The Numbers Station Message ("Mein Fraulein" from Craigslist)

Factual Questions
1

Has anyone else heard about this message? Someone left it (anonymously, natch) on Craigslist - the poster asked “Mein Fraulein” to call a number, which played a recorded numbers-station-esque message.

You can read its backstory here. The message reads:



Group 415 Group 415
01305 60510 12079 04606 50100
930**00** 08203 90130 94069 01207
8**10**80 17028 01706 90220 73038
01401 70150 15073 00402 00680
12013 12510 00540 04091 01401
30150 86022 09608 10660 02082
05507 00020 **00000** 02208 30290
08022 01200 40710 13065 02709
40190 29014 02200 80020 11083
07300 30260 190**00** 00700 **00000**
86 86

I just got a copy of David Kahn’s The Codebreakers and thought I might apply some of what I’d read to cracking this. I did not hold out much hope, but then I made one teeny tiny piece of progress: I noted that the numbers, though separated into the canonical groups of five, are really two-digit numbers broken by single zeros with a few exceptions (bolded above).

The one exception (“10”) I believe to be a transposition error, and the long strings of zeros can either be “00” standing for something, or “00000” standing for a break or punctuation or an otherwise special character. If my guesses are correct, the refined message reads:


13 56 51 12 79 46 65 10 93 00
82 39 13 94 69 12 78 18 17 28 17
69 22 73 38 14 17 15 15 73 04 20
68 12 13 12 51 **XX** 54 04 91 14 13
15 86 22 96 81 66 02 82 55 70 02
**XX** 22 83 29 08 22 12 12 04 71 13
65 27 94 19 29 14 22 08 02 11 83
73 03 26 19 07 **86 86**

I think the last “86” pair is a signature or an end-block of some sort, since it appears without blocking zeroes in the ciphertext. That leaves 44 unique digraphs with several of the teens repeated 3, 5, and even 6 times. Translating them to mod 26 yields 21 digraphs with a frequency that doesn’t appear to lead to a solution (and would someone really go to all this trouble for a monalphabetic substitution cypher?). Also, I’m not sure what to make of the breaks (“XX” above) which divide the message into three blocks with lengths 37, 16, and 26 respectively (perhaps the fraulein’s dimensions? Egad!). Anyway, I was hoping some cryptologically savvy Dopers had heard of this, tried to crack it, and perhaps wanted to put heads together with me to solve the riddle. If there’s a key, I’m thinking it’s probably “FRAULEIN” or “MEIN FRAULEIN” since those words really stand out in the message’s presentation.

Mods, if you think this is Mundane, Pointless, Societal, Humble, or BBQ, feel free to reclassify it as such. I realize this could be considered a “game” post, but I’m also confident that there’s a factual answer to the question of “what does the message say?”

2

At a guess, I’d say that 00 is a symbol just like any other 2-digit symbol in the message, so 00 0 00 is just that symbol repeated twice with the standard single-zero separator between them. And there seem to be enough symbols to allow for capital and lowercase letters, numerals, and punctuation (remember that not all allowed symbols are likely to show up in any given message, since you have rare letters like Q, X, and Z), so cutting it down via mod26 probably isn’t the right route.

3

Well, if it’s ASCII, it translates like this:


[CR ] 8    3   [FF ] O    .    A   [LF ] ]   [NUL]
 R    '   [CR ] ^    E   [FF ] N   [DC2][DC1][FS ][DC1]
 E   [SYN] I    &   [SO ][DC1][SI ][SI ] I   [EOT][DC4]
 D   [FF ][CR ][FF ] 3   [NUL] 6   [EOT] [   [SO ][CR ]
[SI ] V   [SYN] `    Q    B   [STX] R    7    F   [STX]
[NUL][SYN] S   [GS ][BS ][SYN][FF ][FF ][EOT] G   [CR ]
 A   [ESC] ^   [DC3][GS ][SO ][SYN][BS ][STX][VT ] S   
 I   [ETX][SUB][DC3][BEL] V    V

