From: James M. Atkinson, Comm-Eng Date: Wed Apr 4, 2001 3:03pm Subject: Here are a few of my favorite things... Well, it looks like we have some interest in developing this topic a bit further: Several dozen list members have approach me and suggest that we collectively develop a few dozen "angst issues" and then explore each in detail. What follows are a few of my own observations, and I would encourage others to add their own so that we may all benefit (or at least be amused). It will show the less glamorous side of our business, and perhaps relate some of the real-world issues that we have to deal with. It is an enhanced version of the little rant that I did a few days ago Please consider it to be humorous in nature, and feel free to add some of your own. Jim's "Angst Issues" (song to the tune of "Here are a few of my favorite things...") It's up at 4 am, drive 90 minutes to a clients site, then spend an hour unloading 2 tons of laboratory grade gear on site. Of course the customer forgot to mention that the loading dock is 1500 feet away from the office you will be sweeping, and for an added bonus the elevators are down so you also have to drag all of your equipment up 12 flights of stairs. Spend the next 16 hours using equipment to climb around every nook and cranny of the clients location where you may or may not find a bug, and in doing so you will succeed in tearing a hole in the $75 dollar pair of suit pants you just bought. Then repack and reload the 2 tons of equipment back on the truck, and drive back to the office, type up the report so you can get it to the client in the morning when they arrive at the office. If your lucky sneak in 3-4 hours of sleep before getting to repeat to whole thing the next morning. Climbing up and down a 12 foot ladder 240 times in one day to move ceiling tiles and check out lighting fixtures. Of course during this whole thing your back will spasm up and go out on you while unloading the truck (thank heavens for bottle of Aleve, and Zantac, and Pepto Bismol I have in my kit). God bless the clients employees and.or contractors who will try to steal your laptop or briefcase if you give then half a chance, and of course let's not forget about the guys who will try to swipe your hand held oscilloscope or even your OSCOR. Finding out that your clients site is 300 yards away from a multi-megawatt VHF TV station, and that you left all of your band reject filters back at the office. The CEO of the Fortune 500 company who seemed rational but who turns into Charles Manson, and starts ranting about the DEA trying to poison him, the CIA has implanted a tracking device in his neck, the FBI stalking him, and that aliens have just scheduled him for another abduction and proctologic examination. The PI who brought you in plants a little spy shop device to be found during the sweep as he believes (in error) that this will ensure future work for him. The client who actually planted a bug (or bugs) in his own office to see if your any good at finding such threats, and who is then surprised when you tell him in graphic detail where he can stick the thing. The client who bugs his own office (which you find) and tries to play the "victim game" for political or legal reasons, or who simply does it to get attention. The head of security who wants you to tap some phones, install some video cameras, and fix his security system which his brother in-law installed (and has never worked right). Security and/or CCTV that got installed by low bidders who had no idea what they are doing (and your biting your tongue). The clients accounting department still hasn't paid for the last sweep, and you just found out that the advance retainer check they gave you for this sweep just bounced. The bloody power just went out knocking out your laptop, causing acrid smoke to start rising out of your microwave spectrum analyzer. Plus in the darkness you tripped on a RG-214 cable causing your rather costly low noise microwave amplifier and feed horn to come crashing to the floor. CEO's that want a sweep just to make themselves feel important and who want you to show up wearing a green lab coat and a shoulder holster (just like the last guys who swept his office last week). PI's who want to talk about sweeps ( just to make themselves feel important), and who promise you the moon-an-the-stars but for some reason they don't deliver. Attorneys who only want to pay you if you find something, and who want to play the little "nudge-nudge, wink-wink" game. Add to this the attorneys who try to bribe you to testify as an expert witness, and offer you a fortune if you agree to lie on the witness stand for them. Anti-government and conspiracy nut types who start ranting about black helicopters, NATO storm troopers hiding in the bushes, road maps on the backs of road signs, chemicals in the drinking water, and so on, and so on, ad nauseam. You find out that the vetted "security consultant" or PI with references who brought you in is actually a convicted felon and con artist using a false name, and that neither you or the client knew this until the sweep was already scheduled. Then you find out that the guy has multiple outstanding arrest warrants under his real name, and that he is pissed as the police popped him on the outstanding warrants (thanks to you). The self appointed TSCM expert who you just talked to brags about making a million dollars a years, by himself, with only an OSCOR. Delusionary mental patients working for a major company (usually in senior management) who were perfectly lucid on when you spoke to them phone, and perfectly sane when you initially visited their office. But as soon as you show up with your gear, and don't find the "multipurpose CIA mind control and harassment transmitter" they strip down to their underwear climb up on their conference room table with a Samurai sword and start screaming that they are going to commit ritual suicide to make the little voices stop. Bleeding edge instruments that are finicky, or refuse to power up after being bounced around one time too many in the back of the truck. TSCM equipment that was grossly misrepresented by the manufacture and is in fact deafer then Beethoven (and about as useful on a sweep). Test equipment that you sent out for a routine calibration that should have been back 6 weeks ago, and every time you call the check on it nobody can find the unit or tells you that it is awaiting parts. Power cords, you can never have enough power cords. Antenna cables that are exactly three inches too short. Rot gut coffee that could lift the chrome off a bumper, add to that no lunch (not counting the two stale donuts), and ulcers that start to act up from a combination of stress and bad coffee. Did I mention yet that Zantac and Pepto is a good thing. People with attitudes who are more interested in playing little corporate or government power games, and don't really need a sweep at all. Completely bullshit ads for low end "bug detectors" marketed towards PI's that claim that they can make $250 per hour doing sweeps. People who write books and articles about TSCM, but who are actually just plagiarizing the work of others. Government agencies that think that just because they're government agency they automatically get payment terms... oh plus they want a discount, plus they want to put it out to bid, plus they want you to fill out 50 pages of paperwork, and so on, and so on, and so on. Mental patients calling six times a day who think that you are a combination psychologist, minister, therapist, psychiatrist, ghost-buster, brain surgeon, hearing doctor, pharmacist, and confessor (the bells, the bells, the bells, the bells, the bells, the bells... ) Power cords, did I mention that you can never have enough power cords. Fogged up Xray film Processing chemicals for the X-ray film that leak thus burning your arm and eating a hole in your pants. NLJD getting false hits causing you to a half hour checking out the beer can someone dropped inside the wall cavities during construction. Phones that aren't wired right, I mean really... have these people ever heard about cable pairing and color codes. Phone rooms that are not locked, and ones that are a pig sty. All of the Argon leaking out of the thermal imager due to a faulty valve, and your backup bottle is also bad. The Polaroid film for the instant camera you brought is for your other instant camera The client doesn't have blueprints he can send you for the area he want swept, can't get you into the building in advance, but he wants a flat rate for the sweep (which will of course be more then that charged by the local PI he has been using in the past). Firewalls with default password, computers with wide open guest privileges, and wireless networks that let the high school kid a mile away tie into the corporate LAN. Locks, dead latches, hinges, and door frames that never work the right way, and the client expects YOU to fix it. Everybody trying to get you to work for free. Customers who know the price of everything, but the value of nothing Client who try to shoot the messenger Cheap bastards who come up with "gee, I can get my brother-in-law who used to work for the FBI to do it for 300 bucks, so why should I pay you five grand". Neophytes with no background in the business who want to come apprentice with you. Ex-government TSCMers who have minimal equipment if any, no technical background, and minimal technical training but who insist that they can offer legitimate TSCM service just based on a six week DASE course they took 10 years ago. Governmental agencies continually telling you that "it's not their responsibility or jurisdiction". A big corporate client who just bought a broadband diode detector system from some New York spy shop for a quarter million dollars and has convinced himself that his office is riddled with bugs (but who gets pissed at you for telling him that his equipment is of minimal value, and that his office is free of bugs). ... and that is just the first part, I would rant for days.... -jma -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2853 From: James M. Atkinson, Comm-Eng Date: Wed Apr 4, 2001 3:12pm Subject: More flaws found in wireless LAN protocol More flaws found in wireless LAN protocol By Dennis Fisher, eWEEK April 3, 2001 2:15 PM PT URL: A University of Maryland research team said Tuesday that it had identified several more security flaws in the much-maligned 802.11 wireless LAN protocol. Earlier this year, researchers at the University of California at Berkeley discovered several vulnerabilities in the encryption protocol used on wireless LANs. "When you combine this with the stuff that the Berkeley guys found, it pretty much covers all of the security in these wireless access points," said William Arbaugh, assistant professor of computer science at the University of Maryland in College Park. The latest problems have to do with the way the protocol handles access control and authorization requests. Arbaugh said finding the problems was "exceedingly easy" and that exploiting them was trivial. Potentially the most serious of the three flaws is a hole that allows an eavesdropper to sniff the name of the network -- which is used as a shared secret for authentication purposes in some 802.11 implementations, including the Lucent Technologies Inc. Orinoco cards that Arbaugh's team used -- and then use the information to access the network. This would be prevented by the WEP (Wireless Equivalent Privacy) encryption used in 802.11, but the messages containing the network name are always broadcast in cleartext, Arbaugh said. The team also identified a problem with the MAC (media access control) addresses used on wireless LAN cards. Like the network name, MAC addresses are broadcast in cleartext and can therefore be easily captured by an eavesdropper. The attacker can then program the address onto his or her card and access the network. The final attack involves capturing via eavesdropping the plaintext and ciphertext of the shared keys used for authentication. Using this information, an attacker can compute the valid authentication response and then compute a new integrity check value using another known exploit and join the network. -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2854 From: Miguel Puchol Date: Wed Apr 4, 2001 3:27pm Subject: RE: More flaws found in wireless LAN protocol We were about to order a 3Com Starter Pack (access point + 3 PCCard units) for our non-secure PCs at the office....maybe we'll rethink this one. If we finally do order it, I'll try a few tricks and post back the results. All the best, Mike > -----Mensaje original----- > De: James M. Atkinson, Comm-Eng [mailto:jmatk@t...] > Enviado el: miercoles, 04 de abril de 2001 22:12 > Para: TSCM-L Mailing List > Asunto: [TSCM-L] More flaws found in wireless LAN protocol > > > > More flaws found in wireless LAN protocol > By Dennis Fisher, eWEEK > April 3, 2001 2:15 PM PT > URL: > > A University of Maryland research team said Tuesday that it had > identified several more security flaws in the much-maligned 802.11 > wireless LAN protocol. > > Earlier this year, researchers at the University of California at > Berkeley discovered several vulnerabilities in the encryption > protocol used on wireless LANs. > > "When you combine this with the stuff that the Berkeley guys found, > it pretty much covers all of the security in these wireless access > points," said William Arbaugh, assistant professor of computer > science at the University of Maryland in College Park. > > The latest problems have to do with the way the protocol handles > access control and authorization requests. Arbaugh said finding the > problems was "exceedingly easy" and that exploiting them was trivial. > > Potentially the most serious of the three flaws is a hole that allows > an eavesdropper to sniff the name of the network -- which is used as > a shared secret for authentication purposes in some 802.11 > implementations, including the Lucent Technologies Inc. Orinoco cards > that Arbaugh's team used -- and then use the information to access > the network. > > This would be prevented by the WEP (Wireless Equivalent Privacy) > encryption used in 802.11, but the messages containing the network > name are always broadcast in cleartext, Arbaugh said. > > The team also