From: James M. Atkinson, Comm-Eng Date: Thu Jan 11, 2001 5:59pm Subject: Re: A Public Thank You Bob (and other list members), All to often TSCM'ers tend to be isolated, and even between government TSCM'ers there was/is little or no communications between them outside of their own agency (sad, but true). The list was founded to help facilitate communications between TSCM people who tend to be scattered all over the world. So long as the subject related to TSCM, TSCM related news, TSCM equipment, the occasional quip of humor, and related information it is OK to post it to the list. If you have questions about doing business with a TSCM firm, or a firm selling/buying TSCM gear such queries are also OK for the list. Of course classified information needs to be kept off the list, but in reality only a very, very tiny portion or sliver of TSCM actually involves even remotely classified materials. -jma At 6:18 PM -0500 1/11/01, 1RCM wrote: >Hi List, > >Last week I posted with a request to be contacted off-list by any list >member in the Boise, Idaho area. To make a long story short, I had stumbled >across a very good deal on a piece of TSCM test equipment but I was very >hesitant to send the asking price for something unseen to someone unknown. I >was contacted back by list member Mike Arnell. Mike was of great assistance >in allowing me to close the deal in a manner that I felt quite comfortable >with. And for that I would like to thank him very much. > >I chose to thank Mike publicly on the list as well as privately off-list for >a reason. This list, like most others, sees its periods of negativity >spawned by arguments, disgruntled posters, mis-information, etc., etc. But >it also sees more than its fair share of that which I assume that it was >originally founded for: the sharing of TSCM-related information, thoughts >and ideas. I have no idea whether or not when the list was founded the >moderator envisioned its usage for 'blind' business contacts or the >requesting of 'professional favors'. But I for one found it very beneficial >for just that purpose. And so, as long as the moderator does not disapprove, >I would not hesitate to recommend to any list member that if he/she has a >problem, concern or issue that another list member in a specific area might >be able to help with - then simply put out the feeler. Of course remember to >request the return contact and conduct your business off-list, but don't >hesitate to give that first 'call for help' via a posting on the list a try! > >Bob Motzer -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2283 From: James M. Atkinson, Comm-Eng Date: Thu Jan 11, 2001 6:06pm Subject: Re: Fw: ARROGRANCE [ships passing in the night] At 1:27 PM -0500 1/11/01, MACCFound@a... wrote: > In a message dated 1/11/01 8:48:38 AM Pacific Standard Time, >secdep@v... writes: > > << Transcript of an actual radio conversation which took place during > October 1995 between a USN War Ship sailing off the coast of > Newfoundland and the Canadian authorities. >> > > > Sounds like an "urban legend" to me. Actually I think it falls under the header of [humor]... it's a story i have heard dozens of times, and in dozens of variations, but it is always funny and is worthy of re-telling periodically. -jma -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2284 From: James M. Atkinson, Comm-Eng Date: Thu Jan 11, 2001 6:42pm Subject: System of Signals Emission Classification WARC-79, the World Administrative Radio Conference that rewrote many of the world's radio regulations, adopted a new system of emission classification. The traditional A (Amplitude), F (Frequency), and P (Pulse) was intuitive, but limited and clumsy when dealing with new modes. The world's radio bodies, including the FCC, gradually phased in the new system until today it completely replaces the old one. The formula for the new designations, loosely from ITU radio regulations 264 through 273, and Appendix 6, Part A, is: [BBBB]MNI[DM], where [] means optional when writing emission specs. [BBBB] = Necessary Bandwidth (shown in FCC records, but is often omitted elsewhere) Uses a letter and three numbers. The letter goes where the decimal point should be placed, and denotes a magnitude: H Hz K kHz M MHz G GHz Some common bandwidths are: 400 Hz 400H 2.4 kHz 2K40 12.5 kHz 12K5 6 MHz 6M00 M = Modulation Type N None A AM (Amplitude Modulation), double sideband, full carrier H AM, single sideband, full carrier R AM, single sideband, reduced or controlled carrier J AM, single sideband, suppressed carrier B AM, independent sidebands C AM, vestigial sideband (commonly analog TV) F Angle-modulated, straight FM G Angle-modulated, phase modulation (common; sounds like FM) D Carrier is amplitude and angle modulated P Pulse, no modulation K Pulse, amplitude modulation (PAM, PSM) L Pulse, width modulation (PWM) M Pulse, phase or position modulation (PPM) Q Pulse, carrier also angle-modulated during pulse W Pulse, two or more modes used X All cases not covered above N = Nature of modulating signal 0 None 1 Digital, on-off or quantized, no modulation 2 Digital, with modulation 3 Single analog channel 7 Two or more digital channels 8 Two or more analog channels 9 Composite, one or more digital channel, one or more analog X All cases not covered above I = Information type N None A Aural telegraphy, for people (Morse code) B Telegraphy for machine copy (RTTY, fast Morse) C Analog fax D Data, telemetry, telecommand E Telephony, voice, sound broadcasting F Video, television W Combinations of the above X All cases not covered above [DM] = additional details, not used by FCC, optional elsewhere D = Detail RTTY/modems: A Two condition code, differing numbers or durations (Morse) B Two condition code, same number and duration, no error check C Two condition code, same num & dur, error check D Four condition code, 1 or more bits per condition E Multi condition code, 1 or more bits per condition F Multi condition code, conditions may combine Audio: G Broadcast quality (mono) H Broadcast quality (stereo/multichannel) J Commercial quality K Commercial quality, analog freq inversion or band scrambling L Commercial quality, FM pilot tone (i.e. Lincomprex) Video: M Monochrome N Color W Combination X All cases not covered above M = Multiplex type N None C Code division F Frequency division T Time division W Combination of above X All other types ----------------------------------------------------------------------- Converting Between Old & New Systems ----------------------------------------------------------------------- USE OLD NEW Pure carrier A0,F0 N0N Morse telegraphy (by ear) A1 A1A Modulated CW Morse A2 A2A AM voice A3 A3E SSB, suppressed carrier A3J J3E SSB, reduced carrier A3R R3E SSB, full carrier A3H H3E Television A5 C3F RTTY (F.S.K.) F1 F1B RTTY (A.F.S.K.) F2 F2B FM voice (Narrowband) F3 F3E, 20K0F3E Packet Data/Teleprinters with Audio Sub-Carrier 20F2 20K0F2B Data with Audio Sub-carrier 3F2 3K00F2D 6F2 6K00F2D 20F2 20K0F2D Analog Voice 20F3 20K0F3E Digital Voice 20F3Y 20K0F1E Digital Facsimile without Audio Sub-Carrier 20F4 20K0F1C Digital Facsimile with Audio Sub-Carrier 20F4 20K0F2C Analog Facsimile 20F4 20K0F3C Composite of Digital & Analog Information 3F9 3K00F9W 6F9 6K00F9W 20F9 20K0F9W Packet Data/Teleprinters without Audio Sub-Carrier 20F9Y 20K0F1B Digital Data 20F9Y 20K0F1D LAND MOBILE EMISSIONS MICROWAVE EMISSIONS old new old new old new A0 N0N P0 P0N F9 F8W (If bw is less than A1 A1A P9 P0N 50 convert to F2D) A3 A3E A2J J2B F9Y F7W (If bw is less than A3J J3E A3H H3E 50 convert to F2D) A7J J8W A9J J9W F3 F3E A9 A9W P1 P1D A9Y A7W A9Y A1D F2Y F2D A5 A3F F0 N0N A0H H0N A9 A8W F1 F1B A7 A8D A5C C3F F2 F2D F7 F8D F2 F2D F3 F3E F5 F3F F3Y F1E F4 F3C F9 F9W F9Y F1D A2H H2D A2 A2D ---------------------------------------------------------------------- And here is the relevant section of FCC rules: ---------------------------------------------------------------------- From General Docket No. 80-739 Section 2.201 Emission, modulation, and transmission characteristics. The following system of designating emission, modulation, and transmission characteristics shall be employed. (a) Emissions are designated according to their classification and their necessary bandwidth. (b) A minimum of three symbols are used to describe the basic characteristics of radio waves. Emissions are classified and symbolized according to the following characteristics: (1) First symbol - type of modulation of the main carrier; (2) Second Symbol - nature of signal(s) modulating the main carrier; (3) Third symbol - type of information to be transmitted. NOTE: A fourth and fifth symbol are provided for additional information and are shown in Appendix 6, Part A of the ITU Radio Regulations. Use of the fourth and fifth symbol is optional. Therefore, the symbols may be used as described in Appendix 6, but are not required by the Commission. (c) First Symbol - types of modulation of the main carrier: (1) Emission of an unmodulated carrier N (2) Emission in which the main carrier is amplitude- modulated (including cases where sub-carriers are angle modulated): - Double-sideband A - Single-sideband, full carrier H - Single-sideband, reduced or variable level carrier R - Single-sideband, suppressed carrier J - Independent sidebands B - Vestigial sideband C (3) Emission in which the main carrier is angle-modulated: - Frequency modulation F - Phase modulation G NOTE: Whenever frequency modulation "F" is indicated, Phase modulation "G" is also acceptable. (4) Emission in which the main carrier is amplitude and angle-modulated either simultaneously or in a pre- established sequence D (5) Emission of pulses:* - Sequence of unmodulated pulses P - A sequence of pulses: - Modulated in amplitude K - Modulated in width/duration L - Modulated in position/phase M - In which the carrier is angle-modulated during the period of the pulse Q - Which is a combination of the foregoing or is produced by other means V (6) Cases not covered above, in which an emission consists of the main carrier modulated, either simultaneously or in a pre-established sequence, a combination of two or more of the following modes: amplitude, angle, pulse W (7) Cases not otherwise covered X *Emissions where the main carrier is directly modulated by a signal which has been coded into quantizied form (e.g., pulse code modulation) should be designated under (2) or (3). (d) Second Symbol- nature of signal(s) modulating the main carrier: (1) No modulating signal 0 (2) A single channel containing quantized or digital information without the use of a modulating sub- carrier, excluding time-division multiplex 1 (3) A single channel containing quantized or digital information with the use of a modulating sub-carrier, excluding time-division multiplex 2 (4) A single channel containing analogue information 3 (5) Two or more channels containing quantized or digital information 7 (6) Two or more channels containing analogue information 8 (7) Composite system with one or more channels containing quantized or digital information, to-gether with one or more channels containing analogue information 9 (8) Cases not otherwise covered X (e) Third Symbol - type of information to be transmitted: (1) No information transmitted N (2) Telegraphy - for aural reception A (3) Telegraphy - for automatic reception B (4) Facsimile C (5) Data transmission, telemetry, telecommand D (6) Telephony (including sound broadcasting) E (7) Television (video) F (8) Combination of the above W (9) Cases not otherwise covered X (f) Type B emission: As an exception to the above principles, damped waves are symbolized in the Commission's rules and regulations as type B emission. The use of type B emissions is forbidden. (g) Whenever the full designation of an emission is necessary, the symbol for that emission, as given above, shall be preceded by the necessary bandwidth of the emission as indicated in Section 2.202 (b) (1). Section 2.202 Bandwidths. (b) Necessary bandwidths. (1) The necessary bandwidth shall be expressed by three numerals and one letter. The letter occupies the position of the decimal point and represents the unit of bandwidth. The first character shall be neither zero nor K, M or G. - -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= [Non-text portions of this message have been removed] 2285 From: Shawn Hughes Date: Fri Jan 12, 2001 9:01am Subject: damped waves? >(f) Type B emission: As an exception to the above principles, damped waves >are symbolized in the Commission's rules and regulations as type B >emission. The use of type B emissions >is forbidden. kay, what is a 'damped wave'? Why would they want to forbid it? What would one look like on a spec an? Shawn [Non-text portions of this message have been removed] 2286 From: James M. Atkinson, Comm-Eng Date: Fri Jan 12, 2001 8:33am Subject: Lamaze Class The room was full of pregnant women and their partners, and the Lamaze class was in full swing. The instructor was teaching the women how to breathe properly, along with informing the men how to give the necessary assurances at this stage of the plan. The teacher then announced, "Ladies, exercise is good for you. Walking is especially beneficial. And, gentlemen, it wouldn't hurt you to take the time to go walking with your partner!" The room got quiet. Finally, a man in the middle of the group raised his hand. "Yes?" replied the teacher. "Is it all right if she carries a golf bag while we walk?" -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2287 From: James M. Atkinson, Comm-Eng Date: Fri Jan 12, 2001 8:36am Subject: Computer Terms for Southerners Computer Terms for Southerners "Keyboard" ----- Place to hang your truck keys. "Window" ----- Place in the truck to hang your guns. "Floppy" ----- When you run out of Polygrip. "Modem" ----- How you got rid of your dandelions. "ROM" ----- Delicious when you mix it with coca cola. "Byte" ----- First word in a kiss-off phrase. "Reboot" ----- What you do when the first pair gets covered with barnyard stuff. "Network" ----- Activity meant to provide bait for your trot line. "Mouse" ----- Fuzzy, soft thing you stuff in your beer bottle in order to get a free case. "LAN" ----- To borrow as in, "Hey Bubba! LAN me yore truck." "Cursor"----- What some guys do when they are mad at their wife and/or girlfriend. "Bit" ----- A wager as in, "I bit you can't spit that watermelon seed across the porch longways." "Digital Control" ----- What yore fingers do on the TV remote. "Packet"----- What you do to a suitcase or Wal-Mart bag before a trip. "Hard drive" ----- Trying to climb a steep, muddy hill with 3 flat tires and pulling a trailer load of fertilizer. -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2288 From: James M. Atkinson, Comm-Eng Date: Fri Jan 12, 2001 8:39am Subject: Native New Yorkers What would you call it when a Native New Yorker has one arm shorter than the other? A speech impediment. -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2289 From: James M. Atkinson, Comm-Eng Date: Fri Jan 12, 2001 8:44am Subject: Assorted Tidbit of Wisdom and Such THE INTERNET ~~~~~~~~~~~~ Customer: I'm trying to connect to the Internet with your CD, but it just doesn't work. What am I doing wrong? Tech Support: OK, you've got the CD in the CD drive, right? Customer: Yeah.... Tech Support: And what sort of computer are you using? Customer: Computer? Oh no, I haven't got a computer. It's in the CD player and all I get is weird noises. Listen..... Tech Support: Aaaarrrrgggghhhh!!! THE DOCTOR'S DAUGHTER ~~~~~~~~~~~~~~~~~~~~ On the way to preschool, the doctor had left her stethoscope on the car seat, and her little girl picked it up and began playing with it. "Be still, my heart," thought the doctor, "my daughter wants to follow in my footsteps!" Then the child spoke into the instrument, "Welcome to McDonald's. May I take your order?" COMPUTER CONFUSION ~~~~~~~~~~~~~~~~~~ Don was on duty in the main computer lab on a quiet afternoon. He noticed Putty Duh sitting in front of one of the workstations with his arms crossed across his chest, staring at the screen. After about 15 minutes he noticed that Putty was still in the same position, only now he was impatiently tapping his foot. Finally, Don approached Putty and asked if he needed help. He replied, "It's about time! I pressed the F1 button over twenty minutes ago!" HAIR LOSS ~~~~~~~~~ Sabra was eating breakfast one morning and got to thinking about things. "Mommy, mommy, why has daddy got so few hairs on his head?" she asked her mother. "He thinks a lot," replied her mother, pleased with herself for coming up with a good answer to her husband's baldness. Or she was until Sabra thought for a second and asked, "So why do you have so much hair?" TRUTHS ~~~~~~ * Raising teenagers is like nailing JELLO to a tree. * There is always a lot to be thankful for if you take time to look for it. For example, I am sitting here thinking how nice it is that wrinkles don't hurt. * The best way to keep kids at home is to make the home a pleasant atmosphere and let the air out of their tires. * Car sickness is the feeling you get when the monthly car payment is due. * Families are like fudge... mostly sweet with a few nuts. * Laughing helps. It's like jogging on the inside. * My mind not only wanders, sometimes it leaves completely. * If you can remain calm, you just don't have all the facts. WHY IS IT? ~~~~~~~~~~ Why is it that if someone tells you that there are 1 billion stars in the universe you will believe them, but if they tell you that a wall has wet paint you will have to touch it to be sure? -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2290 From: Date: Fri Jan 12, 2001 6:19am Subject: warrantless searches of computers for L.E. covered here http://www.cybercrime.gov/searchmanual.htm The U.S. Department of Justice this week published new guidelines for police and prosecutors in cases involving computer crimes. The 500 KB document includes a bevy of recent court cases and covers new topics such as encryption, PDAs and secret searches. It updates a 1994 manual, which the Electronic Privacy Information Center had to file a Freedom of Information Act request to obtain. No need to take such drastic steps this time: The Justice Department has placed the report on its cybercrime.gov site. 2291 From: Talisker Date: Fri Jan 12, 2001 11:18am Subject: Virus Alert - Humour I saw this and thought I'd pass it on :o) >you have just received the "Kansas Virus" As we ain't got no programming >experience, this virus works on the honor system. Please delete all the >files from your hard drive and manually forward this virus to everyone on >your mailing list. >Thanks for y'all for cooperating, >University of Kansas Computer Engineering Dept. No offence intended to anyone from Kansas Andy http://www.networkintrusion.co.uk Talisker's Network Security Tools List ''' (0 0) ----oOO----(_)---------- | The geek shall | | Inherit the earth | -----------------oOO---- |__|__| || || ooO Ooo talisker@n... The opinions contained within this transmission are entirely my own, and do not necessarily reflect those of my employer. 2292 From: James M. Atkinson, Comm-Eng Date: Fri Jan 12, 2001 11:44am Subject: Chicago Cops' Spying Curbs Eased Chicago Cops' Spying Curbs Eased http://www.guardianunlimited.co.uk/breakingnews/US/0,3560,667737,00.html Friday January 12, 2001 4:40 am CHICAGO (AP) - Police can more easily monitor criminals after a federal appeals court on Thursday lifted restrictions imposed on the Chicago force two decades ago to stop mistreatment of Communists and other suspected subversives. Among the changes under the ruling: police will be allowed to investigate people photographed near crime scenes, keep records of suspects' gang affiliations and keep files on known associates of organized crime figures. The city's ``Red Squad,'' established in the 1920s, was designed to keep tabs on radical groups then viewed as enemies of the state. But over 50 years it also began keeping files on critics of City Hall. A 1981 agreement with the federal government required the police department to stop interfering with freedom of expression and to stop several types of intelligence-gathering. Thursday's decision leaves intact prohibitions against police harassment or retaliation against freedom of expression. The department must conduct an audit to see that it is in compliance with the decree and a federal court will continue to have oversight under the decision. But the 7th U.S. Circuit Court of Appeals ruling said the restrictions should be lifted because police were no longer interested in harassing people who had unpopular views. ``The culture that created and nourished the Red Squad has evaporated,'' the court said. ``The city does not want to resurrect the Red Squad. It wants to be able to keep tabs on incipient terrorist groups.'' ``Every major city in the United States is allowed to collect this kind of intelligence data,'' said police Superintendent Terry Hillard. ``We will continue to respect First Amendment rights while using the investigative tools to responsibly fight crime.'' The American Civil Liberties Union expressed dismay that the restrictions were lifted. ``We respectfully disagree with the 7th Circuit that they hampered the Chicago police from conducting effective law enforcement,'' spokesman Edward Yohnka said. =================================== Court upends spying rules imposed on Chicago cops http://www.chicago.tribune.com/news/metro/chicago/article/0,2669,ART-49184,FF.html By Matt O'Connor and Gary Washburn Tribune Staff Writers January 12, 2001 Restrictions on Chicago police because of their infamous Red Squad that spied on political activists in the 1960s and 1970s have left police "helpless" to combat terrorist groups and should be eased, a federal appeals court ruled Thursday. Lawyers for the city and Police Department hailed the decision, saying it will allow officers to provide surveillance of hate groups, photograph and videotape public demonstrations and share information with police across the country in monitoring suspected terrorists. Under a federal consent decree in effect for the last two decades, the city said its efforts to investigate gangs, terrorism and demonstrations had been hampered by requirements it first must have a reasonable suspicion of criminal activity. In its ruling, a three-judge panel of the 7th Circuit U.S. Court of Appeals said the onerous decree "renders the police helpless to do anything to protect the public" against terrorism. "The decree impedes efforts by the police to cope with the problems of today because earlier generations of police coped improperly with the problems of yesterday," said the opinion, written by Richard A. Posner, until recently chief judge. Judges William J. Bauer and Frank H. Easterbrook concurred. The ruling overturns a decision for the decree by former U.S. District Judge Ann Williams, who now sits on the 7th Circuit bench. Richard Gutman, an attorney for the lead plaintiff, Alliance to End Repression, who has been involved in the litigation from its inception in 1974, fears a return to the police tactics of the Red Squad, the intelligence-gathering unit that spied on, infiltrated and harassed a variety of political groups as far back as the 1920s. In its heyday in the 1960s, the special police detail was set up to watch over possibly violent anti-Vietnam War activists, but it quickly expanded to include spying on church organizations, community activists and opponents of Mayor Richard J. Daley's administration. "For all practical purposes, it eliminates any restrictions on political spying and it would permit the city to re-create the Red Squad," Gutman said. "So far as I'm concerned, the consent decree is dead." The ACLU of Illinois, another plaintiff in the lawsuit, disagreed with the court's finding that the limitations "hampered the city's ability to engage in effective law enforcement," said spokesman Edwin Yohnka. The plaintiffs said they haven't decided if they would ask the court to reconsider its decision or appeal to the U.S. Supreme Court. Lawyers for the city and the Police Department as well as the court ruling emphasized that the consent decree is being modified, not eliminated. Audits of the department's conformance with the decree won't be altered, making it more difficult for constitutional violations to go undetected, the court said. Thomas Needham, the Police Department's chief of staff, said he has been instructed by Supt. Terry Hillard to meet with city attorneys and come up with written procedures on how to conduct these investigations. Hillard wants to take "a cautious, go-slow approach," Needham said. "He wants this studied carefully." Mara Georges, the city's corporation counsel, said the court decision simply "unties the hands of the Chicago Police Department and allows it to engage in the kind of routine police work that every other police department does." Deputy Corporation Counsel Lawrence Rosenthal, who led the fight to ease the restrictions, acknowledged "very serious misconduct gave rise" to the consent decree. But from the start, the decree was "extremely restrictive," he said. Citing a recent example of how it hamstrung police efforts, Rosenthal pointed to white supremacist Benjamin Smith, whose two-state shooting spree over the 4th of July weekend in 1999 killed two, including former Northwestern University basketball coach Ricky Byrdsong, and wounded nine. When Smith had passed out inflammatory leaflets, Rosenthal said, "we couldn't even keep the leaflets, much less gather intelligence about who this guy was and what he was up to." "If somebody paints a swastika in Rogers Park, we have no idea what hate groups are operating in Rogers Park," Rosenthal said. "That is why we almost never solve those crimes. If you don't have a notion of what people you ought to be interviewing, you are not going to solve the crime." The court perceived a greater threat if the police couldn't keep tabs on terrorist groups. "Until the group goes beyond the advocacy of violence and begins preparatory actions that might create reasonable suspicion of imminent criminal activity, the hands of the police are tied," the decision said. "And if the police have been forbidden to investigate until then, if the investigation cannot begin until the group is well on its way toward the commission of terrorist acts, the investigation may come too late to prevent the acts or to identify the perpetrators." Plaintiffs' lawyers pointed out that Williams and U.S. Magistrate Judge Edward Bobrick concluded the decree in no way restricted Chicago police from investigating criminal activity. Gutman said one Chicago police sergeant who was a veteran of 15 years on the Counter-Terrorism Task Force said in a deposition the consent decree never stopped him from pursuing what he wanted to pursue. Gutman said the city in court filings indicated it wanted to investigate the extremist beliefs of individuals who aren't suspected of criminal activity. "They're going to be defining who's extremist," he said. "They can spy on anybody they want." Mayor Richard M. Daley began a campaign to lift the restrictions more than a decade ago. His administration believed the court might lift the limits if the city demonstrated a solid record of compliance. The city abided by the terms of the decree even though it hamstrung police, city officials declared Thursday. The court also concluded that the limits had worked. "The culture that created and nourished the Red Squad has evaporated," the court found. "The consent decree has done its job." =================================== Police spying rules eased http://www.suntimes.com/output/news/red12.html January 12, 2001 BY FRAN SPIELMAN AND STEVE WARMBIR STAFF REPORTERS Chicago police should have more freedom to investigate terrorist and hate groups because threats from them are more pressing than past police spying abuses, a federal appeals court ruled Thursday. In a controversial decision, the 7th Circuit Court of Appeals agreed to the city's request to modify a 1981 consent decree that had reined in the Chicago Police Department's notorious Red Squad. The unit spied on, infiltrated and harassed political groups. Under the consent decree, police could not start spying on a group until they had a reasonable belief a crime was occurring. But with a terrorist or hate group, "if the investigation cannot begin until the group is well on its way toward the commission of terrorist acts, the investigation may come too late to prevent the acts or to identify the perpetrators," Appellate Court Judge Richard Posner wrote. "The decree impedes efforts by the police to cope with the problems of today because earlier generations of police coped improperly with the problems of yesterday." Police and city officials praised the decision, while civil rights groups said it gutted an important safeguard. "I think it's a significant setback for these guidelines that have been in place protecting the people of Chicago these many years," ACLU spokesman Ed Yohnka said. The ACLU is considering an appeal. Tom Needham, chief of staff for police Supt. Terry Hillard, called the decision "a tremendous victory for common sense." "Less than 5 percent of the people currently on the police department were on the job when the city entered into this consent decree," Needham said. "There's a whole new generation of younger, better-educated police officers who can't even understand why we have these restrictions that other law enforcement agencies don't have. It's a historical relic." The ruling was a resounding victory for Mayor Daley, who has spent four years trying to modify the consent decree, which he contends "ties the hands" of police. As recently as last fall, violence in the Middle East prompted a Rogers Park rabbi to come under gunfire and Jewish pedestrians to be victimized by a slingshot attack. Daley said it was an example of how the court order had hamstrung police attempts to combat hate crimes. The rabbi's attackers are still at large. Currently, the police department is prohibited from retaining intelligence files, but now it will be able to create comprehensive databases on terrorist and hate groups. Hillard has asked his staff to put together a committee to determine how internal orders and procedures should be rewritten. The modified consent decree is expected to be written by U.S. District Judge Joan Gottschall at the appellate court's direction. Gottschall recently rejected claims by protesters that police violated the consent decree by spying on them during the 1996 Democratic National Convention. Corporation Counsel Mara Georges stressed the decree is not being scrapped. Chicago police still won't be permitted to gather intelligence to harass, intimidate or prohibit activities protected by the First Amendment. And the police will still be subject to court-monitored annual audits. "It's an entirely different atmosphere now. The city has been able to show that, for two decades, police have not engaged in such conduct." -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2293 From: James M. Atkinson, Comm-Eng Date: Fri Jan 12, 2001 4:54pm Subject: Cuba's spy network revealed Published Friday, January 12, 2001, in the Miami Herald Cuba's spy network revealed http://www.miamiherald.com/content/today/news/dade/digdocs/057047.htm BY GAIL EPSTEIN NIEVES gepstein@h... Cuba's foreign intelligence agency devotes an entire department to infiltrating exile groups and another department to getting inside the FBI, CIA, State Department and other U.S. governmental agencies, an expert in Cuban spy matters testified Thursday. Stuart Hoyt Jr., a retired FBI agent, unraveled the hierarchy of Cuba's intelligence services from ``Commander in Chief'' Fidel Castro on down. His testimony provided some context for jurors in the Cuban spy trial, who every day read or hear another acronym related to Cuban intelligence. None of the jurors is Cuban- American, so they probably would not be expected to know that the Directorate of Intelligence, or DI, is Cuba's main foreign espionage agency. Within the DI are eight departments, all of which start with the letter M followed by a Roman numeral, said Hoyt, who retired from the FBI in 1994 after 24 years of foreign counter-intelligence work, first against the Soviet Union and later against Cuba. Hoyt was assigned to field offices in New York, Boston, San Juan and Washington, D.C., and for three years he supervised the agency's anti-Cuba efforts. He still works under contract with the FBI. Hoyt named the intelligence departments as follows: MX is the office of the DI's chief, Brig. Gen. Eduardo Delgado Rodriguez. The indictment in this case used the code ``MX'' for the Havana chief who directed the accused spies to gather information that allegedly helped Cuban MiG warplanes shoot down and kill four Brothers to the Rescue pilots in 1996. MI is responsible for infiltrating U.S. government agencies. MIII collects and analyzes all information coming into the DI. MV supports ``illegal'' intelligence officers, or those who enter the U.S. illegally. ``Legal officers'' arrive legally and operate in official diplomatic missions, including M15, the Cuban mission to the United Nations in New York City; M2, the Cuban embassy in Mexico City; and M6, the Cuban embassy in Madrid. MIX is ``active measures,'' which refer to the use of disinformation, threats and violence to discredit enemies or otherwise influence someone's actions. MXI monitors phone calls and airplane radio communications. MXV handles communications between Havana and agents in the United States. MXIX infiltrates ``counter-revolutionary'' Cuban exile groups that oppose the Castro regime. Cuba has another group with a name similar to the DI but with a very different function. The Directorate of Counter Intelligence, called CI, works within Cuba handling ``internal control to ensure people don't speak out against the government,'' Hoyt said. Both the DI and the CI are part of the Ministry of the Interior, MINIT, one of the two most powerful ministries, or departments, in the Cuban government. The second is the Ministry of the Revolutionary Armed Forces, MINFAR, or the Cuban military, Hoyt said. The five men on trial are accused of spying for Cuba as part of La Red Avispa, the Wasp Network, whose members allegedly tried to penetrate U.S. military installations and Cuban exile groups. Hoyt said the network used typical spying techniques, including writing secrets on water-soluble paper that could quickly be destroyed. Jurors saw four such papers. The network also used ``compartmentalization,'' or limiting each person's knowledge, so that ``in case one is arrested, he will not be able to identify the other.'' The accused spies also communicated with beepers and pay phones, used counter-surveillance measures, post office boxes, fake documents and concealment devices, he said. -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2294 From: St. Clair, James Date: Fri Jan 12, 2001 8:39am Subject: FW: CellPhone in luggage allegedly scrambles avionics CellPhone in luggage allegedly scrambles avionics: Mobile phone brings down Slovenian airplane By Kieren McCarthy, The Register, 01/11/2001 http://www.theregister.co.uk/content/5/15995.html According to Reuters, a Slovenian airplane had to make an emergency landing on Tuesday because a ringing mobile phone had corrupted an electronics system and caused a fire-on-board light to switch on. Adria Airways admitted the plane bound for Sarajevo turned back shortly after take-off and made an emergency landing in Ljubljana. The airline said it had been caused by a phone in the luggage compartment that had been left on. Now, we can take this one of three ways. Either we should be extremely grateful to airlines' anal rules that stop you using mobiles and loads of other electrical equipment (note that laptops are alright because business customers make airlines profitable), thereby making the flight even more depressing and uncomfortable. Or, we should be very, very concerned about getting onto an Adria Airways plane in the future. Or, we should stop using our mobile phones very soon because if they can disrupt electrical systems while in a suitcase while in a hold - just imagine what they're doing to your brain. ® 2295 From: James M. Atkinson, Comm-Eng Date: Fri Jan 12, 2001 9:26pm Subject: Secrets and Lies January 12, 2001 Secrets and Lies http://thestandard.com/article/display/0,1151,21428,00.html Clinton recently appointed a national counterintelligence executive. But will protecting national secrets only create more leaks? By Richard Martin Two weeks ago, as one of his last acts in office, President Clinton created a position – "national counterintelligence executive" – with a broad mission to identify potential security threats and beef up protection for national secrets deemed vital to the security of the U.S. Coming after the bungled FBI investigation at the Los Alamos National Laboratory, this lame-duck maneuver is designed to combat a largely vaporous menace. It bears the fingerprints of FBI Director Louis Freeh, who as chairman of the proposed National Counterintelligence Board of Directors would select and oversee the secrecy czar. The directive also follows years of thwarted efforts by Congress to enact a law resembling Britain's notorious Official Secrets Act. Technology and business leaders should press the new Bush administration to reverse it forthwith. If there's one lesson that American companies have learned from the economic boom of the past decade it's that the free flow of information in any system – whether it's an internal network, a far-flung multinational corporation, a market or a government – benefits all parts of the system. Transparent markets function better than closed ones, as travel agents and stockbrokers are finding out. And transparent governments outlive secretive ones: "There seems to be no doubt," wrote former Sen. Daniel Patrick Moynihan in his foreword to the 1997 report from the Commission on Protecting and Reducing Government Secrecy, "that the Soviet Union deteriorated not least because the responsible actors rarely really knew what was going on." Unfortunately, the culture of secrecy that took hold in Washington after World War II did not evaporate with the end of the Cold War. Intelligence spending rose 120 percent between 1980 and 1996, a period when defense spending increased 40 percent. Today there are some 3 million people, inside and outside the federal government, with the authority to classify information as "Top Secret." But recent intelligence foul-ups, including the Los Alamos fiasco, prove that that expansion has not resulted in increased security. That's because of a paradox long understood by students of counterintelligence: The more secrets there are, the less secure they are. "Unless secrecy is reduced," wrote Moynihan, "it cannot be protected." Centralizing the government's counterintelligence efforts is a good idea. (One of the main recommendations of the 1997 secrecy commission was to rationalize procedures for classifying government information and to create a National Declassification Center.) Appointing a new secrecy czar to make the U.S. government more opaque, rather than less, is a lousy one. Ironically, in November, Clinton vetoed the Intelligence Authorization Act, which contained a provision to make any unauthorized disclosure of classified information a felony. Among other things, the law would have reversed the Supreme Court's historic decision in the Pentagon Papers case, which affirmed that freedom of the press and the public's right to know outweigh the specific crime of divulging government secrets. In vetoing the intelligence bill, Clinton quoted Justice Potter Stewart's opinion in that case: "The only effective restraint on executive policy in the areas of national defense and international affairs may lie in an enlightened citizenry." In other words, more secrecy only begets ignorance. And knowledge is always better than ignorance. -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2296 From: Andre Holmes <1ach@g...> Date: Sat Jan 13, 2001 8:00am Subject: Re: FW: CellPhone in luggage allegedly scrambles avionics We should be very concerned about getting onto a Airways plane in the future. Lesson learned= after reading the post I could only conclude: 1 The Slovenian Airplane was rigged in such away that if there is any transmitting on board then it had better be from the transceiver in the cockpit. 2 There is a good likely hood that a frequency registering instrument was wired to the lights and or warning system of the airplane. 3 Electrical power to the airplane is generated from a generator which is mounted under the Jet Engines. All cables are shielded from heat,oil,water,vibration etc meaning nothing should be able to penetrate the shielding. The cables from the generator is routed to a box on the side of the Engine its a distribution center, from there the wire routes can go every where needed. 4 The airliner feels safer to turn the plane around to locate the source of the xmitter or bomb in the hopes of lowering liability. ----- Original Message ----- From: "St. Clair, James" To: Sent: Friday, January 12, 2001 9:39 AM Subject: [TSCM-L] FW: CellPhone in luggage allegedly scrambles avionics CellPhone in luggage allegedly scrambles avionics: Mobile phone brings down Slovenian airplane By Kieren McCarthy, The Register, 01/11/2001 http://www.theregister.co.uk/content/5/15995.html According to Reuters, a Slovenian airplane had to make an emergency landing on Tuesday because a ringing mobile phone had corrupted an electronics system and caused a fire-on-board light to switch on. Adria Airways admitted the plane bound for Sarajevo turned back shortly after take-off and made an emergency landing in Ljubljana. The airline said it had been caused by a phone in the luggage compartment that had been left on. Now, we can take this one of three ways. Either we should be extremely grateful to airlines' anal rules that stop you using mobiles and loads of other electrical equipment (note that laptops are alright because business customers make airlines profitable), thereby making the flight even more depressing and uncomfortable. Or, we should be very, very concerned about getting onto an Adria Airways plane in the future. Or, we should stop using our mobile phones very soon because if they can disrupt electrical systems while in a suitcase while in a hold - just imagine what they're doing to your brain. ® ======================================================== TSCM-L Technical Security Mailing List "In a multitude of counselors there is strength" To subscribe to the TSCM-L mailing list visit: http://www.onelist.com/community/TSCM-L or email your subscription request to: subTSCM-L@t... =================================================== TSKS 2297 From: Jonathan D. Alvord Jr. Date: Fri Jan 12, 2001 10:29pm Subject: pgp encryption Just something I thought worthy of discussion!! Anyone else know about this ?? heimdall58@h... Found this while surfing the web. [Note: there are many commercial programs available which may provide additional features not found in PGP 5.5, such as automatic encryption of an entire drive. A review of some of these programs for Windows 95 can be found in the cryptome. I have been advised that the Triple DES algorithm is probably the most secure.] For those who are not familiar with it, I would like to briefly describe encryption and how it works, and then suggest how the freeware program pgp could be used to encrypt an internet mailing list, so that third parties would not be able to decode and read messages broadcast within a private group. As far as I know, no one is using pgp to encrypt a mailing list at this time - but it's easy to do so, and a foolproof way to prevent big brother wannabies in spy agencies from sticking their noses where they don't belong -- politics. If this is beginning to sound like a conspiracy theory, then a few historical references are in order. The FBI performed over 10,000 illegal black bag jobs (break-ins to gather intelligence) during the cointelpro period of the sixties and seventies, and most of those were for political purposes. Fighting communism, fighting the Black Panthers and the American Indian Movement, the murders of Martin Luther King and Malcolm X -- there are many examples of the use of surveillance and counter- intelligence for political purposes, the shameful underside and shadow of twentieth century American politics. Today, with almost everyone going online, even ordinary people are taking great risks in their personal conversations, because email can be so easily intercepted and cataloged. And it's not just a rogue law enforcement officer we have to be afraid of; the APEC scandal provides a perfect example of the unethical use of our intelligence community for commercial purposes, and in that case, for the purpose of campaign finance. Well, if someone wants to read my email, they're going to have to get a warrant to steal my computer. Without the private key I keep on my hard drive (which itself is password protected), even an acre of cray computers at Fort Meade couldn't crack my code. That's how powerful this technology is. Louie the Freeh and other top cops have tried to make this illegal, but it is not illegal, at least in the U.S. [There may be countries where the use of unlimited strength crypto is illegal, however. These programs may be considered to be weapons of war, due to the historical importance of secret codes in wars.] You don't need to have any secrets to need encryption. One good reason to use encryption is the NSA database of private email (and etc), which can be searched for keywords, just like dejanews is used by regular folks, to search through public usenet posts. By keying in on your email address and name as keywords, anyone with access to their system could read all your incoming and outgoing email (all the mail, from day one) as well as all the emails in which someone else mentions your name. A search on your name would probably turn up things other people have said about you that you don't even know about. OK, let's discuss pgp. PGP, which stands for Pretty Good Privacy, is a freeware program available for IBM, Mac, and Unix computers at http://www.pgp.com/products/personal/products.cgi. Older versions and newer versions of pgp seem to be incompatible, and people with older versions need to update to version 5.5 to stay current. When the program installed itself on my Windows 95 machine, it generated a pair of keys. A key is a long sequence of characters generated by complex mathematical formulas. The two keys generated by the formulas have a mathematical relationship to each other, and pgp can tell that they are a pair by applying its equations - the puzzle is solved! One of the keys is public and the other is private. You give key away to your friends, and you keep the other one for yourself. The private key is never given to anyone else. Then the only way a third party would be able to decode messages encrypted to you would be to get a hold of your private key - and they would have to steal your computer for that. If this ever happens to you, remember to tell your lawyer about the Steve Jackson Games case, which set a precedent for the legal grounds required for a federal agency to confiscate a person's computer. The private key on your computer requires a password to use, which should be something you can remember and don't need to write down. If they have your computer, they can probably hack this password, but it would require serious effort. Some people encrypt everything on their computer and keep the key on a floppy disk. That would be the safest way to go. Then they would need to steal the floppy disk -- does this sound like James Bond yet? Let's say you want to send me an encrypted message. You will need to have my public key. You may have seen people who post on the internet with signatures like BEGIN PGP PUBLIC KEY BLOCK, then a lot of characters in a row, then END PGP PUBLIC KEY BLOCK. This public key is public information, and providers are beginning to archive them for their customers. A public key is used by other people to encrypt a message that only you can decode, using the private key that is the other half of the pair. Once someone encrypts a message to you, they can't decrypt it and read it afterwards, because they don't have the private key. That's how pgp works. Now, for me to send an encrypted reply to your message, I need your public key. I encrypt my message with your public key, paste it into an email message, and you will be able to decode it with your private key. We would use four keys to have this conversation. As I mentioned, they are automatically generated by the pgp program, and you just select "encrypt contents of clipboard" and "decrypt contents of clipboard" from a menu in pgp and select the proper keys from a list the program keeps, like a telephone directory. Apparantly, the way to crack encrypted messages is to use the formulas in pgp and try every combination to see if it works. But with this particular program (pgp), each key is so long that it would be an astronomical computer problem to try every combination. Many nonsense plaintext solutions are generated by shotgun type approaches, and a computer can't determine if it has a correct answer unless it can verify that the syntax of the message is gramatically correct; this is not easy, and even gramatically correct solutions could be found randomly, which have no relation to the real message. It's the same idea as a million monkeys (or more) with typewriters producing a Bible by accident. Imagine how many guesses an acre of cray computers could make in just one moment. Imagine the late Carl Sagan telling you how big the universe is - there must be a huge number of possible pgp keys. When they talk about unlimited strength crypto, they mean programs that can overpower supercomputers using trial and error methods, simply by using very long keys. Obviously, longer keys are harder to guess than shorter ones. Without getting any more technical, that is the basic idea of pgp. A numerical sequence is used to scramble your message, and a corresponding sequence, which is mathematically related to it, is used to unscramble it. The sequences used are too long to make guessing practical, even by the most powerful networks of computers. I have an idea for how to use pgp to encrypt a mailing list. Members of a mailing list all have to be able to read the messages on the list. In pgp terms, everyone needs to use the same public key to encrypt messages for the list, and everyone uses the same private key to read them. So everyone needs to have copies of the same "master keys" for the list. Here's how it would work. First, a group of people all download a copy of pgp and get it working on their machines. PGP is available for IBM, Mac, and Unix, and the members can have a mixture of these different operating systems. Each person will generate a pair of keys, public and private - that's part of the installation. After reading this story, you're now familiar with pgp, and your friends will undoubtedly expect you to take the lead as organizer of the mailing list. The first thing for you to do is to generate another pair of keys - these will be the master keys. Next, send copies of both of keys to everyone on the list, using your newfound encryption technology. Sending keys in the mail may sound like a dangerous idea, but because your friends all have their own sets of keys, you can *italics* use their personal public keys to encrypt the master keys for the list *end italics* and send the master keys securely to each of the members. Now everyone has an identical pair of master keys, and they've never even met face to face. These keys are in addition to their own personal keys, which they can use for personal encrypted mail. Emails sent to the mailing list are encrypted by the public master key and broadcast to the list members, who use the private master key to decode them. This is a perfect information security system, as long as no one's computer gets bagged. Our private communications are none of the government's business. Of course, the legality of using encryption depends upon what it is you're encrypting. This is a technology that can be used for all kinds of criminal purposes. But at the same time, it protects us from criminal acts by unethical people in positions of power in our government. That's a compromise I am willing to make. Paul Wolf _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com 2298 From: Paolo Sfriso Date: Sat Jan 13, 2001 8:31am Subject: Re: Cellphone in lugagge allegedly scrambles avionics. In Italy (and I think in some other EU countries too) it is a criminal offence to keep your cellphone activated during a commercial flight. At take-off and landing a standard "cellphones off/on" warning is given over the plane's PA system. In fact, GSM cellphones do disturb (even when idle and give their "here I am" transmittion burst") a number of electronic systems. You can typically "hear" a call arriving on your GSM cellphone by the rasping noise that enters your phone, PC, stereo system, etc. I assisted on a case a couple of years ago where a GSM/GPS bug had been planted by the Carabinieri CID in a hold-up gang's car and one of the suspects says, after hearing the "hear I am " rasp interfere with the car's stereo, "Sh** I sure hope this noise comes from one of our cellphones and not some big planted in the car"...You can imagine the surveillance team's reaction... Analog cellphones (such as E-TACS) dont seem to disturb nearby electronics. Have a nice weekend. Paul Sfriso Director GRUPPO S.I.T. Security, Investigations & Tecnology Quarto d'Altino, Venice ITALY phone +39 0422 828517 fax +39 0422 823224 24hr GSM cellphone +39 (0)335 5257308 paulsfriso@t... 2299 From: William Knowles Date: Sun Jan 14, 2001 2:48am Subject: Re: pgp encryption On Fri, 12 Jan 2001, Men in with black helicopters working with the Greys made Jonathan D. Alvord Jr. write: > Just something I thought worthy of discussion!! Anyone else know about this > ?? heimdall58@h... > > Found this while surfing the web. > > [Note: there are many commercial programs available which may > provide additional features not found in PGP 5.5, such as > automatic encryption of an entire drive. A review of some of > these programs for Windows 95 can be found in the cryptome. I > have been advised that the Triple DES algorithm is probably the > most secure.] Currently PGP 7.0 is the most recent commercial release of PGP. > For those who are not familiar with it, I would like to briefly > describe encryption and how it works, and then suggest how the > freeware program pgp could be used to encrypt an internet mailing > list, so that third parties would not be able to decode and read > messages broadcast within a private group. > > As far as I know, no one is using pgp to encrypt a mailing list at > this time - but it's easy to do so, and a foolproof way to prevent > big brother wannabies in spy agencies from sticking their noses > where they don't belong -- politics. If this is beginning to > sound like a conspiracy theory, then a few historical references > are in order. Actually there are quite a few lists using PGP for a mailing list, and you can install a program to make this eaiser. PGPdomo: pgpdomo is a set of replacement programs for Majordomo version 1.93 that allows you to perform PGP encrypted administration and distribution of encrypted messages on selected lists while still retaining (mostly) normal operation of your cleartext lists. Unless you're checking the backround of everyone signing up for your publically available mailing list, all PGP would do is keep curious onlookers of the mail in transit from looking at your messages, PGP won't stop a FBI agent from submitting a PGP key and signing onto your list. > Well, if someone wants to read my email, they're going to have to > get a warrant to steal my computer. Warrants? We don't need no STINKING WARRANTS! http://www.cybercrime.gov/searchmanual.htm > Without the private key I keep on my hard drive (which itself is > password protected), even an acre of cray computers at Fort Meade > couldn't crack my code. That's how powerful this technology is. Acre of Cray computers? Maybe less then 100 square feet of would crack your message, But if we have your computer whole, intact, and not blown in a million pieces from a chunk of RDX next to your harddrive, Then maybe a couple of Pentium class workstations because it all falls down to the quality of your passphrase, which for the most part are less than 8-10 characters long and usually in plaintext with no special cH@RaC73r$ to slow down the process of cracking the passphrase. > OK, let's discuss pgp. PGP, which stands for Pretty Good Privacy, > is a freeware program available for IBM, Mac, and Unix computers > at http://www.pgp.com/products/personal/products.cgi. I point people towards: http://www.pgpi.org/ for PGP and GPG information. > Older versions and newer versions of pgp seem to be incompatible, > and people with older versions need to update to version 5.5 to > stay current. PGP is available for many different platforms, including Unix, MS-DOS, Windows 3.x, 95, 98, & NT, 2000, BeOS, OS/2, Macintosh, Amiga, Newton, Atari Psion, and even Palm. I have one client that is so paranoid about PGP that he changes his PGP keys as often as he changes his underwear (1-2 times a day) and generates keys on a HP200LX. I tell people that PGP is secure enough for 95% of the world's prying eyes, That the other 5% is the world's various governments, intelligence agencies, and larger corporations that have the way and the means to find out what that encrypted message says in plaintext. Think I'm kidding? http://www.eff.org/descracker.html To prove the insecurity of DES, EFF built the first unclassified hardware for cracking messages encoded with it. On Wednesday, July 17, 1998 the EFF DES Cracker, which was built for less than $250,000, easily won RSA Laboratory's "DES Challenge II" contest and a $10,000 cash prize. It took the machine less than 3 days to complete the challenge, shattering the previous record of 39 days set by a massive network of tens of thousands of computers. The research results are fully documented in a book published this week by EFF and O'Reilly and Associates, entitled "Cracking DES: Secrets of Encryption Research, Wiretap Politics, and Chip Design." Its a good rule of thumb not to trust any encryption program that wasn't written by someone that hasn't done years of cryptoanalysis, and Phil Zimmermann isn't one of those guys I really trust his software with my life, Zimmermann was an anti-war/nuclear protester. On the other hand, the NSA is having a hard time retaining their personal and losing quite a few to the private sector, and if I felt I needed an encryption program that strong, I would be recruiting around the Fort George G. Meade campus. :) Sorry to rail on about off this, I'm a little hungover from a night of sake and sushi, and I have to redo a Powerpoint presentation for a talk next week. :) Cheers! William Knowles wk@c... *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* 2300 From: 1RCM <1RCM@M...> Date: Sun Jan 14, 2001 9:33am Subject: What would YOU do? Hi List, Let's see if we can't spawn some creative debate here. Many on this list have run across these type instances which fall right in that blurry area somewhere between standing on true ethics and paying the bills. What do YOU do?? Ah yes, before you consider both scenarios think back to all of the debate that has taken place on this list over the past year relating to professionals vs. charlatans; just what constitutes performing a proper sweep; enlightening a potential client; fees vs. services performed; etc., etc. Then respond honestly! Scenario #1 ..... You are contacted by a potential client who feels that he/she has reason to have a sweep done. During the discussion that follows you are convinced that a sweep is legitimately needed, but also that the potential client does not have the foggiest idea of what is involved. And so you do a bit of education before you quote a fee. At the end of the discussion the client states that he/she fully understands what you have explained but has reached this decision: "Instead of the 6 hours that you quoted I want you to do the best that you can in 2 hours with your fee being reduced accordingly. I understand what you have explained to me and I accept the fact that I will be receiving less than what you recommend - but as the client that's my decision to make". Now remember that the office copy machine needs repair and you could use those few extra $$$'s to buy that new piece of equipment you want - all to the tune of about what you would make doing this 'mini-sweep'; the location is only 15 minutes from your office; you are satisfied that the client is making an 'informed decision'; and you have absolutely nothing work-wise going on the next day. What would YOU do??? Scenario #2 ...... You are contacted by a PI firm regarding handling a referral job. After a discussion regarding your services, fees and recommendations they want you to do: " a check of a hotel meeting room for transmitters and a quick look-around with a flashlight - bring just your sp ectrum analyzer, your CPM-700, your Opto Xplorer, or what ever you told us you have that you want to use, and your flashlight - we want this done very low-keyed. And you will only have about an hour alone in the room". After explaining your feelings regarding doing 'proper' sweeps the PI that you are talking to states emphatically that it is he who has been retained to look after the best interests of the client; no, you may not speak with the client; he is making his request based upon an investigation that he is conducting for the client; and yes, it is his neck on the line and not yours as the client will not know who you are. However, at the end of this discussion you are not really sure whether or not the PI fully understands what you had attempted to explain to him regarding TSCM and you have this lingering feeling that he is to a high degree basing his request on what he is willing to pay out of his billable fee for your services. But still, he is offering a decent buck for the work that you will actually have to do. Same conditions exist for this one as for the scenario above. What do YOU do???? Respond or not; do it on or off list; included your name or be anonymous - your choice. I'm not trying to embarrass anyone or to pry. I have my own reasons for posing these questions. But I truly believe that the diverse answers - and accompanying debate - that hopefully will be generated can benefit us all. Bob Motzer 1RCM@M... 2301 From: James M. Atkinson, Comm-Eng Date: Sun Jan 14, 2001 10:46am Subject: Re: What would YOU do? At 10:33 AM -0500 1/14/01, 1RCM wrote: >Hi List, > >Let's see if we can't spawn some creative debate here. Many on this list >have run across these type instances which fall right in that blurry area >somewhere between standing on true ethics and paying the bills. What do YOU >do?? Ah yes, before you consider both scenarios think back to all of the >debate that has taken place on this list over the past year relating to >professionals vs. charlatans; just what constitutes performing a proper >sweep; enlightening a potential client; fees vs. services performed; etc., >etc. Then respond honestly! >Scenario #1 ..... You are contacted by a potential client who feels that >he/she has reason to have a sweep done. During the discussion that follows >you are convinced that a sweep is legitimately needed, but also that the >potential client does not have the foggiest idea of what is involved. And so >you do a bit of education before you quote a fee. At the end of the >discussion the client states that he/she fully understands what you have >explained but has reached this decision: "Instead of the 6 hours that you >quoted I want you to do the best that you can in 2 hours with your fee being >reduced accordingly. I understand what you have explained to me and I accept >the fact that I will be receiving less than what you recommend - but as the >client that's my decision to make". > >Now remember that the office copy machine needs repair and you could use >those few extra $$$'s to buy that new piece of equipment you want - all to >the tune of about what you would make doing this 'mini-sweep'; the location >is only 15 minutes from your office; you are satisfied that the client is >making an 'informed decision'; and you have absolutely nothing work-wise >going on the next day. What would YOU do??? I would politely explain to the client that he is wasting my time, and would tell him to call me when he is finished playing games and wants to deal with reality. While you may think this is shocking the potential client will actually be more impressed that you stuck with your guns. Sure you may not get THIS projects, but you will probably get future projects from him. I would tell him that it will take a minimum or 4 hours for any TSCM project, and that I can do the job in a minimum of hours or not at all. Two hours would give me just enough time to unload the truck, set up for the first test, and then reload it with no time to actually turn the equipment on. It is a case of the client just being too cheap, and trying to manipulate how you apply your skills. At no time has he indicated that your time on target is restricted, or that there is some legitimate reason why you can get such limited time. It is a very slippery slope when you bow in to the pressures and influence of HOW you perform your job. >Scenario #2 ...... You are contacted by a PI firm regarding handling a >referral job. After a discussion regarding your services, fees and >recommendations they want you to do: " a check of a hotel meeting room for >transmitters and a quick look-around with a flashlight - bring just your sp >ectrum analyzer, your CPM-700, your Opto Xplorer, or what ever you told us >you have that you want to use, and your flashlight - we want this done very >low-keyed. And you will only have about an hour alone in the room". After >explaining your feelings regarding doing 'proper' sweeps the PI that you are >talking to states emphatically that it is he who has been retained to look >after the best interests of the client; no, you may not speak with the >client; he is making his request based upon an investigation that he is >conducting for the client; and yes, it is his neck on the line and not yours >as the client will not know who you are. However, at the end of this >discussion you are not really sure whether or not the PI fully understands >what you had attempted to explain to him regarding TSCM and you have this >lingering feeling that he is to a high degree basing his request on what he >is willing to pay out of his billable fee for your services. But still, he >is offering a decent buck for the work that you will actually have to do. Simple... he pays for a minimum of four hours at the full base rate, but get only one on hour on target. If he is unwilling to pay for the four hours then you politely refuse to help him. If there is a legitimate reason why you can only get limited access to the area then you work with what you have, in the amount of time you have. I would however, encourage the PI to allow full access to the hotel room 4 hours in advance, encourage In-Place monitoring during the actual meeting, and would encourage him to obtain control of all nearby rooms for the duration of the meeting. The second situation is similar to the first, but you are more likely for the PI to relent and let you have the room for at least four full hours or more. If you only have an hour on target, then you only have an hour on target. But by adopting the "I don't leave my house for anything less then 4 billable hours" you will find the client will let you do your job in a professional manner, and on your terms. It's a bit like me telling my dentist how to perform a root canal, and requiring it to be finished in 120 seconds. >Same conditions exist for this one as for the scenario above. What do YOU >do???? It's not the same conditions, but close. If there is a legitimate reason that is one thing, but if it is a case of the client simply being to cheap then you should walk away. >Respond or not; do it on or off list; included your name or be anonymous - >your choice. I'm not trying to embarrass anyone or to pry. I have my own >reasons for posing these questions. But I truly believe that the diverse >answers - and accompanying debate - that hopefully will be generated can >benefit us all. > > >Bob Motzer >1RCM@M... -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2302 From: factfind Date: Sun Jan 14, 2001 11:34am Subject: Re: What would YOU do? It strikes me that this question requires an answer which may seem simplistic but I believe it reflects the approach taken by most people on this list. The practice of ethical business whether by TCSM practioners or PI's or Lawyers (no jokes now) should not be a matter of "situational ethics" You have invested time and money in your experience and training. No one knows better the value of your services than you. Price services and products accordingly. Do the right thing, both for yourself and our profession. Be fair, but then you knew that. Fraternally Dave ----- Original Message ----- From: "1RCM" <1RCM@M...> To: "TSCM List - Post" Sent: Sunday, January 14, 2001 10:33 AM Subject: [TSCM-L] What would YOU do? > Hi List, > > Let's see if we can't spawn some creative debate here. Many on this list > have run across these type instances which fall right in that blurry area > somewhere between standing on true ethics and paying the bills. What do YOU > do?? Ah yes, before you consider both scenarios think back to all of the > debate that has taken place on this list over the past year relating to > professionals vs. charlatans; just what constitutes performing a proper > sweep; enlightening a potential client; fees vs. services performed; etc., > etc. Then respond honestly! > > Scenario #1 ..... You are contacted by a potential client who feels that > he/she has reason to have a sweep done. During the discussion that follows > you are convinced that a sweep is legitimately needed, but also that the > potential client does not have the foggiest idea of what is involved. And so > you do a bit of education before you quote a fee. At the end of the > discussion the client states that he/she fully understands what you have > explained but has reached this decision: "Instead of the 6 hours that you > quoted I want you to do the best that you can in 2 hours with your fee being > reduced accordingly. I understand what you have explained to me and I accept > the fact that I will be receiving less than what you recommend - but as the > client that's my decision to make". > > Now remember that the office copy machine needs repair and you could use > those few extra $$$'s to buy that new piece of equipment you want - all to > the tune of about what you would make doing this 'mini-sweep'; the location > is only 15 minutes from your office; you are satisfied that the client is > making an 'informed decision'; and you have absolutely nothing work-wise > going on the next day. What would YOU do??? > > Scenario #2 ...... You are contacted by a PI firm regarding handling a > referral job. After a discussion regarding your services, fees and > recommendations they want you to do: " a check of a hotel meeting room for > transmitters and a quick look-around with a flashlight - bring just your sp > ectrum analyzer, your CPM-700, your Opto Xplorer, or what ever you told us > you have that you want to use, and your flashlight - we want this done very > low-keyed. And you will only have about an hour alone in the room". After > explaining your feelings regarding doing 'proper' sweeps the PI that you are > talking to states emphatically that it is he who has been retained to look > after the best interests of the client; no, you may not speak with the > client; he is making his request based upon an investigation that he is > conducting for the client; and yes, it is his neck on the line and not yours > as the client will not know who you are. However, at the end of this > discussion you are not really sure whether or not the PI fully understands > what you had attempted to explain to him regarding TSCM and you have this > lingering feeling that he is to a high degree basing his request on what he > is willing to pay out of his billable fee for your services. But still, he > is offering a decent buck for the work that you will actually have to do. > > Same conditions exist for this one as for the scenario above. What do YOU > do???? > > Respond or not; do it on or off list; included your name or be anonymous - > your choice. I'm not trying to embarrass anyone or to pry. I have my own > reasons for posing these questions. But I truly believe that the diverse > answers - and accompanying debate - that hopefully will be generated can > benefit us all. > > > Bob Motzer > 1RCM@M... > > > > > ======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.onelist.com/community/TSCM-L > > or email your subscription request to: > subTSCM-L@t... > =================================================== TSKS > > 2303 From: James M. Atkinson, Comm-Eng Date: Sun Jan 14, 2001 2:17pm Subject: Re: pgp encryption [snip] > > Without the private key I keep on my hard drive (which itself is >> password protected), even an acre of cray computers at Fort Meade >> couldn't crack my code. That's how powerful this technology is. > >Acre of Cray computers? Maybe less then 100 square feet of would crack >your message, But if we have your computer whole, intact, and not >blown in a million pieces from a chunk of RDX next to your harddrive, >Then maybe a couple of Pentium class workstations because it all falls >down to the quality of your passphrase, which for the most part are >less than 8-10 characters long and usually in plaintext with no >special cH@RaC73r$ to slow down the process of cracking the >passphrase. You really do not need a computer any larger then one of the cube "dorm" refrigerators about two foot cubical, but it depends on the size of the key that the target is using (the longer and more complex the key, the more horsepower you need). Also, if the investigator or espionage practitioner has any kind of physical access to the original computer the task or other "comprising fragments" the decrypt becomes several orders of magnitude simpler. [snip] >I have one client that is so paranoid about PGP that he changes his >PGP keys as often as he changes his underwear (1-2 times a day) and >generates keys on a HP200LX. [snip] If your client is serious about security he will not use PGP, any other other method of public key encryption, or any encryption methodology generally available to the public. >I tell people that PGP is secure enough for 95% of the world's prying >eyes, That the other 5% is the world's various governments, >intelligence agencies, and larger corporations that have the way and >the means to find out what that encrypted message says in plaintext. PGP is only appropriate when you want to protect the materials from someone who is an amateur, and is not at all appropriate for protecting materials where a professional spy may have an interest in obtaining. [snip] >Its a good rule of thumb not to trust any encryption program that >wasn't written by someone that hasn't done years of cryptoanalysis, >and Phil Zimmermann isn't one of those guys I really trust his >software with my life, Zimmermann was an anti-war/nuclear protester. [snip] Good point, but using strong encryption algorithms is only part of the security equation, and any weakness in ANY SEGMENT can render all other segments completely worthless. -jma -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2304 From: Steve Uhrig Date: Sun Jan 14, 2001 3:42pm Subject: Re: What would YOU do? Once upon a midnight dreary, 1RCM pondered, weak and weary: > Scenario #1 ..... You are contacted by a potential client who > feels that he/she has reason to have a sweep done. During the > discussion that follows you are convinced that a sweep is > legitimately needed, but also that the potential client does not > have the foggiest idea of what is involved. This is fairly common. > And so you do a bit of education before you quote a fee. At > the end of the discussion the client states that he/she fully > understands what you have explained but has reached this > decision: "Instead of the 6 hours that you quoted I want you > to do the best that you can in 2 hours with your fee being > reduced accordingly. My answer: "I quoted the time I expect it will take to do the job properly, and my fee to do it. If you cannot agree to both, I am sorry, I cannot help you." > but as the client that's my decision to make". And if you miss something which later comes back to bite you in the ass, can you hide behind this? The client will deny ever saying it. Sometimes you have to protect these people from themselves. > Now remember that the office copy machine needs repair and you > could use those few extra $$$'s to buy that new piece of > equipment you want - all to the tune of about what you would make > doing this 'mini-sweep'; the location is only 15 minutes from > your office; you are satisfied that the client is making an > 'informed decision'; and you have absolutely nothing work-wise > going on the next day. What would YOU do??? The client IS NOT making an informed decision. The client is making a decision based on fiscal considerations. As far as trying to make excuses for taking his or her money anyway, when you know you will not be doing the job properly, that makes you a whore and no different from the rest of the TSCM scum pretenders. Your financial situation should not make any difference in your ethics. If you have any. > Scenario #2 --- And you will only have about an hour alone in the > room". After explaining your feelings regarding doing 'proper' > sweeps the PI that you are talking to states emphatically that it > is he who has been retained to look after the best interests of > the client; no, you may not speak with the client; he is making > his request based upon an investigation that he is conducting for > the client; and yes, it is his neck on the line and not yours as > the client will not know who you are. Same answer as #1. I have quoted the time and cost it will take to do the job properly. I only accept work where I am able to do my job properly. If this is unacceptable, find yourself another sweeper. Then give them CCS' phone number. If I cannot speak with the client, I will not accept the assignment. Someone has something to hide. The PI will not have enough info for me to even know what I am facing technically. I have to talk to the client directly. That is one of my litmus tests. If that is a problem, find another sweeper. When I do talk to the client, I am perfectly willing to do so under the PI agencies' name. I do not have an identity problem like a lot of those guys do. I am not another PI and will not steal their client. If they can't trust me to speak to the client, they shouldn't be hiring me. Whose neck will be on the line if you miss something? I guarantee the PI will be the Teflon Don, and it will be you making excuses and trying to justify why you accepted a job you admitted you could not do properly. It is YOUR job to look out for the ultimate client's best interests. You need a certain amount of info to be able to do that. If something can go wrong, and things do, you can be sure you will be living in the valley and you'd better have your bases covered. All these PIs and clients can come and go. You have to live with yourself and whatever reputation you develop. You want to develop the reputation for being absolutely ethical and not willing to compromise your ethics, your fee or your (ultimate) client's best interests. Both scenarios you described would cause me to invite the PI or whomever to lose my phone number, if they are unwilling to let me do my job the way I know it needs to be done. I think you know this, and it does make for interesting discussion. First rule of sweeping is money up front. Second rule is always CYA (Cover Your Ass). You will be surprised how few friends and how many adversaries you will have if something goes wrong. Don't expect anyone else, like PI middlemen, to take a bullet for you. If I feel uncomfortable, even hold harmless agreements will not change that feeling. Just don't let situations develop where you have to compromise your ethics or your fees, or your the end user's best interests. And if you feel uncomfortable about a situation, trust your instincts and pass it by. Not worth it. Street smarts have kept a lot of us alive. Steve ******************************************************************* Steve Uhrig, SWS Security, Maryland (USA) Mfrs of electronic surveillance equip mailto:Steve@s... website http://www.swssec.com tel +1+410-879-4035, fax +1+410-836-1190 "In God we trust, all others we monitor" ******************************************************************* 2305 From: Nick Robson Date: Sun Jan 14, 2001 4:08pm Subject: Re: What would you do. Here is another scenario for discussion. This happened to me. A very large multinational accounting firm asked me to write them a report stating that they were clean. They wanted no sweep done and were willing to pay reasonably for the report. -- ************************* The Security Centre Ltd ************************** *************Grand Cayman, Cayman Islands, British West Indies************** 2306 From: James M. Atkinson, Comm-Eng Date: Sun Jan 14, 2001 4:26pm Subject: Re: What would you do. At 5:08 PM -0500 1/14/01, Nick Robson wrote: >Here is another scenario for discussion. This happened to me. > >A very large multinational accounting firm asked me to write them a report >stating that they were clean. They wanted no sweep done and were willing to >pay reasonably for the report. Explain to the person at the large multinational accounting firm that you are not a whore, and that they should spend their money elsewhere. Additionally, you should document the incident, and write a "memo for record" that you have signed and notarized in case the guy tries anything cute in the future. If you have had previous contact with the company you may find it prudent to inform senior management and their legal department in writing of the incident. Such a request is obviously fraudulent, and as such is strictly taboo. Of course the person who made the request may simply be trying to test your ethics, or perhaps not... but watch it either way. -jma -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2307 From: Miguel Puchol Date: Sun Jan 14, 2001 5:12pm Subject: RV: What would YOU do? Bob & list, I will try to give an inbetween point here, although I agree more with what James has expressed in his message - if you know what you're doing is a waste of your time and your client's money, then better not take the job. Picture scenario #1, and after a couple of days, the costumer calls you to say that he has been bugged with a high grade bug that you didn't (and quite possibly couldn't given the time allowed) detect, and this has caused an important leak of information, etc. etc. Then, your costumer will start to tell anyone within hearing distance what a con you are, and so on, and news travel fast. Result: your reputation and good name tarnished. The inbetween point I wanted to make is: why not offer different 'grades' of sweep, depending on the level of the threat? If your costumer is willing to discuss the type of information he's protecting, you can estimate - approximately - the level of risk and likelyhood of advanced bugging techniques being used, and plan a sweep accordingly. Then, get your costumer to sign a document to the tune of 'I have been informed that, given the risk level assesed, a sweep lasting X hours using Z equipment is needed to minimize to a good extent the risk of interception of confidential information. I hereby state that I assume the risk of a sweep being performed which does not meet the required level, and understand the implications' etc. etc. (A lawyer may come in handy here) This is just an idea, it may not fall well with purists, and each one of us should set his own standards regarding this point. James states a minimum of 4 hours, and I understand that it's a very light sweep. In some countries, one hour or two may be enough, as eavesdropping is not so technologically advanced - given the same level of 'risk'. Well, that's my oppinion, and like everyone else, I have a nose too :-)) All the best, Mike > -----Mensaje original----- > De: 1RCM [mailto:1RCM@M...] > Enviado el: domingo, 14 de enero de 2001 16:34 > Para: TSCM List - Post > Asunto: [TSCM-L] What would YOU do? > > > Hi List, > > Let's see if we can't spawn some creative debate here. Many on this list > have run across these type instances which fall right in that blurry area > somewhere between standing on true ethics and paying the bills. > What do YOU > do?? Ah yes, before you consider both scenarios think back to all of the > debate that has taken place on this list over the past year relating to > professionals vs. charlatans; just what constitutes performing a proper > sweep; enlightening a potential client; fees vs. services performed; etc., > etc. Then respond honestly! 2308 From: Rick Hofmann - MICROSEARCH Date: Sun Jan 14, 2001 5:41pm Subject: E.S.I. telephone instruments During an inspection yesterday one of two telephone instruments was passing room audio while on hook. This is an E.S.I. telephone system. The instruments are model EKT-A, and the KSU is a model number IVX (letters, not roman numerals). The instrument was left in place with the idea of passing false information. When the instruments are eventually replaced I will examine them both in an attempt to locate any modifications. I will pass on the information to this list. In the mean time, any information about E.S.I. telephones would be appreciated. Very truly yours, R.C.Hofmann, CCO, CPP MICROSEARCH, LLC - Electronic Surveillance Detection - Counterespionage Post Office Box 2084 - Cypress, California 90630 714-952-3812 Fax: 714-209-0037 PI16998 2309 From: Steve Uhrig Date: Sun Jan 14, 2001 6:18pm Subject: Re: What would you do? Once upon a midnight dreary, Nick Robson pondered, weak and weary: > Here is another scenario for discussion. This happened to me. > A very large multinational accounting firm asked me to write > them a report stating that they were clean. They wanted no > sweep done and were willing to pay reasonably for the report. What is there to discuss? You are an honest man, and as such would have denied their request. Steve ******************************************************************* Steve Uhrig, SWS Security, Maryland (USA) Mfrs of electronic surveillance equip mailto:Steve@s... website http://www.swssec.com tel +1+410-879-4035, fax +1+410-836-1190 "In God we trust, all others we monitor" ******************************************************************* 2310 From: Hoffman Date: Sun Jan 14, 2001 8:03pm Subject: Re: What would YOU do? > > Ah yes, before you consider both scenarios think back to all > > of the debate that has taken place on this list over the past > > year relating to professionals vs. charlatans; just what > > constitutes performing a proper sweep; enlightening a > > potential client; fees vs. services performed; etc., > > etc. Then respond honestly! > > blurry area somewhere between standing on true ethics > > and paying the bills. What do ------------------------------- A. Hoffman replies: I don't believe "ethics", in the sense that I use the word, has much bearing on the matter. It's a pure business decision. (1) Is it economically profitable to perform the service for the client for such a trivial fee which borders on break-even? (2) Will it negatively impact your reputation? (3) How will it hurt your reputation; does this client have connections in the corporate community from whence you derive your work? (4) Is there a realistic liability which you may incur if it is found at a later time that the technician did not locate a threat? (5) Last on my list is my personal ethics regarding the matter. There's something to be said for having pride in ones work and being noble by trying to be the absolute best at what you do....but more often than not....such beliefs are purely a figment of ones own imagination; and it leads to extremely big ego complexes when people become overly self-righteous about their abilities and their so-called "reputation". I say, just bury the client in a half inch of paperwork; which if your a thorough businessman; thats probably what you should be doing already. You should have dozens of checklists; forms; summaries; client reports which fully detail every aspect of the sweep or other security services your may perform. Included on the forms should be the equipment you used, serial numbers, when your units were calibrated; what range of frequencies were swept; what telephones were analyzed, if any. In addition, there should be a half dozen standard forms which the client should be signing which fully explains that in no way is the customer entitled to "getting results" (as private investigators are always fond of saying "their being payed for their time, not based on undetermined outcomes or results..") Nothing wrong with pride in ones work; but the question is.... Who's interest are you REALLY serving best?... The clients, or your own ego? If a customer wants or NEEDS work done.... even if they want a half-assed job.. "IF" it pay's; and if you need the money; then why not do it? If you refuse to do the job; then your not really serving your customers needs. Yes, you might know better than them... and you might not be serving their "best interest", but in some cases, something is better than nothing; even a half-assed job. I speak in this matter as a businessman; a white collar worker; and a blue collar worker who has been involved in a half dozen unique fields of service work. Like the Rolling Stones song, "You can't always get what you want." Many times I have had to "swallow my pride", and do jobs for customers which I did not feel felt met my personal criteria.... I didn't particularly like what the customer suggest to me... but in the end; I realized I was there not exclusively to feed my own ego, but to serve the customers needs... and if they want it. Give it to them. It's money in your pocket. 2311 From: Steve Uhrig Date: Sun Jan 14, 2001 9:06pm Subject: Re: What would YOU do? Once upon a midnight dreary, Hoffman pondered, weak and weary: > I don't believe "ethics", in the sense that I use the word, > has much bearing on the matter. It's a pure business > decision. There unfortunately are a number of "TSCM practitioners" who feel the same way. > There's something to be said for having pride in ones work and > being noble by trying to be the absolute best at what you > do....but more often than not....such beliefs are purely a > figment of ones own imagination; They may be figments of *your* imagination. Having pride in one's work and trying to be the absolute best at what you do is a sign of a quality practitioner. Some of us strive for that constantly. What do you propose -- strive to be mediocre? > If a customer wants or NEEDS work done.... even if they want > a half-assed job.. "IF" it pay's; and if you need the money; > then why not do it? > if they want it. Give it to them. It's money in your pocket. Why is this not the definition of a whore? What does YOUR need for money have to do with whether you do an honest job or not? Steve ******************************************************************* Steve Uhrig, SWS Security, Maryland (USA) Mfrs of electronic surveillance equip mailto:Steve@s... website http://www.swssec.com tel +1+410-879-4035, fax +1+410-836-1190 "In God we trust, all others we monitor" *******************************************************************