|Operational detail pages
|E06, S06, M14, F01, F06
|E17, G06, V06, V23
Although this operator is not identified, it is believed to be a Russian intelligence agency with big resources, who can support development and operation of many modes and schedules transmitting from several sites across Russia and beyond, including operations based in Moscow, the Russian Far East, and Cuba.
Voice stations of this operator support a wide choice of language:
Of these, only E06 and S06 are currently in regular use. V06 was retired from regular operation in 2000, and G06 in 2021 - as for V23, it was never used on a regular schedule; but they have all still kept appearing on the air in test transmissions through the years, as late as 2020 and 2021.
This operator also supports several speeds for its morse station M14, high-speed versions of which are sometimes referred to as M24.
Finally, it runs widespread regularly scheduled operations of several high-speed, advanced digital modes supporting redundant integrity features and versatile modular encapsulation layers, among which at least F01 and F06 are identified and understood.
The 5-figure-group messages carried by the digital modes share the same metadata header as the presumed Russian diplomatic transmissions known under M42, formerly operated by FAPSI. Links or infrastructure sharing between these agencies seem possible.
There are numerous characteristics and pieces of evidence that bind together these stations as run by a same single operator.
- Analog stations (voice and morse) follow the same identical format.
- The 00000 outro is a characteristic format feature unique to this operator. It is present in the analog format, and also most deliberately in the digital F01, which uses a dedicated padding character but still includes one 00000 outro group. It is also present in F06, which uses 0-digit padding but always includes at least a whole five-0 group as outro, and counts four 00000 5-figure groups in null messages.
- Postambles repeating metadata already given in the preamble are another feature which, among currently active stations only this time, is particular to this operator. The analog format has a preamble and a postamble that are identical and contain a number unique to the message transmitted, followed by the group count. Digital formats similarly feature a 5-group metadata header and a postamble repeating the serial number of the message transmitted, followed by the group count.
- This operator exhibits a variant following a special format, known as E06a and S06b for analog stations, and also observed in F01 and F06 transmissions.
Scheduling and operating habits
- The analog stations follow the common habit of sending a repeat transmission on a different frequency one hour after the initial transmission. Digital stations follow the common habit of sending two repeat transmissions on different frequencies, spaced by 10 minutes, after the initial transmission.
- Transmissions that send traffic, i.e. not a null message, are repeated on the next day at the same times on the same frequencies. This is a characteristic scheduling feature unique to this operator.
- Digital stations share the operational characteristic of repeating the message contents in an automated loop for approximately 7 minutes. This is in contrast to some Russian diplomatic transmissions (M42) that share format similarities with this numbers station operator, but however do not exhibit this automated looping behavior.
- During some tests of this operator, the different voice stations appear successively on the same frequency during the same transmission, sending similar test contents.
- Similarly, digital stations share test frequencies.
- On December 5th, 2017, transmissions took place on the test frequency 8140 kHz: two test messages of S06 ID 975 were repeated several times throughout the day, and among them, one F01 null message was also transmitted. S06 voice was transmitted in J3E mode without a carrier, but when it wasn't transmitting, a carrier regularly appeared, alternating between centered on 8140 kHz, and shifted down 250 Hz ready to transmit F01.
- Every weekday, a group of stations transmit over the Pacific area, each transmission at the top of a successive hour. This peculiar Pacific weekdays network groups together stations F01, F06, S06 and M14.
- The seasonal, weekend S06 ID 480 schedule from Orenburg was converted to E06 when it reactivated in December 2022 for its 2023 season.
- E06 ID 832 occasionally appeared as an analog replacement on the schedule of F06 ID 50046, and transmitted in place of it, exhibiting the non-OTP message features specific to this schedule.
- Conversely, E06 ID 537 has been replaced by F01 transmissions at least once.
- Two sporadic transmission schedules have also seemingly seen similar replacements: F06 ID 90017 by S06 ID 348, and F01 1945z by E06 ID 734.
- M14 ID 381 and F06 ID 20021 shared the same weekly schedule, using the same times and frequencies: M14 would send on weeks 1 and 3, and F06 would send on weeks 2 and 4. This schedule was very active with both stations sending messages, although no correlation could be established between the traffic patterns and message contents of the two stations. However at some point, both stations of this schedule simultaneously stopped sending any traffic, and then sent only null messages during months on; then in September 2015, both stations simultaneously stopped transmitting at all, effectively ending this shared schedule.
- On June 1st, 2016, during a scheduled broadcast of F06 ID 90073, an F01 null message was mistakenly transmitted on the first two slots, before correctly sending an F06 null message on the third slot.
- In his Radio Intrigue report #63, Don Schimmel relates an incident where an M14 null message was mistakenly transmitted instead of an M42 transmission. However this is not entirely conclusive, as M42 also includes presumed diplomatic transmissions that are linked to this operator but are not believed to be directly included in its numbers station activities; and the particular details of the M42 transmission in this incident are not identified.
- On July 20th, 2017, a regular scheduled transmission of G06 ID 329 sent a null message using the E06 voice instead. Conversely, on April 18th, 2019, a regular scheduled fake message E06 transmission was sent using the G06 voice. (Both transmissions ended with a leaked Windows XP shutdown sound.)
- On October 17th, 2014, an S06 transmission simultaneously sending on a different frequency was leaked through the audio of a regular G06 transmission.
- On March 13th, 2018, a sporadic E06 ID 729 transmission simultaneously sending on a different frequency was leaked through the audio of a scheduled S06 ID 480 transmission.
Much of this operator's activity goes through its advanced digital modes, F06 and F01. The broadcasts are made from transmission facilities near Moscow, Smolensk (retired from regular operations in 2021), Orenburg, Chita, Khabarovsk and Havana, Cuba. Scheduled activity has been decreasing since the mid 2010s, affecting all modes.
The prime option for encryption would be one-time pads, and it seems reasonable to think that it would be used on most schedules. However, some of the schedules of digital stations F01 and F06 share a set of features that point to something incompatible with one-time pads.
- In affected schedules, the encrypted part of the messages starts with a triple timestamp header, which is encrypted with a key that gets reused year long, message after message within the schedule, and produces visibly similar and even identical groups across different messages. For example, the 4th, 8th and 12th groups will almost always remain constant. This is the clearest sign that at least this part of the messages does not use one-time pads.
- According to information sourced by Numbers & Oddities, one of the metadata header fields is a one-time pad parameter that would point to a resource unique to a given recipient. In affected schedules, a recurring well-known bogus value (36987), or other anagrammed bogus-looking values, sometimes appear in this field.
- In the protocol of the F01 mode, the metadata header, which contains the one-time pad parameter, holds an optional place, and can be featured or not depending on the schedule. Although data is lacking to conclusively confirm this, it can be theorized that this optional header is always absent in affected schedules, because the one-time pad parameter value it carries is bogus and unnecessary.
- In affected schedules, messages always have even group counts.
This operator has several known frequencies on which it runs test, training, drill transmissions... Analog formats use 6792, 7353, 8140, 9073, 9300, 9463, 10270, 10755, 11073, 13530, and 19460 kHz, and use a number of known test IDs: 352 (11073 kHz), 801 (7353, 9300, 9463 kHz), 910 (6792 kHz) and 975 (8140, 10755 kHz). Digital formats use 6780, 7992, 8140, 9300, and 13530 kHz.
Operations and their quality are highly variable depending on which facility is responsible for them. Various sites have recognizable, characteristic transmitter signatures, such as noise and modulation properties.
The Smolensk site - which included regular G06 schedules and G06, E06 and M14 schedules sending fake messages - featured many visible quirks. Unlike with other sites, its schedules were operated in a partially manual way: they used a different warmup procedure and started transmissions a few minutes off the schedule; and M14 transmissions used MCW modulation instead of ICW. Transmissions from Smolensk were also particularly prone to errors, and regularly leaked Windows XP shutdown sounds at the end of the last broadcast of the day, and sometimes other Windows XP system sounds as well. Occasionally, they would transmit using voice samples in the wrong language.
The Khabarovsk site, operating a weekday network over the Pacific, also shows very poor operations, prone to frequent mistakes and failures, described on that network's own page. Its S06 transmissions use a faster pace than normal, and either H3E or J3E USB modulation.
Although it is not a common occurrence for it, the Moscow site leaked Windows XP system sounds too in 2022 still, suggesting it's been operating this setup as well and still.