identified a problem with the MAC (media access > control) addresses used on wireless LAN cards. Like the network name, > MAC addresses are broadcast in cleartext and can therefore be easily > captured by an eavesdropper. The attacker can then program the > address onto his or her card and access the network. > > The final attack involves capturing via eavesdropping the plaintext > and ciphertext of the shared keys used for authentication. Using this > information, an attacker can compute the valid authentication > response and then compute a new integrity check value using another > known exploit and join the network. > -- > > ======================================================================= > Sed quis custodiet ipsos Custodes? > "In a time of universal deceit, telling the > truth is a revolutionary act" - George Orwell > ======================================================================= > James M. Atkinson Phone: (978) 546-3803 > Granite Island Group Fax: (978) 546-9467 > 127 Eastern Avenue #291 http://www.tscm.com/ > Gloucester, MA 01931-8008 jmatk@t... > ======================================================================= > The First, The Largest, The Most Popular, and The Most Complete TSCM, > Technical Security, and Counterintelligence Site on the Internet. > ======================================================================= > > > > ======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.onelist.com/community/TSCM-L > > or email your subscription request to: > subTSCM-L@t... > =================================================== TSKS > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ > > > 2855 From: Marcelrf Date: Tue Apr 3, 2001 9:05pm Subject: Re: Caller ID Question I built a caller ID generator years ago for a project.........It was nothing high-tech. It can be done........... "James M. Atkinson, Comm-Eng" wrote: > I would first suspect that it is a hoax, and that the information he > has was fabricated and then documented so as to give the guy some > "evidence" to wave around. > > After disproving the hoax possibility, it could be a case where > someone from the bank simply called to talk to him, he saw the > number and flipped out. > > Third, it could just be a screw up on the part of the CO. > > -jma > > At 4:12 PM -0500 4/3/01, Martin wrote: > > I received a call from a client who described the following > >circumstances that > >I thought I would get your collective thoughts on: > > > > An individual is in litigation with an area bank. He reports, and > >has a photo to > >prove, that he found on his cordless instrument's caller ID the name of > >the bank that > >he is opposed to in court and his own telephone number. Of course, he > >is insisting that his telephone is being monitored by this bank, which > >is silly, but if what he says is true, it really doesn't make > >sense...unless it was some sort of glitch at the > >exchange and just happened to coincidently, be his opposition in court. > > > >Anyone have any ideas? > > > >Martin Brown > >Brown & Sikes, Inc. > >Dallas, Texas > > -- > > ======================================================================= > Sed quis custodiet ipsos Custodes? > "In a time of universal deceit, telling the > truth is a revolutionary act" - George Orwell > ======================================================================= > James M. Atkinson Phone: (978) 546-3803 > Granite Island Group Fax: (978) 546-9467 > 127 Eastern Avenue #291 http://www.tscm.com/ > Gloucester, MA 01931-8008 jmatk@t... > ======================================================================= > The First, The Largest, The Most Popular, and The Most Complete TSCM, > Technical Security, and Counterintelligence Site on the Internet. > ======================================================================= > > > ======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.onelist.com/community/TSCM-L > > or email your subscription request to: > subTSCM-L@t... > =================================================== TSKS > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ -- "NEXTEL1 IT'S NOT JUST NEXTEL" Subscribe to Nextel1: http://www.onelist.com/subscribe/NEXTEL1 2856 From: Scott Malcolm Date: Wed Apr 4, 2001 1:59pm Subject: Re: Digest Number 555 TSCM-L@yahoogroups.com wrote: > Message: 1 > Date: Mon, 2 Apr 2001 16:52:13 +1200 > From: "Craig Meldrum" > Subject: TSCM in Hong Kong > > This is my first posting to this group although I have been monitoring it > for a couple of weeks. I am interetsde in hearing from anybody who has had > experience in carrying out an international TSCM job in Hong Kong. > > I would appreciate a direct contact via email to craig@s... > > Thanks > Craig Dear Craig and List, I have never worked with the people at the below site. From looking at their CV's I would think they might have an answer to your question or give you a lead. http://www.asiapi.com/ http://www.asiapi.com/profile.html Regards, Scott Malcolm Malcolm & Associates,Inc. Serving the State of Wisconsin http://www.execpc.com/~conf-pi Office 262 965 4426 / Fax 262 965 4629 2857 From: Craig Meldrum Date: Wed Apr 4, 2001 4:22pm Subject: TSCM in Hong Kong A quick note to thank all those people who responded to my query on this matter, I have been overwhelmed and have now satisfied my requirements. Thank you Craig =============================== Craig Meldrum, Managing Director Communications Security Ltd PO Box 8314, Symonds St Auckland, New Zealand Ph: 64-9-3093386 Fax: 64-9-3021148 =============================== 2858 From: Date: Wed Apr 4, 2001 9:48pm Subject: TSCM in Hong Kong I did a TSCM in Mexico City. The biggest problem was when we came back to LA and went thru US Customs. They wanted us to prove that the equipment was purchased in the US and went with us and was not purchesed in Mexico or some other country. We did not have any trouble getting into or out of Mexico. We were more than a little nervous about leaving the equipment in the hotel room while we went to eat. But, no problem. There is a customs form which can be filled out listing your equipment and identifying serial number. They stamp it when you leave and then you're back in without any trouble. Secondly, hand carry the delicate (and expensive) stuff. When I went to HK (without any equipment) the customs/immigration officer saw my old business card/name tag on my bags, ask if I had any ID proving I used to work for the feds, and said "enjoy your stay". Carl Carl A. Larsen, Jr. Larsen and Associates Private Investigations, PI-14282 Post Office Box 247 Carmichael, California, 95609 916-973-0515, fax 916-486-2735 2859 From: A Grudko Date: Wed Apr 4, 2001 3:31pm Subject: A bit off topic : Solar activity Geepers, have I noticed the interuption of RF services since the Monday night event, and we were ba. Even today the tail of our high band business VHF FM repeater is pure noise, probably 6 - 10 db up. We lost some Europe based Sat. TV pictures and raised noise levels were noticeable on every frequency we monitor, from 27 megs to 1.2 Gigs, in broadband bursts of uo to 2 seconds. Subjectively, I'd say I've have had more GSM cellular dropped calls than ever before. An interesting RF event - we try to find 5 milliwatt devices. How many billion gigawatts per hour was this? I think even Austin Powers could have ID'd this TX. Andy Grudko Johannesburg 2860 From: James M. Atkinson, Comm-Eng Date: Thu Apr 5, 2001 9:46am Subject: Don't you dare === Contempt === A small town prosecuting attorney called his first witness to the stand in a trial-a grandmotherly, elderly woman. He approached her and asked, "Mrs. Jones, do you know me?" She responded, "Why, yes, I do know you Mr. Williams. I've known you since you were a young boy. And frankly, you've been a big disappointment to me. You lie, you cheat on your wife, you manipulate people and talk about them behind their backs. You think you're a rising big shot when you haven't the brains to realize you never will amount to anything more than a two-bit paper pusher. Yes, I know you." The lawyer was stunned. Not knowing what else to do he pointed across the room and asked, "Mrs. Williams, do you know the defense attorney?" She again replied, "Why, yes I do. I've known Mr. Bradley since he was a youngster, too. I used to baby-sit him for his parents. And he, too, has been a real disappointment to me. He's lazy, bigoted, he has a drinking problem. The man can't build a normal relationship with anyone and his law practice is one of the shoddiest in the entire state. Yes, I know him." At this point, the judge rapped the courtroom to silence and called both counselors to the bench. In a very quiet voice, he said with menace, "If either of you asks your mother if she knows me, you'll be jailed for contempt!" -jma -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2861 From: James M. Atkinson, Comm-Eng Date: Thu Apr 5, 2001 9:49am Subject: Hell Bound Lawyer The lawyer is standing at the gate to Heaven and St. Peter is listing his sins: 1) Defending a large corporation in a pollution suit where he knew they were guilty. 2) Defending an obviously guilty murderer because the fee was high. 3) Overcharging fees to many clients. 