From: Marty Kaiser Date: Wed Feb 6, 2002 10:35am Subject: Fw: History in the making Hi Gang HISTORY IN THE MAKING IMMEDIATELY download and save this file... then read it. http://www.martykaiser.com/fbi1~1.htm Marty [Non-text portions of this message have been removed] 4744 From: Aimee Farr Date: Wed Feb 6, 2002 5:35pm Subject: "electricity effects on satellites" [Uhm, can anybody tell me what they mean by "study electricity effects on satellites?" ~Aimee] 2002-02-06 18:07 MSK - COURT TURNS SPY CASE BACK MOSCOW - The trial of a Siberian physicist accused of spying for China was adjourned Wednesday and the case returned to the prosecution to allow them to conduct further investigations, his lawyer said. Prosecutors made the request last week, saying the move was an attempt to avoid "judicial mistakes" in their case against Valentin Danilov. But Danilov's lawyer, Yelena Yevmenova, claimed the request was merely an attempt by prosecutors to drag out the case. Danilov, who worked at Krasnoyarsk Technical University, has already spent a year in jail facing charges of selling secrets to a Chinese company and of misappropriating money. The charges involve a contract the university signed with the company for constructing a test platform to study electricity effects on satellites. The scientist contends he did not violate any laws because the information he provided was no longer considered classified and had already been published in scientific journals. He also dismisses the charges of misappropriating money. Danilov was not in court Wednesday when the decision to hand the case back to prosecutors was announced. The trial had been put on hold Tuesday when Danilov's jailers said they could not bring the 53-year-old to court because he was suffering a high fever and flu-like symptoms. The court reconvened Wednesday despite Danilov's absence, Yevmenova said. Human rights advocates say the case is part of a wave of spy trials intended to discourage Russian researchers from working with foreigners. - AP 4745 From: Al Arango Date: Wed Feb 6, 2002 4:11pm Subject: Re: Fw: Steve, The COMSEC C3I Story -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here is the filing: http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=/netahtml/srchnum.htm&r=1&f=G&l=50&s1='5,142,560'.WKU.&OS=PN/5,142,560&RS=PN/5,142,560 At 11:05 PM 2/6/2002 +0200, Steve Whitehead wrote: >Received this on my e-mail tonight. I think the list discussed this device a >while back. > >Steve Whitehead >E-mail : sceptre@m... >TSCM Services URL : http://www.tscm.co.za > >----- Original Message ----- >From: "COMSEC" >To: >Sent: Wednesday, February 06, 2002 6:48 PM >Subject: Steve, The COMSEC C3I Story > > > > INVENT A PRODUCT, Change a Industry, Shake up the World! > > How the Hunted Became the Hunter > > > > The story HOW I invented and patented the COMSEC C3I TM > > United States Patent #5,142,560, a telecommunications > > security device that detects wiretapping, surveillance, > > espionage previously undetectable. > > > > The Chicago Commodities Exchanges were the target of a US > > Government undercover investigation during 1988-1989. I was > > a Foreign Exchange Floor Trader at the Chicago Mercantile > > Exchange during that time. I had a gut instinct that my > > telephones were being wiretapped. I was right, you just > > can't say enough about gut instinct. > > > > I have friends and acquaintances that are top tier criminal > > defense attorneys. I went to these friends to ask what they > > thought the likelihood was that my telephones could be > > wiretapped. They pretty much all agreed that unless there > > was millions of dollars involved, sensational newspaper > > headlines and coverage or unless I was dealing with the > > wrong people, the likelihood of my telephones being > > wiretapped were extremely unlikely. > > > > The Attorney General of the United States came to > > Chicago, IL 3 months later to announce the indictments of > > 47 commodities traders for various offenses. The 2 year > > undercover government investigation of the Chicago > > commodities markets happened to include the trading pit I > > traded in. > > > > Furthermore, the FBI had an undercover agent working in the > > trading pit I traded in. There were millions of dollars > > involved. On the day the Government decided to announce the > > indictments there was a huge news media circus with > > accompanied news headlines about the 47 indicted commodity > > traders. > > > > The day the indictments were announced everything came > > together. At this point I knew I was on to something. > > I called the people who teach the government how to wiretap > > and how to detect wiretapping. They all told me it was > > impossible to detect these wiretaps because of the way they > > are engineered. They told me these wiretaps are > > "electronically isolated" to prevent detection. I was told > > that "it wasn't possible to detect these wiretaps." > > > > Next, I went to the Chicago Library Patent Depository. > > I read and researched all I could find on wiretapping. I > > read all the patents on wiretapping equipment and > > wiretapping detection equipment. I found what I thought was > > the possible means to detect undetectable wiretapping and > > started to construct a device to detect these wiretaps. > > > > Success > > > > I could now detect and confirm the governments > > "undetectable" wiretapping/surveillance. The government was > > not amused. At this point the government decided to flex > > its muscle. The Government assigned a federal agent to an > > electronic parts store where I bought components for the new > > invention. > > > > For a period of 3 weeks I couldn't buy a newspaper without > > a boy scout coming up to the counter to document how I > > bought anything. I was wiretapped, followed, photographed > > and now the government decided to set up physical > > surveillance at a electronics part store where I purchased > > parts for the prototype of the new invention. > > > > I was now ready to complete my Patent Application to be > > filed with the Department of Commerce Commissioner of > > Patents and Trademarks. I warned a Patent Attorney I was > > working with at the time that there could be some blow back. > > He assured me he had been through this before and that > > there wasn't anything to be concerned about. > > > > During this period of around the clock physical surveillance > > I went to the Patent Attorney's home unannounced. When I got > > there he was leaving with my Patent Application in hand. > > He didn't look well. He told me that "he had to go to a > > meeting." The next day he returned my Patent Application, > > and he told me he couldn't help me anymore and never charged > > me for his work up to that time. > > > > There is much more to the story, how I determined there was > > an undercover Government Agent, listening in on his > > communications over a cordless telephone with a scanner, > > running his work car's license plates through Illinois > > Department of Motor Vehicles to find out his car was > > registered to a Chicago Bear's Football player, etc. > > > > I completed my Patent Application in September 1990 and was > > awarded Patent #5,142,560 in September 1992. > > > > On December 17,2001 FOX News reported that the US Government > > has been wiretapped by Foreign Intelligence and others using > > the US National Wiretapping System. There is currently a > > on-going National Security investigation across the United > > States concerning the US National Wiretapping System being > > used against the United States by Foreign Intelligence and > > others. > > > > "The problem: according to classified law enforcement > > documents obtained by Fox News, the bad guys had the cops' > > beepers, cell phones, even home phones under surveillance. > > Some who did get caught admitted to having hundreds of > > numbers and using them to avoid arrest. > > > > "This compromised law enforcement communications between > > LAPD detectives and other assigned law enforcement officers > > working various aspects of the case. The organization > > discovered communications between organized crime > > intelligence division detectives, the FBI and the Secret > > Service." > > > > Shock spread from the DEA to the FBI in Washington, and then > > the CIA. An investigation of the problem, according to law > > enforcement documents, concluded, "The organization has > > apparent extensive access to database systems to identify > > pertinent personal and biographical information." > > > > When investigators tried to find out where the information > > might have come from, they looked at Amdocs, a publicly > > traded firm based in Israel. Amdocs generates billing data > > for virtually every call in America, and they do credit > > checks. The company denies any leaks, but investigators > > still fear that the firm's data is getting into the wrong > > hands. > > > > When investigators checked their own wiretapping system for > > leaks, they grew concerned about potential vulnerabilities > > in the computers that intercept, record and store the > > wiretapped calls." [FOX News Carl Cameron Investigates] > > > > "The worst penetrations are believed to be in the State > > Department. But others say the supposedly secure telephone > > systems in the White House, Defense Department and Justice > > Department may have been compromised as well. The problem > > for FBI agents in the famed Division 5, however, isn't just > > what they have uncovered, which is substantial, but what > > they don't know yet." [Insight] > > > > Email me to request a collection of news reports about the > > hottest Federal Government investigation in Washington, DC > > today. A unbelievable look inside Government wiretapping > > and how it will impact you. > > > > > > The COMSEC C3I detects legal and illegal wiretapping > > previously undetectable. Full background and product > > reviews are available on our web site: > > > > > > We are registered with the Department of Defense and the > > General Services Agency Information Technology Service. > > > > To receive additional information and Special Offers for > > Subscribers Only reply to this email with "Subscribe" in the > > Subject Line. > > > > PRIVACY STATEMENT: We will not distribute your address to > > anyone. Period. > > > > Reach me at the following address. > > > > > > Mark J. Neer > > President > > Communications Security > > Tel: 281.586.2034 > > Fax: 281.754.4047 > > Email: > > Internet: > > > > > >======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.yahoogroups.com/community/TSCM-L > > It is by caffeine alone I set my mind in motion. > It is by the juice of Star Bucks that thoughts acquire speed, > the hands acquire shaking, the shaking is a warning. > It is by caffeine alone I set my mind in motion. >=================================================== TSKS > >Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQA/AwUBPGGp+1AWwP1+SxuBEQImuwCfeftFVzMg/lTijJcKWe8lJcrJCDcAoOy4 t5AkBJZOz42PxUMG7VXQAod9 =aGDg -----END PGP SIGNATURE----- 4746 From: James M. Atkinson Date: Wed Feb 6, 2002 8:19pm Subject: Re: Fw: Steve, The COMSEC C3I Story The funny thing is that this "method of detecting eavesdropping devices" has been around since the 1950's. It was inappropriate for the patent office to award any kind of patent on this issue as the method was, and is common knowledge. Once you get past of the hype, hyperbole, marketing spin, and bovine feces all the product seems to due is monitor impedance changes in a line, which as we know is something you can do with a five dollar circuit and a cheap oscilloscope. A decent Time Domain Reflectometer and FXT/NXT Cross Talk Analyzer would be far more appropriate, but then snake oil is probably far more profitable. The way the guy rambles on about grand government conspiracies is a potential indicator that perhaps the poor fellow should be spending his money on medical intervention or aluminium foil hats. Professional eavesdropper lean toward high impedance devices, and as such the methods claimed in the patent would be virtually useless for finding such devices. What next, a 1-900 line where you call call Ms. Cleo so she can read tarot card to tell if your line is tapped? Sad, really sad, -jma >>------------------------------------------------------------------------ >>United States Patent5,142,560 >>NeerAugust 25, 1992 >>------------------------------------------------------------------------ >>Wiretap detector and telephone loop monitor >>Abstract >> >>A novel method and improved system for the continuous detection >>monitoring of authorized/unauthorized connections/disconnections >>including loop bridging wiretapping equipment capable of monitoring >>recording voice and/or data communications on the subscriber's >>local telephone loop. In operation the detector monitor displays >>electrical changes in impedance condition and characteristics on >>the subscriber's local telephone loop to detect and monitor >>signaling, switching equipment and telephone lines >>connecting/disconnecting anywhere on the loop including the central >>exchange before, during and after the completion of a telephone >>call continuously. >>------------------------------------------------------------------------ >>Inventors:Neer; Mark J. (835 Locust, Winnetka, IL 60093) >>Appl. No.:587413 >>Filed:September 25, 1990 >> >>Current U.S. Class:379/7; 379/21; 379/30 >>Intern'l Class:H04M 001/68 >>Field of Search:379/7,21,29,30,39,35 >>------------------------------------------------------------------------ >>References Cited [Referenced By] >>------------------------------------------------------------------------ >>U.S. Patent Documents >>1834992Dec., 1931Almquist379/21. >>4658099Apr., 1987Frazer379/7. >>4680783Jul., 1987Boeckmann379/7. >>4760592Jul., 1988Hensley379/7. >>Foreign Patent Documents >>58-143659Aug., 1983JP379/7. >>Primary Examiner: Schreyer; Stafford D. >>------------------------------------------------------------------------ >>Claims >>------------------------------------------------------------------------ >> >>I claim: >>1. An apparatus for detecting the connecting and the disconnecting >>of an additional telephone line onto the subscriber's telephone >>loop for the purpose of listening and/or recording, the telephone >>loop connecting a subscriber with at least one telephone to a >>central exchange and having a generally constant electrical >>impedance, comprising: >>(a) a capacitive element for detecting changes to said generally >>constant electrical impedance; >>(b) display means cooperating with and connected to said capacitive >>element for visually showing that a change has been detected by >>said capacitive element; and >>(c) means for connecting the apparatus to the telephone loop. >>2. The apparatus of claim 1, wherein said capacitive element is a >>capacitor connected in series to the telephone loop. >>3. The apparatus of claim 1, wherein said display means is a LED. >>4. The apparatus of claim 1, wherein said means to connect >>comprises a quick connect/disconnect line and jack. >>5. An apparatus for continuously monitoring changes in impedance >>caused by the connecting or the disconnecting of an additional >>impedance source to a telephone loop connecting a subscriber with >>at least one telephone to a central exchange and having a generally >>constant electrical impedance, comprising: >>(a) a capacitive element for detecting changes to the generally >>constant electrical impedance; >>(b) an isolation transformer having primary and secondary windings, >>said primary