

The title says _cypher_punk not _cyber_punk. But I'd misread it myself on the first glance.

I actually did notice that, but I decided to say cyberpunk anyways because I related more to that term.

cypher is encryption and punk in context means outside the box. not necessarily a criminal or outlaw.

>Crypto Anarchy: encryption, digital money, anonymous networks, digital pseudonyms, zero knowledge, reputations, information markets, black markets, collapse of governments.

to each their own. know the difference.

Or else what?

If you're a registered ham, the FCC has your address, so they can fine you or revoke the license.

And if you’re not, registered hams make a game out of finding particularly egregious pirate stations and reporting them to the FCC.

Why do they do it though? It's not like the FCC is going to pay them for their time... I suppose if someone is really broadcasting garbage and disrupting communications then I can see the issue.

Whackers are definitely a thing. And they'll doxx and locate you in real life. And worse yet, they'll even think they have some sort of license for 'citizens arrest', or FCC reporting.

> Why do they do it though?

Power tripping, primarily.

> I suppose if someone is really broadcasting garbage and disrupting communications then I can see the issue.

Standard disruption or otherwise will usually get you caught. But sending 200 bytes that happens to be cryptocurrency isn't likely to be found, or caught... Unless you're dumb enough to do it on a repeater (that probably records and streams online).

> §97.111 Authorized transmissions.

> (b) In addition to one-way transmissions specifically authorized elsewhere in this part, an amateur station may transmit the following types of one-way communications:

> (1) Brief transmissions necessary to make adjustments to the station;

> (2) Brief transmissions necessary to establishing two-way communications with other stations;

> (3) Telecommand;

> (4) Transmissions necessary to providing emergency communications;

> (5) Transmissions necessary to assisting persons learning, or improving proficiency in, the international Morse code; and

> (6) Transmissions necessary to disseminate information bulletins.

> (7) Transmissions of telemetry.

It may fall under "Transmissions necessary to disseminate information bulletins."

> except that communications directly related to the protection of property may be provided by amateur stations to broadcasters for dissemination to the public where no other means of communication is reasonably available before or at the time of the event.

Are transactions or "coins" property? Wouldn't this exception cover the case where you've lost internet "no other means of communication" and are protecting your transactions?

But the information bulletins must be on the topic of amateur radio: Definition in 97.3.

True. I forgot to cross reference the definitions.

Private messages, relaying for 3rd parties and encryption are prohibited in Ham Radio, so thinking about (international) transactions over ham radio is just plain bullshit. This is the first thing every licensed Ham learns.

What you're looking at here are licensed commercial radio services.

> relaying for 3rd parties

That's not against the rules. The Amateur Radio Relay League (ARRL) gets it's name for doing this. It's illegal to hide these messages or to use them for a commercial purpose. Original HAMs used to do radio telegrams (radiograms) for the public [0].

[0] - http://www.ncarrl.org/nets/mes_form.html

> Original HAMs used to do radio telegrams (radiograms) for the public

HAMs still do this. Messages from people isolated in Puerto Rico by hurricane Maria were relayed to the US mainland via HAM radio operators on the island. For some time that was the only thing available.

Bitcoin transaction is basically a broadcast, which you can analyze freely. No decryption, just encoding and signing.

Broadcasts are prohibited in ham radio.

For the US, see https://www.ecfr.gov/cgi-bin/text-idx?SID=1a361a6eb3d1594e6a...

> (b) An amateur station shall not engage in any form of broadcasting, nor may an amateur station transmit one-way communications except as specifically provided in these rules;

>>>Private messages (...) are prohibited in Ham Radio

> Broadcasts are also prohibited in ham radio.

Wait what? Isn't any message either broadcast or private?

No, it's either one-way or two-way. One-way is usually prohibited except in a few case, two-way is usually fine unless it violates one of the prohibitions like encryption. Your two-way communications using ham radio are public, not private.

"Broadcast" is defined as "transmissions for the consumption by the general public", at least in the US. Not one-way vs two-way.

It seems broadcasting is prohibited, but broadcasting is defined as:

> (10) Broadcasting. Transmissions intended for reception by the general public, either direct or relayed.

Edit: quote is take from "Definitions" section of sciurus link.

A two-way conversation that involves short periods of what's technically "broadcasting" is very different from "tune in at 10pm to hear me talk for an hour".

Also a lot of messages in the bitcoin blockchain are encrypted

Edit: https://github.com/barisser/bitcrypt

Must be others too

I was the one who made the first transmission mentioned on the article. AMA

https://twitter.com/nvk/status/1101518677910810624 (and this one precedes that one https://twitter.com/nvk/status/1095354354289135617)

Ok, I'll bite: mind addressing the legality issues many of the other commenter have brought up? Because this looks like a great way to get a FCC fine.

1. I'm not in the USA and i'm licensed. You could say the ITU may take issue.

2. The spirit of the law is in regards to actual financial interest, this were meaningless amounts and also testnet.

3. Transactions were not actually done over Ham, the transaction data was relayed over ham and broadcasted via internet. (long history of HAM 3rd party message relay).

4. No encrypted messages were transmitted. (and encryption is allowed as long as the cypher is public)

5. The spirit of ham is technical experimentation.

6. These tests were intended for use in countries where the laws don't matter and or in emergencies. In case of emergency it would be allowed to make financial transactions and/or send encrypted messages.

I feel like most rhetoric around that is usual internet-lawyering. If Wired care to contact for comment there would have been some context added.

> "in countries where the laws don't matter"

Race-to-the-bottom thinking, poor ethical reasoning, and just an excuse to engage in behavior frowned upon by the community.

> "In case of emergency it would be allowed to make financial transactions and/or send encrypted messages."

HAHAH no. "Emergency" is clearly defined and doesn't mean "can't reach my ATM". Executing your bitcoin transaction does not save life or limb.

He's saying that executing a bitcoin transaction could save life or limb, which justifies bending/breaking the rules to develop the technology to do it.

Would you mind reviewing the site guidelines and refraining from flamewar-style comments here?


There are some claims here that encryption is illegal over amateur radio. That is not true in general. For example, this is what the FCC prohibits in their rules:

>messages encoded for the purpose of obscuring their meaning

... which can be read here:

* http://www.arrl.org/files/file/Regulatory/March%208,%202018....

So ultimate intent is what matters. A test bitcoin transaction is probably legal even if it were somehow incidentally encrypted.

Interesting article, but I think Wired has to be one of my least favorite places to read something on the web. The performance is bad, there is popping/jarring of the viewport as content shifts around, intrusive pop ups, and just a generally high amount of bloat. I’m starting to feel like the old man shaking his fist at the clouds, but can we just go back to more simple pages without all this cruft?

I don't have any of the issues you are experiencing. I'm using Firefox, AdBlock Origin, Privacy Badger and containers and I don't see any ads, the page is plenty fast, no popping/jarring content.

On desktop or mobile?

Desktop. Where are you having problems?

Mobile (iOS). It’s a nightmare experience. If they had built their page correctly it would be consistent across both.

I find it funny that so often so many commenters on "Hacker" News are terrified of breaking the rules... Also, there's plenty of world outside of USA.

Originally the term 'hacking' was coined in MIT and had a positive connotation, referring to experts who have intricate knowledge of systems. PAGE 731 of the (ISC)2 official study guide states,"The original definition of a hacker is a technology enthusiast that does not have malicious intent whereas a cracker or attacker is malicious."


While I agree with your first comment, most ham radio rules are international.

I know next to nothing about ham radio, but I’m curious... who would enforce the rules at an international level?

The International Telecommunication Union (https://en.wikipedia.org/wiki/International_Telecommunicatio... the body that governs these things at the international level.

Individual countries implement decisions taken at the ITU through laws and policy. Individual countries take care of enforcement. For instance, in the USA, that would be the FCC.

Each individual country is expected to enforce the rules on its own citizens. The FCC does so here in the US. If I remember right, but am on my phone, there are countries that are not party to the international rules (or don't have agreements with the us? I'm fuzzy) and (us) hams are not supposed to deliberately contact operators in those countries.

"Hacker" as in "Growth Hacker"... sigh.

Well, most people here are corporate and/or state bootlickers. I'm sorry you've been duped by this website's name. Regarding their USA-centrism, you shouldn't be surprised, after all it's mostly a Sillicon Valley hivemind, take that as you will.

I suggest searching greener pastures.

Funny thing, out of the blue I decided to take practice tests for a ham license last night. Took the practice test about 12 times and got passing score 7 times. Opened HN today and this is one of the top articles... Interesting coincidence.

don't do it. my roommate has an HF rig and looks boring af. couple grand worth of gear so they can key down, say "K2185B6 broadcasting from $LOCATION_1", 5 seconds later someone else says "hi K2185B6, lound and clear. This is K8407W4 from $LOCATION_2". rinse, repeat

Basically this. I was all like "yeah man I want to get a license" then I studied some, decided I couldn't afford the gear. Couple years later, oh hey man I'm gonna do this this time, money is better now and stuff, started studying agian and bought a cheap baofeng just to listen.

Spent about 15 minutes listening to a repeater.

"Jesus, these people are abrasive as best, all they are doing is saying their call over and over and complaining"

Stopped studying, couple weeks later was at a friend's house and near a different repeater, same stuff different people. Now I just keep the battery maintained and it tuned to a weather broadcast in the event I lose power during a storm.

I mean, in the event of a natural disaster it's pretty cool and you can help replay information and be of use to your community but ehhhh it's an awfully expensive hobby for that unless you want to just buy a cheap handheld and have no range whatsoever since you have an antenna the size of a drinking straw a few inches away from your body.

I'd encourage you to do it...

And then build this. https://hackaday.com/2019/06/05/mobile-sigint-hacking-on-a-c...

Companies have been putting radio transceivers in all sorts of devices, and almost all of them are insecure piles of rubbish. Yet because the tools to analyze them have been nearly non-existent, I designed and built the RadioInstigator.

We're just now seeing radio-fuzzing and other attacks. And I'd expect that this area is going to explode in the coming year. SigInt is now in the hands of the average joe and jane. Devices that relied on security as 'cant easily get the gear' are no longer secure. It's now just a matter of time.

This looks like a cool project. Very interesting indeed

The amount of HAM/radio-related topics on HN has definitely gotten me interested. Time for a new hobby? :)

Absolutely. Its a blast and a great way to meet other technical minded folk or aren't necessarily the same you'd run into just doing programming type stuff.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact