From: Matt Paulsen Date: Sun Feb 23, 2003 8:36pm Subject: RE: Bluetooth Security Check out https://www.bluetooth.org/ https://www.bluetooth.org/foundry/specification/docman/ contains the specs. -----Original Message----- From: Ocean Group - MU TSD [mailto:inertia@o...] Sent: Saturday, February 22, 2003 8:38 AM To: TSCM Group Subject: [TSCM-L] Bluetooth Security Hi, We've recently been working with a company who's management use wireless bluetooth access by using headsets for their mobile phones. We've been considering weather to add this to our risk evaluations. We did feel that with its power output 0.25mW or so the risk of using it in their offices and on compnay premises was somewhat acceptable. However we concluded that outside the office, in specific high risk scenario's, such as sitting in their car or on a train etc it would allow someone alot of time to work on compromising the situation. Basically I was wondering if anyone has had to deal with this threat and does anyone know of any papers on bluetooth encryption and the strenght of its security implmmentations. If I went on previous wireless implementations, such as the standard wireless lan etc I wouldn't hold alot of faith and would probably have to advise clients not to use it outside of premises etc. At least until I had seen some risk evaluations from some tech labs etc. If I remember rightly even the GSM ciphers, AS1/2? were compromised with a couple of basic PC setups, however GSM isn't on my agenda at the moment but I will revisit it later. Anyway, any thoughts or information links would be appreciated. Kind regards Oisin Ocean Group, Technical Security Division, Ireland. ======================================================== TSCM-L Technical Security Mailing List "In a multitude of counselors there is strength" To subscribe to the TSCM-L mailing list visit: http://www.yahoogroups.com/community/TSCM-L It is by caffeine alone I set my mind in motion. It is by the juice of Star Bucks that thoughts acquire speed, the hands acquire shaking, the shaking is a warning. It is by caffeine alone I set my mind in motion. =================================================== TSKS Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 6964 From: kondrak Date: Mon Feb 24, 2003 2:18am Subject: GPS devices increasingly are used to spy on people http://www.chron.com/cs/CDA/story.hts/nation/1789996 GPS devices increasingly are used to spy on people By FRANK JAMES Chicago Tribune WASHINGTON -- While GPS technology that uses satellites has been a boon to millions who don't want to get lost, others increasingly are turning to the same technology to track people and keep an eye on them. Spouses who believe mates are having affairs, employers who suspect workers are misusing company vehicles or parents who wonder if their children are where they are supposed to be are among those using devices tied to the global positioning system of satellites. At Washington's WJLA-TV, employees say officials at the station have abused the technology. Last year, management installed tracking devices in station vehicles -- cars and trucks that news crewmembers are permitted to take home. Officials at the station, an ABC affiliate, have said the devices are to let editors know where vehicles are for newsgathering purposes so that the closest crew can be dispatched. But employees said the devices have been used to monitor them. As one cameraman drove along a highway, a manager phoned to tell him to stop driving so fast. Company officials confronted another cameraman, wanting to know why the company car was driven on the employee's day off. "You have managers who call you and say, `Why have you stopped here, why did you stop there?' " said a news cameraman who asked not to be identified. "You're like, `I had to go to the bathroom,' or `I had to get something to eat.' " The station's general manager, Chris Pike, didn't return several calls for comment. While such GPS tracking is legal, the trend has contributed to the looming sense that the United States is increasingly a surveillance society, especially in the wake of stepped-up, terrorism-related security. The tracking also has created a backlash, with some subjects of electronic tracking seeking to thwart the technology. "Location tracking can be a considerably significant invasion of privacy," said Lee Tien, senior counsel for the Electronic Frontier Foundation, a San Francisco-based organization concerned with civil liberties and technology issues. "Who has access to that information?" he asked. "Under what circumstances? A lot of people don't think about what it means for your employer to be able to know where you go throughout your day. Or an insurance company." The satellite technology used for tracking relies on the same network widely used for navigation. GPS navigation is what allows U.S. cruise missiles to explode on, or within feet of, selected targets. Recovery workers marked the location of space shuttle Columbia debris with GPS devices. Many rental cars now come with GPS displays that let customers find addresses in unfamiliar cities. Meanwhile, Oregon is considering the feasibility of installing GPS technology in the cars of its residents to record how many in-state miles they drive as the state considers imposing car-related taxes based on road-mileage-driven versus fuel purchased. GPS may have even figured in one of the most notorious crime sprees in recent U.S. history. Last year, when the Washington-area sniper suspects were arrested, a GPS device was among the items found in their possession. Investigators speculate it might have helped them evade police dragnets by taking side streets instead of major roads. A network of 24 geo-stationary satellites broadcasts signals received by GPS devices. Using triangulation, the satellites help the devices gain a fix on their location anywhere on Earth. While the navigational functions of GPS have caused little or no clamor, tracking has caused a stir. The devices can not only indicate direction but the speed at which a vehicle or person is moving and the precise address they have visited. Some tracking is meant to protect the vulnerable. Wherify Wireless Inc., for example, makes a high-tech bracelet containing a GPS device and tiny wireless phone that can be placed on the wrists of children or Alzheimer's patients to help locate them if they get lost. Some companies offer tracking technology to the anxious parents of teenage drivers so they can know not only where their children are going but how fast they were driving. The devices cost about $400. "If you look at our (tracking) technology, it way overweighs the bad that people can do with it," said Timothy Neher, founder and president of the company. Neher got the idea for the devices after a scary moment during a zoo visit when he was momentarily separated from two young relatives in his care. Trucking firms have used GPS tracking for years to keep tabs on their drivers and shipments. But concerns about the potential use of the data for discipline purposes caused the Teamsters union to include specific language prohibiting such use in the contract it reached with United Parcel Service last August. 6965 From: frost_bitten_ca Date: Mon Feb 24, 2003 3:16am Subject: Sound projection technologies Woody Norris has a way of getting inside your head. No, we don't mean his overpowering handshake or Barnumesque penchant for self-promotion ("This is the biggest thing in audio in 77 years"). We mean HyperSonic Sound, his latest creation. (A prolific inventor, Norris, 64, also won a Best of What's New for a personal flying machine.) Unlike traditional speakers, which scatter sound, Norris' device streams it in a precise, laser-like beam for up to 150 yards with almost no degradation in quality or volume. If that seems incredible, trust me, it is. When I met Norris in September he pointed the 7-inch-square emitter at me from 30 feet away. Suddenly I heard the sound of birds chirping. The noise didn't seem to emanate from his device; I felt like it was generated inside my noggin. Yet a guy just 2 feet away from me couldn't hear it. How does it work? The piezoelectric transducer emits sound at frequencies above the human ear's 20,000-cycle threshold. Unlike low- frequency waves, the high-frequency signals don't spread out as they travel through air. Yet they do interact with the air to induce a related set of ultrasonic waves. These waves combine with the original waves, interfering to create an audible signal, focused into a beam. The applications are numerous, if not apparent: Thousands of soda machines in Tokyo will soon bombard passersby with the enticing sound of a Coke being poured, and several U.S. supermarkets will promote products to shoppers as they walk down corresponding aisles. Eventually HyperSonic Sound might enable a nightclub to play disco on one side of the dance floor and salsa on the other. Ambulances equipped with hypersonic sirens could clear the streets without waking the neighbors. Norris' company, American Technology, sells the devices for $600. http://www.popsci.com/popsci/bown/article/0,16106,388134,00.html see also holosonics: http://www.holosonics.com/ 6966 From: Johnston, Richard Date: Mon Feb 24, 2003 11:04am Subject: RE: GPS devices increasingly are used to spy on people So, what is the problem? The vehicle belongs to the TV station. It is their property. They should tell you it is being tracked and that should be sufficient. That should warn you not to park the vehicle at a bar at 2 a.m. or use it for your hobby of robbing banks. Just drive like your boss is riding with you. If you want privacy get out of their truck. Take your own car. You have no expectation of privacy at work, except in the restroom. Your desk, your office, your computer, your company car, etc., are not yours. They are for business. If the boss sees you go to your girlfriends house at 2 p.m., when you are supposed to be working, it is not an invasion of your privacy. It is not a violation of your civil liberties. It is a demonstration of your deceit and stupidity. Now, if the boss puts the tracker on your personally-owned car... -----Original Message----- From: kondrak [mailto:kondrak@s...] Sent: Monday, February 24, 2003 1:18 AM To: TSCM-L@yahoogroups.com Subject: [TSCM-L] GPS devices increasingly are used to spy on people http://www.chron.com/cs/CDA/story.hts/nation/1789996 GPS devices increasingly are used to spy on people By FRANK JAMES Chicago Tribune WASHINGTON -- While GPS technology that uses satellites has been a boon to millions who don't want to get lost, others increasingly are turning to the same technology to track people and keep an eye on them. Spouses who believe mates are having affairs, employers who suspect workers are misusing company vehicles or parents who wonder if their children are where they are supposed to be are among those using devices tied to the global positioning system of satellites. At Washington's WJLA-TV, employees say officials at the station have abused the technology. Last year, management installed tracking devices in station vehicles -- cars and trucks that news crewmembers are permitted to take home. Officials at the station, an ABC affiliate, have said the devices are to let editors know where vehicles are for newsgathering purposes so that the closest crew can be dispatched. But employees said the devices have been used to monitor them. As one cameraman drove along a highway, a manager phoned to tell him to stop driving so fast. Company officials confronted another cameraman, wanting to know why the company car was driven on the employee's day off. "You have managers who call you and say, `Why have you stopped here, why did you stop there?' " said a news cameraman who asked not to be identified. "You're like, `I had to go to the bathroom,' or `I had to get something to eat.' " The station's general manager, Chris Pike, didn't return several calls for comment. While such GPS tracking is legal, the trend has contributed to the looming sense that the United States is increasingly a surveillance society, especially in the wake of stepped-up, terrorism-related security. The tracking also has created a backlash, with some subjects of electronic tracking seeking to thwart the technology. "Location tracking can be a considerably significant invasion of privacy," said Lee Tien, senior counsel for the Electronic Frontier Foundation, a San Francisco-based organization concerned with civil liberties and technology issues. "Who has access to that information?" he asked. "Under what circumstances? A lot of people don't think about what it means for your employer to