From: James M. Atkinson, Comm-Eng Date: Wed Mar 7, 2001 2:09pm Subject: Suspect may have undone top U.S. spy programs Suspect may have undone top U.S. spy programs http://inq.philly.com/content/inquirer/2001/03/07/front_page/SPY07.htm By Lenny Savino INQUIRER WASHINGTON BUREAU WASHINGTON - Robert Hanssen, the veteran FBI agent accused of spying, may have sold Russia some of America's most precious intelligence secrets, including information on how the United States tracks foreign submarines and sniffs out nuclear, chemical and biological weapons, intelligence experts said yesterday. The loss of such technical secrets could dwarf the damage from Hanssen's alleged disclosure of a secret tunnel under the Russian Embassy in Washington, demolishing a number of the nation's most important intelligence programs and wiping out more than a billion dollars in research and investment, they said. Hanssen was one of a handful of FBI counterintelligence experts whom the Pentagon and other agencies called upon to protect a wide range of exotic high-tech intelligence programs collectively called Measurement and Signature Intelligence, or MASINT, said a senior intelligence official who spoke on condition of anonymity. Hanssen also accessed CIA and Defense Department computer databases to collect highly classified information on MASINT programs, according to counterintelligence experts who asked not to be named. MASINT programs detect, find and track submarines, missiles and other weapons by analyzing the sounds they make, the heat they generate, the radiation they emit, the chemical traces they leave, or other physical evidence. Such programs have become increasingly important to the United States as other nations have learned how to combat more conventional forms of intelligence gathering, such as satellite photography and communications intercepts, said the senior intelligence official. They also have become critical to America's ability to monitor the proliferation of nuclear, chemical and biological weapons and keep track of mobile Russian nuclear missiles. "If Hanssen sold the Russians everything he knew about these programs, the damage would be devastating, among the worst we've ever seen," the official told the Inquirer Washington Bureau. "These things can be compromised in an instant. They only work as long as the other side doesn't know what we can do." Officials are still trying to assess how much damage Hanssen allegedly did, but his arrest affidavit charges that he passed on details of at least one "Top Secret SCI" (Sensitive Compartmented Information) MASINT program. SCI is a level of security clearance higher than Top Secret that restricts information to a small number of people cleared for a specific code word. The MASINT document Hanssen is accused of giving the Russians detailed recommendations for the CIA director on how MASINT information would be collected and used into the 21st century, according to the affidavit. The document was "highly specific and technical" and disclosed "the Intelligence Community's consensus on specific MASINT objectives and studies leading to needed capabilities," the affidavit said. FBI spokesman Bill Carter said he could not comment on what MASINT documents were passed or what threat they represent to national security. "We can't go beyond what's in the affidavit," Carter said. "Damage assessment is under way." Retired Air Force Gen. James Clapper, a former head of the Defense Intelligence Agency, which coordinates U.S. MASINT programs, said the technology is used for many purposes, including monitoring the size and characteristics of nuclear test blasts. "A lot of this is pretty exotic technology," Clapper said. "It's conceivable [the alleged Hanssen disclosures] could be quite egregious." "It's the Holy Grail of antisubmarine warfare," said Steven Aftergood, an intelligence analyst for the Federation of American Scientists, a Washington-based government watchdog group. "That would be something that a foreign intelligence service would be eager to get their hands on. Their interest would not so much be in duplicating it as much as discovering ways to evade our collection abilities." Hanssen, 56, was arrested Feb. 18 and charged with espionage and conspiracy to commit espionage for allegedly passing 6,000 pages of secret documents to the Russians. In exchange for spying over 15 years, court papers say, he received $1.4 million in cash, diamonds and deferred deposits in a Moscow bank. Robert D. Steele, the head of OSS.net, a Virginia-based counterintelligence consulting company, estimated the cost of MASINT technology development in the United States in the "low billions." Some MASINT technologies identify specific Russian nuclear subs by their engine and propeller sounds. Others detect chemical and biological weapons through traces of their components. The loss of MASINT information could eliminate U.S. nuclear submarines' ability to avoid detection, make it easier for Russian subs carrying missiles to hide off the U.S. coast, and help Russia conceal data on its missile and weapons tests, experts said. Based on MASINT intelligence taken from soil samples, the United States in 1998 fired 13 Tomahawk cruise missiles at a factory in Khartoum, Sudan, believed to contain the precursors of a chemical weapon, Aftergood said. U.S. intelligence officials said the factory was linked to suspected terrorist Osama bin Laden. A lawsuit by the plant's owner later raised questions about the accuracy of the information. MASINT technology arose in large part as a response to shortcomings in intelligence collection during the 1990-91 Persian Gulf war, according to Aviation Week and Space Technology magazine. =============== Lenny Savino's e-mail address is lsavino@k.... Warren P. Strobel of the Inquirer Washington Bureau contributed to this article. -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2673 From: Paolo Sfriso Date: Wed Mar 7, 2001 0:41pm Subject: TCSM Instrument Airline Baggage Insurance Dear Collegues. Does anyone have suggestions on how to insure ones TSCM equipment that is checked in as airline luggage. Of course the few dollars per pound (or Euros per kilo) are ridiculously below the equipment's true value. Your Italian Connection Paul Sfriso Director GRUPPO S.I.T. Security, Investigations & Tecnology Quarto d'Altino, Venice ITALY phone +39 0422 828517 fax +39 0422 823224 24hr GSM cellphone +39 335 5257308 paulsfriso@t... www.grupposit.com [Non-text portions of this message have been removed] 2674 From: Paul Timmins Date: Wed Mar 7, 2001 2:13pm Subject: Re: Do We need Counter Intelligence Czar- Article by Robert G. Ferrell *clutches chest* ;-) On Wed, 7 Mar 2001, Mike F wrote: > "CONFIDENTIALITY WARNING" <==== BE AWARE > I AM AS SERIOUS AS A HEART ATTACK ABOUT THE WARNING BELOW!!!!!!!!!!!!!! By popular request my signature has moved to Paul Timmins paul@t... http://www.timmins.net/ "By definition, if you don't stand up for anything, you stand for nothing." ---Paul Timmins 2675 From: Marcelrf Date: Wed Mar 7, 2001 1:51pm Subject: Re: re: Accused FBI spy betrayed U.S. countermeasures I'm not sure if this has been posted yet, however if it has excuse me. Marcel ------------------------------------------------------------------------------------------------------------------------------- FULL INFO HERE: http://www.fas.org/irp/ops/ci/hanssen_affidavit.html IN THE UNITED STATES DISTRICT COURT FOR THE EASTERN DISTRICT OF VIRGINIA Alexandria Division UNITED STATES OF AMERICA ) ) v. ) ) CRIMINAL NO. ROBERT PHILIP HANSSEN, ) a/k/a "B" ) a/k/a "Ramon Garcia" ) a/k/a "Jim Baker" ) a/k/a "G. Robertson" ) AFFIDAVIT IN SUPPORT OF CRIMINAL COMPLAINT, ARREST WARRANT AND SEARCH WARRANTS I, Stefan A. Pluta, being duly sworn, depose and state as follows: 1. I am presently employed as a Special Agent of the Federal Bureau of Investigation (FBI) and am assigned to the Washington Field Office in the District of Columbia. I have been employed as an FBI Special Agent for approximately 13 years. I have completed FBI training in foreign counterintelligence matters. As a result of my training and experience, I am familiar with the tactics, methods, and techniques of foreign intelligence services and their agents. 2. This affidavit is in support of applications for the following: A) A warrant for the arrest of ROBERT PHILIP HANSSEN (DOB 4/18/44) for violations of Title 18 United States Code, Sections 794 (a) (Transmitting National Defense Information) and 794 (c) (Conspiracy to Commit Espionage); and B) Search warrants for: 1) The residence of ROBERT PHILIP HANSSEN, such premises known and described as a single family residence located at: 9414 Talisman Drive Vienna, Virginia 22182 as more fully described in Attachment B, and which is within the Eastern District of Virginia; 2) One silver 1997 Ford Taurus, bearing VIN IFALP52U9VG211742 and Virginia license plate number ZCW9538, which is owned by ROBERT PHILIP HANSSEN and anticipated to be within the Eastern District of Virginia; 3) One 1993 Volkswagen van, bearing VIN WV2KC0706PH080424 and Virginia license plate number ZCW9537, which is owned by ROBERT PHILIP HANSSEN and anticipated to be within the Eastern District of Virginia; 4) One 1992 Isuzu Trooper, bearing VIN JACDH58W7N7903937 and Virginia license plate YRP3849, which is owned by ROBERT PHILIP HANSSEN and anticipated to be within the Eastern District of Virginia. 3. In my capacity as case agent assigned to this matter, I have examined documents and other records pertinent to this investigation from numerous sources. Searches and various forms of surveillance have also been conducted pursuant to the Foreign Intelligence Surveillance Act (FISA) and orders of the Foreign Intelligence Surveillance Court (FISC). "James M. Atkinson, Comm-Eng" wrote: > At 10:49 AM +0000 3/7/01, David Alexander wrote: > >The posting discusses an admission of using lasers to 'listen at windows': > > > >> Regarding the FBI-NSA listening tunnel, U.S. government officials said > >> that the NSA was using laser beams directed at glass surfaces of the > >embassy > >> compound such as windows to monitor conversations, these sources said. The > >> lasers are able to pick up the minute vibrations of window glass caused by > >> conversations, which can then be recorded. > >> > >> "The take we got wasn't all that great. The Russians aren't stupid," said > >> one official. > > > >If you read 'The Aquarium' by Victor Suvorov (pseudonym of a GRU defector) > >which came out at least 8 years ago, this was a known technique used by both > >sides. To counter it, randomly contoured glass was installed in sensitive > >locations, with a device attached to create vibrations to greatly reduce, if > >not counter completely, the capability of the laser to pick up sound. This > >was installed in embassies around the world by the Russians (and probably by > >everyone else too). > > > >The admission sounds like a very poor attempt at disinformation by the US > >govt. > > > > > >David Alexander M.INSTIS > >Bookham Technology plc > > > >DDI: 01235 837823 > >David.Alexander@B... > > Bouncing a laser or any kind of photonic energy against a reflective > or quais reflective service in an attempt to obtain intelligence > would be fool-hardy. Such activities are easy to detect, easy to > defeat, and easy to trace it back to the spy. > > It was a clever curiosity 20 years ago, but more recently is more of > a joke written about in spy novels. > > That said, passive laser bounce types of systems suffer from all > kinds of noise issues. > > Of course this does not include active photonic systems which tend to > be more covert and tend to be less detectable. > > -jma > > -- > > ======================================================================= > Sed quis custodiet ipsos Custodes? > "In a time of universal deceit, telling the > truth is a revolutionary act" - George Orwell > ======================================================================= > James M. Atkinson Phone: (978) 546-3803 > Granite Island Group Fax: (978) 546-9467 > 127 Eastern Avenue #291 http://www.tscm.com/ > Gloucester, MA 01931-8008 jmatk@t... > ======================================================================= > The First, The Largest, The Most Popular, and The Most Complete TSCM, > Technical Security, and Counterintelligence Site on the Internet. > ======================================================================= > > > ======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.onelist.com/community/TSCM-L > > or email your subscription request to: > subTSCM-L@t... > =================================================== TSKS > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ -- "NEXTEL1 IT'S NOT JUST NEXTEL" Subscribe to Nextel1: http://www.onelist.com/subscribe/NEXTEL1 2676 From: James M. Atkinson, Comm-Eng Date: Wed Mar 7, 2001 3:26pm Subject: Counterintelligence Run Amok Wednesday, March 7, 2001 Counterintelligence Run Amok http://www.latimes.com/news/comment/20010307/t000020148.html By JAY TAYLOR Fear of foreign spies was already inordinately high in the United States when the sensational espionage charges against Robert Philip Hanssen hit the headlines. The media and the public, always starved for drama, have been captivated. The executive branch is planning tough-sounding remedies, including new super organizations. Existing counterintelligence bureaucracies have exploited the "crisis" to grow and expand. And counterspy measures, resources and personnel are already greater than they were during the height of the Cold War. President Bush is expected soon to approve establishment of a new counterintelligence policy board headed by a counterintelligence czar who will report to a new counterintelligence board of directors. This, despite the fact that there is no more KGB, no more Soviet Union. Judging by discussions in the media, the new so-called proactive measures being planned are those that monitor our own people and control sensitive documents. An example of one of these measures is the explosion in job opportunities for internal security agents in the State Department. If former Secretary of State Madeleine Albright's plan is carried out, State will hire 500 new security agents, bringing the total of such officers in the foreign service to 1,500. This compares with a total of only 2,500 foreign service officers who perform the department's core work of diplomacy--reporting, analysis, advocacy and negotiation on bilateral and international issues--including ambassadors, their deputies and other program direction officers. While security expands, some 700 other foreign service positions remain vacant because of lack of funding. Some of the work normally done by diplomats is now being performed by officers in our foreign missions from the CIA and the Pentagon, neither of which have a comparable budget problem. Yet the current danger we face from foreign espionage is a mere fraction of that posed from the 1930s to the fall of the Soviet Union in 1991. The mighty KGB's successor, the SVR, like the Soviet Navy and all the other wings of the old Communist regime's security establishment, is a shadow of its former self. For eight years, the SVR did not even contact Hanssen, one of the best-positioned moles in the United States the old KGB ever had. Except for Cuba, the SVR has lost all of the KGB's sister services, including the once extraordinarily effective East German Stasi. Moreover, since the emergence of Russia as a relatively open but very strained society, the ability of Western services to penetrate the SVR has geometrically increased. The double agent in the SVR who exposed the apparent double-crosser Hanssen apparently handed over the entire KGB file. The deeds of our counterspy turncoats resulted in the deaths of some of our Russian moles and are deserving of harsh punishment, but the consequences of their actions had no critical impact on vital U.S. interests. Notably, the FBI tunnel under the Russian Embassy in Washington reportedly revealed by Hanssen apparently produced no major intelligence. (Likewise the previous big American tunneling exercise, the famous 1950s CIA dig in Berlin, was a bust from the start. A Russian mole in London tipped off the KGB to the project before it even began.) To declare to the press, as some intelligence sources are doing, that Hanssen and Aldrich Ames brought about the "greatest losses in the history of American intelligence" is to focus on damage to the counterspy organizations themselves and not to basic national interests, as for example was the case in the theft of nuclear secrets or submarine codes. The massive spying and internal security apparatus of the KGB did not save the Soviet Union. Why now, when we face no such monolithic monster, do we need a counterintelligence czar, expanded polygraphs, more intrusive monitoring of personnel, a draconian "official secrets act" and many more internal security agents in the State Department and elsewhere? We won the hot and cold wars the old way, by maintaining a reasonable level of internal controls but concentrating on offense--penetration, mole implantation and communications intercepts. We need to safeguard counterintelligence and other sensitive information, but the possibilities and the consequences of both foreign espionage and counterspying should be kept in perspective. As George F. Kennan, architect of America's Cold War containment policy, once observed, counterintelligence takes on aspects that cause it to be viewed as a game, played in its own right. The fascination it exerts, he concluded, tends wholly to obscure, even for the general public, the original reasons for it. - - - Jay Taylor Was Deputy Assistant Secretary of State for Intelligence Coordination in the Reagan Administration -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2677 From: Date: Wed Mar 7, 2001 2:54pm Subject: CIA Turns to Data Mining CIA Turns to Data Mining By Tabassum Zakaria, Reuters Sunday, March 4, 2001; 8:26 AM The CIA, faced with a daily avalanche of information, is using new "data mining" technology to find useful nuggets within thousands of documents and broadcasts in different languages. The spy agency must sift through a barrage of information from both classified and unclassified sources in varied formats such as hard text, digital text, imagery, and audio in more than 35 languages. The Office of Advanced Information Technology (AIT), part of the CIA's Directorate of Science and Technology, is focused on finding solutions to the "volume challenge." "We're not growing at a fast rate, but the amount of information that comes into this place is growing by leaps and bounds," Larry Fairchild, AIT director, said in an interview this week in a basement demonstration room at Central Intelligence Agency headquarters. "How do we give folks technologies so that they are able to handle the big increase in information they're going to have to deal with on a day-to-day basis?" he said. One computer tool called "Oasis" can convert audio signals from television and radio broadcasts into text. It can distinguish accented English for greater accuracy in the transcription, whether the speaker is male or female, and whether one male or female voice is different from another of the same gender. At the left of the screen of a transcribed broadcast are labels "Male 1," "Female 1," "Male 2," next to sentences. If one voice is labeled with a name, the computer from then on will put that name on anything else with that same voice. So for example if a broadcast by Saudi-exile Osama bin Laden, whom the CIA considers a major threat to Americans, was transcribed and labeled, every time his voice was detected the computer would automatically label it. MACHINE TRANSLATOR If the machine translation appears off, the user can with a mouse click hear the actual broadcast. For example, the demonstration showed a transcription that read "latest danger from hell" but the audio said "latest danger from el nino." The computer cuts down on the time it would take a person to transcribe a half-hour broadcast to 10 minutes from up to 90 minutes, a CIA employee conducting the demonstration said. The CIA is planning to have Oasis developed for different languages such as Arabic and Chinese. It also finds similar meanings of words being searched, for example a broadcast might not mention "terrorism" but might say "car bombing," which the computer would tag as "terrorism" so that anyone searching for that category would find it. Currently the CIA's Foreign Broadcast Information Service is using it in one Asian city and intends to have it in other regions such as the Middle East this year. Another computer tool, "FLUENT," enables a user to conduct computer searches of documents that are in a language the user does not understand. The user can put English words into the search field, such as "nuclear weapons," and documents in languages such as Russian, Chinese and Arabic pop up. The system will then translate the document and if it is seen as useful, the analyst can send it to a human translator for more precision. Languages that FLUENT can translate into English include Chinese, Korean, Portuguese, Russian, Serbo-Croatian and Ukrainian. "Data mining" tools are used to extract key pieces of information from a variety of intelligence traffic such as on the flow of illegal drugs and also to keep track of illicit financial transactions. Tools were developed to help CIA analysts on Iraq, who were asked to analyze the agency's holdings on Iraqi war crime violations, about 1.2 million documents going back to 1979. The Text Data Mining tool extracted and indexed all words in the data so for example if an analyst was asked whether Iraq ever used anthrax as a weapon, the analyst could open the tool and find anthrax in the automatically generated index. That tool also counts the frequency of word use and can handle various spellings of the same Iraqi names or locations. There is also "gifting technology" which gives the flavor of the key information of a document in a short paragraph, Fairchild said. With the latest spy furor in the nation's capital, would any of the tools help catch a spy? "Yes, some of the things we're doing can," Fairchild said without details. "We're looking at better technologies to put in that area," he added. Another intelligence official, on condition of anonymity, said: "If they have this kind of technology to plumb the depths of open sources, you can imagine what kind of technologies they have to track down spies." 2678 From: Miguel Puchol Date: Wed Mar 7, 2001 5:05pm Subject: TCSM Instrument Airline Baggage Insurance Paul, There are insurance companies that have policies to cover electrical & electronic equipment for professional use. Rates vary according to value (obvious), wether the equipment stays at a fixed location, with alarm & other security measures, or wether it travels around alot. Also, rates go up if you want international coverage, and more so if it is also for damage, not just for total loss. We have our computer & electronic gear at the lab fully insured, and the field gear goes with an extension to the vehicles' insurance. Regarding international travel, we use couriers that accept insurance for specified amounts, and that includes damage & loss. Airlines are useless at dealing with claims on material (my own experience). Hope it helps, Mike -----Mensaje original----- De: Paolo Sfriso [mailto:paulsfriso@t...] Enviado el: miercoles, 07 de marzo de 2001 19:41 Para: TSCM-L@yahoogroups.com Asunto: [TSCM-L] TCSM Instrument Airline Baggage Insurance Importancia: Alta Dear Collegues. Does anyone have suggestions on how to insure ones TSCM equipment that is checked in as airline luggage. Of course the few dollars per pound (or Euros per kilo) are ridiculously below the equipment's true value. Your Italian Connection Paul Sfriso Director GRUPPO S.I.T. Security, Investigations & Tecnology Quarto d'Altino, Venice ITALY phone +39 0422 828517 fax +39 0422 823224 24hr GSM cellphone +39 335 5257308 paulsfriso@t... www.grupposit.com [Non-text portions of this message have been removed] ======================================================== TSCM-L Technical Security Mailing List "In a multitude of counselors there is strength" To subscribe to the TSCM-L mailing list visit: http://www.onelist.com/community/TSCM-L or email your subscription request to: subTSCM-L@t... =================================================== TSKS Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 2679 From: Bryan Herbert Date: Wed Mar 7, 2001 8:04pm Subject: Need help identifying signal Can anyone help identify these transmissions? The first file (single sweep) is receivable from 4.405-4.430MHZ USB, the second file (dual sweep) is receivable from 4.775-4.800MHz USB. The first half of the first file was recorded in AM mode and the second half as well as the entire second file was recorded in USB. -- Bryan Herbert KE6ZGP (661) 714-2611 AIM: EAVE5DR0P ICQ: 92114706 Yahoo: b_herbert_91321 http://www.geocities.com/b_herbert_91321/index.html 2680 From: Bryan Herbert Date: Wed Mar 7, 2001 8:15pm Subject: Correction! Need help identifying signal Here are the links to the audio files in question 4.405-4.430MHz USB http://www.geocities.com/b_herbert_91321/hf.wav 4.775-4.800MHz USB http://www.geocities.com/b_herbert_91321/hf2.wav BTW: These transmissions can at times also be heard on 6, 8, and 18MHz Bryan Herbert wrote: > > Can anyone help identify these transmissions? The first file (single > sweep) is receivable from 4.405-4.430MHZ USB, the second file (dual > sweep) is receivable from 4.775-4.800MHz USB. The first half of the > first file was recorded in AM mode and the second half as well as the > entire second file was recorded in USB. > > -- > Bryan Herbert KE6ZGP (661) 714-2611 > AIM: EAVE5DR0P ICQ: 92114706 Yahoo: b_herbert_91321 > > http://www.geocities.com/b_herbert_91321/index.html -- Bryan Herbert KE6ZGP (661) 714-2611 AIM: EAVE5DR0P ICQ: 92114706 Yahoo: b_herbert_91321 http://www.geocities.com/b_herbert_91321/index.html 2681 From: James M. Atkinson, Comm-Eng Date: Wed Mar 7, 2001 8:34pm Subject: Re: Correction! Need help identifying signal At 6:15 PM -0800 3/7/01, Bryan Herbert wrote: >Here are the links to the audio files in question >4.405-4.430MHz USB http://www.geocities.com/b_herbert_91321/hf.wav >4.775-4.800MHz USB http://www.geocities.com/b_herbert_91321/hf2.wav > >BTW: These transmissions can at times also be heard on 6, 8, and 18MHz > >Bryan Herbert wrote: >> >> Can anyone help identify these transmissions? The first file (single >> sweep) is receivable from 4.405-4.430MHZ USB, the second file (dual >> sweep) is receivable from 4.775-4.800MHz USB. The first half of the >> first file was recorded in AM mode and the second half as well as the >> entire second file was recorded in USB. >> >> -- >> Bryan Herbert KE6ZGP (661) 714-2611 >> AIM: EAVE5DR0P ICQ: 92114706 Yahoo: b_herbert_91321 >> >> http://www.geocities.com/b_herbert_91321/index.html > >-- >Bryan Herbert KE6ZGP (661) 714-2611 >AIM: EAVE5DR0P ICQ: 92114706 Yahoo: b_herbert_91321 OK, but where is the frequency and time domain measurements (ie: spectrum analyzer and oscilloscope output). Also, do you have a waterfall or rising raster of the signal yet? Since you are posting this to the TSCM-L list I would assume that you belive that it is an eavesdropping signal? -jma -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2682 From: James M. Atkinson, Comm-Eng Date: Thu Mar 8, 2001 9:28am Subject: HEADLINES IN THE YEAR 2050 HEADLINES IN THE YEAR 2050 1. Florida to Be Readmitted to Union 2. Plague of Spotted Owls Threaten Crops, Livestock 3. Texas Executes Last Remaining Citizen 4. Cal Ripken Jr. Reduced to DH Role 5. Mother Monica Dies: Revered Hero of Bangkok Slums Overcame Lurid Past With US President 6. Wealthy Widow Anna Nicole Smith, 83, Weds Handsome Young Actor. "This Is True Love," He Beams. 7. Construction Begins On Grenada War Memorial In D.C. 8. Cody and Cassidy Gifford Elude Authorities. Drug-Crazed Crime Spree Continues 9. President "Bonecrusher" Jones to Face Chief Justice "Mad Dog" Ortega In Cage Match 10. Baltimore Rams Defeat St. Louis Ravens 11. Pope Phil II Settles Custody Battle With Ex-Wife 12. Upcoming NFL Draft Likely to Focus On Mutants 13. Younger Generation's Music Provokes Outrage of Elders 14. D.C. Zoo to Receive Rare Cow 15. Authentic Year 2000 Chad Sells For $6.9 Million at Sotheby's 16. Nursing Home Lawsuit Case: Clinton Denies Candy Striper's Allegations 17. Court Clears AOLTimeWarnerGE-DisneyCiscoFordRJR-NabiscoExxon-Mobil of Monopoly Charges 18. 50-Year Study: Diet and Exercise Key to Weight Loss 19. Baby Conceived Naturally 20. It Wasn't the Cigarettes - It Was the Ashtrays -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2683 From: James M. Atkinson, Comm-Eng Date: Thu Mar 8, 2001 10:06am Subject: PayPal Comments I recently had a discussion with another list member who was trying to set up a PayPal account but was having problems finding the appropriate link to do so. So anyway, here is the sign up link for PayPal. https://secure.paypal.com/affil/pal=jmatk%40tscm.com I don't really like PayPal, but it is handy when someone wants to pay for something "RIGHT NOW", or in cases where you have a lot of small orders to collect funds for and don't want to fiddle around waiting for checks to clear. If you do go with PayPal I would STRONGLY suggest that you pull the funds out of your on-line PayPal account, and into your bank as soon as the funds come in for you (PayPal is a clearing service, not a bank). I have actually found PayPal to be helpful (even though I don't like it) when someone wants some consultation over the phone (where you get paid first), and really helpful when a customer wants something shipped ASAP but can't get funds to you via a Fedex'ed company check. If your interested you can actually purchase a CPM-700, OSCOR, ORION, or other TSCM gear from us via PayPal (ie: you can use your credit card or write an e-check). -jma -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2684 From: Robert G. Ferrell Date: Thu Mar 8, 2001 11:15am Subject: Re: PayPal Comments >If you do go with PayPal I would STRONGLY suggest that you pull the >funds out of your on-line PayPal account, and into your bank as soon >as the funds come in for you (PayPal is a clearing service, not a >bank). A word of warning: I've had extensive dealings with PayPal over the past year, and they have a tendency to be very slow about paying up, at least in my experience (maybe they just don't like my after shave). As always, ymmv. Caveat Emptor. Cheers, RGF Robert G. Ferrell, CISSP Information Systems Security Officer National Business Center U. S. Dept. of the Interior Robert_G_Ferrell@n... ======================================== Who goeth without humor goeth unarmed. ======================================== 2685 From: A Grudko Date: Thu Mar 8, 2001 6:49am Subject: Re: re: Threat in the Hand of Your Pa ----- Original Message ----- From: David Alexander > In other words, 'we promoted this product as having password protection, and > if you believed us you were stupid.' Anyone ever lost a password on a PC, application or cellphone? You just 'phone up those nice people at the SP's helpline and, subject to some conditions, they talk you through cracking it or eMail it to you. It's the 'kid locked in the vault' syndrome. No matter how good the vault, the manufacturers have to know how to get in. Luckilly we all know that those nice people at the help lines are beyond corruption.......don't we? Andy Grudko. D.P.M., Grad I.S, (S.A.) CEO - Grudko Wilson Associates (SA) (Pty) Ltd - Crime investigation & intelligence Johannesburg - Cape Town - Durban - Pretoria - UK - US - Canada - Australia - Israel - Bosnia. Agents in 41 countries - www.grudko.com - (+27 11) 465 9673 - 465 1487 (Fax) - Est. 1981 GIN (Charter), SACI (Pres), WAD, CALI, SASFed, SASA, SAMLF, SCIP (SA Chairman), UKPIN, AFIO (OS), IWWA, PRETrust, IPA, AmChamCom "When you need it done right - first time" 2686 From: A Grudko Date: Thu Mar 8, 2001 6:53am Subject: Re: re: Accused FBI spy betrayed U.S. countermeasures ----- Original Message ----- > To counter it, randomly contoured glass was installed in sensitive > locations, with a device attached to create vibrations to greatly reduce, if > not counter completely, the capability of the laser to pick up sound. We've not tried the glass but have done the White Noise Transducer trick for clients and it works very well against Cony contact mikes - unfortunatly I don't have a Lazer Pick Off Device to test the efficiency against that threat, but if anything I'd expect direct contact to be more sensitive. Andy Grudko. D.P.M., Grad I.S, (S.A.) CEO - Grudko Wilson Associates (SA) (Pty) Ltd - Crime investigation & intelligence Johannesburg - Cape Town - Durban - Pretoria - UK - US - Canada - Australia - Israel - Bosnia. Agents in 41 countries - www.grudko.com - (+27 11) 465 9673 - 465 1487 (Fax) - Est. 1981 GIN (Charter), SACI (Pres), WAD, CALI, SASFed, SASA, SAMLF, SCIP (SA Chairman), UKPIN, AFIO (OS), IWWA, PRETrust, IPA, AmChamCom "When you need it done right - first time" 2687 From: A Grudko Date: Thu Mar 8, 2001 1:27pm Subject: Re: Need help identifying signal ----- Original Message ----- > >4.405-4.430MHz USB http://www.geocities.com/b_herbert_91321/hf.wav > >4.775-4.800MHz USB http://www.geocities.com/b_herbert_91321/hf2.wav IMHO Lots of weird sounding stuff on LW/MW/HF, any of which could be some kind of bug but 99.9999999% probably isn't. Businesses and governments have devised millions of signals that might mean nothing to anyone but one other person on the planet - even a dead person....see the 2000 version of the movie 'On the Beach'. I approached our US Embassy ham in the early 80's about obvious 5 letter code groups being sent on HF. OK guys these were my early days in the business - gimme a break. He smiled understandingly and I ignored them. Both signals sound (by ear only) too analogue (i.e. you can descern the AF frequency changes) to be digital and too constant to be any exotic type of analogue modulation. I'd rate it really low as a TSCM source but I could be wrong and if in doubt I'd, attenuate and look for a local source. No local source to the area under inspection, no threat. Here on the other side of the planet 4.4 - 4.43 megs, no signal noticable (21h00 local for you skip experts) 4.777 to 4.8 nothing except a strong AM modern music + hourly news channel from Lesotho - Africa - (with Coke ads!) on exactly 4.800. If I was a bugger I'd move up a few hundred Megs - excepting mains inducted audio. Andy Grudko. D.P.M., Grad I.S, (S.A.) CEO - Grudko Wilson Associates (SA) (Pty) Ltd - Crime investigation & intelligence Johannesburg - Cape Town - Durban - Pretoria - UK - US - Canada - Australia - Israel - Bosnia. Agents in 41 countries - www.grudko.com - (+27 11) 465 9673 - 465 1487 (Fax) - Est. 1981 GIN (Charter), SACI (Pres), WAD, CALI, SASFed, SASA, SAMLF, SCIP (SA Chairman), UKPIN, AFIO (OS), IWWA, PRETrust, IPA, AmChamCom "When you need it done right - first time" 2688 From: Jay Coote Date: Thu Mar 8, 2001 2:48pm Subject: Re: TCSM Instrument Airline Baggage Insurance I wonder if it might be better to have the equipment shipped separately to a "safe" recipient prior to the assignment? Fewer problems with customs and minimum-wage security persons in your equipment. A friend told me about his airport experience (LAX) when a person "with attitude" opened his case upside-down allowing a TSCM receiver to fall out (about a 1-meter drop). Jay Coote Los Angeles ---------- Dear Collegues. Does anyone have suggestions on how to insure ones TSCM equipment that is checked in as airline luggage. Of course the few dollars per pound (or Euros per kilo) are ridiculously below the equipment's true value. Your Italian Connection Paul Sfriso Director GRUPPO S.I.T. Security, Investigations & Tecnology Quarto d'Altino, Venice ITALY phone +39 0422 828517 fax +39 0422 823224 24hr GSM cellphone +39 335 5257308 paulsfriso@t... www.grupposit.com [Non-text portions of this message have been removed] ======================================================== TSCM-L Technical Security Mailing List "In a multitude of counselors there is strength" To subscribe to the TSCM-L mailing list visit: http://www.onelist.com/community/TSCM-L or email your subscription request to: subTSCM-L@t... =================================================== TSKS Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 2689 From: Miguel Puchol Date: Thu Mar 8, 2001 6:14pm Subject: RE: TCSM Instrument Airline Baggage Insurance Jay, > A friend told me about his airport experience (LAX) when a > person "with attitude" opened his case upside-down allowing > a TSCM receiver to fall out (about a 1-meter drop). Ahh, that ol' sinking feeling!! This is where Pelican cases come in handy, strong to handle your average airport baggage handler, and with locking holes, just in case. I recommend these cases for lugging fragile stuff around airports. Cheers, Mike 2690 From: James M. Atkinson, Comm-Eng Date: Fri Mar 9, 2001 1:43am Subject: Bootleg now banned from this news group I regret to inform this list that effective 2:20 AM on 3/9/01 Mike Keketic (AKA: bootleg@p... ) is now banned from this news group. As the list moderator I felt that he was posting ads for items which not at all appropriate, and felt that he was insinuating they could be used for inappropriate purposes (which I will not tolerate). Also, after reviewing his previous posts to the list I felt that the was being disruptive and that there were obviously some issues he was exploring that were not in line with the stated goals of this list. He has since attempted several times to post a long raving diatribe laced with direct and indirect threats and as a result I have no choice except to ban him from the list.. I apologize to the list membership for any problems or annoyance this may have caused, but it should now be resolved. Case closed, -jma -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2691 From: Robert G. Ferrell Date: Fri Mar 9, 2001 8:22am Subject: ATM exploits Greetings all, Here's an interesting description of an exploit for ATMs that seemed to me to have some bearing on TSCM, inasmuch as it involves an interception (man-in-the-middle attack) of electronic communications. The little anecdote at the end is amusing, as well. Cheers, RGF Robert G. Ferrell, CISSP Information Systems Security Officer National Business Center U. S. Dept. of the Interior Robert_G_Ferrell@n... ======================================== Who goeth without humor goeth unarmed. ======================================== =============================================== Posted to the VULN-DEV list at Security Focus by Jerry Carrell The ATM network I worked for did suffer significant losses to wire-taps. The thief would select an ATM in a strip mall because the telephone junction box was usually unprotected on the back of the building near a telephone pole with a tell-tale large metal conduit. The thief (we believe) would back a van to the junction box. Using a device from Radio Shack he could easily identify the digital signals of the data line. He used one or two PCs in the back of the van to (a) respond to the polls from the host so the network did not sense a problem (except possibly a brief interruption when he switched to the PC) and (b) talk to the ATM. The PC program that serviced the ATM was sophisticated in some ways ... for example, it changed the "welcome" screen to "out of service" so customers would not attempt to use the ATM. However, it didn't handle error conditions which prevented him from cleaning out an ATM in several cases. There were many other changes to the ATM configuration but basically, he requested a withdrawal and the PC approved the transaction. The total loss was never announced but I'm sure it was well over $100,000 because a couple of dozen ATMs were hit. The investigation was turned over to the Secret Service. So far as I know, no one was charged but one rumor around the office was they knew who did it but had no proof. That network installed MAC boards in all their ATMs and is no longer vulnerable to that form of attack. That was about ten years ago and I don't know what security features are used in current ATMs. I still see some ATMs from that era in use and some of them may be vulnerable. This is off-topic but my favorite "security" story from the banking industry is low tech: The thief got a rent-a-cop uniform and a wicker basket. He painted a sign that said "Out of service. Please use basket". After hours he went to the night depository at a bank, set the basket on the floor, taped the sign to the wall and stood there looking official. Supposedly, many people left their deposits and no one called the police. Told to me by a tech from the company that makes most night depositories (and ATMs, for that matter). If its true, the thief deserves the money for sheer chutzpah. :=) =============================================== [Non-text portions of this message have been removed] 2692 From: James M. Atkinson, Comm-Eng Date: Fri Mar 9, 2001 8:27am Subject: Walking on Water A pastor and two of his deacons are out on the river fishing in their rowboat. Twelve o'clock rolls around, and one of the deacons notices a nice spot on the bank to have lunch. He turns to the others and says, "That looks like a nice spot for lunch. What do you say we have lunch over there?" The other deacon agrees, and so does the pastor. The deacon stands up in the boat, steps out onto the river and walks over to the bank. The pastor looks on with amazement, and thinks to himself, if his deacon is holy enough to walk on water, surely he can. The other deacon stands up, picks up the picnic basket, steps out of the boat, and walks over to the bank and sits with the first deacon. Again, the pastor thinks, if his second deacon is holy enough to walk on water, surely he can. The pastor stands up, steps out of the boat, and falls right into the water. While he's splashing around the first deacon turns to the second and says, "Think we should have told him where the tree stumps are?" -jma -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2693 From: James M. Atkinson, Comm-Eng Date: Fri Mar 9, 2001 8:28am Subject: The Mime The Mime While attempting to earn some money as a street performer at the zoo, an out-of-work mime got an offer from the zookeeper. The zoo's most popular attraction, the gorilla, had suddenly died and the zookeeper wanted the mime to dress up like a gorilla to keep attendance up until another gorilla was found. The mime accepted the offer. The next morning, he suited up and entered the gorilla cage before the crowds arrived. He had a great time sleeping, playing, swinging on tires, and making fun of people, but eventually the crowds were tiring of his antics and started paying more attention to the lion in the next cage. The mime wanted the attention by this point, so he climbed to the top of his cage, crawled across a partition and dangled from the top of the lion's cage. The visitors loved it. At the end of the day, the zookeeper gave him a raise for keeping the crowds so entertained. This continued for several days, with the crowds growing larger all the time. But one day, the mime slipped and fell into the lion's cage. The lion prepared to pounce on the terrified man. The mime ran around the cage, yelling and screaming for help, but the lion was quick and pinned him to the ground. He looked up at the lion with fear showing through his gorilla mask, when the lion growled and said, "Shut up you idiot! Do you want to get us both fired?" -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2694 From: Doug Ellsworth Date: Fri Mar 9, 2001 10:40am Subject: Keyboard Signaling Hi Group, Some questions of curiosity interest: Many of us are visually inspecting computer keyboards and connections inside CPU cases. Just how is standard input conveyed along a keyboard cable? What type of signaling? Is there a unique standard for each of the various hardware platforms? I hope this is of enough interest to the list to generate a spirited discussion... or maybe I'm the only one interested? Happy days, Doug Douglas Ellsworth Secure Communications Corp., Inc. Automated Audit Management for Commerce from PRC, Inc. do5ug@r... 11th & Jones Street PO Box 3622 Omaha, Nebraska 68103 402.578.7709 [Non-text portions of this message have been removed] 2695 From: Steve Uhrig Date: Fri Mar 9, 2001 1:13pm Subject: Re: Keyboard Signaling > Many of us are visually inspecting computer keyboards and > connections inside CPU cases. Just how is standard input > conveyed along a keyboard cable? What type of signaling? Is > there a unique standard for each of the various hardware > platforms? In a general sense, the keyboard generates the data and sends it to the CPU. The data virtually always is pure ASC. Older IBM mainframes used a code called EBCDIC which is probably obsolete now. There is a character generator ROM (Read Only Memory) in the keyboard. This memory has the different characters stored in different locations in a memory chip. The ROM anymore probably is part of the CPU chip inside the keyboard controlling keyboard operations. The keyboard is a matrix, like a big Tic Tac Toe board. When you press a certain key, that closes a switch for a row and a column. The intersection of a row location and a column location is unique to each key. That matrix location is mapped to a particular unique memory address in the character generator ROM. The character (number, letter, punctuation mark etc.) stored in that location is then transmitted to the CPU. The matrix actually is scanned at a relatively fast speed. When you press a key on the keyboard, you in reality are holding it for a finite period of time until the scanner happens to interrogate that particular address in the matrix to see if there is a key press signal. If so, it creates an interrupt to the CPU in the keyboard and grabs and transmits the character to the system CPU as described. When you hold a key down, you trip another timing circuit to repeat the keypress. xxxxxxxxxxxxxxxxxx. Both the matrix scan rate and the repeat rate used to be simple RC timing circuits. Anymore they may be digitally derived. Once some years ago when I was building a keyboard, I got the capacitors mixed up between the scan and the repeat circuitry. The keyboard was being scanned only a few times a second, and the repeat rate was like 10 kilocycles. Not cool. Modern keyboards have their own processor, clock, crystal, etc. Data from the keyboard to the system CPU is sent serially over the single wire (you type one letter at a time, so you generate serial data which is sent a character at a time to the computer). Other lines in the cable are data back from the system to the keyboard for the different lights on the keyboard and power for everything. Hope this helps some. Steve ******************************************************************* Steve Uhrig, SWS Security, Maryland (USA) Mfrs of electronic surveillance equip mailto:Steve@s... website http://www.swssec.com tel +1+410-879-4035, fax +1+410-836-1190 "In God we trust, all others we monitor" ******************************************************************* 2696 From: Mike F Date: Fri Mar 9, 2001 3:03pm Subject: more from scout report Spam Mimic http://www.spammimic.com/ Here is a neat tool for the paranoid or clandestine-minded user. While there are several quality encryption tools available, encrypted email is easily recognized as such. This tool encodes your message as innocent-appearing spam, which many believe the government-run Echelon and Carnivore email reading systems ignore. At present, the site is more of a diversion than an every day tool, as users can only encode and decode short messages through the interface at the site. Still, it's pretty nifty, and a plug-in may be developed in the future. [MD] Later 4,Mike Fiorentino Master Links 4 Master Investigators http://ml4mi.com "CONFIDENTIALITY WARNING" <==== BE AWARE I AM AS SERIOUS AS A HEART ATTACK ABOUT THE WARNING BELOW!!!!!!!!!!!!!! This electronic message contains information which may be privileged and/or confidential. The information is intended for use only by theindividual(s)or entity named/indicated above. If you are not the identified/intended recipient, be aware that any disclosure, copying, distribution, or use of the contents of thismessage/information is prohibited. If you are not the indicated recipientor havereceived this message in error contact our offices immediately for instructions." 2697 From: James M. Atkinson, Comm-Eng Date: Fri Mar 9, 2001 6:30pm Subject: The News with Brian Williams For what it is worth I am scheduled to be on MSNBC this evening at 9 PM (EST) talking with Pat Dawson on "The News with Brian Williams". The chat may get bumped at the last minute so I apologize in advance if it gets dropped. Nothing major, just some background on an analysis project I performed. -jma -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2698 From: Al Arango Date: Thu Mar 8, 2001 6:33pm Subject: Large Criminal Hacker Attack on Windows NT E-Banking and E-Commerce Sites I thought this might be interesting for the group >Large Criminal Hacker Attack on Windows NT E-Banking and E-Commerce Sites > >3:00 PM EST, Thursday, March 8, 2001 > >In the largest criminal Internet attack to date, a group of Eastern >European hackers has spent a year systematically exploiting known >Windows NT vulnerabilities to steal customer data. More than a million >credit cards have been taken and more than 40 sites have been >victimized. > >The FBI and Secret Service are taking the unprecedented step of >releasing detailed forensic information from ongoing investigations >because of the importance of the attacks. > >The information was released to the SANS community a short time before >it was made available to the general public so that you can be sure your >systems are safe. > >Within a day or two, the Center for Internet Security will release a >small tool that you can use to check your systems for the >vulnerabilities and also to look for files the FBI has found present on >many compromised systems - indicating your system may have already been >compromised by the attacker group. > >The Center's tools are normally available only to members, but because >of the importance of this problem, the Center agreed to make the new >tool, built for the Center by Steve Gibson of Gibson Research) available >to all who need it. Center members have already received an invitation >to the conference call this afternoon to get more data on the attack. >If your organization is not a member, we encourage you to join in this >important initiative to fight back against computer crime. See >www.cisecurity.org for a list of members and how to join. > > >Alan >Alan Paller >Director of Research >The SANS Institute > > >Here's the data available so far. > >Over the past several months, the National Infrastructure Protection >Center (NIPC) has been coordinating investigations into a series of >organized hacker activities specifically targeting U.S. computer systems >associated with e-commerce or e- banking. Despite previous advisories, >many computer owners have not patched their systems, allowing these >kinds of attacks to continue, and prompting this updated release of >information. > >More than 40 victims located in 20 states have been identified and >notified in ongoing investigations in 14 Federal Bureau of Investigation >Field Offices and 7 United States Secret Service Field Offices. These >investigations have been closely coordinated with foreign law >enforcement authorities, and the private sector. Specially trained >prosecutors in the Computer and Telecommunication Coordinator program >in U.S. Attorneys' Offices in a variety of districts have participated >in the investigation, with the assistance of attorneys in the Computer >Crime and Intellectual Property Section at the Department of Justice. > >The investigations have disclosed several organized hacker groups from >Eastern Europe, specifically Russia and the Ukraine, that have >penetrated U.S. e-commerce computer systems by exploiting >vulnerabilities in unpatched Microsoft Windows NT operating systems. >These vulnerabilities were originally reported and addressed in >Microsoft Security Bulletins MS98-004 (re-released in MS99-025), >MS00-014, and MS00-008. As early as 1998, Microsoft discovered these >vulnerabilities and developed and publicized patches to fix them. >Computer users can download these patches from Microsoft for free. > >Once the hackers gain access, they download proprietary information, >customer databases, and credit card information. The hackers >subsequently contact the victim company through facsimile, email, or >telephone. After notifying the company of the intrusion and theft of >information, the hackers make a veiled extortion threat by offering >Internet security services to patch the system against other hackers. >They tell the victim that without their services, they cannot guarantee >that other hackers will not access the network and post the credit card >information and details about the compromise on the Internet. If the >victim company is not cooperative in making payments or hiring the group >for their security services, the hackers' correspondence with the victim >company has become more threatening. Investigators also believe that >in some instances the credit card information is being sold to organized >crime groups. There has been evidence that the stolen information is >at risk whether or not the victim cooperates with the demands of the >intruders. To date, more than one million credit card numbers have been >stolen. > >The NIPC has issued an updated Advisory 01-003 at www.nipc.gov regarding >these vulnerabilities being exploited. The update includes specific >file names that may indicate whether a system has been compromised. If >these files are located on your computer system, the NIPC Watch in >Washington D.C. should be contacted at (202) 323-3204/3205/3206. >Incidents may also be reported online at www.nipc.gov/incident/cirr.htm. >For detailed information on the vulnerabilities that are being >exploited, please refer to the NIPC Advisory 00-60, and NIPC Advisory >01- 003. > > >NIPC ADVISORY 01-003 > >This advisory is an update to the NIPC Advisory 00-060, "E- Commerce >Vulnerabilities", dated December 1, 2000. Since the advisory was >published, the FBI has continued to observe hacker activity targeting >victims associated with e-commerce or e- finance/banking businesses. >In many cases, the hacker activity had been ongoing for several months >before the victim became aware of the intrusion. The NIPC emphasizes >the recommendation that all computer network systems administrators >check relevant systems and consider applying the updated patches as >necessary, especially for systems related to e-commerce or e- >banking/financial businesses. The patches are available on Microsoft=s >web site, and users should refer to the URLs listed below. > >The following vulnerabilities have been previously reported: > >Unauthorized Access to IIS Servers through Open Database >Connectivity (ODBC) Data Access with Remote Data Service (RDS): >Systems Affected: Windows NT running IIS with RDS enabled. >Details: Microsoft Security Bulletin MS99-025, NIPC CyberNotes >99-22 > >http://www.microsoft.com/technet/security/bulletin/ms99-025.asp >http://www.nipc.gov/warnings/advisories/1999/99-027.htm, >http://www.nipc.gov/cybernotes/cybernotes.htm > >Summary: Allows unauthorized users to execute shell commands on the >IIS system as a privileged use; Allows unauthorized access to secured, >non-published files on the IIS system; On a multi-homed >Internet-connected IIS systems, using Microsoft Data Access Components >(MDAC), allows unauthorized users to tunnel Structured Query Language >(SQL) and other ODBC data requests through the public connection to a >private back-end network. > >SQL Query Abuse Vulnerability >Affected Software Versions: Microsoft SQL Server Version 7.0 and >Microsoft Data Engine (MSDE) 1.0 >Details: Microsoft Security Bulletin MS00-14, NIPC CyberNotes >20-05 > >http://www.microsoft.com/technet/security/bulletin/ms00-014.asp >http://www.nipc.gov/cybernotes/cybernotes.htm > >Summary: The vulnerability could allow the remote author of a malicious >SQL query to take unauthorized actions on a SQL Server or MSDE database. > >Registry Permissions Vulnerability >Systems Affected: Windows NT 4.0 Workstation, Windows NT 4.0 Server >Details: Microsoft Security Bulletin MS00-008, NIPC CyberNotes >20-08 and 20-22 > > >http://www.microsoft.com/technet/security/bulletin/ms00-008.asp >http://www.nipc.gov/cybernotes/cybernotes.htm >Summary: Users can modify certain registry keys such that: >a malicious user could specify code to launch at system crash >a malicious user could specify code to launch at next login >an unprivileged user could disable security measures > >Web Server File Request Parsing > >While they have not been shown to be a vector for the current attacks, >Microsoft has advised us that the vulnerabilities addressed by Microsoft >bulletin MS00-086 are very serious, and we encourage web site operators >to consider applying the patch provided with this bulletin as well as >the three that are under active exploitation. > >http://www.microsoft.com/technet/security/bulletin/ms00-014.asp >http://www.nipc.gov/cybernotes/cybernotes.htm > >Summary: The vulnerability could allow a malicious user to run >system commands on a web server. > >New Information: In addition to the above exploits, several filenames >have been identified in connection with the intrusions, specific to >Microsoft Windows NT systems. The presence of any of these files on >your system should be reviewed carefully because they may indicate that >your system has been compromised: >ntalert.exe >sysloged.exe >tapi.exe >20.exe >21.exe >25.exe >80.exe >139.exe >1433.exe >1520.exe >26405.exe >i.exe > >In addition, system administrators may want to check for the >unauthorized presence of any of the following executable files, which >are often used as hacking tools: >lomscan.exe >mslom.exe >lsaprivs.exe >pwdump.exe >serv.exe >smmsniff.exe > >Recipients of this Advisory are encouraged to report computer crime to >the NIPC Watch at (202) 323-3204/3205/3206. Incidents may also be >reported online at www.nipc.gov/incident/cirr.htm. 2699 From: Craig Snedden Date: Fri Mar 9, 2001 3:07am Subject: Re: Bootleg now banned from this news group I've personally no strong feelings re "Bootleg", but it's somewhat comforting to be in a group that has a moderator that actually moderates. Too many groups have degenerated into "spam" targets, with the "participants" abusing each other with no brain one liners. Well done. ----- Original Message ----- From: "James M. Atkinson, Comm-Eng" To: "TSCM-L Mailing List" Sent: Friday, March 09, 2001 7:43 AM Subject: [TSCM-L] Bootleg now banned from this news group > > I regret to inform this list that effective 2:20 AM on 3/9/01 Mike > Keketic (AKA: bootleg@p... ) is now banned from this news > group. > > As the list moderator I felt that he was posting ads for items which > not at all appropriate, and felt that he was insinuating they could > be used for inappropriate purposes (which I will not tolerate). > Also, after reviewing his previous posts to the list I felt that the > was being disruptive and that there were obviously some issues he was > exploring that were not in line with the stated goals of this list. > > He has since attempted several times to post a long raving diatribe > laced with direct and indirect threats and as a result I have no > choice except to ban him from the list.. > > I apologize to the list membership for any problems or annoyance this > may have caused, but it should now be resolved. > > Case closed, > > -jma > -- > > ======================================================================= > Sed quis custodiet ipsos Custodes? > "In a time of universal deceit, telling the > truth is a revolutionary act" - George Orwell > ======================================================================= > James M. Atkinson Phone: (978) 546-3803 > Granite Island Group Fax: (978) 546-9467 > 127 Eastern Avenue #291 http://www.tscm.com/ > Gloucester, MA 01931-8008 jmatk@t... > ======================================================================= > The First, The Largest, The Most Popular, and The Most Complete TSCM, > Technical Security, and Counterintelligence Site on the Internet. > ======================================================================= > > > > ======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.onelist.com/community/TSCM-L > > or email your subscription request to: > subTSCM-L@t... > =================================================== TSKS > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ The data contained herein is confidential. Unauthorised dissemination of the contents of this e-mail may be in breach of Criminal and Civil law and may lead to prosecution. 2700 From: Steve Uhrig Date: Fri Mar 9, 2001 8:46pm Subject: Pictures of moderator For those who caught the piece on MSNBC, or for those who didn't, I have pictures of Jim Atkinson for sale. Email for info. Steve ******************************************************************* Steve Uhrig, SWS Security, Maryland (USA) Mfrs of electronic surveillance equip mailto:Steve@s... website http://www.swssec.com tel +1+410-879-4035, fax +1+410-836-1190 "In God we trust, all others we monitor" ******************************************************************* 2701 From: James M. Atkinson, Comm-Eng Date: Fri Mar 9, 2001 9:02pm Subject: Re: Pictures of moderator At 9:46 PM -0500 3/9/01, Steve Uhrig wrote: >For those who caught the piece on MSNBC, or for those who >didn't, I have pictures of Jim Atkinson for sale. > >Email for info. > >Steve Nude pictures? Bastards we are, -jma -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. =======================================================================