From: Justin T. Fanning <Justin@f...> 
Date: Fri Feb 1, 2002 3:39pm
Subject: Bluetooth/802.11b as a audio medium? (long but good!)
  
I was looking through a catalogue today and noticed a HP product they
are calling a "Bluetooth printer adapter" (I realise other companies
like 3com make them also but HP is really pushing Bluetooth at the
moment).

See a picture here:

http://www.shopping.hp.com/cgi-bin/hpdirect/shopping/scripts/product_detail/product_detail_view.jsp?product_code=MPIPA330&script_name=product.cgi

It's basically a small box about the size of a soft cigarette pack with
a centronics parallel (printer port) connector on one side. The box
draws it's power from the PC and contains a complete 2.4 Ghz
transceiver (with antenna) and all the necessary hardware/software to
control the Bluetooth spec. (Does the world really need another
wireless spec? Brings to mind the saying ... The wonderful thing
about standards is that there are so many to choose from!)

(If your having trouble sleeping and feel like reading the 1,084 page
Bluetooth spec. you can find it here:)
http://www.bluetooth.com/pdf/Bluetooth_11_Specifications_Book.pdf

The one minute version goes something like this:
spread spectrum, frequency hopping, full-duplex signal at up to
1600 hops/sec. The signal hops among 79 frequencies at 1 MHz
intervals i.e. 2.402 Ghz + K Mhz (k=0 to 78), Pmin 0dBm (1mW),
Pmax 20 dBm (100mW). Bluetooth has a data bandwidth of 1 Mb (base)
with a usable throughput of ~ 700 k/sec. Built in proprietary
encryption algorithm and key exchange, with key size 8 - 128 bits,
usable distance is quoted as 10 Meters (34 feet).

OK, now the question ... 

If a hostile Bluetooth printer adapter (or 802.11b for that matter)
was added to a corporate/government network as a hostile transport
layer would it be discovered?

Most people on this list could easily locate a Bluetooth or 802.11b
RF signal with relative ease (level 1 - 2 threat), but this is only
the transport layer base band. In a corporation that legitimately
uses wireless, how do you distinguish between legitimate traffic or
hostile traffic originating from the clients own resources?

Think of it this way, why would a corporate or government attempt a
risky placement of an RF device that may only have a lifetime of days
(not to mention risking their own freedom in the placement) when a
package can be Emailed (or hacked) onto the existing network and the
data traffic simply delivered over the existing wireless
infrastructure to the car park, across the road etc. (In fact
driving around town with an 802.11b equipped portable seems to be
the new elite geek sport in most major cities).

The data could of course also be room audio as almost all notebooks
and a lot of high end PC's now also have built in microphones. While
I know its JMA's (and many other's) policy to give such devices
swift justice, I've never actually seen a PC or notebook where the
mic has been hardware deactivated and I've seen a _lot_ of corporate
setups.

Does anyone go down to the packet addressing layer, even the packet
"payload" (content) layer? What if the content was encrypted?
How many TSCM'ers sweep for unknown 802.11b MAC address's or
Bluetooth device address's? Is this the future of TSCM?

Regards,


Justin
4714

From: Michael Puchol <mpuchol@s...> 
Date: Fri Feb 1, 2002 4:35pm
Subject: Re: Bluetooth/802.11b as a audio medium? (long but good!)
  
Justin,

> If a hostile Bluetooth printer adapter (or 802.11b for that matter)
> was added to a corporate/government network as a hostile transport
> layer would it be discovered?

First, you would do an inventory of 'legal' RF devices, such as 802.11b
access points, Bluetooth devices, etc. present in the organisation. Then, an
RF survey of the area surrounding the company, to detect other such devices.
Then, an RF survey of the actual building, to discover 'rogue' or planted
devices. Sometimes employees install wireless devices without consulting
with their IT department, which can cause HUGE security problems. Finding
these 'rogue' devices is a must.

> Most people on this list could easily locate a Bluetooth or 802.11b
> RF signal with relative ease (level 1 - 2 threat), but this is only
> the transport layer base band. In a corporation that legitimately
> uses wireless, how do you distinguish between legitimate traffic or
> hostile traffic originating from the clients own resources?

That's a tough one with just a SA or other RF survey tool. You would need to
go into the transport layer itself, by using a sniffer. For wireless
802.11b, I recommend AiroPeek, which lets you sniff a wireless network
without actually attaching to it. If you can get a wire into the LAN, a
standard sniffer would show all active nodes. NAI's Network Inspector is
wonderful as it gives you a full catalogue of network devices, subnets, etc.
Make sure you sniff all sides of switches and routers - you may miss network
segments otherwise, and all available subnets. To be thorough, I'd leave a
sniffer running for 2-4 days on each segment, then do a statistical analysis
on the data. You can then determine which nodes are most active, and what
traffic they are sending - you may find strange IPs sending data to outside
networks, etc. A really nice audit tool is eEye's Iris, which catalogues
sniffed traffic according to connection type, and it even lets you
reconstruct web browsing & email sessions - of course the usual filtering
tools are available.

> Think of it this way, why would a corporate or government attempt a
> risky placement of an RF device that may only have a lifetime of days
> (not to mention risking their own freedom in the placement) when a
> package can be Emailed (or hacked) onto the existing network and the
> data traffic simply delivered over the existing wireless
> infrastructure to the car park, across the road etc. (In fact
> driving around town with an 802.11b equipped portable seems to be
> the new elite geek sport in most major cities).

Well, Network Stumbler seems to be gaining adepts every day! I have done
audits & penetration tests on companies that had wireless APs in place, with
absolutely no protection, not even WEP. The execs were dumbstruck when
evidence was presented that ALL of their network data, passwords, servers,
even printers were accessible to anyone with a laptop, a WLAN card, and a
few hours to spare. In one case, a costumer wouldn't believe his network was
unsecure, so his IT man told him, so we printed out the report on his Xerox
DocuPrint from the car park. Remember, you must have a written contract with
your client to do all these tests, and a NDA to show you won't tell anyone
of what you found is also helpful.

> The data could of course also be room audio as almost all notebooks
> and a lot of high end PC's now also have built in microphones. While
> I know its JMA's (and many other's) policy to give such devices
> swift justice, I've never actually seen a PC or notebook where the
> mic has been hardware deactivated and I've seen a _lot_ of corporate
> setups.

With a standard 802.11b, effective throughput 5Mbps at best, you could be
sending out some 150 sepparate audio feeds with the right compression.
However such traffic would be WAY visible to a sniffer or IDS.

> Does anyone go down to the packet addressing layer, even the packet
> "payload" (content) layer? What if the content was encrypted?
> How many TSCM'ers sweep for unknown 802.11b MAC address's or
> Bluetooth device address's? Is this the future of TSCM?

It certainly is a 'clear and present danger' to quote a movie title, so you
must really watch out for these devices. Looking at the actual data being
sent around is really useful in identifying problems or misuse/abuse - plus
you get to learn about network protocols!

All the best,

Mike
4715

From: <MACCFound@a...> 
Date: Fri Feb 1, 2002 0:24pm
Subject: Judge Rules on Wiretap Evidence
  
Judge Rules on Wiretap Evidence

By PAUL NOWELL
.c The Associated Press


CHARLOTTE, N.C. (AP) - A federal judge ruled Friday that wiretap evidence 
collected by Canadian intelligence agents can be used in the trial of a man 
accused of helping the militant group Hezbollah. 

Said Mohamad Harb, 31, a Lebanon-born naturalized U.S. citizen, and three 
Middle Eastern co-defendants were charged last year with planning to provide 
Hezbollah with cash and supplies, including stun guns, blasting equipment, 
night vision goggles and mine detection equipment. 

Harb's trial, scheduled for April, will be one of the first prosecutions 
under a 1996 law that forbids providing material support to a known terrorist 
organization. Harb, who has been held without bail, could get up to 60 years 
in prison if convicted. 

U.S. Magistrate Judge Brent McKnight's ruling means prosecutors may call the 
Canadian Security Intelligence Service agents to testify about the summaries 
of telephone wiretaps made in 1999 and 2000. 

Harb's defense lawyers challenged the use of the testimony and the 
transcripts without the tapes, which have been destroyed. At a hearing last 
year, they said admitting such evidence would violate Harb's rights. 

McKnight said the evidence can be admitted under the ``past recollection 
exception to the hearsay rule.'' 

``Although this exception was accorded the least discussion by both parties, 
it is clearly the most relevant since the witnesses who authored the 
summaries will testify at trial,'' he wrote. 

Messages left late Friday for defense attorney Chris Fialko were not 
immediately returned. 

The Canadian Security Intelligence Service says it intercepted Harb's phone 
conversations during the normal course of business and later shared the 
information with U.S. intelligence and the FBI. CSIS produced 113 pages of 
transcripts but said it was standard procedure to destroy the tapes. 

Initially, Harb was among 18 people charged with smuggling millions of 
dollars worth of cheap cigarettes out of North Carolina to resell in states 
where higher taxes push the price up. 

A superseding indictment in March levied the more serious accusations - that 
Harb and eight others are part of a Charlotte-based cell of Hezbollah. 

The North Carolina case was brought long before the Sept. 11 terrorist 
attacks. 

AP-NY-02-01-02 1815EST
4716

From: Andre Holmes <1ach@v...> 
Date: Thu Jan 31, 2002 11:42pm
Subject: RWonline - Industry Resources
  
Heres a wealth of information.
ANDRE

http://www.rwonline.com/pandsdir/index.shtml#


[Non-text portions of this message have been removed]
4717

From: Matthew Paulsen <mpaulsen6@a...> 
Date: Sat Feb 2, 2002 5:11am
Subject: Oops
  
Dave - Hey Bob - got the ax?
Bob - ...
Dave - Bob? Hey Bob...
Bob - ...
Dave - Bob, you're not looking too good. Are you ok?

http://news.bbc.co.uk/hi/english/world/europe/newsid_1795000/1795792.stm



[Non-text portions of this message have been removed]
4718

From: tek492p <tek492p@y...> 
Date: Sun Feb 3, 2002 7:34pm
Subject: INTERTECT: Introduction
  
Hello to the group --

INTERTECT, which provides TSCM services to the southern California 
and west coast (USA) areas, has recently up-graded its equipment 
package to include the following new equipment:

Tektronix 492 Spectrum Analyzer, (50 kHz to 21 GHz).

Riser-Bond 1220 Time Domain Reflectometer.

Technical Services Agency (TSA) CCR-3 Carrier Current Receiver.

Alinco DJ-X10 Hand-Held Scanning Receiver, (100 kHz to 2 GHz).

For more information about our company and services, please contact 
us at the following:

Intertect
P. O. Box 7873
Northridge, CA 91327 (USA)
Telephone: (818) 831-0515

Jack Lindauer, President/CEO
Electronic Surveillance Countermeasures
4719

From: <DJONES8718@A...> 
Date: Sun Feb 3, 2002 2:48am
Subject: Electronic Telephone Systems
  
What methods or equipment are available to examine electronic telephone 
systems such as ROLM or MERIDIAN? I know the instrument can be physically 
examined and tested using one of many telephone analyzers (What manufacturer 
is considered the best?), the frame rooms can be examined, the telephone 
instrument programming can be examined via the telephone system computer and 
the telephone lines can be checked with a TDR. Are there any other 
recommended procedures?

Douglas Jones, Sgt.
Miami-Dade Police Department
4720

From: jim33060 <tapman@b...> 
Date: Sun Feb 3, 2002 3:07pm
Subject: Travel Insurance for overseas trip
  
I will be soon traveling to S.E. Asia for a two-week assignment.
Would like some advice on Insuring my Kit, Oscor, Orion, etc.
I'm Gun Shy about my homeowners, can't afford to be cancelled like 
most will do nowadays if god forbid you need them to cover a loss.
Any real life suggestions?
4721

From: James M. Atkinson <jmatk@t...> 
Date: Mon Feb 4, 2002 9:32am
Subject: 11 years for 'Bond spy fantasist'
  
http://www.thisislondon.co.uk/dynamic/news/top_story.html?in_review_id=495008&in_review_text_id=454985

11 years for 'Bond spy fantasist'

by Martin McGlown

A security guard inspired by James Bond was jailed for 11 years today for
trying to sell defence secrets to the Russians.

Raphael Bravo hoped to receive thousands of pounds for the files he stole
from British Aerospace in Stanmore.

They contained information "useful to the enemy" and "prejudicial to the
safety or interest of the state", the Old Bailey heard.

The files dealt with the self-defence radar system of the Harrier jet,
warfare surveillance systems for Army helicopters and even the capabilities
of foreign countries, including Iraq, to detect British missiles.

Bravo, 30, described as an "unsociable loner", was arrested by Special
Branch officers outside a central London hotel last August after agreeing to
meet a man he believed to be a Russian agent. In fact, the "agent" worked
for MI5.

He told police he got the idea to trade secrets from "reading spy novels and
watching TV and James Bond movies." Bravo pleaded guilty to nine charges of
theft and offences under the Official Secrets Act. He asked for two more
offences to be considered. Sentencing him today, Recorder of London Michael
Hyam said: "Anyone who has put at risk the security of this country must
accept that he will receive a long prison sentence.

"In cases of this sort emphasis must be placed on the deterrent factor of
the sentence. Despite what you intended, there is no evidence that allied or
UK interests were in fact prejudiced by what you did. There is no evidence
that you acted with anyone else. Your only motive was financial gain."

The court heard how Bravo, who worked nights for the Crusader security firm,
stole the secret documents while carrying out his patrols. He had access to
safes which required combinations or keys.

After he posted one document to the Russian Embassy in London, MI5 received
a tipoff from a source not specified in court. Days later Bravo was phoned
at his Harlesden home by the MI5 "agent".

A meeting was arranged at the White House hotel in Euston. Officers swooped
on Bravo after he arrived on a motorcycle and delivered the documents in a
carrier bag, said Aftab Jafferjee, prosecuting. Bravo told the agent: "I
could go to prison for this."

Asked what he wanted in return for the 200 pages of files, he replied:
"Money, as much as I can get." He added that he could obtain more files on a
"regular basis".

He later confessed to police: "I expected to be paid a few thousand pounds,
which is cheaper for the Russians than having to spend several million for
that type of information." Mr Jafferjee said security at BAe Systems had
been reviewed since the case.

Defending Bravo, Rock Tansey described him as a "naive" man whose family are
"shocked and devastated". It was even a mystery to the defendant himself why
he should have committed these offences.

"As he saw it, the Russians were not the enemy of this country any more. The
Cold War was over and the relationship between the UK and Russia was
changing," said Mr Tansey.

"There was no way he would have sold that sort of material to Libya, North
Korea, Iraq or China because he realised these were the real enemies of this
country.

"He is genuinely remorseful for what he has done. No planning went into the
question of which document he took. He knew he would not be able to
understand. They were very technical. The most top secret documents had red
spines and these were the ones he looked for."

Mr Tansey said Bravo needed money and was depressed by the repetitive nature
of his job.

-- 

--------------------------------------------------------------------------------------------------
The First, The Largest, The Most Popular, and The Most Complete TSCM,
Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet.
--------------------------------------------------------------------------------------------------
James M. AtkinsonPhone: (978) 546-3803
Granite Island GroupFax: (978) 546-9467
127 Eastern Avenue #291http://www.tscm.com/
Gloucester, MA 01931-8008mailto:jmatk@t...
--------------------------------------------------------------------------------------------------
People sleep peaceably in their beds at night only because rough
men stand ready to do violence on their behalf. - George Orwell
--------------------------------------------------------------------------------------------------
4722

From: James M. Atkinson <jmatk@t...> 
Date: Mon Feb 4, 2002 9:43am
Subject: Spying homes in on Chinese snoring
  
http://seattlepi.nwsource.com/opinion/56133_hoagland27.shtml

Spying homes in on Chinese snoring
Tuesday, January 29, 2002

By JIM HOAGLAND
SYNDICATED COLUMNIST

WASHINGTON -- The spies who allegedly bugged the headboard of the Chinese
president's airborne bed must have expected to gather more than the scoop on
Jiang Zemin's snoring patterns. What reward would justify the high risk of
discovery this exploit entailed?

Bugging a presidential jetliner of another nation is tricky business. But it
can be argued that the potential payoff is worth it. Final, decisive
conversations on strategy are often held at 30,000 feet as a visiting
potentate wings toward a summit where he hopes to outmaneuver his host
nabob. The potentate knows that on the ground his every word will be picked
up by the nabob's omnipresent listening devices.

Sensitive in-flight strategy sessions may become extinct as the spy story
expertly spun by Chinese officials last week spreads around the globe. Other
leaders who have ordered their versions of Air Force One outfitted in the
United States now must worry that their Boeing-made walls may have ears too.
It is improbable that Washington developed a special covert audio program
for flying heads and targeted only one. That is not how it works in the spy
world.

Shutting up will be easier than shutting down: Secret services abroad would
have to tear apart the upholstery, fittings and, yes, headboards of their
nation's flying presidential offices to see if Washington is listening to
the Great One's every word and snore.

To debug the $120-million Boeing 767-300ER model China purchased in June
2000, the plane would have had to be gutted beyond repair, say people with
experience in different phases of this business. They warn that "sacrificing
the plane," as Chinese officials say they did, is the only sure way to find
highly sophisticated satellite-driven bugs. An electronic sweep would not
have picked them up.

Unnamed Chinese military officials told reporters for The Washington Post
and The Financial Times last week that 27 listening devices had been ripped
out of Jiang's airliner, which was delivered from the United States in
August. The devices were supposedly discovered in October after they emitted
a static whine on test flights -- a proposition that U.S. sources say is
technically unlikely. The Chinese seem to be covering their tracks on how
and, perhaps more importantly, when they actually found the devices.

That is one of the many mysteries about this story, which the U.S.
government will not confirm, deny or discuss. Only this is obvious: Chinese
officials chose to surface their detailed allegations one month before
President Bush makes his first trip to Beijing.

My guess is the Chinese are seeking tactical advantage from the leaks. They
may expect to put Bush on the defensive and to make him more conciliatory by
disclosing the incident, which Jiang almost certainly will not mention
himself. That is not the sort of thing presidents do to each other in their
world. China's official spokesmen, while doing nothing to cast doubt on the
story, won't take responsibility for confirming it, either.

These new allegations serve another, unintended purpose: They underscore
that the highly active espionage bureaucracies of the two countries dominate
the Chinese-American relationship more thoroughly than do the diplomats,
politicians or businessmen.

Relations have still not fully recovered from the 1999 U.S. bombing of the
Chinese embassy in Belgrade because of a CIA error. In December 2000, a
senior colonel from China's most sensitive military intelligence branch
defected while visiting New York, triggering a witch hunt for American
agents in the command of the People's Liberation Army. Last April the two
nations engaged in a tense confrontation over the forcing down of a U.S.
reconnaissance plane on Hainan Island.

Bush will have to handle the fallout of the bugging charges, even though his
administration was almost certainly not responsible for a decision to bug
Jiang's airliner. That would have been the work of spymasters of the Clinton
administration. The Boeing air frame was originally sold to Delta Airlines
and then repurchased by China's military in mid-2000 and sent to a
"modification house" (in San Antonio apparently) for a super deluxe
outfitting that seems to have included an electronic bonus the Chinese were
not expecting.

Like investment bankers, spies work on a risk-to-reward ratio. They would
have assured policy-makers who must sign off on their operations that the
risk of detection was "minimal," and cited previous successes that went off
without detection, says one who has been at such sessions. Wasn't that worth
capturing Jiang's every word, burp or sneeze?

Amazingly, somebody at the upper reaches of government agreed, and launched
a boomerang that has now spun back at Washington from China.


Jim Hoagland is associate
editor/senior foreign correspondent
for The Washington Post.
Copyright 2002 Washington Post Writers Group.
E-mail: hoaglandj@w...
-- 

--------------------------------------------------------------------------------------------------
The First, The Largest, The Most Popular, and The Most Complete TSCM,
Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet.
--------------------------------------------------------------------------------------------------
James M. AtkinsonPhone: (978) 546-3803
Granite Island GroupFax: (978) 546-9467
127 Eastern Avenue #291http://www.tscm.com/
Gloucester, MA 01931-8008mailto:jmatk@t...
--------------------------------------------------------------------------------------------------
People sleep peaceably in their beds at night only because rough
men stand ready to do violence on their behalf. - George Orwell
--------------------------------------------------------------------------------------------------
4723

From: James M. Atkinson <jmatk@t...> 
Date: Mon Feb 4, 2002 9:41am
Subject: FBI Director Juggles Espionage Unit
  
http://www.guardian.co.uk/uslatest/story/0,1282,-1484280,00.html

FBI Director Juggles Espionage Unit

Wednesday January 30, 2002 11:10 PM

WASHINGTON (AP) - The FBI director has reassigned the acting head of his
national security division, one of the bureau's highest-ranking women, after
losing confidence in her investigation into whether China tried to recruit a
U.S. spy, according to people familiar with the move.

FBI Director Robert S. Mueller made the decision about a week ago to replace
Sheila Horan. During 1998, Horan headed the investigation into the bombings
of two U.S. embassies in Africa, which led investigators to al-Qaida
followers of Osama bin Laden.

Mueller notified Senate oversight committee members, and on Tuesday
personally explained his decision during a closed-door Senate briefing.
Horan was reassigned to an administrative position.

Sources familiar with the meeting said Mueller told senators he had serious
concerns within the division, which investigates reports of spying in the
United States, and he outlined the changes he has made.

The New York Times, which first reported Horan's reassignment, said Mueller
was dissatisfied with her investigation of suspicions that China tried to
recruit a spy against the United States.

The Times, citing anonymous officials, said few details were available and
that the identity of the subject of the investigation was unknown. The
newspaper said these officials did not say whether any spying had occurred.

The FBI declined to comment Wednesday about Horan or her future at the
bureau. A person answering calls at her home referred calls to her office at
FBI headquarters, where she could not be reached immediately.

An FBI spokesman, Bill Carter, said the director's decision was an
administrative matter and that Horan would not speak with reporters.

The Times reported that she was expected to leave the FBI.

Horan took over as acting director of the national security division after
the retirement of Neil Gallagher in November, who left the bureau after a
tumultuous period.

The FBI's espionage division suffered a setback in February with veteran
counterintelligence agent Robert Hanssen's arrest on spying charges. Hanssen
pleaded guilty to spying for the Soviet Union, then Russia, over at least 15
years.

Gallagher was involved in the investigation of scientist Wen Ho Lee.
Government watchdogs accused Gallagher of misleading Congress about the
investigation.

Gallagher told Senate committees in June 1999 that he had full confidence in
an early Energy Department inquiry into the national weapons laboratory at
Los Alamos, N.M., saying the investigation made a compelling case to focus
on Lee. The Taiwan-born naturalized American was accused of leaking nuclear
secrets to China.

The General Accounting Office, Congress' investigative arm, said the
statement was misleading because the FBI's Albuquerque, N.M., office had
expressed serious misgivings about the inquiry that Gallagher should have
known about.

Gallagher told GAO investigators the mistake was inadvertent and said he did
not intentionally mislead lawmakers.

Guardian Unlimited © Guardian Newspapers Limited 2002
-- 

--------------------------------------------------------------------------------------------------
The First, The Largest, The Most Popular, and The Most Complete TSCM,
Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet.
--------------------------------------------------------------------------------------------------
James M. AtkinsonPhone: (978) 546-3803
Granite Island GroupFax: (978) 546-9467
127 Eastern Avenue #291http://www.tscm.com/
Gloucester, MA 01931-8008mailto:jmatk@t...
--------------------------------------------------------------------------------------------------
People sleep peaceably in their beds at night only because rough
men stand ready to do violence on their behalf. - George Orwell
--------------------------------------------------------------------------------------------------
4724

From: James M. Atkinson <jmatk@t...> 
Date: Mon Feb 4, 2002 9:39am
Subject: Senior FBI National Security Division chief demoted over spy probe
  
http://www.cnn.com/2002/LAW/01/30/fbi.demotion/index.html

Senior FBI National Security Division chief demoted over spy probe

January 30, 2002 Posted: 3:10 PM EST (2010 GMT)

WASHINGTON (CNN) -- One of the FBI's senior national security officials has
been demoted over the handling of an investigation into possible Chinese
espionage.

According to bureau officials, Sheila Horan has been removed from her job as
deputy assistant director for counterintelligence in the National Security
Division, and has been moved to the Administrative Services Division.

The action was ordered by FBI Director Robert Mueller.

Bureau officials say the espionage investigation deals with the possible
attempt by China to recruit a spy against the United States. No details were
provided about the status of that investigation.

Bureau officials told CNN Horan did not pursue the probe aggressively enough
to satisfy Mueller, and he felt she was slow to inform him of details of the
investigation.

The counterintelligence unit has been embarrassed within the last few years
by various scandals, including the discovery that one of the bureau's
own --now-convicted veteran FBI agent Robert Hanssen -- had been spying for
Russia for years.

The FBI was also red-faced after its intensive investigation of nuclear
scientist Wen Ho-Lee, suspected of spying for China, largely fell apart. He
pleaded guilty to one count of mishandling classified material and has now
published a book accusing the FBI of treating him unfairly because of his
Chinese heritage.

The case Horan was looking into is said to be unrelated to the discovery of
listening devices -- bugs -- found aboard a Boeing 767 delivered to China
recently for use by the Chinese government.

Horan, 54, joined the FBI in 1973. She is one of the bureau's highest
ranking women. She has worked counterintelligence since 1975. In August
1997, she was named special agent in charge of the FBI's National Security
Division in the bureau's Washington field office.

In December 1998 she was promoted to deputy assistant director for
counterintelligence at headquarters.

-- 

--------------------------------------------------------------------------------------------------
The First, The Largest, The Most Popular, and The Most Complete TSCM,
Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet.
--------------------------------------------------------------------------------------------------
James M. AtkinsonPhone: (978) 546-3803
Granite Island GroupFax: (978) 546-9467
127 Eastern Avenue #291http://www.tscm.com/
Gloucester, MA 01931-8008mailto:jmatk@t...
--------------------------------------------------------------------------------------------------
People sleep peaceably in their beds at night only because rough
men stand ready to do violence on their behalf. - George Orwell
--------------------------------------------------------------------------------------------------
4725

From: James M. Atkinson <jmatk@t...> 
Date: Mon Feb 4, 2002 9:31am
Subject: CIA helps museum open door on spying
  
http://www.portal.telegraph.co.uk/news/main.jhtml?xml=/news/2002/01/27/wspy27.xml&sSheet=/portal/2002/01/27/por_right.html

CIA helps museum open door on spying
By David Wastell in Washington
(Filed: 27/01/2002)


THE long shadows of some of the world's most notorious spies and
double-agents, from Anthony Blunt to Aldrich Ames, will be cast over
Washington in June with the opening of the world's largest museum dedicated
to the history of espionage.

Former members of the KGB and CIA have been recruited to give advice on
exhibits ranging from special "escape boots" designed for British pilots in
the Second World War to a concealed camera used to monitor East German hotel
bedrooms.

In a city that has seen more than its fair share of spies and is still,
presumably, home to hundreds of them, the museum will acknowledge the work
done by the world's secret agents and by America's much-maligned L21
billion-a-year intelligence effort.

"Intelligence officers do not usually want or seek banner headlines," said
Peter Earnest, a former career CIA officer who spent 20 years running
clandestine networks behind the Iron Curtain.

"The Cold War was an intelligence war, and it was intelligence that stopped
it from becoming a hot war, but there were no parades of intelligence
officers at the end of it.

"People often talk about intelligence failures but they don't hear about
many of the successes - embassies that have not been bombed, airports that
have not been attacked - and one of our aims is to get people thinking about
the role that intelligence has played in history."

Officially, the CIA has no view on the museum, which will be housed in a
group of 100-year-old buildings in what was once the bustling heart of
Washington. Unofficially, the agency, whose headquarters are a few miles up
the Potomac River in Langley, Virginia, has been encouraging it.

As well as Mr Earnest, who is the museum's executive director, members of
its advisory board include Judge William Webster, the former director of the
FBI and CIA, Antonio Mendez, who was the CIA's chief of disguise, and a
string of other intelligence experts.

For balance, there is one Briton, Christopher Andrew, the spy historian, and
a Russian who defected: Oleg Kalugin, a former KGB major-general who ran the
Soviets' counter-intelligence wing.

The museum is being financed by Milton Maltz, a wealthy broadcasting
executive and businessman of Cleveland, Ohio, who once worked in America's
National Security Agency.

Many more spies and former spies, including some still in prison, have been
interviewed on video to provide realistic accounts of their operations.

The museum will acknowledge British and American traitors, including Blunt,
who was stripped of his knighthood when revealed as a double-agent, and
Ames, regarded as the most damaging CIA turncoat for his betrayal to the
Russians of dozens of American agents, many of whom were executed.

It will also examine the spycraft of the traitor Robert Hanssen, who
overlooked the site of the new museum from his fourth-floor office at FBI
headquarters until he was arrested, last February, for selling secrets to
Moscow for 15 years.

Hanssen used what Mr Earnest described as "classic techniques" to pass
information to his KGB contacts, such as secret "dead drops" for leaving
documents in parks and public places in the Washington area.

Artefacts on display will include a "Kiss of Death" KGB lipstick tube,
designed to fire a single bullet when twisted, an Enigma code-breaking
machine and a range of fake warts used to smuggle microdots of secret
information.

-- 

--------------------------------------------------------------------------------------------------
The First, The Largest, The Most Popular, and The Most Complete TSCM,
Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet.
--------------------------------------------------------------------------------------------------
James M. AtkinsonPhone: (978) 546-3803
Granite Island GroupFax: (978) 546-9467
127 Eastern Avenue #291http://www.tscm.com/
Gloucester, MA 01931-8008mailto:jmatk@t...
--------------------------------------------------------------------------------------------------
People sleep peaceably in their beds at night only because rough
men stand ready to do violence on their behalf. - George Orwell
--------------------------------------------------------------------------------------------------
4726

From: James M. Atkinson <jmatk@t...> 
Date: Mon Feb 4, 2002 9:45am
Subject: Judge Rules On Wiretap Evidence
  
http://www.guardian.co.uk/uslatest/story/0,1282,-1489453,00.html

Judge Rules On Wiretap Evidence

Friday February 1, 2002 11:20 PM

CHARLOTTE, N.C. (AP) - A federal judge ruled Friday that wiretap evidence
collected by Canadian intelligence agents can be used in the trial of a man
accused of helping the militant group Hezbollah.

Said Mohamad Harb, 31, a Lebanon-born naturalized U.S. citizen, and three
Middle Eastern co-defendants were charged last year with planning to provide
Hezbollah with cash and supplies, including stun guns, blasting equipment,
night vision goggles and mine detection equipment.

Harb's trial, scheduled for April, will be one of the first prosecutions
under a 1996 law that forbids providing material support to a known
terrorist organization. Harb, who has been held without bail, could get up
to 60 years in prison if convicted.

U.S. Magistrate Judge Brent McKnight's ruling means prosecutors may call the
Canadian Security Intelligence Service agents to testify about the summaries
of telephone wiretaps made in 1999 and 2000.

Harb's defense lawyers challenged the use of the testimony and the
transcripts without the tapes, which have been destroyed. At a hearing last
year, they said admitting such evidence would violate Harb's rights.

McKnight said the evidence can be admitted under the ``past recollection
exception to the hearsay rule.''

``Although this exception was accorded the least discussion by both parties,
it is clearly the most relevant since the witnesses who authored the
summaries will testify at trial,'' he wrote.

Messages left late Friday for defense attorney Chris Fialko were not
immediately returned.

The Canadian Security Intelligence Service says it intercepted Harb's phone
conversations during the normal course of business and later shared the
information with U.S. intelligence and the FBI. CSIS produced 113 pages of
transcripts but said it was standard procedure to destroy the tapes.

Initially, Harb was among 18 people charged with smuggling millions of
dollars worth of cheap cigarettes out of North Carolina to resell in states
where higher taxes push the price up.

A superseding indictment in March levied the more serious accusations - that
Harb and eight others are part of a Charlotte-based cell of Hezbollah.

The North Carolina case was brought long before the Sept. 11 terrorist
attacks.

Guardian Unlimited © Guardian Newspapers Limited 2002
-- 

--------------------------------------------------------------------------------------------------
The First, The Largest, The Most Popular, and The Most Complete TSCM,
Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet.
--------------------------------------------------------------------------------------------------
James M. AtkinsonPhone: (978) 546-3803
Granite Island GroupFax: (978) 546-9467
127 Eastern Avenue #291http://www.tscm.com/
Gloucester, MA 01931-8008mailto:jmatk@t...
--------------------------------------------------------------------------------------------------
People sleep peaceably in their beds at night only because rough
men stand ready to do violence on their behalf. - George Orwell
--------------------------------------------------------------------------------------------------
4727

From: James M. Atkinson <jmatk@t...> 
Date: Mon Feb 4, 2002 9:50am
Subject: Would-be spy jailed for eight years
  
http://www.thescotsman.co.uk/index.cfm?id=125082002

Would-be spy jailed for eight years

Dan McDougall Crime Correspondent


A BRITISH Aerospace security guard who stole top secret military documents
and tried to sell them to the Russian secret service was last night jailed
for eleven years.

Raphael Bravo, 30, who admitted his knowledge of espionage amounted to the
James Bond films, snatched the highly confidential material, including
designs for Royal Navy anti-radar equipment, while on night shift patrol at
BAe's HQ in Stanmore, London an Old Bailey jury heard.

The stolen papers which also included top secret information on protection
systems for Royal Navy ships and the defence systems of hostile countries
like Iraq, were said by the prosecution to pose a "substantial threat to the
safety of the state". But the Crown admitted there was no evidence Bravo had
a political motive and had purely been driven by greed.

Bravo, described to the court as a loner, took the red-spined secret
documents when he patrolled at the British Aerospace HQ in west London in
June and July last year.

He worked from 7pm to 7am, but colleagues noted he was unhappy in his job,
and it emerged in court that he had even spoken to them of selling documents
to the Russians.

Aftab Jafferjee, prosecuting said: "Mr Bravo abused his position and trust
by stealing the documents and endeavoured to sell the secrets to a foreign
power, that is Russia. Any document labelled secret means that the
compromising of such information would be likely to threaten life directly
or cause serious damage to the operational effectiveness of the security of
the UK or allied forces."

The court heard that after removing the files from the base last year Bravo
tried to sell on the documents to the Russians for "as much money as he
could get", first phoning the embassy and then sending them a sample paper
with his pager number attached.

But MI5 were instantly on the married Londoner's trial. The security guard
was caught when he tried to hand over the documents to a man he believed was
a Russian agent, turned out to be working for MI5.

Bravo of Willesden, north west London, admitted at an earlier hearing that
he took documents relating to front-line defence systems. He pleaded guilty
to nine offences and asked for two others to be taken into consideration.

Seven charges were under the Official Secrets Act and four were theft.

Bravo expected to be paid a few thousand pounds for the secrets. He said
after his arrest that he had telephoned the Russian embassy after getting
the number from the phone directory, but found that there was only an
answering machine.

He then decided to post the documents to the embassy with a note saying if
they were interested in more documents to contact him.

The guard who worked for Crusader security under contract to BAe Systems
said he decided to take advantage whenever a cabinet containing secret
documents was left open.

He later pleaded guilty to the crimes, but said his sole knowledge of
espionage came from "newspapers, spy novels and James Bond".

Sentencing Bravo, Judge Michael Hyam said: "Despite what you intended there
is no evidence that national or allied interests were in fact prejudiced by
what you did.

"But had you succeeded there is no doubt whatever that the interests of this
country and its allies would have been substantially prejudiced."

Bravo's arrest resulted from a combined operation between MI5 and Special
Branch. After the trial Commander Roger Pearce, the Metropolitan Police's
director of intelligence, said Bravo's sentence reflected the severity of
this crime.

He said: "This man abused his position of trust and his actions could
potentially have put lives at risk.

"The arrest of Raphael Bravo was a result of an intelligence-led operation
involving Special Branch and a number of other agencies working closely
together and we are satisfied with the outcome."
-- 

--------------------------------------------------------------------------------------------------
The First, The Largest, The Most Popular, and The Most Complete TSCM,
Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet.
--------------------------------------------------------------------------------------------------
James M. AtkinsonPhone: (978) 546-3803
Granite Island GroupFax: (978) 546-9467
127 Eastern Avenue #291http://www.tscm.com/
Gloucester, MA 01931-8008mailto:jmatk@t...
--------------------------------------------------------------------------------------------------
People sleep peaceably in their beds at night only because rough
men stand ready to do violence on their behalf. - George Orwell
--------------------------------------------------------------------------------------------------
4728

From: James M. Atkinson <jmatk@t...> 
Date: Mon Feb 4, 2002 9:45am
Subject: Security guard spy jailed after MI-5 traps him
  
http://www.thetimes.co.uk/article/0,,2-2002054451,00.html

SATURDAY FEBRUARY 02 2002

Security guard spy jailed after MI-5 traps him

BY SAM LISTER

A SECURITY guard who tried to sell military secrets to the Russians was
jailed for 11 years at the Old Bailey yesterday.
Rafael Bravo, 30, could have threatened lives and caused serious damage to
the security of Britain and its allies had he succeeded in selling files he
stole while working night shifts at British Aerospace, the court was told.

The documents, marked "UK eyes only" and "Nato secret", detailed frontline
defence systems for British Apache helicopters, Harrier jump-jets, warships
and radar surveillance. Soon after the thefts, between July and August last
year, Bravo was trapped by a classic MI5 "sting" when he passed the papers
to British agents, believing they were Russians.

Sentencing Bravo, the Recorder of London, Judge Michael Hyam, said that,
although he accepted that the guard had been motivated only by financial
gain, he was compelled to impose a lengthy jail term to deter others.

"Despite what you intended there is no evidence that national or allied
interest were in fact prejudiced by what you did. But had you succeeded
there is no doubt whatever that the interests of this country and its allies
would have been substantially prejudiced," he said. "Anyone who has put at
risk his country's security must expect to receive long sentences."

Bravo, described as a loner and typical opportunist spy, pleaded guilty to
six offences under the Official Secrets Act and five under the Theft Act
after admitting to taking the files from desks and cabinets around the BAe
headquarters in Stanmore, north London.

The court heard that the scheme was so ill thought-out and unsophisticated
that it appeared inspired by little more than spy novels and James Bond
films.

The theft set off a major security alert. Bravo, a British national of
Spanish descent, was phoned at his bedsit in Willesden, north London, by an
MI5 man pretending to be Russian.

He was arrested after a meeting at which he agreed to show the files and
asked for "as much money as I can get". Although he is known to have asked
for less than L1million for the documents, experts said they would have been
worth many millions more to foreign powers.

-- 

--------------------------------------------------------------------------------------------------
The First, The Largest, The Most Popular, and The Most Complete TSCM,
Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet.
--------------------------------------------------------------------------------------------------
James M. AtkinsonPhone: (978) 546-3803
Granite Island GroupFax: (978) 546-9467
127 Eastern Avenue #291http://www.tscm.com/
Gloucester, MA 01931-8008mailto:jmatk@t...
--------------------------------------------------------------------------------------------------
People sleep peaceably in their beds at night only because rough
men stand ready to do violence on their behalf. - George Orwell
--------------------------------------------------------------------------------------------------
4729

From: <MACCFound@a...> 
Date: Mon Feb 4, 2002 7:37am
Subject: Re: INTERTECT: Introduction
  
In a message dated 2/3/02 5:35:50 PM Pacific Standard Time, tek492p@y... 
writes:

<< Hello to the group -- >>

Nice equipment! Where did you and/or your staff get it's training?
4730

From: Hawkspirit <hawkspirit@e...> 
Date: Mon Feb 4, 2002 0:39pm
Subject: Packet Sniffers
  
Justin T. Fanning" <Justin@f...>
Subject: Bluetooth/802.11b as a audio medium? (long but good!)

Does anyone go down to the packet addressing layer, even the packet
"payload" (content) layer? What if the content was encrypted?
How many TSCM'ers sweep for unknown 802.11b MAC address's or
Bluetooth device address's? Is this the future of TSCM?
Regards,

Justin


I agree Justin, TSCM is definitely going in the direction of packet 
sniffing. I don't know if you followed my discussion of T1 multiplexed CO 
lines a few months ago. Securing these type of phone communications is the 
new challenge on the horizon. Packet sniffers maybe a mandatory and key 
piece of the sweep gear real soon. I personally am saturating on them now. 
I like to stay up with the leaders of the race at all times.

Roger Tolces
www.bugsweeps.com
4731

From: Allen Sedenka <aos18966@y...> 
Date: Mon Feb 4, 2002 7:47am
Subject: CODING ON AIRLINE TICKET
  
On a trip to Chicago last week, I noticed that during the boarding process at the gate instead of row numbers being called for boarding, Group 1 & Group 2 ticket holders (these designations were printed above the seat #) were allowed to board first. Those not holding this designation on their tickets were asked to step aside for additional screening prior to boarding. Does anyone know what these designations are or how they are assigned, etc? I had a Group 1 designation.


---------------------------------
Do You Yahoo!?
Yahoo! Auctions Great stuff seeking new owners! Bid now!

[Non-text portions of this message have been removed]
4732

From: Gordon Mitchell <gordonm@b...> 
Date: Mon Feb 4, 2002 3:37pm
Subject: Re: Packet Sniffers
  
There are lots of opportunities to move toward network security. They range from the obvious (moving the mouse to see if someone left their computer logged in) to analysis of the link layer.

In all of the sweeps that we do we check for 802.11 at 2.4 GHz, soon at 5. This sort of thing is fundamental. Use a professional tool like Wildpackets Airopeek on a laptop equipped with a wireless lan card. This provides great detail on really bad problems like computers offering NetBios ports, etc. Avoid hacker tools that are used for wardriving -- they will do bad things to your credibility if you end up in an expert witness situation.

Bluetooth is growing slowly and is worth tracking. When it becomes more common it will be worth monitoring also.

Gordon
phone +1 (425) 489-0446 or toll free (888) 284-5457
Electronic eavesdropping detection Bug-Killer.com
Finding clues in computers eSleuth.com

Hawkspirit wrote:
> 
> Justin T. Fanning" <Justin@f...>
> Subject: Bluetooth/802.11b as a audio medium? (long but good!)
> 
> Does anyone go down to the packet addressing layer, even the packet
> "payload" (content) layer? What if the content was encrypted?
> How many TSCM'ers sweep for unknown 802.11b MAC address's or
> Bluetooth device address's? Is this the future of TSCM?
> Regards,
> 
> Justin
> 
> I agree Justin, TSCM is definitely going in the direction of packet
> sniffing. I don't know if you followed my discussion of T1 multiplexed CO
> lines a few months ago. Securing these type of phone communications is the
> new challenge on the horizon. Packet sniffers maybe a mandatory and key
> piece of the sweep gear real soon. I personally am saturating on them now.
> I like to stay up with the leaders of the race at all times.
> 
> Roger Tolces
> www.bugsweeps.com
> 
> 
> ========================================================
> TSCM-L Technical Security Mailing List
> "In a multitude of counselors there is strength"
> 
> To subscribe to the TSCM-L mailing list visit:
> http://www.yahoogroups.com/community/TSCM-L
> 
> It is by caffeine alone I set my mind in motion.
> It is by the juice of Star Bucks that thoughts acquire speed,
> the hands acquire shaking, the shaking is a warning.
> It is by caffeine alone I set my mind in motion.
> =================================================== TSKS
> 
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

--
4733

From: Michael Puchol <mpuchol@s...> 
Date: Mon Feb 4, 2002 4:14pm
Subject: Fw: Packet Sniffers
  
Aaaargh! Hit 'Reply to sender' only again!

Here goes again,


Hi Gordon,

> > Avoid hacker tools that are used for wardriving -- they will do bad
things
> to
> > your credibility if you end up in an expert witness situation.

I have to disagree here - some of these 'hacker' tools do stuff you couldn't
do with commercially available software, and obviously a cracker is going to
be using precisely these tools.

You are probably referring to NetStumbler, a piece of software that displays
nearby WLAN access points that will respond to broadcast requests with an
SSID set to 'ANY'. Some APs now don't respond to these. In any case, it is
an extremely useful tool to identify APs within a certain area without
having to do an extensive (and expensive) RF survey with spectrum analyzers
and the like. Within a couple of seconds you'll have a list of APs that you
can format appropiately (I'm not saying you go to court or to your costumer
with a screen dump of NS!), and show to whoever is responsible of network
security - if they're slightly competent, they'll identify roge APs straight
away. Some organisations are not looking for high-tech bugs, but for dumb
employees placing security hazards in their networks (proxy software,
conferencing, chat, wireless LAN, etc.) so you don't really need a
full-blown TSCM inspection.

Another such 'hacker' tool is L0phtCrack, which again is a double-edged
sword. It will capture SMB logons in Windows NT networks, and attempt
dictionary-based and brute-force attacks on the LM hash. With such tool, you
can present a report to a client showing him a) how easy it would be for
your average school kid to get most of his organisation's passwords, and b)
how necessary it is to implement strong password policies. Without this
tool, it is not possible to know how secure your network really is. I admit
that this program has moved onto a commercial enterprise, but there is still
a freeware version available, with source code, which basically does the
same, only slower.

I see nothing wrong in using software like this for legitimate purposes,
just like you can buy a kitchen knife to cut tomatos - you can also kill
your neighbour with it.

My point is that if you are not familiar with the tools that attackers will
use, then you're not really going to be doing your clients any favours.
Then, if they are still not convinced about the lack of security they may
have, you can run a demo! Before you cut in, yes, you need to have consent
from the owners of the network before you run such tests.

Just my €0.02's worth

Mike
4734

From: James M. Atkinson <jmatk@t...> 
Date: Mon Feb 4, 2002 6:03pm
Subject: Alliance of Concerned Shamans
  
From: Alliance of Concerned Shamans
To:Chief Who Sits on Big Rock and has Mighty Club
Subject: Fire.

Fire bad. Maybe fire good, but no one know. Since no one know, best not
to make fire. That way, we not find out, which is good. Fire anger gods.
Angry gods mean bad hunts and no babies. We no want no babies. Repeat:
Fire bad.

People make fire too fast. Only five year ago, no fire. Last year,
sparks. Now, fire. No one consult us first. No one ask gods. People just
bang rocks, make sparks. We upset. We know gods upset, because gods talk
to us -- not to people. So no more make fire!

Fire bad. People burned. What if someone make big-big fire, burn down
woods? Then animals die, we no eat animals, we die. Fire bad.

Some say fire good. They stupid. If fire good, gods would have given us
fire. Gods no give us fire, so, fire bad. D'uh! Stupid people who say
fire good should be burned with fire! Hah! That will teach them.

We shamans all say:Fire bad. You mess with fire, you make gods angry.
Fire bad for women and babies and cute little bunnies.

So, Chief, please: Hit people who mess with fire with big club.

Thank you.
-- 

--------------------------------------------------------------------------------------------------
The First, The Largest, The Most Popular, and The Most Complete TSCM,
Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet.
--------------------------------------------------------------------------------------------------
James M. AtkinsonPhone: (978) 546-3803
Granite Island GroupFax: (978) 546-9467
127 Eastern Avenue #291http://www.tscm.com/
Gloucester, MA 01931-8008mailto:jmatk@t...
--------------------------------------------------------------------------------------------------
People sleep peaceably in their beds at night only because rough
men stand ready to do violence on their behalf. - George Orwell
--------------------------------------------------------------------------------------------------
4735

From: <MACCFound@a...> 
Date: Tue Feb 5, 2002 10:26am
Subject: Bush Eyeballs Heavy Tech Spending
  
Bush Eyeballs Heavy Tech Spending 
By Declan McCullagh 
2:00 a.m. Feb. 5, 2002 PST 


WASHINGTON -- President Bush is asking Congress to grant federal police 
hundreds of millions of dollars for surveillance, information-sharing and 
computer upgrades. 

In his proposed 2003 budget sent to Capitol Hill on Monday, Bush proposed an 
unprecedented increase on spending for anti-terrorism efforts, saying that 
doing so "recognizes the new realities confronting our nation, and funds the 
war against terrorism and the defense of our homeland." 

Because the complex document is merely a proposal, Congress will spend much 
of this year wrangling over what form the final budget will take for the 
fiscal year beginning Oct. 1, 2002. 

Bush proposes spending $2.13 trillion for the 2003 fiscal year, a 3.7 percent 
overall increase from this year's spending. But if you don't count mandatory 
programs like Social Security, discretionary spending jumps $124 billion, or 
19 percent. 

One of the biggest winners would be the Justice Department, which includes 
the FBI, the Drug Enforcement Agency and the thousands of DOJ attorneys in 
the criminal, civil and other divisions. The DOJ would get a budget increase 
of $1.8 billion to a total of $30.2 billion, not counting $539.2 million it 
already received as part of an emergency spending bill enacted after Sept. 
11. 

The FBI would receive $61.8 million and 201 more employees or contractors to 
support the agency's "surveillance capabilities to collect evidence and 
intelligence," the DOJ said in a statement on Monday afternoon. That would 
allow the FBI to devote more resources than ever to controversial spy 
technologies like Carnivore, keyboard logging devices, and Magic Lantern. 

Included in that figure is: $5.6 million to expand an unnamed FBI "data 
collection facility," $32 million and 194 positions devoted to intelligence 
and information gathering, $10.9 million for expanded electronic 
surveillance, $11.3 million for an "Electronic Surveillance Data Management 
System," and $2 million for the Special Operations Group's intelligence and 
surveillance operations. 

In addition, the FBI would receive $157.6 million to upgrade and enhance its 
computer systems. 

The FBI's National Infrastructure Protection and Computer Intrusion Program 
would get $21 million and 138 new hires, including 81 agents. The purpose: To 
respond to "cyber-attacks" and investigate electronic intrusions. 

To handle the expected increase in wiretaps, especially ones approved by the 
shadowy Foreign Intelligence Surveillance Act court, the Department of 
Justice itself would get a boost. The budget anticipates hiring another 10 
wiretap-specialist attorneys at a cost of $2 million. 

On Capitol Hill, initial reaction to the budget was cautious and followed 
party lines. "The President's budget is a good first step in what is sure to 
be one of the most challenging budget seasons we've seen in quite some time. 
The biggest challenge will be to control spending while meeting all of our 
priorities," said House Budget committee chairman Jim Nussle (R-Iowa). 

House Minority Leader Richard Gephardt said: "While President Bush should be 
commended for his commitment to defense and homeland security in his budget 
released today, he should seriously reconsider his fiscal priorities for our 
future economic growth." To cover in part the budget increases, Bush has 
proposed cutting highway spending and environmental projects. 

Other agencies include: 

Patent and Trademark Office: The PTO would receive a remarkable 21.2 percent 
budget increase. James Rogan, Undersecretary of Commerce for Intellectual 
Property, said on Monday that the cash would let him hire 950 more patent 
examiners. 

General Services Administration: It may be best known for the humble task of 
maintaining government buildings, but the GSA is also responsible for 
providing "one-stop access to federal services via the Internet or 
telephone." Bush proposes $45 million for an "e-gov" fund to be handled by a 
new "Office of Citizen Services," a jump from last year's request of $20 
million. 

National Commission on Libraries and Information Science: President Bush 
proposes to eliminate this minor bureaucracy, saying its $1 million budget 
could be better spent by the Institute of Museum and Library Services. That 
institute would receive $211 million, $16 million than last year. 

National Archives and Records Administration: Digital signatures, designed to 
be impossible to forge, finally will make their way into the venerable 
Federal Register, the voluminous record of new government regulations. NARA 
will also receive $2.3 million to spend on its Electronic Records Management 
project.
4736

From: James M. Atkinson <jmatk@t...> 
Date: Tue Feb 5, 2002 9:39pm
Subject: The 10 Commandments of Counterintelligence
  
The 10 Commandments of Counterintelligence

BY James M. Olson

This article appeared in Studies of Intelligence, Unclassified 
Edition, Fall-Winter 2001, No.11, published by the CIA's Center for 
the Study of Intelligence. The Center seeks to promote study, debate, 
and understanding of the role of intelligence in the American system 
of government. Mr. Olson served in the Central Intelligence Agency's 
Directorate of Operations and is presently on the faculty of the 
George Bush School of Government and Public Service at Texas A&M 
University.

"O that thou hadst hearkened to my commandments! Then had thy peace 
been as a river, and thy righteousness as the waves of the sea." 
Isaiah 48:18

The need for counterintelligence (CI) has not gone away, nor is it 
likely to. The end of the Cold War has not even meant an end to the 
CI threat from the former Soviet Union. The foreign intelligence 
service of the new democratic Russia, the Sluzhba Vneshney Razvedki 
Rossii (SVRR), has remained active against us. It was the SVRR that 
took over the handling of Aldrich Ames from its predecessor, the KGB, 
in 1991. It was the SVRR that ran CIA officer Harold James Nicholson 
against us from 1994 to 1996. It was the SVRR that was handling FBI 
special agent Earl Pitts when he was arrested for espionage in 1996. 
It was the SVRR that planted a listening device in a conference room 
of the State Department in Washington in the summer of 1999. And it 
was the SVRR that was handling FBI special agent Robert Hanssen when 
he was arrested on charges of espionage in February 2001.

The Russians are not alone. There have been serious, well-publicized 
concerns about Chinese espionage in the United States. The Department 
of Energy significantly increased security at its national 
laboratories in response to allegations that China had stolen US 
nuclear weapons secrets.

Paul Redmond, the former Associate Deputy Director of Operations for 
Counterintelligence at the CIA, told the House Permanent Select 
Committee on Intelligence in early 2000 that a total of at least 41 
countries are trying to spy on the United States. Besides mentioning 
Russia, China, and Cuba, he also cited several "friends," including 
France, Greece, Indonesia, Israel, the Philippines, South Korea, and 
Taiwan. He warned of a pervasive CI threat to the United States.

The United States, as the world's only remaining superpower, will be 
the constant target of jealousies, resentments, rivalries, and 
challenges to its economic well-being, security, and leadership in 
the world. This inevitably means that the United States will be the 
target of large-scale foreign espionage.

A Choice Assignment

When I joined the CIA, one of my first interim assignments was with 
the old CI Staff. I found it fascinating. I was assigned to write a 
history of the Rote Kapelle, the Soviet espionage network in 
Nazi-occupied Western Europe during World War II.

With its expanded computer power, NSA was breaking out the actual 
messages sent between the NKVD center in Moscow and the clandestine 
radios of the various cells in Western Europe. Incredibly, these 
messages came to me.

There I was, a brand new junior officer, literally the first person 
in the CIA to see the day-to-day traffic from these life-and-death 
operations. I was deeply affected by the fear, heroism, and drama in 
these messages. Above all, I felt privileged to have been given such 
an opportunity.

Building on an earlier study of the Rote Kapelle by the CI Staff, I 
completed a draft several months later that incorporated the new 
material. To my great surprise, this study was well received by my 
immediate superiors, and I was told that I was to be rewarded with a 
personal interview and congratulations from James Jesus Angleton, the 
legendary head of the CI Staff from 1954 to 1974.

Angleton's office was on the second floor of the Original 
Headquarters Building. I was first ushered into an outer office, 
where Angleton's aides briefed me on how to conduct myself. And then 
I went alone into the inner sanctum.

The room was dark, the curtains were drawn, and there was just one 
small lamp on Angleton's desk. I later heard that Angleton had eye 
trouble and that the light hurt his eyes, but I was convinced the 
real reason for the semidarkness was to add to his mystique. It 
certainly worked on me!

I nervously briefed Angleton on my study, and he listened without 
interrupting, just nodding from time to time. When I finished, he 
methodically attacked every one of my conclusions. Didn't I know the 
traffic was a deception? Hadn't it occurred to me that Leopold 
Trepper, the leader of the Rote Kapelle, was a German double? He went 
on and on, getting further and further out.

Even I, as a brand new officer, could tell that this great mind, this 
CI genius, had lost it. I thought he was around the bend. It was one 
of the most bizarre experiences of my career.

When the meeting was over, I was glad to get out of there, and I 
vowed to myself that I would never go anywhere near CI again. I did 
not keep that vow. In my overseas assignments with the Agency, I 
found myself drawn toward Soviet CI operations. Nothing seemed to 
quicken my pulse more, and I was delighted when I was called back to 
Headquarters in 1989 to join the new Counterintelligence Center (CIC) 
as Ted Price's deputy. When Ted moved upstairs in early 1991 to 
become the Associate Deputy Director for Operations, I was named 
chief of the Center.

Today, many years after that initial disagreeable encounter with CI, 
I find it hard to believe that it is actually my picture on the wall 
of the CIC conference room at CIA Headquarters, where the photos of 
all former CIA counterintelligence chiefs are displayed. There I am, 
number seven in a row that begins with Angleton.

So, after a career that ended up being far more CI-oriented than I 
could ever have imagined, I would like to offer some personal 
observations in the form of "The 10 Commandments of 
Counterintelligence." I have chosen the form of commandments because 
I believe the basic rules of CI are immutable and should be 
scrupulously followed. In my view, it makes little difference whether 
the adversary is the Russians, the Cubans, the East Germans, the 
Chinese, or someone else. It likewise makes little difference whether 
we are talking about good CI practices in 1985 or in 2005. 
Unfortunately, as I watch US CI today, I am increasingly concerned 
that the principles I consider fundamental to effective CI are not 
being followed as carefully and consistently as they should be.

These commandments were not handed down to me from a mountaintop, and 
I make no claim that they are inspired or even definitive. They are 
simply the culmination, for what they are worth, of my experience. 
They are intended primarily for my fellow practitioners in CI today, 
but also for any younger officers in the Intelligence Community (IC) 
who might someday want to join us.



The First Commandment: Be Offensive
CI that is passive and defensive will fail. We cannot hunker down in 
a defensive mode and wait for things to happen. I believe we are 
spending far too much money on fences, safes, alarms, and other 
purely defensive measures to protect our secrets. That is not how we 
have been hurt in recent years. Spies have hurt us. Our CI mindset 
should be relentlessly offensive. We need to go after our CI 
adversaries.

Aggressive double agent (DA) operations are essential to any CI 
program, but not the predictable, hackneyed kind we have so often 
pursued. We need to push our bright and imaginative people to produce 
clever new scenarios for controlled operations, and we need more of 
them. The opposition services should be kept constantly off guard so 
that they never suspect that we have actually controlled the 
operations they believe they initiated from the beginning. When the 
requirements, modus operandi, and personality objectives of the DA 
operation have been achieved, we should in a greater number of cases 
pitch the opposition case officer. If only one out of 10 or 20 of 
these recruitments takes, it is worth it. And CI professionals, of 
course, should not rely exclusively on their own efforts. They should 
constantly prod their HUMINT colleagues to identify, target, and 
recruit officers from the opposition intelligence services. The key 
to CI success is penetration. For every American spy, there are 
several members of the opposition service who know who he or she is. 
No matter what it takes, we have to have penetrations.

We should operate aggressively against the nontraditional as well as 
the traditional adversaries. How many examples do we need of 
operations against Americans by so-called friendly countries to 
convince us that the old intelligence adage is correct: there are 
friendly nations, but no friendly intelligence services? If we 
suspect for whatever reason that the operatives of a foreign 
intelligence service, friend or foe, are operating against us, we 
should test them. We should dress up an enticing morsel, made to 
order for that specific target, and send it by them. If they take it, 
we have learned something we needed to know, and we have an 
operation. If they reject it, as true friends should, we have learned 
something, too. In either event, because we are testing a "friend," 
plausible deniability has to be strictly preserved. Every foreign 
service is a potential nontraditional adversary; no service should 
get a lifetime pass from US offensive CI operations.



The Second Commandment: Honor Your Professionals
It has been true for years, to varying degrees throughout the IC, 
that CI professionals have not been favored, to the extent they 
deserved, with promotions, assignments, awards, praise, esteem, or 
other recognition. The truth is that CI officers are not popular. 
They are not always welcome when they walk in. They usually bring bad 
news. They are easy marks to criticize when things go wrong. Their 
successes are their failures. If they catch a spy, they are roasted 
for having taken so long. If they are not catching anyone, why not? 
What have they done with all that money they spent on CI? It is 
no-win.

For much of my career, many of our best people avoided becoming CI 
specialists. CI was not prestigious. It had a bad reputation. It was 
not fast track. It did not lead to promotions or good assignments. 
Angleton left a distasteful legacy that for years discredited the CI 
profession. Ted Price did more than anyone else in the Agency to 
reverse that trend and to rehabilitate CI as a respected professional 
discipline.

Nevertheless, that battle is still not completely won. We have to do 
more to get our CI people promoted, recognized, and respected so that 
our best young officers will be attracted to follow us into what we 
know is a noble profession and where the need is so great.



The Third Commandment: Own the Street
This is so fundamental to CI, but it is probably the least followed 
of the commandments. Any CI program worthy of the name has to be able 
to engage the opposition on the street, the field of play for 
espionage. And when we do go to the street, we have to be the best 
service there. If we are beaten on the street, it is worse than not 
having been there at all.

For years, we virtually conceded the streets of the world's capitals, 
including the major espionage centers, to the KGB, the GRU, and the 
East European services because we either did not know how to do it or 
we were not willing to pay the price for a thoroughly professional, 
reliable, full-time, local surveillance capability.

Opposition intelligence officers have to be watched, known meeting 
areas have to be observed, and, when an operation goes down-often on 
short notice- undetectable surveillance has to cover it, identify the 
participants, and obtain evidence.

This capability is expensive-selection, training, vehicles, photo 
gear, video, radios, safe apartments, observation posts, and on and 
on-but, if we do not have it, we will be a second-rate CI service and 
will not break the major cases.



The Fourth Commandment: Know Your History
I am very discouraged when I talk to young CI officers today to find 
how little they know about the history of American CI. CI is a 
difficult and dangerous discipline. Many good, well-meaning CI people 
have gone wrong and made horrendous mistakes. Their failures in most 
cases are well documented, but the lessons are lost if our officers 
do not read the CI literature.

I find it inconceivable that any CI practitioner today could ply his 
or her trade without an in-depth knowledge of the Angleton era. Have 
our officers read Mangold? Have they read Legend and Wilderness of 
Mirrors? Do they know the Loginov case, HONETOL, MHCHAOS, Nosenko, 
Pollard, and Shadrin? Are they familiar with Aspillaga and the Cuban 
DA debacle? Have they examined our mistakes in the Ames and Howard 
cases? Are they staying current with recent releases like The 
Mitrokhin Archive and The Haunted Wood?

I believe it is an indispensable part of the formation of any 
American CI officer-and certainly a professional obligation-to study 
the CI failures of the past, to reflect on them, and to make sure 
they are not repeated.

The many CI courses being offered now are a positive step, but there 
will never be a substitute for a personal commitment on the part of 
our CI professionals to read their history, usually on their own time 
at home.



The Fifth Commandment: Do Not Ignore Analysis
Analysis has too often been the stepchild of CI. Throughout the CI 
community, we have fairly consistently understaffed it. We have 
sometimes tried to make it up as we go along. We have tried to do it 
on the cheap.

Generally speaking, operators make bad analysts. We are different 
kinds of people. Operators are actors, doers, movers and shakers; we 
are quick, maybe a little impulsive, maybe a little "cowboy." Our 
best times are away from our desks. We love the street. Research and 
analysis is really not our thing-and when we have tried to do it, we 
have not been good at it.

True analysts are different. They love it. They are more cerebral, 
patient, and sedentary. They find things we could not. They write 
better.

A lot of CI programs in the past have tried to make operators double 
as their own analysts. As a result, in the United States, CI analysis 
historically has been the weakest part of the business. Professional 
CI analysts have been undervalued and under appreciated.

A good CI program will recruit and train true analysts in sizable 
numbers. I do not think it would be excessive as a rule of thumb in a 
top notch CI service to be evenly divided between operators and 
analysts. Very few of our US CI agencies come anywhere close to that 
ratio.

Wonderful things happen when good analysts in sufficient numbers pore 
over our DA reports, presence lists, SIGINT, audio and teltap 
transcripts, maps, travel data, and surveillance reports. They find 
the clues, make the connections, and focus our efforts in the areas 
that will be most productive.

Many parts of the US CI community have gotten the message and have 
incorporated trained analysts into their operations, but others have 
not. Across the board, we still have serious shortfalls in good, 
solid CI analysis.



The Sixth Commandment: Do Not Be Parochial
More harm probably has been done to US CI over the years by 
interagency sniping and obstruction than by our enemies. I remember 
when the CIA and the FBI did not even talk to each other-and both had 
disdain for the military services. It is no wonder that CI was a 
shambles and that some incredibly damaging spies went uncovered for 
so long.

Occasionally in my career, I encountered instances of sarcasm or 
outright bad mouthing of other US Government agencies by my officers. 
That kind of attitude and cynicism infected our junior officers and 
got in the way of cooperation. These comments often were intended to 
flaunt our supposed "superiority" by demeaning the capabilities of 
the other organizations. I dealt with these situations by telling the 
officers to "knock it off," and I would encourage other CI 
supervisors around the community to do the same.

CI is so difficult, even in the best of circumstances, that the only 
way to do it is together. We should not let personalities, or 
jealousies, or turf battles get in the way of our common mission. Our 
colleagues in our sister services are as dedicated, professional, 
hardworking, and patriotic as we are, and they deserve our respect 
and cooperation. The best people I have known in my career have been 
CI people, regardless of their organizational affiliation. So let's 
be collegial.



The Seventh Commandment: Train Your People
CI is a distinct discipline and an acquired skill. It is not 
automatically infused in us when we get our wings as case officers. 
It is not just a matter of applying logic and common sense to 
operations, but is instead a highly specialized way of seeing things 
and analyzing them. CI has to be learned.

I do not know how many times in my career I have heard, "No, we do 
not really need a separate CI section. We are all CI officers; we'll 
do our own CI." That is a recipe for compromise and failure.

There is no substitute for a professional CI officer, and only 
extensive, regular, and specialized CI training can produce them. 
Such training is expensive, so whenever possible we should do it on a 
community basis to avoid duplication and to ensure quality.

CI is a conglomerate of several disciplines and skills. A typical 
operation, for example, might include analysts, surveillance 
specialists, case officers, technical experts, and DA specialists. 
Each area requires its own specialized training curriculum. It takes 
a long time to develop CI specialists, and that means a sustained 
investment in CI training. We are getting better, but we are not 
there yet.



The Eighth Commandment: Do Not Be Shoved Aside
There are people in the intelligence business and other groups in the 
US Government who do not particularly like CI officers. CI officers 
have a mixed reputation. We see problems everywhere. We can be 
overzealous. We get in the way of operations. We cause headaches. We 
are the original "black hatters."

Case officers want their operations to be bona fide. Senior 
operations managers do not want to believe that their operations are 
controlled or penetrated by the opposition. There is a natural human 
tendency on the part of both case officers and senior operations 
managers to resist outside CI scrutiny. They believe that they are 
practicing good CI themselves and do not welcome being second-guessed 
or told how to run their operations by so-called CI specialists who 
are not directly involved in the operations. I have seen far more 
examples or this in my CI career than I care to remember.

By the same token, defense and intelligence contractors and 
bureaucrats running sensitive US Government programs have too often 
tended to minimize CI threats and to resist professional CI 
intervention. CI officers, in their view, stir up problems and 
overreact to them. Their "successes" in preventing CI problems are 
invisible and impossible to measure, but their whistle blowing when 
problems are uncovered generate tremendous heat. It is not surprising 
that they are often viewed as a net nuisance.

When necessary, a CI service has to impose itself on the 
organizations and groups it is assigned to protect. A CI professional 
who is locked out or invited in only when it is convenient to the 
host cannot do his job.

My advice to my CI colleagues has always been this: "If you are 
blocked by some senior, obtuse, anti-CI officer, go around him or 
through him by going to higher management. And document all instances 
of denied access, lack of cooperation, or other obstruction to 
carrying out your CI mission. If not, when something goes wrong, as 
it likely will in that kind of situation, you in CI will take the 
blame."



The Ninth Commandment: Do Not Stay Too Long
CI is a hazardous profession. There should be warning signs on the 
walls: "A steady diet of CI can be dangerous to your health."

I do not believe anyone should make an entire, uninterrupted career 
of CI. We all who work in CI have seen it: the old CI hand who has 
gotten a bit spooky. It is hard to immerse oneself daily in the 
arcane and twisted world of CI without falling pray eventually to 
creeping paranoia, distortion, warping, and overzealousness in one's 
thinking. It is precisely these traits that led to some of the worst 
CI disasters in our history. Angleton and his coterie sadly 
succumbed, with devastating results. Others in the CIA and elsewhere 
have as well. The danger is always there.

My wife, who was working at the CIA when I met her, was well 
acquainted with this reputation of CI and the stories about its 
practitioners. When I was serving overseas and received the cable 
offering me the position as Ted Price's deputy in the new 
Counterintelligence Center, I discussed it with her that evening at 
home. Her response, I thought was right on the mark: "Okay, but do 
not stay too long."

Sensible and productive CI needs lots of ventilation and fresh 
thinking. There should be constant flowthrough. Non-CI officers 
should be brought in regularly on rotational tours. I also believe it 
is imperative that a good CI service build in rotational assignments 
periodically outside CI for its CI specialists. They should go spend 
two or three years with the operators or with the other groups they 
are charged to protect. They will come back refreshed, smarter, and 
less likely to fall into the nether world of professional CI: the 
school of doublethink, the us-against-them mindset, the 
nothing-is-what-it-seems syndrome, the wilderness of mirrors.



The Tenth Commandment: Never Give Up
The tenth and last commandment is the most important. What if the 
Ames mole hunters had quit after eight years instead of going into 
the ninth? What if, in my own experience, we had discontinued a 
certain surveillance operation after five months instead of 
continuing into the sixth? CI history is full of such examples.

The FBI is making cases against Americans today that involved 
espionage committed in the 1960s and 1970s. The Army's Foreign 
Counterintelligence Activity is doing the same. The name of the game 
in CI is persistence. CI officers who are not patient need not apply. 
There is no statute of limitations for espionage, and we should not 
create one by our own inaction. Traitors should know that they will 
never be safe and will never have a peaceful night's sleep. I 
applauded my CI colleagues in the FBI when I read not long ago of 
their arrest in Florida of a former US Army Reserve colonel for 
alleged espionage against the United States many years earlier. They 
obviously never gave up.

If we keep a CI investigation alive and stay on it, the next 
defector, the next penetration, the next tip, the next surveillance, 
or the next clue will break it for us.

If there were ever to be a mascot for US counterintelligence, it 
should be the pit bull.



In Conclusion

These are my 10 commandments of CI. Other CI professionals will have 
their own priorities and exhortations and will disagree with mine. 
That is as it should be, because as a country and as an Intelligence 
Community we need a vigorous debate on the future direction of US CI. 
Not everyone will agree with the specifics, or even the priorities. 
What we should agree on, however, is that strong CI has to be a 
national priority. Recent news reports from Los Alamos, Washington, 
and elsewhere have again underscored the continuing need for CI 
vigilance.

01/31/2002
-- 

--------------------------------------------------------------------------------------------------
The First, The Largest, The Most Popular, and The Most Complete TSCM,
Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet.
--------------------------------------------------------------------------------------------------
James M. AtkinsonPhone: (978) 546-3803
Granite Island GroupFax: (978) 546-9467
127 Eastern Avenue #291http://www.tscm.com/
Gloucester, MA 01931-8008mailto:jmatk@t...
--------------------------------------------------------------------------------------------------
People sleep peaceably in their beds at night only because rough
men stand ready to do violence on their behalf. - George Orwell
--------------------------------------------------------------------------------------------------
4737

From: tek492p <tek492p@y...> 
Date: Wed Feb 6, 2002 1:49am
Subject: Re: INTERTECT: Introduction
  
--- In TSCM-L@y..., MACCFound@a... wrote:
> 
> Nice equipment! Where did you and/or your staff get it's training?

=====================

"training??? or Experience!!!

I still have (in my museum) the R. B. Clifton "Hound Dog" Field 
Strength Meter that I purchased NEW back in 1970. This was the "in 
vogue" instrument of choice in the private sector for detecting 
hidden transmitters before the advent of the spectrum analyzer. And, 
of course I still have my dog-eared-with-pages-falling-out original 
copy of the back-then Bible of all electronic surveillance 
books, "The Electronic Invasion" by Robert M. Brown, copyright 1967 
(red cover edition).

I have been an amateur (ham) radio operator since 1970; in the United 
States Air Force for nine years in Electronics and Telecommunications 
(radio, telephone, teletype, Top Secret security clearance, NSA 
crypto); and worked at two television stations in the Engineering 
department in a "major market" (Los Angeles). (Yes, each television 
station had spectrum analyzers for the microwave links from the news 
vans and news helicopters).

So.....Have I sat in a classroom for two weeks with pencil & paper 
learning TSCM? The answer is no. For me that would be like 
repeating high school electronics class. For anyone that has an 
EXTENSIVE electronics background, TSCM is not difficult to learn. 
Just be sure and do all your homework.

As for my "staff"; they are not full-time employees, but work 
as "independent contractors". Some have military electronics 
experience, others work for the phone company. And, they all 
know "Ohm's Law".

Jack Lindauer
Intertect
Electronic Surveillance Countermeasures
Los Angeles, California
(818) 831-0515
4738

From: <MACCFound@a...> 
Date: Tue Feb 5, 2002 8:57pm
Subject: Re: Re: INTERTECT: Introduction
  
In a message dated 2/5/02 11:50:39 PM Pacific Standard Time, 
tek492p@y... writes:

<< For anyone that has an EXTENSIVE electronics background, TSCM is not 
difficult to learn >>

Thank you for sharing.
4739

From: James M. Atkinson <jmatk@t...> 
Date: Wed Feb 6, 2002 0:00pm
Subject: Microsoft's Really Hidden Files: A New Look At Forensics (v2.6)
  
Microsoft's Really Hidden Files: A New Look At Forensics (v2.6)
By The Riddler
November 3, 2001
(v2.0 finished May 16, 2001; v1.0 finished June 11, 2000)

Written with Windows 9x in mind, but not limited to.

DISCLAIMER:

I will not be liable for any damage or lost information, whether due to
reader's error, or any other reason.

SUMMARY:

There are folders on your computer that Microsoft has tried hard to keep
secret. Within these folders you will find two major things: Microsoft
Internet Explorer has not been clearing your browsing history after you have
instructed it to do so, and Microsoft's Outlook Express has not been deleting
your e-mail correspondence after you've erased them from your Deleted Items
bin. (This also includes all incoming and outgoing file attachments.) And
believe me, that's not even the half of it.

When I say these files are hidden well, I really mean it. If you don't have
any knowledge of DOS then don't plan on finding these files on your own. I
say this because these files/folders won't be displayed in Windows Explorer at
all -- only DOS. (Even after you have enabled Windows Explorer to "show all
files.") And to top it off, the only way to find them in DOS is if you knew
the exact location of them. Basically, what I'm saying is if you didn't know
the files existed then the chances of you running across them is slim to
slimmer.

It's interesting to note that Microsoft does not explain this behavior
adequately at all. Just try searching on microsoft.com.

FORWARD:

I know there are some people out there that are already aware of some of the
things I mention. I also know that most people are not. The purpose of this
tutorial is teach people what is really going on with Microsoft's products and
how to take control of their privacy again. This tutorial was written by me,
so if you see a mistake somewhere then it is my mistake, and I apologize.

Thanks for reading.

INDEX:

1) DEFINITIONS
1.1) Ancronyms
2) SEEING IS BELEIVING
3) HOW TO ERASE THE FILES ASAP
3.1) If You Have Ever Used Microsoft Internet Explorer
3.2) Clearing Your Registry
3.3) Slack files
3.4) Keeping Microsoft's Products
4) STEP-BY-STEP GUIDE THROUGH YOUR HIDDEN FILES (For the savvy.)
5) HOW MICROSOFT DOES IT
6) +S MEANS [S]ECRET NOT [S]YSTEM.
7) A LOOK AT OUTLOOK
8) THE TRUTH ABOUT FIND FAST
8.1) Removing Find Fast
9) CONTACT INFORMATION AND PGP BLOCKS
9.1) Recommended reading
10) SPECIAL THANKS
11) REFERENCES

Coming in version 3.0:

ù pstores.exe
ù Related Windows Tricks.
ù Looking back on the NSA-Key.
ù Researching the [Microsoft Update] button.
ù Why the temp folders aren't intended to be temporary at all.
ù What's with Outlook Express's .dbx database files?
ù Win2K support.


1.0. DEFINITIONS

I) A "really hidden" file/folder is one that cannot be seen in Windows
Explorer after enabling it to "show all files," and cannot be seen in MS-DOS
after receiving a proper directory listing from root.

a) There is at least one loophole to enable Windows Explorer to see them.
b) There is at least one loophole to enable MS-DOS to see them.

II) Distinguishes "really hidden" file/folders from just plain +h[idden] ones,
such as your "MSDOS.SYS" or "Sysbckup" folder.

III) Distinguishes from certain "other" intended hidden files, such as a file
with a name with high ascii characters (eg, "Yëï¨o").

(Interesting to note that Microsoft has disabled the "Find: Files or Folders"
from searching through one of these folders.)


1.1. ANCRONYMS

DOS = Disk Operating System aka MS-DOS
MSIE = Microsoft Internet Explorer
TIF = Temporary Internet Files (folder)
HD = Hard Drive
OS = Operating System
FYI = For Your Information


2. SEEING IS BELEIVING

No. Enabling Windows Explorer to "show all files" does not show the files in
mention. No. DOS does not list the files after receiving a proper directory
listing from root. And yes. Microsoft intentionally disabled the "Find"
utility from searching through one of the folders.

Oh, but that's not all.

Just from one of these files I would be able to tell you which web sites you
previously visited, what types of things you search for in search engines, and
probably gather your ethnicity, religion, and sexual preference. Needless to
say one can build quite a profile on you from these files. It has the
potential to expose and humiliate -- putting your marriage, friendship, and
corporation at risk. Here's one good example of the forensic capabilities..

"I've been reading your article as I have a problem with an employee of mine.
He has been using the works pc for the internet and using it to chat and look
at porn sites. He was then deleting the cookies and history in order to cover
his tracks. A friend of mine pointed me in the direction of this site and
your article. I have found it to be incredibly useful,..."

--Concerned Boss, 8/24/01

One more thing. They contain your browsing history at ALL times. Even after
you have instructed Microsoft Internet Explorer to clear your history/cache.
And so the saying goes, "seeing is believing..."

To see for yourself simply do as you would normally do to clear your browsing
history. Go to Internet Options under your Control Panel. Click on the
[Clear History] and [Delete Files] buttons. (Make sure to include all offline
content.)

So, has your browsing history been cleared? One would think so...

Skipping the to chase here. These are the names and locations of the "really
hidden files:"

c:\windows\history\history.ie5\index.dat
c:\windows\tempor~1\content.ie5\index.dat

If you have upgraded MSIE several times, they might have alternative names of
mm256.dat and mm2048.dat, and may also be located here:

c:\windows\tempor~1\
c:\windows\history\

Not to mention the other alternative locations under:

c:\windows\profiles\%user%\...
c:\windows\application data\...
c:\windows\local settings\...
c:\windows\temp\...
c:\temp\...

FYI, there are a couple other index.dat files that get hidden as well, but
they are seemingly not very important.


3.0. HOW TO ERASE THE FILES ASAP

Step by step information on how to erase these files as soon as possible.
This section is recommended for the non-savvy. Further explanation can be
found in Section 4.0. Please note that following these next steps will erase
all your internet cache and cookies files. If you use the offline content
feature with MSIE, it will remove this as well. It will not erase your
bookmarks.


3.1. IF YOU HAVE EVER USED MICROSOFT INTERNET EXPLORER

1) Shut your computer down, and turn it back on.
2) While your computer is booting keep pressing the [F8] key until you are
given an option screen.
3) Choose "Command Prompt Only." This will take you to real DOS mode. ME
users must use a bootdisk to get into real DOS mode.
4) When your computer is done booting, you will have a C:\> followed by a
blinking cursor. Type in this hitting enter after each line (sans
parenthesis):

C:\WINDOWS\SMARTDRV (Loads smartdrive to speed things up.)
CD\
DELTREE/Y TEMP (This line removes temporary files.)
CD WINDOWS
DELTREE/Y COOKIES (This line removes cookies.)
DELTREE/Y TEMP (This removes temporary files.)
DELTREE/Y HISTORY (This line removes your browsing history.)
DELTREE/Y TEMPOR~1 (This line removes your internet cache.)

(If this last line doesn't work then type this:)

CD\WINDOWS\APPLIC~1
DELTREE/Y TEMPOR~1

(If this doesn't work then type this:)

CD\WINDOWS\LOCALS~1
DELTREE/Y TEMPOR~1

(If this still does not work, and you are sure you are using MSIE 5.x, then
feel free to e-mail me. If you have profiles turned on, then it is likely
located under \windows\profiles\%user%\, while older versions of MSIE keep
them under \windows\content\.)

This last one will take a ridiculous amount of time to process. The reason it
takes so incredibly long is because there is a TON of useless cache stored
on your HD.

5) Immediately stop using Microsoft Internet Explorer and go with any of the
alternative browsers out there. Netscape 4.7x from netscape.net, mozilla from
mozilla.org, or opera from opera.com.

FYI, Windows re-creates the index.dat files automatically when you reboot your
machine so don't be surprised when you see them again. They should at least
be cleared of your browsing history.


3.2. CLEARING YOUR REGISTRY

It was once believed that the registry is the central database of Windows that
stores and maintains the OS configuration information. Well, this is wrong.
Apparently it also maintains a bunch of other information that has absolutely
nothing to do with the configuration. I won't get into the other stuff but
for one, your Typed URLs are stored in the registry.

HKEY_USERS/Default/Software/Microsoft/Internet Explorer/TypedURLs/
HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/TypedURLs/

These "Typed URLs" come from MSIE's autocomplete feature. It records all URLs
that you've typed in manually in order to save you some time filling out the
address field. By typing "ama" the autocomplete feature might bring up
"amazon.com" for you. Although, I find it annoying, some people prefer this
feature. One thing is for sure however -- it's an obvious privacy risk. You
wouldn't want a guest to type "ama" and have it autocomplete to
"amaturemudwrestlers.com" now would you?

You can clear your Typed URLs out of your registry by doing going to your
Control Panel > Internet Options > Content > [AutoComplete] > and finally
[Clear Forms]. If you feel the AutoComplete feature is a privacy risk, then
uncheck the appropriate boxes here.

FYI, this section has nothing to do with "really hidden files." It was added
so people can completely clear their browsing history before having to ditch
Microsoft Internet Explorer.


3.3. SLACK FILES

As you may already know, deleting files only deletes the references to them.
They are in fact still sitting there on your HD and can still be recovered by
a very motivated person.

ù BCWipe is a nice program that will clear these files. (www.bcwipe.com).
ù For you DOS buffs, there's a freeware file wiper on simtel.net that I use.
(www.simtel.net/pub/dl/45631.shtml).
ù If you are using PGP then there is a "Freespace Wipe" option under PGPtools.
ù The newer versions of Norton Utilities has a nice filewiping utility.
ù You might want to check out Evidence Eliminator's 30 day trial. This is
probably the best program as far as your privacy goes.
(www.evidence-eliminator.com)


3.4. KEEPING MICROSOFT'S PRODUCTS

If your work environment forces you to use Microsoft Internet Explorer then I
strongly recommend that you talk your boss into checking out one of these
programs:

ù PurgeIE (www.aandrc.com/purgeie)
ù Cache and Cookie Cleaner for IE (www.webroot.com/washie.htm)
ù Anonymizer Window Washer (www.anonymizer.com/anonwash)

These programs automate the process for you, and is far better then having to
ad 'deltree/y' lines to your autoexec.

AND if your work environment forces you to use Outlook or Outlook Express then
you should get in the habit of compacting your mailboxes.

You can do this by going to File > Folder > Compact All if you have Outlook
Express.

or

Tools > Options > Other tab > [Auto Archive] if you have Outlook. Make sure
to set things up here.


4.0. STEP-BY-STEP GUIDE THROUGH YOUR HIDDEN FILES

This next section is intended for the savvy user.

The most important files to be paying attention to are your "index.dat" files.
These are database files that reference your history, cache and cookies. The
first thing you should know is that the index.dat files is that they don't
exist in less you know they do. They second thing you should know about them
is that some will *not* get cleared after deleting your history and cache.

The result:

A log of your browsing history hidden away on your computer after you thought
you cleared it.

To view these files, follow these steps:

In MSIE 5.x, you can skip this first step by opening MSIE and going to Tools >
Internet Options > [Settings] > [View Files]. Now write down the names of
your alphanumeric folders on a piece of paper. If you can't see any
alphanumeric folders then start with step 1 here:

1) First, drop to a DOS box and type this at prompt (in all lower-case) to
bring up Windows Explorer under the correct directory...

c:\windows\explorer /e,c:\windows\tempor~1\content.ie5\

You see all those alphanumeric names listed under "content.ie5?" (left-hand
side.) That's Microsoft's idea of making this project as hard as possible.
Actually, these are your alphanumeric folders that was created to keep your
cache. Write these names down on a piece of paper. (They should look
something like this: 6YQ2GSWF, QRM7KL3F, U7YHQKI4, 7YMZ516U, etc...) If you
click on any of the alphanumeric folders then nothing will be displayed. Not
because there aren't any files here, but because Windows Explorer has lied to
you. If you want to view the contents of these alphanumeric folders you will
have to do so in DOS. (Actually, this is not always true. *Sometimes*
Windows Explorer will display the contents of the alphanumeric folders -- but
mostly it won't. I can't explain this.)

2) Then you must restart in MS-DOS mode. (Start > Shutdown > Restart in
MS-DOS mode. ME users use a bootdisk.)

Note that you must restart to DOS because windows has locked down some of the
files and they can only be accessed in real DOS mode.

3) Type this in at prompt:

CD\WINDOWS\TEMPOR~1\CONTENT.IE5
CD %alphanumeric%
(replace the "%alphanumeric%" with the first name that you just wrote down)

DIR/P

The cache files you are now looking at are directly responsible for the
mysterious erosion of HD space you may have been noticing. One thing
particularly interesting is the ability to view some your old e-mail if you
happen to have a hotmail account. (Oddly, I've only been able to retreive
hotmail e-mail, and not e-mail from my other web-based e-mail accounts. Send
me your experiences with this.) To see them for yourself you must first copy
them into another directory and THEN open them with your browser. Don't ask
me why this works.

A note about these files: These are your cache files that help speed up
your internet browsing. It is quite normal to use this cache system, as every
major browser does. On the other hand. It isn't normal for some cache files
to be left behind after you have instructed your browser to erase it.

5) Type this in:

CD\WINDOWS\TEMPOR~1\CONTENT.IE5
EDIT /75 INDEX.DAT

You will be brought to a blue screen with a bunch of binary.

6) Press and hold the [Page Down] button until you start seeing lists of URLs.
These are all the sites that you've ever visited as well as a brief
description of each. You'll notice it records everything you've searched for
in a search engine in plain text, in addition to the URL.

7) When you get done searching around you can go to File > Exit. If you don't
have mouse support in DOS then use the [ALT] and [Arrow] keys.

8) Next you'll probably want to erase these files by typing this:

C:\WINDOWS\SMARTDRV
CD\WINDOWS
DELTREE/Y TEMPOR~1

(replace "cd\windows" with the location of your TIF folder if different.)

This will take a seriously long time to process. Even with smartdrive loaded.

9) Then check out the contents of your History folder by typing this:

CD\WINDOWS\HISTORY\HISTORY.IE5
EDIT /75 INDEX.DAT

You will be brought to a blue screen with more binary.

10) Press and hold the [Page Down] button until you start seeing lists of URLS
again.

This is another database of the sites you've visited.

11) And if you're still with me type this:

CD\WINDOWS\HISTORY

12) If you see any mmXXXX.dat files here then check them out (and delete
them.) Then...

CD\WINDOWS\HISTORY\HISTORY.IE5
CD MSHIST~1
EDIT /75 INDEX.DAT

More URLs from your internet history. Note, there are probably other mshist~x
folders here so you can repeat these steps for every occurence if you please.

13) By now you'll probably want to type in this:

CD\WINDOWS
DELTREE/Y HISTORY


5.0. HOW MICROSOFT DOES IT

How does Microsoft make these folders/files invisible to DOS?

The only thing Microsoft had to do to make the folders/files invisible to a
directory listing is to set them +s[ystem]. That's it. As soon as the dir/s
command hits a system folder, it renders the command useless (unlike normal
folders.) A more detailed explanation is given in Section 6.

So how does Microsoft make these folders/files invisible to Windows Explorer?

The "desktop.ini" is a standard text file that can be added to any folder to
customize certain aspects of the folder's behavior. In these cases, Microsoft
utilized the desktop.ini file to make these files invisible. Invisible to
Windows Explorer and even to the "Find: Files or Folders" utility (so you
wouldn't be able to perform searches in these folders!) All that Microsoft
had to do was create a desktop.ini file with certain CLSID tags and the
folders would disappear like magic.

To show you exactly what's going on:

Found in the c:\windows\temporary internet files\desktop.ini and the
c:\windows\temporary internet files\content.ie5\desktop.ini contains this
text:

[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}

Found in the c:\windows\history\desktop.ini and the
c:\windows\history\history.ie5\desktop.ini contains this text:

[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}

The UICLSID line cloaks the folder in Windows Explorer. The CLSID line
disables the "Find" utility from searching through the folder. (Additionally,
it gives a folder the appearance of the "History" folder.)

To see for yourself, you can simply erase the desktop.ini files. You'll see
that it will instantly give Windows Explorer proper viewing functionality
again, and the "Find" utility proper searching capabilities again. Problem
solved right? Actually, no. As it turns out, the desktop.ini files get
reconstructed every single time you restart your computer. Nice one, Slick.

Luckily there is a loophole which will keep Windows from hiding these folders.
You can manually edit the desktop.ini's and remove everything except for the
"[.ShellClassInfo]" line. This will trick windows into thinking they have
still covered their tracks, and wininet won't think to reconstruct them.

I can't stress how ridiculous it is that Windows actually makes sure the files
are hidden on every single boot. No other files or folders get this kind of
special treatment. So what's the agenda here?


6.0. +S MEANS [S]ECRET NOT [S]YSTEM

Executing the "dir/a/s" command from root *should* be the correct command to
display all files in all subdirectories in DOS. However, doing so will not
display the index.dat files. This is because when DOS tries to get a list of
the subdirectories of any +s[ystem] directory it hits a brick wall. No files
or folders will be listed within any system directory. Not only does this
defeat the whole purpose of the "/s" switch in the first place, but I'd say it
looks like Microsoft took extra precautions to keep people from finding the
files. Remember. The only thing you need to do to obscure a file in DOS is
to mark the parent directory +s[ystem].

I was told by a few people that this was due to a very old DOS bug that dates
back many years. Fine. I can accept that. A bug it is.

But, would you consider your Temporary Internet Files to be "system files?"
It would seem that your TIF folder appears to be marked +s[ystem] for no good
reason at all. Just because. Same with your history folder. You may not
agree, but I tend to think that Microsoft marked the folders as +s[ystem]
solely to hide any directory recursal from DOS.

In case you didn't understand, here's a small experiment that will show you
what I mean...

Since the content.ie5 and history.ie5 subfolders are both located within a
+s[ystem] folder, we will run the experiment with them. The proper command to
locate them *should* be this:

CD\
DIR *.IE5 /as/s

The problem is that you will receive a "No files found" error message.

Since we already know there is a content.ie5 subfolder located here, why is
it giving me the "no files found" message?

But there is a way to get around this brick wall. That is, once you are
inside the system directory, then it no longer has an effect on the dir
listings. For example, if you enter the system folder first, and THEN try to
find any +s[ystem] directories you can see them just fine:

CD\WINDOWS\TEMPOR~1
DIR *.IE5 /as/s

1 folder(s) found.

Now you will get a "1 folder(s) found." message. (But only after you knew the
exact location.)

In other words, if you didn't know the files existed then finding them would
be almost impossible.

And, by the way. To see the "bug" in progress...

CD\
DIR *.IE5 /a/s

It will echo "no files found."

Now, just take away the system attributes from the parent directory...

CD\WINDOWS
ATTRIB -S TEMPOR~1

And retry the test...

CD\
DIR *.IE5 /a/s

It will echo "1 folder(s) found."


7.0. A LOOK AT OUTLOOK EXPRESS

Would you think twice about what you said if you knew it was being recorded?
E-mail correspondence leaves a permanent record of everything you've said --
even after you've told Outlook Express to erase it. You are given a false
sense of security sense you've erased it twice, so surely it must be gone.
The first time Outlook simply moves it to your "Deleted Items" folder. The
second time you erase it Outlook simply "pretends" it is gone. The truth is
your messages are still being retained in the database files on your HD.
(As with your e-mail attachments.)

For earlier versions of Outlook Express, they will be located in either of
the following folder:

c:\program files\internet mail and news\%user%\mail\*.mbx
c:\windows\application data\microsoft\outlook\mail\*.mbx

At this point you have two choices.

a) Get in the habit of compacting your folders all the time.
b) Backup, print-out, or import the data into another e-mail client such as
Eudora and then delete the mbx files (and thus all your e-mail correspondence)
by typing this:

cd\progra~1\intern~1\%user%\mail
deltree/y mail

or

cd\windows\applic~1\micros~1\outloo~1\
deltree/y mail

*Typing in the above commands will kill all your e-mail correspondence. Do
not follow those steps in less you have already exported your e-mail and
address book!

If you have a newer version of Outlook or Outlook Express the databases are
located elsewhere. Look for .dbx and .pst file extensions. These databases
are five times as creepy, and I strongly recommend you take at the files.

Just from my outbox.dbx file I was able to view some of my old browsing
history, bring up previously-visited websites in html format, and even read
ancient e-mail from my Eudora client (read: EUDORA).

Again, don't take my word for it. See for yourself and THEN tell me what you
think Slick Willy is up to here.


8.0. THE TRUTH ABOUT FIND FAST

Have you ever wondered what that "Find Fast" program was under your control
panel? Here's a hint: It has absolutely nothing to do with the "Find"
utility located under the [Start] menu. Just to clear up any confusion before
going on, Oblivion adequately explains Find Fast here:

"In any version of Word after 95, choose File Open and you'll get the Office
App Open dialog. Instead of just a space for the file name, there are text
boxes for file name, files of type, text or property & last modified. These
are search criteria you can use to find one or more files. There is also an
"Advanced" button that opens a dedicated search dialog with more options.
When you use either of these dialogs to perform a search, that search process
uses the indexes built by Find Fast."

--Oblivion

But what would you say if I told you that Find Fast was scanning every single
file on your hard drive? Did you know that in Office 95, the Find Fast
Indexer had an "exclusion list" comprised of .exe, .swp, .dll and other
extensions, but the feature was eliminated? If you were a programmer would
you program Find Fast to index every single file, or just the ones with Office
extensions?

FYI, If you have ever had problems with scandisk or defrag restarting due to
disk writes, it is because Find Fast was indexing your hard drive in the
background. It loads every time you start your computer up.

Now here is a good example of the lengths Microsoft has gone through to keep
people from finding out Find Fast is constantly scanning and indexing their
hard drives. (Always good to have an alibi.) Here's a snippet taken from
microsoft.com:

"When you specify the type of documents to index in the Create Index dialog
box, Find Fast includes the document types that are listed in the following
table.

Document type File name extension
------------- -------------------

MS Office and Web Documents All the Microsoft Excel, Microsoft
PowerPoint, Microsoft
Project, and Microsoft Word document types
listed in this table. Microsoft Binder
(.odb, .obt) and Microsoft Access (.mdb)
files. Note that in .mdb files, only
document properties are indexed.

Word documents .doc (document),
.dot (template), .ht* (Hypertext Markup
Language document), .txt (text file), .rtf
(Rich Text Format) files, Excel workbooks
.xl* files

PowerPoint .ppt (presentation), .pot (template), .pps
(auto-running presentation) files

Microsoft Project files .mpp, .mpw, .mpt, .mpx, .mpd files

All files *.* files"


Did you get that last part? "All files?" Find Fast indexes Office Documents,
Web documents, Word Documents, Power Point files, Project files, and (oh I
forgot) EVERY SINGLE other file on your computer.

Actually, the good news is that this isn't necessarily true. In another
statement Microsoft claims that if Find Fast deems the file "unreadable" then
the file will not be included in the index. For example, your command.com
probably wouldn't get indexed because it doesn't have a lot of plain text --
mostly binary.

But, back to the bad news. Every single file that has legible text is going
to be included in the Find Fast database. Do you understand the implication
here? ALL TEXT SAVED TO YOUR HARD DRIVE IS INDEXED. The forensic
capabilities are enormous, folks. Don't forget "all text" also means
previously-visited webpages from your cache. See for yourself...

1) Open up a DOS window and type...
2) CD\
3) DIR FF*.* /AH (This will bring up a list of the find fast databases.)
4) EDIT /75 %ff% (insert %ff% with any of the names that were listed.)

Notice the incredible amount of disk accesses to your cache and history
folders? Why do we need two indexes?


8.1. REMOVING THE FIND FAST PROGRAM

You can remove Find Fast using your Office CD, but I recommend you do it
manually...

1) Reboot your computer in MS-DOS Mode.
2) Delete the findfast.cpl file from c:\windows\system\.
3) Delete the shortcut (.lnk) under c:\windows\start menu\programs\startup\.
4) Delete the findfast.exe file from c:\progra~1\micros~1\office\.
5) Important to delete the find fast databases (c:\ff*.*).
6) You can also safely delete FFNT.exe, FFSetup.dll, FFService.dll, and
FFast_bb.dll if you have them.

Feel free to check out the ffastlog.txt (which is the Find Fast error log).
It's a +h[idden] file under c:\windows\system\.


9. CONTACT INFO AND PGP BLOCKS

This tutorial is being updated all the time. If you have any useful input, or
if you see a mistake somewhere, then please e-mail me so I can compile it into
future versions. You will be able to find the most recent version of this
tutorial at fuckmicrosoft.com. I am not affiliated with the site.

My e-mail address is located at the end of this note. Please let me know
where you heard about this tutorial in your message. If you have something
important to say to me, then please use encryption. My public key blocks are
located below. Be suspicious if you send me an encrypted message but never
get a reply.

Thanks for reading,

-- The Riddler
theriddler@f...

My 2.6.2 block is no longer valid because my secring was nuked. When I
created another keyring with another version of PGP, it read my "SET PGPPATH="
line and copied a new ring over my old one. No backups were made. Moral of
the story: Backup your keys.

My PGP 2.6.3 Block:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3a
Comment: Compatible with PGP 2.6.x

mQCNAzvVzqgAAAEEANT+lnfVk79zr/eYkLHs+euTg/JBSQXmUWB5dMxv4Vvv4Xes
CnaNrv5Udi3hfABKb1tq41N6kPJ/n/Qz/vSW52Z4wg+Q+ZGGoITIJ1p8bDOceb2Q
EsMsY7kzCHqkBF0N53TuVt+ywhVncN+CqecVvhuQ4RXUOVUvru7gGcd76OVxAAUR
tAt0aGUgcmlkZGxlcokAlQMFEDvVzqju4BnHe+jlcQEBC14EAM3Th47aEChB0GAf
5xGlLPQnrj6zyf5uovj12PEFnCOwcEhDDAuq4Ito7Keb22DqwlJDNChIM7xLx8bZ
d9VaMpkirFzgvFmGu5eNGp18rR9EyIVY/tTdWlRcsUL/nw2XNXxw51tHE7M/O1fp
Un4qIcG0CfAQ1QCUfqOwTWbFH/Wy
=muLu
-----END PGP PUBLIC KEY BLOCK-----

My GPG 1.0.6 Block:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (MingW32)

mQGhBDu3TSERBACO0Fx9pjMULe6qLQwOgfvdnQconLOMyftZdp9+ZX6t29ebJ/Z5
qQOJ9ce9Xr6Lj4u+M9VDx1FK5ueoD45bUAy0HAvYDV/HEu2vCRimpbreDky/U88a
XL59Pe8qwnmfUzYc/LnH86VCr4lPmpbz6/adXj44xE6EwkhFcq6BD4isCwCg8zZO
Hk9+KEKOyPHIFWq7TUA/JdUD/jWtNrGZ0tfSAS0WDiBifsBr1HW7n2IMDFX1anqC
DN0ToM5IFWGDkOh1NUvP0RvyrnNuBOP/oWxkPLR0nVvifETF0iG9o+kfitC9NmJn
QP/iw4WhCoHRCc5wqnAAXQC9j8JdodQ8E5VnfnNGkttgWz7mNzBongrIoTdfVdtf
o5NwA/d/lwMhGE0HNXnXOgRBcPjGD0LsR8pFoSP/HJ9Hu3zms2cbQqN2O/f99H2G
s9mXR7uvicu9SbKoTwFkptLVbOQIhvBnw0fTlZGrUsaiw4vzt99PffTKq1FPIpQe
K7HcnUK2+ZSVs5PxGiDckobJEjBssSw9Lg5RSNMy9H7s9jv3tAt0aGUgcmlkZGxl
cohXBBMRAgAXBQI7t00iBQsHCgMEAxUDAgMWAgECF4AACgkQ/bqXDRMV1MxyMgCc
CH2uO/f46JgQ0pspQxi7IBv0yNQAn11ebXHbZGuADwuBun1EnQCJb8VIuQINBDu3
UOAQCADKG2mf/FW3kuSAGoFmIMBm4l6m0O7denwUIpZP2jxeNTLmLW6ntGglHP++
wEQpHjKTJfXoSHZH0euuXVZ9hOVdf1+PuRNy0DzrDDiKX7fdQ6eSbw+heSWc0kOF
AB1j3pcovG4K2+bK66039kQLIT3kNUZgh9DdMZjIFzBg90aQnaEm5LLMkv1FNVZP
YehZm3RRIpLAX5vkJJbUA/VVh/FXDG5f21iAGDHgSdKsLW2JNDAWe6/rY0GV5dgx
C0gsqBn1rxNNDyG+z6nFCQtohL/x5zdTzedLQBjIlao91mSWhBsyxiX8mjhvGO97
o6zVUG5KHBKGmvWMqlyOsGY9VSbDAAMGCADIaFAcE+ADY3ku9Fy0NIlJhbj578YY
xpsE6KvZI1OqbHSoBnN06A3Mpxp4QRBXlr9eRRl+zMTQl1VcVWkahZYNapOqq6L3
wHBmf9psggCBxqQdI9n5zxnlkphb50J7G9UevB/IGzlW2fe7WMWjo2GegIvGHVWr
qeZgyaNf/CyMtihAX3O86rpqakq//nJvQ9MPcp/Brr9KT2NxBlpBm6xWY35IL5FG
dZ2hpHaO1TC6bdmWUPhvzmSVtD9f0AnnJEgVc03vBz7xJrc1IEa1DeRdfFNvkoch
+mNjc+fBAIQrVMCQ33u+yP/DWSdThrhxz1tAGWV7SlwxVyg6JPRQJ+moiEYEGBEC
AAYFAju3UOAACgkQ/bqXDRMV1MwVnACfaGrJRv2lgWHQbQWwv55t2cT+QWEAnA/n
ckswjlC9aNcBkcFl7X1SX8JX
=pFTK
-----END PGP PUBLIC KEY BLOCK-----


9.1. RECOMMENDED READING

http://www.theregister.co.uk/content/4/18002.html
http://www.findarticles.com/m0CGN/3741/55695355/p1/article.jhtml
http://www.mobtown.org/news/archive/msg00492.html
http://194.159.40.109/05069801.htm
http://www.yarbles.demon.co.uk/mssniff.html
http://www.macintouch.com/o98security.html
http://www.theregister.co.uk/content/archive/3079.html
http://www.fsm.nl/ward/
http://slashdot.org
http://www.peacefire.org
http://stopcarnivore.org
http://nomorefakenews.com
http://grc.com/steve.htm#project-x


10. SPECIAL THANKS (and no thanks)

This version I want to give special thanks to Concerned Boss, Oblivion, and
the F-Prot virus scanner.

I also want to take this time to show my dissatisfaction to the New Zealand
Herald. Although partly flattering, it was more disgusting to see a newspaper
try to take credit for my work.


11. REFERENCES

http://support.microsoft.com/support/kb/articles/Q137/1/13.asp
http://support.microsoft.com/support/kb/articles/Q136/3/86.asp
http://support.microsoft.com/support/kb/articles/Q169/5/31.ASP
http://support.microsoft.com/support/kb/articles/Q141/0/12.asp
http://support.microsoft.com/support/kb/articles/Q205/2/89.ASP
http://support.microsoft.com/support/kb/articles/Q166/3/02.ASP
http://www.insecure.org/sploits/Internet.explorer.web.usage.logs.html
http://www.parascope.com/cgi-bin/psforum.pl/topic=matrix&disc=514&mmark=all
http://www.hackers.com/bulletin/
http://slashdot.org/articles/00/05/11/173257.shtml
http://peacefire.org

COPYRIGHT INFORMATION

This article has been under the protection of copyright laws the moment it was
fixed in a tangible form. In less otherwise agreed, this article may only be
distributed as a whole and without modification. Thank you.
-- 

--------------------------------------------------------------------------------------------------
The First, The Largest, The Most Popular, and The Most Complete TSCM,
Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet.
--------------------------------------------------------------------------------------------------
James M. AtkinsonPhone: (978) 546-3803
Granite Island GroupFax: (978) 546-9467
127 Eastern Avenue #291http://www.tscm.com/
Gloucester, MA 01931-8008mailto:jmatk@t...
--------------------------------------------------------------------------------------------------
People sleep peaceably in their beds at night only because rough
men stand ready to do violence on their behalf. - George Orwell
--------------------------------------------------------------------------------------------------
4740

From: Marty Kaiser <martykaiser@p...> 
Date: Wed Feb 6, 2002 9:55am
Subject: Fw: History in the making
  
Hi Gang

HISTORY IN THE MAKING
IMMEDIATELY download and save this file... then read it.

http://www.martykaiser.com/fbi1~1.htm

Marty


[Non-text portions of this message have been removed]
4741

From: Steve Whitehead <sceptre@m...> 
Date: Wed Feb 6, 2002 3:05pm
Subject: Fw: Steve, The COMSEC C3I Story
  
Received this on my e-mail tonight. I think the list discussed this device a
while back.

Steve Whitehead
E-mail : sceptre@m...
TSCM Services URL : http://www.tscm.co.za

----- Original Message -----
From: "COMSEC" <mjneer@c...>
To: <sceptre@m...>
Sent: Wednesday, February 06, 2002 6:48 PM
Subject: Steve, The COMSEC C3I Story


> INVENT A PRODUCT, Change a Industry, Shake up the World!
> How the Hunted Became the Hunter
>
> The story HOW I invented and patented the COMSEC C3I TM
> United States Patent #5,142,560, a telecommunications
> security device that detects wiretapping, surveillance,
> espionage previously undetectable.
>
> The Chicago Commodities Exchanges were the target of a US
> Government undercover investigation during 1988-1989. I was
> a Foreign Exchange Floor Trader at the Chicago Mercantile
> Exchange during that time. I had a gut instinct that my
> telephones were being wiretapped. I was right, you just
> can't say enough about gut instinct.
>
> I have friends and acquaintances that are top tier criminal
> defense attorneys. I went to these friends to ask what they
> thought the likelihood was that my telephones could be
> wiretapped. They pretty much all agreed that unless there
> was millions of dollars involved, sensational newspaper
> headlines and coverage or unless I was dealing with the
> wrong people, the likelihood of my telephones being
> wiretapped were extremely unlikely.
>
> The Attorney General of the United States came to
> Chicago, IL 3 months later to announce the indictments of
> 47 commodities traders for various offenses. The 2 year
> undercover government investigation of the Chicago
> commodities markets happened to include the trading pit I
> traded in.
>
> Furthermore, the FBI had an undercover agent working in the
> trading pit I traded in. There were millions of dollars
> involved. On the day the Government decided to announce the
> indictments there was a huge news media circus with
> accompanied news headlines about the 47 indicted commodity
> traders.
>
> The day the indictments were announced everything came
> together. At this point I knew I was on to something.
> I called the people who teach the government how to wiretap
> and how to detect wiretapping. They all told me it was
> impossible to detect these wiretaps because of the way they
> are engineered. They told me these wiretaps are
> "electronically isolated" to prevent detection. I was told
> that "it wasn't possible to detect these wiretaps."
>
> Next, I went to the Chicago Library Patent Depository.
> I read and researched all I could find on wiretapping. I
> read all the patents on wiretapping equipment and
> wiretapping detection equipment. I found what I thought was
> the possible means to detect undetectable wiretapping and
> started to construct a device to detect these wiretaps.
>
> Success
>
> I could now detect and confirm the governments
> "undetectable" wiretapping/surveillance. The government was
> not amused. At this point the government decided to flex
> its muscle. The Government assigned a federal agent to an
> electronic parts store where I bought components for the new
> invention.
>
> For a period of 3 weeks I couldn't buy a newspaper without
> a boy scout coming up to the counter to document how I
> bought anything. I was wiretapped, followed, photographed
> and now the government decided to set up physical
> surveillance at a electronics part store where I purchased
> parts for the prototype of the new invention.
>
> I was now ready to complete my Patent Application to be
> filed with the Department of Commerce Commissioner of
> Patents and Trademarks. I warned a Patent Attorney I was
> working with at the time that there could be some blow back.
> He assured me he had been through this before and that
> there wasn't anything to be concerned about.
>
> During this period of around the clock physical surveillance
> I went to the Patent Attorney's home unannounced. When I got
> there he was leaving with my Patent Application in hand.
> He didn't look well. He told me that "he had to go to a
> meeting." The next day he returned my Patent Application,
> and he told me he couldn't help me anymore and never charged
> me for his work up to that time.
>
> There is much more to the story, how I determined there was
> an undercover Government Agent, listening in on his
> communications over a cordless telephone with a scanner,
> running his work car's license plates through Illinois
> Department of Motor Vehicles to find out his car was
> registered to a Chicago Bear's Football player, etc.
>
> I completed my Patent Application in September 1990 and was
> awarded Patent #5,142,560 in September 1992.
>
> On December 17,2001 FOX News reported that the US Government
> has been wiretapped by Foreign Intelligence and others using
> the US National Wiretapping System. There is currently a
> on-going National Security investigation across the United
> States concerning the US National Wiretapping System being
> used against the United States by Foreign Intelligence and
> others.
>
> "The problem: according to classified law enforcement
> documents obtained by Fox News, the bad guys had the cops'
> beepers, cell phones, even home phones under surveillance.
> Some who did get caught admitted to having hundreds of
> numbers and using them to avoid arrest.
>
> "This compromised law enforcement communications between
> LAPD detectives and other assigned law enforcement officers
> working various aspects of the case. The organization
> discovered communications between organized crime
> intelligence division detectives, the FBI and the Secret
> Service."
>
> Shock spread from the DEA to the FBI in Washington, and then
> the CIA. An investigation of the problem, according to law
> enforcement documents, concluded, "The organization has
> apparent extensive access to database systems to identify
> pertinent personal and biographical information."
>
> When investigators tried to find out where the information
> might have come from, they looked at Amdocs, a publicly
> traded firm based in Israel. Amdocs generates billing data
> for virtually every call in America, and they do credit
> checks. The company denies any leaks, but investigators
> still fear that the firm's data is getting into the wrong
> hands.
>
> When investigators checked their own wiretapping system for
> leaks, they grew concerned about potential vulnerabilities
> in the computers that intercept, record and store the
> wiretapped calls." [FOX News Carl Cameron Investigates]
>
> "The worst penetrations are believed to be in the State
> Department. But others say the supposedly secure telephone
> systems in the White House, Defense