be able to know where you go throughout your day. Or an insurance company." The satellite technology used for tracking relies on the same network widely used for navigation. GPS navigation is what allows U.S. cruise missiles to explode on, or within feet of, selected targets. Recovery workers marked the location of space shuttle Columbia debris with GPS devices. Many rental cars now come with GPS displays that let customers find addresses in unfamiliar cities. Meanwhile, Oregon is considering the feasibility of installing GPS technology in the cars of its residents to record how many in-state miles they drive as the state considers imposing car-related taxes based on road-mileage-driven versus fuel purchased. GPS may have even figured in one of the most notorious crime sprees in recent U.S. history. Last year, when the Washington-area sniper suspects were arrested, a GPS device was among the items found in their possession. Investigators speculate it might have helped them evade police dragnets by taking side streets instead of major roads. A network of 24 geo-stationary satellites broadcasts signals received by GPS devices. Using triangulation, the satellites help the devices gain a fix on their location anywhere on Earth. While the navigational functions of GPS have caused little or no clamor, tracking has caused a stir. The devices can not only indicate direction but the speed at which a vehicle or person is moving and the precise address they have visited. Some tracking is meant to protect the vulnerable. Wherify Wireless Inc., for example, makes a high-tech bracelet containing a GPS device and tiny wireless phone that can be placed on the wrists of children or Alzheimer's patients to help locate them if they get lost. Some companies offer tracking technology to the anxious parents of teenage drivers so they can know not only where their children are going but how fast they were driving. The devices cost about $400. "If you look at our (tracking) technology, it way overweighs the bad that people can do with it," said Timothy Neher, founder and president of the company. Neher got the idea for the devices after a scary moment during a zoo visit when he was momentarily separated from two young relatives in his care. Trucking firms have used GPS tracking for years to keep tabs on their drivers and shipments. But concerns about the potential use of the data for discipline purposes caused the Teamsters union to include specific language prohibiting such use in the contract it reached with United Parcel Service last August. Yahoo! Groups Sponsor ADVERTISEMENT ======================================================== TSCM-L Technical Security Mailing List "In a multitude of counselors there is strength" To subscribe to the TSCM-L mailing list visit: http://www.yahoogroups.com/community/TSCM-L It is by caffeine alone I set my mind in motion. It is by the juice of Star Bucks that thoughts acquire speed, the hands acquire shaking, the shaking is a warning. It is by caffeine alone I set my mind in motion. =================================================== TSKS Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service . [Non-text portions of this message have been removed] 6967 From: Michael Puchol Date: Mon Feb 24, 2003 3:32pm Subject: Re: Bluetooth Security Hi Oisin, If you look at http://www.fte.com you will find a handy Bluetooth sniffer. You will also notice that on most consumer hardware useability prevales over security, and thus even that PIN code checking for pairing devices is used, it is all done in the clear. Some products don't implement encryption at all, whereas some others have it off by default. Regards, Mike ----- Original Message ----- From: "Ocean Group - MU TSD" To: "TSCM Group" Sent: Saturday, February 22, 2003 5:37 PM Subject: [TSCM-L] Bluetooth Security > Hi, > > We've recently been working with a company who's management use wireless > bluetooth access by using headsets for their mobile phones. We've been > considering weather to add this to our risk evaluations. > > We did feel that with its power output 0.25mW or so the risk of using it in > their offices and on compnay premises was somewhat acceptable. > > However we concluded that outside the office, in specific high risk > scenario's, such as sitting in their car or on a train etc it would allow > someone alot of time to work on compromising the situation. > > Basically I was wondering if anyone has had to deal with this threat and > does anyone know of any papers on bluetooth encryption and the strenght of > its security implmmentations. If I went on previous wireless > implementations, such as the standard wireless lan etc I wouldn't hold alot > of faith and would probably have to advise clients not to use it outside of > premises etc. At least until I had seen some risk evaluations from some tech > labs etc. > > If I remember rightly even the GSM ciphers, AS1/2? were compromised with a > couple of basic PC setups, however GSM isn't on my agenda at the moment but > I will revisit it later. > > Anyway, any thoughts or information links would be appreciated. > > Kind regards > > Oisin > > Ocean Group, > Technical Security Division, > Ireland. > > > > > ======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.yahoogroups.com/community/TSCM-L > > It is by caffeine alone I set my mind in motion. > It is by the juice of Star Bucks that thoughts acquire speed, > the hands acquire shaking, the shaking is a warning. > It is by caffeine alone I set my mind in motion. > =================================================== TSKS > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ > > 6968 From: Michael Puchol Date: Mon Feb 24, 2003 3:40pm Subject: Re: Re: recent incident. Hi Valance, Thanks for the information, and yes, the installed Code Red was a dropper. It hadn't opened any ports (neither netstat nor fport showed anything), although I hadn't enough time to leave it running to check for random activity, so I cannot say for sure - only that when I saw the server, Code Red wasn't doing much. The telltale sign was an explorer.exe of only 8KB in C:\. There was a couple of modified registry entries that launched this .exe, which in turn launched the "real" explorer.exe after having done it's "thing". Also, it had mapped two drives, C and D, so that they could be accessed from a web browser, and also set windows system file security to 'none', all this in registry. Some MSDAC entries had been modified too. I only found one root.exe in /inetpub/scripts, but that was it. McAfee is indeed supported under Windows 2000 Professional, but from what the technical support guy (to call him something) said, it appears that the Server family of Windows 2000 isn't supported, and it may appear that the antivirus is working, when it is not. Best regards, Mike ----- Original Message ----- From: To: Sent: Sunday, February 23, 2003 7:57 PM Subject: [TSCM-L] Re: recent incident. > which strain of Code Red did you identify on this > server? and just curious, given you ID'd it before > McAfee could try, what was the telling symptom that > let you know the server was infected? a root.exe > file or a hacked index.asp? could netstat find a backdoor > on a listening port? > > the reasons i am curious is that the later Code Red strain > is a trojan and anti-virus suites are very limited > in their trojan functions. few people know this and > think trojans are actually virii and that good ole > McAfee will take care of everything. generally, > trojans need to be removed manually by editing > the registry and deleting the individual polymorphically > named files that the registry has generated. and > as far as detecting their presence, AV suites are not > the best choice. you really need to use an anti-trojan > suite like TDS (Trojan Defense Suite), learn the function > of all the TCP and UDP ports and how to monitor the ports' > behavior on the server. the best site around, i think, to > start is: http://tds.diamondcs.com.au/html/danger.htm - you > will be able to download trial versions of their software and > learn about vulnerable ports and over 20,000 strains of trojans. > it's fun. > > but you know, it sounds like your McAfee guy may not > have been the expert about the difference between > virii and trojans and responded with anything they > thought you might believe rather than actual information. > i know McAfee supports Win2000 and it says so on their site: > http://www.mcafee.com/myapps/vs7/default.asp#sysReq > (VirusScan software system req). however, i know when i > used to test trojans for their spy capabilities in the > pre-911 days, we had McAfee installed on W98 and it never > found any of the trojans we tested, even though some of > their names did appear in McAfee's virus definitions list. > we would laugh and pin a red PhD, BS sticker on their > boxes :) > > kk > > > --- In TSCM-L@yahoogroups.com, "Michael Puchol" wrote: > > Hi Matt, > > > > Good advice - I'm going to add my own grain of sand to the > paranoia scale. > > Last night I was at a costumer's offices, where they had > reported "unusual > > activity" in their server and some workstations. Apparently, they > had > > installed McAffee's VirusScan Online, which works by both a real- > time system > > hook detection method, file-access and user-launched scans, > combined with > > automatic updates of the engine and signature files. I've tried it > and works > > reasonably well. > > > > In this case, the server had been infected by Code Red (always > patch thy > > systems!), and for whatever reason VirusScan wasn't picking it up. > I > > contacted McAfee support, and to my surprise, their antivirus does > NOT > > support Windows 2000 Server. This seemed strange since I have > another server > > with it installed and it appeared to do it's job - but no. > Obviously I was a > > tad dissapointed with McAffee to even allow installation of the > antivirus > > without any checking of the operating system version (even the > most basic > > installers can do this), thus giving this costumer a false sense of > > security. > > > > Being in a bit of a hurry to get this costumer up and running > again, I > > installed CA's InoculateIT on the server, which successfully > picked up the > > virus (but couldn't delete it), and ran a normal scan of the > system. Next > > week I'll install Symantec's virus scanner, which has centralised > management > > and some other neat features (and works on servers). > > > > The moral of the story: always check system requirements before > installing > > an antivirus, firewall, IDS or other security software. If in > doubt, ask the > > manufacturer. If then still in doubt, try it on an isolated test > machine > > before deploying it. > > > > Apart from this, I've seen viruses which disable firewall > software, install > > keyloggers, propagate via SMB, etc. This is not uncommon, and it > wouldn't be > > hard to write something which combined some of these 'features'. > > > > Regards, > > > > Mike > > > > > > ----- Original Message ----- > > From: "Matt Paulsen" > > To: > > Sent: Saturday, February 22, 2003 6:33 PM > > Subject: [TSCM-L] recent incident. > > > > > > > Recently had a location that had all the suspicious signs of > corporate > > > espionage - ceo's secretary's workstation was attacking the > server systems > > > and mis's systems, but no one else. Local antivirus only picked > up 1 > > virus > > > and couldn't wipe it. Tools were showing that the workstation > had a > > > keystroke logger in it, as well as it attempting to email to an > aol > > gateway > > > and also attempting smb pipes to propagate - but only to > executive and > > high > > > level network administration systems. > > > > > > Now the first question is, what sort of virus would have a > keystroke > > logger, > > > mail subsystem and propagation system in this manner.. None > really... So, > > a > > > remote scan of the system was done, and it turned out that 4 > virii were > > > detected through this method. > > > > > > Long story short - scan once locally, scan twice remotely and > don't get > > too > > > paranoid. > > > > > ======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.yahoogroups.com/community/TSCM-L > > It is by caffeine alone I set my mind in motion. > It is by the juice of Star Bucks that thoughts acquire speed, > the hands acquire shaking, the shaking is a warning. > It is by caffeine alone I set my mind in motion. > =================================================== TSKS > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ > > 6969 From: Rob Muessel Date: Mon Feb 24, 2003 4:28pm Subject: RE: AIRLINE TALK On a flight I was on from S. Carolina back to NYC, the boarding announcement went like this: "Thank you for flying Business Express. Your crew today is flight attendant Naomi Campbell serving you in the cabin. In the cockpit we have Captain James Kirk and First Officer Spock. We hope you enjoy your flight." No one batted an eye. -- -- Rob Muessel, Director email: rmuessel@t... TSCM Technical Services Phone: 203-354-9040 11 Bayberry Lane Fax: 203-354-9041 Norwalk, CT 06851 www.tscmtech.com USA [Non-text portions of this message have been removed] 6970 From: Matt Paulsen Date: Mon Feb 24, 2003 8:27pm Subject: RE: Re: recent incident. I worked at McAfee on ePolicy Orchestrator a few years ago. I know the developers quite well, 2k is supported... we were working with it before it was released, and were actively joint developing with Microsoft during betas. -----Original Message----- From: Michael Puchol [mailto:mpuchol@s...] Sent: Monday, February 24, 2003 1:40 PM To: TSCM-L@yahoogroups.com Subject: Re: [TSCM-L] Re: recent incident. Hi Valance, Thanks for the information, and yes, the installed Code Red was a dropper. It hadn't opened any ports (neither netstat nor fport showed anything), although I hadn't enough time to leave it running to check for random activity, so I cannot say for sure - only that when I saw the server, Code Red wasn't doing much. The telltale sign was an explorer.exe of only 8KB in C:\. There was a couple of modified registry entries that launched this .exe, which in turn launched the "real" explorer.exe after having done it's "thing". Also, it had mapped two drives, C and D, so that they could be accessed from a web browser, and also set windows system file security to 'none', all this in registry. Some MSDAC entries had been modified too. I only found one root.exe in /inetpub/scripts, but that was it. McAfee is indeed supported under Windows 2000 Professional, but from what the technical support guy (to call him something) said, it appears that the Server family of Windows 2000 isn't supported, and it may appear that the antivirus is working, when it is not. Best regards, Mike ----- Original Message ----- From: To: Sent: Sunday, February 23, 2003 7:57 PM Subject: [TSCM-L] Re: recent incident. > which strain of Code Red did you identify on this > server? and just curious, given you ID'd it before > McAfee could try, what was the telling symptom that > let you know the server was infected? a root.exe > file or a hacked index.asp? could netstat find a backdoor > on a listening port? > > the reasons i am curious is that the later Code Red strain > is a trojan and anti-virus suites are very limited > in their trojan functions. few people know this and > think trojans are actually virii and that good ole > McAfee will take care of everything. generally, > trojans need to be removed manually by editing > the registry and deleting the individual polymorphically > named files that the registry has generated. and > as far as detecting their presence, AV suites are not > the best choice. you really need to use an anti-trojan > suite like TDS (Trojan Defense Suite), learn the function > of all the TCP and UDP ports and how to monitor the ports' > behavior on the server. the best site around, i think, to > start is: http://tds.diamondcs.com.au/html/danger.htm - you > will be able to download trial versions of their software and > learn about vulnerable ports and over 20,000 strains of trojans. > it's fun. > > but you know, it sounds like your McAfee guy may not > have been the expert about the difference between > virii and trojans and responded with anything they > thought you might believe rather than actual information. > i know McAfee supports Win2000 and it says so on their site: > http://www.mcafee.com/myapps/vs7/default.asp#sysReq > (VirusScan software system req). however, i know when i > used to test trojans for their spy capabilities in the > pre-911 days, we had McAfee installed on W98 and it never > found any of the trojans we tested, even though some of > their names did appear in McAfee's virus definitions list. > we would laugh and pin a red PhD, BS sticker on their > boxes :) > > kk > > > --- In TSCM-L@yahoogroups.com, "Michael Puchol" wrote: > > Hi Matt, > > > > Good advice - I'm going to add my own grain of sand to the > paranoia scale. > > Last night I was at a costumer's offices, where they had > reported "unusual > > activity" in their server and some workstations. Apparently, they > had > > installed McAffee's VirusScan Online, which works by both a real- > time system > > hook detection method, file-access and user-launched scans, > combined with > > automatic updates of the engine and signature files. I've tried it > and works > > reasonably well. > > > > In this case, the server had been infected by Code Red (always > patch thy > > systems!), and for whatever reason VirusScan wasn't picking it up. > I > > contacted McAfee support, and to my surprise, their antivirus does > NOT > > support Windows 2000 Server. This seemed strange since I have > another server > > with it installed and it appeared to do it's job - but no. > Obviously I was a > > tad dissapointed with McAffee to even allow installation of the > antivirus > > without any checking of the operating system version (even the > most basic > > installers can do this), thus giving this costumer a false sense of > > security. > > > > Being in a bit of a hurry to get this costumer up and running > again, I > > installed CA's InoculateIT on the server, which successfully > picked up the > > virus (but couldn't delete it), and ran a normal scan of the > system. Next > > week I'll install Symantec's virus scanner, which has centralised > management > > and some other neat features (and works on servers). > > > > The moral of the story: always check system requirements before > installing > > an antivirus, firewall, IDS or other security software. If in > doubt, ask the > > manufacturer. If then still in doubt, try it on an isolated test > machine > > before deploying it. > > > > Apart from this, I've seen viruses which disable firewall > software, install > > keyloggers, propagate via SMB, etc. This is not uncommon, and it > wouldn't be > > hard to write something which combined some of these 'features'. > > > > Regards, > > > > Mike > > > > > > ----- Original Message ----- > > From: "Matt Paulsen" > > To: > > Sent: Saturday, February 22, 2003 6:33 PM > > Subject: [TSCM-L] recent incident. > > > > > > > Recently had a location that had all the suspicious signs of > corporate > > > espionage - ceo's secretary's workstation was attacking the > server systems > > > and mis's systems, but no one else. Local antivirus only picked > up 1 > > virus > > > and couldn't wipe it. Tools were showing that the workstation > had a > > > keystroke logger in it, as well as it attempting to email to an > aol > > gateway > > > and also attempting smb pipes to propagate - but only to > executive and > > high > > > level network administration systems. > > > > > > Now the first question is, what sort of virus would have a > keystroke > > logger, > > > mail subsystem and propagation system in this manner.. None > really... So, > > a > > > remote scan of the system was done, and it turned out that 4 > virii were > > > detected through this method. > > > > > > Long story short - scan once locally, scan twice remotely and > don't get > > too > > > paranoid. > > > > > ======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.yahoogroups.com/community/TSCM-L > > It is by caffeine alone I set my mind in motion. > It is by the juice of Star Bucks that thoughts acquire speed, > the hands acquire shaking, the shaking is a warning. > It is by caffeine alone I set my mind in motion. > =================================================== TSKS > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ > > ======================================================== TSCM-L Technical Security Mailing List "In a multitude of counselors there is strength" To subscribe to the TSCM-L mailing list visit: http://www.yahoogroups.com/community/TSCM-L It is by caffeine alone I set my mind in motion. It is by the juice of Star Bucks that thoughts acquire speed, the hands acquire shaking, the shaking is a warning. It is by caffeine alone I set my mind in motion. =================================================== TSKS Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 6971 From: Matt Paulsen Date: Mon Feb 24, 2003 9:21pm Subject: RE: Re: recent incident. / off topic Quick note. I'd forgotten that I had started an epo-l group on yahoo for epolicy orchestrator and other virii discussions... No one has really joined it but it's there for those that want to partake in that sort of discussion. Subscribe: epo-l-subscribe@yahoogroups.com 6972 From: Fernando Martins Date: Tue Feb 25, 2003 6:46am Subject: Re: GPS/GSM tracking talking about GSM and news ... http://www.intel.com/update/contents/wi03031.htm btw, the link about dr post is http://www.circuitcellar.com/library/print/0203/ChaoMing151/index.htm FM ----- Original Message ----- From: "Dragos Ruiu" To: Sent: Friday, February 21, 2003 10:53 AM Subject: [TSCM-L] GPS/GSM tracking > Pertinent to an old thread on here, I thought > some people here might be interested to know > that this month's Circuit Cellar magazine has > schematics and construction details for a small > self contianed unit that sends GPS positional > info with 1-25m resolution every two seconds > via GSM SMS messages. cheers, --dr > -- > dr@k... pgp: http://dragos.com/ kyxpgp > http://cansecwest.com > > > > > ======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.yahoogroups.com/community/TSCM-L > > It is by caffeine alone I set my mind in motion. > It is by the juice of Star Bucks that thoughts acquire speed, > the hands acquire shaking, the shaking is a warning. > It is by caffeine alone I set my mind in motion. > =================================================== TSKS > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ > > > 6973 From: Joshua Krage Date: Tue Feb 25, 2003 9:42pm Subject: Re: Bluetooth Security On Sat, Feb 22, 2003 at 04:37:48PM +0000, Ocean Group - MU TSD wrote: > We've recently been working with a company who's management use wireless > bluetooth access by using headsets for their mobile phones. We've been > considering weather to add this to our risk evaluations. Lots of potential risks. I'm still working through it, but NIST's draft on wireless network security has lots of useful information. From the TOC, it has a description of bluetooth, its weaknesses (including crypto), and includes a list of threats and a security checklist. Look for special pub 800-48, "Wireless Network Security: 802.11, Bluetooth, and Handheld Devices". > We did feel that with its power output 0.25mW or so the risk of using it in > their offices and on compnay premises was somewhat acceptable. Not likely to be in a phone, but apparently the Bluetooth spec, class 3 devices, can range up to 100m. I hadn't seen that before. :/ 6974 From: kondrak Date: Thu Feb 27, 2003 2:04am Subject: RED ALERT! heads up Quick security alert SRI if this is OT, BUT, its a security related subject. >Since most of us deal with UPS this info may be helpful. > > > > > >------------------------------------------------------------------- >FYI ... > >Quick security alert: $32,000 worth of UPS uniforms have been purchased >over the last 30 days by person(s) unknown on eBay. Law enforcement is >working the case however no suspect(s) have been identified. Subjects may >try to gain facility access by wearing these uniforms. >If anyone has suspicions about a UPS delivery (i.e., no truck but driver, >no UPS identification, etc.), contact UPS to verify employment. > > >URGENT >N.J. OFFICE OF COUNTER-TERRORISM ADVISORY >Re: POSSIBLE IMPERSONATION OF UPS PERSONNEL SEEKING ACCESS TO >BUILDINGS >The New Jersey Office of Counter-Terrorism has received a report of an >attempt by an unknown individual to enter a government facility by >falsely posing as an employee of the United Parcel Service. Based on >this incident, security personnel should exercise heightened vigilance >when screening all delivery personnel at the entrances to all buildings and >when accepting deliveries. Such measures should include careful inspection >of credentials and identification of all delivery personnel to ensure that >they are who they purport to be. 6975 From: Kevin Murray Date: Thu Feb 27, 2003 8:59am Subject: Re: RED ALERT! heads up Quick security alert Anonymous and unverified "RED ALERT" postings are definitely not helpful. Before you do a Chicken Little dance on our list please... - Verify your alert to make sure it is not a hoax or malicious disinformation. - State the source of your information with URL link, if possible. - Fully identify yourself. Thank you, Kevin Kevin D. Murray - CPP, CFE, BCFE Murray Associates Eavesdropping Detection and Counterespionage Consultants to Business & Government http://www.spybusters.com On Thursday, February 27, 2003, at 03:04 AM, kondrak wrote: > SRI if this is OT, BUT, its a security related subject. >> Since most of us deal with UPS this info may be helpful. >> ------------------------------------------------------------------- >> FYI ... >> >> Quick security alert: $32,000 worth of UPS uniforms have been >> purchased >> over the last 30 days by person(s) unknown on eBay. Law enforcement is >> working the case however no suspect(s) have been identified. Subjects >> may >> try to gain facility access by wearing these uniforms. >> If anyone has suspicions about a UPS delivery (i.e., no truck but >> driver, >> no UPS identification, etc.), contact UPS to verify employment. >> >> URGENT >> N.J. OFFICE OF COUNTER-TERRORISM ADVISORY >> Re: POSSIBLE IMPERSONATION OF UPS PERSONNEL SEEKING ACCESS TO >> BUILDINGS >> The New Jersey Office of Counter-Terrorism has received a report of an >> attempt by an unknown individual to enter a government facility by >> falsely posing as an employee of the United Parcel Service. Based on >> this incident, security personnel should exercise heightened vigilance >> when screening all delivery personnel at the entrances to all >> buildings and >> when accepting deliveries. Such measures should include careful >> inspection >> of credentials and identification of all delivery personnel to ensure >> that >> they are who they purport to be. 6976 From: Hawkspirit Date: Thu Feb 27, 2003 10:16am Subject: New historical TSCM article I am proud to announce the addition to the historical section of my web site, the full text and pictures of the May 20, 1966 Life Magazine article "The Big Snoop". This is certainly one of the great old TSCM articles written during the time of first awareness of bugging as a real force in America. Included in the article is a section covering one of the first famous original sweepers Bernard Bates Spindel . The URL for this article is: http://www.bugsweeps.com/info/life_article.html Other historical articles can be found at : http://www.bugsweeps.com/info/index.html Roger Tolces Electronic Security Co. Los Angeles www.bugsweeps.com 6977 From: Date: Thu Feb 27, 2003 0:10pm Subject: e-bay and UPS Uniforms While the potential still exists for misuse of uniforms, I believe that the recently mentioned problem has been resolved. I have been advised via another closed list that a law firm retained by UPS has been purchasing the uniforms to prevent them from falling into the wrong hands. Carl Larsen Larsen and Associates Surprise, AZ [Non-text portions of this message have been removed] 6978 From: Fernando Martins Date: Fri Feb 28, 2003 0:03am Subject: Re: CCTV line monitoring For that kind of tasks, what monitors are in use around here? http://www.cbcamerica.com/cctvprod/ganz/monitors/mon_pdf/psm02.pdf FM ----- Original Message ----- From: "Kirk Adirim" To: ; Sent: Wednesday, February 19, 2003 8:04 AM Subject: RE: [TSCM-L] CCTV line monitoring > Hi George, > You make a TINY slit or nick in the coax with a razor knife, then seperate > the braided shielding and foil (if any), expose the dielectric material. > Using a homemade needle probe jig, you penetrate the dielectric and make > contact with the center conductor while avoiding any shorts to the shield. > Another needle is woven slightly into the exposed braided shield to give you > your ground. Both needle probes are terminated onto a piece of RG174/U or > similar coax and run to your hand held video monitor or other test > equipment. > In lieu of slitting the coax, you could obtain one of the circular punches > from a leather belt hole punch. By chucking it into a handle you can cut > out a circular plug of insulation from the side of the coax. Using liquid > tape or neoprene glue, you can reseal your intrusion from moisture. > > Hope this helps, > > Kirk > www.tactronix.com > > > > > -----Original Message----- > From: George Shaw [mailto:george.shaw@u...] > Sent: Sunday, February 16, 2003 7:39 AM > To: tscm-l@yahoogroups.com > Subject: [TSCM-L] CCTV line monitoring > > > OK not directly a case of tracking a monitored line but more a quest to > understand how it could be accomplished. > > Situation: I have a client that has around 55 RG59 coax cables in a > bundle running through the building. None are marked as to which camera > they are coming from or which terminal on the multiplex they are > connected to. The multiplex has 32 + 16 inputs (48) and a selector for > 48 cameras. > > If I can not access the coax ends (at the multiplex) how can I test for > > 1. The presence of a video feed in the coax without breaking the coax > and testing for signal? Say from a point within the building but NOT at > either end, the test has to be as un-intrusive as possible; (no cutting > the coax and rejoining) like a clamp meter for current would do. > > 2. The detection of a live cable i.e. one that is being used as opposed > to a dead coax. Like above no/little intrusion of the coax possible. > > > > -- > George Shaw MI3GTO > > " Any Sufficiently Advanced Technology > is Indistinguishable from Magic" > ---Arthur C. Clarke > > Mobile: +44 (0) 7740 361 163 > Email: george.shaw@u... > > > > > > > ======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.yahoogroups.com/community/TSCM-L > > It is by caffeine alone I set my mind in motion. > It is by the juice of Star Bucks that thoughts acquire speed, > the hands acquire shaking, the shaking is a warning. > It is by caffeine alone I set my mind in motion. > =================================================== TSKS > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ > > > > > > > > ======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.yahoogroups.com/community/TSCM-L > > It is by caffeine alone I set my mind in motion. > It is by the juice of Star Bucks that thoughts acquire speed, > the hands acquire shaking, the shaking is a warning. > It is by caffeine alone I set my mind in motion. > =================================================== TSKS > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ > > > 6979 From: Does it matter Date: Wed Feb 26, 2003 4:00pm Subject: Re: Bluetooth Security Bluetooth goes on the back burner as a security issue for now SSL was just cracked a few weeks ago lol. --- In TSCM-L@yahoogroups.com, Joshua Krage wrote: > On Sat, Feb 22, 2003 at 04:37:48PM +0000, Ocean Group - MU TSD wrote: > > We've recently been working with a company who's management use wireless > > bluetooth access by using headsets for their mobile phones. We've been > > considering weather to add this to our risk evaluations. > > Lots of potential risks. I'm still working through it, but NIST's draft on > wireless network security has lots of useful information. From the TOC, > it has a description of bluetooth, its weaknesses (including crypto), and > includes a list of threats and a security checklist. > > > > Look for special pub 800-48, "Wireless Network Security: 802.11, Bluetooth, > and Handheld Devices". > > > > We did feel that with its power output 0.25mW or so the risk of using it in > > their offices and on compnay premises was somewhat acceptable. > > Not likely to be in a phone, but apparently the Bluetooth spec, class 3 > devices, can range up to 100m. I hadn't seen that before. :/ 6980 From: Ocean Group - MU TSD Date: Thu Feb 27, 2003 11:06am Subject: Hmmm... International Security Company eh? Message: 19 Date: Wed, 26 Feb 2003 18:45:45 -0800 (PST) From: G-2 Subject: British bodyguard of killing two Afghans in hotel A British bodyguard was under arrest in Kabul yesterday accused of killing two Afghans in his room in the Intercontinental Hotel. Colin Barry, who works for an unidentified international security firm, was taken into custody after police found two bodies in his room. Mr Barry was wounded and was taken to hospital. Mohammed Khalil Aminzada, Kabul's deputy police chief, said he found one Afghan lying on the floor of Mr Barry's room with his hands tied behind his back while another was slumped across the sofa. Mr Barry told police he was the bodyguard of an American businessman who was married to an Afghan woman but he refused to disclose their identities. Catherine Brooker, a British embassy spokesman, confirmed the shooting and said Mr Barry was wounded. Officers of the 4,800-strong International Security Assistance Force said their troops were not involved in the incident. "We certainly know the incident happened but don't know what kind of business Barry was involved in," said a western official. Mr Aminzada hinted that the case could be linked to gun-running. "It is a very complicated incident and could be linked with arms smuggling and sales of arms," he said. The hotel, high on a hill overlooking Kabul, houses mostly foreign guests and is a centre for visiting businessmen, journalists and aid workers. Its restaurant is a popular meeting place. There has been an explosion in fly-by-night businessmen arriving in the Afghan capital to make quick profits since the Taliban were driven out 15 months ago. Many are young and inexperienced and look for gullible Afghan partners who may have good contacts with government ministers. Thousands of Afghans have also arrived from America, Britain and Germany with their pockets full of dollars, trying to restart their family businesses or begin new ones. Some are involved in the drugs and weapons trades. Foreigners in Kabul have been warned to take extra precautions because of fears that the remnants of al-Qa'eda and the Taliban, who are regrouping in the country's eastern provinces along the border with Pakistan, may try to stage a dramatic shooting or kidnapping of foreigners in Kabul. United Nations officials and foreign diplomats are on a high state of alert. This month a tape recording allegedly made by Osama bin Laden called for suicide bombings in Iraq and http://www.dailytelegraph.co.uk/news/main.jhtml?xml=/news/2003/02/27/wafg27. xml&sSheet=/news/2003/02/27/ixworld.html 6981 From: Date: Thu Feb 27, 2003 2:59pm Subject: Re: RED ALERT! heads up Quick security alert Sherry Black at the New Jersey Office of Counter-Terrorism did confirm this one: URGENT N.J. OFFICE OF COUNTER-TERRORISM ADVISORY Re: POSSIBLE IMPERSONATION OF UPS PERSONNEL SEEKING ACCESS TO BUILDINGS The New Jersey Office of Counter-Terrorism has received a report of an attempt by an unknown individual to enter a government facility by falsely posing as an employee of the United Parcel Service. Based on this incident, security personnel should exercise heightened vigilance when screening all delivery personnel at the entrances to all buildings and when accepting deliveries. Such measures should include careful inspection of credentials and identification of all delivery personnel to ensure that they are who they purport to be. Since you shouldn't believe me, here is where I found their phone number so you can call them if you'd like: http://www.gnyha.org/eprc/general/contact_info/EmergencyContactNumbers.html As of right now I have been unable to confirm the sale of UPS uniforms on eBay. Sherry Black did state that part of the message did NOT originate from the New Jersey Office of Counter-Terrorism. (Embedded image moved to file: pic12423.pcx) ********************************** N O T E ***************************************** All e-mail sent to and from this address will be received or otherwise recorded by the First Banks corporate e-mail system and is subject to archival, monitoring or review by, and/or disclosure to, someone other than the recipient. *********************************************************************************************** [Non-text portions of this message have been removed] 6982 From: MIKE F. Date: Thu Feb 27, 2003 5:11pm Subject: Fwd: Showcasing the rugged defense electronics marketplace! LATER4,Mike F. ------------------------------------------------------------------------ MILITARY & AEROSPACE ELECTRONICS EAST 2003 SHOW WITH COTSCON April 23-24, 2003 Baltimore Convention Center Baltimore, MD http://www.maeshow.com Co-located With: Homeland Security Solutions Conference & Exhibition (http://www.homelandsecuritysolutionsshow.com) $AVE WITH JOINT CONFERENCE & EXHIBITION DISCOUNTS! ======================================== For defense and aerospace systems designers, COTS is now a way of life. The MILITARY & AEROSPACE ELECTRONICS SHOW is moving aggressively to keep pace with fast-moving military and aerospace industries. Do you know the direction that technology for weapons detection and inspection is headed? Would you like to learn how Nano Smart Coating(tm) material could help detect and heal cracks and corrosion in combat vehicles? Or, maybe you would like to join in on an interactive panel discussion on how the experts are coping with aging electronics? Hear these speakers and more at this year's MILITARY & AEROSPACE ELECTRONICS EAST 2003 CONFERENCE. The unique perspective of M&AE magazine translates directly to the conference format. It emphasizes the "why to," rather than the "how to," of military and aerospace electronics design. M&AE is aware of the new paradigms in warfare created since September 11, 2001, and reports on them monthly in print. Electronics is playing an increasing role in military and aerospace systems. This year's ALL-NEW technical sessions will focus on rugged defense electronics and COTS technology, industry and design issues and include: - Weapons Detection and Inspection - Killing Bugs on Mars: NASA JPL Case Study Steve Blackman, Director of Marketing and Business Development, Wind River Systems - Mitigating the Risks of COTS in Military Applications Al Steel, Marketing Account Manager/Defense Programs Analyst, Texas Instruments - Rad-Hardened Electronics Marketplace Dan King, Project Manager, MRC Johari Space Market Analysis, MRC Microelectronics - COTS at All Levels David B. Oeffinger, Fellow Engineer, Northrop Grumman Corporation - Visual Area Networking - Nano Smart Coating(tm) Material for Combat Vehicles Laura Battista, Environmental Engineer, U.S. Army TACOM-ARDEC - Migrating Avionics Systems From MIL-STD-1553 to Higher Speeds Mike Glass, Technical Marketing Manager, Data Device Corporation - Choosing Media for Rugged COTS Data Storage Ofer Tsur, Marketing Manager, M-Systems - PANEL DISCUSSION: Coping with Aging Electronics Moderator: John Keller, Editor-in-Chief, Military & Aerospace Electronics Magazine Panelists: Lt. General Eugene Tattini, US Air Force, Retired, Deputy Director of the Jet Propulsion Laboratory; Philip Hamilton, Vice President of Marketing, VISTA Controls - A Curtiss-Wright Company; and Daniel Smith, Vice President of Integrated Defense Systems, Raytheon Company - Panel Discussion - Real-Time Software Moderator: John Keller, Editor-in-Chief, Military & Aerospace Electronics Magazine Panelists: Mark Griglock, Engineering Manager, Safety-Critical Systems, Green Hills Software; Steve Blackman, Director of Marketing and Business Development, Wind River Systems; and Victor Yodaiken, CEO, FSM Labs - Blackhawk Helicopter, Maneuver Commander's Environment Chris Marzilli, Vice President and General Manager, Commercial Hardware Systems, General Dynamics C4 Systems, Inc. *Speakers/Topics subject to change. For updated speakers and conference descriptions, visit http://www.maeshow.com ------------------------------------------------------------------------------------------- ALL UNDER ONE ROOF! Explore the solutions from recognized leaders in the rugged defense electronics arena as they demonstrate their newest products and services. With over 75 exhibitors, you can count on the Military & Aerospace Electronics Exhibition to deliver the latest news, technology and breakthroughs in the industry. Research products and services including: - Integrated Circuits - Board Products - Computers, Rugged and Commercial - Computer Peripherals - Display/Software - Design & Development Tools - Communications Equipment - Test & Measurement Equipment - Components - Sensors - Power Electronics - Plus much more! ------------------------------------------------------------------------- TWO IMPORTANT EVENTS UNDER ONE ROOF: This year's event is co-located with the HOMELAND SECURITY SOLUTIONS CONFERENCE & EXHIBITION. The Homeland Security Solutions Conference & Exhibition is for systems applications buyers and manufacturers who are intimately connected with efforts to bolster homeland security to prevent and respond to attacks form foreign and domestic terrorists. View the entire program online at http://www.homelandsecuritysolutionsshow.com ------------------------------------------------------------------------- EXHIBITING & SPONSORSHIP OPPORTUNITIES AVAILABLE! Contact Maureen Kane today at (603) 891-9423 or mailto:maureenk@p... to reserve your spot! ------------------------------------------------------------------------ DON'T FORGET TO BOOK YOUR HOTEL ROOM: Sheraton Inner Harbor Hotel 300 South Charles Street Baltimore, MD 21201 Main #/Reservations: (410) 962-8300 Fax: (410) 962-8211 ROOM RATE: $149 plus tax, single/double RATES EXPIRE ON FRIDAY, APRIL 4, 2003 Reservations should be made directly with the hotel. Mention "THE MILITARY & AEROSPACE ELECTRONICS EAST 2003 SHOW" to receive the special show rate at the hotel. ========================================= HERE'S HOW TO REGISTER! Click here to view the entire program online: http://www.maeshow.com Register by March 24, 2003 and save $50 off the regular price! BEST BUY! MILITARY & AEROSPACE ELECTRONICS SHOW AND $925 HOMELAND SECURITY SOLUTIONS CONFERENCE & EXHIBITION Includes admission to all Military & Aerospace Electronics (M&AE) AND Homeland Security Solutions (HSS) sessions; admission to the joint Military & Aerospace Electronics and Homeland Security Solutions exhibition; the Military & Aerospace Electronics AND Homeland Security Solutions proceedings; the networking reception; and lunch on both days. NOTE: The two conferences are running concurrently. Your joint admission will allow you to choose any session from both conferences. MILITARY & AEROSPACE ELECTRONICS SHOW $625 Includes admission to all M&AE Show sessions; admission to the joint HSS and M&AE exhibition; the M&AE proceedings; the networking reception; and lunch on both days. HOMELAND SECURITY SOLUTIONS CONFERENCE & EXHIBITION $625 Includes admission to all HSS sessions; admission to the joint M&AE and HSS exhibition; the HSS proceedings; the networking reception; and lunch on both days. EXHIBITION ONLY $25 Includes admission to the joint M&AE and HSS exhibition on both days and networking reception. CONFERENCE PROCEEDINGS $195 A copy of the M&AE proceedings OR a copy of the HSS proceedings. *Prices good on new registrations only and cannot be combined with any other offer. Simply call, fax, e-mail mailto:atdregistration@p..., go online to http://www.maeshow.com Please remember to include your name, title, company, address, phone, fax, e-mail, which package you are interested in and payment information. Also, please refer to your special discount code: CCE03EM6. Sincerely, Lisa Gowern Registration Coordinator Military & Aerospace Electronics East 2003 Show with COTScon P: 603-891-9267 F: 603-891-9490 E: mailto:atdregistration@p... W: http://www.maeshow.com ------------------------------------------------------------------------ Sponsored by: Military & Aerospace Electronics Magazine (http://www.milaero.com) Produced by: PennWell Co-located with: Homeland Security Solutions Conference & Exhibition (http://www.homelandsecuritysolutionsshow.com) TO UNSUBSCRIBE FROM THIS NOTIFICATION PLEASE CLICK HERE http://mae.omessage.com/uzAAB5cQAAAmYB ===8<===========End of original message text=========== -- Best regards, MIKE mailto:mleogran@t... 6983 From: Mitch D Date: Fri Feb 28, 2003 8:48am Subject: Re: CCTV line monitoring Nice,wonder how much it is......... Just recently picked up a small NTSC B&W monitor from supercircuits, www.supercircuits.com/STORE/prodinfo.aspnumber=MON1&variation=&aitem=49&mitem=232 MON1 Price: $119.95 B/W 3/4 Inch Test Monitor The new pocket-sized MON-1 is perfect for installation applications. The MON-1 makes setup easy. The MON-1 comes with a standard RCA female built-in connector. All that is required for operation is to plug the camera into the MON-1 and then press the activation switch above the viewfinder. Adjustable eyepiece ensures clarity. Measuring 4.4” X 1.7” X 1.3” and weighing a mere 3.5 ounces the handy MON-1 will eliminate bulky test monitors. Powering the MON-1 is three AAA batteries providing over 24 hours of continuous viewing time. Built-in shut-off switch helps prevent dead batteries. Sharp black and white picture. Comes with monitor, easy connection instructions, 30 day money back guarantee and 1 year manufacturer’s "I was using a 4"LCD but it didnt last long(less than 2 years) and the picture was terrible.It was 250 bucks new.I figured I'd go with the small one as its cheap to replace in the event of a problem,,,, If you've got a budget to destroy,or someone elses $$ to spend theres a handheld waveform analyzer thats pretty nice, WFM 90 by Tektronics,pricey but nice.... Hope this helps...." MD __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ 6984 From: Date: Sat Mar 1, 2003 11:27am Subject: Wiretap expert tells the dirt on buggers SavannahNOW | Local News - Wiretap expert tells the dirt on buggers 03/01/03 Wiretap expert tells the dirt on buggers By Tuck Thompson 912.652.0323tuckt@s... Technology has made it easier for people to bug your house and tap your phone. But it also has made it easier to catch them. If the phone company and law enforcement won't help, private companies will fill the void Granite Island Group in Gloucester, Mass., is one of about a dozen "technical surveillance counter measure" firms with high-priced electronic equipment capable of locating wiretaps and bugs. Manager James M. Atkinson said many perpetrators are people obsessed with controlling minutia, from crooked businessmen to public officials who want dirt. Atkinson recently helped a district attorney gather wiretapping evidence on a money-laundering sheriff who was testing the loyalty of his deputies by having them wiretap their staff. "Law enforcement is all about power and control," he said. "Per capita there is more illegal eavesdropping going on by cops than the normal population." Yet from his years of experience, Atkinson said it's "virtually unheard of" for prosecutors to arrest policemen breaking wiretapping laws simply because "it makes the whole criminal justice system look bad." "Cops don't like to bust other cops," he said. Police also catch criminals all the time and know the legal pitfalls to avoid. If you're a victim of a phone wiretapping, your phone company could be blaming you at the same time it covers for staff it knows are listening to your calls or hooking up others. "It goes on quite a bit," Atkinson said of phone workers doing connections for money or favors. Companies discipline workers for major offenses, but usually deny the problem exists to avoid lawsuits. Atkinson carefully screens potential clients because people often claim to be wiretapped because they are paranoid or want attention. But until he shows up with a truck full of surveillance equipment and traces signals to the nearest inch, there's no way to know who is telling the truth. Many "odd" people have proven correct in their suspicions. Many "normal" people have been caught telling lies. There are many links on the local news sidebar regarding this subject. Read more about the industry at A TARGET="_top" HREF="http://www.tscm.com. [Non-text portions of this message have been removed] 6985 From: kondrak Date: Sat Mar 1, 2003 6:11pm Subject: Re: Wiretap expert tells the dirt on buggers Nice article, congrats James! At 17:27 3/1/03 -0500, you wrote: > HREF="http://www.savannahnow.com/stories/030103/LOCbugexpert.shtml">SavannahNOW > | Local News - Wiretap expert tells the dirt on buggers 03/01/03 > > >Wiretap expert tells the dirt on buggers > >By Tuck Thompson >912.652.0323tuckt@s... > >Technology has made it easier for people to bug your house and tap your >phone. But it also has made it easier to catch them. > >If the phone company and law enforcement won't help, private companies will >fill the void > >Granite Island Group in Gloucester, Mass., is one of about a dozen "technical >surveillance counter measure" firms with high-priced electronic equipment >capable of locating wiretaps and bugs. > >Manager James M. Atkinson said many perpetrators are people obsessed with >controlling minutia, from crooked businessmen to public officials who want >dirt. > >Atkinson recently helped a district attorney gather wiretapping evidence on a >money-laundering sheriff who was testing the loyalty of his deputies by >having them wiretap their staff. > >"Law enforcement is all about power and control," he said. "Per capita there >is more illegal eavesdropping going on by cops than the normal population." > >Yet from his years of experience, Atkinson said it's "virtually unheard of" >for prosecutors to arrest policemen breaking wiretapping laws simply because >"it makes the whole criminal justice system look bad." > >"Cops don't like to bust other cops," he said. > >Police also catch criminals all the time and know the legal pitfalls to >avoid. > >If you're a victim of a phone wiretapping, your phone company could be >blaming you at the same time it covers for staff it knows are listening to >your calls or hooking up others. > >"It goes on quite a bit," Atkinson said of phone workers doing connections >for money or favors. Companies discipline workers for major offenses, but >usually deny the problem exists to avoid lawsuits. > >Atkinson carefully screens potential clients because people often claim to be >wiretapped because they are paranoid or want attention. But until he shows up >with a truck full of surveillance equipment and traces signals to the nearest >inch, there's no way to know who is telling the truth. > >Many "odd" people have proven correct in their suspicions. Many "normal" >people have been caught telling lies. > >There are many links on the local news sidebar regarding this subject. > >Read more about the industry at A TARGET="_top" HREF="http://www.tscm.com. > > > > >[Non-text portions of this message have been removed] >======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.yahoogroups.com/community/TSCM-L > > It is by caffeine alone I set my mind in motion. > It is by the juice of Star Bucks that thoughts acquire speed, > the hands acquire shaking, the shaking is a warning. > It is by caffeine alone I set my mind in motion. >=================================================== TSKS > >Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 6986 From: kondrak Date: Sun Mar 2, 2003 4:57am Subject: US to bug security council Check THIS out.... http://www.observer.co.uk/iraq/story/0,12239,905954,00.html 6987 From: James M. Atkinson Date: Sat Mar 1, 2003 8:59pm Subject: How The Soviets Are Bugging America How The Soviets Are Bugging America By Sen. Daniel Patrick Moynihan From Popular Mechanics, April 1987 Soviet agents may be listening to your personal telephone conversations. If you're involved in the government, in the defense industry or in sensitive scientific activity, there is a good chance they are. In fact, a recent unclassified Senate Intelligence Committee report on counterintelligence indicates more than half of all telephone calls in the United States made over any distance are vulnerable to interception. Every American has a right to know this. You should also know that the Reagan administration has recognized this threat for a long time now, but so far, the bureaucratic response has been piecemeal, and at times reluctant. Consider this as background: In 1975, when I was named permanent U.S. representative to the United Nations, Vice President Nelson Rockefeller summoned me to his office in the Old Executive Office Building. There was something urgent he had to tell me. The first thing I must know about the United Nations, he said, is that the Soviets would be listening to every call I made from our mission and from the ambassador's suite in the Waldorf Towers. I thought this a very deep secret, and treated it as such. Only later did I learn that Rockefeller had publicly reported this intelligence breach to the president in June 1975. The Rockefeller "Report to the President on CIA Activities Within the United States" notes: "We believe these countries (communist bloc) can monitor and record thousands of private telephone conversations. Americans have the right to be uneasy if not seriously disturbed at the real possibility that their personal and business activities, which they discuss freely over the telephone, could be recorded and analyzed by agents of foreign powers." The Soviets conduct this eavesdropping from their "diplomatic" facilities in New York City; Glen Cove, Long Island; San Francisco; and Washington. By some estimates, they have been doing so since 1958. President Reagan knows this well. He sat on the Rockefeller Commission and signed its final report concluding that such covert activities existed. If we had any doubts about this eavesdropping effort, Arkady Schevchenko dispelled them when he came over in 1975 and subsequently defected in 1978. As you will recall, Schevchenko was, at the time, the second-ranking Soviet at the United Nations and an up-and-comer in the Soviet hierarchy. He describes the listening operation in New York City in his book "Breaking With Moscow": "The rooftops at Glen Cove, the apartment building in Riverdale, and the Mission are bristled with antennas for listening to American conversations." But we have to worry about more than just parabolic dish antennas tucked behind the curtains in the Soviet "apartment" building in Riverdale, New York. There are also those Russian trawlers that travel up and down our coast. They are fishing, but fishing for what? Communications. And now the Soviets have taken their eavesdropping a step further and have built two new classes of AGI, or Auxiliary Gathering Intelligence, vessels. From the hull up, these new vessels are floating antennas, I suppose. Most dangerous of all, perhaps, is the Soviet listening complex in Lourdes, Cuba, just outside of Havana. This facility is the largest such Soviet listening facility outside its national territory. According to the president, it "has grown by more than 60 percent in size and capability during the past decade." Lourdes allows instant communications with Moscow, and is manned by 2100 Soviet technicians. 2100! By comparison, our Department of State numbers some 4400 Foreign Service Officers - total. Again, to cite the recent Senate Intelligence Committee report: "The massive Soviet surveillance efforts from Cuba and elsewhere demonstrate ... that the Soviet intelligence payoff from the interception of unsecured communications is immense." Intelligence specialists are not prone to exaggeration, they do not last long that way. You can be assured that "massive" and "immense" are not subtle words as used in this context. There are, however, two things you should know. First, our most secret government messages are now protected from interception or are scrambled, and all classified message and data communications are secure. In addition, protected communications zones are being established in Washington, San Francisco and New York by rerouting most government circuits and by encrypting microwave links which continue to be vulnerable to intercept. But there are still communications links which carry unclassified, but sensitive, information that we need to protect. Second, it is a truism in the intelligence field that while bits of information may be unclassified, in aggregate they can present a classified whole. The Senate Intelligence Committee informs us, "Due to inherent human weakness, government and contractor officials, at all levels, inevitable fail to follow strict security rules ... Security briefings and penalties were simply not adequate to prevent discussion of classified information on open lines." If the Soviets CAN piece it together, you must assume they WILL given the resources they invest toward this effort. But the intelligence community needs no reminder that we are up against a determined and crafty opponent. In 1983, for example, a delegation of Soviet scientists were invited to tour a Grumman plant on Long Island. No cameras. No notes. All secure, right? Wrong. The delegation had attached adhesive tape to the soles of their shoes to gather metal fragments from the plant floor for further study at home. The Soviets are pretty good at metallurgy - probably the best in the world - and we don't need to help them any further. But concern is not always translated into budgetary action, at least not in the realm of communications security. Let us take a look at the technical problem confronting us. As you know, there are two basic ways voice can be transmitted over telephone media: digital and analog. Analog refers to voice waves which are modulated (amplified) up to a very high frequency (HF). That is, they are increased in speed from hundreds of cycles per second to thousands of cycles per second. This facilitates their passage over distance. Nevertheless, because analog radio waves diminish rapidly over distance, it's necessary to periodically amplify, or boost, the signal either at a microwave relay tower repeater or satellite transponder. (Actually, the signals are diminished in frequency to voice quality and then brought back up to high frequency.) Digital transmissions are voice or data vibration signals which are converted into a series of on-and-off pulses, zeros and ones, as in a computer. Like analog telephone calls, digital calls go through a process of modulation and demodulation. For the purposes of this discussion, we need only remember two things about analog and digital telephony. First, analog telephony is fast being replaced by digital telephony because it better translates computer language. But, more importantly, after a high initial overhaul cost, it's possible to send thousands of digital calls (bundles) over a single conduit. Therefore, as we expand our digital capacity, we must ensure that both our analog and digital communications are protected from Soviet eavesdropping. Second, sending bundles over a single conduit is the base block at which we introduce the encryption I am talking about. When you place a long-distance telephone call from point A to point B, there are three communications paths, or circuits, over which your call might travel: microwave, satellite or cable. Cable is the most secure. However, it is the least practical and economical method for bulk transmission over long distances. As a result, 90 percent of our long-distance telephone traffic is sent by microwave or satellite, and that which is in the air can be readily intercepted. As your signal travels along the cable from your home to the local switching station and then on to a long-haul switching station, it is combined (stacked and bundled might better describe the process) with as many as 1200 other signals trying to get to the same region of the country. This system of stacking and bundling signals is called multiplexing and it's how the telecommunications industry gets around the problem of 7 million New Yorkers all trying to call their senator at the same time on the same copper wire or radio frequency. If you use a common carrier, that is, if you have not rented a dedicated channel from a telecommunications company, a computer at the long-haul switching station will select the first available route to establish a circuit over which your call signals may travel. Therefore, calls that the caller believes to be on less vulnerable circuits may be automatically switched to more vulnerable ones. All this takes place in 1 to 3 seconds. So let's follow your call as it goes by either microwave or satellite. If your call goes via microwave, it will be relayed across the country as a radio wave in about 25-mile intervals from tower to tower (watch for the towers the next time you drive on an interstate route) until it eventually reaches a distant switching station where it is unlinked from the other signals, passed over cable to your friend's telephone, and converted back into voice. The problem with this system: Along these microwave paths there is what we call "spill". This measures about 12.5 meters in width and the full 25 miles between towers. This is where the microwave signal is most at risk. Using a well- aimed parabolic dish antenna (located, let's say, on the top of Mount Alto, one of the highest hills in the District of Columbia, and the site of the new Soviet embassy) you can intercept this signal and pull it in. And that is just what the Soviets are doing. My solution: Throw the bastards out if they are listening to our microwave signals. Nothing technical about it. On three occasions I have introduced legislation requiring the president to do just that, unless in doing so, he might compromise an intelligence source. On June 7, 1985, this measure was adopted by the Senate as Title VII to the Foreign Relations Authorization Bill, but it was dropped in conference with the House of Representatives at the urging of the administration. Nevertheless, I think the administration accepted the simple logic behind the proposal when at the end of October, 55 Soviet diplomats were ordered to leave the country, including, The New York Times tells us, "operatives for intercepting communications." Now, let's not let the Soviets just replace one agent with another. The process is much the same for a satellite telephone call. Today, approximately eight telecommunications carriers offer satellite service using something like 25 satellites. Let's suppose your signal has traveled to a long-haul switching station and all microwave paths are filled. The carrier's computer searches for an alternative path to send the signal and picks out a satellite connection. At the ground station, your call is sent by a transponder up to a satellite and then down again to a distant ground station. Using an array of satellite dishes at Lourdes, the Soviets can seize these signals from the sky just as a backyard satellite dish can pull in television (and telephone) signals. High speed computers then sort through the calls and identify topics and numbers of particular interest. And if the information provided is real time intelligence, the Soviets have the ability to transmit it instantaneously to Moscow. And yes, the Soviets have the range at Lourdes to grasp our satellite transmissions as they travel from New York to Los Angeles or Washington to Omaha. Here, too, there is a solution: Develop and procure cryptographic hardware for use at the common-carrier long- haul switching stations. This hardware will encrypt the multiplexed telephone signals (that is, approximately 1200 calls at a time) before they are transmitted as radio waves from ground station to ground station, a technique analogous to the cable networks scrambling their signals. This can be done for under $1 billion. If we start by encrypting just those unclassified signals we categorize as sensitive, those having greatest impact on the national defense or foreign relations of the U.S. government, it would cost us about half as much. It would cost us so much more not to do so. Communications security has no constituency. There is no tangible product and the public can never really be sure that we have done anything. But National Security Decision Directive 145 says it is a national policy and the national responsibility to offer assistance to the private sector in protecting communications. It's time to make communications security (ComSec in the lingo) a true national security priority supported with resources as well as rhetoric. This was certainly the conclusion of the comprehensive Intelligence Committee report. I agree, and have suggested a way to get on with it. If someone has a better idea - if you have another idea - I would be happy to know it. The important thing is that we stop this massive leak of sensitive information and protect your privacy. -- -------------------------------------------------------------------------------------------------- The First, The Largest, The Most Popular, and The Most Complete TSCM, Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet. -------------------------------------------------------------------------------------------------- James M. Atkinson Ph: (978) 546-3803 Granite Island GroupFax: (978) 546-9467 127 Eastern Avenue #291http://www.tscm.com/ Gloucester, MA 01931-8008mailto:jmatk@t... -------------------------------------------------------------------------------------------------- Vocatus atque non vocatus deus aderit -------------------------------------------------------------------------------------------------- 6988 From: Date: Sun Mar 2, 2003 6:21am Subject: File - Gold List The current version of this list may be found at: http://www.tscm.com/goldlist.html ------------------------------------------------------------------------ Recommended U.S. TSCM Firms The following is a list of private TSCM firms who specialize in "bug sweeps" and wiretap detection and all of whom have legitimate TSCM training, credentials, and equipment (all are very well respected within the industry). While most TSCM specialists are available for travel outside of a specific geographic area they tend to avoid such engagements, or will limited the services to vulnerability analysis, pre-construction assistance, non-instrumented inspections, simple RF checks, in-place monitoring, or limited TSCM services involving only a briefcase sized in-place monitoring system (such as a single spectrum analyzer, MSS, Eagle, ScanLock, OSCOR, SPECTRE, ROSE, or similar system). These private TSCM firms tend to operate in a specific geographic area limited to a few hundred miles (usually within a four to six hour automobile drive). However, all of the TSCM firms listed here are available for travel anywhere in the United States or the World on short notice, but only provide limited services when operating outside of their normal coverage area. This limited coverage area is due to the logistics involved in transporting hundreds and often thousands of pounds of sophisticated, highly sensitive electronic instruments, equipment and tools. Bug sweeps and wiretap detection involves the use of ladders, pole climbing equipment, LAN analyzers, X-ray systems, large antennas and other equipment which is not easily transported by airplane. TSCM firms also tend to restrict their operations to a specific geographic area to facilitate an expert level of knowledge regarding the RF environment, construction methods used, community zoning, population demographics, civil engineering, aeronautic or maritime facilities, local military bases, and related areas. Knowledge of such regional information is critical for a successful TSCM project. The TSCM specialist must also have an intimate knowledge of the telephone systems, engineering methods, fiber optics, major cable locations, central office switches, test numbers, and related communications infrastructure present or being used in an area (which tends to be very regional). An understanding of what types of eavesdropping devices, methods, and frequencies are being used in an area is also important, as is a knowledge of what type of surveillance equipment is being sold within that region (and other areas). The TSCM Procedural and Protocols Guides used by a specialist also tend to be based on specific issues and variables present in that specific geographic area. On a more interesting note, many of these firms are located in, or near major maritime port cities. The heaviest concentrations are around major cities on the East and West coasts with a very limited presence in the Mid-West, Great Plains, and Rockies. If you are in the Mid-West, Great Plains, or Rockies area you would need to engage a TSCM firm from one of the major port cities. For example customers in Chicago, St. Louis, Memphis, Denver, Salt Lake City, Minneapolis, Billings, etc. would need to fly a TSCM specialist in from Boston, New York, Washington DC, Los Angles, Lexington, or Seattle. ------------------------------------------------------------------------ Please be patient when contacting these firms, as if they are out serving a client they may not be able to return your call for several hours. Rates generally are non-negotiable and reflect the cost of the sweep practitioner's time, investment in equipment acquisition and maintenance, several weeks of in-service training a year, travel, administrative and communications time and expense to coordinate the sweep and written report, and a fair profit for their services. It is very unwise to shop for sweeps by using price as a criteria as it only invites getting ripped off. Legitimate TSCM professionals are not interested in, nor will then engage in negotiating for a lower price. When you contact persons on this list, you are talking with someone in the same league as an attorney or surgeon, not a salesman. In fact most of the people listed on this page have more time in their specialized training than do most attorneys or medical professionals. Anything beyond an initial phone call usually will be billable time. Attorneys and doctors don't consult for free, and neither do legitimate TSCM specialists. If a potential client calls with a long list of questions not pertaining directly to hiring the practitioner, or wants to know how to do his own sweep, or wants to know how to use the sweep kit he purchased on his own, expect to pay an hourly rate in advance for consulting services. If you are considering engaging (or have already engaged) a TSCM firm and they are not listed in the following directory you would do well to immediately ask some awkward questions. It is also important you understand that legitimate services by a competent TSCM firm rarely start at less then several thousand dollars for even a basic sweep. Keep in mind that there only a small number of legitimate and competent TSCM counterintelligence specialists or "Bug Sweepers" in the U.S. private sector. Legitimate TSCM firms are in very high demand, hard to find, and expensive; so be patient when trying to find one to help you. Also, the firms listed on this page are not attorneys and cannot tell you whether it is legal or illegal for you to monitor your own phones. Always call a competent licensed attorney for legal advice. Without exception, no one listed here performs eavesdropping services or sells surveillance equipment to any other than government agencies AND WILL NOT REFER YOU TO ANYONE WHO DOES. When you contact any of the following firms please mention that you saw them listed on this web site. ------------------------------------------------------------------------ All of New England, Upstate New York, and the Boston Metropolitan Area (MA, RI, CT, VT, NH, ME, New York State including Long Island, and some of New Jersey) Available on a limited basis to cover any location within 1000 miles of Boston. James M. Atkinson Granite Island Group 127 Eastern Avenue #291 Gloucester, MA 01931-8008 (978) 546-3803 Telephone URL: http://www.tscm.com/ E-mail: jmatk@t... ------------------------------------------------------------------------ Stamford, Connecticut Metropolitan Area (also, Manhattan, Long Island, and New Jersey) Sam Daskam Information Security Associates, Inc. 38 Settlers Trail Stamford, CT 06903 (203) 329-8387 Telephone URL: http://www.isa-tscm.com/ E-mail:sales@i... ------------------------------------------------------------------------ Norwalk, and Lower Fairfield Country Area (also, Manhattan, Long Island, Philadelphia, and New Jersey) Rob Muessel TSCM Technical Services 11 Bayberry Lane Norwalk, CT 06851 (203) 354-9040 Telephone URL: http://www.tscmtech.com/ E-mail:rmuessel@t... ------------------------------------------------------------------------ Greater Philadelphia and Harrisburg Metropolitan Area (also, serving South-Eastern and Central Pennsylvania) Bob Motzer RCM and Associates 609 Sandra Lane Phoenixville, PA 19460 (888) 990-6265 Telephone E-mail: 1RCM@M... ------------------------------------------------------------------------ Washington DC and Baltimore Metropolitan Area (also, Virginia, Delaware, and Pennsylvania) Steve Uhrig SWS Security 1300 Boyd Road Street, MD 21154-1836 (410) 879-4035 Telephone URL: http://www.swssec.com/ E-mail: steve@s... ------------------------------------------------------------------------ Houston, Dallas, Austin, and Galveston (also, Gulf Coast of Texas and Louisiana) Rick Udovich Communication Security, Inc. 2 Shadow Lane Bay City, TX 77414 (979) 244-4920 Telephone URL: http://www.bugsweep.com/ E-mail: rjudo@s... ------------------------------------------------------------------------ Atlanta Metropolitan Area, Southeastern US (also, AL, FL, GA, NC, SC, TN) Buzz Benson Executive World Services, Inc. P.O. Box 33 Braselton, Georgia 30517-0033 (678) 316-7002 Telephone URL: http://www.executiveworldservices.com/ E-mail: sales@e... ------------------------------------------------------------------------ Lexington KY Metropolitan Area (also, Louisville, Cincinnati, and Central Midwest) Bill G. Rhoads Intelcom, Inc. 121 Prosperous Place, Suite 4B Lexington, KY 40509 (859) 263-9425 Telephone E-mail: bgr101@a... ------------------------------------------------------------------------ Michigan and Surrounding Area (also, Indiana, Ohio, and Northern Midwest Region) Chad Margita Off Duty Security 18301 Eight Mile Rd, Suite 214 Eastpointe, MI 48021 (586) 774-1675 Telephone E-mail: offdutysecurity@c... ------------------------------------------------------------------------ Washington State and Seattle WA Metropolitan Area (also, Oregon, and the Pacific North West) Gordon Mitchell Future Focus, Inc. P.O. Box 2547 Woodinville, WA 98072 (888) BUG-KILR Telephone URL: http://www.bug-killer.com/ E-mail: enquiries@b... ------------------------------------------------------------------------ San Francisco and all of Northern California (also, Silicon Valley Area) William Bennett Walsingham Associates, Inc. P.O. Box 4264 San Rafael, CA 94913 (415) 492-1594 Telephone E-mail: walsingham@c... ------------------------------------------------------------------------ 6989 From: Date: Sun Mar 2, 2003 6:21am Subject: File - mission.txt TSCM-L Technical Security Mailing List Dedicated to TSCM specialists engaging in expert technical and analytical research for the detection, nullification, and isolation of eavesdropping devices, wiretaps, bugging devices, technical surveillance penetrations, technical surveillance hazards, and physical security weaknesses. This also includes bug detection, bug sweep, and wiretap detection services. Special emphasis is given to detecting and countering espionage and other threats and activities directed by foreign intelligence services against the United States Government, United States corporations, establishments, and citizens. The list includes technical discussion regarding the design and construction of SCIF facilities, Black Chambers, and Screen Rooms. This list is also for discussing DIAM 50-3, NSA-65, and DCID 1/21, 1/22 compliance. The primary goal and mission of this list is to "raise the bar" and increase the level of professionalism present within the TSCM business. The secondary goal of this list is to increase the quality and effectiveness of our efforts so that we give spies and eavesdroppers no quarter, and to neutralize all of their espionage efforts. This mailing list is moderated by James M. Atkinson and sponsored by Granite Island Group as a public service to the TSCM, Counter Intelligence, and technical security community. 6990 From: A Grudko Date: Sun Mar 2, 2003 1:27pm Subject: Revealed: US dirty tricks to win vote on Iraq war From another group. Andy Grudko Johannesburg > Revealed: US dirty tricks to win vote on Iraq war > > Secret document details American plan to bug phones and emails of key > Security Council members > > Martin Bright, Ed Vulliamy in New York and Peter Beaumont > Sunday March 2, 2003 > The Observer > > The United States is conducting a secret 'dirty tricks' campaign against UN > Security Council delegations in New York as part of its battle to win votes > in favour of war against Iraq. > Details of the aggressive surveillance operation, which involves > interception of the home and office telephones and the emails of UN > delegates in New York, are revealed in a document leaked to The Observer. > > The disclosures were made in a memorandum written by a top official at the > National Security Agency - the US body which intercepts communications > around the world - and circulated to both senior agents in his organisation > and to a friendly foreign intelligence agency asking for its input. > > The memo describes orders to staff at the agency, whose work is clouded in > secrecy, to step up its surveillance operations 'particularly directed at... > UN Security Council Members (minus US and GBR, of course)' to provide > up-to-the-minute intelligence for Bush officials on the voting intentions of > UN members regarding the issue of Iraq. > > The leaked memorandum makes clear that the target of the heightened > surveillance efforts are the delegations from Angola, Cameroon, Chile, > Mexico, Guinea and Pakistan at the UN headquarters in New York - the > so-called 'Middle Six' delegations whose votes are being fought over by the > pro-war party, led by the US and Britain, and the party arguing for more > time for UN inspections, led by France, China and Russia. > > The memo is directed at senior NSA officials and advises them that the > agency is 'mounting a surge' aimed at gleaning information not only on how > delegations on the Security Council will vote on any second resolution on > Iraq, but also 'policies', 'negotiating positions', 'alliances' and > 'dependencies' - the 'whole gamut of information that could give US > policymakers an edge in obtaining results favourable to US goals or to head > off surprises'. > > Dated 31 January 2003, the memo was circulated four days after the UN's > chief weapons inspector Hans Blix produced his interim report on Iraqi > compliance with UN resolution 1441. > > It was sent by Frank Koza, chief of staff in the 'Regional Targets' section > of the NSA, which spies on countries that are viewed as strategically > important for United States interests. > > Koza specifies that the information will be used for the US's 'QRC' - Quick > Response Capability - 'against' the key delegations. > > Suggesting the levels of surveillance of both the office and home phones of > UN delegation members, Koza also asks regional managers to make sure that > their staff also 'pay attention to existing non-UN Security Council Member > UN-related and domestic comms [office and home telephones] for anything > useful related to Security Council deliberations'. > > Koza also addresses himself to the foreign agency, saying: 'We'd appreciate > your support in getting the word to your analysts who might have similar > more indirect access to valuable information from accesses in your product > lines [ie, intelligence sources].' Koza makes clear it is an informal > request at this juncture, but adds: 'I suspect that you'll be hearing more > along these lines in formal channels.' > > Disclosure of the US operation comes in the week that Blix will make what > many expect to be his final report to the Security Council. > > It also comes amid increasingly threatening noises from the US towards > undecided countries on the Security Council who have been warned of the > unpleasant economic consequences of standing up to the US. > > Sources in Washington familiar with the operation said last week that there > had been a division among Bush administration officials over whether to > pursue such a high-intensity surveillance campaign with some warning of the > serious consequences of discovery. > > The existence of the surveillance operation, understood to have been > requested by President Bush's National Security Adviser, Condoleezza Rice, > is deeply embarrassing to the Americans in the middle of their efforts to > win over the undecided delegations. > > The language and content of the memo were judged to be authentic by three > former intelligence operatives shown it by The Observer. We were also able > to establish that Frank Koza does work for the NSA and could confirm his > senior post in the Regional Targets section of the organisation. > > The NSA main switchboard put The Observer through to extension 6727 at the > agency which was answered by an assistant, who confirmed it was Koza's > office. However, when The Observer asked to talk to Koza about the > surveillance of diplomatic missions at the United Nations, it was then told > 'You have reached the wrong number'. > > On protesting that the assistant had just said this was Koza's extension, > the assistant repeated that it was an erroneous extension, and hung up. > > While many diplomats at the UN assume they are being bugged, the memo > reveals for the first time the scope and scale of US communications > intercepts targeted against the New York-based missions. > > The disclosure comes at a time when diplomats from the countries have been > complaining about the outright 'hostility' of US tactics in recent days to > persuade then to fall in line, including threats to economic and aid > packages. > > The operation appears to have been spotted by rival organisations in Europe. > 'The Americans are being very purposeful about this,' said a source at a > European intelligence agency when asked about the US surveillance efforts. 6991 From: Steve Uhrig Date: Mon Mar 3, 2003 0:21pm Subject: RE: Taking byte from Baghdad On 3 Mar 2003 at 12:53, Kutlin, Josh wrote: > First I want to say thank you to all those who wrote back and gave me > some great ideas and good links. > What I wound up doing was taking 100 feet of 22 gauge insulated > speaker wire, and I hung it off my balcony (does not touch the > ground). Then ran it to a piece of insulated copper via alligator clip > and into a connector for the external antenna. I also tried hooking it > up to the chepo antenna on the radio but the results where ...uhh sub > par. The reception when I use the external jack is great. However I > now have a different problem. I have multiple stations coming in on > one frequency and a lot of other noise. I am looking to "tune the > wire". Any suggestions on where to look for a solution? I have seen > some sites that recommend connecting to the long wire at different > points. Would this help? Most likely you are overloading the receiver. That means you are cramming more signal down its throat than it is designed to handle. Remember, anything metallic picks up every frequency, although at different levels of efficiency. 100 feet is quite long. I suspect that long length of wire is gathering lots of signals on lots of frequencies all over, at fairly strong levels. The receiver is unable to separate the single signal on one frequency you want from the loud jumble of signals at many frequencies it is being fed. This is a simple explanation, but I hope it makes a bit of sense. Tuning the long wire is probably not what you want. That will make it more efficient. You need it less efficient. I'd shorten it to perhaps 40 feet, which very roughly is resonant at 11.175 megacycles. It's not at all critical for receive. Also, you could be living near some loud broadcast stations, like AM or FM radio or television. You could be picking up those extremely loud signals. Those signals can mix with many other unwanted (and unknown) signals your antenna is picking up and create 'intermod products' which are the sums and differences of the two frequencies. This can be happening inside your receiver, or external. As a crude example, say there was a radio station near you transmitting a loud signal at 88 megacycles (bottom of FM broadcast band). And say there was a paging transmitter interconnect at 76 megacycles, which is very common. The difference between these two frequencies, 12 megacycles, as well as the sum, 164 megacycles, are 'intermod products'. The 12 megacycle signal would very likely swamp the 11 megacycle you are trying to listen to, which will be fairly weak. The solutions to these are proper antenna design and, preferably, a higher quality receiver. Better receivers have better filters, preselectors, and in newer ones, some digital processing to help out. You can do a fine job with the simpler and older receivers. The best receiver I own for shortwave listening is an old Drake 2B with tubes, probably manufactured in the late 1960s. I'm not implying you need a better receiver. I'm trying to give you the theory so you can understand and work through things. Shorten your antenna. I've received and transmitted around the world with only a few watts into some test leads clipped together and to a picture on the wall. One end of my wire antenna fell down in a snowstorm, and yesterday, with one end laying in the snow, I still was hearing wall to wall South American stations on 28 megacycles. Brazil and Argentina were pounding in. I did not try, but I suspect with six feet of wire hung out the window of the room I would have heard some of them. I was using a very sensitive and selective homebuilt receiver however. But when signals are strong, like if there is an AM broadcast station in town, you can receive them, literally, with a rusty razor blade and a safety pin detector, a simple capacitor and coil wound on a toilet paper tube, and a cheap earphone. Many of us did that as kids. Look for a crystal radio kit in one of the online catalogs. Modern receivers are very sensitive. That is cheap. Selectivity is a more important spec, and is more expensive. If you could find a ham radio club or local ham radio operator in your area, he probably would be pleased to assist you, and could identify the problem quickly if he was sitting in front of your equipment. Contact www.arrl.org to locate a ham radio club near you if you don't know any local hams. They play with antennas for fun, and if they live near you are likely to know the loud local signals which can contribute to intermod. Keep us posted. Regards ... Steve ******************************************************************* Steve Uhrig, SWS Security, Maryland (USA) Mfrs of electronic surveillance equip mailto:Steve@s... website http://www.swssec.com tel +1+410-879-4035, fax +1+410-836-1190 "In God we trust, all others we monitor" ******************************************************************* 6992 From: Hawkspirit Date: Mon Mar 3, 2003 6:23pm Subject: Dektor Anyone know if Dektor is still around, I have an associate that needs chart paper and other parts for a PSE. Thanks Roger