windings being connected to said capacitive element; >>(c) display means connected to said secondary windings for visually >>showing that a change has been detected by said capacitive element; >>and >>(d) means for connecting the apparatus to the telephone loop. >>6. The apparatus of claim 5, wherein said capacitive element is a >>capacitor connected in series to the telephone loop. >>7. The apparatus of claim 5, wherein said display means is a LED. >>8. The apparatus of claim 5, wherein said means to connect >>comprises a quick connect/disconnect line and jack. >>9. The apparatus of claim 1 wherein said means for connecting the >>apparatus to the telephone loop additionally includes a switching >>mechanism connected in series with said capacitive element to the >>telephone loop. >>10. The apparatus of claim 9, wherein said display means comprises >>an easily removable/replaceable LED mounted in a socket assembly. >>11. The apparatus of claim 5 wherein said means for connecting the >>apparatus to the telephone loop additionally includes a switching >>mechanism connected in series with said capacitive element to the >>telephone loop. >>12. The apparatus of claim 11, wherein said display means comprises >>an easily removable/replaceable LED mounted in a socket assembly. >>------------------------------------------------------------------------ >>Description >>------------------------------------------------------------------------ >> >>BACKGROUND >>1. Field of Invention >>This invention relates to the detection monitoring of >>authorized/unauthorized connections/disconnections including loop >>bridging wiretapping equipment on the subscriber's local telephone >>loops where electrical changes in loop impedance condition and >>characteristics occur because of the connections/disconnections of >>the briding equipment. >>2. Description of Prior Art >>There are many devices available that have been developed for both >>legal and illegal wiretapping of telephone communications. A very >>common type of wiretapping consists of a bridging device that >>creates a remote extension or drawn loop by connecting an >>additional telephone line on the subscriber's telephone loop and >>routing it to an observation monitoring location. This loop >>bridging wiretapping technique will cause a change in loop >>impedance condition and characteristics depending on how the >>tapping is completed. >>In the prior art, wiretap detectors exist that utilize >>microcomputers and processors, various meters, signal generators, >>tone generators, etc., that detect wiretapping equipment connected >>to a telephone line but are either simple voltage meters that are >>ineffective, limited, detachable and defeatable, too expensive >>and/or complicated equipment that is burdensome and obtrusive to >>use on a continuous basis or must be installed on a clean line only. >>OBJECTS AND ADVANTAGES >>This invention presents a new device, method and system that >>displays connections and disconnections anywhere on the >>subscriber's local telephone loop including the central exchange of >>the telephone company before, during and after the completion of a >>call on a continuous basis. Each telephone call produces a >>signature or pattern of connections and disconnections. This >>invention present the first continuous display of normal/abnormal >>telephone loop electrical changes in impedance condition and >>characterization activity resulting from signaling, switching and >>wiretapping monitoring equipment connecting/disconnecting. >>The present invention is easy to use, highly reliable, >>undetectable, small, portable, and discreet which presents a novel >>method and an improved system for detecting monitoring >>authorized/unauthorized connections/disconnections including >>wiretapping monitoring recording equipment which overcome all of >>the above mentioned disadvantages of the previously known devices. >>It is the object of this invention to show how >>authorized/unauthorized connections/disconnections including loop >>bridging wiretapping equipment can be detected and monitored on the >>subscriber's loop by subscriber's telephone terminal(s) equipped >>with said invention. >>DRAWING FIGURES >>FIG. 1 is a diagram of a local telephone system. >>FIG. 2 is a diagram of the wiretap detector and telephone loop >>monitor in alternate forms, in accordance with the present >>invention. >>FIG. 3 is a diagram of the preferred assembled invention in >>accordance with the present invention. >>FIG. 4 is a diagram of the detector monitor display socket assembly. >>REFERENCE NUMERALS IN DRAWINGS >>10 local telephone central exchange >>20 subscriber's local telephone loop >>30 subscriber's residence telephone terminal(s) >>40 capacitive element >>50 detector monitor display assembly >>60 isolation transformer >>70 switching mechanism >>80 modular telephone line >>90 modular telephone line jack >>100 modular telephone interface housing >>DESCRIPTION OF INVENTION >>This invention presents a novel method and improved system that >>detects and monitors authorized/unauthorized >>connections/disconnections including loop bridging wiretapping >>equipment that causes electrical changes in impedance condition and >>characteristics on the subscriber's local telephone loop to detect >>signaling, switching equipment and telephone lines >>connecting/disconnecting anywhere on the loop including the central >>exchange continuously. >>By continuously monitoring the subscriber's telephone loop >>impedance condition and characteristics, it is possible to detect >>normal as well as abnormal connections and disconnections. >>Connections and disconnections effect changes in impedance >>characteristics on the subscriber's telephone loop and are the >>indication of wiretapping monitoring equipment connecting/ >>disconnecting. By detecting connections/disconnections it is >>possible to determine authorized/unauthorized >>connections/disconnections including wiretapping equipment on the >>loop. The proposed method and system comprises of monitoring the >>device's display to establish a normal signature or pattern of >>telephone loop characteristics from an abnormal signature or >>pattern resulting from additional extensions, either at the >>subscriber's residence or remotely connecting/disconnecting on the >>telephone loop. >>OPERATION OF THE PREFERRED EMBODIMENT >>Further objects and advantages of said invention will become >>apparent from a consideration of the drawings and ensuing operation >>of it. Each of the elements included therein can assume several >>different forms, all of which would be well known to those skilled >>in the art, and it only be required that they perform the functions >>set forth herein after. >>Referring first to the diagram of FIG. 1, it should be noted that >>FIG. 1 details a local telephone system. As seen in FIG. 1, a local >>telephone system comprising of the telephone company's central >>exchange 10 a subscriber's local telephone loop 20 and a >>subscriber's residence telephone terminal(s) 30. >>Referring to FIG. 2, there are four presented embodiments of said >>invention, embodiment 2 is the preferred embodiment. As seen in >>FIG. 2, embodiment 1 comprising capacitive element 40 detector >>monitor display assembly 50. >>As seen in FIG. 2, preferred embodiment 2 comprising capacitive >>element 40 isolation transformer 60 display assembly 50. >>As seen in FIG. 2, embodiment 3 comprising capacitive element 40 >>display element 50 switching mechanism 70. >>As seen in FIG. 2, embodiment 4 comprising capacitive element 40 >>isolation transformer 60 display assembly 50 switching mechanism 70. >>As seen in preferred embodiment 2, side one of the capacitive >>element 40 is connected to either the Tip or Ring side of the >>subscriber's telephone loop 20. Side two of the capacitive element >>40 is connected in series to the isolation transformer 60 primary's >>side one. The isolation transformer 60 primary's side two is then >>connected to the alternate side of the subscriber's telephone loop >>20. The isolation transformer 60 secondary is connected to the >>display assembly 50. >>Once the detector monitor is connected to the loop 20 the device >>continuously detects and monitors electrical changes in impedance >>condition and characteristics on the loop 20 reporting each >>authorized/unauthorized connections/disconnections, as well as >>tampering and changes in loop signature pattern characteristics. >>SUMMARY, RAMIFICATIONS, AND SCOPE >>Each connection and disconnection on the subscriber's local >>telephone loop creates electrical changes in loop impedance >>condition and characteristics. Each telephone call creates a series >>of normal connections and disconnections on the loop, the device's >>display creates a signature or pattern. The system comprises of >>monitoring the device's display to each cell. By detecting >>electrical changes on the loop it is possible to establish a normal >>pattern of loop activity from an abnormal one. >>The preferred method and system comprises of connecting and >>monitoring the display assembly to establish a normal signature or >>pattern of loop impedance conditions and characteristics from an >>abnormal one resulting from additional connections/disconnections >>and tampering on the loop. >>The device detects and monitors authorized/unauthorized connections >>and disconnections before, during and after the completion of a >>call on a continuous basis. >>It would be obvious to those skilled in the art that numerous >>identifications could be made to the method and system of the >>present invention without departing from the spirit of the >>invention, which shall be limited only by the scope of the claims >>appended hereto. >>* * * * * >>------------------------------------------------------------------------ At 11:05 PM +0200 2/6/02, Steve Whitehead wrote: >Received this on my e-mail tonight. I think the list discussed this device a >while back. > >Steve Whitehead >E-mail : sceptre@m... >TSCM Services URL : http://www.tscm.co.za > >----- Original Message ----- >From: "COMSEC" >To: >Sent: Wednesday, February 06, 2002 6:48 PM >Subject: Steve, The COMSEC C3I Story > > >> INVENT A PRODUCT, Change a Industry, Shake up the World! >> How the Hunted Became the Hunter >> >> The story HOW I invented and patented the COMSEC C3I TM > > United States Patent #5,142,560, a telecommunications >> security device that detects wiretapping, surveillance, >> espionage previously undetectable. >> >> The Chicago Commodities Exchanges were the target of a US >> Government undercover investigation during 1988-1989. I was >> a Foreign Exchange Floor Trader at the Chicago Mercantile >> Exchange during that time. I had a gut instinct that my >> telephones were being wiretapped. I was right, you just >> can't say enough about gut instinct. >> >> I have friends and acquaintances that are top tier criminal >> defense attorneys. I went to these friends to ask what they >> thought the likelihood was that my telephones could be >> wiretapped. They pretty much all agreed that unless there >> was millions of dollars involved, sensational newspaper >> headlines and coverage or unless I was dealing with the >> wrong people, the likelihood of my telephones being >> wiretapped were extremely unlikely. >> >> The Attorney General of the United States came to >> Chicago, IL 3 months later to announce the indictments of >> 47 commodities traders for various offenses. The 2 year >> undercover government investigation of the Chicago >> commodities markets happened to include the trading pit I >> traded in. >> >> Furthermore, the FBI had an undercover agent working in the >> trading pit I traded in. There were millions of dollars >> involved. On the day the Government decided to announce the >> indictments there was a huge news media circus with >> accompanied news headlines about the 47 indicted commodity >> traders. >> >> The day the indictments were announced everything came >> together. At this point I knew I was on to something. >> I called the people who teach the government how to wiretap >> and how to detect wiretapping. They all told me it was >> impossible to detect these wiretaps because of the way they >> are engineered. They told me these wiretaps are >> "electronically isolated" to prevent detection. I was told >> that "it wasn't possible to detect these wiretaps." >> >> Next, I went to the Chicago Library Patent Depository. >> I read and researched all I could find on wiretapping. I >> read all the patents on wiretapping equipment and >> wiretapping detection equipment. I found what I thought was > > the possible means to detect undetectable wiretapping and >> started to construct a device to detect these wiretaps. >> >> Success >> >> I could now detect and confirm the governments >> "undetectable" wiretapping/surveillance. The government was >> not amused. At this point the government decided to flex >> its muscle. The Government assigned a federal agent to an >> electronic parts store where I bought components for the new >> invention. >> >> For a period of 3 weeks I couldn't buy a newspaper without >> a boy scout coming up to the counter to document how I >> bought anything. I was wiretapped, followed, photographed >> and now the government decided to set up physical >> surveillance at a electronics part store where I purchased >> parts for the prototype of the new invention. > > >> I was now ready to complete my Patent Application to be >> filed with the Department of Commerce Commissioner of >> Patents and Trademarks. I warned a Patent Attorney I was >> working with at the time that there could be some blow back. >> He assured me he had been through this before and that >> there wasn't anything to be concerned about. >> >> During this period of around the clock physical surveillance >> I went to the Patent Attorney's home unannounced. When I got >> there he was leaving with my Patent Application in hand. >> He didn't look well. He told me that "he had to go to a >> meeting." The next day he returned my Patent Application, >> and he told me he couldn't help me anymore and never charged >> me for his work up to that time. >> >> There is much more to the story, how I determined there was >> an undercover Government Agent, listening in on his >> communications over a cordless telephone with a scanner, >> running his work car's license plates through Illinois >> Department of Motor Vehicles to find out his car was >> registered to a Chicago Bear's Football player, etc. >> >> I completed my Patent Application in September 1990 and was >> awarded Patent #5,142,560 in September 1992. >> >> On December 17,2001 FOX News reported that the US Government >> has been wiretapped by Foreign Intelligence and others using >> the US National Wiretapping System. There is currently a >> on-going National Security investigation across the United >> States concerning the US National Wiretapping System being >> used against the United States by Foreign Intelligence and >> others. >> >> "The problem: according to classified law enforcement >> documents obtained by Fox News, the bad guys had the cops' >> beepers, cell phones, even home phones under surveillance. >> Some who did get caught admitted to having hundreds of >> numbers and using them to avoid arrest. >> >> "This compromised law enforcement communications between >> LAPD detectives and other assigned law enforcement officers >> working various aspects of the case. The organization >> discovered communications between organized crime >> intelligence division detectives, the FBI and the Secret >> Service." >> >> Shock spread from the DEA to the FBI in Washington, and then >> the CIA. An investigation of the problem, according to law >> enforcement documents, concluded, "The organization has >> apparent extensive access to database systems to identify >> pertinent personal and biographical information." >> >> When investigators tried to find out where the information >> might have come from, they looked at Amdocs, a publicly >> traded firm based in Israel. Amdocs generates billing data >> for virtually every call in America, and they do credit >> checks. The company denies any leaks, but investigators >> still fear that the firm's data is getting into the wrong >> hands. >> >> When investigators checked their own wiretapping system for >> leaks, they grew concerned about potential vulnerabilities >> in the computers that intercept, record and store the >> wiretapped calls." [FOX News Carl Cameron Investigates] >> >> "The worst penetrations are believed to be in the State >> Department. But others say the supposedly secure telephone >> systems in the White House, Defense Department and Justice >> Department may have been compromised as well. The problem >> for FBI agents in the famed Division 5, however, isn't just > > what they have uncovered, which is substantial, but what >> they don't know yet." [Insight] >> >> Email me to request a collection of news reports about the >> hottest Federal Government investigation in Washington, DC >> today. A unbelievable look inside Government wiretapping >> and how it will impact you. >> >> >> The COMSEC C3I detects legal and illegal wiretapping >> previously undetectable. Full background and product >> reviews are available on our web site: >> >> >> We are registered with the Department of Defense and the >> General Services Agency Information Technology Service. >> >> To receive additional information and Special Offers for >> Subscribers Only reply to this email with "Subscribe" in the > > Subject Line. >> >> PRIVACY STATEMENT: We will not distribute your address to >> anyone. Period. >> >> Reach me at the following address. >> >> >> Mark J. Neer >> President >> Communications Security >> Tel: 281.586.2034 >> Fax: 281.754.4047 >> Email: >> Internet: >> > > > >======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: >http://www.yahoogroups.com/community/TSCM-L > > It is by caffeine alone I set my mind in motion. > It is by the juice of Star Bucks that thoughts acquire speed, > the hands acquire shaking, the shaking is a warning. > It is by caffeine alone I set my mind in motion. >=================================================== TSKS > >Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ -- -------------------------------------------------------------------------------------------------- The First, The Largest, The Most Popular, and The Most Complete TSCM, Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet. -------------------------------------------------------------------------------------------------- James M. AtkinsonPhone: (978) 546-3803 Granite Island GroupFax: (978) 546-9467 127 Eastern Avenue #291http://www.tscm.com/ Gloucester, MA 01931-8008mailto:jmatk@t... -------------------------------------------------------------------------------------------------- People sleep peaceably in their beds at night only because rough men stand ready to do violence on their behalf. - George Orwell -------------------------------------------------------------------------------------------------- 4747 From: William Knowles Date: Wed Feb 6, 2002 8:43pm Subject: Re: Fw: Steve, The COMSEC C3I Story On Wed, 6 Feb 2002, James M. Atkinson wrote: Ssssshhhhhhh! > What next, a 1-900 line where you call call Ms. Cleo so she can read > tarot card to tell if your line is tapped? You just described my next .com idea that I was going to IPO! I think I need a Chicago area TSCM professional to sweep my office. - WK *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* 4748 From: Kevin D. Murray Date: Wed Feb 6, 2002 8:50pm Subject: The COMSEC C3I Story Gentlemen/women, It is time to put this to rest. This is not worth your valuable time and efforts. The C3I is a simple circuit with a few basic parts which essentially indicates voltage reversals on a telephone line. The unit I tested in 1992 is still here. If anyone would like photos or a schematic please contact me privately. If anyone would like to buy it, it comes with the Brooklyn Bridge at no extra charge. Kevin -- Kevin D. Murray - CPP, CFE, BCFE MURRAY ASSOCIATES Counterespionage Consultants to Business & Government Eavesdropping Detection Specialists www.spybusters.com "James M. Atkinson" wrote: > The funny thing is that this "method of detecting eavesdropping > devices" has been around since the 1950's. It was inappropriate for > the patent office to award any kind of patent on this issue as the > method was, and is common knowledge. > > Once you get past of the hype, hyperbole, marketing spin, and bovine > feces all the product seems to due is monitor impedance changes in a > line, which as we know is something you can do with a five dollar > circuit and a cheap oscilloscope. > > A decent Time Domain Reflectometer and FXT/NXT Cross Talk Analyzer > would be far more appropriate, but then snake oil is probably far > more profitable. > > The way the guy rambles on about grand government conspiracies is a > potential indicator that perhaps the poor fellow should be spending > his money on medical intervention or aluminium foil hats. > > Professional eavesdropper lean toward high impedance devices, and as > such the methods claimed in the patent would be virtually useless for > finding such devices. > > What next, a 1-900 line where you call call Ms. Cleo so she can read > tarot card to tell if your line is tapped? > > Sad, really sad, > > -jma > > >>-- > --------------------------------------------------------------------- > >>United States Patent 5,142,560 > >>Neer August 25, 1992 > >>--------------------- > -------------------------------------------------- > >>Wiretap detector and telephone loop monitor > >>Abstract > >> > >>A novel method and improved system for the continuous detection > >>monitoring of authorized/unauthorized connections/disconnections > >>including loop bridging wiretapping equipment capable of monitoring > >>recording voice and/or data communications on the subscriber's > >>local telephone loop. In operation the detector monitor displays > >>electrical changes in impedance condition and characteristics on > >>the subscriber's local telephone loop to detect and monitor > >>signaling, switching equipment and telephone lines > >>connecting/disconnecting anywhere on the loop including the central > >>exchange before, during and after the completion of a telephone > >>call continuously. > >>------------------ > ----------------------------------------------------- > >>Inventors: Neer; Mark J. (835 Locust, Winnetka, IL 60093) > >>Appl. No.: 587413 > >>Filed: September 25, 1990 > >> > >>Current U.S. Class: 379/7; 379/21; 379/30 > >>Intern'l Class: H04M 001/68 > >>Field of Search: 379/7,21,29,30,39,35 > >>------------------------------------------ > ----------------------------- > >>References Cited [Referenced By] > >>-------------------------------- > --------------------------------------- > >>U.S. Patent Documents > >>1834992 Dec., 1931 Almquist 379/21. > >>4658099 Apr., 1987 Frazer 379/7. > >>4680783 Jul., 1987 Boeckmann 379/7. > >>4760592 Jul., 1988 Hensley 379/7. > >>Foreign Patent Documents > >>58-143659 Aug., 1983 JP 379/7. > >>Primary Examiner: Schreyer; Stafford D. > >>--------------------------------------- > -------------------------------- > >>Claims > >>------ > ----------------------------------------------------------------- > >> > >>I claim: > >>1. An apparatus for detecting the connecting and the disconnecting > >>of an additional telephone line onto the subscriber's telephone > >>loop for the purpose of listening and/or recording, the telephone > >>loop connecting a subscriber with at least one telephone to a > >>central exchange and having a generally constant electrical > >>impedance, comprising: > >>(a) a capacitive element for detecting changes to said generally > >>constant electrical impedance; > >>(b) display means cooperating with and connected to said capacitive > >>element for visually showing that a change has been detected by > >>said capacitive element; and > >>(c) means for connecting the apparatus to the telephone loop. > >>2. The apparatus of claim 1, wherein said capacitive element is a > >>capacitor connected in series to the telephone loop. > >>3. The apparatus of claim 1, wherein said display means is a LED. > >>4. The apparatus of claim 1, wherein said means to connect > >>comprises a quick connect/disconnect line and jack. > >>5. An apparatus for continuously monitoring changes in impedance > >>caused by the connecting or the disconnecting of an additional > >>impedance source to a telephone loop connecting a subscriber with > >>at least one telephone to a central exchange and having a generally > >>constant electrical impedance, comprising: > >>(a) a capacitive element for detecting changes to the generally > >>constant electrical impedance; > >>(b) an isolation transformer having primary and secondary windings, > >>said primary windings being connected to said capacitive element; > >>(c) display means connected to said secondary windings for visually > >>showing that a change has been detected by said capacitive element; > >>and > >>(d) means for connecting the apparatus to the telephone loop. > >>6. The apparatus of claim 5, wherein said capacitive element is a > >>capacitor connected in series to the telephone loop. > >>7. The apparatus of claim 5, wherein said display means is a LED. > >>8. The apparatus of claim 5, wherein said means to connect > >>comprises a quick connect/disconnect line and jack. > >>9. The apparatus of claim 1 wherein said means for connecting the > >>apparatus to the telephone loop additionally includes a switching > >>mechanism connected in series with said capacitive element to the > >>telephone loop. > >>10. The apparatus of claim 9, wherein said display means comprises > >>an easily removable/replaceable LED mounted in a socket assembly. > >>11. The apparatus of claim 5 wherein said means for connecting the > >>apparatus to the telephone loop additionally includes a switching > >>mechanism connected in series with said capacitive element to the > >>telephone loop. > >>12. The apparatus of claim 11, wherein said display means comprises > >>an easily removable/replaceable LED mounted in a socket assembly. > >>----------------------------------------------------------------- > ------ > >>Description > >>----------- > ------------------------------------------------------------ > >> > >>BACKGROUND > >>1. Field of Invention > >>This invention relates to the detection monitoring of > >>authorized/unauthorized connections/disconnections including loop > >>bridging wiretapping equipment on the subscriber's local telephone > >>loops where electrical changes in loop impedance condition and > >>characteristics occur because of the connections/disconnections of > >>the briding equipment. > >>2. Description of Prior Art > >>There are many devices available that have been developed for both > >>legal and illegal wiretapping of telephone communications. A very > >>common type of wiretapping consists of a bridging device that > >>creates a remote extension or drawn loop by connecting an > >>additional telephone line on the subscriber's telephone loop and > >>routing it to an observation monitoring location. This loop > >>bridging wiretapping technique will cause a change in loop > >>impedance condition and characteristics depending on how the > >>tapping is completed. > >>In the prior art, wiretap detectors exist that utilize > >>microcomputers and processors, various meters, signal generators, > >>tone generators, etc., that detect wiretapping equipment connected > >>to a telephone line but are either simple voltage meters that are > >>ineffective, limited, detachable and defeatable, too expensive > >>and/or complicated equipment that is burdensome and obtrusive to > >>use on a continuous basis or must be installed on a clean line only. > > >>OBJECTS AND ADVANTAGES > >>This invention presents a new device, method and system that > >>displays connections and disconnections anywhere on the > >>subscriber's local telephone loop including the central exchange of > >>the telephone company before, during and after the completion of a > >>call on a continuous basis. Each telephone call produces a > >>signature or pattern of connections and disconnections. This > >>invention present the first continuous display of normal/abnormal > >>telephone loop electrical changes in impedance condition and > >>characterization activity resulting from signaling, switching and > >>wiretapping monitoring equipment connecting/disconnecting. > >>The present invention is easy to use, highly reliable, > >>undetectable, small, portable, and discreet which presents a novel > >>method and an improved system for detecting monitoring > >>authorized/unauthorized connections/disconnections including > >>wiretapping monitoring recording equipment which overcome all of > >>the above mentioned disadvantages of the previously known devices. > >>It is the object of this invention to show how > >>authorized/unauthorized connections/disconnections including loop > >>bridging wiretapping equipment can be detected and monitored on the > >>subscriber's loop by subscriber's telephone terminal(s) equipped > >>with said invention. > >>DRAWING FIGURES > >>FIG. 1 is a diagram of a local telephone system. > >>FIG. 2 is a diagram of the wiretap detector and telephone loop > >>monitor in alternate forms, in accordance with the present > >>invention. > >>FIG. 3 is a diagram of the preferred assembled invention in > >>accordance with the present invention. > >>FIG. 4 is a diagram of the detector monitor display socket assembly. > > >>REFERENCE NUMERALS IN DRAWINGS > >>10 local telephone central exchange > >>20 subscriber's local telephone loop > >>30 subscriber's residence telephone terminal(s) > >>40 capacitive element > >>50 detector monitor display assembly > >>60 isolation transformer > >>70 switching mechanism > >>80 modular telephone line > >>90 modular telephone line jack > >>100 modular telephone interface housing > >>DESCRIPTION OF INVENTION > >>This invention presents a novel method and improved system that > >>detects and monitors authorized/unauthorized > >>connections/disconnections including loop bridging wiretapping > >>equipment that causes electrical changes in impedance condition and > >>characteristics on the subscriber's local telephone loop to detect > >>signaling, switching equipment and telephone lines > >>connecting/disconnecting anywhere on the loop including the central > >>exchange continuously. > >>By continuously monitoring the subscriber's telephone loop > >>impedance condition and characteristics, it is possible to detect > >>normal as well as abnormal connections and disconnections. > >>Connections and disconnections effect changes in impedance > >>characteristics on the subscriber's telephone loop and are the > >>indication of wiretapping monitoring equipment connecting/ > >>disconnecting. By detecting connections/disconnections it is > >>possible to determine authorized/unauthorized > >>connections/disconnections including wiretapping equipment on the > >>loop. The proposed method and system comprises of monitoring the > >>device's display to establish a normal signature or pattern of > >>telephone loop characteristics from an abnormal signature or > >>pattern resulting from additional extensions, either at the > >>subscriber's residence or remotely connecting/disconnecting on the > >>telephone loop. > >>OPERATION OF THE PREFERRED EMBODIMENT > >>Further objects and advantages of said invention will become > >>apparent from a consideration of the drawings and ensuing operation > >>of it. Each of the elements included therein can assume several > >>different forms, all of which would be well known to those skilled > >>in the art, and it only be required that they perform the functions > >>set forth herein after. > >>Referring first to the diagram of FIG. 1, it should be noted that > >>FIG. 1 details a local telephone system. As seen in FIG. 1, a local > >>telephone system comprising of the telephone company's central > >>exchange 10 a subscriber's local telephone loop 20 and a > >>subscriber's residence telephone terminal(s) 30. > >>Referring to FIG. 2, there are four presented embodiments of said > >>invention, embodiment 2 is the preferred embodiment. As seen in > >>FIG. 2, embodiment 1 comprising capacitive element 40 detector > >>monitor display assembly 50. > >>As seen in FIG. 2, preferred embodiment 2 comprising capacitive > >>element 40 isolation transformer 60 display assembly 50. > >>As seen in FIG. 2, embodiment 3 comprising capacitive element 40 > >>display element 50 switching mechanism 70. > >>As seen in FIG. 2, embodiment 4 comprising capacitive element 40 > >>isolation transformer 60 display assembly 50 switching mechanism 70. > > >>As seen in preferred embodiment 2, side one of the capacitive > >>element 40 is connected to either the Tip or Ring side of the > >>subscriber's telephone loop 20. Side two of the capacitive element > >>40 is connected in series to the isolation transformer 60 primary's > >>side one. The isolation transformer 60 primary's side two is then > >>connected to the alternate side of the subscriber's telephone loop > >>20. The isolation transformer 60 secondary is connected to the > >>display assembly 50. > >>Once the detector monitor is connected to the loop 20 the device > >>continuously detects and monitors electrical changes in impedance > >>condition and characteristics on the loop 20 reporting each > >>authorized/unauthorized connections/disconnections, as well as > >>tampering and changes in loop signature pattern characteristics. > >>SUMMARY, RAMIFICATIONS, AND SCOPE > >>Each connection and disconnection on the subscriber's local > >>telephone loop creates electrical changes in loop impedance > >>condition and characteristics. Each telephone call creates a series > >>of normal connections and disconnections on the loop, the device's > >>display creates a signature or pattern. The system comprises of > >>monitoring the device's display to each cell. By detecting > >>electrical changes on the loop it is possible to establish a normal > >>pattern of loop activity from an abnormal one. > >>The preferred method and system comprises of connecting and > >>monitoring the display assembly to establish a normal signature or > >>pattern of loop impedance conditions and characteristics from an > >>abnormal one resulting from additional connections/disconnections > >>and tampering on the loop. > >>The device detects and monitors authorized/unauthorized connections > >>and disconnections before, during and after the completion of a > >>call on a continuous basis. > >>It would be obvious to those skilled in the art that numerous > >>identifications could be made to the method and system of the > >>present invention without departing from the spirit of the > >>invention, which shall be limited only by the scope of the claims > >>appended hereto. > >>* * * * * > >>--------- > -------------------------------------------------------------- > > At 11:05 PM +0200 2/6/02, Steve Whitehead wrote: > >Received this on my e-mail tonight. I think the list discussed this > device a > >while back. > > > >Steve Whitehead > >E-mail : sceptre@m... > >TSCM Services URL : http://www.tscm.co.za > > > >----- Original Message ----- > >From: "COMSEC" > >To: > >Sent: Wednesday, February 06, 2002 6:48 PM > >Subject: Steve, The COMSEC C3I Story > > > > > >> INVENT A PRODUCT, Change a Industry, Shake up the World! > >> How the Hunted Became the Hunter > >> > >> The story HOW I invented and patented the COMSEC C3I TM > > > United States Patent #5,142,560, a telecommunications > >> security device that detects wiretapping, surveillance, > >> espionage previously undetectable. > >> > >> The Chicago Commodities Exchanges were the target of a US > >> Government undercover investigation during 1988-1989. I was > >> a Foreign Exchange Floor Trader at the Chicago Mercantile > >> Exchange during that time. I had a gut instinct that my > >> telephones were being wiretapped. I was right, you just > >> can't say enough about gut instinct. > >> > >> I have friends and acquaintances that are top tier criminal > >> defense attorneys. I went to these friends to ask what they > >> thought the likelihood was that my telephones could be > >> wiretapped. They pretty much all agreed that unless there > >> was millions of dollars involved, sensational newspaper > >> headlines and coverage or unless I was dealing with the > >> wrong people, the likelihood of my telephones being > >> wiretapped were extremely unlikely. > >> > >> The Attorney General of the United States came to > >> Chicago, IL 3 months later to announce the indictments of > >> 47 commodities traders for various offenses. The 2 year > >> undercover government investigation of the Chicago > >> commodities markets happened to include the trading pit I > >> traded in. > >> > >> Furthermore, the FBI had an undercover agent working in the > >> trading pit I traded in. There were millions of dollars > >> involved. On the day the Government decided to announce the > >> indictments there was a huge news media circus with > >> accompanied news headlines about the 47 indicted commodity > >> traders. > >> > >> The day the indictments were announced everything came > >> together. At this point I knew I was on to something. > >> I called the people who teach the government how to wiretap > >> and how to detect wiretapping. They all told me it was > >> impossible to detect these wiretaps because of the way they > >> are engineered. They told me these wiretaps are > >> "electronically isolated" to prevent detection. I was told > >> that "it wasn't possible to detect these wiretaps." > >> > >> Next, I went to the Chicago Library Patent Depository. > >> I read and researched all I could find on wiretapping. I > >> read all the patents on wiretapping equipment and > >> wiretapping detection equipment. I found what I thought was > > > the possible means to detect undetectable wiretapping and > >> started to construct a device to detect these wiretaps. > >> > >> Success > >> > >> I could now detect and confirm the governments > >> "undetectable" wiretapping/surveillance. The government was > >> not amused. At this point the government decided to flex > >> its muscle. The Government assigned a federal agent to an > >> electronic parts store where I bought components for the new > >> invention. > >> > >> For a period of 3 weeks I couldn't buy a newspaper without > >> a boy scout coming up to the counter to document how I > >> bought anything. I was wiretapped, followed, photographed > >> and now the government decided to set up physical > >> surveillance at a electronics part store where I purchased > >> parts for the prototype of the new invention. > > > > >> I was now ready to complete my Patent Application to be > >> filed with the Department of Commerce Commissioner of > >> Patents and Trademarks. I warned a Patent Attorney I was > >> working with at the time that there could be some blow back. > >> He assured me he had been through this before and that > >> there wasn't anything to be concerned about. > >> > >> During this period of around the clock physical surveillance > >> I went to the Patent Attorney's home unannounced. When I got > >> there he was leaving with my Patent Application in hand. > >> He didn't look well. He told me that "he had to go to a > >> meeting." The next day he returned my Patent Application, > >> and he told me he couldn't help me anymore and never charged > >> me for his work up to that time. > >> > >> There is much more to the story, how I determined there was > >> an undercover Government Agent, listening in on his > >> communications over a cordless telephone with a scanner, > >> running his work car's license plates through Illinois > >> Department of Motor Vehicles to find out his car was > >> registered to a Chicago Bear's Football player, etc. > >> > >> I completed my Patent Application in September 1990 and was > >> awarded Patent #5,142,560 in September 1992. > >> > >> On December 17,2001 FOX News reported that the US Government > >> has been wiretapped by Foreign Intelligence and others using > >> the US National Wiretapping System. There is currently a > >> on-going National Security investigation across the United > >> States concerning the US National Wiretapping System being > >> used against the United States by Foreign Intelligence and > >> others. > >> > >> "The problem: according to classified law enforcement > >> documents obtained by Fox News, the bad guys had the cops' > >> beepers, cell phones, even home phones under surveillance. > >> Some who did get caught admitted to having hundreds of > >> numbers and using them to avoid arrest. > >> > >> "This compromised law enforcement communications between > >> LAPD detectives and other assigned law enforcement officers > >> working various aspects of the case. The organization > >> discovered communications between organized crime > >> intelligence division detectives, the FBI and the Secret > >> Service." > >> > >> Shock spread from the DEA to the FBI in Washington, and then > >> the CIA. An investigation of the problem, according to law > >> enforcement documents, concluded, "The organization has > >> apparent extensive access to database systems to identify > >> pertinent personal and biographical information." > >> > >> When investigators tried to find out where the information > >> might have come from, they looked at Amdocs, a publicly > >> traded firm based in Israel. Amdocs generates billing data > >> for virtually every call in America, and they do credit > >> checks. The company denies any leaks, but investigators > >> still fear that the firm's data is getting into the wrong > >> hands. > >> > >> When investigators checked their own wiretapping system for > >> leaks, they grew concerned about potential vulnerabilities > >> in the computers that intercept, record and store the > >> wiretapped calls." [FOX News Carl Cameron Investigates] > >> > >> "The worst penetrations are believed to be in the State > >> Department. But others say the supposedly secure telephone > >> systems in the White House, Defense Department and Justice > >> Department may have been compromised as well. The problem > >> for FBI agents in the famed Division 5, however, isn't just > > > what they have uncovered, which is substantial, but what > >> they don't know yet." [Insight] > >> > >> Email me to request a collection of news reports about the > >> hottest Federal Government investigation in Washington, DC > >> today. A unbelievable look inside Government wiretapping > >> and how it will impact you. > >> > >> > >> The COMSEC C3I detects legal and illegal wiretapping > >> previously undetectable. Full background and product > >> reviews are available on our web site: > >> > >> > >> We are registered with the Department of Defense and the > >> General Services Agency Information Technology Service. > >> > >> To receive additional information and Special Offers for > >> Subscribers Only reply to this email with "Subscribe" in the > > > Subject Line. > >> > >> PRIVACY STATEMENT: We will not distribute your address to > >> anyone. Period. > >> > >> Reach me at the following address. > >> > >> > >> Mark J. Neer > >> President > >> Communications Security > >> Tel: 281.586.2034 > >> Fax: 281.754.4047 > >> Email: > >> Internet: > >> > > > > > > > >======================================================== > > TSCM-L Technical Security Mailing List > > "In a multitude of counselors there is strength" > > > > To subscribe to the TSCM-L mailing list visit: > > http://www.yahoogroups.com/community/TSCM-L > > > > It is by caffeine alone I set my mind in motion. > > It is by the juice of Star Bucks that thoughts acquire speed, > > the hands acquire shaking, the shaking is a warning. > > It is by caffeine alone I set my mind in motion. > >=================================================== TSKS > > > >Your use of Yahoo! Groups is subject to > http://docs.yahoo.com/info/terms/ > > -- > > -- > ----------------------------------------------------------------------------------------------- > > The First, The Largest, The Most Popular, and The Most Complete TSCM, > Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet. > --------------------------------------------------------------------- > ---------------------------- > James M. Atkinson Phone: (978) 546-3803 > Granite Island Group Fax: (978) 546-9467 > 127 Eastern Avenue #291 http://www.tscm.com/ > Gloucester, MA 01931-8008 mailto:jmatk@t... > > ------------------------------------------------------------------------------------------------- > > People sleep peaceably in their beds at night only because rough > men stand ready to do violence on their behalf. - George Orwell > > -------------------------------------------------------------------------------------------------- > > ------------------------ Yahoo! Groups Sponsor > > ======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.yahoogroups.com/community/TSCM-L > > It is by caffeine alone I set my mind in motion. > It is by the juice of Star Bucks that thoughts acquire speed, > the hands acquire shaking, the shaking is a warning. > It is by caffeine alone I set my mind in motion. > =================================================== TSKS > > Your use of Yahoo! Groups is subject to > http://docs.yahoo.com/info/terms/ 4749 From: Dora Furlong Date: Wed Feb 6, 2002 8:51pm Subject: Re: Microsoft's Really Hidden Files: A New Look At Forensics (v2.6) For those interested in this and what is going on with their computers, or a particular program take a look at FileMon from sysinternals. http://www.sysinternals.com/ntw2k/source/filemon.shtml Company's description: Filemon monitors and displays file system activity on a system in real-time. Its advanced capabilities make it a powerful tool for exploring the way Windows works, seeing how applications use the files and DLLs, or tracking down problems in system or application file configurations. Filemon's timestamping feature will show you precisely when every open, read, write or delete, happens, and its status column tells you the outcome. Filemon is so easy to use that you'll be an expert within minutes. It begins monitoring when you start it, and its output window can be saved to a file for off-line viewing. It has full search capability, and if you find that you're getting information overload, simply set up one or more filters. Filemon works on NT 4.0, Windows 2000, Windows XP, Windows XP 64-bit Edition, Windows 95, Windows 98 and Windows ME. Sysinternals also has a version of Filemon for Linux. -->Dora Furlong On Wed, 6 Feb 2002, James M. Atkinson wrote: > > Microsoft's Really Hidden Files: A New Look At Forensics (v2.6) > By The Riddler > November 3, 2001 > (v2.0 finished May 16, 2001; v1.0 finished June 11, 2000) > > Written with Windows 9x in mind, but not limited to. > > DISCLAIMER: > > I will not be liable for any damage or lost information, whether due to > reader's error, or any other reason. > > SUMMARY: > > There are folders on your computer that Microsoft has tried hard to keep > secret. Within these folders you will find two major things: Microsoft > Internet Explorer has not been clearing your browsing history after you have > instructed it to do so, and Microsoft's Outlook Express has not been deleting > your e-mail correspondence after you've erased them from your Deleted Items > bin. (This also includes all incoming and outgoing file attachments.) And > believe me, that's not even the half of it. > > When I say these files are hidden well, I really mean it. If you don't have > any knowledge of DOS then don't plan on finding these files on your own. I > say this because these files/folders won't be displayed in Windows Explorer at > all -- only DOS. (Even after you have enabled Windows Explorer to "show all > files.") And to top it off, the only way to find them in DOS is if you knew > the exact location of them. Basically, what I'm saying is if you didn't know > the files existed then the chances of you running across them is slim to > slimmer. > > It's interesting to note that Microsoft does not explain this behavior > adequately at all. Just try searching on microsoft.com. > > FORWARD: > > I know there are some people out there that are already aware of some of the > things I mention. I also know that most people are not. The purpose of this > tutorial is teach people what is really going on with Microsoft's products and > how to take control of their privacy again. This tutorial was written by me, > so if you see a mistake somewhere then it is my mistake, and I apologize. > > Thanks for reading. > > INDEX: > > 1) DEFINITIONS > 1.1) Ancronyms > 2) SEEING IS BELEIVING > 3) HOW TO ERASE THE FILES ASAP > 3.1) If You Have Ever Used Microsoft Internet Explorer > 3.2) Clearing Your Registry > 3.3) Slack files > 3.4) Keeping Microsoft's Products > 4) STEP-BY-STEP GUIDE THROUGH YOUR HIDDEN FILES (For the savvy.) > 5) HOW MICROSOFT DOES IT > 6) +S MEANS [S]ECRET NOT [S]YSTEM. > 7) A LOOK AT OUTLOOK > 8) THE TRUTH ABOUT FIND FAST > 8.1) Removing Find Fast > 9) CONTACT INFORMATION AND PGP BLOCKS > 9.1) Recommended reading > 10) SPECIAL THANKS > 11) REFERENCES > > Coming in version 3.0: > > ù pstores.exe > ù Related Windows Tricks. > ù Looking back on the NSA-Key. > ù Researching the [Microsoft Update] button. > ù Why the temp folders aren't intended to be temporary at all. > ù What's with Outlook Express's .dbx database files? > ù Win2K support. > > > 1.0. DEFINITIONS > > I) A "really hidden" file/folder is one that cannot be seen in Windows > Explorer after enabling it to "show all files," and cannot be seen in MS-DOS > after receiving a proper directory listing from root. > > a) There is at least one loophole to enable Windows Explorer to see them. > b) There is at least one loophole to enable MS-DOS to see them. > > II) Distinguishes "really hidden" file/folders from just plain +h[idden] ones, > such as your "MSDOS.SYS" or "Sysbckup" folder. > > III) Distinguishes from certain "other" intended hidden files, such as a file > with a name with high ascii characters (eg, "Yëï¨o"). > > (Interesting to note that Microsoft has disabled the "Find: Files or Folders" > from searching through one of these folders.) > > > 1.1. ANCRONYMS > > DOS = Disk Operating System aka MS-DOS > MSIE = Microsoft Internet Explorer > TIF = Temporary Internet Files (folder) > HD = Hard Drive > OS = Operating System > FYI = For Your Information > > > 2. SEEING IS BELEIVING > > No. Enabling Windows Explorer to "show all files" does not show the files in > mention. No. DOS does not list the files after receiving a proper directory > listing from root. And yes. Microsoft intentionally disabled the "Find" > utility from searching through one of the folders. > > Oh, but that's not all. > > Just from one of these files I would be able to tell you which web sites you > previously visited, what types of things you search for in search engines, and > probably gather your ethnicity, religion, and sexual preference. Needless to > say one can build quite a profile on you from these files. It has the > potential to expose and humiliate -- putting your marriage, friendship, and > corporation at risk. Here's one good example of the forensic capabilities.. > > "I've been reading your article as I have a problem with an employee of mine. > He has been using the works pc for the internet and using it to chat and look > at porn sites. He was then deleting the cookies and history in order to cover > his tracks. A friend of mine pointed me in the direction of this site and > your article. I have found it to be incredibly useful,..." > > --Concerned Boss, 8/24/01 > > One more thing. They contain your browsing history at ALL times. Even after > you have instructed Microsoft Internet Explorer to clear your history/cache. > And so the saying goes, "seeing is believing..." > > To see for yourself simply do as you would normally do to clear your browsing > history. Go to Internet Options under your Control Panel. Click on the > [Clear History] and [Delete Files] buttons. (Make sure to include all offline > content.) > > So, has your browsing history been cleared? One would think so... > > Skipping the to chase here. These are the names and locations of the "really > hidden files:" > > c:\windows\history\history.ie5\index.dat > c:\windows\tempor~1\content.ie5\index.dat > > If you have upgraded MSIE several times, they might have alternative names of > mm256.dat and mm2048.dat, and may also be located here: > > c:\windows\tempor~1\ > c:\windows\history\ > > Not to mention the other alternative locations under: > > c:\windows\profiles\%user%\... > c:\windows\application data\... > c:\windows\local settings\... > c:\windows\temp\... > c:\temp\... > > FYI, there are a couple other index.dat files that get hidden as well, but > they are seemingly not very important. > > > 3.0. HOW TO ERASE THE FILES ASAP > > Step by step information on how to erase these files as soon as possible. > This section is recommended for the non-savvy. Further explanation can be > found in Section 4.0. Please note that following these next steps will erase > all your internet cache and cookies files. If you use the offline content > feature with MSIE, it will remove this as well. It will not erase your > bookmarks. > > > 3.1. IF YOU HAVE EVER USED MICROSOFT INTERNET EXPLORER > > 1) Shut your computer down, and turn it back on. > 2) While your computer is booting keep pressing the [F8] key until you are > given an option screen. > 3) Choose "Command Prompt Only." This will take you to real DOS mode. ME > users must use a bootdisk to get into real DOS mode. > 4) When your computer is done booting, you will have a C:\> followed by a > blinking cursor. Type in this hitting enter after each line (sans > parenthesis): > > C:\WINDOWS\SMARTDRV (Loads smartdrive to speed things up.) > CD\ > DELTREE/Y TEMP (This line removes temporary files.) > CD WINDOWS > DELTREE/Y COOKIES (This line removes cookies.) > DELTREE/Y TEMP (This removes temporary files.) > DELTREE/Y HISTORY (This line removes your browsing history.) > DELTREE/Y TEMPOR~1 (This line removes your internet cache.) > > (If this last line doesn't work then type this:) > > CD\WINDOWS\APPLIC~1 > DELTREE/Y TEMPOR~1 > > (If this doesn't work then type this:) > > CD\WINDOWS\LOCALS~1 > DELTREE/Y TEMPOR~1 > > (If this still does not work, and you are sure you are using MSIE 5.x, then > feel free to e-mail me. If you have profiles turned on, then it is likely > located under \windows\profiles\%user%\, while older versions of MSIE keep > them under \windows\content\.) > > This last one will take a ridiculous amount of time to process. The reason it > takes so incredibly long is because there is a TON of useless cache stored > on your HD. > > 5) Immediately stop using Microsoft Internet Explorer and go with any of the > alternative browsers out there. Netscape 4.7x from netscape.net, mozilla from > mozilla.org, or opera from opera.com. > > FYI, Windows re-creates the index.dat files automatically when you reboot your > machine so don't be surprised when you see them again. They should at least > be cleared of your browsing history. > > > 3.2. CLEARING YOUR REGISTRY > > It was once believed that the registry is the central database of Windows that > stores and maintains the OS configuration information. Well, this is wrong. > Apparently it also maintains a bunch of other information that has absolutely > nothing to do with the configuration. I won't get into the other stuff but > for one, your Typed URLs are stored in the registry. > > HKEY_USERS/Default/Software/Microsoft/Internet Explorer/TypedURLs/ > HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/TypedURLs/ > > These "Typed URLs" come from MSIE's autocomplete feature. It records all URLs > that you've typed in manually in order to save you some time filling out the > address field. By typing "ama" the autocomplete feature might bring up > "amazon.com" for you. Although, I find it annoying, some people prefer this > feature. One thing is for sure however -- it's an obvious privacy risk. You > wouldn't want a guest to type "ama" and have it autocomplete to > "amaturemudwrestlers.com" now would you? > > You can clear your Typed URLs out of your registry by doing going to your > Control Panel > Internet Options > Content > [AutoComplete] > and finally > [Clear Forms]. If you feel the AutoComplete feature is a privacy risk, then > uncheck the appropriate boxes here. > > FYI, this section has nothing to do with "really hidden files." It was added > so people can completely clear their browsing history before having to ditch > Microsoft Internet Explorer. > > > 3.3. SLACK FILES > > As you may already know, deleting files only deletes the references to them. > They are in fact still sitting there on your HD and can still be recovered by > a very motivated person. > > ù BCWipe is a nice program that will clear these files. (www.bcwipe.com). > ù For you DOS buffs, there's a freeware file wiper on simtel.net that I use. > (www.simtel.net/pub/dl/45631.shtml). > ù If you are using PGP then there is a "Freespace Wipe" option under PGPtools. > ù The newer versions of Norton Utilities has a nice filewiping utility. > ù You might want to check out Evidence Eliminator's 30 day trial. This is > probably the best program as far as your privacy goes. > (www.evidence-eliminator.com) > > > 3.4. KEEPING MICROSOFT'S PRODUCTS > > If your work environment forces you to use Microsoft Internet Explorer then I > strongly recommend that you talk your boss into checking out one of these > programs: > > ù PurgeIE (www.aandrc.com/purgeie) > ù Cache and Cookie Cleaner for IE (www.webroot.com/washie.htm) > ù Anonymizer Window Washer (www.anonymizer.com/anonwash) > > These programs automate the process for you, and is far better then having to > ad 'deltree/y' lines to your autoexec. > > AND if your work environment forces you to use Outlook or Outlook Express then > you should get in the habit of compacting your mailboxes. > > You can do this by going to File > Folder > Compact All if you have Outlook > Express. > > or > > Tools > Options > Other tab > [Auto Archive] if you have Outlook. Make sure > to set things up here. > > > 4.0. STEP-BY-STEP GUIDE THROUGH YOUR HIDDEN FILES > > This next section is intended for the savvy user. > > The most important files to be paying attention to are your "index.dat" files. > These are database files that reference your history, cache and cookies. The > first thing you should know is that the index.dat files is that they don't > exist in less you know they do. They second thing you should know about them > is that some will *not* get cleared after deleting your history and cache. > > The result: > > A log of your browsing history hidden away on your computer after you thought > you cleared it. > > To view these files, follow these steps: > > In MSIE 5.x, you can skip this first step by opening MSIE and going to Tools > > Internet Options > [Settings] > [View Files]. Now write down the names of > your alphanumeric folders on a piece of paper. If you can't see any > alphanumeric folders then start with step 1 here: > > 1) First, drop to a DOS box and type this at prompt (in all lower-case) to > bring up Windows Explorer under the correct directory... > > c:\windows\explorer /e,c:\windows\tempor~1\content.ie5\ > > You see all those alphanumeric names listed under "content.ie5?" (left-hand > side.) That's Microsoft's idea of making this project as hard as possible. > Actually, these are your alphanumeric folders that was created to keep your > cache. Write these names down on a piece of paper. (They should look > something like this: 6YQ2GSWF, QRM7KL3F, U7YHQKI4, 7YMZ516U, etc...) If you > click on any of the alphanumeric folders then nothing will be displayed. Not > because there aren't any files here, but because Windows Explorer has lied to > you. If you want to view the contents of these alphanumeric folders you will > have to do so in DOS. (Actually, this is not always true. *Sometimes* > Windows Explorer will display the contents of the alphanumeric folders -- but > mostly it won't. I can't explain this.) > > 2) Then you must restart in MS-DOS mode. (Start > Shutdown > Restart in > MS-DOS mode. ME users use a bootdisk.) > > Note that you must restart to DOS because windows has locked down some of the > files and they can only be accessed in real DOS mode. > > 3) Type this in at prompt: > > CD\WINDOWS\TEMPOR~1\CONTENT.IE5 > CD %alphanumeric% > (replace the "%alphanumeric%" with the first name that you just wrote down) > > DIR/P > > The cache files you are now looking at are directly responsible for the > mysterious erosion of HD space you may have been noticing. One thing > particularly interesting is the ability to view some your old e-mail if you > happen to have a hotmail account. (Oddly, I've only been able to retreive > hotmail e-mail, and not e-mail from my other web-based e-mail accounts. Send > me your experiences with this.) To see them for yourself you must first copy > them into another directory and THEN open them with your browser. Don't ask > me why this works. > > A note about these files: These are your cache files that help speed up > your internet browsing. It is quite normal to use this cache system, as every > major browser does. On the other hand. It isn't normal for some cache files > to be left behind after you have instructed your browser to erase it. > > 5) Type this in: > > CD\WINDOWS\TEMPOR~1\CONTENT.IE5 > EDIT /75 INDEX.DAT > > You will be brought to a blue screen with a bunch of binary. > > 6) Press and hold the [Page Down] button until you start seeing lists of URLs. > These are all the sites that you've ever visited as well as a brief > description of each. You'll notice it records everything you've searched for > in a search engine in plain text, in addition to the URL. > > 7) When you get done searching around you can go to File > Exit. If you don't > have mouse support in DOS then use the [ALT] and [Arrow] keys. > > 8) Next you'll probably want to erase these files by typing this: > > C:\WINDOWS\SMARTDRV > CD\WINDOWS > DELTREE/Y TEMPOR~1 > > (replace "cd\windows" with the location of your TIF folder if different.) > > This will take a seriously long time to process. Even with smartdrive loaded. > > 9) Then check out the contents of your History folder by typing this: > > CD\WINDOWS\HISTORY\HISTORY.IE5 > EDIT /75 INDEX.DAT > > You will be brought to a blue screen with more binary. > > 10) Press and hold the [Page Down] button until you start seeing lists of URLS > again. > > This is another database of the sites you've visited. > > 11) And if you're still with me type this: > > CD\WINDOWS\HISTORY > > 12) If you see any mmXXXX.dat files here then check them out (and delete > them.) Then... > > CD\WINDOWS\HISTORY\HISTORY.IE5 > CD MSHIST~1 > EDIT /75 INDEX.DAT > > More URLs from your internet history. Note, there are probably other mshist~x > folders here so you can repeat these steps for every occurence if you please. > > 13) By now you'll probably want to type in this: > > CD\WINDOWS > DELTREE/Y HISTORY > > > 5.0. HOW MICROSOFT DOES IT > > How does Microsoft make these folders/files invisible to DOS? > > The only thing Microsoft had to do to make the folders/files invisible to a > directory listing is to set them +s[ystem]. That's it. As soon as the dir/s > command hits a system folder, it renders the command useless (unlike normal > folders.) A more detailed explanation is given in Section 6. > > So how does Microsoft make these folders/files invisible to Windows Explorer? > > The "desktop.ini" is a standard text file that can be added to any folder to > customize certain aspects of the folder's behavior. In these cases, Microsoft > utilized the desktop.ini file to make these files invisible. Invisible to > Windows Explorer and even to the "Find: Files or Folders" utility (so you > wouldn't be able to perform searches in these folders!) All that Microsoft > had to do was create a desktop.ini file with certain CLSID tags and the > folders would disappear like magic. > > To show you exactly what's going on: > > Found in the c:\windows\temporary internet files\desktop.ini and the > c:\windows\temporary internet files\content.ie5\desktop.ini contains this > text: > > [.ShellClassInfo] > UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} > > Found in the c:\windows\history\desktop.ini and the > c:\windows\history\history.ie5\desktop.ini contains this text: > > [.ShellClassInfo] > UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933} > CLSID={FF393560-C2A7-11CF-BFF4-444553540000} > > The UICLSID line cloaks the folder in Windows Explorer. The CLSID line > disables the "Find" utility from searching through the folder. (Additionally, > it gives a folder the appearance of the "History" folder.) > > To see for yourself, you can simply erase the desktop.ini files. You'll see > that it will instantly give Windows Explorer proper viewing functionality > again, and the "Find" utility proper searching capabilities again. Problem > solved right? Actually, no. As it turns out, the desktop.ini files get > reconstructed every single time you restart your computer. Nice one, Slick. > > Luckily there is a loophole which will keep Windows from hiding these folders. > You can manually edit the desktop.ini's and remove everything except for the > "[.ShellClassInfo]" line. This will trick windows into thinking they have > still covered their tracks, and wininet won't think to reconstruct them. > > I can't stress how ridiculous it is that Windows actually makes sure the files > are hidden on every single boot. No other files or folders get this kind of > special treatment. So what's the agenda here? > > > 6.0. +S MEANS [S]ECRET NOT [S]YSTEM > > Executing the "dir/a/s" command from root *should* be the correct command to > display all files in all subdirectories in DOS. However, doing so will not > display the index.dat files. This is because when DOS tries to get a list of > the subdirectories of any +s[ystem] directory it hits a brick wall. No files > or folders will be listed within any system directory. Not only does this > defeat the whole purpose of the "/s" switch in the first place, but I'd say it > looks like Microsoft took extra precautions to keep people from finding the > files. Remember. The only thing you need to do to obscure a file in DOS is > to mark the parent directory +s[ystem]. > > I was told by a few people that this was due to a very old DOS bug that dates > back many years. Fine. I can accept that. A bug it is. > > But, would you consider your Temporary Internet Files to be "system files?" > It would seem that your TIF folder appears to be marked +s[ystem] for no good > reason at all. Just because. Same with your history folder. You may not > agree, but I tend to think that Microsoft marked the folders as +s[ystem] > solely to hide any directory recursal from DOS. > > In case you didn't understand, here's a small experiment that will show you > what I mean... > > Since the content.ie5 and history.ie5 subfolders are both located within a > +s[ystem] folder, we will run the experiment with them. The proper command to > locate them *should* be this: > > CD\ > DIR *.IE5 /as/s > > The problem is that you will receive a "No files found" error message. > > Since we already know there is a content.ie5 subfolder located here, why is > it giving me the "no files found" message? > > But there is a way to get around this brick wall. That is, once you are > inside the system directory, then it no longer has an effect on the dir > listings. For example, if you enter the system folder first, and THEN try to > find any +s[ystem] directories you can see them just fine: > > CD\WINDOWS\TEMPOR~1 > DIR *.IE5 /as/s > > 1 folder(s) found. > > Now you will get a "1 folder(s) found." message. (But only after you knew the > exact location.) > > In other words, if you didn't know the files existed then finding them would > be almost impossible. > > And, by the way. To see the "bug" in progress... > > CD\ > DIR *.IE5 /a/s > > It will echo "no files found." > > Now, just take away the system attributes from the parent directory... > > CD\WINDOWS > ATTRIB -S TEMPOR~1 > > And retry the test... > > CD\ > DIR *.IE5 /a/s > > It will echo "1 folder(s) found." > > > 7.0. A LOOK AT OUTLOOK EXPRESS > > Would you think twice about what you said if you knew it was being recorded? > E-mail correspondence leaves a permanent record of everything you've said -- > even after you've told Outlook Express to erase it. You are given a false > sense of security sense you've erased it twice, so surely it must be gone. > The first time Outlook simply moves it to your "Deleted Items" folder. The > second time you erase it Outlook simply "pretends" it is gone. The truth is > your messages are still being retained in the database files on your HD. > (As with your e-mail attachments.) > > For earlier versions of Outlook Express, they will be located in either of > the following folder: > > c:\program files\internet mail and news\%user%\mail\*.mbx > c:\windows\application data\microsoft\outlook\mail\*.mbx > > At this point you have two choices. > > a) Get in the habit of compacting your folders all the time. > b) Backup, print-out, or import the data into another e-mail client such as > Eudora and then delete the mbx files (and thus all your e-mail correspondence) > by typing this: > > cd\progra~1\intern~1\%user%\mail > deltree/y mail > > or > > cd\windows\applic~1\micros~1\outloo~1\ > deltree/y mail > > *Typing in the above commands will kill all your e-mail correspondence. Do > not follow those steps in less you have already exported your e-mail and > address book! > > If you have a newer version of Outlook or Outlook Express the databases are > located elsewhere. Look for .dbx and .pst file extensions. These databases > are five times as creepy, and I strongly recommend you take at the files. > > Just from my outbox.dbx file I was able to view some of my old browsing > history, bring up previously-visited websites in html format, and even read > ancient e-mail from my Eudora client (read: EUDORA). > > Again, don't take my word for it. See for yourself and THEN tell me what you > think Slick Willy is up to here. > > > 8.0. THE TRUTH ABOUT FIND FAST > > Have you ever wondered what that "Find Fast" program was under your control > panel? Here's a hint: It has absolutely nothing to do with the "Find" > utility located under the [Start] menu. Just to clear up any confusion before > going on, Oblivion adequately explains Find Fast here: > > "In any version of Word after 95, choose File Open and you'll get the Office > App Open dialog. Instead of just a space for the file name, there are text > boxes for file name, files of type, text or property & last modified. These > are search criteria you can use to find one or more files. There is also an > "Advanced" button that opens a dedicated search dialog with more options. > When you use either of these dialogs to perform a search, that search process > uses the indexes built by Find Fast." > > --Oblivion > > But what would you say if I told you that Find Fast was scanning every single > file on your hard drive? Did you know that in Office 95, the Find Fast > Indexer had an "exclusion list" comprised of .exe, .swp, .dll and other > extensions, but the feature was eliminated? If you were a programmer would > you program Find Fast to index every single file, or just the ones with Office > extensions? > > FYI, If you have ever had problems with scandisk or defrag restarting due to > disk writes, it is because Find Fast was indexing your hard drive in the > background. It loads every time you start your computer up. > > Now here is a good example of the lengths Microsoft has gone through to keep > people from finding out Find Fast is constantly scanning and indexing their > hard drives. (Always good to have an alibi.) Here's a snippet taken from > microsoft.com: > > "When you specify the type of documents to index in the Create Index dialog > box, Find Fast includes the document types that are listed in the following > table. > > Document type File name extension > ------------- ------------------- > > MS Office and Web Documents All the Microsoft Excel, Microsoft > PowerPoint, Microsoft > Project, and Microsoft Word document types > listed in this table. Microsoft Binder > (.odb, .obt) and Microsoft Access (.mdb) > files. Note that in .mdb files, only > document properties are indexed. > > Word documents .doc (document), > .dot (template), .ht* (Hypertext Markup > Language document), .txt (text file), .rtf > (Rich Text Format) files, Excel workbooks > .xl* files > > PowerPoint .ppt (presentation), .pot (template), .pps > (auto-running presentation) files > > Microsoft Project files .mpp, .mpw, .mpt, .mpx, .mpd files > > All files *.* files" > > > Did you get that last part? "All files?" Find Fast indexes Office Documents, > Web documents, Word Documents, Power Point files, Project files, and (oh I > forgot) EVERY SINGLE other file on your computer. > > Actually, the good news is that this isn't necessarily true. In another > statement Microsoft claims that if Find Fast deems the file "unreadable" then > the file will not be included in the index. For example, your command.com > probably wouldn't get indexed because it doesn't have a lot of plain text -- > mostly binary. > > But, back to the bad news. Every single file that has legible text is going > to be included in the Find Fast database. Do you understand the implication > here? ALL TEXT SAVED TO YOUR HARD DRIVE IS INDEXED. The forensic > capabilities are enormous, folks. Don't forget "all text" also means > previously-visited webpages from your cache. See for yourself... > > 1) Open up a DOS window and type... > 2) CD\ > 3) DIR FF*.* /AH (This will bring up a list of the find fast databases.) > 4) EDIT /75 %ff% (insert %ff% with any of the names that were listed.) > > Notice the incredible amount of disk accesses to your cache and history > folders? Why do we need two indexes? > > > 8.1. REMOVING THE FIND FAST PROGRAM > > You can remove Find Fast using your Office CD, but I recommend you do it > manually... > > 1) Reboot your computer in MS-DOS Mode. > 2) Delete the findfast.cpl file from c:\windows\system\. > 3) Delete the shortcut (.lnk) under c:\windows\start menu\programs\startup\. > 4) Delete the findfast.exe file from c:\progra~1\micros~1\office\. > 5) Important to delete the find fast databases (c:\ff*.*). > 6) You can also safely delete FFNT.exe, FFSetup.dll, FFService.dll, and > FFast_bb.dll if you have them. > > Feel free to check out the ffastlog.txt (which is the Find Fast error log). > It's a +h[idden] file under c:\windows\system\. > > > 9. CONTACT INFO AND PGP BLOCKS > > This tutorial is being updated all the time. If you have any useful input, or > if you see a mistake somewhere, then please e-mail me so I can compile it into > future versions. You will be able to find the most recent version of this > tutorial at fuckmicrosoft.com. I am not affiliated with the site. > > My e-mail address is located at the end of this note. Please let me know > where you heard about this tutorial in your message. If you have something > important to say to me, then please use encryption. My public key blocks are > located below. Be suspicious if you send me an encrypted message but never > get a reply. > > Thanks for reading, > > -- The Riddler > theriddler@f... > > My 2.6.2 block is no longer valid because my secring was nuked. When I > created another keyring with another version of PGP, it read my "SET PGPPATH=" > line and copied a new ring over my old one. No backups were made. Moral of > the story: Backup your keys. > > My PGP 2.6.3 Block: > > -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: 2.6.3a > Comment: Compatible with PGP 2.6.x > > mQCNAzvVzqgAAAEEANT+lnfVk79zr/eYkLHs+euTg/JBSQXmUWB5dMxv4Vvv4Xes > CnaNrv5Udi3hfABKb1tq41N6kPJ/n/Qz/vSW52Z4wg+Q+ZGGoITIJ1p8bDOceb2Q > EsMsY7kzCHqkBF0N53TuVt+ywhVncN+CqecVvhuQ4RXUOVUvru7gGcd76OVxAAUR > tAt0aGUgcmlkZGxlcokAlQMFEDvVzqju4BnHe+jlcQEBC14EAM3Th47aEChB0GAf > 5xGlLPQnrj6zyf5uovj12PEFnCOwcEhDDAuq4Ito7Keb22DqwlJDNChIM7xLx8bZ > d9VaMpkirFzgvFmGu5eNGp18rR9EyIVY/tTdWlRcsUL/nw2XNXxw51tHE7M/O1fp > Un4qIcG0CfAQ1QCUfqOwTWbFH/Wy > =muLu > -----END PGP PUBLIC KEY BLOCK----- > > My GPG 1.0.6 Block: > > -----BEGIN PGP PUBLIC KEY BLOCK----- > Version: GnuPG v1.0.6 (MingW32) > > mQGhBDu3TSERBACO0Fx9pjMULe6qLQwOgfvdnQconLOMyftZdp9+ZX6t29ebJ/Z5 > qQOJ9ce9Xr6Lj4u+M9VDx1FK5ueoD45bUAy0HAvYDV/HEu2vCRimpbreDky/U88a > XL59Pe8qwnmfUzYc/LnH86VCr4lPmpbz6/adXj44xE6EwkhFcq6BD4isCwCg8zZO > Hk9+KEKOyPHIFWq7TUA/JdUD/jWtNrGZ0tfSAS0WDiBifsBr1HW7n2IMDFX1anqC > DN0ToM5IFWGDkOh1NUvP0RvyrnNuBOP/oWxkPLR0nVvifETF0iG9o+kfitC9NmJn > QP/iw4WhCoHRCc5wqnAAXQC9j8JdodQ8E5VnfnNGkttgWz7mNzBongrIoTdfVdtf > o5NwA/d/lwMhGE0HNXnXOgRBcPjGD0LsR8pFoSP/HJ9Hu3zms2cbQqN2O/f99H2G > s9mXR7uvicu9SbKoTwFkptLVbOQIhvBnw0fTlZGrUsaiw4vzt99PffTKq1FPIpQe > K7HcnUK2+ZSVs5PxGiDckobJEjBssSw9Lg5RSNMy9H7s9jv3tAt0aGUgcmlkZGxl > cohXBBMRAgAXBQI7t00iBQsHCgMEAxUDAgMWAgECF4AACgkQ/bqXDRMV1MxyMgCc > CH2uO/f46JgQ0pspQxi7IBv0yNQAn11ebXHbZGuADwuBun1EnQCJb8VIuQINBDu3 > UOAQCADKG2mf/FW3kuSAGoFmIMBm4l6m0O7denwUIpZP2jxeNTLmLW6ntGglHP++ > wEQpHjKTJfXoSHZH0euuXVZ9hOVdf1+PuRNy0DzrDDiKX7fdQ6eSbw+heSWc0kOF > AB1j3pcovG4K2+bK66039kQLIT3kNUZgh9DdMZjIFzBg90aQnaEm5LLMkv1FNVZP > YehZm3RRIpLAX5vkJJbUA/VVh/FXDG5f21iAGDHgSdKsLW2JNDAWe6/rY0GV5dgx > C0gsqBn1rxNNDyG+z6nFCQtohL/x5zdTzedLQBjIlao91mSWhBsyxiX8mjhvGO97 > o6zVUG5KHBKGmvWMqlyOsGY9VSbDAAMGCADIaFAcE+ADY3ku9Fy0NIlJhbj578YY > xpsE6KvZI1OqbHSoBnN06A3Mpxp4QRBXlr9eRRl+zMTQl1VcVWkahZYNapOqq6L3 > wHBmf9psggCBxqQdI9n5zxnlkphb50J7G9UevB/IGzlW2fe7WMWjo2GegIvGHVWr > qeZgyaNf/CyMtihAX3O86rpqakq//nJvQ9MPcp/Brr9KT2NxBlpBm6xWY35IL5FG > dZ2hpHaO1TC6bdmWUPhvzmSVtD9f0AnnJEgVc03vBz7xJrc1IEa1DeRdfFNvkoch > +mNjc+fBAIQrVMCQ33u+yP/DWSdThrhxz1tAGWV7SlwxVyg6JPRQJ+moiEYEGBEC > AAYFAju3UOAACgkQ/bqXDRMV1MwVnACfaGrJRv2lgWHQbQWwv55t2cT+QWEAnA/n > ckswjlC9aNcBkcFl7X1SX8JX > =pFTK > -----END PGP PUBLIC KEY BLOCK----- > > > 9.1. RECOMMENDED READING > > http://www.theregister.co.uk/content/4/18002.html > http://www.findarticles.com/m0CGN/3741/55695355/p1/article.jhtml > http://www.mobtown.org/news/archive/msg00492.html > http://194.159.40.109/05069801.htm > http://www.yarbles.demon.co.uk/mssniff.html > http://www.macintouch.com/o98security.html > http://www.theregister.co.uk/content/archive/3079.html > http://www.fsm.nl/ward/ > http://slashdot.org > http://www.peacefire.org > http://stopcarnivore.org > http://nomorefakenews.com > http://grc.com/steve.htm#project-x > > > 10. SPECIAL THANKS (and no thanks) > > This version I want to give special thanks to Concerned Boss, Oblivion, and > the F-Prot virus scanner. > > I also want to take this time to show my dissatisfaction to the New Zealand > Herald. Although partly flattering, it was more disgusting to see a newspaper > try to take credit for my work. > > > 11. REFERENCES > > http://support.microsoft.com/support/kb/articles/Q137/1/13.asp > http://support.microsoft.com/support/kb/articles/Q136/3/86.asp > http://support.microsoft.com/support/kb/articles/Q169/5/31.ASP > http://support.microsoft.com/support/kb/articles/Q141/0/12.asp > http://support.microsoft.com/support/kb/articles/Q205/2/89.ASP > http://support.microsoft.com/support/kb/articles/Q166/3/02.ASP > http://www.insecure.org/sploits/Internet.explorer.web.usage.logs.html > http://www.parascope.com/cgi-bin/psforum.pl/topic=matrix&disc=514&mmark=all > http://www.hackers.com/bulletin/ > http://slashdot.org/articles/00/05/11/173257.shtml > http://peacefire.org > > COPYRIGHT INFORMATION > > This article has been under the protection of copyright laws the moment it was > fixed in a tangible form. In less otherwise agreed, this article may only be > distributed as a whole and without modification. Thank you. > -- > > -------------------------------------------------------------------------------------------------- > The First, The Largest, The Most Popular, and The Most Complete TSCM, > Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet. > -------------------------------------------------------------------------------------------------- > James M. AtkinsonPhone: (978) 546-3803 > Granite Island GroupFax: (978) 546-9467 > 127 Eastern Avenue #291http://www.tscm.com/ > Gloucester, MA 01931-8008mailto:jmatk@t... > -------------------------------------------------------------------------------------------------- > People sleep peaceably in their beds at night only because rough > men stand ready to do violence on their behalf. - George Orwell > -------------------------------------------------------------------------------------------------- > > > ======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.yahoogroups.com/community/TSCM-L > > It is by caffeine alone I set my mind in motion. > It is by the juice of Star Bucks that thoughts acquire speed, > the hands acquire shaking, the shaking is a warning. > It is by caffeine alone I set my mind in motion. > =================================================== TSKS > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ > > > "The universe is full of magical things patiently waiting for our wits to grow sharper." Eden Phillpotts 4750 From: Larry Malmberg Date: Thu Feb 7, 2002 9:27am Subject: Computer Key Stroke Anti Logging This is not an endorsement, just FYI. http://www.anti-keyloggers.com/ Larry Larry Malmberg Investigations and Security 638 North "D" Street San Bernardino, CA 92401-1110 800-655-4549 or 909-383-8565 FAX 909-383-8566 P.I. 15211, P.P.O. 12466 www.larrypi.com Just because you are paranoid doesn't mean someone is not following you! 4751 From: James M. Atkinson Date: Thu Feb 7, 2002 10:05am Subject: Subscriber Update - We Now have 1205 Subscribers I just thought the list membership would like to know that we now have 1205 solid subscribers to this forum. Our actual numbers are a little bit higher as at any particular moment a dozen or so subscribers are in bounce status (in reality, right now we have 1223 subscribers). The list grows by about 25+ people per month, with roughly 35-45 people joining, and 10-15 people leaving each month. The list is dedicated to TSCM, is completely free, has no dues, has open membership, and exists for the sole purpose of improving the industry and "raising the bar". For the most part the list has been good at staying on relevant topics, but I invite the membership to periodically post humor to give us a chuckle, or pearl of wisdom to help us all think. News articles relative to espionage or counter-espionage is also welcome as list postings, as are white papers, technical materials, etc. For Sale, and "Looking to Buy" notices are also welcome; but tread carefully as I take a dim view of people trying to SPAM via the list. -jma -- -------------------------------------------------------------------------------------------------- The First, The Largest, The Most Popular, and The Most Complete TSCM, Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet. -------------------------------------------------------------------------------------------------- James M. AtkinsonPhone: (978) 546-3803 Granite Island GroupFax: (978) 546-9467 127 Eastern Avenue #291http://www.tscm.com/ Gloucester, MA 01931-8008mailto:jmatk@t... -------------------------------------------------------------------------------------------------- People sleep peaceably in their beds at night only because rough men stand ready to do violence on their behalf. - George Orwell -------------------------------------------------------------------------------------------------- 4752 From: A Grudko Date: Thu Feb 7, 2002 10:58am Subject: Anti-keylogger In my mail today Spy vs Spy vs Spy (?) I'm more than dubious of any device that claims to be able to detect "UNKNOWN" threats. Andy Grudko D.P.M., Grad I.S, (S.A.) - Grudko Associates - www.grudko.com , Est. 1981 International business intelligence and investigations - ICQ 146498943 Johannesburg (+27 11) 465 9673 - 465 1487 (Fax), Pretoria (+27 12) 244 0255 - 244 0256 (Fax) SACI, WAD, CALI, SAMLF, UKPIN, AFIO (OS), IWWA, PRETrust, AmChamCom When you need it done right - first time - Original Message - The Anti-keylogger is the FIRST product of its kind in the world that can > provide every computer with virtual protection against all types of > unauthorized keystroke monitoring programs, both KNOWN and UNKNOWN. > Product includes powerful intellectual analyzer, which allows to > detect and deactivate all keystroke monitoring programs probably > running on your system. > > http://www.anti-keyloggers.com 4753 From: Date: Thu Feb 7, 2002 8:16am Subject: Re: Anti-keylogger In a message dated 2/7/02 11:02:26 AM Pacific Standard Time, agrudko@i... writes: << I'm more than dubious of any device that claims to be able to detect "UNKNOWN" threats. >> we have unknown threats on this list 4754 From: James M. Atkinson Date: Thu Feb 7, 2002 1:07pm Subject: Ms. Cleo's Bug Sweeping 900 Hotline That's not a bad idea. How about simply pulling the caller ID record available when you call a 900 number, feeding it to a PC that in turn calls the 800# for the MLT (Metallic Loop Test) facility, which in turn strobes the line with a TDR and reads back the phone number, cable number, pair number, address, distances, voltages, etc to the caller. This way the caller could check their lines daily for any kind of voltage, current, impedance, or length related issues. The computer (at the 900 #) could store the results of all of their tests and let them know that everything was the same as previous checks. It could make someone an overnight millionaire (until they got indicted). The biggest problem is that it would miss 85-90% of actual eavesdropping devices. -jma At 10:50 AM -0600 2/7/02, John McCain wrote: >I know..... Jim, you just hit upon the REAL moneymaker. We'll let >you (but share the profits with the list:-) set up a 900 line with >a voice response voltmeter on it. When they call (after being on >hold for about 5 minutes loor so istening to how great the system >is, it reads back the line voltage (of your line naturally). The >voltages will vary a little, so they get different numbers most of >the time. Then, the recording tells them that this is a normal line >voltage, so there is probably not a tap on the line. Of course, it >follows that with an announcement that they need to call back weekly >to insure that no one has installed a tap on the line THIS week. >Invite them to call from Pay phones, friend's phones, etc. to make >sure that they can talk to them without being worried about taps >there. > >Might be more profitable than Ms. Cleo! >Cheers, >JohnM -- -------------------------------------------------------------------------------------------------- The First, The Largest, The Most Popular, and The Most Complete TSCM, Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet. -------------------------------------------------------------------------------------------------- James M. AtkinsonPhone: (978) 546-3803 Granite Island GroupFax: (978) 546-9467 127 Eastern Avenue #291http://www.tscm.com/ Gloucester, MA 01931-8008mailto:jmatk@t... -------------------------------------------------------------------------------------------------- People sleep peaceably in their beds at night only because rough men stand ready to do violence on their behalf. - George Orwell -------------------------------------------------------------------------------------------------- 4755 From: James M. Atkinson Date: Thu Feb 7, 2002 5:39pm Subject: How Do These people Survive [Note: This came in from another list member, a bit of urban legends, but funny -jma] -jma Recently, when I went to McDonald's I saw on the menu that you could have an order of 6, 9 or 12 Chicken McNuggets. I asked for a half dozen nuggets. "We don't have half dozen nuggets", said the teenager at the counter. "You don't?" I replied. "We only have six, nine, or twelve," was the reply. "So I can't order a half-dozen nuggets, but I can order six?" "That's right." So I shook my head and ordered six McNuggets. The paragraph above doesn't amaze me because of what happened couple of months ago: I was checking out at the local Foodland with just a few items and the lady behind me put her things on the belt close to mine. I picked up one of those "Dividers" that they keep by the cash register and placed it between our things so they wouldn't get mixed. After the girl had scanned all of my items, she picked up the "Divider" looking it all over for the bar code so she could scan it. Not finding the bar code she said to me "Do you know how much this is?" and I said to her "I've changed my mind, I don't think I'll buy that today". She said "OK" and I paid her for the things and left. She had no clue to what had just happened.... A lady at work was seen putting a credit card into her floppy drive and pulling it out very quickly. When inquired as to what she was doing. She said she was shopping on the Internet and they kept asking for a credit card number, so she was using the ATM "thingy". I recently saw a distraught young lady weeping beside her car. Do you need some help?" I asked. She replied, "I knew I should have replaced the battery to this remote door unlocker. Now I can't get into my car. Do you think they (pointing to a distant convenient store) would have a battery to fit this?" "Hmmm, I dunno. Do you have an alarm too?" I asked. "No, just this remote thingy," she answered, handing it and the car keys to me. As I took the key and manually unlocked the door, I replied, "Why don't you drive over there and check about the batteries it's a long walk. Several years ago, we had an intern who was none too swift. One day she was typing and turned to a secretary and said, "I'm almost out of typing paper. What do I do?" "Just use copier machine paper," the secretary told her. With that, the intern took her last remaining blank piece of paper, put it on the photocopier and proceeded to make five blank"copies. I was in a car dealership a while ago, when a large motor home was towed into the garage. The front of the vehicle was in dire need of repair and the whole thing generally looked like an extra in "Twister". I asked the manager what had happened. He told me that the driver had set the "cruise control" and then went in the back to make a sandwich. -- -------------------------------------------------------------------------------------------------- The First, The Largest, The Most Popular, and The Most Complete TSCM, Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet. -------------------------------------------------------------------------------------------------- James M. AtkinsonPhone: (978) 546-3803 Granite Island GroupFax: (978) 546-9467 127 Eastern Avenue #291http://www.tscm.com/ Gloucester, MA 01931-8008mailto:jmatk@t... -------------------------------------------------------------------------------------------------- People sleep peaceably in their beds at night only because rough men stand ready to do violence on their behalf. - George Orwell -------------------------------------------------------------------------------------------------- 4756 From: Andre Holmes <1ach@v...> Date: Thu Feb 7, 2002 11:44am Subject: Optoelectronics Hi listies I have come across so information that maybe important to owners of such equipment. The Optoelectronics 3000A is no longer available do to parts shortage also the Micro line was infected as well. Andre Holmes [Non-text portions of this message have been removed] 4757 From: MaxS Date: Thu Feb 7, 2002 10:50am Subject: RE: Bible citation in Digest Number 851 Dear community member: Allow one comment from past East Block to this interesting topic: "The 10 Commandments of Counterintelligence" It'll be begin with >> in text. ">> Yes, but US president" I think that usage of BIBLE in politics and business should be or must be discussed with experts. Any piece of information without context is irrelevant. If it would support only some argument it must be precise, not some "half-random" work. I think lots of Universities in US are prepared enough to consult BIBLE usage. Especially for politics and Intelligence. What about or http://www.metanexus.net or some proved by AGENCIES ... . Sincerely, Martin KOCIAN Czech Republic Message: 2 Date: Tue, 5 Feb 2002 22:39:22 -0500 From: "James M. Atkinson" Subject: The 10 Commandments of Counterintelligence The 10 Commandments of Counterintelligence BY James M. Olson This article appeared in Studies of Intelligence, Unclassified Edition, Fall-Winter 2001, No.11, published by the CIA's Center for the Study of Intelligence. The Center seeks to promote study, debate, and understanding of the role of intelligence in the American system of government. Mr. Olson served in the Central Intelligence Agency's Directorate of Operations and is presently on the faculty of the George Bush School of Government and Public Service at Texas A&M University. "O that thou hadst hearkened to my commandments! Then had thy peace been as a river, and thy righteousness as the waves of the sea." Isaiah 48:18 >> Yes,but US president has made oath on BIBLE with Headline "One Nation" >> and also announced/declared in his state-of-the-union speech >> to Congress on Jan 29th "an axis of evil" threatens the peace. >> So, you should use Isaiah 49:26 to go in line with Mr.Bush and >> according BIBLE suggestion in Isaiah 48:18. "And I will make those maltreating you eat their own flesh; and as with the sweet wine they will become drunk with their own blood. ...." Isaiah 49:26 >> End of comment The need for counterintelligence (CI) has not gone away, nor is it likely to. The end of the Cold War has not even meant an end to the CI threat from the former Soviet Union. The foreign intelligence service of the new democratic Russia, the Sluzhba Vneshney Razvedki Rossii (SVRR), has remained active against us. It was the SVRR that took over the handling of Aldrich Ames from its predecessor, the KGB, in 1991. It was the SVRR that ran CIA officer Harold James Nicholson against us from 1994 to 1996. It was the SVRR that was handling FBI special agent Earl Pitts when he was arrested for espionage in 1996. It was the SVRR that planted a listening device in a conference room of the State Department in Washington in the summer of 1999. And it was the SVRR that was handling FBI special agent Robert Hanssen when he was arrested on charges of espionage in February 2001. The Russians are not alone. There have been serious, well-publicized concerns about Chinese espionage in the United States. The Department of Energy significantly increased security at its national laboratories in response to allegations that China had stolen US nuclear weapons secrets. Paul Redmond, the former Associate Deputy Director of Operations for Counterintelligence at the CIA, told the House Permanent Select Committee on Intelligence in early 2000 that a total of at least 41 countries are trying to spy on the United States. Besides mentioning Russia, China, and Cuba, he also cited several "friends," including France, Greece, Indonesia, Israel, the Philippines, South Korea, and Taiwan. He warned of a pervasive CI threat to the United States. The United States, as the world's only remaining superpower, will be the constant target of jealousies, resentments, rivalries, and challenges to its economic well-being, security, and leadership in the world. This inevitably means that the United States will be the target of large-scale foreign espionage. A Choice Assignment When I joined the CIA, one of my first interim assignments was with the old CI Staff. I found it fascinating. I was assigned to write a history of the Rote Kapelle, the Soviet espionage network in Nazi-occupied Western Europe during World War II. With its expanded computer power, NSA was breaking out the actual messages sent between the NKVD center in Moscow and the clandestine radios of the various cells in Western Europe. Incredibly, these messages came to me. There I was, a brand new junior officer, literally the first person in the CIA to see the day-to-day traffic from these life-and-death operations. I was deeply affected by the fear, heroism, and drama in these messages. Above all, I felt privileged to have been given such an opportunity. Building on an earlier study of the Rote Kapelle by the CI Staff, I completed a draft several months later that incorporated the new material. To my great surprise, this study was well received by my immediate superiors, and I was told that I was to be rewarded with a personal interview and congratulations from James Jesus Angleton, the legendary head of the CI Staff from 1954 to 1974. Angleton's office was on the second floor of the Original Headquarters Building. I was first ushered into an outer office, where Angleton's aides briefed me on how to conduct myself. And then I went alone into the inner sanctum. The room was dark, the curtains were drawn, and there was just one small lamp on Angleton's desk. I later heard that Angleton had eye trouble and that the light hurt his eyes, but I was convinced the real reason for the semidarkness was to add to his mystique. It certainly worked on me! I nervously briefed Angleton on my study, and he listened without interrupting, just nodding from time to time. When I finished, he methodically attacked every one of my conclusions. Didn't I know the traffic was a deception? Hadn't it occurred to me that Leopold Trepper, the leader of the Rote Kapelle, was a German double? He went on and on, getting further and further out. Even I, as a brand new officer, could tell that this great mind, this CI genius, had lost it. I thought he was around the bend. It was one of the most bizarre experiences of my career. When the meeting was over, I was glad to get out of there, and I vowed to myself that I would never go anywhere near CI again. I did not keep that vow. In my overseas assignments with the Agency, I found myself drawn toward Soviet CI operations. Nothing seemed to quicken my pulse more, and I was delighted when I was called back to Headquarters in 1989 to join the new Counterintelligence Center (CIC) as Ted Price's deputy. When Ted moved upstairs in early 1991 to become the Associate Deputy Director for Operations, I was named chief of the Center. Today, many years after that initial disagreeable encounter with CI, I find it hard to believe that it is actually my picture on the wall of the CIC conference room at CIA Headquarters, where the photos of all former CIA counterintelligence chiefs are displayed. There I am, number seven in a row that begins with Angleton. So, after a career that ended up being far more CI-oriented than I could ever have imagined, I would like to offer some personal observations in the form of "The 10 Commandments of Counterintelligence." I have chosen the form of commandments because I believe the basic rules of CI are immutable and should be scrupulously followed. In my view, it makes little difference whether the adversary is the Russians, the Cubans, the East Germans, the Chinese, or someone else. It likewise makes little difference whether we are talking about good CI practices in 1985 or in 2005. Unfortunately, as I watch US CI today, I am increasingly concerned that the principles I consider fundamental to effective CI are not being followed as carefully and consistently as they should be. These commandments were not handed down to me from a mountaintop, and I make no claim that they are inspired or even definitive. They are simply the culmination, for what they are worth, of my experience. They are intended primarily for my fellow practitioners in CI today, but also for any younger officers in the Intelligence Community (IC) who might someday want to join us. The First Commandment: Be Offensive CI that is passive and defensive will fail. We cannot hunker down in a defensive mode and wait for things to happen. I believe we are spending far too much money on fences, safes, alarms, and other purely defensive measures to protect our secrets. That is not how we have been hurt in recent years. Spies have hurt us. Our CI mindset should be relentlessly offensive. We need to go after our CI adversaries. Aggressive double agent (DA) operations are essential to any CI program, but not the predictable, hackneyed kind we have so often pursued. We need to push our bright and imaginative people to produce clever new scenarios for controlled operations, and we need more of them. The opposition services should be kept constantly off guard so that they never suspect that we have actually controlled the operations they believe they initiated from the beginning. When the requirements, modus operandi, and personality objectives of the DA operation have been achieved, we should in a greater number of cases pitch the opposition case officer. If only one out of 10 or 20 of these recruitments takes, it is worth it. And CI professionals, of course, should not rely exclusively on their own efforts. They should constantly prod their HUMINT colleagues to identify, target, and recruit officers from the opposition intelligence services. The key to CI success is penetration. For every American spy, there are several members of the opposition service who know who he or she is. No matter what it takes, we have to have penetrations. We should operate aggressively against the nontraditional as well as the traditional adversaries. How many examples do we need of operations against Americans by so-called friendly countries to convince us that the old intelligence adage is correct: there are friendly nations, but no friendly intelligence services? If we suspect for whatever reason that the operatives of a foreign intelligence service, friend or foe, are operating against us, we should test them. We should dress up an enticing morsel, made to order for that specific target, and send it by them. If they take it, we have learned something we needed to know, and we have an operation. If they reject it, as true friends should, we have learned something, too. In either event, because we are testing a "friend," plausible deniability has to be strictly preserved. Every foreign service is a potential nontraditional adversary; no service should get a lifetime pass from US offensive CI operations. The Second Commandment: Honor Your Professionals It has been true for years, to varying degrees throughout the IC, that CI professionals have not been favored, to the extent they deserved, with promotions, assignments, awards, praise, esteem, or other recognition. The truth is that CI officers are not popular. They are not always welcome when they walk in. They usually bring bad news. They are easy marks to criticize when things go wrong. Their successes are their failures. If they catch a spy, they are roasted for having taken so long. If they are not catching anyone, why not? What have they done with all that money they spent on CI? It is no-win. For much of my career, many of our best people avoided becoming CI specialists. CI was not prestigious. It had a bad reputation. It was not fast track. It did not lead to promotions or good assignments. Angleton left a distasteful legacy that for years discredited the CI profession. Ted Price did more than anyone else in the Agency to reverse that trend and to rehabilitate CI as a respected professional discipline. Nevertheless, that battle is still not completely won. We have to do more to get our CI people promoted, recognized, and respected so that our best young officers will be attracted to follow us into what we know is a noble profession and where the need is so great. The Third Commandment: Own the Street This is so fundamental to CI, but it is probably the least followed of the commandments. Any CI program worthy of the name has to be able to engage the opposition on the street, the field of play for espionage. And when we do go to the street, we have to be the best service there. If we are beaten on the street, it is worse than not having been there at all. For years, we virtually conceded the streets of the world's capitals, including the major espionage centers, to the KGB, the GRU, and the East European services because we either did not know how to do it or we were not willing to pay the price for a thoroughly professional, reliable, full-time, local surveillance capability. Opposition intelligence officers have to be watched, known meeting areas have to be observed, and, when an operation goes down-often on short notice- undetectable surveillance has to cover it, identify the participants, and obtain evidence. This capability is expensive-selection, training, vehicles, photo gear, video, radios, safe apartments, observation posts, and on and on-but, if we do not have it, we will be a second-rate CI service and will not break the major cases. The Fourth Commandment: Know Your History I am very discouraged when I talk to young CI officers today to find how little they know about the history of American CI. CI is a difficult and dangerous discipline. Many good, well-meaning CI people have gone wrong and made horrendous mistakes. Their failures in most cases are well documented, but the lessons are lost if our officers do not read the CI literature. I find it inconceivable that any CI practitioner today could ply his or her trade without an in-depth knowledge of the Angleton era. Have our officers read Mangold? Have they read Legend and Wilderness of Mirrors? Do they know the Loginov case, HONETOL, MHCHAOS, Nosenko, Pollard, and Shadrin? Are they familiar with Aspillaga and the Cuban DA debacle? Have they examined our mistakes in the Ames and Howard cases? Are they staying current with recent releases like The Mitrokhin Archive and The Haunted Wood? I believe it is an indispensable part of the formation of any American CI officer-and certainly a professional obligation-to study the CI failures of the past, to reflect on them, and to make sure they are not repeated. The many CI courses being offered now are a positive step, but there will never be a substitute for a personal commitment on the part of our CI professionals to read their history, usually on their own time at home. The Fifth Commandment: Do Not Ignore Analysis Analysis has too often been the stepchild of CI. Throughout the CI community, we have fairly consistently understaffed it. We have sometimes tried to make it up as we go along. We have tried to do it on the cheap. Generally speaking, operators make bad analysts. We are different kinds of people. Operators are actors, doers, movers and shakers; we are quick, maybe a little impulsive, maybe a little "cowboy." Our best times are away from our desks. We love the street. Research and analysis is really not our thing-and when we have tried to do it, we have not been good at it. True analysts are different. They love it. They are more cerebral, patient, and sedentary. They find things we could not. They write better. A lot of CI programs in the past have tried to make operators double as their own analysts. As a result, in the United States, CI analysis historically has been the weakest part of the business. Professional CI analysts have been undervalued and under appreciated. A good CI program will recruit and train true analysts in sizable numbers. I do not think it would be excessive as a rule of thumb in a top notch CI service to be evenly divided between operators and analysts. Very few of our US CI agencies come anywhere close to that ratio. Wonderful things happen when good analysts in sufficient numbers pore over our DA reports, presence lists, SIGINT, audio and teltap transcripts, maps, travel data, and surveillance reports. They find the clues, make the connections, and focus our efforts in the areas that will be most productive. Many parts of the US CI community have gotten the message and have incorporated trained analysts into their operations, but others have not. Across the board, we still have serious shortfalls in good, solid CI analysis. The Sixth Commandment: Do Not Be Parochial More harm probably has been done to US CI over the years by interagency sniping and obstruction than by our enemies. I remember when the CIA and the FBI did not even talk to each other-and both had disdain for the military services. It is no wonder that CI was a shambles and that some incredibly damaging spies went uncovered for so long. Occasionally in my career, I encountered instances of sarcasm or outright bad mouthing of other US Government agencies by my officers. That kind of attitude and cynicism infected our junior officers and got in the way of cooperation. These comments often were intended to flaunt our supposed "superiority" by demeaning the capabilities of the other organizations. I dealt with these situations by telling the officers to "knock it off," and I would encourage other CI supervisors around the community to do the same. CI is so difficult, even in the best of c