Weird Craigslist Postings

in Jobs:

The line forms here, ladies!

If a lady can make a buck teaching a guy a few things, I don’t see the harm in that. Unless he into some kind of Silence of the Lambs shit.

Nah… now these were weird.

I removed the #'s, even though they’re dead now. If you called the numbers you heard a short clip of music followed by about 6 minutes of numbers being read. Here’s the discussion about them. http://www.homelandstupidity.us/2006/06/16/cryptanalysis-of-phone-numbers-stations/

Now that’s some weird shit.

Those number stations are on the phone now? Very strange. Are they still on shortwave? I haven’t listeded to SW in years.

Make that listened.

That certainly seemed to be a common theory kicked around the blogs when this was all newer, and it seems to be plausible.

Except…

Except there are easier ways to run a ‘numbers station’ online. Any spam run that uses blocks of nonsense text to evade filters could just as easily use blocks on nonsense text to hide arbitrary messages, and any random block of email addresses that get spammed could just as easily be a random block that includes a handful of addresses belonging to the real intended recipients.

Anyone can obtain a freebie email account on Yahoo that will likely be subject to a dictionary spam even if it never sends a single email and is never entered into a single form, and it is also pretty easy to send spam anonymously via one of the spamhauses in South Korea or Taiwan. For added realism, you could even hype a business that spams on its own.

Nobody can afford to spend much time looking for secret messages in the spam that constantly floods the Internet. Not even the NSA has that much muscle at its disposal. It isn’t even looking for needles in a haystack: It’s looking for patterns in the torrential rain that may or may not even exist. (The rain certainly exists, the patterns might not.)

This is probably a few crypto geeks having some fun. It is appealingly Sherlock Holmesian. Replace Craigslist with the London Times’ classified section, the phone numbers with specific positions in a large Underground station, and the numbers with cryptic markings on preselected columns. The game’s afoot!

The only advantage to posting on a board is that there is no login tracking of the receiver.

Let’s say the NSA finds out the email name of the recipient…they can then lookup the IPs used to access the email account and get a location. They will never be able to track the receiver if the message is sent out in public though.

ah I see you suggested spamming many email addresses…I still think the receiver would rather NOT have to log in to anything to view the messages.

One other thing–instead of using a key to create these, what if a one time pad is being used, and the key to which sheet to use is the area code?

It’s easy enough to only access the account via an anonymous Internet terminal at a public library. No traces unless they’re watching you so closely you’re already pretty well screwed.

A one-time pad is nothing but a very large key, and it’s a very large key that can only be used once and never reused. That is enough to discourage the use of one-time pads in the vast majority of real-world situations. (One of the warning signs that a company is selling very bad crypto software is that they mention ‘one-time pads’. Nobody buying crypto software is coming anywhere near a one-time pad, and vice-versa.) Indeed, it really buys you nothing in this case that I can possibly imagine: The normal 1024-bit encryption used by banks and so forth would likely be overkill if the message is already concealed in what looks like random spam.

This was posted on New York Craig’s List yesterday:

Looking for owners who want to marry their dog
Reply to:
Date: 2006-06-18, 12:47PM EDT

We are looking for dog owners who would like to have their dog get married in a actual dog wedding. Please email us with your contact info, a picture of your dog and his/her mates info if already chosen.