From: kondrak Date: Thu Jan 23, 2003 7:33pm Subject: WE WIN ONE!~ http://www.washingtonpost.com/wp-dyn/articles/A34837-2003Jan23.html Senate Blocks Funding for Pentagon Database WASHINGTON (Reuters) - Saying they feared government snooping against ordinary Americans, U.S. senators voted on Thursday to block funding for a Pentagon computer project that would scour databases for terrorist threats. By a voice vote, the Senate voted to ban funding for the Total Information Awareness program, under former national security adviser John Poindexter, until the Pentagon explains the program and assesses its impact on civil liberties. The measure, introduced by Sen. Ron Wyden, an Oregon Democrat, also said the computer dragnet being developed could not be deployed without congressional approval, although it allowed exceptions for national security. It was tacked onto a spending package in the Senate, but it is not yet law. It is now expected to go to House and Senate negotiators. If the negotiators keep the provision in the spending package, it will advance to the House and Senate for final passage before going to the president for signing into law. "This makes it clear that Congress wants to make sure there is no snooping on law-abiding Americans," Wyden told Reuters after the vote. He said the electronic data dragnet as proposed was "the most far-reaching government surveillance program in history." The Defense Department says the aim of the Total Information Awareness project, which is still in its infancy, is to seek patterns in transactions data like credit card bills and travel records to stop terrorist plots. Wyden and other Democrats announced last week they would try to block funding for it, citing concerns that it will amount to electronic surveillance of personal data of all Americans by the government and trample privacy rights. Senior Republican senators worked with Wyden on the wording of the Senate measure, including Sen. Charles Grassley of Iowa. He said he was worried the lines were getting blurred between domestic law enforcement and military security efforts. CONCERNS ABOUT POINDEXTER Critics of the project also have expressed concern that the project is being directed by Poindexter, a retired admiral who was convicted of deceiving Congress in the Iran-Contra scandal. His conviction was set aside on the grounds his immunized congressional testimony had been used against him. A Pentagon spokeswoman defended the program after the Senate vote on Thursday, saying officials continued to believe that the research and development planned was important. "TIA will develop innovative information technology tools that will give the Department of Defense's intelligence, counter-intelligence and counter-terrorism communities important capabilities to prevent terrorist attacks against the U.S.," the Pentagon spokeswoman said. The Senate measure requires the Pentagon to report to Congress on the goals of the program within 60 days of the bill's final passage, including recommendations from the Attorney General on minimizing the impact on civil liberties. The measure also would keep the Pentagon from deploying the program or transferring it to another department, such as the FBI or the new Homeland Security department, without congressional authorization. But these limitations would not apply if the deployment or transfer of technology was being made for lawful foreign intelligence activities or U.S. military operations outside the United States. Wyden said there had to be exceptions for national security. "There has got to be congressional approval to deploy these technologies, so this information doesn't get circulated indiscriminately all over government," he said. "But in striking the balance, when talking about matters of national security, those matters can go forward," he said. 6814 From: James M. Atkinson Date: Thu Jan 23, 2003 9:50pm Subject: USAF 4 Star Speaks Out USAF 4 Star Speaks Out For those of you who don't know who General Hawley is, he is a newly-retired 4-star General who commanded the U.S. Air Force Air Combat Command. He recently delivered this speech, now that he's retired and no longer restricted to being politically correct, at the Air Force Association Annual Meeting: "Since the attack, I have seen, heard, and read thoughts of such incredible and surpassing stupidity that they must be addressed. You've heard them too. Here they are: 1) "We're not good, they're not evil, everything is relative." Listen carefully: We're good, they're evil, nothing is relative. Say it with me now and free yourselves. You see, folks, saying "We're good" doesn't mean, "We're perfect." Okay? The only perfect being is the bearded guy on the ceiling of the Sistine Chapel. The plain fact is that our country has, with all our mistakes and blunders, always been and always will be the greatest beacon of freedom, charity, opportunity, and affection in history. If you need proof, open all the borders on Earth and see what happens. In about half a day, the entire world would be a ghost town, and the United States would look like one giant line to see "The Producers. 2) "Violence only leads to more violence." This one is so stupid you usually have to be the president of an Ivy League university to say it. Here's the truth, which you know in your heads and hearts already: Ineffective, unfocused violence leads to more violence. Limp, panicky, half-measures lead to more violence. However, complete, fully thought-through, professional, well-executed violence never leads to more violence because, you see, afterwards, the other guys are all dead. That's right, dead. Not "on trial," not "reeducated," not "nurtured back into the bosom of love." DEAD. D-E --Well, you get the idea. 3) "The CIA and the rest of our intelligence community has failed us." For 25 years we have chained our spies like dogs to a stake in the ground, and now that the house has been robbed, we yell at them for not protecting us. Starting in the late seventies, under Carter appointee Stansfield Turner, the giant brains who get these giant ideas decided that the best way to gather international intelligence was to use spy satellites. "After all," they reasoned, "you can see a license plate from 200 miles away." This is very helpful if you've been attacked by a license plate. Unfortunately, we were attacked by humans. Finding humans is not possible with satellites. You have to use other humans. When we bought all our satellites, we fired all our humans, and here's the really stupid part. It takes years, decades to infiltrate new humans into the worst places of the world. You can't just have a guy who looks like Gary Busey in a Spring Break'93 sweatshirt plop himself down in a coffee shop in Kabul and say "Hiya, boys. Gee, I sure would like to meet that bin Laden fella. "Well, you can, but all you'd be doing is giving the bad guys a story they'l be telling for years. 4) "These people are poor and helpless, and that's why they're angry at us." Uh-huh, and Jeffrey Dahmer's frozen head collection was just a desperate cry for help. The terrorists and their backers are richer than Elton John and, ironically, a good deal less annoying. The poor helpless people, you see, are the villagers they tortured and murdered to stay in power. Mohammed Atta, one of the evil scumbags who steered those planes into the killing grounds (I'm sorry, one of the "alleged hijackers," according to CNN-they stopped using the word "terrorist," you know), is the son of a Cairo surgeon. But you knew this, too. In the sixties and seventies, all the pinheads marching against the war were upper-middle-class college kids who grabbed any cause they could think of to get out of their final papers and spend more time drinking. At least, that was my excuse. It's the same today. Take the Anti-Global-Warming (or is it World Trade? Oh-who-knows-what-the-hell -they-want demonstrators) They all charged their black outfits and plane tickets on dad's credit card before driving to the airport in their SUV's. 5) "Any profiling is racial profiling." Who's killing us here, the Norwegians? Just days after the attack, the New York Times had an article saying dozens of extended members of the gazillionaire bin Laden family living in America were afraid of reprisals and left in a huff, never to return to studying at Harvard and using too much Drakkar. I'm crushed. I think we're all crushed. Please come back. With a cherry on top? Why don't they just change their names, anyway? It's happened in the past. Think about it. How many Adolfs do you run into these days? Shortly after that, I remember watching TV with my jaw on the floor as a government official actually said, "That little old grandmother from Sioux City could be carrying something." Okay, how about this: No, she couldn't. It would never be the grandmother from Sioux City. Is it even possible? What are the odds? Winning a hundred Powerball lotteries in a row? A thousand? A million? And now a Secret Service guy has been tossed off a plane and we're all supposed to cry about it because he's an Arab? Didn't it have the tiniest bit to do with the fact that he filled out his forms incorrectly- - three times? And then left an Arab history book on his seat as he strolled off the plane? And came back? Armed? Let's please all stop singing "We Are the World" for a minute and think practically. I don't want to be sitting on the floor in the back of a plane four seconds away from hitting Mt. Rushmore and turn, grinning, to the guy next to me to say, "Well, at least we didn't offend them." SO HERE'S what I resolve for the New Year: Never to forget our murdered brothers and sisters. Never to let the relativists and bleeding-heart liberals get away with their immoral thinking. After all, no matter what your daughter's political science professor says, we didn't start this. Have you seen that bumper sticker that says, "No More Hiroshimas"? I wish I had one that says, "You First. No More Pearl Harbors." Dick Hawley -- -------------------------------------------------------------------------------------------------- The First, The Largest, The Most Popular, and The Most Complete TSCM, Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet. -------------------------------------------------------------------------------------------------- James M. Atkinson Ph: (978) 546-3803 Granite Island GroupFax: (978) 546-9467 127 Eastern Avenue #291http://www.tscm.com/ Gloucester, MA 01931-8008mailto:jmatk@t... -------------------------------------------------------------------------------------------------- Vocatus atque non vocatus deus aderit -------------------------------------------------------------------------------------------------- 6815 From: Matt Paulsen Date: Thu Jan 23, 2003 9:52pm Subject: spectrum analyzer A while ago I posted that I was looking for a spectrum analyzer up to around 6ghz. Anyone use these? HP/Agilent E4404B I need something portable that will take a beating, be in rain, wind, snow, jounced around cars, etc...What is the general cost for the above? 6816 From: Matt Paulsen Date: Thu Jan 23, 2003 10:57pm Subject: RE: USAF 4 Star Speaks Out There is a piece zooming around the internet that attributes some pretty forceful statements to me, Dick Hawley - one time fighter pilot, General, thoughtful consultant, neophyte strategist, master of the artful compromise. The words did not flow from my pen, but if the e-mails mean anything, those words are now indelibly linked to my name. So do me a favor - if you receive this, please send it on to the same people to whom you forwarded the one that I did not write. It's not that I don't share many, if not most, of the sentiments attributed to me, but the piece is just not my style. Here's what I would have said if I'd been asked to comment on those five important issues. 1) Goodness, Evil and Relativity: There are some really good people in this world. They volunteer to help those who need it, and ask nothing in return. There are also some really bad people in this world. They exploit those who need help, or who have less wit or "charisma", and motivate them to join in committing unspeakable acts of cruelty against people they don't even know. Then there are the rest of us. Average people who try each day to do no harm, to provide for their families, to do an occasional act of kindness. The evil that was perpetrated against our land on 9/11 was the product of Mullahs who see our prosperity and power as a threat to their control over the uneducated Muslim masses on whose shoulders they ride through life. And so they preach hate. They are evil. 2) Violence begets violence: It's true. Violence does beget violence. But sometimes there is no alternative but to confront those who would perpetrate evil acts against us. This is one of those times. We are blessed to have courageous men and women willing to put their lives on the line to track down and annihilate those who have been so imbued with evil as to be beyond redemption. But violence is not a strategy. It is a necessary and fully justified reaction to an unimaginable threat. But it is not a strategy. If we are to win this war, we must defeat the Mullahs. And to defeat the Mullahs, we must find ways to separate them from their uneducated flocks. We cannot kill all those who have been taught to hate us, nor should we wish to. Far better to change their minds than to change their state of being. 3) The intelligence community let us down: Well, maybe just a little. Lots of senior and not so senior intelligence people became just as enamored of high tech gadgets as their political masters. The protests over our evisceration of the human intelligence component of the agency were not very loud or forceful. Keeping spies on the ground is a high risk and often dirty business, and it wasn't just liberal politicians who didn't have much stomach for it. 4) Poverty is the breeding ground for terrorists: No, it isn't; but religious extremism is. The Mullahs fear our wealth and power because it shows that a secular society with democratic institutions and a free market economy can do a better job of taking care of its peoples' needs, both spiritual and physical, than the oppressive Islamic regimes that they aspire to lead. The Mullahs are the problem, not poverty, but poverty does make it easier for the Mullahs to spread their evil - as do governments that tolerate and even reinforce their hateful message. 5) Profiling: We are at war here! We are not talking about traffic stops. If we were at war with Iceland, I would expect those charged with our defense to pay very close attention to any Icelander who ventured near our shores. In this war I expect them to pay very close attention to Muslims with ties to the places that spew hatred against us. Random checks when there are no such obvious targets available are a good way to keep the evil ones guessing, but let's not make small children and grandmothers take their shoes off while we watch far more likely candidates walk aboard unchecked. 6) Resolutions: a. Never forget that what happened on September the 11th of 2001 was an act of war. b. Never sit silently by while someone tries to justify what happened on that day as an understandable reaction to U.S. policies in the Middle East or elsewhere. c. Fly our nation's flag proudly - it represents this world's greatest hope to move beyond the pain and suffering that inflict so many across the globe. Richard E. Hawley General, USAF, Retired Former Commander, Air Combat Command 6817 From: Matt Paulsen Date: Thu Jan 23, 2003 10:55pm Subject: RE: USAF 4 Star Speaks Out Claim: Former USAF General Dick Hawley delivered a caustic speech about "thoughts of such surpassing stupidity that they must be addressed." Status: False. Origins: Yes, Gen. Richard E. Hawley is a real person, a United States Air Force general who served as commander of the USAF's Air Combat Command until his retirement in 1999, but no, he didn't write or deliver the speech quoted above. This "speech" is actually a column by humorist Larry Miller which appeared in The Daily Standard on 14 January 2002; the version circulating on the Internet omits the opening and closing paragraphs.. continued... http://www.snopes2.com/rumors/hawley.htm -----Original Message----- From: James M. Atkinson [mailto:jmatk@t...] Sent: Thursday, January 23, 2003 7:51 PM To: TSCM-L Mailing List Subject: [TSCM-L] USAF 4 Star Speaks Out USAF 4 Star Speaks Out For those of you who don't know who General Hawley is, he is a newly-retired 4-star General who commanded the U.S. Air Force Air Combat Command. He recently delivered this speech, now that he's retired and no longer restricted to being politically correct, at the Air Force Association Annual Meeting: "Since the attack, I have seen, heard, and read thoughts of such incredible and surpassing stupidity that they must be addressed. You've heard them too. Here they are: 1) "We're not good, they're not evil, everything is relative." Listen carefully: We're good, they're evil, nothing is relative. Say it with me now and free yourselves. You see, folks, saying "We're good" doesn't mean, "We're perfect." Okay? The only perfect being is the bearded guy on the ceiling of the Sistine Chapel. The plain fact is that our country has, with all our mistakes and blunders, always been and always will be the greatest beacon of freedom, charity, opportunity, and affection in history. If you need proof, open all the borders on Earth and see what happens. In about half a day, the entire world would be a ghost town, and the United States would look like one giant line to see "The Producers. 2) "Violence only leads to more violence." This one is so stupid you usually have to be the president of an Ivy League university to say it. Here's the truth, which you know in your heads and hearts already: Ineffective, unfocused violence leads to more violence. Limp, panicky, half-measures lead to more violence. However, complete, fully thought-through, professional, well-executed violence never leads to more violence because, you see, afterwards, the other guys are all dead. That's right, dead. Not "on trial," not "reeducated," not "nurtured back into the bosom of love." DEAD. D-E --Well, you get the idea. 3) "The CIA and the rest of our intelligence community has failed us." For 25 years we have chained our spies like dogs to a stake in the ground, and now that the house has been robbed, we yell at them for not protecting us. Starting in the late seventies, under Carter appointee Stansfield Turner, the giant brains who get these giant ideas decided that the best way to gather international intelligence was to use spy satellites. "After all," they reasoned, "you can see a license plate from 200 miles away." This is very helpful if you've been attacked by a license plate. Unfortunately, we were attacked by humans. Finding humans is not possible with satellites. You have to use other humans. When we bought all our satellites, we fired all our humans, and here's the really stupid part. It takes years, decades to infiltrate new humans into the worst places of the world. You can't just have a guy who looks like Gary Busey in a Spring Break'93 sweatshirt plop himself down in a coffee shop in Kabul and say "Hiya, boys. Gee, I sure would like to meet that bin Laden fella. "Well, you can, but all you'd be doing is giving the bad guys a story they'l be telling for years. 4) "These people are poor and helpless, and that's why they're angry at us." Uh-huh, and Jeffrey Dahmer's frozen head collection was just a desperate cry for help. The terrorists and their backers are richer than Elton John and, ironically, a good deal less annoying. The poor helpless people, you see, are the villagers they tortured and murdered to stay in power. Mohammed Atta, one of the evil scumbags who steered those planes into the killing grounds (I'm sorry, one of the "alleged hijackers," according to CNN-they stopped using the word "terrorist," you know), is the son of a Cairo surgeon. But you knew this, too. In the sixties and seventies, all the pinheads marching against the war were upper-middle-class college kids who grabbed any cause they could think of to get out of their final papers and spend more time drinking. At least, that was my excuse. It's the same today. Take the Anti-Global-Warming (or is it World Trade? Oh-who-knows-what-the-hell -they-want demonstrators) They all charged their black outfits and plane tickets on dad's credit card before driving to the airport in their SUV's. 5) "Any profiling is racial profiling." Who's killing us here, the Norwegians? Just days after the attack, the New York Times had an article saying dozens of extended members of the gazillionaire bin Laden family living in America were afraid of reprisals and left in a huff, never to return to studying at Harvard and using too much Drakkar. I'm crushed. I think we're all crushed. Please come back. With a cherry on top? Why don't they just change their names, anyway? It's happened in the past. Think about it. How many Adolfs do you run into these days? Shortly after that, I remember watching TV with my jaw on the floor as a government official actually said, "That little old grandmother from Sioux City could be carrying something." Okay, how about this: No, she couldn't. It would never be the grandmother from Sioux City. Is it even possible? What are the odds? Winning a hundred Powerball lotteries in a row? A thousand? A million? And now a Secret Service guy has been tossed off a plane and we're all supposed to cry about it because he's an Arab? Didn't it have the tiniest bit to do with the fact that he filled out his forms incorrectly- - three times? And then left an Arab history book on his seat as he strolled off the plane? And came back? Armed? Let's please all stop singing "We Are the World" for a minute and think practically. I don't want to be sitting on the floor in the back of a plane four seconds away from hitting Mt. Rushmore and turn, grinning, to the guy next to me to say, "Well, at least we didn't offend them." SO HERE'S what I resolve for the New Year: Never to forget our murdered brothers and sisters. Never to let the relativists and bleeding-heart liberals get away with their immoral thinking. After all, no matter what your daughter's political science professor says, we didn't start this. Have you seen that bumper sticker that says, "No More Hiroshimas"? I wish I had one that says, "You First. No More Pearl Harbors." Dick Hawley -- ---------------------------------------------------------------------------- ---------------------- The First, The Largest, The Most Popular, and The Most Complete TSCM, Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet. ---------------------------------------------------------------------------- ---------------------- James M. Atkinson Ph: (978) 546-3803 Granite Island GroupFax: (978) 546-9467 127 Eastern Avenue #291http://www.tscm.com/ Gloucester, MA 01931-8008mailto:jmatk@t... ---------------------------------------------------------------------------- ---------------------- Vocatus atque non vocatus deus aderit ---------------------------------------------------------------------------- ---------------------- ======================================================== TSCM-L Technical Security Mailing List "In a multitude of counselors there is strength" To subscribe to the TSCM-L mailing list visit: http://www.yahoogroups.com/community/TSCM-L It is by caffeine alone I set my mind in motion. It is by the juice of Star Bucks that thoughts acquire speed, the hands acquire shaking, the shaking is a warning. It is by caffeine alone I set my mind in motion. =================================================== TSKS Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 6818 From: Robert Motzer <1RCM@M...> Date: Fri Jan 24, 2003 8:49am Subject: Sometimes Honesty Really Doesn't Pay! Hi List, I thought I'd share a local saga of a dumb cop, a polygraph and "wiretapping laws": http://www.pottsmerc.com/site/news.cfm newsid=6802795&BRD=1674&PAG=461&dept_id=18041&rfi=6 And a quick 'my two cents' aside here as well: For years this list has had a debate going on regarding a TSCM'ers obligation to notify Law Enforcement of a "find". I won't extend this any farther than Pennsylvania, but I can say conclusively that locally many of our County District Attorneys now have some real authority (and thus new-found interest) over the legal employment of "wiretapping" as well as the interpretation and prosecution of any mis-applications. As such they have begun to guard what they see as 'their turf' jealously and with fervor. So if they go after 'one of their own' with such vigor do you think they'd lose any sleep in going after someone, who for the most part they consider nothing more than a 'James Bond wanna-be' anyway, for their failure to report a witnessed felony? Think about it as it just may apply to your locale as well. Just Another Bob _________________________________________________________________ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 6819 From: James M. Atkinson Date: Fri Jan 24, 2003 9:49am Subject: Re: Sometimes Honesty Really Doesn't Pay! The correct link is: http://www.pottsmerc.com/site/news.cfm?newsid=6802795&BRD=1674&PAG=461&dept_id=18041&rfi=6 Sex tape trips up Norco officer Jason McKee, jmckee@p...January 24, 2003 PHOENIXVILLE -- The truth shall set you free, but sometimes it gets you arrested. North Coventry Police Officer Bruce Hetrick was smart enough to be honest when filling out a job application for the state police last September. After all, aspiring troopers are thoroughly screened. If they lie on the written application, it's bound to come out in the polygraph exam. So when Hetrick, who has since left the police force, was asked if had ever recorded someone without the person's consent, he said yes, according to court records. "Sex with my ex-girlfriend," Hetrick wrote on the application. "But I did tell her afterwards, and showed her (the tape)." Police said the ex-girlfriend wasn't the only woman Hetrick secretly videotaped in his Phoenixville apartment, but only one woman was named in the criminal complaint. The exact date of the taping is not known, but occurred between 1998 and March 2001, court records state. Recording someone with video or audio equipment without their knowledge is a felony. Felons are not permitted to work in law enforcement. Why Hetrick, who was working as a patrolman in the North Coventry Police Department at the time of his interview with state police, allegedly admitted to committing a felony, is not clear. Hetrick, who lives in Exton, has an unlisted telephone number and could not be reached for comment. Police said Hetrick was given a polygraph Oct. 17, several weeks after the initial interview, and repeated the incriminating answers he had written on the job application. But after the interview, Hetrick must have realized the troopers were not impressed with his honesty. According to court records, Hetrick contacted his ex-girlfriend after taking the lie detector test and told her to tell the cops she knew she was in one of his films. "No victim, no crime," he allegedly told the woman. That is true, but the victim did not cooperate. She said Hetrick showed her the videotape last January. According to police, the woman was not happy about it. "He admitted that he knew she was upset about the filming," court records state. North Coventry Police Chief Robert Schurr said he contacted the Chester County District Attorney's office when he found out about Hetrick's criminal honesty. "He was put on administrative leave immediately," Schurr said. "And he resigned in December." The charges were filed Jan. 2. In addition to the wiretap violation, Hetrick is also facing felony insurance fraud and misdemeanor invasion of privacy charges. The insurance fraud charge comes from another admission of guilt Hetrick generously provided on his job application. Hetrick said four years ago he filed a fraudulent insurance claim to cover a broken windshield on his car, court records state. Hetrick received $257 from a trucking company to cover the cost of a windshield they did not break, according to police. Schurr said the incident has marred the reputation of his department. "We had a bad apple," he said. "It's a black eye for the police department and law enforcement in general." ŠThe Mercury 2003 At 9:49 AM -0500 1/24/03, Robert Motzer wrote: >Hi List, > >I thought I'd share a local saga of a dumb cop, a polygraph and "wiretapping >laws": > >http://www.pottsmerc.com/site/news.cfm >newsid=6802795&BRD=1674&PAG=461&dept_id=18041&rfi=6 > >And a quick 'my two cents' aside here as well: For years this list has had a >debate going on regarding a TSCM'ers obligation to notify Law Enforcement of >a "find". I won't extend this any farther than Pennsylvania, but I can say >conclusively that locally many of our County District Attorneys now have >some real authority (and thus new-found interest) over the legal employment >of "wiretapping" as well as the interpretation and prosecution of any >mis-applications. As such they have begun to guard what they see as 'their >turf' jealously and with fervor. So if they go after 'one of their own' with >such vigor do you think they'd lose any sleep in going after someone, who >for the most part they consider nothing more than a 'James Bond wanna-be' >anyway, for their failure to report a witnessed felony? Think about it as it >just may apply to your locale as well. > >Just Another Bob > > > > > >_________________________________________________________________ >Protect your PC - get McAfee.com VirusScan Online >http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 > > >======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: >http://www.yahoogroups.com/community/TSCM-L > > It is by caffeine alone I set my mind in motion. > It is by the juice of Star Bucks that thoughts acquire speed, > the hands acquire shaking, the shaking is a warning. > It is by caffeine alone I set my mind in motion. >=================================================== TSKS > >Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ -- -------------------------------------------------------------------------------------------------- The First, The Largest, The Most Popular, and The Most Complete TSCM, Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet. -------------------------------------------------------------------------------------------------- James M. Atkinson Ph: (978) 546-3803 Granite Island GroupFax: (978) 546-9467 127 Eastern Avenue #291http://www.tscm.com/ Gloucester, MA 01931-8008mailto:jmatk@t... -------------------------------------------------------------------------------------------------- Vocatus atque non vocatus deus aderit -------------------------------------------------------------------------------------------------- 6820 From: ed Date: Fri Jan 24, 2003 10:49am Subject: Suspected car bomb turns out to be tracking device http://www.theitem.com/CityDesk/030118a_news.cfm Date Posted: January 18, 2003 False Alarm Suspected car bomb turns out to be tracking device By BRADEN BUNCH Item Staff Writer A device that appeared to be a bomb on a vehicle parked outside Simpson's Hardware and Sports on Wesmark Boulevard kept local and state authorities busy for nearly four hours Friday before the object was found to be a tracking system placed on the car by the driver's wife. Sumter Police Chief Patty Patterson said police were called at 3:23 p.m. when a sales representative for Simpson's Sales Co., who was delivering an order of Browning firearms, spotted a suspicious package on the undercarriage of his Chevrolet Suburban as he came out of the store. After a preliminary inspection indicated to authorities that the device could be an explosive, surrounding businesses were ordered closed and authorities evacuated the area within a mile of the vehicle. Described as a "very professional-looking device," the object was thought to be several sticks of dynamite with a remote detonation transmitter attached. The entire device, authorities said, was attached to the vehicle with duct tape. Hours later, Patterson said, authorities learned from a call by the Florence man's wife that she had placed the tracking device on the car so she could keep tabs on her husband. Soon after the initial 911 call, local police were joined by several dozen safety workers from Shaw Air Force Base, the State Law Enforcement Division, Sumter Fire Department, Sumter County Emergency Medical Services and the Sumter County Department of Public Safety. Wesmark Boulevard was shut down from Broad Street to Alice Drive and traffic was temporarily rerouted along Broad Street into the Sumter Mall parking lot. After determining there was no danger to vehicles on Broad Street, authorities reopened the road. Patterson, who was attending an event at Shaw, arrived shortly afterward and a command center was set up across the street from Simpson's in the Alltel parking lot. At 5:53 p.m., with both the Shaw Air Force Base Explosive Ordnance Disposal Unit and the SLED bomb squad in place, authorities detonated the apparent transmitter of the device using a RONS (Remote Ordnance Neutralization System), a remote-controlled robot equipped with cameras and detonation devices. Fearing a large explosion, all public safety workers at the scene were ordered to take cover before the detonation. Authorities had been working on this for about an hour when the call came in that the package was a tracking device. Despite the nearly four hours spent on the call, Patterson said both the man reporting the bomb and all the officers responding to the scene acted appropriately. We can't stress enough that it appeared to look like a bomb, both to local officers and to the bomb squads," Patterson said. The police chief also stressed the evacuation and road closures were appropriate measures. "Especially in these times, it's important to act with diligence, she said. Sumter Writer Braden Bunch can be called at 803-774-1222 or e-mailed at bradenb@t... 6821 From: Ocean Group Date: Fri Jan 24, 2003 11:45am Subject: USAF 4 Star Speaks Out While this is certainly an interesting read... I would like to say this, at least on a personal level...if this stuff is posted then I'd like the right to react. "b. Never sit silently by while someone tries to justify what happened on that day as an understandable reaction to U.S. policies in the Middle East or elsewhere." There is no justification is taking life. It is wrong. Let me get this straight, the general is saying that anyone who tries to tell the USA why they were attacked shouldn't be allowed to voice their opinions. They should be silenced. Right? Or is he saying that the attack is not "understandable"... I understand the attack. I understand why they did it. So do millions. Why can't the USA(or in this case a USAF general) understand. I know they are capable of understanding. There are bright, intelligent, caring Americans so why is it they are not able to understand? Is it because they are not being presented with the facts to allow them to understand? Is it because the government is afraid of the way it might make their country look? Would it show the government in a bad light...? Why is it that they say..."The first casualty of war is truth..." "c. Fly our nation's flag proudly - it represents this world's greatest hope to move beyond the pain and suffering that inflict so many across the globe." The USA flag does not represent the worlds greatest hope at moving beyond pain and suffering. At the moment it represents the infliction of pain and suffering . It also represents war. In many people it brings up a deep hatred. How did this hatred get instilled in so many people...? And before anyone says this again, I am not anti-American. I have American family. Why is it when I turn on the TV at night, and I mean almost every night I see a picture of someone burning a US flag. I have to laugh, the guy that makes these things must be raking it in! Your flag represents a greedy self interested country to many people. A country who's fight abroad is disease ridden with insinuations of money and oil and weapons. I think I almost burst into tears of laughter when they reported on TV that the USA would kindly and selflessly hold the Iraqi oil "in trust" for the Iraqi people when they get rid of Saddam. That is going to make alot of people question the US's intentions. I cannot name one other country in the world who's flag gets burned so much! And I know what people will say, but that's because we are the worlds greatest superpower, we can't please everybody. But in the words of Denis Leary, that's "...because we got the bomb, two words, nuclear f**kin weapons...". With great power comes great responsibility, so why is it then that power corrupts and absolute power corrupts absolutely? This is an old argument, and quite frankly a tiring one. I do know that if I wanted to represent a hope for the end of pain and suffering I wouldn't need to look at a country's flag, and especially not the US one. No long established country has no blood on their hands. But at the moment the US is at the forefront. I'm sure you guys have heard of that guy from Michigan called Michael Moore. I went to see his movie called Bowling for Columbine. It was very interesting and very eye opening. A colleague in Australia recently pointed me towards his website, www.michaelmoore.com . When people see this kind of stuff it makes them think that your government is controlled my money and corporations...can you understand that? Then they see this war and they think you are wrong, not only are you wrong but then you start killing people, then people have as much respect for American life as did those hijackers. Is that what the US wants? It thought me one thing, the problem does lie with the USA. Not only that but the country is spawning violence. It's sickening. I just hope that things get better before it gets worse. In the movie it lays alot of questions on arms makers and the media's role in brain washing people. Not surprising really, in the UK the media are already meeting with the government to decide what they can and cannot publish regarding the upcoming war. Anyway the list goes on, I know we can argue about this all day, I know I'll get someone emailing me telling me how much of a disgrace I am and giving out for me questioning this stuff. But this isn't what we are here for, we're here to share and learn something about TSCM as people, hopefully something most of us enjoy doing, and I want to discuss and learn things from you, if you want to post this kind of stuff do it somewhere else, please. All the best Vance PS. Ship high in transit...is that really the origin?? :) 6822 From: Shawn Hughes Date: Fri Jan 24, 2003 6:44pm Subject: vegas casinos >Vegas' High-Stakes Surveillance Lab; >In using sophisticated systems and software to pinpoint cheats, casinos are >providing valuable lessons for law enforcement > >Copyright 2003 The McGraw-Hill Companies, Inc. All Rights Reserved >Business Week Online...01/23/2003 > >Jane Black > >For high rollers, the Bellagio Hotel & Casino in Las Vegas is paradise on >earth. Amid the gilt ceilings and sumptuous, florid surroundings, patrons >focus on one thing: Gambling. The casino even pumps in extra oxygen to keep >the customers awake and alert. > >All the while, the Bellagio is watching -- especially if you start winning >big -- with 1,900 security cameras. Every gambling table has one above it, >while hundreds more tilt, pan, and zoom in on any suspicious activity from >strategic locations throughout the facility. Upstairs, in a location the >Bellagio won't disclose, half a dozen surveillance experts watch and record >patrons' moves. If they see someone suspicious, they capture the face and >plug it into a facial-recognition program, which will quickly check to see >if it matches any known cheats. > >DEMANDING RESULTS. Privacy advocates don't protest the spy technology, which >is used in most casinos. After all, when you enter one, you give up your >right to privacy. And because these are profit-driven establishments, >executives aren't lured by fancy systems that don't deliver results. The >upshot: The Vegas Strip has become a testing ground for what does and >doesn't work in the field of surveillance. The idea is to catch crooks -- >and keep honest people honest. > >In some ways, surveillance in Vegas is much like the world of computer >network security. As quickly as casinos upgrade their system protections, >crooks find a new hole in them. Witness a recent "cooler deck" scam that >robbed one of Las Vegas' most famous casinos of $ 250,000. It worked like >this: A gang of fraudsters, which included a crooked dealer and a security >guard, managed to get hold of six official decks of cards. They put the >cards in these decks in a specific order and sneaked them into the casino. >Then they did some surveillance of their own, waiting for the camera above >their table to be momentarily turned off while a new tape was inserted into >the VCR. > >At that point, the crooks switched the real deck for their ordered one. >Because they knew which cards would be dealt when, they won every hand. And >since no camera was taping, the casino couldn't prove that they had cheated. >(That's why this casino doesn't want to be named.) > >DIGITAL ADVANTAGES. In Vegas, crooks' innovation invariably leads to >improvements by the casinos. Incidents such as the one described here >explain why the outfits are now moving from analog-tape surveillance to >digital, which requires no tape changing that would allow crooks to act >unrecorded. Besides, digital images don't get lost or degrade over time. The >information will be stored on massive hard drives or optical storage systems. > >Digital setups also allow for easier access to crucial information. If, for >example, a casino using tape is robbed, surveillance experts have to watch >hours of recordings -- sometimes days of it -- in search of evidence. With >digital recordings, staff can simply request that the computer system show >every time that a cash drawer was opened. Then security can zoom in on each >instance, with time and date, immediately. > >In the past, "by the time you reviewed seven days of tapes and figure out >what happened, the crooks were already on their way to Bermuda," says Scott >Bartlett, CEO of Southwest Surveillance Systems, a Las Vegas technology >provider. "Digital helps you ID the problem in minutes and catch the bad >guys before they get away." > >PLAYING CATCH-UP. Here's another scam executed in South Africa last year >that has led to innovation in surveillance. The crooks knew the cameras were >never turned off -- unless a patron had a dispute with the house. So five >scamsters sat down at a blackjack table, and one of them kept staging >arguments with the dealer about the amount he had bet. Finally, the angry >gambler demanded to see the tape. The security team obliged and stopped >taping what was going on at the table. Meanwhile, the crooks lifted tens of >thousands of dollars while the blackjack dealer and security officials were >distracted. > >Many casinos have now installed backup systems that ensure every moment is >captured on camera. "We're always one step behind them," admits Patricia >Fischer, Bellagio's surveillance director. "But we always catch up." As the >technology in Vegas proves its worth, similar precautions may soon appear in >airports and other high-risk areas. > >Vegas' latest spy toy is facial-recognition software. In the old days, >security guys memorized books of mug shots, then peered down on gamblers >through binoculars from the catwalks. Now they use this software to match >known criminals' facial characteristics with those of gamblers in the casino. > >"NOT THERE YET." The use of such technology in public areas (as opposed to >inside a casino) has drawn the ire of privacy rights groups, who say it >doesn't work as advertised and is a needless intrusion on privacy. Indeed, >initial testing in Vegas has had mixed results. On the one hand, >facial-recognition software can save surveillance experts time by comparing >a suspicious face to tens of thousands of known cheats. But it can't yet >pick out crooks in a crowd on its own. "At some point, the software will be >good enough to just run in the background and alert you when it finds a >match. But it's not there yet," says Fischer. > >Experts in Vegas say the key lesson that terrorist-hunting feds can learn >from the casinos is to rely on smart, properly trained people, not the >latest gizmos. Determined crooks, after all, will always find a way to >circumvent technology. > >"The technology is only as good as the people behind it," says George Lewis, >director of surveillance training at the University of Nevada Las Vegas >International Gaming Institute and the author of The Eye that Never Blinks. >"You have to think like a crook to catch a crook." The intelligence >community would be wise to remember that. > Shawn Hughes ---------------------------------------------------------------------------- ----------------------------------------------- Mistakes have been made. Others will be blamed......... 6823 From: Steve Uhrig Date: Sun Jan 26, 2003 2:38pm Subject: Decent lead acid battery info This site: http://www.uuhome.de/william.darden/ has very decent info on lead acid batteries such as are used in automobiles. The info is not directly pertinent to TSCM, but good to know the characteristics. Much TSCM gear, like the OSCOR, is powered by lead acid batteries, called SLA, for Sealed Lead Acid. The same info pertains to lead acid in test equipment. Many Riser Bond TDRs also have lead acid. The main thing is to keep them charged. The site is worth some time. Read it and you'll know more about lead acid batteries than practically anyone you'll meet. Steve ******************************************************************* Steve Uhrig, SWS Security, Maryland (USA) Mfrs of electronic surveillance equip mailto:Steve@s... website http://www.swssec.com tel +1+410-879-4035, fax +1+410-836-1190 "In God we trust, all others we monitor" ******************************************************************* 6824 From: Steve Weinert at Excel.Net Date: Sat Jan 25, 2003 11:43am Subject: Re: Please take your own advice ( WAS: USAF 4 Star Speaks Out) Please take your own advice. You were spot on in your observation that isn't the forum for your diatribute. Thanks, Steve W > Anyway the list goes on, I know we can argue about this all day, I know I'll > get someone emailing me telling me how much of a disgrace I am and giving > out for me questioning this stuff. But this isn't what we are here for, > we're here to share and learn something about TSCM as people, hopefully > something most of us enjoy doing, and I want to discuss and learn things > from you, if you want to post this kind of stuff do it somewhere else, > please. > > All the best > Vance 6825 From: Date: Sat Jan 25, 2003 10:15pm Subject: INTEL threat (high potential) about to blossom Imagine if you will.... You wake up and drive into the C3I complex. A package is awaiting you. You have been expecting it and are looking forward to the bug fixes for the servers you take care of. The shrink wrap is intact on the package. You get through your checkpoint, authorize your presence, the package is cleared and go into the NOC. You install the software on a few test servers, (never on production equip first) and analyze them for 48 hrs or more. Things seemed good so it's planned and deployed to the production network. Congratulations! You just installed Sleeperware v.2.1!!!! And got a FIS past the checkpoints! Yes the holograms are real, the signatures are valid. The source code was compromised. Other scenario. You notice (maybe you don't notice it) activity on your systems. The anti virus and CERT teams show nothing unusual. What's up? Congratulations! You've just become the target of a Foreign Intelligence Service (or private). They know the complete core guts of the OS you run. And are attacking a previously unknown weakness in the OS. Okay, reality check here. Why the drama above? To get your mid thinking in certain directions. Yes the scenarios are not perfect, they are flawed, but the principle is solid. Why do I write this and take up these bytes of data saying all this? Be very afraid: http://www.cnn.com/2003/TECH/biztech/01/21/russia.microsoft.reut/index.html The risk is obvious to those who are aware that it's not Dr. No on the other side out there. Not to mention the containment of the info will undoubtedly leak. There's more to say but it's mostly obvious to those on this list. Or it should be :-) $0.02 -James Let me know if you have comments. 6826 From: Matt Paulsen Date: Sun Jan 26, 2003 8:04pm Subject: RE: INTEL threat (high potential) about to blossom ..."Microsoft has said it will make its source code mainly available to them over the Internet and for free, provided they do not disclose it. "... hahahahahaha -----Original Message----- From: jamesworld@i... [mailto:jamesworld@i...] Sent: Saturday, January 25, 2003 8:16 PM To: TSCM-L@yahoogroups.com Subject: [TSCM-L] INTEL threat (high potential) about to blossom Imagine if you will.... You wake up and drive into the C3I complex. A package is awaiting you. You have been expecting it and are looking forward to the bug fixes for the servers you take care of. The shrink wrap is intact on the package. You get through your checkpoint, authorize your presence, the package is cleared and go into the NOC. You install the software on a few test servers, (never on production equip first) and analyze them for 48 hrs or more. Things seemed good so it's planned and deployed to the production network. Congratulations! You just installed Sleeperware v.2.1!!!! And got a FIS past the checkpoints! Yes the holograms are real, the signatures are valid. The source code was compromised. Other scenario. You notice (maybe you don't notice it) activity on your systems. The anti virus and CERT teams show nothing unusual. What's up? Congratulations! You've just become the target of a Foreign Intelligence Service (or private). They know the complete core guts of the OS you run. And are attacking a previously unknown weakness in the OS. Okay, reality check here. Why the drama above? To get your mid thinking in certain directions. Yes the scenarios are not perfect, they are flawed, but the principle is solid. Why do I write this and take up these bytes of data saying all this? Be very afraid: http://www.cnn.com/2003/TECH/biztech/01/21/russia.microsoft.reut/index.html The risk is obvious to those who are aware that it's not Dr. No on the other side out there. Not to mention the containment of the info will undoubtedly leak. There's more to say but it's mostly obvious to those on this list. Or it should be :-) $0.02 -James Let me know if you have comments. ======================================================== TSCM-L Technical Security Mailing List "In a multitude of counselors there is strength" To subscribe to the TSCM-L mailing list visit: http://www.yahoogroups.com/community/TSCM-L It is by caffeine alone I set my mind in motion. It is by the juice of Star Bucks that thoughts acquire speed, the hands acquire shaking, the shaking is a warning. It is by caffeine alone I set my mind in motion. =================================================== TSKS Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 6827 From: Trey A Mujakporue Date: Mon Jan 27, 2003 4:58am Subject: RE: INTEL threat (high potential) about to blossom There is nothing new about what you are saying.. Its just that given the distribution of microsoft products, we will now be more exposed to greater privacy invasion than ever before. Take for instace the following.. http://cryptome.unicast.org/cryptome022401/msnsa-law.htm paragraph 39 to do with Swiss company CryptoAG and the NSA... Sounds crazy but is true..and shooting from the hip, I'll say that that was just the tip of the Ice-berg... For those who use microsoft windows 2000, did you know that in order to install the latest service pack,.. You must agree to Bill gates having admin rights on your computer... Hmmm.. Really now I hear you ask.. Check it out!! http://212.100.234.54/content/4/25956.html or if you don't have time.. Check out a windows 2000 service pack 3 EULA near you! Ps... In the cryptome article Svenska Dagbalet is the equivalent of the NY times... I wouldn't say the email im responding to is a whole heap of FUD but it was near enough! :) -----Original Message----- From: jamesworld@i... [mailto:jamesworld@i...] Sent: 26 January 2003 04:16 To: TSCM-L@yahoogroups.com Subject: [TSCM-L] INTEL threat (high potential) about to blossom Imagine if you will.... You wake up and drive into the C3I complex. A package is awaiting you. You have been expecting it and are looking forward to the bug fixes for the servers you take care of. The shrink wrap is intact on the package. You get through your checkpoint, authorize your presence, the package is cleared and go into the NOC. You install the software on a few test servers, (never on production equip first) and analyze them for 48 hrs or more. Things seemed good so it's planned and deployed to the production network. Congratulations! You just installed Sleeperware v.2.1!!!! And got a FIS past the checkpoints! Yes the holograms are real, the signatures are valid. The source code was compromised. Other scenario. You notice (maybe you don't notice it) activity on your systems. The anti virus and CERT teams show nothing unusual. What's up? Congratulations! You've just become the target of a Foreign Intelligence Service (or private). They know the complete core guts of the OS you run. And are attacking a previously unknown weakness in the OS. Okay, reality check here. Why the drama above? To get your mid thinking in certain directions. Yes the scenarios are not perfect, they are flawed, but the principle is solid. Why do I write this and take up these bytes of data saying all this? Be very afraid: http://www.cnn.com/2003/TECH/biztech/01/21/russia.microsoft.reut/index.h tml The risk is obvious to those who are aware that it's not Dr. No on the other side out there. Not to mention the containment of the info will undoubtedly leak. There's more to say but it's mostly obvious to those on this list. Or it should be :-) $0.02 -James Let me know if you have comments. ======================================================== TSCM-L Technical Security Mailing List "In a multitude of counselors there is strength" To subscribe to the TSCM-L mailing list visit: http://www.yahoogroups.com/community/TSCM-L It is by caffeine alone I set my mind in motion. It is by the juice of Star Bucks that thoughts acquire speed, the hands acquire shaking, the shaking is a warning. It is by caffeine alone I set my mind in motion. =================================================== TSKS Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 6828 From: David Vine Date: Mon Jan 27, 2003 9:06pm Subject: SC (USA) Salesperson W/Law Enf. Background Needed I operate a seminar and publishing business in Aiken, SC selling to law enforcement and corporate security markets. We are looking for a sales person with a background in that or related areas (former intel or military, etc.) to work from our office or possibly your home. Compensation for a real producer could easily exceed $50,000 the first year. We have several seminars in various stages of development and you would have a marketing budget to make it happen. Please take a look at www.investigativetechnology.net to see what we're doing right now. If you are qualified and highly motivated, please contact me directly via email. David Vine 6829 From: Steve Uhrig Date: Tue Jan 28, 2003 8:41am Subject: Reorganization of ATF (USA) Effective Friday, January 24, 2003, the Bureau of Alcohol, Tobacco and Firearms (ATF) officially transfers from the Department of the Treasury to the Department of Justice, retaining its bureau status. 6830 From: frost_bitten_ca Date: Tue Jan 28, 2003 0:08pm Subject: Court rejects infrared drug search POSTED AT 2:07 AM EST Tuesday, January 28 Court rejects infrared drug search By KIRK MAKIN From Tuesday's Globe and Mail Your home is your castle ­ right down to the heat that leaks out of it. The Ontario Court of Appeal extended the right of privacy to intrusive technological advances Monday, acquitting a man whose hydroponic marijuana operation was detected by police who flew overhead with infrared equipment. "The nature of the intrusiveness is subtle, but almost Orwellian in its theoretical capacity," the court said in a 3-0 ruling. It said police must henceforth obtain search warrants for these flyovers, since the heat they measure may emanate from other private activities that generate surges of energy. "Some perfectly innocent internal activities in the home can create the external emanations detected and measured by forward looking infrared aerial cameras," Madam Justice Rosalie Abella wrote. "Many of them, such as taking a bath or using lights at unusual hours, are intensely personal." There is a clear distinction between the kind of observation police make using the naked eye or binoculars and more threatening forms of intrusion that are the product of technology, she said. The ruling erased an 18-month sentence imposed against a Windsor, Ont., handyman, Walter Tessling, whose home contained enough marijuana plants to yield many kilograms of the narcotic. The court noted that in view of an evolving "public, judicial and political" recognition that marijuana is a less serious narcotic than it was once seen to be, it was preferable to exclude the ill-gotten evidence. Writing on behalf of Mr. Justice Dennis O'Connor and Mr. Justice Robert Sharpe, Judge Abella said Mr. Tessling must also be acquitted of possessing several unlicensed handguns. RCMP conducted the aerial surveillance in 1999, after getting a tip from an informant who was unfamiliar to them that Mr. Tessling and a friend were producing and trafficking marijuana. Defence counsel Frank Miller said Monday's ruling under the Charter of Rights signals that courts are aware of the threat future technology poses to vital civil liberties. "As far as I'm concerned, this is the essence of freedom," he said in an interview. "Why should the police know whether someone is taking a sauna, firing a kiln, growing orchids or growing marijuana?" He said infra-red surveillance will be subject to the same laws that exist for obtaining warrants to conduct a raid, plant a listening device or intercept phone calls. "What is novel is that this case involves what is known as 'off-the- wall technology' ­ where inferences can be drawn about what is going on in your home without the police going anywhere near it," Mr. Miller said. Police in the Tessling case were told by Ontario Hydro officials that there was no unusual hydro usage at his home. Still suspicious, they flew over using equipment. Crown counsel James Leising and Moiz Rahman defended the evidence on the basis that any violation of Mr. Tessling's privacy interest was trivial. They said individuals have no reasonable expectation of privacy about the heat emitted from their homes, and nor does it reveal intimate details about their activities. However, the court said that Mr. Tessling clearly had a reasonable expectation of privacy, and that it was unreasonably violated. "While I accept that technically what is being scrutinized is heat from the surface of a home, it is impossible to ignore the fact that those surface emanations have a direct relationship to what is taking place inside the home," it said. http://www.globeandmail.com/servlet/ArticleNews/front/RTGAM/20030128/w xgrow0128/Front/homeBN/breakingnews 6831 From: Mitch D Date: Tue Jan 28, 2003 7:32pm Subject: Re: Court rejects infrared drug search Not advocating an idiot growing pot plants but;Glad someone in a courtroom still understands "Curtilage".......... __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com 6832 From: Matt Paulsen Date: Tue Jan 28, 2003 8:06pm Subject: tscming a lan Hi there... Have read http://www.tscm.com/fluke785.html a bit. Given a fluke, sniffer, scope and 0-2ghz spectrum analyzer, I am interested in the nuts & bolts of determining what is 'normal' vs 'not normal' within the context of a network being abused by 'real life' non-software based devices used to eavesdrop using network infrastructure vs. phone infrastructure. Not interested in software intrusions/surveillance/etc. Utilization runs around .5-1.5% on a bad day and broadcast/multicasts are here and there, mostly between the HSRP routing switches at the core. Traffic is around 40%ipx, 55%ip, 5% other... 65 subnets, 1000+ devices... Backbone is fiber down to ether, some token, co/twinax, decnet, and other things..... Mostly cisco, 4908's using HSRP down to 3508's (all fiber), from there to more 3508's and/or 2950's using mdics/gbics (can't remember which acronym goes where...) out to 10/100 switches/hubs, mostly cat 5/5e/6, some 3 here and there. VLAN'd and using spanning tree... . Routers are a smattering of 4000's, 3600's, 4500's, 25xx's, 17xx's, 3000's, etc on private t1's, vpn's, frames, ds0's, ds1's, wifi, and more.. IE: a lot of pipe.. not a lot of use.. mostly bursty traffic and dead air... so it's hard to say who a 'top dog' sender is in this, unless you put 50 sniffers on the lan at once, especially since vlan's are everywhere and blocking traffic... snooping would be nice.... but papa's checkbook isn't that big. I guess the obvious points would be to sniff the subnet where the internet access is, as well as the servers, which is already being done, but since the servers tend to drown out a client here or there and client traffic looks like routers at the core, it's harder to say than find it. Almost makes me want to run a cisco switch report. Almost. To break down the page a bit and ask some questions... At this point the physical wiring will be checked for any eavesdropping device, or anomaly. - Any suggestion on what types of anomalies to look for with the tools above or are you talking about cable dragging it in the ceiling here? near-end/far-end cross talk analysis will be performed to locate inductive or capacitor isolated devices - what would this look like on a fluke? mostly next/fext is a pretty basic yes/no, like when doing a wire map.. it either is or isn't there/is or isn't paired up right. Anything specific to look for? Should I run specific wire tests that aren't the norm or look for specific characteristics? Be sure to check all conductor combinations, and all references to ground, and structural components for signal paths. --- Most LAN's are dead runs from LAN access device to patch panel to port, not grounded... unless you're counting the grounding of the LAN access device. It's been a long long time since I've seen a distributed fault on a network. What are you referencing here? When checking UTP wiring be sure to check all four cable pairs, and check the voice cabling at the same time (easy to do when four Smart Remotes are being used), but ensure that all cabling is "dry" (has no signal on it) before performing any tests. -- I have 6 remotes, but don't know what you mean by this. Mine are just numbered 1 -6 and ring out on the display and I can test 2 out at a time on my fluke ie: 2 full cables... am I misinterpreting something here or are you talking about something different entirely? It may also be beneficial to also perform a Sweep Analysis of the cabling (with a Spectrum Analyzer and Sweep Generator) to identify any frequency response related anomalies. - Can you give me a manufacturer/model sweep generator suggestion? HP 8601A or is there one better for field work? What range and resolution should I look for? What RF ranges should I disregard as normal when doing the spectrum analysis and the oscope tests for cat5/5e/6? 100MHz.. and? Lastly, what are some things to consider given fiber is prevalant in the ethernet environment (disregarding other media types for a moment), as well as media bridges pretty much all over the place? How would physical eavesdropping devices cope with this sort of briding? Thanks, Matt 6833 From: kondrak Date: Tue Jan 28, 2003 10:47pm Subject: Reorganization of ATF (USA) > > >The A.T.F has split into two groups, one keeping its present name and >moving to the Department of Justice. The other department is changing its >name to The Alcohol and Tobacco Tax Bureau (TTB) however, that one is >still under the control of the Treasury Department. > >http://www.ttb.gov/ [Non-text portions of this message have been removed] 6834 From: Hawkspirit Date: Wed Jan 29, 2003 8:43am Subject: tscming a lan Matt, I have been doing a lot of research in this area in the last year. I have several T-spans set up in my lab and I have purchased every major CSU/DSU and so far eight bit error rate detectors and framing generators. Your most accurate way to secure wire is still the use of TDR which means your resolution will be so much better if you shut down the data flow during the test. You will still have the problem of repeaters and routers every mile or so. Remote loop back testing is the way to go to identify those units and their location on the span. The biggest threat may be monitoring ports on those devices. Roger Tolces Electronic Security www.bugsweeps.com Date: Tue, 28 Jan 2003 18:06:08 -0800 From: "Matt Paulsen" Subject: tscming a lan Hi there... Have read http://www.tscm.com/fluke785.html a bit. Given a fluke, sniffer, scope and 0-2ghz spectrum analyzer, I am interested in the nuts & bolts of determining what is 'normal' vs 'not normal' within the context of a network being abused by 'real life' non-software based devices used to eavesdrop using network infrastructure vs. phone infrastructure. Not interested in software intrusions/surveillance/etc. Utilization runs around .5-1.5% on a bad day and broadcast/multicasts are here and there, mostly between the HSRP routing switches at the core. Traffic is around 40%ipx, 55%ip, 5% other... 65 subnets, 1000+ devices... Backbone is fiber down to ether, some token, co/twinax, decnet, and other things..... Mostly cisco, 4908's using HSRP down to 3508's (all fiber), from there to more 3508's and/or 2950's using mdics/gbics (can't remember which acronym goes where...) out to 10/100 switches/hubs, mostly cat 5/5e/6, some 3 here and there. VLAN'd and using spanning tree... . Routers are a smattering of 4000's, 3600's, 4500's, 25xx's, 17xx's, 3000's, etc on private t1's, vpn's, frames, ds0's, ds1's, wifi, and more.. IE: a lot of pipe.. not a lot of use.. mostly bursty traffic and dead air... so it's hard to say who a 'top dog' sender is in this, unless you put 50 sniffers on the lan at once, especially since vlan's are everywhere and blocking traffic... snooping would be nice.... but papa's checkbook isn't that big. I guess the obvious points would be to sniff the subnet where the internet access is, as well as the servers, which is already being done, but since the servers tend to drown out a client here or there and client traffic looks like routers at the core, it's harder to say than find it. Almost makes me want to run a cisco switch report. Almost. To break down the page a bit and ask some questions... At this point the physical wiring will be checked for any eavesdropping device, or anomaly. - Any suggestion on what types of anomalies to look for with the tools above or are you talking about cable dragging it in the ceiling here? near-end/far-end cross talk analysis will be performed to locate inductive or capacitor isolated devices - what would this look like on a fluke? mostly next/fext is a pretty basic yes/no, like when doing a wire map.. it either is or isn't there/is or isn't paired up right. Anything specific to look for? Should I run specific wire tests that aren't the norm or look for specific characteristics? Be sure to check all conductor combinations, and all references to ground, and structural components for signal paths. --- Most LAN's are dead runs from LAN access device to patch panel to port, not grounded... unless you're counting the grounding of the LAN access device. It's been a long long time since I've seen a distributed fault on a network. What are you referencing here? When checking UTP wiring be sure to check all four cable pairs, and check the voice cabling at the same time (easy to do when four Smart Remotes are being used), but ensure that all cabling is "dry" (has no signal on it) before performing any tests. -- I have 6 remotes, but don't know what you mean by this. Mine are just numbered 1 -6 and ring out on the display and I can test 2 out at a time on my fluke ie: 2 full cables... am I misinterpreting something here or are you talking about something different entirely? It may also be beneficial to also perform a Sweep Analysis of the cabling (with a Spectrum Analyzer and Sweep Generator) to identify any frequency response related anomalies. - Can you give me a manufacturer/model sweep generator suggestion? HP 8601A or is there one better for field work? What range and resolution should I look for? What RF ranges should I disregard as normal when doing the spectrum analysis and the oscope tests for cat5/5e/6? 100MHz.. and? Lastly, what are some things to consider given fiber is prevalant in the ethernet environment (disregarding other media types for a moment), as well as media bridges pretty much all over the place? How would physical eavesdropping devices cope with this sort of briding? Thanks, Matt 6835 From: MailExp Date: Tue Jan 28, 2003 8:42pm Subject: RE: Court rejects infrared drug search Not advocating either, BUT - how is it an intrusion when you don't know, feel or suffer the presence of an observation that you did not know was taking place from 1000' above your head? AND, since when is "the area common to or surrounding a house" consisting of the airspace above? It does not for any other right or law. It would be nicer to see someone in a courtroom apply common sense and logic, instead of wasting time making people file more papers just to do their job. Just another viewpoint from the peanut gallery... -----Original Message----- From: Mitch D [mailto:rockdriver@y...] Sent: Tuesday, January 28, 2003 8:33 PM To: tscm-l@yahoogroups.com Subject: Re: [TSCM-L] Court rejects infrared drug search Not advocating an idiot growing pot plants but;Glad someone in a courtroom still understands "Curtilage".......... __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Yahoo! Groups Sponsor ADVERTISEMENT ======================================================== TSCM-L Technical Security Mailing List "In a multitude of counselors there is strength" To subscribe to the TSCM-L mailing list visit: http://www.yahoogroups.com/community/TSCM-L It is by caffeine alone I set my mind in motion. It is by the juice of Star Bucks that thoughts acquire speed, the hands acquire shaking, the shaking is a warning. It is by caffeine alone I set my mind in motion. =================================================== TSKS Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service . [Non-text portions of this message have been removed] 6836 From: Hugo Drax Date: Wed Jan 29, 2003 0:45am Subject: Re: tscming a lan If your customer has sensitive data it should sit behind a secured isolated server in a tamper-resistant cabinet include tamper evidence seals with a firewall protecting the device, IDS/logging system residing in the cabinet for alerting and only permit timed access to the server via VPN with SecureID tokens(fobs). Physical security is a must. Anyways get ready for a manual verification every cable and have fun :) all the questions you ask would require a book to answer them all in the world of Data I have seen it all and then some :) ----- Original Message ----- From: "Matt Paulsen" To: "'TSCM submissions'" Sent: Tuesday, January 28, 2003 9:06 PM Subject: [TSCM-L] tscming a lan > Hi there... > > Have read http://www.tscm.com/fluke785.html a bit. Given a fluke, sniffer, > scope and 0-2ghz spectrum analyzer, I am interested in the nuts & bolts of > determining what is 'normal' vs 'not normal' within the context of a network > being abused by 'real life' non-software based devices used to eavesdrop > using network infrastructure vs. phone infrastructure. Not interested in > software intrusions/surveillance/etc. > > Utilization runs around .5-1.5% on a bad day and broadcast/multicasts are > here and there, mostly between the HSRP routing switches at the core. > Traffic is around 40%ipx, 55%ip, 5% other... 65 subnets, 1000+ devices... > > Backbone is fiber down to ether, some token, co/twinax, decnet, and other > things..... Mostly cisco, 4908's using HSRP down to 3508's (all fiber), from > there to more 3508's and/or 2950's using mdics/gbics (can't remember which > acronym goes where...) out to 10/100 switches/hubs, mostly cat 5/5e/6, some > 3 here and there. VLAN'd and using spanning tree... . Routers are a > smattering of 4000's, 3600's, 4500's, 25xx's, 17xx's, 3000's, etc on private > t1's, vpn's, frames, ds0's, ds1's, wifi, and more.. > > IE: a lot of pipe.. not a lot of use.. mostly bursty traffic and dead air... > so it's hard to say who a 'top dog' sender is in this, unless you put 50 > sniffers on the lan at once, especially since vlan's are everywhere and > blocking traffic... snooping would be nice.... but papa's checkbook isn't > that big. I guess the obvious points would be to sniff the subnet where the > internet access is, as well as the servers, which is already being done, but > since the servers tend to drown out a client here or there and client > traffic looks like routers at the core, it's harder to say than find it. > Almost makes me want to run a cisco switch report. Almost. > > To break down the page a bit and ask some questions... > > At this point the physical wiring will be checked for any eavesdropping > device, or anomaly. - Any suggestion on what types of anomalies to look for > with the tools above or are you talking about cable dragging it in the > ceiling here? > > near-end/far-end cross talk analysis will be performed to locate inductive > or capacitor isolated devices - what would this look like on a fluke? mostly > next/fext is a pretty basic yes/no, like when doing a wire map.. it either > is or isn't there/is or isn't paired up right. Anything specific to look > for? Should I run specific wire tests that aren't the norm or look for > specific characteristics? > > Be sure to check all conductor combinations, and all references to ground, > and structural components for signal paths. --- Most LAN's are dead runs > from LAN access device to patch panel to port, not grounded... unless you're > counting the grounding of the LAN access device. It's been a long long time > since I've seen a distributed fault on a network. What are you referencing > here? > > When checking UTP wiring be sure to check all four cable pairs, and check > the voice cabling at the same time (easy to do when four Smart Remotes are > being used), but ensure that all cabling is "dry" (has no signal on it) > before performing any tests. -- I have 6 remotes, but don't know what you > mean by this. Mine are just numbered 1 -6 and ring out on the display and I > can test 2 out at a time on my fluke ie: 2 full cables... am I > misinterpreting something here or are you talking about something different > entirely? > > It may also be beneficial to also perform a Sweep Analysis of the cabling > (with a Spectrum Analyzer and Sweep Generator) to identify any frequency > response related anomalies. - Can you give me a manufacturer/model sweep > generator suggestion? HP 8601A or is there one better for field work? What > range and resolution should I look for? > > What RF ranges should I disregard as normal when doing the spectrum analysis > and the oscope tests for cat5/5e/6? 100MHz.. and? > > Lastly, what are some things to consider given fiber is prevalant in the > ethernet environment (disregarding other media types for a moment), as well > as media bridges pretty much all over the place? How would physical > eavesdropping devices cope with this sort of briding? > > > Thanks, > > Matt > > > ======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.yahoogroups.com/community/TSCM-L > > It is by caffeine alone I set my mind in motion. > It is by the juice of Star Bucks that thoughts acquire speed, > the hands acquire shaking, the shaking is a warning. > It is by caffeine alone I set my mind in motion. > =================================================== TSKS > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ > > > 6837 From: Mitch D Date: Wed Jan 29, 2003 3:17pm Subject: RE: Court rejects infrared drug search(slightly off topic) --- MailExp wrote: > Not advocating either, BUT - how is it an intrusion when you > don't know, > feel or suffer the presence of an observation that you did not > know was > taking place from 1000' above your head? AND, since when is > "the area > common to or surrounding a house" consisting of the airspace > above? It > does not for any other right or law. It would be nicer to see > someone > in a courtroom apply common sense and logic, instead of > wasting time > making people file more papers just to do their job. > > Just another viewpoint from the peanut gallery... Seems like the bottom line in the case presented, is what one can see, or gather, from an area that is accessible to the general public(sidewalk, street), versus utilizing a device to gain view of an area of concern.(helicopter,ladder,thermal gear) ie; if one could see illegal plants from the street,sidewalk through a window, that has the blinds open,and the stuff is in plain view,identifiable with ease, theres grounds for a warrant,versus using a ladder to look through a window upstairs or in this case using FLIR gear,from anyplace air or ground may fall within the guidelines of curtilage.....which is what seems the ruling judge in the case decided.... I read a 5 page curtilage report from a LEA,(US)that was published to discuss removal of trash from a trash can from someones home. Cliff note version: If the trash was placed on the street for collection,the contents were allowed to be used as evidence in a subject case whereas if it was behind the house,in an area that does not allow the trash collectors to have access to it,it would be deemed unallowable to be used in court. With todays laws, a lot has changed in regards to this due to the types of investigation that more or less have,less "guidelines",or borders to be adhered to based on what type of wrongdoing is being checked out..... I do think the judge had a tough decision to make..... __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com 6838 From: R. Snyder Date: Wed Jan 29, 2003 4:02pm Subject: Parasitic illumination of passive radiators? Since the Soviets remotely illuminated the "Great Seal" resonant cavity, there seems to be a tacit presumption that passive radiators require illumination from a remote source. However, how much of a threat would local sources, such as the microwave motion detectors for burglar alarms, pose in the context of illumination of a correspondingly tuned microphonic resonant cavity? It seems that the majority of the microwave motion detectors are X-band, although I'm aware of a few Ku-band ones. Their input power appears to be typically a few hundred milliwatts, so their output power would be a fraction of that (especially if some of the power is being used by a PIR sensor in a PIR + microwave detector). Other potential microwave sources include 2.4 GHz and 5.8 GHz wireless data, cordless phones, etc., although I suspect the bursty nature of some of these sources (as well as their correspondingly larger cavities) might make them less of a threat. Any thoughts on illicit modulation of pre-existing RF as a TSCM threat? __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com 6839 From: gratefuldeadbolt Date: Wed Jan 29, 2003 10:51pm Subject: New member...with question.... Hi, what a great group this is... I hope to get to all of you a lot more... I am currently working as a Security/Alarm Technician right now and have done a fair amount of Locksmithing in the past... Two things I am wondering about... First, does anyone know of training/schooling/opportunities in Canada in the TSCM field? Second, Does anyone care to expand upon the THREAT ANALYSIS MODEL that one would use when talking to a client... I know that some of you have met some REALLY interesting folks (good for another post), and forwarded them to some very interesting sights like www.? the one for the foil caps to protect ones brain from microwave transmissions... Well not all of them are so easy to laugh away... Take for example a client that thinks they have been followed in a car... more than one occansion... and not by just any traffic, by someone that "seemed" to go out of their way to stay 'Line of sight' (and this was not someone they 'cut off the road while merging') so road rage can be ruled out! Are there any books, sights info that is recommended for a customer to look up to improve their evasive driving technique as to better "Make" sure they are NOT being followed... or in this occasion to "Make" sure they ARE being followed instead of just "thinking" they are being followed? Btw... Driving in circles in a parking lot is not an option for this customer. How would you handle this... P.s. the customer also thinks they are being bugged, and can't prove it...probably related to the paranoia of being followed. Now if we can only solve this 'following' enigma, the 'bugs' would be less an issue. Mabey this is better answered by a P.I. group with knowledge of 'traking and surveillance" but I thougt I'd ask here first because I am sure you have all dealt with customers that think they are being 'bugged' but only because this is justified by the feeling of being 'tracked' or 'WATCHED'! I guess I am really wondering the ethics of customer service vs the almighty "$" It would be easy for some to say "Yes, SIR, THEY are on to you now!!! we need to get going on the BUG sweep ASAP... I even need to borrow your satellite reciever for "TESTING" Ok... That will be $900/hr for the sweep..." and their are some that will send this customer to the FOIL CAP web sight before listening to thier story. I need to know the best way to serve this customer, and is there common ground? Thanks in advance... -ALWAYS GRATEFUL- Dave 6840 From: Kirk Adirim Date: Thu Jan 30, 2003 0:11am Subject: RE: Parasitic illumination of passive radiators? It takes a LOT of energy (watts) to illuminate a passive radiator so that it will reflect a decent signal. The energies generated from unfocused part 15 type devices are not great enough to re-radiate a passive reflector any useable distance. However, if you were to use focused energy say from a radar gun, you could use this on a resonant cavity. Some of the other techniques used today are beaming a signal onto tuned schottky diodes, then using the detected energy to power a microwatt audio transmitter. This is the same technology used on some of the RFID tags on toll roads. As I understand it, the Great Seal was operated at 300 mhz not microwave. If you really want to take passive radiators to the extreme, imagine using the naturally occurring RF pulses that bombard our planet from the cosmos, and using that energy as a passive stealth RADAR system to track foreign aircraft and ships etc. Sort of like radio astronomy..... Kirk www.tactronix.com -----Original Message----- From: R. Snyder [mailto:rds_6@y...] Sent: Wednesday, January 29, 2003 2:03 PM To: TSCM-L@yahoogroups.com Subject: [TSCM-L] Parasitic illumination of passive radiators? Since the Soviets remotely illuminated the "Great Seal" resonant cavity, there seems to be a tacit presumption that passive radiators require illumination from a remote source. However, how much of a threat would local sources, such as the microwave motion detectors for burglar alarms, pose in the context of illumination of a correspondingly tuned microphonic resonant cavity? It seems that the majority of the microwave motion detectors are X-band, although I'm aware of a few Ku-band ones. Their input power appears to be typically a few hundred milliwatts, so their output power would be a fraction of that (especially if some of the power is being used by a PIR sensor in a PIR + microwave detector). Other potential microwave sources include 2.4 GHz and 5.8 GHz wireless data, cordless phones, etc., although I suspect the bursty nature of some of these sources (as well as their correspondingly larger cavities) might make them less of a threat. Any thoughts on illicit modulation of pre-existing RF as a TSCM threat? __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ======================================================== TSCM-L Technical Security Mailing List "In a multitude of counselors there is strength" To subscribe to the TSCM-L mailing list visit: http://www.yahoogroups.com/community/TSCM-L It is by caffeine alone I set my mind in motion. It is by the juice of Star Bucks that thoughts acquire speed, the hands acquire shaking, the shaking is a warning. It is by caffeine alone I set my mind in motion. =================================================== TSKS Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 6841 From: Matt Paulsen Date: Wed Jan 29, 2003 11:47pm Subject: RE: tscming a lan Hi Roger, Thanks for the information. Most of what you're discussing looks wan based voice/data - t1's, ds0's, opx's, etc. If we're still back to using a TDR (dry not wet, correct?), why should I bother with the other equipment I have? Does it provide any value to TSCM a lan in the context as I've laid it out? If you're saying that we have to break the lan to test, that's not very easy to do in a life systems level network where if you break the lan you endanger lives and set off physical security systems and impact engineering systems - chillers, electrical, etc. Or do I place that under this is a ISO issue, talk to the CEO if you've got an issue with it. Second, I'm still trying to understand how a TDR fits into the larger context of a fiber rich network with single & multimode cable all over the place. Third, I'm looking for surreptitious testing before breaking the lan. RE: CSU/DSU's, I've done from network loop back, 0x's, 1's, etc., as well as from the CO down to the CSU. Mostly I get 'it's all ok' from my testing. I tend to find that the telco's are braindead for the most part unless you get a senior engineer involved that realizes that there's this thing called a switch, and it runs on this other thing called software at their end. -----Original Message----- From: Hawkspirit [mailto:hawkspirit@e...] Sent: Wednesday, January 29, 2003 6:44 AM To: TSCM Subject: [TSCM-L] tscming a lan Matt, I have been doing a lot of research in this area in the last year. I have several T-spans set up in my lab and I have purchased every major CSU/DSU and so far eight bit error rate detectors and framing generators. Your most accurate way to secure wire is still the use of TDR which means your resolution will be so much better if you shut down the data flow during the test. You will still have the problem of repeaters and routers every mile or so. Remote loop back testing is the way to go to identify those units and their location on the span. The biggest threat may be monitoring ports on those devices. Roger Tolces Electronic Security www.bugsweeps.com Date: Tue, 28 Jan 2003 18:06:08 -0800 From: "Matt Paulsen" Subject: tscming a lan Hi there... Have read http://www.tscm.com/fluke785.html a bit. Given a fluke, sniffer, scope and 0-2ghz spectrum analyzer, I am interested in the nuts & bolts of determining what is 'normal' vs 'not normal' within the context of a network being abused by 'real life' non-software based devices used to eavesdrop using network infrastructure vs. phone infrastructure. Not interested in software intrusions/surveillance/etc. Utilization runs around .5-1.5% on a bad day and broadcast/multicasts are here and there, mostly between the HSRP routing switches at the core. Traffic is around 40%ipx, 55%ip, 5% other... 65 subnets, 1000+ devices... Backbone is fiber down to ether, some token, co/twinax, decnet, and other things..... Mostly cisco, 4908's using HSRP down to 3508's (all fiber), from there to more 3508's and/or 2950's using mdics/gbics (can't remember which acronym goes where...) out to 10/100 switches/hubs, mostly cat 5/5e/6, some 3 here and there. VLAN'd and using spanning tree... . Routers are a smattering of 4000's, 3600's, 4500's, 25xx's, 17xx's, 3000's, etc on private t1's, vpn's, frames, ds0's, ds1's, wifi, and more.. IE: a lot of pipe.. not a lot of use.. mostly bursty traffic and dead air... so it's hard to say who a 'top dog' sender is in this, unless you put 50 sniffers on the lan at once, especially since vlan's are everywhere and blocking traffic... snooping would be nice.... but papa's checkbook isn't that big. I guess the obvious points would be to sniff the subnet where the internet access is, as well as the servers, which is already being done, but since the servers tend to drown out a client here or there and client traffic looks like routers at the core, it's harder to say than find it. Almost makes me want to run a cisco switch report. Almost. To break down the page a bit and ask some questions... At this point the physical wiring will be checked for any eavesdropping device, or anomaly. - Any suggestion on what types of anomalies to look for with the tools above or are you talking about cable dragging it in the ceiling here? near-end/far-end cross talk analysis will be performed to locate inductive or capacitor isolated devices - what would this look like on a fluke? mostly next/fext is a pretty basic yes/no, like when doing a wire map.. it either is or isn't there/is or isn't paired up right. Anything specific to look for? Should I run specific wire tests that aren't the norm or look for specific characteristics? Be sure to check all conductor combinations, and all references to ground, and structural components for signal paths. --- Most LAN's are dead runs from LAN access device to patch panel to port, not grounded... unless you're counting the grounding of the LAN access device. It's been a long long time since I've seen a distributed fault on a network. What are you referencing here? When checking UTP wiring be sure to check all four cable pairs, and check the voice cabling at the same time (easy to do when four Smart Remotes are being used), but ensure that all cabling is "dry" (has no signal on it) before performing any tests. -- I have 6 remotes, but don't know what you mean by this. Mine are just numbered 1 -6 and ring out on the display and I can test 2 out at a time on my fluke ie: 2 full cables... am I misinterpreting something here or are you talking about something different entirely? It may also be beneficial to also perform a Sweep Analysis of the cabling (with a Spectrum Analyzer and Sweep Generator) to identify any frequency response related anomalies. - Can you give me a manufacturer/model sweep generator suggestion? HP 8601A or is there one better for field work? What range and resolution should I look for? What RF ranges should I disregard as normal when doing the spectrum analysis and the oscope tests for cat5/5e/6? 100MHz.. and? Lastly, what are some things to consider given fiber is prevalant in the ethernet environment (disregarding other media types for a moment), as well as media bridges pretty much all over the place? How would physical eavesdropping devices cope with this sort of briding? Thanks, Matt ======================================================== TSCM-L Technical Security Mailing List "In a multitude of counselors there is strength" To subscribe to the TSCM-L mailing list visit: http://www.yahoogroups.com/community/TSCM-L It is by caffeine alone I set my mind in motion. It is by the juice of Star Bucks that thoughts acquire speed, the hands acquire shaking, the shaking is a warning. It is by caffeine alone I set my mind in motion. =================================================== TSKS Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 6842 From: Matt Paulsen Date: Wed Jan 29, 2003 11:50pm Subject: RE: tscming a lan Hi Hugo, Thanks for the input. Most of what you've laid out is already done. If the questions I've asked require a book to answer, I'll buy it. Any suggestions? Thanks, Matt -----Original Message----- From: Hugo Drax [mailto:hugodrax@d...] Sent: Tuesday, January 28, 2003 10:46 PM To: TSCM-L@yahoogroups.com Subject: Re: [TSCM-L] tscming a lan If your customer has sensitive data it should sit behind a secured isolated server in a tamper-resistant cabinet include tamper evidence seals with a firewall protecting the device, IDS/logging system residing in the cabinet for alerting and only permit timed access to the server via VPN with SecureID tokens(fobs). Physical security is a must. Anyways get ready for a manual verification every cable and have fun :) all the questions you ask would require a book to answer them all in the world of Data I have seen it all and then some :) ----- Original Message ----- From: "Matt Paulsen" To: "'TSCM submissions'" Sent: Tuesday, January 28, 2003 9:06 PM Subject: [TSCM-L] tscming a lan > Hi there... > > Have read http://www.tscm.com/fluke785.html a bit. Given a fluke, sniffer, > scope and 0-2ghz spectrum analyzer, I am interested in the nuts & bolts of > determining what is 'normal' vs 'not normal' within the context of a network > being abused by 'real life' non-software based devices used to eavesdrop > using network infrastructure vs. phone infrastructure. Not interested in > software intrusions/surveillance/etc. > > Utilization runs around .5-1.5% on a bad day and broadcast/multicasts are > here and there, mostly between the HSRP routing switches at the core. > Traffic is around 40%ipx, 55%ip, 5% other... 65 subnets, 1000+ devices... > > Backbone is fiber down to ether, some token, co/twinax, decnet, and other > things..... Mostly cisco, 4908's using HSRP down to 3508's (all fiber), from > there to more 3508's and/or 2950's using mdics/gbics (can't remember which > acronym goes where...) out to 10/100 switches/hubs, mostly cat 5/5e/6, some > 3 here and there. VLAN'd and using spanning tree... . Routers are a > smattering of 4000's, 3600's, 4500's, 25xx's, 17xx's, 3000's, etc on private > t1's, vpn's, frames, ds0's, ds1's, wifi, and more.. > > IE: a lot of pipe.. not a lot of use.. mostly bursty traffic and dead air... > so it's hard to say who a 'top dog' sender is in this, unless you put 50 > sniffers on the lan at once, especially since vlan's are everywhere and > blocking traffic... snooping would be nice.... but papa's checkbook isn't > that big. I guess the obvious points would be to sniff the subnet where the > internet access is, as well as the servers, which is already being done, but > since the servers tend to drown out a client here or there and client > traffic looks like routers at the core, it's harder to say than find it. > Almost makes me want to run a cisco switch report. Almost. > > To break down the page a bit and ask some questions... > > At this point the physical wiring will be checked for any eavesdropping > device, or anomaly. - Any suggestion on what types of anomalies to look for > with the tools above or are you talking about cable dragging it in the > ceiling here? > > near-end/far-end cross talk analysis will be performed to locate inductive > or capacitor isolated devices - what would this look like on a fluke? mostly > next/fext is a pretty basic yes/no, like when doing a wire map.. it either > is or isn't there/is or isn't paired up right. Anything specific to look > for? Should I run specific wire tests that aren't the norm or look for > specific characteristics? > > Be sure to check all conductor combinations, and all references to ground, > and structural components for signal paths. --- Most LAN's are dead runs > from LAN access device to patch panel to port, not grounded... unless you're > counting the grounding of the LAN access device. It's been a long long time > since I've seen a distributed fault on a network. What are you referencing > here? > > When checking UTP wiring be sure to check all four cable pairs, and check > the voice cabling at the same time (easy to do when four Smart Remotes are > being used), but ensure that all cabling is "dry" (has no signal on it) > before performing any tests. -- I have 6 remotes, but don't know what you > mean by this. Mine are just numbered 1 -6 and ring out on the display and I > can test 2 out at a time on my fluke ie: 2 full cables... am I > misinterpreting something here or are you talking about something different > entirely? > > It may also be beneficial to also perform a Sweep Analysis of the cabling > (with a Spectrum Analyzer and Sweep Generator) to identify any frequency > response related anomalies. - Can you give me a manufacturer/model sweep > generator suggestion? HP 8601A or is there one better for field work? What > range and resolution should I look for? > > What RF ranges should I disregard as normal when doing the spectrum analysis > and the oscope tests for cat5/5e/6? 100MHz.. and? > > Lastly, what are some things to consider given fiber is prevalant in the > ethernet environment (disregarding other media types for a moment), as well > as media bridges pretty much all over the place? How would physical > eavesdropping devices cope with this sort of briding? > > > Thanks, > > Matt > > > ======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.yahoogroups.com/community/TSCM-L > > It is by caffeine alone I set my mind in motion. > It is by the juice of Star Bucks that thoughts acquire speed, > the hands acquire shaking, the shaking is a warning. > It is by caffeine alone I set my mind in motion. > =================================================== TSKS > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ > > > ======================================================== TSCM-L Technical Security Mailing List "In a multitude of counselors there is strength" To subscribe to the TSCM-L mailing list visit: http://www.yahoogroups.com/community/TSCM-L It is by caffeine alone I set my mind in motion. It is by the juice of Star Bucks that thoughts acquire speed, the hands acquire shaking, the shaking is a warning. It is by caffeine alone I set my mind in motion. =================================================== TSKS