Unlike printers, every typewriter had its own individual typing pattern which made it possible to link every document to a particular machine, Izvestiya said.
I thought printouts could also be traced back to individual printers? Leaks didn't start with printers. Just ask people who leaked during the Cold War and even long before then. Leaks go as far back as when text was used for communicating confidential information. Going back to typewriters isn't going to put an end to leaks, especially when leaks having occurring since long before the digital age.
According to various news sources, they're buying Triumph-Adler Twen 180 and Olympia Comfort typewriters. Don't know about the former, but the latter seems to be a full-fledged computer, even having an option of a disk drive.
Certainly, the architecture must be ranges of magnitude simpler, compared to modern desktop computers, but still you won't know what's really implemented inside the CPU die disassembling the device and reverse-engineering all significant chips using scanning electron microscope.
there is significant time overhead and increased visibility/decreased quality(in terms of usability) in this method. a 100 page document would take a long time to photograph, but not as long to transfer, and you'd be less visible.
If you look at the last two "major" leaks (manning, snowden), they didn't involve any hacking at all. Employees simply abused their privileges to copy information.
I worked for a short while in a national lab. They used to call this "air-gap" security. i.e., there would be computers which would have no internet connection and no usb/harddrive inputs etc. If they needed data in there, they would have one person read data from one computer and type it into the secure one. Essentially there would be a literal air-gap between the secure computer and the non-secure ones.
The modern way of doing this is to have something called a 'sheep dip' station. This is an unconnected system that's used to check the contents of any import/export. The idea is that you cryptographically sign the material you want to import/export, burn it to write once media, pop it in the sheep dip box, confirm it's all hunky dory and if it is, import/export to/from the network. The media is then archived so it can be traced back.
Typically the sheep dip station has AV and some other antimalware tools, but depending on what you're trying to do you might have a dedicated sheep dip person that manually checks the content of what you're importing/exporting (particularly for sensitive IP in large engineering and research organisations). When this happens, it usually takes weeks to get anything approved for import/export.
This is fascinating! Let me understand one thing: The sheep dip station is network connected to the sealed computer? Doesn't that still pose a risk and violate the principle? It seems you'd be better off checking at the dip station and then reimporting on the sealed computer.
Then again, I suppose in that case you could have malware that detects what system it's on and decides not to activate on the dip station :)
I presume that this sheep dip station is maintained and updated, from time to time. However, that would be done using controlled, vetted media. And, if something goes wrong there, it has to been in the nature of something that will cause the masking of problems existing on the written/finalized media that the sheep dip station is in turn vetting. (Unless it's something that can "un-finalize" the vetting media and further write to it.)
Or is the sheep dip station periodically connected while it is itself maintained/updated? That I could see presenting problems.
In any event, I read this to mean in particular that the sheep dip station is not networked with the air gapped system.
Accompanying the article is a stock picture of an olive Olivetti Lettera 32. It's got its cover missing, poor thing, and it appears to have had a photoshop job to remove the label at the front. It looks like this is an Italian QZERTY version, which makes sense because the olive green is rare with other keyboard layouts. Millions were sold. They're nice machines - I have one with a cursive font that gives me a headache from the hammering noise whenever I use it.
I have an Olivetti... Studio, IIRC, that you can pry from my cold hands. Lovely machine.
It had a sister; unfortunately, we recently lost her to a flood. I would have preferred a rescue/rehabilitation, but it wasn't my call -- and, past a point, there's only so much you can hang onto.
Kind of negating my original point... But, that's nostalgia.
I don't want to live on one, but a good typewriter is a bit of a monument that deserves continuing respect. And sometimes, the quality of the engineering -- and design -- is timeless.
Somehow I felt like network/usb disabled computers and typewriters would have sudden spike in sales. How long that will remain is the question unless there's an ink reservoir feed system for the print head (cause everyone hates ribbons).
Now there's a Kickstarter project waiting to happen!
A friend of mine worked for defence research center. He had two computers on the table, one with Internet access and one for intranet access. The intranet was a completely independent network with separate cable wiring. Even cables have different color.
I mindly remember that was based on some NATO requirements.
I'm browsing from my separate internet-enabled machine right now. I'm not working in defense, but just a place that has secrets to keep. If you ask me, I'd say that is true for almost every organization, because most organizations have computer files on original research, sensitive sales-related or private information.
> Unlike printers, every typewriter had its own individual typing pattern which made it possible to link every document to a particular machine
Many printers have this capability. Researchers cracked and published one of the codes way back in 2005 [1] [2]. Whether the manufacturers would provide the coding scheme to Russian intelligence services is another question.
34 comments
[ 1.8 ms ] story [ 66.3 ms ] threadCertainly, the architecture must be ranges of magnitude simpler, compared to modern desktop computers, but still you won't know what's really implemented inside the CPU die disassembling the device and reverse-engineering all significant chips using scanning electron microscope.
But an agency source told Russia's Izvestiya newspaper the aim was to prevent leaks from computer hardware."
So someone already leaked they are trying to stop leaks. Very "Yes Minister"
Typically the sheep dip station has AV and some other antimalware tools, but depending on what you're trying to do you might have a dedicated sheep dip person that manually checks the content of what you're importing/exporting (particularly for sensitive IP in large engineering and research organisations). When this happens, it usually takes weeks to get anything approved for import/export.
Then again, I suppose in that case you could have malware that detects what system it's on and decides not to activate on the dip station :)
> unconnected system
I understood this to be a literal description.
I presume that this sheep dip station is maintained and updated, from time to time. However, that would be done using controlled, vetted media. And, if something goes wrong there, it has to been in the nature of something that will cause the masking of problems existing on the written/finalized media that the sheep dip station is in turn vetting. (Unless it's something that can "un-finalize" the vetting media and further write to it.)
Or is the sheep dip station periodically connected while it is itself maintained/updated? That I could see presenting problems.
In any event, I read this to mean in particular that the sheep dip station is not networked with the air gapped system.
It had a sister; unfortunately, we recently lost her to a flood. I would have preferred a rescue/rehabilitation, but it wasn't my call -- and, past a point, there's only so much you can hang onto.
Kind of negating my original point... But, that's nostalgia.
I don't want to live on one, but a good typewriter is a bit of a monument that deserves continuing respect. And sometimes, the quality of the engineering -- and design -- is timeless.
Their Venice showroom is a museum now: http://www.negoziolivetti.it/photogallery-0
Now there's a Kickstarter project waiting to happen!
Edit: Just found a very old model that had an ink roller system. http://machinesoflovinggrace.com/ptf/Sun.html (First one, Sun Standard No.2 )
Surely, some industrious person(s) can come up with a more elegant way to do away with ribbons.
I mindly remember that was based on some NATO requirements.
Many printers have this capability. Researchers cracked and published one of the codes way back in 2005 [1] [2]. Whether the manufacturers would provide the coding scheme to Russian intelligence services is another question.
[1] https://www.eff.org/issues/printers
[2] http://en.wikipedia.org/wiki/Printer_steganography