If possible, the radio should be capable of Single Sideband (SSB) reception. This is usually indicated by either the presence of USB and LSB modes, or a BFO (Beat Frequency Oscillator. Many Spy Number Stations transmit in sideband, and most others are often best received in sideband mode.
If possible, an outside antenna is always preferred for best shortwave reception. If this isn't possible (due to apartment or townhouse rules, for example), an indoor antenna can still be used. When I was living in an apartment, I made an effective antenna by wrapping many turns of wire around a piece of PVC pipe, which I hung above the window where a curtain rod would go. There are always possibilities.
Here in North America, the most commonly heard Spy Number Stations are probably the SS/YL/5FG stations.
A brief explanation about the naming nomenclature of these stations. The general format is language/sex/group size. The SS means Spanish, other possibilities are EE for English, or GG for German. Other less frequently heard languages include Chinese, Russian, Czech, Polish, etc. I have never heard (or even heard of) a Spy Number Station using French. Odd, isn't it?
The YL refers to the sex of the voice, YL is female (a ham radio term, meaning Young Lady) and OM is male (another ham radio term, meaning Old Man). The 5FG means that the groups are transmitted in five figure words, that is a string of five numbers. Other common formats include 4FG for four numbers, and 3/2FG which is a particular case of five figure words with a pause between the third and fourth numbers. Some stations don't transmit numbers, but instead use Phonetics, which are words that stand for letters, such as Alpha for A, Bravo for B, etc.
Take a look at my description of the various types of Spy Number Stations commonly heard.
Each broadcast usually starts with a preamble that is transmitted for a few minutes before the message. This gives the intended receipient (and you!) time to tune in the broadcast. This preamble usually contains the address of the recipient, as a number. After
After this preamble, the length of the message to be sent is usually given as the number of figures. Then the message begins. Some types of stations repeat each figure, others repeat the entire message after it is sent the first time. Most stations then transmit a word to indicate that the transmission is over, such as "final", used by many of the Spanish language stations.
To be kept up to date with Spy Number Station transmissions, you may want to join the Spy Number Station Mailing List. It goes out weekly, and contains loggings and other information supplied by other subscribers. It's free, and you can join by visiting www.qth.net.
One of the first methods used a substitution of letters. It is believed that Caesar used this system. For example, the letter A could be substituted by F, B by G, and so on. Or, a completely random substitution system could be used.
Letter Substitute Letter Substitute A X N C B L O Z C K P T D Q Q F E D R V F R S G G N T M H A U U I W V H J B W O K Y X J L E Y P M S Z I
Unfortunately, this system quickly falls prey to analysis. There are well known tables of the frequency of occurance of each letter in the English language. Given a large enough amount of ciphertext, it would be possible to determine at least some of the more commonly used letters. By examining the partially decoded text, it would then be possible to make guesses at the other letters, by looking at partially decoded words.
Frequency, expressed per 100 letters: 13 9 8 8 7 7 7 6 6 4 4 3 3 3 3 2 2 2 1 1 1 - - - - - E T A O N I R S H L D C U P F M W Y B G V K Q X J Z
A slightly more advanced system could change the substitution used throughout the message by a known algorithm. Unfortunately this method can also be sucessfully attacked, given enough ciphertext. With the computing power available today, any such system could easily be broken, even using a personal computer.
Today there are encryption methods employed by computers, which make use of complex encoding methods using large numbers as keys. These systems too can be broken, given enough computing power. And the National Security Agency is the world's largest buyer of supercomputers!
Plaintext: R A D I O H A B A N A I S B O R I N G Equivilent: 18 1 4 9 15 8 1 2 1 14 1 9 19 2 15 18 9 14 7 Using the table of truly random numbers from the one time pad: 47693 94573 18483 59384 51839 47263 58347 21634 59347 73633 04732 38483 63933 74342 03843 37549 45839 59843 94784 83744 28483 93843 47539 72384 19383 94833 03484 58393 ... Add the cipher equivalent to the random key: R A D I O..... 18 1 4 9 15 47693 94573 18483 59384 51839 ----- ----- ----- ----- ----- 47711 94574 18487 59393 51854 Transmit new cipher text: 47711 94574 18487 59393 51854..... The recipient has a copy of the same pad, and uses the same set of random numbers to decrypt the message (in this case subtracting the random number from the transmitted number to produce the plaintext.