4) Prosecuting an innocent woman because a scapegoat was needed in a controversial case. ...And the list goes on for quite awhile. The lawyer objects and begins to argue his case. He admits all these things, but argues, "Wait, I've done some charity in my life also." St. Peter looks in his book and says,"Yes, I see. Once you gave a dime to a panhandler and once you gave an extra nickel to the shoeshine boy, correct?" The lawyer gets a smug look on his face and replies, "Yes." St. Peter turns to the angel next to him and says, "Give this guy 15 cents and tell him to go to hell. -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2862 From: Dawn Star Date: Thu Apr 5, 2001 10:37am Subject: Plants "The PI who brought you in plants a little spy shop device to be found during the sweep as he believes (in error) that this will ensure future work for him." The first time I swept a Vegas Casino in the early 70's, I arrived at the casino on Friday night to do the sweep on Saturday while the administration offices were quiet. They gave me a great room with a jumbo Jacuzzi. I ordered some champaign from room service and myself and my girl friend settled in for the night. After a while I got a bad feeling about the room so I busted out the sweep gear and in less than an hour I had three listening devices. The next morning when I was brought up to the top of the hotel to meet the president, he put his hand out to shake mine I put the devices in his hand. He smiled at me and laughed and that started some great gigs in Vegas. The story spread around the city grapevine. In those days there were no corporations running Vegas and it was wild and wide open. Later I got to see the surveillance room that monitored specific hotel suits. Now you know why if you start winning big the first thing they do is comp you a room! Roger Tolces, Electronic Security Co., Los Angeles 2863 From: Rob Muessel Date: Thu Apr 5, 2001 0:04pm Subject: Panic Buttons- off topic a bit One of my clients runs an executive protection detail. Thy are looking for several wireless "panic button" systems. They envision a system consisting of a small transmitter like a automotive remote unlocking ones that their principals can carry. As many as four body worn receivers would be required. Range is about 100 feet. Anyone know of any products that fit this application? -- Rob Muessel, Director email: rmuessel@t... TSCM Technical Services Phone: 203-354-9040 11 Bayberry Lane Fax: 203-354-9041 Norwalk, CT 06851 USA 2864 From: Miguel Puchol Date: Thu Apr 5, 2001 1:12pm Subject: RE: Panic Buttons- off topic a bit Rob, We developed, a few years back, a home assistance system for the Red Cross, that consists of a collar with a small round device, that has a red button. When this button is pressed, a call is generated from the owner's telephone to the assistance center, and an ambulance/doctor dispatched. It should be very easy to modify it for portable use - i.e. portable transmitters and receivers. They operate in the 433MHz unlicensed band. Maybe it could help. How should these devices be worn? Belt mounted, for example? All the best, Mike > -----Mensaje original----- > De: Rob Muessel [mailto:rmuessel@t...] > Enviado el: jueves, 05 de abril de 2001 19:05 > Para: TSCM-L Mailing List > Asunto: [TSCM-L] Panic Buttons- off topic a bit > > > One of my clients runs an executive protection detail. Thy are looking > for several wireless "panic button" systems. They envision a system > consisting of a small transmitter like a automotive remote unlocking > ones that their principals can carry. As many as four body worn > receivers would be required. Range is about 100 feet. > > Anyone know of any products that fit this application? > -- > Rob Muessel, Director email: rmuessel@t... > TSCM Technical Services Phone: 203-354-9040 > 11 Bayberry Lane Fax: 203-354-9041 > Norwalk, CT 06851 > USA > > > ======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.onelist.com/community/TSCM-L > > or email your subscription request to: > subTSCM-L@t... > =================================================== TSKS > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ > > > 2865 From: James M. Atkinson, Comm-Eng Date: Thu Apr 5, 2001 1:24pm Subject: Re: Panic Buttons- off topic a bit At 1:04 PM -0400 4/5/01, Rob Muessel wrote: >One of my clients runs an executive protection detail. Thy are looking >for several wireless "panic button" systems. They envision a system >consisting of a small transmitter like a automotive remote unlocking >ones that their principals can carry. As many as four body worn >receivers would be required. Range is about 100 feet. > >Anyone know of any products that fit this application? >-- >Rob Muessel, Director email: rmuessel@t... >TSCM Technical Services Phone: 203-354-9040 >11 Bayberry Lane Fax: 203-354-9041 >Norwalk, CT 06851 >USA Car alarm key fob type transmitter at 300-315 MHz. -jma -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2866 From: Charles P Date: Thu Apr 5, 2001 8:28pm Subject: Re: Panic Buttons- off topic a bit Hi Rob, Almost all major alarm system brands have the key fob type transmitter that Jim mentioned. The