Aircraft sends interesting number message

ACARS is Aircraft Communications Addressing and Reporting System. The originating aircraft, registration number VP-BWA is an Airbus 319-111, was on its way from Vienna to Moscow, when it transmitted classical number groups extremely typical and consistent with modern shortwave radio's number stations. My properly informed friends tell me that international regulations do not allow the ACARS to be used for espionage purposes.

The typical content of an ACARS message is an estimated time of arrival, a 4-character airport code, and some terse, telegraphic readable content.

Don't ask me how I got this :-)

The same Russian in USA obtains a schedule of NATO plans

Our bot has found the following message from August 2007 - the Russian already has the schedule of upcoming NATO exercises:

The source is the same as in this post. Who could this guy be?

Russian illegal in US reports on military traffic?

This is an unexpected harvest my bots brought in:


It shows that somebody very loyal to the Russian Federation, and not associated with the Russian Embassy in USA, has easily intercepted US-UK radio traffic. The first message deals with a mysterious emergency search and rescue by NATO in the Atlantic. The second message, stored on an unnamed server, this individual says that he left his recording equipment listening to the 6697 Hz frequency, Upper Side Band, RATT transmission mode. What he picked up is a Nimrod, a British maritime surveillance plane leaving US on the way to RAF Kinloss. The Russian listener appears to be professionally experienced in the US-NATO radio traffic patterns. The telegraphic style of the message is chillingly old school.

Do you see anything consistent with the material in this post?

More Siteseeing of Russian Secrets

• A well-defined, staggered pattern ABM site housing Gazelle missiles, 55°34'39"N 37°46'15"E
• Federal State Unified Facility, officially an establishment similar to U. S. General Services Administration, comprising of a concrete plant, miscellaneous warehouses and numerous sheds - except it is under the FSB command, 55°33'55"N 37°45'24"E
• GRU's OSNAZ (ЦРПУ) unit 309 is based at the Military Detachment 34608 here 55°22'8"N 37°28'45"E
• Recently declassified village of Berezki, containing a secret communication facility that has since passed on to Rostelecom for an unspecified use, 55°14'53"N 37°31'10"E
• summer cottages for KGB's 15 & 16 Departments, 55°15'1"N 37°25'22"E
• GRU and SVR summer cottages, 55°14'50"N 37°24'45"E
  
• A seemingly abandoned site known only as "UTK" that is reported to be an engineering reconnaissance training center, and guarded by armed roaming patrols, 55°11'27"N 37°39'17"E
• Rostelecom satellite communications support facility, with huge, dome-enclosed satellite dishes 55°45'31"N 38°39'34"E
• Former ammunition depot, the traces of which is visible in the tell-tale pattern, the rectangular off-limits perimeter now serving as a training center for armored corps 55°56'37"N 38°28'47"E
• Military Base, a Military Detachment, detachment number undisclosed 55°48'36"N 37°55'31"E
• FSB Training Center and Military Detachment No. 2056, also home to the Border Guard training center; an off-limits, well-guarded Microbiology Research Facility is located less than 1 km NE of the military base, at 54°58'23"N 37°13'25"E
• Headquarters and Operations Center for the important Early Missile Detection (Warning) Strategic System, including a Don or Dunay phased array, at Kurilovo, 55°4'1"N 37°2'45"E
• Military Detachment No. 64035, (Long Distance Communication Unit), together with the General Staff Communication Center, all inside the formerly classified city of Chekhov-3, 55°8'50"N 37°16'50"E
• Declassified town of Zarya, 55°45'31"N 38°4'56"E, associated with the Strategic Air Defense Headquarters 4.5 km WNW at 55°46'37"N 38°1'15"E
• One of the first and few baseball diamonds in Russia, at 55°47'45"N 38°1'2"E, which unwittingly served as a recce scale reference for metrics on the nearby Severniy-2 (55°47'47"N 38°1'26"E) classified town converted into summer cottages for the Defense Ministry's flag officers, and for the Strategic Air Defense Headquarters, see above, one of the terminal stations of the Moscow's secret subway.
  

Secret Russian Facilities, An Eye On Gold

• Russian Air Force Materials Research Center (ВИАМ) 55°45'50"N 37°40'39"E
• A Military Transport Park 55°36'51"N 37°27'45"E
• The SVR Headquarters 55°35'1"N 37°31'2"E
• A C-300 Missile site E. of Moscow 55°47'47"N 38°21'28"E,
• next to C-25 55°47'54"N 38°20'58"E
• High Command College For The Lines of Communications and Engineering Corps (MVKUDIV) Training Center 55°57'57"N 38°23'51"E
• Makarov Missile Support Center 55°59'43"N 38°20'14"E
• The 51st Kilometer Testing Grounds 55°58'20"N 38°16'59"E
• An antenna Farm, officially as a Mayak radio station, 56°3'50"N 37°56'50"E
• An off-limits part of a reservoir, classified, recent bathing unempeded 56°1'53"N 37°48'0"E
• An ABM site (Про А-135) a base for relatively new Gazelle and Gorgon missiles 56°10'51"N 37°47'13"E
• The modified Don 2NP large multifunction phased-array radar at Pushkino 56°10'18"N 37°46'14"E
• A Military Shooting Range, formerly tank, allegedly sniper, 56°10'40"N 37°11'46"E
• Early Warning System Command Center near Solnechnogorsk, 56°14'29"N 37°0'49"E
• The rebuilt Aquarium, the famous GRU headquarters, 55°46'55"N 37°31'24"E
• The Ministry of Defense Auto Pool 55°46'38"N 37°32'26"E
• The President's Transportation Support Facility 55°46'3"N 37°31'16"E
• US Embassy's Summer Cottage 55°47'15"N 37°24'49"E
• The Military History Archives 55°46'4"N 37°41'7"E
• The Bauman College, or Moscow State Technical University, for Special Technologies (satellites, missiles, warheads and ammunition) 55°46'11"N 37°41'26"E
• Federal State Unified Facility "Salyut", a jet engine factory supplying AL-31F powerplants for Su-27
  

Numbers stations, CPU signals, Russian poker

The numbers station have been outdated. The new smart and wily kid on the block is actually the old cyphertext. Not only does the text look innocent, having been encrypted with NORVA, but it also serves as a vehicle for unrelated, second purpose messaging.

Thus, a message in NORVA

LITTLE JENNY TAKES SAWFLY LINE LEAF RISES SUNNY DAY

Besides conveying a message the likes of

DO NOT SEND DATA CHANNEL BRAVO KEEP GOLF OPEN

The secondary meaning of the NORVA is

573917739

which could stand for anything, unrelated to the plaintext.

@@@@@@@

The new methods of the side-channel attack are the CRT diffuse visible light scan (link to PDF), CPU’s HLT state pickup, HD head seek scan.

It is also possible to distinguish various behaviors of CPU and memory operations. This is observed for artificial cases, like cycles of various CPU instructions, as well as for real-life cases, like RSA decryption.

A low-frequency acoustic source yield information on a much faster CPU in two ways. When the CPU is working on a long operation, it creates a characteristic acoustic spectral signature. Second, the temporal information about the length of each operation is obtained, and this can be used to launch a timing attack, especially when a cryptomaster can affect the input to the operation.

The valuable acoustic information lies above 10KHz, whereas typical noises, including computer fan noise, are found at lower frequencies and can thus be filtered out by proper equipment. In a task-switching systems, different tasks can be distinguished by their different acoustic spectra. When several computers are present, they can be told apart by their unique acoustic signatures, since these are dictated by the hardware, the component temperatures, and other environmental conditions. Very similar to working submarine passive sonar. Here is when SALWISS comes in handy.

The CPU instruction that is the least difficult to detect is the 80x86 HLT instruction. This instruction puts the CPU into a low-power sleep phase until the next hardware interrupt. Modern CPUs temporarily shut down many of the on-chip circuits, thereby significantly lowering power consumption and altering acoustic emissions for relatively long time. The difference between active computation, which never involves HLT instructions, and an idle CPU, where the kernel executes HLT instructions in its idle state, is very distinct. If the only program open is a cryptographic application, then this already suffices to detect the moment the program wakes up for input and when it finishes its cryptographic tasks, and this information can be used to launch timing attacks. There are, of course, other, subtler acoustic cues that carry detailed information.

***********

I hope more of you knew of Alexander Zaporozhsky. He is the one who helped CIA to bust Hansen. The Russians outsmarted Langley by letting Zaporozhsky visit Moscow unencumbered, building up his feeling of a secure status quo. His last visit was a result of his own yearning to come, entirely oblivious to the intensive operation culminating with his arrival in Moscow for the last time, putting an end to his cushy life in a Maryland suburb.

It seems (hoping against hope that it is no more than “seems”) that while the US security organizations are preoccupied with politically correct policies reflecting the views of new world order, grand new democracies and nation building, Russia, now rid of ideologies that used to guide USSR and KGB till the point of bankruptcy, has succeeded in streamlining its security operations into a no-nonsense, low-profile, mean, lean spying machine.

Nobody got lucky with the original NORVA message (see below).