As you can see, the secret is the use of a set of random numbers to encrypt the message. Other encryption schemes can be broken because if an algorithm is used to encrypt the message, it is possible to deduce that algorithm. With the one time pad, purely random numbers are used. There's no algorithm to generate them, so there's nothing to break. Of course, this assumes that truly random numbers are used. Sophisticated techniques are available for producing random numbers, including the decay of radioisotopes. I also understand that CDROMS are available which contain nothing but random numbers. The random number generators in most personal computers do use rather poor algorithms which don't produce truly random numbers.
As the name implies, the secret is that the pad is only to be used once. This ensures that enough ciphertext is not available to make use of statistical code breaking methods. And, should that code become compromised, no other messages are subject to decryption.
And as it turns out, the pads are actually physically quite small. Russian pads by the 1960's were the size of postage stamps (read with a magnifying glass). Later they became microdots, requiring a microscope to read them. This made it possible to hide them quite easily. The pad could literally be the period at the end of a sentence in a letter! This allowed the pads to be easily conveyed to agents in the field.
As it turns out, one time pad systems have been broken. Perhaps the best publicized case is the decoding of Soviet KGB and GRU messages during World War II by American code breakers. Information about the VENONA project is available on the NSA web page. Supposedly, the Soviets broke the cardinal rule of one time pads, they used them more than once!
So, how do Spy Number Stations encode their messages. Due to the relatively short messages (sometimes 20 or so groups) often heard, it is unlikely that individual letters are encoded. It is possible that each group represents a word, or perhaps even some represent common phrases. Some groups could represent individual letters, for when it is necessary to spell out a name or location. It is also possible that some common words or phrases can be represented by more than one group, this should make attacks on the code much less sucessful.
With a five digit code, 100,000 possible words or phrases could be encoded. A four digit code could encode 10,000 possible words or phrases. But that brings up an interesting point. Just because the message is sent as blocks of four or five digit numbers does not mean that is the actual entryption system used! It is quite possible that they are transmitted that way to make it easier for the agent to copy the message. People deal with short numbers much better than long ones. The actual encryption system could make use of six digit numbers, with 1,000,000 possibilities. This would allow practically every word in the English language to be encoded.
Many descriptions of cryptography that I've read often display ciphertext in five character/digit blocks, so this seems to be standard. That being the case, the fact that Spy Number Stations transmit messages in five (or sometimes four) digit blocks probably has nothing to do with the actual size of each unit of ciphertext.
It is quite likely that not all, in fact perhaps very few, of the messages transmitted are actual messages to agents. For example, the SS/YL/5 stations seem to transmit two types of messages, those of a length of exactly 150 groups, and those with fewer (usually much fewer) groups. The 150 group messages are by far the most common. They could be training exercises, or dummy messages, designed to confuse the "other side's" cryptographic forces.
It's also probable that many of the other messages are also false. It may be desirable to trick the opposition into thinking that you have more agents than actually exist. What better way than to send lots of messages to them?
Further backing up the belief that some of the transmissions of for training purposes are the observed broadcasting schedules. Transmissions from the NCS site in Remington, VA have been observed in the 60 meter band during the daytime. This frequency is much too low for propagation outside of North America. These broadcasts may be used to train agents before they are sent into the field.
Some very curious observations may also be made:
Several recent books about spies that have been caught reveal that they often received messages by copying numbers broadcast over shortwave radio. Sounds a lot like the Spy Number Stations we know and love. Yet, no one from within the intelligence community (of any nation) has revealed any information about these broadcasts, even retired persons. It would be nice to get just a little confirmation about the purposes of these broadcasts, even without compromising agents or national security.
Second, it allows a large number of agents to be contacted at the same time. One broadcast can be received by all agents in a given area.
Finally, it may be the most suiable method to reach agents who live in remote parts of the world, where modern communication facilities do not exist. Indeed, there are still many parts of the US where an internet connection is not a local call!
Modified 26 April 1997
(C) Copyright 1997 Chris Smolinski, All Rights Reserved