> Fernandez, who more than two decades ago published a four-CD audio compendium of hundreds of recordings from around the world called the Conet Project. It's considered the Bible for numbers-station enthusiasts.
The Conet Project is an interesting listen -- very analogue, Cold War-ish, and a bit sinister. Seems to be available on the Internet Archive at https://archive.org/details/The-Conet-Project
Fans of the band Wilco will recognize one of the Conet Project's recordings as the source of the woman repeating "Yankee Hotel Foxtrot" in the song "Poor Places" from the eponymous album. Wilco failed to license the sample and the resulting lawsuit gave the Conet Project a portion of Wilco's royalties on that track.
Why would they need to license the sample? You don't own the copyright for something just because you recorded it off the radio, that's silly. I looked it up and the station in question was operated by the Israeli government, so presumably they would be due the royalties. https://priyom.org/number-stations/english/e10
This reminds me of Bridgeman Art Library v. Corel, which established that copying someone's photograph of a public domain painting is not a copyright violation, as the photograph is not copyrightable under US law. https://en.wikipedia.org/wiki/Bridgeman_Art_Library_v._Corel....
Sure, but there's an element of creativity there (what parts to focus on, how much you zoom in, how closely you follow the motion) vs. simply turning a radio on and pressing record, with the intention of producing a 1:1 recording of what's being broadcast. All the creative parts of the Conet Project recording (the message to broadcast, the way it's formatted, the voice samples used, etc) were done by the Israeli government, not the Conet Project.
TLDR: you're basically applying the US standard to something that has been released worldwide, and US intellectual property law is known to be one of the most lax when dealing on derivatives (Feist Publications, Inc. v. Rural Telephone Service Co.). Without saying that the original broadcaster/s do not held any copyright (because, of course, there is a reasonable claim for their copyright), there are two good candidates for the Conet Project's case, both hinging on European IP laws.
The first one is the "sweat of the brow" concept, where effort (not originality, or at least not significant originality) is the determiner. Because this was released in 2001, most European jurisdictions (like Britain's "skill and labour" and Germany's Leistungsschutzrecht) still had this concept. Because the collaborators of the Conet Project did exert significant effort here (they didn't just tune, but significantly denoised and made it reasonably intelligible), it could be argued that they held a new copyright on these works. New laws now significantly tilt towards the creativity/originality concept, but this is usually not a retroactive claim.
The second claim (and the reason that I said IP laws, not specifically copyright laws) is that Europe (incl. UK and Russia) has database rights which does not exist under US law (again, Feist v. RTS). Even if the Conet Project release is ineligible for copyright in most European jurisdictions (and I doubt it due to the non-retroactivity of these laws), they can still point out that the curation of the work provided for enforcement of database rights.
There is actually a third claim (although weak), based on the first publication of a recording of a performance (phonogram rights). This also exists under US laws, although I will be sure that the first "publication" is the broadcast, especially if it was also aimed in the US. (This is the reason why "sampling" some music is considered an IP infringement.)
P.S. If you think that US IP laws are bonkers, try to navigate European IP laws (it's not even harmonized inside EU). There's even a "Copyright in Typographical Arrangement" (UK) where even assuming that the text itself is not copyright, scanning the page might put you into a lawsuit (https://cdn.nationalarchives.gov.uk/documents/copyright-typo...)
The location of this transmitter is a shortwave transmission facility within a US military base in Böblingen, 15 km southwest of Stuttgart, Germany. The coordinates:
If its being broadcast by the US military or the CIA, why Persian?
Because they're issueing activation orders to their network of ani-regime operatives inside Iran? Who, mysteriously for spies, only know that language?
Or because they want the Iranian government to think that? And a numbers station broadcasting in - unusually - Persian, is an easy way to get the attention of the Iranians?
The CIA recruits a lot of Iranians to spy for them. Since the Internet is a thing, they typically communicate with them that way. For example, in the 2010s the CIA ran hundreds of fake news, sports, travel, religious, etc. websites, where typing a password into a search box or other text field would open a hidden message area where operatives could read messages from the CIA and send back information. This network was eventually destroyed and hundreds of sources were arrested because the CIA made the error of using the same few messaging scripts and hosting the sites from a few contiguous IP blocks, but it's a good idea of how they generally operate. See here for more info: https://www.reuters.com/investigates/special-report/usa-spie...https://cirosantilli.com/cia-2010-covert-communication-websi...
However, since the US-Israeli bombing of Iran on Feb 28, the Iranian government has shut down the whole country's Internet access. This means that the CIA needs another way to send information out, hence the numbers station.
I wonder why they keep using a dedicated numbers station instead of embedding the code in a regular radio broadcast on a traditional channel? I'm sure that even before LLMs one could find a way to create a story where certain numbers / code words would be embedded without altering the underlying story too much. And they could probably get BBC / whatever station to air it. It would be a bit less inconspicuous to listen to BBC than to a dedicated numbers station, even if the message would be undecryptable either way.
> "I'm sure that even before LLMs one could find a way to create a story where certain numbers / code words would be embedded without altering the underlying story too much."
It's called steganography, and it's a centuries if not millennia old technique.
> The first recorded uses of steganography can be traced back to 440 BC in Greece, when Herodotus mentions two examples in his Histories. Histiaeus sent a message to his vassal, Aristagoras, by shaving the head of his most trusted servant, "marking" the message onto his scalp, then sending him on his way once his hair had regrown, with the instruction, "When thou art come to Miletus, bid Aristagoras shave thy head, and look thereon." Additionally, Demaratus sent a warning about a forthcoming attack to Greece by writing it directly on the wooden backing of a wax tablet before applying its beeswax surface. Wax tablets were in common use then as reusable writing surfaces, sometimes used for shorthand.
Seems to me like coordinating with an entity outside of the spooks' control, such as the BBC, would give more opportunities for leaks. It would also reveal some information about who is controlling the signal--someone with some kind of relationship with the broadcaster.
During WWII, the BBC would daily have a section after the news dedicated to "personal messages" - which everyone knew were instructions to the resistance in France, or similar. "William waits for Mary" was one of the more famous ones related to D-Day, I think.
Because you can drive intel analysts crazy with this one weird trick. They know you can't decrypt one time pads, but they can't resist checking for entropy and trying to match it to known OTPs they may have acquired through intelligence channels. Running and programming the shortwave transmitter is dirt cheap; tying up some of opponents' SIGINT resources on a wild goose chase is good value for money.
Roosevelt told the Shah that he was in Iran on behalf of the American and British secret services, and that this would be confirmed by a code word the Shah would be able to hear on the BBC the next night. Churchill had arranged that the BBC would end its broadcast day by saying not 'it is now midnight' as usual, but 'it is now exactly midnight'
who's to say they aren't doing both? They may not even be sending anything over the number station; these stations will continue on a schedule even when there is nothing to say and nobody is listening because it makes it harder to eek out a foothold in the event of a weakness in the encryption.
Even if the encryption is one-time pads, if you broadcast a bit every day then you don't warn the enemy that something's up by the fact that you're transmitting at all.
However, the numbers stations transmissions are never a big secret. They're intentionally powerful so someone can pick them up on simple equipment without raising suspicion. A person can modify an off-the-shelf AM radio to pick up shortwave, for example, even in an oppressive regime.
It's a one-time pad, so the encryption is unbreakable.
I can't find it immediately, but I've read about something even sneakier than this. A standard broadcast station was modified such that its carrier signal was modulated by a PSK signal. The intended listener would use e.g., a PSK-31 modem to listen to the carrier signal and would be able to obtain the encoded digital data. Everyday listeners would hear the regular broadcast. The station involved _might_ have been a BBC station, but I don't recall.
You could technically just transmit data via RDS, too. Change a letter here and there and nobody would know whether that’s a decoding error or actual ciphertext. (Would need some kind of checksum or so, of course.)
@windytan did a fascinating audio clip highlighting the RDS data stream in a radio recording some while ago:
Shortwave propagates better and also its just a one time pad being distributed so embedding doesn't matter as much as long as the one time pad is longer than the intended message to send. There is no way to decrypt it because once you encrypt a message using a one time pad it is impossible to decrypt without the exact one time pad that it was encrypted with.
One time pads work only if only the sender and receiver have a copy of the pad - and they destroy each sheet on use. Distributing the pads is hard, but often it can be done easier than the message.
Distributing a one time pad like this is a stupid idea: it isn't hard to collect everything you ever send, and it takes a computer a few ms to check every encrypted message against every possible sequence. That is breaking a distribute one time pad via shortwave like this is something a single layperson can do, it doesn't even need a government scale attacker to break it.
Don't get me wrong, this can be used for good encryption. However it isn't a one time pad they are doing, it is something more complex.
Every message is equally likely when you attempt this kind of brute-force decryption with a one-time pad. The code you get is actually 100% unbreakable if the pad isn't intercepted.
I think there's some confusion in this thread. GGP talks about distributing the one time pad via the numbers station. GP (rightly) says that's a stupid idea.
The numbers station should be transmitting a message encoded with a one time pad. The one time pad itself should be physically given in person to the spies who you want to communicate with.
Or, if one is uncertain whether to trust the courier between you and your spy - one can send two different one time pads by two different couriers. If the spy is trained to xor those pads together before using, an enemy must intercept both pads to be able to read your messages.
There are many variants on this, including pads which you hope your enemy will intercept.
It's not a one-time pad being distributed, because leaking the pad leaks all your communications. It's almost certainly the actual messages being distributed, at specific times of day. The listener records the numbers for the known time period to get the message, then decodes it with their pad for that period. Then they destroy that pad. Continually broadcasting numbers makes it impossible to tell the length of the messages.
Sure, but that would be a benefit, I would think. Most old cars come with an AM/FM radio, most cheap phones now have FM (? I don't know about AM, don't think so) and so on. So it would be more inconspicuous to listen to a regular radio than to a special station on special hardware. You don't even have to broadcast from EU, you could probably purchase some Radio Quatar Classical Rock or something :)
Radios capable of receiving shortwave bands aren't exactly rare among normal people. They're not really "special hardware". Just owning one would not be inherently suspicious.
What would be suspicious is being in possession of the one-time pad needed to decode the messages, regardless of which media those messages are transmitted through.
For the record, "numbers stations" can be found in nearly every communication medium, including the web. The advantage of using shortwave (range, primarily) are large enough that the benefits outweigh the drawbacks.
> What would be suspicious is being in possession of the one-time pad needed to decode the messages
Would it though?
All you need is something with sufficient entropy. I reckon you could do a "good enough" job with any plausible-looking data you have lying around on your hard disk right now. Say for example if you took a couple of sha256s of any random image you might post on social media, you'd have quite a lot of key right there.
It was once common knowledge that VHF radio ("FM") typically doesn't travel over the horizon, LW and MW radio ("AM") travel by ground wave and are regional, but that you need shortwave kit for international and global communications.
Quite how a reader on a modern technical news site is unaware of this (no, you can't send direct messages to spies half way around the planet to be received on an "AM/M" car radio) shows just how common public knowledge of radio communications has faded over the last few years.
This reminds me of UVB-76[0], a shortwave military radio in Russia. It would be interesting know why they're using this method to communicate covertly rather than beaming down messages to a phone via satellite or something. I'm not an expert on radios, though, so maybe it's not as clunky as I'm imagining where an undercover asset is hauling around bulky equipment.
It’s simple, reliable, and effective. Shortwave receivers can be made fairly compact. They’re also very prevalent in most countries (every ham transciever), so there’s nothing suspicious to pack. People find numbers stations interesting, so they are often streamed online. One time pads have their logistical shortcomings, but are still the best encryption possible. The OTP can be compromised in known, visible ways, where a phone has myriad invisible ways to be compromised.
You could probably cheat with the one time pad and use a book as a key, pick a pre determined starting point go diagonally down accross the page convert the letters to numbers and xor that against the message. It would be near enough to random and less conspicuous than a pad of random numbers when searched.
You could probably do something to increase the apparent entropy like xoringing it with an irrational number like tao or pi starting with a digit determined by the date.
Like the article says, satellite messages can be traced while radio is broadcast to everyone so it's impossible to find out who's listening. Shortwave radios are also cheap and widespread, so it's easy to get one anywhere in the world and if your house gets searched, it won't be suspicious if you have one.
Phones usually contain the hardware for radio too, so making sure agents have some set of models for that doesn't sound bad. Even if you had to use a dedicated one having a radio at home isn't that conspicuous? Or in a car, etc
perhaps they're not directed at deeply embedded lone spies with radios in their attics, but at 'military assets' which as a matter of course can receive these transmissions on a designated schedule.
So one slightly fascinating bit of number station / espionage radio lore is "RAFTER" an MI5 scheme cooked up by Peter Wright to detect the _receiver_ of the radio using emissions from the internals of the radio set (superhet mixing iirc)
121 comments
> Fernandez, who more than two decades ago published a four-CD audio compendium of hundreds of recordings from around the world called the Conet Project. It's considered the Bible for numbers-station enthusiasts.
The Conet Project is an interesting listen -- very analogue, Cold War-ish, and a bit sinister. Seems to be available on the Internet Archive at https://archive.org/details/The-Conet-Project
This reminds me of Bridgeman Art Library v. Corel, which established that copying someone's photograph of a public domain painting is not a copyright violation, as the photograph is not copyrightable under US law. https://en.wikipedia.org/wiki/Bridgeman_Art_Library_v._Corel....
The first one is the "sweat of the brow" concept, where effort (not originality, or at least not significant originality) is the determiner. Because this was released in 2001, most European jurisdictions (like Britain's "skill and labour" and Germany's Leistungsschutzrecht) still had this concept. Because the collaborators of the Conet Project did exert significant effort here (they didn't just tune, but significantly denoised and made it reasonably intelligible), it could be argued that they held a new copyright on these works. New laws now significantly tilt towards the creativity/originality concept, but this is usually not a retroactive claim.
The second claim (and the reason that I said IP laws, not specifically copyright laws) is that Europe (incl. UK and Russia) has database rights which does not exist under US law (again, Feist v. RTS). Even if the Conet Project release is ineligible for copyright in most European jurisdictions (and I doubt it due to the non-retroactivity of these laws), they can still point out that the curation of the work provided for enforcement of database rights.
There is actually a third claim (although weak), based on the first publication of a recording of a performance (phonogram rights). This also exists under US laws, although I will be sure that the first "publication" is the broadcast, especially if it was also aimed in the US. (This is the reason why "sampling" some music is considered an IP infringement.)
P.S. If you think that US IP laws are bonkers, try to navigate European IP laws (it's not even harmonized inside EU). There's even a "Copyright in Typographical Arrangement" (UK) where even assuming that the text itself is not copyright, scanning the page might put you into a lawsuit (https://cdn.nationalarchives.gov.uk/documents/copyright-typo...)
48°41'26"N 9°05'12"E
https://www.google.com/maps/place/48%C2%B041'26.0%22N+9%C2%B...
So...
If its being broadcast by the US military or the CIA, why Persian?
Because they're issueing activation orders to their network of ani-regime operatives inside Iran? Who, mysteriously for spies, only know that language?
Or because they want the Iranian government to think that? And a numbers station broadcasting in - unusually - Persian, is an easy way to get the attention of the Iranians?
I'm thinking the latter.
However, since the US-Israeli bombing of Iran on Feb 28, the Iranian government has shut down the whole country's Internet access. This means that the CIA needs another way to send information out, hence the numbers station.
It's called steganography, and it's a centuries if not millennia old technique.
https://en.wikipedia.org/wiki/Steganography#History
> The first recorded uses of steganography can be traced back to 440 BC in Greece, when Herodotus mentions two examples in his Histories. Histiaeus sent a message to his vassal, Aristagoras, by shaving the head of his most trusted servant, "marking" the message onto his scalp, then sending him on his way once his hair had regrown, with the instruction, "When thou art come to Miletus, bid Aristagoras shave thy head, and look thereon." Additionally, Demaratus sent a warning about a forthcoming attack to Greece by writing it directly on the wooden backing of a wax tablet before applying its beeswax surface. Wax tablets were in common use then as reusable writing surfaces, sometimes used for shorthand.
Of course my next thought was "Maybe they are reading the Epstein files."
However, the numbers stations transmissions are never a big secret. They're intentionally powerful so someone can pick them up on simple equipment without raising suspicion. A person can modify an off-the-shelf AM radio to pick up shortwave, for example, even in an oppressive regime.
It's a one-time pad, so the encryption is unbreakable.
@windytan did a fascinating audio clip highlighting the RDS data stream in a radio recording some while ago:
https://soundcloud.com/windytan-1/rds-mixdown
Distributing a one time pad like this is a stupid idea: it isn't hard to collect everything you ever send, and it takes a computer a few ms to check every encrypted message against every possible sequence. That is breaking a distribute one time pad via shortwave like this is something a single layperson can do, it doesn't even need a government scale attacker to break it.
Don't get me wrong, this can be used for good encryption. However it isn't a one time pad they are doing, it is something more complex.
The numbers station should be transmitting a message encoded with a one time pad. The one time pad itself should be physically given in person to the spies who you want to communicate with.
There are many variants on this, including pads which you hope your enemy will intercept.
https://spectrum.ieee.org/wall-street-tries-shortwave-radio-...
What would be suspicious is being in possession of the one-time pad needed to decode the messages, regardless of which media those messages are transmitted through.
For the record, "numbers stations" can be found in nearly every communication medium, including the web. The advantage of using shortwave (range, primarily) are large enough that the benefits outweigh the drawbacks.
> What would be suspicious is being in possession of the one-time pad needed to decode the messages
Would it though?
All you need is something with sufficient entropy. I reckon you could do a "good enough" job with any plausible-looking data you have lying around on your hard disk right now. Say for example if you took a couple of sha256s of any random image you might post on social media, you'd have quite a lot of key right there.
It was once common knowledge that VHF radio ("FM") typically doesn't travel over the horizon, LW and MW radio ("AM") travel by ground wave and are regional, but that you need shortwave kit for international and global communications.
Quite how a reader on a modern technical news site is unaware of this (no, you can't send direct messages to spies half way around the planet to be received on an "AM/M" car radio) shows just how common public knowledge of radio communications has faded over the last few years.
0: https://en.wikipedia.org/wiki/UVB-76
https://en.wikipedia.org/wiki/Operation_RAFTER