Hacker News new | past | comments | ask | show | jobs | submit login
Operation Gunman – how the Soviets bugged IBM typewriters (2015) (cryptomuseum.com)
222 points by mtmail 86 days ago | hide | past | favorite | 31 comments



Related:

IBM Selectric Bug - https://news.ycombinator.com/item?id=21947924 - Jan 2020 (4 comments)

Operation Gunman – how the Soviets bugged IBM typewriters (2015) - https://news.ycombinator.com/item?id=16246432 - Jan 2018 (18 comments)

Operation Gunman – how the Soviets bugged IBM typewriters - https://news.ycombinator.com/item?id=13255334 - Dec 2016 (9 comments)

Selectric bug - https://news.ycombinator.com/item?id=10773214 - Dec 2015 (17 comments)

Learning from the Enemy: The Gunman Project (2007) [pdf] - https://news.ycombinator.com/item?id=9954159 - July 2015 (43 comments)


What was so impressive about all that was the level of technical ingenuity that went into it. I thought this one was pretty cool as well:

https://en.m.wikipedia.org/wiki/The_Thing_(listening_device)

If my memory is still holding up I think they also pulled off another passive bug in a State Department conference room one time but I can’t remember enough about it to find a reference online. It was the same deal though - short piece of wire attenuated to a certain frequency and they’d illuminate it with a microwave truck parked on the street.



So, back then, countries were going to extremes like retrofitting electronic typewriters with spying devices, and secretly placing them inside the offices of their enemies, so they could spy on their enemies.

Nowadays, there's no need to do anything so extreme, because everyone everywhere is already carrying a supercomputer with a camera and a microphone, 24x7, and willingly agreeing to install and share a ridiculous amount of information with random apps!


Nowadays, technology firms are going to the extremes like implementing virtual machines with a custom instruction set inside of PDF files [1], so they can sell exploits to governments who use them to spy on their enemies.

I think not much has changed. Highly sophisticated spying activities are still happening in today's world. The advanced techniques required are very valuable, and are thus only used in cases where the desired info is valuable enough, and cannot be obtained through simpler means.

Users voluntarily sharing "a ridiculous amount of information" are not the target group of today's sophisticated hacks, and were not the target group of the Selentric bug either.

[1]: https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-i...


Users sharing "a ridiculous amount of information" are definitely not the target group, but it sure as hell is easier when your target is in that group.

Nowadays you don't need to bug a Selectric, you just need to pay some ops person half a world away a few thousand to send you all the info you need.


First of all, excellent link!

Virtual machines with custom instruction sets -- seem to be a broader problem -- that they can apparently exist within a PDF file is one specific instance of this broader problem...

A selected quote from the article linked:

>"Short of not using a device, there is no way to prevent exploitation by a zero-click exploit; it's a weapon against which there is no defense."

To the author of that article:

Well, "short of not using it", that is! <g>



> Nowadays, there's no need to do anything so extreme, because everyone everywhere is already carrying a supercomputer with a camera and a microphone, 24x7, and willingly agreeing to install and share a ridiculous amount of information with random apps!

i don't think that government employees who handle secrets are allowed to use commodity smartphones.


At some level, maybe not. But the majority of government employees and contractors with secret clearance do use commodity smartphones in their private lives. They might not be able to enter the workplace with them.

It's also not clear how well this is enforced. Don't forget Hillary Clinton was running her own email server as Secretary of State.


> It's also not clear how well this is enforced. Don't forget Hillary Clinton was running her own email server as Secretary of State.

as did bush jr (i think it was gwb2004.com or something.). maybe i have too much faith in the politicians, but i suspect that actually important secret things probably stayed on government equipment and that external email was used mostly for political strategy.


And, even a half-bad implementation of encryption is powerful enough to make people lose enough time trying to decrypt them.

This is why everyone is trying to ban cryptography on daily apps. Because it's getting really good.

Addendum: Don't forget Crypto AG shenanigans.


Why in the name of science is this being downvoted?


The existence of the Selectric bug was mentioned in an issue of Popular Science from 1987 [1].

In the article, a typewriter salesman from New York correctly describes the working principle of the bug, even though the exact working principle of the bug was not publicly known at the time. The six metal bars as well as magnetic switches are mentioned.

See the paragraph "Low-Tech bugging" at the bottom of page 87, as well as the subsequent paragraph "The cold (bugging) war" on page 88.

[1]: https://books.google.com/books?id=mgAAAAAAMBAJ&pg=PA87#v=one...


Back when Popular Science was worth reading. Thanks for the link.


Countries spying on eachother is what keeps them from going to war. Without it you are left guessing if your opponent is gearing up for war.


It also triggers wars (looks at FSB in Ukraine)


This article is such an engineering joy to read. I love electromechanics.


Rf and magnetics are as close to magic as any field (pun intended) of engineering.


With all the sophistication that went into uncovering and analyzing these bugs, it’s fairly surprising that the Selectrics weren’t secured during delivery or thoroughly inspected upon installation. Embassy typewriters seem like a natural vector for espionage but somehow weren’t previously perceived as such?


Perhaps we see it as natural from a 21st century perspective. It's entirely possible that to people from back then, the thought process wasn't as obvious.


Cryptomuseum.com is such an amazing website.


How's that? I mean, it doesn't even mention bitcoin once /s


That in itself is a source of amazement and wonder!


I feel very sorry for people working in cryptography who've had their prefix stolen.


> doesn't even mention bitcoin once /s

that's exactly the reason makes it awesome


This is such a good example of an ad-hoc technology - that most people dont even understand to exit.

People usually believe that state agencies or powerful institutions and individuals will use the same technology that they are used to. But when a specific goal is in mind, it means new ideas, new stuff, new ad-hoc technologies.


There are specialised tools in all kinds of industries that can be considered unconventional or even alien for by a regular consumer. Even things like industrial dishwashers are very different that the regular household ones. Most of these are not even custom made but simply designed for different needs alien to typical household needs.

The spycraft gadgets, I believe, resemble industry-specialised tech. When you don need something custom there are engineers and companies that can build it for you.


I wonder what the response was. I know they removed the devices, but not detailed us whether they did anything to mess up the listening stations, muddy the waters, that sort of thing. But then it could be, of itself, not responding was a response enough.


Probably they used it to feed counter-intelligence. Hence, all the precautions to substitute the devices without alarming the soviets.


MI5 were supposedly spying on the French in the 1950s by lifting cipher keys being typed with microphones through a wall




Applications are open for YC Winter 2023

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: