Exploring Espionage: The IBM Selectrix
We live in an age of information, and as such, we have the world at our fingertips. The evolution of the smartphone has meant that knowledge on pretty much any niche or obscure topics is more often than not easily available. However, this wasn’t always the case, and part of the reason for exploring some of these historical incidents is to highlight just how much things have changed over the years.
Most people would have heard of the saying “information is power”, and nowhere is this more true than in the world of espionage and spycraft. It’s not uncommon to look at an incident as a singular event at a single point in time, however, in the world of covert operations, things are usually more interlinked than they may first seem.
As such, as things become declassified and more commonly known, we get to read about more modern spy operations and the creativity that went into making them all work.
In today’s article, we’ll be exploring that one time that the USSR was able to compromise the IBM Selectrix typewriter for data exfiltration successfully.
The Background
While the concept of the Embassy has legitimate purposes for tourism and diplomatic purposes, there’s plenty of utility that an embassy brings to the world of covert operations as well. Not only would they provide embassy staff with diplomatic immunity, but in a lot of instances, they’d provide favourable locations for espionage purposes in many locations too.
On more than one occasion, stray antennas and signals intelligence equipment would operate out of embassies, and we talked in previous articles about how an embassy listening station would eventually uncover the listening device known as the thing.
So, as the Cold War heated up and all sides would battle for an edge, the humble embassy would be a key battleground in many of these silent battles. Successfully compromising an embassy via either its staff or its hardware would provide a rich stream of data that could provide critical intelligence during times of tension.
As technology would evolve, so would counter-surveillance methods, leading to new equipment that would help detect traditional, audio-based surveillance measures far more easily. As such, covert operations teams on both sides would explore new and ever-more ingenious ways to gain access to intelligence sources. While Human Intelligence (HUMINT) sources would be a key part of this, so would new and unconventional methods of technical (electronic) surveillance. The stage would be set for the spy war to kick into overdrive. 
The US embassy in Moscow would be the key player in the incident. Here is its more modern replacement. Source: Wikipedia.
The Operation
If you’re planning an intelligence operation against an adversary, their capital city would be a pretty good place to start, and as such, embassies in both Moscow and Washington would be intensely targeted. While this sounds pretty straightforward, it’s worth looking at how different things were at the time to help understand why this would be such a big deal.
While threat models were generally well modelled by this point, the way we handled sensitive, complex information made it far more vulnerable to compromise because of how it was forwarded and processed.
The early makings of the internet would be around at this stage, but for the most part, the typewriter and diplomatic cable would be king, meaning that sensitive information would go through specific pipelines as information was passed back and forth. It was these processes that the operation aimed to target.
While the USSR couldn’t compromise every American embassy, it stood a very real chance of compromising at least a few, provided the equipment to do so could be produced. 
The old US embassy would eventually be replaced due to persistent and ongoing surveillance attempts. Source: Wikipedia.
Here, standardisation would be the end target. With the American embassies using the same equipment in each embassy for the purposes of convenience and serviceability, it would provide a unique opportunity to carry out a supply chain attack.
The Plan
When it was released, the IBM Selectric was considered to be cutting-edge technology for word processing. A simple, yet reliable design, the Selectric differed significantly from its peers thanks to the proprietary “typeball” system. While conventional typewriters would use an arm for each letter or symbol, the typeball would rotate according to the keypress. This would provide a unique system, however, it’s this system that was open to compromise.
Unbeknownst to the designers, the typeball would provide a unique electrical signature for each individual position that the ball could assume during normal operation. It was this signature that Soviet spies would aim to intercept, and the way in which they would do so would be as ingenious as it was creative.
A simple, parasitic sensor would be added to the design. It would use magnetometers to detect keystrokes before sending the data off-site via radio to nearby KGB agents. The parasitic nature of the sensor meant that it could be powered by the typewriter's own onboard power, while the simple design meant that the sensor could be discreetly refitted to systems as they were sent out for servicing or repair.
If you’ve spent any time in the world of modern cybersecurity, you’ll understand just how devastating some physical access attacks can potentially be. The fact that the devices would operate for years before being detected helps to corroborate this.
Eventual Detection
Even the best spy programs face the same problems as the terrible ones in that once you have information, you typically have to act on it, and as such, even a textbook operation comes with a very real risk of compromise.
The Selectric operation would be no different, and it was observed over a period of time that the Soviets would often have unique and advanced warning of operations right at the time that they needed it. While the Americans weren’t exactly sure where the leak was coming from, it had been determined to be linked to the Moscow embassy, and as such, measures were being implemented behind the scenes in an attempt to mitigate this.
In 1984, more than six years after the first bugs were placed, planning would begin for Operation Gunman. As part of the operation, all electrical equipment in the embassy would be shipped back for covert analysis in an attempt to identify covert surveillance devices. This would include the compromised Selectric systems.
At the start of the article, we mentioned the useful functions an embassy could provide to the world of espionage, and one of these functions would also be exploited to ensure the operation’s success. Using diplomatic parcels, the hardware would be shipped back without tipping off the Soviets.
In a final twist, analysis of the device would reveal that its design would leverage the USSR’s strong television transmitter signals to mask the weaker signals of the listening device. 
The KGB would eventually be determined to be responsible for the operation. Source: Wikipedia.
Modern Legacy
The concept of a Typewriter sounds entirely irrelevant in today's world, but the reality is that Gunman has left a unique legacy on the world of intelligence that remains relevant, even today.
The agents that would operate as part of the Operation Gunman team would uncover the world's first keylogger used in state-backed espionage activities and validate the theory that long-term penetration of American embassies was indeed possible.
The political circumstances at the time would mean that this would be unacceptable, and as such, a new standard would be developed that would help to safeguard confidentiality while operating in high-risk areas like Moscow.
This would eventually result in the new TEMPEST standards. As part of this, the electromagnetic environment would be assessed on a location-by-location basis, while a new, US-controlled supply chain for embassies would be implemented. This would help to ensure that hardware used by the United States would remain in-house at every part of the process, helping to include overall security.
While security breaches can be devastating, they provide new opportunities to strengthen and improve existing policies.
If you found this article insightful, informative, or entertaining, we kindly encourage you to show your support. Clapping for this article not only lets the author know that their work is appreciated but also helps boost its visibility to others who might benefit from it.
🌟 Enjoyed this article? Join the community! 🌟
📢 Join our OSINT Telegram channel for exclusive updates or
📢 Follow our crypto Telegram for the latest giveaways
🐦 Follow us on Twitter and
🟦 We’re now on Bluesky!
🔗 Articles we think you’ll like:
- What The Tech?! Space Shuttles
- Shodan: A Map of the Internet
✉️ Want more content like this? Sign up for email updates
