Hacker News new | past | comments | ask | show | jobs | submit login
Audio Masking (cryptomuseum.com)
145 points by goles 9 days ago | hide | past | favorite | 21 comments





I’ll point out that a common method of detecting bugs at the time was to set up a radio receiver with a speaker and then sweep the frequency, if you managed to hit you would get a feedback sound between the speaker and bug. These oddball modulation schemes would prevent that from working.

I like it a lot that many of techniques have a hybrid analog/digital structure that would involve sample-and-hold, sweeps and comparators like the Triple Pulse scheme.

Today I can’t believe you wouldn’t use some digital solution but at that point in time you’d be lucky to be able to use a small IC.


Audio ADCs are incredibly small and the digital functionality needed isn't much for this. One can fit everything in a sub mm2 IC I think. Minus the antenna.

They were doing all that in the 1970s. There was a sense of panic about electronic eavesdropping around the Watergate period, where it wasn't just Nixon, but really every private eye knew some kid who knew how to make bugs with a few transistors. It got talked about in a lot of books from this time period such as

https://www.amazon.com/Great-Wall-Street-Scandal/dp/00701702...

which was a scandal with many dimensions including the author of that book getting busted for insider trading, there was an incident where the management of that company set up bugs in a room where auditors were working so they had some idea of what the auditors were looking at so they possibly trick them.

That web site has some articles where they talk about fabrication techniques the CIA was using for bugs and it seemed they weren't using ICs but rather trying to miniaturize discrete component designs as much they could just as IBM was doing for the digital electronics for the System 360.

I'd assume if you were doing it now you'd use some kind of pure digital scheme with an ADC, encryption and spread-spectrum modulation of some kind. I still have a sweet spot for things like sample-and-hold, PLLs, and such though.


> trying to miniaturize discrete [jelly bean] component designs

And then you have someone building this thing in 72 with ceramic gold-plated PCBs and mil-spec components: https://www.cryptomuseum.com/covert/bugs/opec/


> These oddball modulation schemes would prevent that from working.

You need to generate a train of audio pulses separated by silence, and find a band whose activity is being modulated with the same timing.


Also of interest in this domain.

The great seal bug(The Thing)

https://www.youtube.com/watch?v=NLDpWrwijE8 (Machining and Microwaves)

What I like about this specific video is that the guy actually builds one. And there is a world of difference between a popular article on how the thing worked. and the subtle genius engineering required to get it to actually work.


Today with spread spectrum, it's probably much easier to hide a covert radio signal.

Yes and no. SS still has an energy signature, which you can recognize if you go looking for SS. And the transmitting antenna can be RDF’ed.

Plus if the electronics aren't shielded you can use a non-linear junction detector even if it's turned off.

Ah, unless your spy is clever....

> As a countermeasure against an NLJD, professional covert listening devices (bugs) of the Central Intelligence Agency were equipped from 1968 onwards with a so-called isolator. An isolator is a 3-port circulator of which the return port is terminated with a resistor. Any energy injected into the bug by an NLJD will be absorbed by the resistor, resulting in no (or very little) reflected energy. An example of such a bug is the CIA's SRT-107.

(or my favorite:)

> A means to hinder isolating a non linear junction is to add inexpensive diodes to places where the NLJD is expected to sweep. This masks the true listening device against a field of false alerts when the many diodes are detected. Such a technique was used in the 1980s construction of the U.S. embassy in Moscow. Thousands of diodes were mixed by the Soviets into the building's structural concrete, making detection and removal of the true listening devices by its American occupants nearly impossible.


Rusty nails can also be a false positive. Nothing is perfect but you always have to evaluate your threat profile and mitigate accordingly.

The later scanners filtered out such false positives with extended harmonic analysis.

Are there any bugs that masquerade as normal devices such as phones in a time-frequency sense, such that they blend in the environment as phones. Polymorphic bugs? Bugs that change their signature.

One more question: are there any bugs that shut down if there is no chatter in the spectrum... Say, if it's a noisy environment (frequency wise) with many phones and devices, the bug blends in and transmits. If it gets quiet, such as when phones are being turned off or distant, then there's something fishy and the bug suspends its operation?


> are there any bugs

They aren't usually off-the-shelf. They're custom, and can be as smart as the builder wants to make them. (working within constraints like size and power supply)


I didn't mean off-the-shelf necessarily. I should have said "are there any documented instances" or something to that effect.

ah. The only documented instances of bugs I know of are in the spy museum in DC, which btw is a fantastic place to visit. The rest, AFAIK, are held close to the vest. I bet there's an amazing museum somewhere inside of the CIA though.

How about, get your bug to connect to an open Wi-Fi hotspot, pretending to be a printer or something. :)

it would be interesting to see what the waterfall charts of these looked like, and I can't tell if there is enough info in the article to produce a gnuradio flowgraph for any of them. it could be a fun retro spy tech project.

In practice most audio channels are low-pass filtered and bandwidth limited, so I'm guessing that these modulation techniques are not going to work. Also, we have digital methods now.

These are techniques for modulating audio onto a radio signal, I think the article didn't make that very clear.

Oh crap... the Scanlock Mark VB receiver shown on that picture is really similar to the Autolock 7 receiver I snatched at a flea market for a song many years ago, and after finding absolutely nothing about it online sold it on Ebay for like 3 songs. Had I known it was a bug finding device I could have donated it to the Cryptomuseum.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: