Russia hacked lightweight FBI radios

[INDY72]

We get 2 a week usually with the IMPD Surveillance one at the same time. And yes it's when they are doing sweeps etc.

 

[zz0468]

i prefer a little bit of security through obscurity. Home WiFi is “Home”, phone is “phone”, tablet is “tablet”, etc. It makes it harder for targeted attacks.

I take a similar approach, except I use the names of very obscure 3rd or 4th magnitude stars. If someone sees a wifi node named sadalachbia or shiliak , they'll have no idea what it is. And no, neither of those are in use by me.

 

[PrivatelyJeff]

I take a similar approach, except I use the names of very obscure 3rd or 4th magnitude stars. If someone sees a wifi node named sadalachbia or shiliak , they'll have no idea what it is. And no, neither of those are in use by me.

when I setup someone’s WiFi, I usually go with their favorite pet and append “net” to the end. If I lived in a dense neighborhood I would be tempted to put up a hotspot with multiple AP names, all directing them to how it’s a bad idea to use open hotspots. Or put one up called “free porn” and then force all the traffic to either a graphic adult site, or some church website.

 

[szron]

I know for a fact that FBI has some great people who are really knowledgeable about comms but I'm assuming that they are far and between and not everywhere.

It would seem that FBI would know that keys need to be regularly changed and IDs randomized.

 

[com501]

It would seem that FBI would know that keys need to be regularly changed and IDs randomized.

This is the same FBI who can't seem to avoid sweeping each other with loaded weapons at the range?

 

[RFI-EMI-GUY]

None of this tech is going to be entirely foolproof in a cat and mouse game like the US and Russians are involved in.

Ideas;

Your adversary uses strong encryption but you have determined what radio models and frequencies they use. Countermeasure: a scanning receiver to pick up the receiver LO and transmit frequency they use. If you hear hash on the channel, you know they are busy today. If you pick up the LO of a radio, you know they are nearby.

Your adversary uses those fancy new encrypted blue tooth headsets. Countermeasure: a receiver to detect BT emanations. The continous ones are phone users and music pods. Ignore those. The intermittent ones are FBI walkie talkie traffic.

Your adversary still uses a magnetic coil and Phonak earpeice. Countermeasure: Drive a vehicle nearby with a huge magnetic coil driven by a siren amplifier. See who flinches..

 

[INDY72]

He gots speakers I'm gonna turn on my homies with cb doin a zillion watts driving round mumbling and spitting crap on 11 etc... If they are in close range you only hear them on all speakers. Period. Lol.

 

[RFI-EMI-GUY]

He gots speakers I'm gonna turn on my homies with cb doin a zillion watts driving round mumbling and spitting crap on 11 etc... If they are in close range you only hear them on all speakers. Period. Lol.

Many moons ago, I lived in an efficiency apartment that was carved out of a 2BR. The electrical circuits (and phone!) were shared. The neighbor next door, who I never saw because they had a different entryway, liked to play terrible music very loud and late at night. I found out quite "by accident" that a VHF portable radio coupled into my lamp cord would cause his stereo to create a huge buzz. So I taught him (Pavlov method) that his stereo would "malfunction" above a certain sound level. Later I had some odd calls on my phone bill and found that he had plugged in a phone on his side and it was actually on my line. That was when evil Bell Telephone ran the show. They fixed him pretty good.

 

[prcguy]

I found a brochure on the Racal MSHR radio, which I may be the one that was in use during the hacking. Since these have embedded Type 1 crypto and most were destroyed, its probably one of the rarest hand helds you will ever find in civilian or collectors hands. Only a small number were demilled removing only the Type 1 crypto and are still otherwise usable in other modes.

These were the predecessor to the MBITR and are fully front panel programmable.

 

[W5lz]

This is just another attempt at notoriety. If you think for one minute that others (not just Russians) aren't trying to 'hack' any/all types of communications you are being sort of naive, of course 'they' are. That 'they' also includes countries that are friends, you know? It's very, very common and we do it too. So, what's so sensational about it?

 

[prcguy]

Its not sensational to me but I find it interesting and I'm curious as other are on what radio and crypto was hacked.

This is just another attempt at notoriety. If you think for one minute that others (not just Russians) aren't trying to 'hack' any/all types of communications you are being sort of naive, of course 'they' are. That 'they' also includes countries that are friends, you know? It's very, very common and we do it too. So, what's so sensational about it?

 

[RFI-EMI-GUY]

This is just another attempt at notoriety. If you think for one minute that others (not just Russians) aren't trying to 'hack' any/all types of communications you are being sort of naive, of course 'they' are. That 'they' also includes countries that are friends, you know? It's very, very common and we do it too. So, what's so sensational about it?

It is surprising the FBI let it slip that they were caught with their pants down. Maybe they are trying to get those AES256 upgrades financed. Next we will learn AES256 has been hacked using borrowed bit coin mining gear.

 

[W5lz]

...and you are assuming that this actually happened.

 

[poltergeisty]

Next we will learn AES256 has been hacked using borrowed bit coin mining gear.

An ASIC isn't made to crack that sort of thing. I wish it was. LOL

 

[prc117f]

My bets here are the Russians probably were tracking the encrypted simplex communications of the FBI's counterintelligence teams. I believe even in 2012 those would have been simplex P25 encrypted with AES-256.

If the Russians simply sent out a subject they suspected of being watched by the counter intelligence teams and then had their own teams monitor for encrypted P25 simplex comms within the general vicinity of the subject, they would know that the subject was indeed being watched.

Even though it's almost certain that the Russians were not able to actually decrypt AES-256 P25 transmissions, there are a number of key meta-data variables in the FBI's simplex P25 communications that would be available. The Unit ID of the portable radio, and the current KeyID of the AES-256 encryption. Presumably, the counter-intel teams had their own personnel assigned radios which have unique P25 unit IDs, and most likely had their own team unique AES encryption keys loaded into the radios.

If you couple the ability to monitor each of those metadata variables with knowing that simplex communications are short range (local to just you) and even employ some rudimentary DF (direction finding) capabilities into the equation, and it would be very simple for the Russians to determine which of their assets were being tracked by the FBIs counter-intel teams, and even possibly which individual agents were part of the tracking and close to the target (by cross-referencing P25 unit IDs)

that sounds like the popowatch system. Used by MS13

 

[RayAir]

It is surprising the FBI let it slip that they were caught with their pants down. Maybe they are trying to get those AES256 upgrades financed. Next we will learn AES256 has been hacked using borrowed bit coin mining gear.

Not going to happen!
Forget AES-256. Consider AES-128.
If some machine existed that could test 2^80 possible key variables a second (that's 1,208,925,819,614,629,174,706,176 keys a second) which is very unlikely to exist anywhere, it would take that machine about 100,000 years to test just 1% of the key space.
For AES-256 multiply 100,000 years by 2^128 to test 1% of the key space.

 

[RFI-EMI-GUY]

Not going to happen!
Forget AES-256. Consider AES-128.
If some machine existed that could test 2^80 possible key variables a second (that's 1,208,925,819,614,629,174,706,176 keys a second) which is very unlikely to exist anywhere, it would take that machine about 100,000 years to test just 1% of the key space.
For AES-256 multiply 100,000 years by 2^128 to test 1% of the key space.

The vulnerability will likely be found in the algorithm , or implementation, not the key length.

Enigma M4 had a key length of 87/88 bits and was cracked in WW2 using mechanical stepper relays.

 

[Mobby1-Kenobby]

I'm going to go out on a limb here and bet that those light weight radios that the Fed's were using were the Motorola T6300 FRS models with the scramble code set to 1. FRS is the Feds Radio System isn't it ?

 

[slicerwizard]

The vulnerability will likely be found in the algorithm , or implementation, not the key length.

Enigma M4 had a key length of 87/88 bits and was cracked in WW2 using mechanical stepper relays.

Enigma used incredibly weak encryption. AES is a peer reviewed algorithm and for the last 21 years, expert cryptographers haven't managed to put a dent in it.

 

[poltergeisty]

If I'm not mistaken, Enigma was solved due to a German sub hijacking and I think an Enigma machine was found and used at Bletchley Park. I can't remember now.

Then the Japanese had JN-25. That was my Blockbuster password all those years ago. LOL