If you try to respect some of those control characters you get something different - could be a pattern in there, but I’m not researching all the esoteric characters, nor am I emulating the proper terminal, I bet:



83
  O.A
]
^E
  N
EI&I
D

36[
V`QBR7F
S

G
A
S

I(*ding*)VV

Note that if it is ASCII, then the transposed 10 might be part of the language - 108 = l (little ell). That changes that [DC2] to an ell, and the final printed output might look more like this:



83
  O.A
]
^E
  Nl
EI&I
D

36[
V`QBR7F
S

G
A
S

I(*ding*)VV
4

Another one just got linked on Slashdot. Assuming the same type of code (but not necessarily the same key) we have an original cypertext of:



Group 617
06107 80020 21085 00601 30690
06079 01201 50240 07006 01601
70690 95000 01702 40050 14024
00908 70220 67089 07401 00820
10086 07801 30240 04016 02707
30130 15006 09306 9**112**0 20084
00000 00210 03070 03107 60490
65023 02706 70000 07016 01201
7

and a revised ciphertext (incorporating Chronos’ sensible double-ought concept) of



61 78 02  21 85 06 13 69 06
79 12 15  24 07 06 16 17 69
95 00 17  24 05 14 24 09 87
22 67 89  74 10 82 10 86 78
13 24 04  16 27 73 13 15 06 
93 69 **112** 20 84 00 00 21 03
70 31 76 49 65 23 27 67 00 07 16
12 17

And this time, there’s a 3-digit number again - pointing out that these are trigraphs for the most part, that just happen to have leading zeroes. This implies, to me, that the author knew that 3-digit numbers were a possibility (and the maximum length) and that each other two-digit number is padded with a zero. This is the only way to divide it that seems to make sense to me, and it implies that the “transposition error” I identified above is really a “108” and not an error. :smack: I should know better than to assume an error on the part of someone willing to go to all this trouble.

It’s late, and this story just broke on Slashdot, so I’ll bang on it some more tomorrow. Holler if you think of something!

5

On reading more of the backstory, I think that the idea that “MEIN FRAULINE” is a key is almost certainly wrong. If this message is meant as any sort of communication to an individual, it’d have to be a recognition trigger: Whomever was intended to receive the message knew to scan the personal ads for one addressed to “Mein frauline” (how else would e know which of the many phone numbers on the classified page to call?). If there is a specific intended recipient for the message, and that recipient has advance knowledge to look for a particular trigger, then that recipient probably also already knows the key, if any, and the key could be anything (not necessarily human-memorable).

The biggest question I have is why this message was transmitted at all. Were it a few decades earlier, I could well accept that this might be some sort of clandestine communication, whether by national spies or corporate groups. But in the modern era, it seems to me that there are much easier and more secure ways to transmit data: Encrypt it using a secure public-private key encryption scheme like PGP, then e-mail it. Or if anonymity of the recipient is desired, put it directly on a publicly-viewable webpage. If anonymity of the sender is desired, use steganography techniques to embed it in, say, an image, and post it to a Geocities-hosted website. That way, it’d be much harder for anyone to stumble upon it accidentally, and even if they did, it’d be much harder to trace: The method used here required payment to both Craiglist and the VoIP company, leaving a financial trail which could be followed, but Geocities is free.

The only other possibility I can think of is that this is posted as a sort of game, a challenge to would-be cryptographers on the Internet to try to decode it. But the starter of such a game could hardly count on anyone calling the phone number and asking about it online, so the person who first noted it would almost certainly have to be in on it, if not the instigator emself. So that might be a more productive line of enquiry.

6

I thought I would bump this, since I just came across the topic of the mein fraulein codes, and I was wondering if there was some connection to something I’ve noticed on craigslist: long strings of 5 letter groups like this:
owpre yxudc nyknl rtalm qvthp yjspk aefeg zvzov ucefb ovskb cmadk pzgat gsrfw exzma fclkv

My first thought (since I’ve seen these more in the “adult sections”[I m no looking, they are just funny to read]) was that this is some way for prostitutes to solicit clients, but all of my googling for some “craigslist code” and other such terms elicits no related results (just MEIN FRAULEIN stuff).

7

Since it hasn’t been mentioned yet, a link to Project Evil may be in order.

8

Come to think of it, Chronos are you the Chronos mentioned here?

Wow, am I an idiot. It is a quote from this thread. :smack:

9

Numbers stations are still very commonly used today to transmit coded messages. There’s no need for it to be “more secure” because it’s already a perfectly secure way to send a message. Nobody knows it’s sender, or it’s recipient, and it’s impossible for anyone other than them to decode it because only they have the one-time pad used to decode them.

I’ve listened to several live numbers station broadcasts this year. There’s one believed to be from Israel that’s on almost constantly, with several different broadcasts on different frequencies at the same time.

There probably are other ways that coded messages are sent, but numbers stations most certainly still in use.

10

The problem with the message described in the OP is that it is not a number station. It’s a classified ad involving a phone number. Phone numbers can be tracked back to an entity who either sent the message or is associated with the message sender. There may also be records of who called, leading to the possibility of identifying the recipient of the messasge. It would have been more understandable for a clandestine agency to broadcast the message over the radio than to have the recipient call a phone number.

11

But “Mein Fraulein” isn’t a “real” secret message anyway, it was all an elaborate prank (see the Project Evil link).

12

I thought your post above sounded like it was talking about radio messages - not phone messages.

13

Sorry, I misunderstood what Chronos was talking about, I didn’t realize he was just talking about sending a message over the phone.

14

Pretty sure these are random strings to defeat anti-spam efforts.

15

Placed there by the user or by CL?

16

By the “user”, who made the post programatically.

17

Almost. It’s impossible to determine the recipient (beyond possibly narrowing it down to a very large radius), and it’s impossible to crack a properly-used one-time pad. But a radio station still needs a transmitter, and someone with enough resources to bring to bear on the problem could track down the location of that transmitter, which would likely lead to other clues to find the sender’s identity.

As for the bit from Project Evil, while that’s clearly a quote from this thread (aside from the substitution of “himself” for “emself”), I’d like to make it clear that I myself have no connection with these Project Evil folks. I’d also like to point out that this board isn’t easily searchable for non-members (threads don’t show up on Google unless they’re linked to from elsewhere, for instance), so either the Project Evil folks put a heck of a lot of effort into finding discussions about this thing, or they were already familiar with the Straight Dope, and possibly willing to pony over the money to be able to search (if they weren’t already members).

18

The reason you use number stations or pencil and paper one-time-pads instead of PGP and such can be threefold:

  1. Whomever you’re communicating with is an idiot or a group of idiots and there’s a lot less fuck ups that can be done with a pencil and paper OTP then with establishing proper communication channels over the Internet or using special equipment. The sheer amount of resources that you have to pour into making something that’s guaranteed to work pretty much guarantees it’s going to be behind the technological times.

Not everybody who uses cryptography is qualified to do so. Often times you have to settle. 007 doesn’t exist, or if something like him does, there’s not that many of them. On average you are guaranteed some mistakes by anybody involved. A lot of pretty fool-proof OTP methods are secure if anybody with the intelligence of a chimp or above follows a short routine, probably involving burning all the paper afterwards. Blowing up laptops every time you send a message will get expensive.

  1. Whomever you’re communication with is in touch with you only through this channel and it was established a really long time ago. Transmitting “Get yourself a laptop, install PGP and here’s my public key. Generate a key, code the public key, post it here online. Then check back there online.” could work but that’s fucking too many points of failure.

  2. It works. Changing things introduces a chance it won’t. Especially if communicating with multiple people who cannot communicate with each other, how are you going to tell them to switch methods and send you public keys without risking everything?

19

All they would need is a direction-finder, a car (assuming they are in the same country as the transmitter) and a knowledge of basic trig.

20

How exactly do you track down short wave transmissions? If I remember correctly, knowing basic trig and triangulating is going to pinpoint it for you within a few hundred miles.