From: A Grudko <agrudko@i...> 
Date: Fri Mar 9, 2001 3:14pm
Subject: Mains audio
  
Sorry guys, this is a long one - you might want to scroll to the end to see
if the premise and request are of interest.


During a sweep today my CPM-700 demodulated a very feint audio signal - just
above the noise floor - when plugged into either of two adjacent wall
sockets (nominal 220v, 50 Hz give or take 10%) in a corporate Board Room.
Adjacent sockets are supposed to be on different phases because of load
sharing but are frequently not, because of lazy electricians. These are in
parallel.

At first it sounded like a woman speaking to a man - unfortunately not in a
language I understood (we have 11 official languages in SA). The woman was
slightly more audible because of frequency not amplitude.

I called the client to listen in case the voices could be identified, but
the signal was too weak for identification by an untuned ear. It's possible
that the voices were followed by music, implying a commercial station, but
not clear enough to confirm.


Situation is:

Client's premises have been swept almost every month for the past 3 - 4
years.

The same CPM-700 was used at each sweep.

These sockets were tested on every occasion with no signal being detected.

Client insists that no changes were made to power cabling in the Board Room
since the last sweep but cannot be sure of other parts of the building.

Requested changes had been made to the 'phone system, so Telco technicians
have been on the premises.

The client rents the whole building, which is fed from a 3 phase power
distribution board in the basement, which was searched and found to be
uncompromised with no detectable hostile audio or RF present (some
modulation is expected for non-hostile control functions and occasional
communication).

All other locatable power sockets in the building was checked and found
clean.

The 3 phase transformer feeding the street block could not be checked.

No cordless 'phone, wireless LAN, mains-modulation intercom/speaker or
similar equipment is used in the building, but we cannot speak for the
neighbours.

3 voice lines are actually permanent GSM cellular links.

No equipment was plugged into the 2 sockets but a full search of equipment
on the phase was impractical (we would have had to shut down the office for
2 days - if client OKs we'll go back and 'plug and play' every electrical
item whilst monitoring the 2 sockets.

Both sockets were opened and no foreign devices or curled wires were found
(coiling wire to give 'stretch' like a 'phone cord can easily and
unintentionally create a crude LC <inductance/capacitance> tuned circuit).

A second scan was carried out with a Scanlock and Audiotronics (UK) LF
converter with the antenna parallel to the conduiting at surface level, so
about 3" (75mm) from the cable. No signal was heard*.

General RF level is medium for a suburban business park but with constant
growth in 900 Meg GSM cellular use to the point of RF flooding.

The client is involved in major mergers and acquisitions, inevitably with
political implications.

This client has been illegally 'phone tapped on 3 known previous occasions
(spies caught, equipment confiscated and their client identified).

Security in the building is minimal, with access to the power and telco
rooms guarded by 2 lever locks. Manual 'honour system' access control, no
CCTV, limited alarm coverage (one floor of 4.....cutting costs!).


So, to the point of my long post:

For the past 3 years my long suffering partner has been receiving 'skills
transfer' (Yes - I want him to eventually do all the work and send me money
for the privilege as I get fat and old... ;-) ).

This 'find' is another chance to give him a few other peoples' opinions on a
common enigma that faces TSCMers.

To plagiarise the Chrysler ad. (I think it's OK 'cos my wife drives
one).....'WHAT THE ?'.

My thoughts:

1) Something added to the mains circuit may have 'tuned' it to a radio
station (usually AM, medium wave, minus many db slope detection on the
CPM-700?).
2) Something added to the RF environment may have mixed to produce a
harmonic which the old circuit now 'receives'.
3) * From above. I feel the signal containing audio was received rather than
transmitted, therefore is non-hostile.

Am I right - am I wrong - have we missed something - is there something else
we should do? (short of demolishing the building; which is outside our
budget by about 2 000%, like a government project.).


Andy Grudko. D.P.M., Grad I.S, (S.A.)
CEO - Grudko Wilson Associates (SA) (Pty) Ltd - Crime investigation &
intelligence
Johannesburg - Cape Town - Durban - Pretoria - UK - US - Canada -
Australia - Israel - Bosnia. Agents in 41 countries - www.grudko.com - (+27
11) 465 9673 - 465 1487 (Fax) - Est. 1981
GIN (Charter), SACI (Pres), WAD, CALI, SASFed, SASA, SAMLF, SCIP (Past SA
Chairman), UKPIN, AFIO (OS), IWWA, PRETrust, IPA, AmChamCom
"When you need it done right - first time"
2703

From: Miguel Puchol <mpuchol@w...> 
Date: Sat Mar 10, 2001 6:04am
Subject: RE: Mains audio
  
Andy,

Have you checked the local radio stations & TV repeaters? We had a case
here, where a local radio station raised it's TX power without permission,
and this caused major havoc at a nearby trunked repeater station, noise,
interference, etc.
The cause was traced back to the station, heavy fine, all back to normal.

Maybe a new station has been setup, legal or pirate, or a TV repeater added
around the client's building - just a thought.

Good luck,

Mike

> -----Mensaje original-----
> De: A Grudko [mailto:agrudko@i...]
> Enviado el: viernes, 09 de marzo de 2001 22:14
> Para: TSCM-L Mailing List '
> CC: Dave Wilson
> Asunto: [TSCM-L] Mains audio
>
>
> Sorry guys, this is a long one - you might want to scroll to the
> end to see
> if the premise and request are of interest.
>
>
> During a sweep today my CPM-700 demodulated a very feint audio
> signal - just
> above the noise floor - when plugged into either of two adjacent wall
> sockets (nominal 220v, 50 Hz give or take 10%) in a corporate Board Room.
> Adjacent sockets are supposed to be on different phases because of load
> sharing but are frequently not, because of lazy electricians. These are in
> parallel.

<SNIP>
2704

From: Charles P <charles@t...> 
Date: Sat Mar 10, 2001 11:23am
Subject: Re: Mains audio
  
>
> 1) Something added to the mains circuit may have 'tuned' it to a radio
> station (usually AM, medium wave, minus many db slope detection on the
> CPM-700?).
> 2) Something added to the RF environment may have mixed to produce a
> harmonic which the old circuit now 'receives'.
> 3) * From above. I feel the signal containing audio was received rather
than
> transmitted, therefore is non-hostile.
>
> Am I right - am I wrong - have we missed something - is there something
else
> we should do? (short of demolishing the building; which is outside our
> budget by about 2 000%, like a government project.).
>
>

I would most likely suspect a combination of number 1 and 2, since there are
so many uncontrollable factors with radio or shortwave stations,
propagation, power feed lines, etc.
It would be fun to watch them demolish the building though.

charles
2705

From: <patedwards@w...> 
Date: Sat Mar 10, 2001 11:58am
Subject: ZDNet UK News: Surveillance
  
HAVE A GREAT DAY !!!














----------

http://www.zdnet.co.uk/news/specials/1999/09/surveillance/


[Non-text portions of this message have been removed]
2706

From: James M. Atkinson, Comm-Eng <jmatk@t...> 
Date: Sat Mar 10, 2001 0:36pm
Subject: Temptation for Surveillance on Rise
  
Temptation for Surveillance on Rise

http://www.latimes.com/business/cutting/techwr/20010310/tCB00V0795.html

By ANICK JESDANUN, AP Internet Writer

CAMBRIDGE, Mass.--What if your cable TV converter box can report to
marketers the movies, sports and steamy adult shows you like to watch?

What if a portable device that measures how far you've run or walked
can phone a Web site about your fitness level, and perhaps suggest exercise
products for purchase?

What if any time you visit an airport or attend a sporting event, you
must walk past video cameras that can analyze your face and instantly
identify you to authorities?

Some of these scenarios are already possible and even happening.
Privacy advocates and civil libertarians say the technology is getting so
good and cheap that we could be entering an era of surveillance everywhere,
privacy nowhere.

Privacy erosion on the Internet over the past year offers just a
preview. As gadgets beyond the desktop become a part of our everyday lives,
the temptation increases for governments and businesses to use them for
surveillance.

"'1984' was simply a bit premature in estimating when technology would
be online," said Barry Steinhardt, associate director of the American Civil
Liberties Union. "This may not be as oppressive as what George Orwell had in
mind, but nevertheless, it will be very much still a surveillance society."

Orwell wrote, back in 1940s, of a futuristic totalitarian society in
1984 where citizens are under the round-the-clock surveillance.

Big Brother technology was a main topic this past week at the 11th
annual Computers, Freedom and Privacy conference, a gathering of academics,
technologists and policymakers.

As it happened, this year's conference was held just a few blocks from
the Massachusetts Institute of Technology, where the basics of facial
character recognition, a branch of biometrics, were developed.

Unlike the video security cameras at banks and convenience stores that
merely record, biometrics seek to identify.

The technology has been used for years in casinos to catch cheaters. It
got widespread attention during January's Super Bowl in Tampa, Fla., when
law officers matched photos against a computerized police lineup of known
criminals.

Governments aren't the only spies, of course.

Other gadgets spy on behalf of marketers, warned Richard M. Smith,
chief technology officer for the Privacy Foundation.

"Technology is making it a lot cheaper to build these devices," Smith
said. "Five, 10 years from now, where is it going to be used?"

He held up for an audience a round, portable gadget that counts your
paces as you exercise. When you finish, you attach it to a larger cradle,
which plugs into a phone line. You then visit a Web site for your fitness
assessment and ads.

The gadget, he said, could have been designed to plug directly into a
personal computer -and not to report data to a Web site. But the trend among
vendors "is to try to get it on the Internet and get a poke at it."

And what about the emerging Bluetooth wireless standard, which promises
to let devices such as pens and headphones automatically connect to
networks?

"Are we going to walk into a room and have our pens start talking to
somebody?" Smith asked.

Smith also showed Web sites that promote services such as a wireless
Webcam to monitor children, and a camera that trucking companies can install
to record the minutes leading up to accidents, along with data such as brake
and turn signal use. He predicted lawyers would try to get such video to
show juries.

Even the fitness device can be used for surveillance, said Smith. His
daughter suggested their dog be outfitted with one so Smith can no longer
fib about walking the dog.

Meanwhile, companies are gaining the ability to track customers through
wireless devices.

Imagine being able to e-mail a coupon for coffee as someone walks by a
Starbucks. That will soon be possible using location identification that
wireless companies are deploying for emergency 911 calls.

And digital video recording technologies like TiVo and ReplayTV may one
day let marketers customize ads based on television viewers' habits and
preferences, warned David Burke, author of "Spy TV."

Digital video recorders now automatically call a central office to get
updated program guides. Privacy advocates fear they'll one day send back
data on households' viewing habits as well.

Privacy advocates are also worried about digital music devices, which
could be programmed to create profiles of listening tastes.

Whether marketers are actually using all of the capabilities today is
another matter, Smith acknowledged. He fears the potential for tomorrow.
Supporters of such technologies say the privacy fears are exaggerated,
unfounded or outweighed by public safety imperatives. The facial-recognition
cameras, for instance, are used to help to identify potential terrorists,
law enforcement officials argue.

Defending data collection by businesses, Jerry Cerasale of the Direct
Marketing Association, a trade group for telemarketers and database
companies, said the devices that collect marketing information do just
that -and no more.

The data collection occurs solely to help marketers customize
information and ads for the consumers' benefit, and companies know they risk
alienating customers if they trick them, Cerasale said.

"There is a misconception that if you are purchasing something
remotely, it might be used against you in some places like for approving
mortgages and insurance," he said in a phone interview. "That's not the
case."

But privacy advocates point out past attempts to link and share data.

The most widely cited case involves the advertising company
DoubleClick, which drew ire for plans to cross-reference its records of
consumers' online habits with a database that included names. Under
pressure, the company suspended the plans.

The FBI, meanwhile, has deployed a surveillance tool called Carnivore
to check e-mail going through a network service provider for messages meant
for a specific suspect. Critics say their tests show Carnivore can do much
more.

Some believe the U.S. Congress must pass legislation to protect
Americans' privacy.

At minimum, they say, the government should create a national data
protection office to advise agencies and businesses on new technologies.

Simson Garfinkel, author of "Database Nation: The Death of Privacy in
the 21st Century," said U.S. companies considering new products and new uses
for existing databases should have national guidelines to guide them.

"It's hard for a lot of companies to do the right thing," he said. "We
can make it easier for them."

- - -

On the Net:
Conference: http://cfp2001.org
Direct Marketing Association: http://www.the-dma.org
American Civil Liberties Union: http://www.aclu.org
Privacy Foundation: http://privacyfoundation.org

-- 

=======================================================================
Sed quis custodiet ipsos Custodes?
"In a time of universal deceit, telling the
truth is a revolutionary act" - George Orwell
=======================================================================
James M. Atkinson Phone: (978) 546-3803
Granite Island Group Fax: (978) 546-9467
127 Eastern Avenue #291 http://www.tscm.com/
Gloucester, MA 01931-8008 jmatk@t...
=======================================================================
The First, The Largest, The Most Popular, and The Most Complete TSCM,
Technical Security, and Counterintelligence Site on the Internet.
=======================================================================
2707

From: James M. Atkinson, Comm-Eng <jmatk@t...> 
Date: Sat Mar 10, 2001 1:00pm
Subject: Re: Mains audio
  
At 11:14 PM +0200 3/9/01, A Grudko wrote:
>Sorry guys, this is a long one - you might want to scroll to the end to see
>if the premise and request are of interest.
>
>
>During a sweep today my CPM-700 demodulated a very feint audio signal - just
>above the noise floor - when plugged into either of two adjacent wall
>sockets (nominal 220v, 50 Hz give or take 10%) in a corporate Board Room.
>Adjacent sockets are supposed to be on different phases because of load
>sharing but are frequently not, because of lazy electricians. These are in
>parallel.


How was the CPM-700 connected to the mains, and across which set of 
wires did the signal appear to be the strongest (Phases-Ground, 
Phase-Neutral, etc)

At what frequency did your search receiver pickup the signal, and 
where you able to ferret out the signal using your spectrum analyzer 
hooked up to the power mains.


>At first it sounded like a woman speaking to a man - unfortunately not in a
>language I understood (we have 11 official languages in SA). The woman was
>slightly more audible because of frequency not amplitude.


Are we talking about an AM or FM modulated signal here, or some other 
kind of modulation.

I would initially suspect you had a AM signal that was "drifting in and out".


>I called the client to listen in case the voices could be identified, but
>the signal was too weak for identification by an untuned ear. It's possible
>that the voices were followed by music, implying a commercial station, but
>not clear enough to confirm.
>


I would initially suspect a shortwave broadcast radio station that 
was being picked up by the building wiring. But always suspect the 
signal until you can absolutely prove that it is not hostile.



>Situation is:
>
>Client's premises have been swept almost every month for the past 3 - 4
>years.


Good, the more frequently you get into a building to do sweeps the 
less likely an eavesdropper will try to use a bug and will instead 
focus on other methods of espionage that would be able to caught 
using non-technical means.



>The same CPM-700 was used at each sweep.


Good, but was an Oscilloscope, Digital Voltmeter, Search Receiver, 
and Spectrum Analyzer used as well? (cough-cough)


>These sockets were tested on every occasion with no signal being detected.


Ah, but perhaps due to the time of day the propagation of the signals 
were favorable.


>Client insists that no changes were made to power cabling in the Board Room
>since the last sweep but cannot be sure of other parts of the building.
>
>Requested changes had been made to the 'phone system, so Telco technicians
>have been on the premises.


Unless you can see the signal on other phone or power wiring don't 
drift your focus away from the outlet in question.


>The client rents the whole building, which is fed from a 3 phase power
>distribution board in the basement, which was searched and found to be
>uncompromised with no detectable hostile audio or RF present (some
>modulation is expected for non-hostile control functions and occasional
>communication).
>
>All other locatable power sockets in the building was checked and found
>clean.


Ah, clean of what? Clean of that specific signal, clean of any 
similar signals, clean of energy below 500 kHz, clean of HF, clean of 
audio...?


>
>The 3 phase transformer feeding the street block could not be checked.
>
>No cordless 'phone, wireless LAN, mains-modulation intercom/speaker or
>similar equipment is used in the building, but we cannot speak for the
>neighbours.
>
>3 voice lines are actually permanent GSM cellular links.


Ah, GSM what? I take it your clients have completely lost their minds?

Your client can not achieve any level of security by using 
"permanent GSM cellular links" instead of hard wired lines (ditto 
with PCS, etc).

Yes, GSM will keep amateurs from listening in, but it will only annoy 
a professional eavesdropper and not actually prevent them from 
eavesdropping.



>No equipment was plugged into the 2 sockets but a full search of equipment
>on the phase was impractical (we would have had to shut down the office for
>2 days - if client OKs we'll go back and 'plug and play' every electrical
>item whilst monitoring the 2 sockets.


Oscilloscope tests should be helpful, but make sure your on the line 
at the exact time the signal (and weather conditions) as last time.


>Both sockets were opened and no foreign devices or curled wires were found
>(coiling wire to give 'stretch' like a 'phone cord can easily and
>unintentionally create a crude LC <inductance/capacitance> tuned circuit).


"Coils" are commonly missed when performing a conducted signals 
analysis so it's good you are checking for them.


>A second scan was carried out with a Scanlock and Audiotronics (UK) LF
>converter with the antenna parallel to the conduiting at surface level, so
>about 3" (75mm) from the cable. No signal was heard*.


The CPM-700 is a broadband diode detector, and the Scanlock folds the 
spectrum. neither is a spectrum analyzer, tuned receiver, or 
oscilloscope. Both are good for quick checks, but when you have more 
time on target use other laboratory grade test equipment.


>General RF level is medium for a suburban business park but with constant
>growth in 900 Meg GSM cellular use to the point of RF flooding.


Same problem here in the states with 1.8 GHz PCS band, seriously 
saturates the TSCM equipment. Same with pager stations, and analog 
cellular bands.

What is really becoming a problem in our area are the HDTV 
transmitter that are coming on line. The harmonics of the digitally 
modulated fundamental signals appear right in the middle of several 
"bug bands" and have cause more them a few minutes of excitement 
during a bug sweep.



>The client is involved in major mergers and acquisitions, inevitably with
>political implications.


Then your client should should be using should be using ISDN or 
T-carrier circuits with secure (high end) digital encryption 
equipment on both ends.


>This client has been illegally 'phone tapped on 3 known previous occasions
>(spies caught, equipment confiscated and their client identified).


Then it's good they are having sweeps done frequently, but even if 
bugs had not been previously found it is still prudent to have the 
sweeps performed on a regular basis.


> Security in the building is minimal, with access to the power and telco
>rooms guarded by 2 lever locks. Manual 'honour system' access control, no
>CCTV, limited alarm coverage (one floor of 4.....cutting costs!).


Ouch, Ouch, Ouch... you can not have an effective technical 
counter-intelligence function when the physical security is so poor.


>
>So, to the point of my long post:
>
>For the past 3 years my long suffering partner has been receiving 'skills
>transfer' (Yes - I want him to eventually do all the work and send me money
>for the privilege as I get fat and old... ;-) ).


Having him do all the work while you make all the money sounds like 
an interesting business model, let us know how (or if) it works out.


>This 'find' is another chance to give him a few other peoples' opinions on a
>common enigma that faces TSCMers.
>
>To plagiarise the Chrysler ad. (I think it's OK 'cos my wife drives
>one).....'WHAT THE ?'.
>
>My thoughts:
>
>1) Something added to the mains circuit may have 'tuned' it to a radio
>station (usually AM, medium wave, minus many db slope detection on the
>CPM-700?).


I would lean toward the building wiring picking up a broadcast from a 
shortwave radio station (which is why it is critical to use a 
spectrum analyzer to ferret out signals such as this).


>2) Something added to the RF environment may have mixed to produce a
>harmonic which the old circuit now 'receives'.


A non-linear junction could cause such mixing, but then so could any 
such strong RF signal nearby (hence the value of a good SA)


>3) * From above. I feel the signal containing audio was received rather than
>transmitted, therefore is non-hostile.


Partially correct, but do not discount it until you can absolutely 
prove otherwise.


>Am I right - am I wrong - have we missed something - is there something else
>we should do? (short of demolishing the building; which is outside our
>budget by about 2 000%, like a government project.).


Use a Spectrum Analyses and search receiver coupled into the power 
lines and carefully inspect EVERY conducted signal present. Examine 
every power outlet, every breaker box, every meter, every 
transformer, and every entry or appearance point.

Include all Power wiring, all telephone wires, all CCTV/CATV cables, 
all alarm lines, all utilities, and so on. If it is something that 
enters of leaves the area in question it must be considered a hostile 
signal path until proved otherwise.


-jma
-- 

=======================================================================
Sed quis custodiet ipsos Custodes?
"In a time of universal deceit, telling the
truth is a revolutionary act" - George Orwell
=======================================================================
James M. Atkinson Phone: (978) 546-3803
Granite Island Group Fax: (978) 546-9467
127 Eastern Avenue #291 http://www.tscm.com/
Gloucester, MA 01931-8008 jmatk@t...
=======================================================================
The First, The Largest, The Most Popular, and The Most Complete TSCM,
Technical Security, and Counterintelligence Site on the Internet.
=======================================================================
2708

From: <Quebec100@a...> 
Date: Sat Mar 10, 2001 11:27am
Subject: DAR broadband receivers?
  
Good afternoon everyone..

Still continuing research on TSCM equipment and ran across
'Southern Security'...speaks for itself pretty much from
the web site but thank you Steve Uhrig for the advice and
information. Everyday provides new insights..

Anyone have experience with the 'DAR-1 or DAR-3'? What are
they? Comparable to a CPM-700..? 

How does a CPM-700 compare to a Scanlock? 

Are all three so-called broadband receivers? I've seen the
CPM referenced in some posts, but rarely the scanlock.

Thanks ..Harry K.

P.S. Jim, missed your TV appearance..gonna wait for it
to come out on video though..
2709

From: <MACCFound@a...> 
Date: Sat Mar 10, 2001 7:07pm
Subject: FBI officials got Soviet embassy tunnel tours -Post
  
FBI officials got Soviet embassy tunnel tours -Post


WASHINGTON, March 10 (Reuters) - FBI officials were so proud of a secret 
tunnel built beneath the Russian Embassy for electronic surveillance during 
the final years of the Cold War that they offered tours to senior officials 
with top security clearances, the Washington Post reported on Sunday. 

Former FBI agent Robert Hanssen, arrested on Feb. 18 on charges of selling 
secrets to Moscow for 15 years, is suspected of having disclosed existence of 
the tunnel to his Soviet handlers. 

U.S. media first reported the existence of the tunnel earlier this month. 

The Post quoted current and former government officials as saying Hanssen's 
suspected report about the tunnel likely nullified the technological 
advantages the FBI could have gained from such close range access to the 
then-Soviet embassy. 

The Post quoted one former U.S. official who said he was offered a tour but 
declined the invitation because he is claustrophobic. 

He told the Post the tunnel was accessed from a residence near the Soviet -- 
now Russian -- compound on Mount Alto, a hilltop north of Washington's swanky 
Georgetown neighborhood and one of the highest sites in Washington. The 
former official said the government purchased the home and started digging 
the tunnel out of its basement. 

The paper quoted another former official as saying he had toured the 
passageway but declined to describe it, saying everything about it remains 
highly classified. 

One intelligence source with direct knowledge of the technology Hanssen 
allegedly compromised told the Post the Soviets used the FBI bugs and 
wiretaps to feed disinformation back to the U.S. government. 

"They were obviously feeding a very large quantity of data to us of apparent 
value but no real value," the paper quoted the source as saying. "It was a 
very delicate game that was played out over several years."
2710

From: A Grudko <agrudko@i...> 
Date: Sat Mar 10, 2001 4:35pm
Subject: One mains audio is another mains propigation...
  
Mains sweeping 101.

-- Original Message --
> How was the CPM-700 connected to the mains, and across which set of
> wires did the signal appear to be the strongest (Phases-Ground,
> Phase-Neutral, etc)

The CPM-700 mains modulation detector is a 2 pin, phase-phase ('live to
neutral') connection. I have not opened one up but assume it's based on a LF
torroid or ferrite coil with a resistive shunt (I used to build 'em with a
neon as the resistance and 'connected' indicator), inducting raw RF out - in
effect just decoupling the RF from the mains, but maybe the manufacturer
changes the turn ratio to suit the receiver, lowering the Q.

> At what frequency did your search receiver pickup the signal, and
> where you able to ferret out the signal using your spectrum analyzer
> hooked up to the power mains.

The CPM-700 does not indicate frequency and the signal was not detected by
my Scanlock or 7700. As
>
> Are we talking about an AM or FM modulated signal here, or some other
> kind of modulation.

As I only picked it up on the CPM-700, which does not have modulation
selection but seemes to compromse somehow between AM and FM (FM signals
being much more crisp), I can only say, going by WMED (What My Ear
Detected), that it sounded like AM.

Here in SA we only have a handfull of receivable AM (MW) stations during the
day.

> I would initially suspect you had a AM signal that was "drifting in and
out".

Agreed


> >The same CPM-700 was used at each sweep.
>
>
> Good, but was an Oscilloscope, Digital Voltmeter, Search Receiver,
> and Spectrum Analyzer used as well? (cough-cough)

2 out of 4, but again, see * below
>
>
> >These sockets were tested on every occasion with no signal being
detected.
>
>
> Ah, but perhaps due to the time of day the propagation of the signals
> were favorable.

Thank you - a point I had not considered although our sweeps have been
random.

Note to Dave...I missed something, grasshopper...:-)


> >Client insists that no changes were made to power cabling in the Board
Room
> >since the last sweep but cannot be sure of other parts of the building.
> >
> >Requested changes had been made to the 'phone system, so Telco
technicians
> >have been on the premises.
>
>
> Unless you can see the signal on other phone or power wiring don't
> drift your focus away from the outlet in question.

As the client's previous 3 surveillance events were illegal 'phone taps, my
thought was possably a link to the mains from the PABX (switchboard/cable
frame - we have to watch out for international lingo here) sourcing the
audio and carrying the 'music-on-hold' as a system charactoristic.

> >All other locatable power sockets in the building were checked and found
> >clean.

> Ah, clean of what? Clean of that specific signal, clean of any
> similar signals, clean of energy below 500 kHz, clean of HF, clean of
> audio...?

Hmm....jma can get picky - which is good if the client has the budget....see
the dreaded * below.

> >3 voice lines are actually permanent GSM cellular links.

> Ah, GSM what? I take it your clients have completely lost their minds?
>
> Your client can not achieve any level of security by using
> "permanent GSM cellular links" instead of hard wired lines (ditto
> with PCS, etc).
>
> Yes, GSM will keep amateurs from listening in, but it will only annoy
> a professional eavesdropper and not actually prevent them from
> eavesdropping.

They may have lost their TSCM minds but not their money minds. We saw a
cheque waiting a second signiture which was for 4 times my life goal....a
side issue.

We are in Africa. My friends in the UK or US can get a new land line 'phone
line the same day. We wait up to 3 months, so instant cellular connections
are very attractive. Only in the last year have our Telco made ISDN
readilly available.

> Oscilloscope tests should be helpful, but make sure your on the line
> at the exact time the signal (and weather conditions) as last time.

JMA - I can organise the time, but not the weather. You don't have a link to
god@b... do you?

> >A second scan was carried out with a Scanlock and Audiotronics (UK) LF
> >converter with the antenna parallel to the conduiting at surface level,
so
> >about 3" (75mm) from the cable. No signal was heard.

> Both are good for quick checks, but when you have more
> time on target use other laboratory grade test equipment.

Again, see * below.

> >The client is involved in major mergers and acquisitions, inevitably with
> >political implications.
>
>
> Then your client should should be using should be using ISDN or
> T-carrier circuits with secure (high end) digital encryption
> equipment on both ends.

I have ISDN, as do some of my clients, but I'm not familiar with the term
T-carrier. Please enlighten.

Problem with encription is as you say, both ends...I encript but do you....

But point taken.

> > Security in the building is minimal,

> Ouch, Ouch, Ouch... you can not have an effective technical
> counter-intelligence function when the physical security is so poor.

Yup - agreed and written in silicone Moses only had stone to work with). But
to get the clients to listen...

> >For the past 3 years my long suffering partner has been receiving 'skills
> >transfer' (Yes - I want him to eventually do all the work and send me
money
> >for the privilege as I get fat and old... ;-) ).

> Having him do all the work while you make all the money sounds like
> an interesting business model, let us know how (or if) it works out.

Not quite. He does a good job and hopefully we'll build a sound business and
both make money....but after 20 years I might get an extra stipend.

> >My thoughts:
> >
> >1) Something added to the mains circuit may have 'tuned' it to a radio
> >station (usually AM, medium wave, minus many db slope detection on the
> >CPM-700?).

> I would lean toward the building wiring picking up a broadcast from a
> shortwave radio station (which is why it is critical to use a
> spectrum analyzer to ferret out signals such as this).

Agreed


> >2) Something added to the RF environment may have mixed to produce a
> >harmonic which the old circuit now 'receives'.

> A non-linear junction could cause such mixing, but then so could any
> such strong RF signal nearby (hence the value of a good SA)

> >3) I feel the signal containing audio was received rather than
> >transmitted, therefore is non-hostile.

> Use a Spectrum Analyses and search receiver coupled into the power
> lines and carefully inspect EVERY conducted signal present. Examine
> every power outlet, every breaker box, every meter, every
> transformer, and every entry or appearance point.
> Include all Power wiring, all telephone wires, all CCTV/CATV cables,
> all alarm lines, all utilities, and so on

Back to the *s. This client is on a tightly negotiated monthly contract with
no room for additional work from our side.

So the report to client will be, we think everything is OK but there is what
looks like an innocent signal, but might not be and the only way to be sure
is a major tech and physical, search, probably maxing out the monthly budget
x 10.

If they don't pay, they won't know.

Andy
Jo'burg
2711

From: Bob Washburne <rcwash@c...> 
Date: Sun Mar 11, 2001 11:52am
Subject: Re: more from scout report (spammimic)
  
Mike F wrote:
> 
> Spam Mimic
> http://www.spammimic.com/
> 
> Here is a neat tool for the paranoid or clandestine-minded user.

<SNIP!>

I looked at this system a while back. While being clever and very
geeky, it has several major drawbacks:

-) The resulting pseudo-spam has too much of a signature. It could
easily be searched for by Echalon-esq sniffers. Note: Carnivore-esq
sniffers don't care. They grab everything to the targeted address, but
only that address.

-) The encryption is trivial. Once on the radar it wouldn't take our
friends at the NSA a day to crack it.

-) You can only use it through the web site. And I believe them when
they say that they aren't recording their site usage!


For something a bit more useable, perform a web search on
"steganographic" which is the art of hiding messages in the low order
bits of sound and image files.

Some systems, such as StegFS, create an actual file system which can be
mounted. Unfortuneatly, this can leave a signature so that the black
hats can tell when something is hidden in you file.

If I were to design a system, it would propably work something like
this:

1) Take the media file and randomly change each word within a range of
+/- 15. The low order bits of any recording are usually random anyway. 
This just guarentees a bit of chaos in the system without noticable
changing the quality of the recording.

2) Encrypt your plaintext so that it looks like random bits.

3) Split the cyphertext up and place it in the two low order bits of
each word of the media file.

As long as your encryption scheme doesn't leave a signature, you have
plausible deniability. Also, most steganographic systems use at least
four bits. With my system you have scrambled four bits, but only used
two thus confusing any attempt to find seganographic signatures.

Of course, all of this works best if you keep "under the radar". If
youv'e done something to get authorities interested in you, then you
will probably get caught. Once it's been determined that you are
sending secret messages, then the taps and bugs will be brought in and a
case built without the need of breaking your encryption.

Enjoy,

Bob Washburne
2712

From: James M. Atkinson, Comm-Eng <jmatk@t...> 
Date: Mon Mar 12, 2001 6:29am
Subject: FBI top brass had tours of spy tunnel
  
FBI top brass had tours of spy tunnel

http://www.thetimes.co.uk/article/0,,3-97537,00.html

FROM DAMIAN WHITWORTH IN WASHINGTON

THE FBI was so pleased with itself when it built a tunnel under the Soviet
Embassy that it ran guided tours for senior officials to show off its
electronic surveillance operation.
As the visitors stooped and shuffled through the dirt to examine how
listening devices were deployed, even the hardiest Cold War veterans may
have shivered at the thrill of it all. Up above, enemy agents, perfectly
aware of what was going on, perhaps allowed themselves a smile as they went
about the business of ensuring that none of the information the devices
detected was of the least use to the United States.

After the arrest last month of Robert Hanssen, a senior FBI official charged
with spying for the Soviet Union and then Russia for 15 years, the existence
of the tunnel was revealed along with the FBI’s allegation that Hanssen had
told Moscow of it many years ago. The disclosure that an unwitting FBI was
proudly taking its top brass on tours of a white elephant comes as a fresh
embarrassment.

The tunnel was built from a house the FBI bought on a hilltop close to the
embassy. It is not known when the US realised that the Soviets were aware of
their subterranean surveillance work but officials have claimed that they
knew long before Hanssen was unmasked as a spy.

The tunnel let the FBI tap into telephone wires and power cables and place
receivers which picked up signals transmitted by bugs placed throughout the
embassy.

Intelligence officials believe that Hanssen’s suspected report about the
tunnel to his Soviet handlers rendered the hugely expensive operation
useless. One intelligence source with direct knowledge of the technology
Hanssen allegedly compromised told the Washington Post that the Soviets used
the FBI bugs and wiretaps to feed disinformation back to the US Government.
There is a new parlour game, too: what did the FBI do with all that soil?

-- 

=======================================================================
Sed quis custodiet ipsos Custodes?
"In a time of universal deceit, telling the
truth is a revolutionary act" - George Orwell
=======================================================================
James M. Atkinson Phone: (978) 546-3803
Granite Island Group Fax: (978) 546-9467
127 Eastern Avenue #291 http://www.tscm.com/
Gloucester, MA 01931-8008 jmatk@t...
=======================================================================
The First, The Largest, The Most Popular, and The Most Complete TSCM,
Technical Security, and Counterintelligence Site on the Internet.
=======================================================================
2713

From: James M. Atkinson, Comm-Eng <jmatk@t...> 
Date: Mon Mar 12, 2001 6:31am
Subject: FBI scandal leaves CIA gloating
  
FBI scandal leaves CIA gloating

http://www.suntimes.com/output/news/spy11.html

March 11, 2001

BY LISA HOFFMAN

WASHINGTON--When CIA mole Aldrich Ames was unearthed in 1994, Congress and
President Bill Clinton punished the spy agency by yanking its control over
its own counterintelligence operations and giving it to the FBI.

It was a humiliating time for the storied CIA. Not only had the agency
missed signs that Ames, chief of the CIA's Soviet counterintelligence, had
been selling some of the nation's top secrets to Moscow for years. But the
CIA also would lose command over a prime part of its turf to its longtime
rival, the FBI.

Now the tables have turned.

It's the FBI in the hot seat this time, embarrassed by its damaging failure
to detect its own alleged Russian mole, 15-year FBI counterintelligence
operative Robert Hanssen.

"They have their own spy, big time," said one retired high-ranking CIA
counterintelligence agent who served during the FBI takeover. "Couldn't
happen to a nicer bunch."

In some quarters of the U.S. intelligence community these days, there is a
mixture of bitterness and glee at the FBI's plight--along with relief that
it's not the CIA at fault this time.

Resentment over some reforms instituted after Ames was uncovered, along with
anger that the FBI had failed to practice what it had preached to the CIA
about internal security, also are not hard to find.

Unlike the CIA, for instance, the FBI doesn't randomly polygraph its agents
or require regular financial disclosures from them as early warning
techniques for detecting in-house turncoats. If the FBI had, it might have
prevented Hanssen's alleged betrayal, now shaping up to be one of the
costliest such breaches in U.S. history.

Hanssen, 56, was arrested Feb. 18 on charges he passed 6,000 pages of secret
documents to the Soviets and Russians in exchange for $1.4 million in cash,
diamonds and an escrow fund.

But there also is a recognition, though grudging from some, that those very
post-Ames reforms have already gone far in reducing 50 years of mistrust
between the two agencies and forcing them to collaborate openly with each
other.

"The changes have all been to the good," said Jeffrey Smith, who became the
CIA's general counsel when the reforms began.

Angered that the CIA had failed for several years to share vital information
about its investigation of Ames and other suspected spies, Congress and
Clinton set up a national counterespionage center and put the FBI in charge.

A senior FBI official also was installed at the helm of the CIA's internal
counterintelligence operation--which the CIA had considered off-limits to
all but its own elite staff--so the FBI would have equal access to the CIA's
raw intelligence. And top CIA and FBI officials were directed to meet
biweekly.

The purpose of all this was to crack the institutionalized antipathy that
was forged during World War II, when FBI Director J. Edgar Hoover saw
President Franklin D. Roosevelt's establishment of the Office of Strategic
Services, the CIA's predecessor, as a threat to the FBI's dominion.

Over the years, the agencies traded accusations that the other had lied,
withheld vital information or otherwise obstructed operations and
investigations. Compounding the animosity were their very different cultures
and methods of operation.

The CIA, for instance, has long considered itself the province of
intellectuals, while viewing the FBI as a rarefied street cops' domain.

"The CIA has been regarded as where [its personnel] come from Ivy League
colleges and like to go to the opera, and the FBI has the products of
whatever college and like to go to NASCAR races," said Smith, now a
Washington lawyer.

"They're almost adversarial by nature," said Peter Earnest, a 35-year CIA
veteran.

Even so, the enforced mingling of the agencies has already led to at least
two successes. The 1996 nabbing of accused CIA spy Harold Nicholson and
accused FBI mole Earl Edwin Pitts are hailed as examples of how, when the
agencies work together, cases can be made both quicker and better.

"It works well, as in the Nicholson case, which was largely the result of
sharing pieces of information back and forth," Smith said.

Scripps Howard News Service

***

BUREAU VS. AGENCY

CENTRAL INTELLIGENCE

AGENCY

* Established: 1947
* Director: George Tenet, since 1997
* 2001 budget: Classified
* Total employees: Classified
* Headquarters: Langley, Va.
* Web site: www.cia.gov

FEDERAL BUREAU

OF INVESTIGATION
* Established: 1908. Its name dates from 1935
* Director: Louis Freeh, since 1993
* 2001 budget: $3.1 billion
* Total employees: 27,300, including 16,000 special agents
* Headquarters: Washington.
* Web site: www.fbi.gov


-- 

=======================================================================
Sed quis custodiet ipsos Custodes?
"In a time of universal deceit, telling the
truth is a revolutionary act" - George Orwell
=======================================================================
James M. Atkinson Phone: (978) 546-3803
Granite Island Group Fax: (978) 546-9467
127 Eastern Avenue #291 http://www.tscm.com/
Gloucester, MA 01931-8008 jmatk@t...
=======================================================================
The First, The Largest, The Most Popular, and The Most Complete TSCM,
Technical Security, and Counterintelligence Site on the Internet.
=======================================================================
2714

From: James M. Atkinson, Comm-Eng <jmatk@t...> 
Date: Mon Mar 12, 2001 6:35am
Subject: PROUD FBI OFFERED TOURS OF SECRET TUNNEL BUILT UNDER SOVIET EMBASSY
  
PROUD FBI OFFERED TOURS OF SECRET TUNNEL BUILT UNDER SOVIET EMBASSY

http://www.chicagotribune.com/news/printedition/article/0,2669,SAV-0103110209,FF.html

By Vernon Loeb
The Washington Post
March 11, 2001

WASHINGTON -- FBI officials were so proud of a secret tunnel the agency
built beneath the Soviet Embassy for electronic surveillance during the
final years of the Cold War that they offered tours of the passageway to
senior officials with top security clearances, former government officials
said last week.

One former official acknowledged that he had toured the passageway but
declined to describe it, saying everything about it remains highly
classified.

Another ex-official who was offered a tour but declined the invitation
because he is claustrophobic said the tunnel was reached from a residence
near the Soviet--now Russian--compound on Mt. Alto, a hilltop north of
Georgetown between Wisconsin Avenue and Tunlaw Road NW that is one of the
highest sites in Washington.

The former official said the government bought the home and started digging
the tunnel out of its basement.

While much about the tunnel remains a closely held secret, electronic
surveillance experts inside and outside the intelligence community said its
operation gave the FBI the proximity needed to intercept Soviet
communications using a variety of bugs and taps.

"The closer the eavesdropper gets to the target, the more he can do," said
one former government expert, explaining how tiny bugs planted throughout
the embassy could have transmitted signals to the tunnel through fiber-optic
and copper lines that are extremely difficult to detect.

"Any time you can get physical proximity to a target, it opens up a world of
possibilities," said another expert who once worked for the National
Security Agency.

The NSA provided eavesdropping technology for the tunnel.

Beyond "hard-wired" bugs directly connected to receivers in the tunnel, the
experts said, the tunnel could have enabled the FBI to tap into
telecommunications lines and even power cables, which carry electromagnetic
signals that can be reconstructed and deciphered.

A one-time law-enforcement official said laser technology was deployed in
the tunnel, technology the experts said could have been used to capture
sound waves emanating from pipes and structural support beams.

One former government electronic surveillance guru said tiny microphones
could even have been inserted in toilets through water pipes to monitor
conversations in bathrooms.

Whatever technologies the NSA deployed to bug the embassy, however, the
useful information it obtained was likely negligible, according to current
and former government officials.

Prosecutors now believe that FBI agent Robert Hanssen tipped off the KGB to
the tunnel's existence early in his alleged 15-year career as a spy for the
Soviet Union, nullifying the technological advantages the FBI could have
gained from such close range.

One intelligence source with direct knowledge of the technology Hanssen
allegedly compromised said the Soviets used the FBI bugs and wiretaps to
feed disinformation back to the U.S. government.

"They were obviously feeding a very large quantity of data to us of apparent
value but no real value," the source said. "It was a very delicate game that
was played out over several years."

A 109-page affidavit filed in court to support espionage charges against
Hanssen never specifically mentions the tunnel.

A senior U.S. official said the affidavit refers indirectly to the
eavesdropping operation when it alleges that Hanssen "compromised an entire
technical program of enormous value, expense and importance to the United
States."

In any event, U.S. officials realized the tunnel operation had been
compromised years before Hanssen was unmasked last month as an alleged spy
for Moscow, former FBI and intelligence officials said.

Stanislav Lunev, a former colonel in Soviet military intelligence, said U.S.
officials might have been alerted by a broadcast on Soviet television in
1987.

In the broadcast, Soviet officials revealed numerous listening devices found
throughout the embassy, including its basement.

"Somebody dug in the basement with a shovel and found electronic devices,
brand new," said Lunev, who arrived in Washington under cover as a
correspondent for the Soviet news agency Tass in 1988 and defected to the
United States in 1992.

Lunev said he was never told that a tunnel existed but hardly finds the
disclosure remarkable.

"To believe there is no tunnel under the embassy would be stupid," Lunev
said.

"It's real life, a clear practice of intelligence."

-- 

=======================================================================
Sed quis custodiet ipsos Custodes?
"In a time of universal deceit, telling the
truth is a revolutionary act" - George Orwell
=======================================================================
James M. Atkinson Phone: (978) 546-3803
Granite Island Group Fax: (978) 546-9467
127 Eastern Avenue #291 http://www.tscm.com/
Gloucester, MA 01931-8008 jmatk@t...
=======================================================================
The First, The Largest, The Most Popular, and The Most Complete TSCM,
Technical Security, and Counterintelligence Site on the Internet.
=======================================================================
2715

From: James M. Atkinson, Comm-Eng <jmatk@t...> 
Date: Mon Mar 12, 2001 8:52am
Subject: For the Birds
  
According to the Knight-Ridder News Service, the inscription on the metal
bands used by the U.S. Department of the Interior to tag migratory birds
has been changed. The bands used to bear the address of the Washington
Biological Survey, abbreviated Wash. Biol. Surv.

That is, until the agency received the following letter from a camper:

Dear Sirs:
While camping last week I shot one of your birds. I think it was a crow.
I followed the cooking instructions on the leg tag and I want to tell you
it was horrible.

The bands are now marked Fish and Wildlife Service.

-- 

=======================================================================
Sed quis custodiet ipsos Custodes?
"In a time of universal deceit, telling the
truth is a revolutionary act" - George Orwell
=======================================================================
James M. Atkinson Phone: (978) 546-3803
Granite Island Group Fax: (978) 546-9467
127 Eastern Avenue #291 http://www.tscm.com/
Gloucester, MA 01931-8008 jmatk@t...
=======================================================================
The First, The Largest, The Most Popular, and The Most Complete TSCM,
Technical Security, and Counterintelligence Site on the Internet.
=======================================================================
2716

From: Dawn Star <bratkid@e...> 
Date: Mon Mar 12, 2001 1:40pm
Subject: Mains Audio
  
"I called the client to listen in case the voices could be identified, but
the signal was too weak for identification by an untuned ear. It's possible
that the voices were followed by music, implying a commercial station, but
not clear enough to confirm."
A Grudko

It sounds like A.M. Radio, Easy way to check is bring along an A.M. radio 
and match up program material. Comes under the tool box heading, basic 
stuff: along with the flashlight, screwdriver, and paper clip.
Roger, Electronic Security, Los Angeles
2717

From: James M. Atkinson, Comm-Eng <jmatk@t...> 
Date: Mon Mar 12, 2001 4:10pm
Subject: Re: Cellular and Pager Interception Equipment
  
At 11:05 AM +0200 3/8/01, A Grudko wrote:
>Off the list
>
>----- Original Message -----
>> It's nice that the unit recently listed has various capabilities to
>> If you want to use a product such as this to inventory the ESN's you
>> encounter during a sweep, or need to interrogate a phone or CDPD
>> transponder in a vehicle you are checking fine, but do not post ads
>> for this kind of stuff to this list. I have to admit that how a NAM
>> programmer is used in a sweep is a bit of a mystery to even me
>
>> (but then of course I've only done a few hundred sweeps)
>
>Me too - 2 tomorrow, but, in the spirit of admitting that I don't know
>everything, can you expand on the acronyms ESN and CDPD with a brief
>description of their relevance to TSCM. I could guess but I'd rather get it
>from you. We might have the same here but known by a different name.
>
>Thanx
>
>Andy Grudko. D.P.M., Grad I.S, (S.A.)
>CEO - Grudko Wilson Associates (SA) (Pty) Ltd - Crime investigation &
>intelligence
>Johannesburg - Cape Town - Durban - Pretoria - UK - US - Canada -
>Australia - Israel - Bosnia. Agents in 41 countries - www.grudko.com - (+27
>11) 465 9673 - 465 1487 (Fax) - Est. 1981
>GIN (Charter), SACI (Pres), WAD, CALI, SASFed, SASA, SAMLF, SCIP (SA
>Chairman), UKPIN, AFIO (OS), IWWA, PRETrust, IPA, AmChamCom
>"When you need it done right - first time"



The "ESN" refers to an Electronic Serial Number that is imbedded 
inside the communication device which is used to identify a specific 
device from another device. ESN's are supposed to be, but are not 
always unique (usually due to mischief).

CDPD is a "Packet Data" network which piggybacks a data network on 
top of a normal cellular telephone network.

Since GPS/CDPD transponders are fairly popular as illicit tracking 
devices there are several methods that can be used to "burp" them.

"Burping" a transponder is course done at the tail end of a sweep as 
it is alerting in nature. It involves creating a very low power 
signal (generally less then a mW) on a directional antenna which is 
passed over areas which may contain an illicit tracking device (ie: 
rear deck). The goal is to cause the transponder to momentarily loose 
contact with the base station and thereby "burp" trying to regain 
contact. The TSCM'er then listens for the "burp" with a spectrum 
analyzer, search receiver, or similar diagnostics equipment.

Since the interruption of contact only lasts for a second or so (we 
hope) the transponder gives up it's hidden location when it burps.

If the spy has foolishly instructed the transponder to transmit 
coordinates in real time (or on a frequent basis) the devices are 
very easy to find, on the other hand if it is in a "forward and 
store" mode they can be a real bitch to find and you may have to 
resort to burping.

As always, a rigorous four plus hour physical search of the vehicle 
is also really helpful.

-jma


PS: I would STRONGLY warn the list membership that if you have any 
kind of cellular test equipment that you use during sweeps that you 
had bloody well be only using it for only legitimate purposes 
(TSCM'ers do not need pager or cellular interception equipment to 
perform a bug sweep).





.
-- 

=======================================================================
Sed quis custodiet ipsos Custodes?
"In a time of universal deceit, telling the
truth is a revolutionary act" - George Orwell
=======================================================================
James M. Atkinson Phone: (978) 546-3803
Granite Island Group Fax: (978) 546-9467
127 Eastern Avenue #291 http://www.tscm.com/
Gloucester, MA 01931-8008 jmatk@t...
=======================================================================
The First, The Largest, The Most Popular, and The Most Complete TSCM,
Technical Security, and Counterintelligence Site on the Internet.
=======================================================================
2718

From: Samuel Hayes <srhayes3@y...> 
Date: Mon Mar 12, 2001 3:40pm
Subject: Aspiring TSCM'er
  
Hello to everyone from Atlanta, Ga. My name is Samuel
Hayes. I would like to especially say hello to Jim,
(hey Jim). Jim, i dont know if u remember me but we
have spoken a number of times on the phone about what
path I need to take to find my place amongst the real
pro's in the TSCM field, and I would like to say
thanks for all of your advice. Everything is working
out well so far (even though its alot of work).My
question to the group is this... I am currently
enrolled in an electronic fundamentals course at my
local tech. school and also employed by Bellsouth as a
Facility Technician (we build networks-I'm in the
fiber optics crew). Is there any thing else anyone can
think of that I could do to give me a strong
foundation with which to build the necessary skills to
be a TSCM tech? Anyone perhaps looking for an
enthusiastic apprentice with a strong desire to learn
(and carry all the heavy stuff), whose willing to
travel? Hey Jim, whats the status on Granite Island
Groups classes opening to the public and how do I sign
up? Well, I'll start with these few questions for now.
Hope someone can help. Ciao'
SRH3

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices.
http://auctions.yahoo.com/
2719

From: Miguel Puchol <mpuchol@w...> 
Date: Mon Mar 12, 2001 5:45pm
Subject: RE: Re: Cellular and Pager Interception Equipment
  
James,

There is an easier way to find one, at least in some cases. If your SA is
somewhat portable, drive the vehicle around an inoffensive route, but one
that would make a planted device to register in various cells, then you can
see the 'burps' without having to TX on the cell band, which as I learned on
my flesh some weeks ago, seems to be somewhat illegal... :-)
I however suppose less than a mW can be considered 'common use' under some
legislations.

If you have contact with the telcos, and have the location of the cells you
are going to be passing, you can map expected coverage from various cells to
determine 'handover points', where you can look closer for 'burps'.

When you have a high cell traffic in the search area, you can record the
traces, then play them back at the office to look for similar strength
'burps' at expected locations.

Just a thought, all the best,

Mike


> -----Mensaje original-----
> De: James M. Atkinson, Comm-Eng [mailto:jmatk@t...]
> Enviado el: lunes, 12 de marzo de 2001 23:10
> Para: TSCM-L Mailing List
> Asunto: [TSCM-L] Re: Cellular and Pager Interception Equipment
>
> The "ESN" refers to an Electronic Serial Number that is imbedded
> inside the communication device which is used to identify a specific
> device from another device. ESN's are supposed to be, but are not
> always unique (usually due to mischief).
>
> CDPD is a "Packet Data" network which piggybacks a data network on
> top of a normal cellular telephone network.
>
> Since GPS/CDPD transponders are fairly popular as illicit tracking
> devices there are several methods that can be used to "burp" them.
>
> "Burping" a transponder is course done at the tail end of a sweep as
> it is alerting in nature. It involves creating a very low power
> signal (generally less then a mW) on a directional antenna which is
> passed over areas which may contain an illicit tracking device (ie:
> rear deck). The goal is to cause the transponder to momentarily loose
> contact with the base station and thereby "burp" trying to regain
> contact. The TSCM'er then listens for the "burp" with a spectrum
> analyzer, search receiver, or similar diagnostics equipment.
>
> Since the interruption of contact only lasts for a second or so (we
> hope) the transponder gives up it's hidden location when it burps.
>
> If the spy has foolishly instructed the transponder to transmit
> coordinates in real time (or on a frequent basis) the devices are
> very easy to find, on the other hand if it is in a "forward and
> store" mode they can be a real bitch to find and you may have to
> resort to burping.
>
> As always, a rigorous four plus hour physical search of the vehicle
> is also really helpful.
>
> -jma
>
>
> PS: I would STRONGLY warn the list membership that if you have any
> kind of cellular test equipment that you use during sweeps that you
> had bloody well be only using it for only legitimate purposes
> (TSCM'ers do not need pager or cellular interception equipment to
> perform a bug sweep).
>
>
>
>
>
> .
> --
>
> =======================================================================
> Sed quis custodiet ipsos Custodes?
> "In a time of universal deceit, telling the
> truth is a revolutionary act" - George Orwell
> =======================================================================
> James M. Atkinson Phone: (978) 546-3803
> Granite Island Group Fax: (978) 546-9467
> 127 Eastern Avenue #291 http://www.tscm.com/
> Gloucester, MA 01931-8008 jmatk@t...
> =======================================================================
> The First, The Largest, The Most Popular, and The Most Complete TSCM,
> Technical Security, and Counterintelligence Site on the Internet.
> =======================================================================
>
>
>
> ========================================================
> TSCM-L Technical Security Mailing List
> "In a multitude of counselors there is strength"
>
> To subscribe to the TSCM-L mailing list visit:
> http://www.onelist.com/community/TSCM-L
>
> or email your subscription request to:
> subTSCM-L@t...
> =================================================== TSKS
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
>
>
>
2720

From: Craig Snedden <craig@d...> 
Date: Mon Mar 12, 2001 3:57pm
Subject: Re: Mains Audio
  
Ooops!

I 'd have difficulty convincing myself that the characteristics of my AM
"tranny" antenna is in any way comparable to what is effectively a very long
wire (maybe several kilometres) attached to an RF front end.........

So we take down the HF150, the ATU and 30 odd metres of copper and we build
an antenna on site. And most probably we still wouldn't be able to get the
same signal... Know it, tried it.

I run 4 LF & HF receivers side by side for about 8/12 hours each day, each
has it's own characteristics, even when coupled up to the same antenna one
will pull the signal, while another just won't catch it....

:-(


----- Original Message -----
From: "Dawn Star" <bratkid@e...>
To: <TSCM-L@yahoogroups.com>
Sent: Monday, March 12, 2001 7:40 PM
Subject: [TSCM-L] Mains Audio


> "I called the client to listen in case the voices could be identified, but
> the signal was too weak for identification by an untuned ear. It's
possible
> that the voices were followed by music, implying a commercial station, but
> not clear enough to confirm."
> A Grudko
>
> It sounds like A.M. Radio, Easy way to check is bring along an A.M. radio
> and match up program material. Comes under the tool box heading, basic
> stuff: along with the flashlight, screwdriver, and paper clip.
> Roger, Electronic Security, Los Angeles
>
>
>
> ========================================================
> TSCM-L Technical Security Mailing List
> "In a multitude of counselors there is strength"
>
> To subscribe to the TSCM-L mailing list visit:
> http://www.onelist.com/community/TSCM-L
>
> or email your subscription request to:
> subTSCM-L@t...
> =================================================== TSKS
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

The data contained herein is confidential. Unauthorised dissemination
of the contents of this e-mail may be in breach of Criminal and Civil law
and may lead to prosecution.
2721

From: A Grudko <agrudko@i...> 
Date: Wed Mar 14, 2001 7:26am
Subject: Re: Mains Audio and other signals
  
Thanks Craig, that's another good point. Just as 'There's no replacement for
cubic displacement', on AM LW/MW size does count, and the mV/mtr gain over a
couple of klicks of solid copper conductor

But woah - 4 HF rigs at once; you must have one noisy test bench!

I get irritated and confused if more than 3 AM or FM signals pop up at the
same time - I often hit the big ALL OFF switch (the PSU).

One of my TSCM test rigs is an ancient but still worthwhile Fair Mate
HP-100E portable scanner. It has 1000 memories, AM, NBFM or WBFM stored, 8.0
to 999.995 Megs.

All I do with it is anytime I discover or read about a new bug frequency
(don't you love those detailed spec. catalogues) is I enter the frequency
and mode, in no special order. Then during a sweep I let it just run. I
sometimes also let it run as I drive through the city and suburbs 'cos you
never know when you'll pick up a conventional Cony, Micro or AAA device...

Monday I had a Middle East supplier phone me offering unsolicited Micro
phone and room bugs, via London at 'unbeatable prices'.

Today a rep. from a Far East based company phoned out of the blue. He claims
he's been active selling covert surveillance devices in SA for 4 months.

I was happy to talk to the guys to find out what's appearing on the local
scene - and to try to work out who are buying what and why.

----- Original Message -----
From: Craig Snedden <craig@d...>
To: <TSCM-L@yahoogroups.com>
Sent: Monday, March 12, 2001 11:57 PM
Subject: Re: [TSCM-L] Mains Audio

> I 'd have difficulty convincing myself that the characteristics of my AM
> "tranny" antenna is in any way comparable to what is effectively a very
long
> wire (maybe several kilometres) attached to an RF front end.........
> So we take down the HF150, the ATU and 30 odd metres of copper and we
build
> an antenna on site. And most probably we still wouldn't be able to get the
> same signal... Know it, tried it.
> I run 4 LF & HF receivers side by side for about 8/12 hours each day, each
> has it's own characteristics, even when coupled up to the same antenna one
> will pull the signal, while another just won't catch it....
2722

From: James M. Atkinson, Comm-Eng <jmatk@t...> 
Date: Wed Mar 14, 2001 9:14am
Subject: Re: Mains Audio and other signals
  
At 3:26 PM +0200 3/14/01, A Grudko wrote:

[snip]

>All I do with it is anytime I discover or read about a new bug frequency
>(don't you love those detailed spec. catalogues) is I enter the frequency
>and mode, in no special order. Then during a sweep I let it just run. I
>sometimes also let it run as I drive through the city and suburbs 'cos you
>never know when you'll pick up a conventional Cony, Micro or AAA device...
>


[snip]

Here are a few more for you to keep an eye on, they are all low cost 
Japanese units that are flooding the consumer and spy shop markets 
abroad. All frequencies are in MHz, and the devices use NBFM 
modulation.

Very, very heavily used in major US cities, and fairly easy to find 
at considerable distances with the appropriate equipment. In fact it 
is tough to perform a bug sweep in major city in the US (ie: NYC, DC, 
Chicago, Boston, etc) and not pickup on at least one of these 
frequencies being used for covert eavesdropping.


134.0000
134.9000

139.6000
139.9400
139.9700
139.9800
140.0000
140.0500
140.4500
141.0000

149.0000
149.4500
149.8950
154.0000
154.5850


339.4500
361.8250

396.4300
396.4400
396.8200
397.2400
397.2500
397.5650
398.0100
398.0300
398.0500
398.1100
398.2100
398.2150
398.4600
398.6050
398.6400
398.6450
398.6500
399.0250
399.0300
399.2500
399.4300
399.4550
399.5750
399.6050
399.6150
399.6400
399.7500
399.9100
399.9900
400.0000

413.0000
418.0000
433.9200
442.9000


Of course your mileage may vary,

-jma
-- 

=======================================================================
Sed quis custodiet ipsos Custodes?
"In a time of universal deceit, telling the
truth is a revolutionary act" - George Orwell
=======================================================================
James M. Atkinson Phone: (978) 546-3803
Granite Island Group Fax: (978) 546-9467
127 Eastern Avenue #291 http://www.tscm.com/
Gloucester, MA 01931-8008 jmatk@t...
=======================================================================
The First, The Largest, The Most Popular, and The Most Complete TSCM,
Technical Security, and Counterintelligence Site on the Internet.
=======================================================================
2723

From: JAMES M. McGING <sheriff@w...> 
Date: Wed Mar 14, 2001 9:20am
Subject: Re: Digest Number 538
  
I have a new email address, and would appreciate you amending your
records, as I wish to continue to be a member of the list. Thank you, 
James M. McGing


old: sheriff@w...
new: Tourmakeady2001@y...
2724

From: Craig Snedden <craig@d...> 
Date: Wed Mar 14, 2001 9:56am
Subject: Re: Re: Mains Audio and other signals
  
Hi Andy,

Nice to hear someone else out there has a Fairmate. Nice little unit and
easy to use, even if you have lost the manual like me.......

O.K. I'll come clean, I'm not blessed with 4 arms and several sets of ears
(although some of the guys I worked with in the past seemed to be so
blessed!). Usually, 2 or 3 of the rigs are set up to rx RTTY under computer
control. I have two budget AKD HF-3's, (which actually give a respectable
performance), a Lowe HF-150 and an AR7030.

Regarding "bugging" equipment from London, there are a couple of suppliers,
who to my certain knowledge (having taken thier stuff to bits & compared
them), buy cheap units from the far east (xtal controlled UHF & VHF
transmitters, recorders, knowles mikes etc.) and stick thier own badges on
them, then hike the price by 100% or so. A couple of years ago I bought two
recorder/transmitter devices (srictly for training purposes Mr. Atkinson,
Sir!) from a supplier for about £120 each. A few months later during a
sweep I came across an identical unit in a clients premises, but "badged" by
a well known London supplier. I looked up thier catalogue to find them
priced at £300 each....

But you're right, it's always worth talking to these people, often a bit of
"social engineering", turning the spying game back on them, will reveal who
is buying what. Most salesmen are too greedy to make the sale that client
ethics go straight out the window!

I trust your autumn isn't getting too cold for you down there, the fine
weather is just starting here, we're up to 3 degrees centigrade today!

Best regards,

Craig
----- Original Message -----
From: "A Grudko" <agrudko@i...>
To: <TSCM-L@yahoogroups.com>
Sent: Wednesday, March 14, 2001 1:26 PM
Subject: [TSCM-L] Re: Mains Audio and other signals


> Thanks Craig, that's another good point. Just as 'There's no replacement
for
> cubic displacement', on AM LW/MW size does count, and the mV/mtr gain over
a
> couple of klicks of solid copper conductor
>
> But woah - 4 HF rigs at once; you must have one noisy test bench!
>
> I get irritated and confused if more than 3 AM or FM signals pop up at the
> same time - I often hit the big ALL OFF switch (the PSU).
>
> One of my TSCM test rigs is an ancient but still worthwhile Fair Mate
> HP-100E portable scanner. It has 1000 memories, AM, NBFM or WBFM stored,
8.0
> to 999.995 Megs.
>
> All I do with it is anytime I discover or read about a new bug frequency
> (don't you love those detailed spec. catalogues) is I enter the frequency
> and mode, in no special order. Then during a sweep I let it just run. I
> sometimes also let it run as I drive through the city and suburbs 'cos you
> never know when you'll pick up a conventional Cony, Micro or AAA device...
>
> Monday I had a Middle East supplier phone me offering unsolicited Micro
> phone and room bugs, via London at 'unbeatable prices'.
>
> Today a rep. from a Far East based company phoned out of the blue. He
claims
> he's been active selling covert surveillance devices in SA for 4 months.
>
> I was happy to talk to the guys to find out what's appearing on the local
> scene - and to try to work out who are buying what and why.
>
> ----- Original Message -----
> From: Craig Snedden <craig@d...>
> To: <TSCM-L@yahoogroups.com>
> Sent: Monday, March 12, 2001 11:57 PM
> Subject: Re: [TSCM-L] Mains Audio
>
> > I 'd have difficulty convincing myself that the characteristics of my
AM
> > "tranny" antenna is in any way comparable to what is effectively a very
> long
> > wire (maybe several kilometres) attached to an RF front end.........
> > So we take down the HF150, the ATU and 30 odd metres of copper and we
> build
> > an antenna on site. And most probably we still wouldn't be able to get
the
> > same signal... Know it, tried it.
> > I run 4 LF & HF receivers side by side for about 8/12 hours each day,
each
> > has it's own characteristics, even when coupled up to the same antenna
one
> > will pull the signal, while another just won't catch it....
>
>
>
>
> ========================================================
> TSCM-L Technical Security Mailing List
> "In a multitude of counselors there is strength"
>
> To subscribe to the TSCM-L mailing list visit:
> http://www.onelist.com/community/TSCM-L
>
> or email your subscription request to:
> subTSCM-L@t...
> =================================================== TSKS
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

The data contained herein is confidential. Unauthorised dissemination
of the contents of this e-mail may be in breach of Criminal and Civil law
and may lead to prosecution.
2725

From: James M. Atkinson, Comm-Eng <jmatk@t...> 
Date: Wed Mar 14, 2001 11:09am
Subject: Re: Re: Mains Audio and other signals
  
At 3:56 PM +0000 3/14/01, Craig Snedden wrote:
>Hi Andy,

[snip]

>Regarding "bugging" equipment from London, there are a couple of suppliers,
>who to my certain knowledge (having taken thier stuff to bits & compared
>them), buy cheap units from the far east (xtal controlled UHF & VHF
>transmitters, recorders, knowles mikes etc.) and stick thier own badges on
>them, then hike the price by 100% or so. A couple of years ago I bought two
>recorder/transmitter devices (srictly for training purposes Mr. Atkinson,
>Sir!) from a supplier for about £120 each. A few months later during a
>sweep I came across an identical unit in a clients premises, but "badged" by
>a well known London supplier. I looked up thier catalogue to find them
>priced at £300 each....

[snip]

A bug which is selling in japan for $85.00 retail in Japan is 
available wholesale (in Japan) for under $50.00 bucks. Now in London 
that same exact bug is openly sold for 300 to 500 dollars (US), and 
illicitly offered in the US via SpyShops for many thousands of 
dollars (typically a 50:1 markup ratio or more).

I have personally seen eavesdropping devices for sale at a popular 
New York SpyShop for $4,995.00 (yes, five grand) which were readily 
available in Japan for fifty dollars. Of course if you agree to 
become a dealer for the NY SpyShop they will give you a special price 
of half off ($2,500.00), but you have to promise to buy ten units.

A few calls to the manufacture and they confirmed that they were 
selling hundreds of this particular units at a time to that specific 
SpyShop and that they were well aware of the 100 fold markup.


>But you're right, it's always worth talking to these people, often a bit of
>"social engineering", turning the spying game back on them, will reveal who
>is buying what. Most salesmen are too greedy to make the sale that client
>ethics go straight out the window!


Heck, a 100 fold markup is a pretty good markup.

Your right about turning the spying game back on them with a few 
phone calls [Grin]


>I trust your autumn isn't getting too cold for you down there, the fine
>weather is just starting here, we're up to 3 degrees centigrade today!
>
>Best regards,
>
>Craig

-- 

=======================================================================
Sed quis custodiet ipsos Custodes?
"In a time of universal deceit, telling the
truth is a revolutionary act" - George Orwell
=======================================================================
James M. Atkinson Phone: (978) 546-3803
Granite Island Group Fax: (978) 546-9467
127 Eastern Avenue #291 http://www.tscm.com/
Gloucester, MA 01931-8008 jmatk@t...
=======================================================================
The First, The Largest, The Most Popular, and The Most Complete TSCM,
Technical Security, and Counterintelligence Site on the Internet.
=======================================================================
2726

From: James M. Atkinson, Comm-Eng <jmatk@t...> 
Date: Wed Mar 14, 2001 1:17pm
Subject: Capital Q&A: James Woolsey on spies and rogue missiles
  
Capital Q&A: James Woolsey on spies and rogue missiles

http://www.vny.com/cf/News/upidetail.cfm?QID=167776

Tuesday, 13 March 2001 18:55 (ET)

Capital Q&A: James Woolsey on spies and rogue missiles
By CARMEN J. GENTILE

WASHINGTON, March 13 (UPI) -- R. James Woolsey is a Washington insider of
the first rank, having served as director of central intelligence and in a
host of other key roles -- from helping create the first outlines of a
missile defense program to forging military bonds with European allies.

So when Woolsey talks about spies or missile shields, Washington listens.
In an interview with United Press International, Woolsey warned against
complacency in the U.S. intelligence community in the wake of the arrest of
FBI agent Robert Hanssen for allegedly selling U.S. secrets to the Soviets
for 15 years.

Woolsey said agencies like the FBI and the CIA -- which had its own
notorious spy case involving Aldrich Ames -- may have been lulled "because
they couldn't quite believe that one of their career case officers was a
Soviet spy. ...That's one of the things you have to be very humble about, in
a sense."

And Woolsey says missile defense, far from being pie in the sky, is
evolving to the point where rogue missiles would be "much easier to shoot
down" than earlier plans would have allowed.

Currently a partner at the law firm of Shea & Gardner in Washington,
Woolsey returned to the private sector in January 1995 after serving two
years as director of central intelligence.

Woolsey has also served as: ambassador to the negotiations on Conventional
Armed Forces in Europe; undersecretary of the Navy; general counsel to the
Senate Committee on Armed Services and adviser on the U.S. delegation to the
Strategic Arms Limitation Talks.

He was also appointed by President Reagan as delegate-at-large to the
U.S.-Soviet Strategic Arms Reduction Talks and Nuclear and Space Arms Talks.

Excerpts of the interview follow. Woolsey put only one restriction on the
questions: "No tunnel talk," a reference to the reported multimillion-dollar
secret tunnel built next to the Soviet Embassy in Washington that Hanssen's
alleged spying may have compromised.

Hanssen allegedly divulged its existence to the Soviets as early as 1985.
If that scenario is correct, the tunnel would have been useless an
information-gathering source during Woolsey's tenure at the CIA.

Q. Can you assess the damage caused by the alleged spying activities of
Robert P. Hanssen?

A. It appears from the affidavit, and that's all any of us can go on, that
the damage is quite substantial because it looks as if he got two people
killed, though (convicted CIA traitor) Ames got between 10 and 13 killed.
Two of the people he fingered were apparently two that Ames had named as
well. A third was imprisoned as a result of what he said. Hanssen was
apparently exposed to a number of programs in other agencies including
technical collection programs. It's hard to know exactly what these were
from the affidavit.

Q. Could you surmise what the technical collections were?

A. No, I probably wouldn't even if I could -- just the context of the way
they're presented on the affidavit suggests they were quite important. ...
It looks as if he gave (his handlers) documents about intelligence planning
and what we were focusing on and probably a lot of material that helped the
KGB avoid surveillance by the FBI here and the CIA overseas. And he appears
to have had access to material from agencies other that than the FBI.

Q. The CIA?

A. Some of these documents look like they may be CIA documents, some from
the State Department, we don't know. But they do, just from the titles in
the affidavit, appear to be of substantial importance.

Q. Do you believe there are currently other counterspies infiltrating
intelligence agencies in high positions such as Hanssen's?

A. Woolsey: It's hard to say. One hopes not, but you always have to act as
if there may well be. You have to be a little bit paranoid to be in the
counterintelligence business. Hopefully it's paranoia that's somewhat under
control because you can't go making wild accusations about people based on
flimsy evidence, ruining people's lives and careers.

But on the other hand, you have to follow diligently every lead, including
looking at your own organization. I think the CIA had a hard time capturing
Ames because they couldn't quite believe that one of their career case
officers was a Soviet spy. And I think the FBI had a hard time catching
Hanssen because of a similar assumption about FBI agents. So that's one of
the things you have to be very humble about, in a sense.

If you are in the counterintelligence business, you cannot assume your
organization is completely able to avoid penetration. No matter how fine the
barrel of apples -- a barrel of both the clandestine service in the CIA and
FBI special agents, who are wonderful, talented, extraordinarily, able,
patriotic people -- any barrel of apples can have a bad one in it. And it
has happened now two or three times to both the FBI and the CIA. This ought
to put to rest the idea that there is no sector of intelligence that does
not need to be serious about counterintelligence because a foreign power
would not be able to penetrate it. That just appears to be wrong.

Q. In the Ames case, the convicted CIA traitor was living what appeared to
be well beyond his means -- he had a nice home and he drove an expensive
car. To the general public, these things would automatically arouse
suspicion. Why was it that following his conviction the FBI did not appear
to improve its security and adopt CIA practices such as the use of polygraph
tests and regular checks of agents financial records?

A. Ames was able to succeed in spying for nine years in spite of the fact
that he was spending money on some things beyond his salary. I believe it
happened because back after 1975, the CIA's security and counterintelligence
operations were heavily decentralized. Before 1975 they had been in the
control of a single individual, James Angleton (legendary former deputy
director of counter-intelligence at the CIA), who figures prominently in a
lot of spy novels, and in many ways was a very successful and able man who
did a lot of positive things for the country and the CIA.

But like a number of people, he probably stayed in the job a few years too
long, he got a bit paranoid at the end. He did ruin a few people's careers
who in fact did nothing wrong. He came to the view, for example, that if you
believed in the sign of Soviet split, you may well be suspect. And so after
he was fired in 1974, the CIA overreacted to Angleton's centralization of
power and authority and very heavily decentralized its counterintelligence
and security operations. And as a result, the milieu that Ames came into
when he started to spy in 1985 was one in which the people who knew about
his spending on his house did not know about his drinking, and the people
that knew about his drinking didn't know about his polygraph (results).

One of the things the CIA did in the aftermath of the Ames affair, in
addition to increasing our level of attention to people's finances, was to
consolidate substantially the security and counterintelligence
responsibilities out at Langley (CIA headquarters in suburban Virginia) so
that things wouldn't fall through the cracks.

I don't know how the FBI runs its programs for polygraphs and financial
reporting. That's entirely up to them. And I'm sure that as Judge Webster
does his review, he will come up with some recommendations for strengthening
those procedures.

But I am under the impression that they didn't take the types of steps
after 1994 that we did at the CIA.

I think you have to admit, however, (and) anyone who would be critical of
the FBI on this issue would have to admit, that Hanssen, assuming he is
guilty as charged, was an extremely clever spy. Not only was he in
counterintelligence, so he knew about surveillance techniques and the like,
but it's also the case that he was able to figure out which Soviet case
officers did not have mail cover, so he could go ahead and contact them. He
also generally, except perhaps for some of the private school tuition for
his children, appeared to live very much within his means. He did not throw
money around the way Ames did, and he convinced everyone that he was a
devout religious man, family man and lived that kind of lifestyle. Part of
his cleverness was in not showing that he had a lot of extra money that
other spies have from time to time.

Q. Do you think the bureau will follow suit and step up its security
measures?

A. I'm sure all of their measures will be up for review and I'd be
surprised if there weren't some modifications to them.

Q. Why do you think he did it, if in fact he is found guilty?

A. That's one of the strangest aspects of this case. He seems to be in
part motivated by money, but not exclusively, and in part motivated by a
sense of arrogance and the challenge -- this business in the affidavit about
bragging how he had wanted to do this since he was 14 years old and his
sense of superiority, as well as denigrating the FBI and the U.S.
government. He seems to be an individual whose personality and his arrogance
had something to do with his decision to try and make this work.

Q. A recent article in Washington Post questions the origin of the KGB
documents that exposed Hanssen. Do you have any idea where these alleged
documents came from?

A. If I knew, I wouldn't say.

Q. Switching gears, in 1996 you testified in front of the Senate Select
Committee on Intelligence that "ballistic missiles can, and in the future
increasingly will, be used by hostile states for blackmail, terror and to
drive wedges between us and our friends and allies." It was your judgment
then that the Clinton administration was not "giving this vital problem the
weight it deserves."

Do you see the Bush administration giving it the proper weight it
deserves, and how would they going about doing so, if they are not already?

A. Well certainly I think their commitment to missile defense suggests
more attention. Secretary of Defense Donald Rumsfeld chaired a commission in
'97-98 I served on that called a lot of attention to this problem.

The Clinton administration was in the process of sort of pooh-poohing it
when, about six weeks after the report was issued, the North Koreans
launched a missile that had a partially successful third stage that then
later failed. It flew over Japan into the Pacific, and that suggested that
the North Koreans were rather far along in missile development that
conceivably would be able to reach the United States, at least at an early
stage in Alaska or Hawaii.

That appeared to be the event -- the combination of the Rumsfeld
Commission report and North Korean test -- that finally more or less woke up
the Clinton administration. I think the system that they deployed, or were
planning to deploy, or might have been planning to deploy, had a lot of
weaknesses.

The Bush administration (is) focused on trying to move promptly to do
something about this issue. I think this had now spread to the point that it
is a serious concern all across the political spectrum.

I think this issue is really catching on, and the question is not whether,
but how, the U.S. will deploy some type of missile defense.

Q. Some European countries and Russia have balked, saying that in varying
degrees they were not in support of Bush's proposed missle defense plan. Now
Germany has changed its stance on the U.S. missile strategy and even Russian
President Vladimir Putin has said that it is important for Russia to ally
itself with the West to combat rogue states.

A. Our allies, first and foremost, and maybe even Mr. Putin, are
responding to American firmness of will. When the United States expresses
itself as determined to do something, people tend to take that seriously.
The Clinton administration never expressed any sense of determination about
this matter. I think it is beginning to seep in that the Bush administration
is not planning something similar to its predecessors. The Clinton
administration called it National Missile Defense and their system was
solely designed to protect the Unites States.

The reason it was designed that way was due to what's called a mid-course
intercept system that could intercept ballistic missiles long after they are
launched into space, where they are hard to pick out against the background
of space and moving at several miles per second.

The reason the Clinton administration system was designed that way, was
that they wanted to make them resemble as close as possible the systems that
would have been permitted by the 1972 U.S.-Soviet ABM treaty.

If you start from the other end, and ask what is strategically useful, I
think you don't end up focusing principally on a mid-course system, but
rather on something that would shoot down (a) ballistic missile in what's
called boost phase, that is, an early stage of flight when they are large,
slow and hot.

At those early phases of flight, they are much easier to shoot down. The
question is getting the missile that would shoot them or the satellite that
would get in their way or laser beam that would destroy them close enough so
that it could do the job during the early stage of their trajectory.

A system like that (proposed by the Bush administration) has an added
advantage of protecting everybody, not just the United States.

For example, let's say the United States had a missile site in eastern
Turkey and could shoot down shortly after it was launched anything coming
out of Iraq. That doesn't just protect the United States, it protects
Germany and Russia and essentially everyplace in the world.

So I would hope and think that our allies, and maybe even the Russians,
would be more favorably disposed toward a system that could protect them as
well as us, rather than one such as the Clinton administration was pursuing
that could only protect the Unites States. Some of the critics in Europe of
the Clinton administration's NMD proposal said it was an expression of
''fortress America,'' and they had a point. As long as you're using a
mid-course system based in the United States, you're only protecting the
United States, but if you are shooting these things down in boost phase,
you're protecting everybody. If I were a German, I would feel more
positively about a system protecting me as well as the Unites States, than I
would about one that was just protecting the United States.

Q. How closely does the Bush missile plan resemble the Strategic Defensive
Initiative or "Star Wars" plan proposed by President Reagan?

A. President Reagan's initial interest was in directed-energy weapons,
satellites in space with lasers or particle beams that would shoot down
missiles in boost phase. And that grew to the somewhat derisory term "Star
Wars," suggesting that it was a very far-out idea. The Bush administration,
the first Bush administration, focused on something called the Global
Protection System that they worked on cooperatively with Russians when
President Yeltsin expressed interest in it in 1992. That had several
components, but one of them was a rather simpler idea which was boost-phase
intercepts using small satellites that would not fire lasers, but would be
expendable themselves, and move into the path of a ballistic missile as it
was coming up in boost phase. That project was called Brilliant Pebbles: The
satellites were small, but they had a lot of sophisticated electronics on
them for intercepting technologically advanced Russian missiles.

There are other ideas for doing this, including one that I support called
Burros, which are also small satellites that move into the path of missiles,
but aren't as sophisticated. They're designed to deal with missile threats
from Iraq, Iran, North Korea and the like.

I don't know what this Bush administration is going to do, but whether you
are talking about shooting down a ballistic missile in boost phase from the
surface from the earth, or these relatively simple satellites, that
technology is somewhat simpler than what the Clinton administration was
trying to do. They really were trying to hit a bullet with a bullet.

Q. There has been speculation that the SDI was more or less a scare tactic
than a feasible missile defense system, designed to frighten the Russians to
spend on defense into bankruptcy.

A. I think it may have had that effect. I think President Reagan thought
that something could be deployed relatively quickly, and I think he was
committed to it and sincere about it. The Russians, I think, thought we
could probably deploy something rather quickly. After all, they went into
space first in 1958, and a few years later, President Kennedy said we would
put a man on the moon by the end of the decade. And in 8 ? years, you have
Americans walking on the moon on live television and by all reports the
Soviet Politburo watching it on television were stunned and some of them
weeping.

So they knew what the Unites States could do if it put their mind to it,
in space and in technology.

President Reagan's original concept of directed energy in space was a very
challenging technology and I think it did have the effect of frightening the
Russians into spending a great deal more on their military. It was
definitely one of the things that demoralized them and helped bankrupt their
system. SDI had a hand in helping end the Cold War successfully.

--
Copyright 2001 by United Press International.
All rights reserved.
--


-- 

=======================================================================
Sed quis custodiet ipsos Custodes?
"In a time of universal deceit, telling the
truth is a revolutionary act" - George Orwell
=======================================================================
James M. Atkinson Phone: (978) 546-3803
Granite Island Group Fax: (978) 546-9467
127 Eastern Avenue #291 http://www.tscm.com/
Gloucester, MA 01931-8008 jmatk@t...
=======================================================================
The First, The Largest, The Most Popular, and The Most Complete TSCM,
Technical Security, and Counterintelligence Site on the Internet.
=======================================================================
2727

From: Paolo Sfriso <paulsfriso@t...> 
Date: Wed Mar 14, 2001 0:41pm
Subject: Digital Radio Transmittion Sound website
  
Dear Collegues.

The following link might be of interest for comparing unusual digital radio transmittion sounds.
http://www.wunclub.com/sounds/index.html

Your Italian Connection

Paul Sfriso
Director
GRUPPO S.I.T.
Security, Investigations & Tecnology
Quarto d'Altino, Venice
ITALY

phone +39 0422 828517
fax +39 0422 823224
24hr GSM cellphone +39 335 5257308
paulsfriso@t...
www.grupposit.com




[Non-text portions of this message have been removed]
2728

From: Gerard P. Keenan <gkeenan@s...> 
Date: Wed Mar 14, 2001 8:02pm
Subject: New Info
  
Sorry for the cross postings but I wanted to provide some update on my business/company.

We are now known as:

Executive Assets, Inc.
Gerard P. Keenan, Dir. of Operations
1005 Celia St.
West Islip, NY 11795-2503
(631) 587-4020 (ph)
(516) 768-9602 (cell/mobile)
(530) 323-6832 (Jfax)
secureops@e...
gkeenan@s...
http://www.geocities.com/executiveassets

GPKeenan Co., Int'l Security Services will remain in operation as a subsidiary of Executive Assets and will serve primarily as the administrative/research/analysis part of the operation handling publishing, the three restricted mailing lists, terrorism database, and other similar operations.

Cheers!

Jerry Keenan


[Non-text portions of this message have been removed]
2729

From: <patedwards@w...> 
Date: Thu Mar 15, 2001 3:13am
Subject: An Irish Friendship Wish !
  
AN IRISH FRIENDSHIP Wish 

May there always be work for your hands to do;

May your purse always hold a 
coin or two;

May the sun always shine on your 
windowpane;

May a rainbow be certain to follow each rain; 

May the hand of a friend always be near you; 

May God fill your heart with gladness to cheer you ! 

Happy Saint Patrick's Day ! ; Mar.17

Top of the Day ! To all !





HAVE A GREAT DAY !!!
2730

From: Edward J. Michaels <edmichaels@s...> 
Date: Wed Mar 14, 2001 9:14pm
Subject: REI reply to assistance?
  
I guess this is all 1 each OSCOR, ORION and CPM-700 gets you when
dealing with a busy manufacturer?

"Hello Edward J.

We have received you're request and will respond as soon as possible.

Thank You,
Research ELectronics Intl.
Copyright ©2000 Research ELectronics Intl. All Rights Reserved"


[Non-text portions of this message have been removed]
2731

From: Charles P <charles@t...> 
Date: Thu Mar 15, 2001 8:59am
Subject: Re: REI reply to assistance?
  
Sounds to me like an automated email response- just a courtesy to
acknowledge that your message was received.
Tom Jones (prez of REI) is usually active on this list so you probably will
get a response now! :)

----- Original Message -----
From: "Edward J. Michaels" <edmichaels@s...>
To: <TSCM-L@yahoogroups.com>
Sent: Wednesday, March 14, 2001 10:14 PM
Subject: [TSCM-L] REI reply to assistance?


> I guess this is all 1 each OSCOR, ORION and CPM-700 gets you when
> dealing with a busy manufacturer?
>
> "Hello Edward J.
>
> We have received you're request and will respond as soon as possible.
>
> Thank You,
> Research ELectronics Intl.
> Copyright ©2000 Research ELectronics Intl. All Rights Reserved"