function of the buttons is programmable and you can usually use multiple receivers. Just today I saw a wrist watch with buttons on it that Ademco makes for their panels, that caught my eye, I hadn't thought of it for personal protection but it should be good for that too. Also available are the "man-down" type transmitters that can initiate an alert if they turn from vertical to horizontal for a time period, you wear them on a belt and they also have pushbutton. The company that made the units I used to use are no longer in business (If you know anyone who wants a used system with no tech support, let me know), but I can dig up the info on others if that's what you had in mind. The standard alarm types would be easy to interface. We set up one system that triggers voice announcements over the two way radio. charles Charles Patterson charles@t... Global Communications Tarrytown, NY www.telephonesecurity.com www.avtele.com ----- Original Message ----- From: "Rob Muessel" To: "TSCM-L Mailing List" Sent: Thursday, April 05, 2001 1:04 PM Subject: [TSCM-L] Panic Buttons- off topic a bit > One of my clients runs an executive protection detail. Thy are looking > for several wireless "panic button" systems. They envision a system > consisting of a small transmitter like a automotive remote unlocking > ones that their principals can carry. As many as four body worn > receivers would be required. Range is about 100 feet. > > Anyone know of any products that fit this application? > -- > Rob Muessel, Director email: rmuessel@t... > TSCM Technical Services Phone: 203-354-9040 > 11 Bayberry Lane Fax: 203-354-9041 > Norwalk, CT 06851 > USA > > > ======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.onelist.com/community/TSCM-L > > or email your subscription request to: > subTSCM-L@t... > =================================================== TSKS > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ > > > > 2867 From: Steve Uhrig Date: Thu Apr 5, 2001 9:24pm Subject: Useful site to refer lunatics to who annoy you: http://zapatopi.net/afdb.html Steve ******************************************************************* Steve Uhrig, SWS Security, Maryland (USA) Mfrs of electronic surveillance equip mailto:Steve@s... website http://www.swssec.com tel +1+410-879-4035, fax +1+410-836-1190 "In God we trust, all others we monitor" ******************************************************************* 2868 From: James M. Atkinson, Comm-Eng Date: Thu Apr 5, 2001 9:32pm Subject: Re: Useful site At 10:24 PM -0400 4/5/01, Steve Uhrig wrote: >to refer lunatics to who annoy you: > >http://zapatopi.net/afdb.html > >Steve Right, but there products are all title 3 items, and they only sell to law enforcement. -jma -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2869 From: James M. Atkinson, Comm-Eng Date: Thu Apr 5, 2001 9:42pm Subject: FBI spy suspect 'took stripper to church' Friday 6 April 2001 FBI spy suspect 'took stripper to church' http://www.telegraph.co.uk/et?ac=003100565149417&rtmo=aCXJhuTJ&atmo=99999999&pg=/et/01/4/6/whans06.html By Toby Harnden in Washington THE FBI agent accused of spying for Russia took a stripper to church services and spent $10,000 on a car for her, according to federal prosecutors. Investigators said the purchase of the car and perhaps other presents helped to explain what Robert Hanssen, 56, who is married with six children, did with the $600,000 (L420,000) in cash and diamonds paid to him by the Russians. The relationship, combined with the discovery that Hanssen and his wife, Bonnie, ran up debts of $275,000 (L192,000), also raises questions about why the FBI did not heed clear warning signals about such a senior counter-espionage agent. It was said there was no evidence of a sexual relationship between Hanssen and the "exotic dancer", whom he met at a Washington DC strip club in the early 1990s. Hanssen, a devout Roman Catholic, apparently wanted to "convert" her in the way that William Gladstone, the Victorian prime minister, sought to "save" fallen women who had been reduced to prostitution. The stripper was said to have attended masses at the church of St Catherine of Siena in Great Falls, Virginia, on more than one occasion. There were also indications that Hanssen might have bought her a plane ticket to Tokyo. Plato Cacheris, Hanssen's lawyer, said he would not comment on "such scurrilous allegations" and his client intended to plead "not guilty" to all charges regarding spying activity said to date back to 1985. Hanssen, who spent 25 years in the FBI, is accused of passing about 6,000 pages of documents on secret US programmes to Soviet and later Russian agents. He faces the death penalty if found guilty. -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2870 From: James M. Atkinson, Comm-Eng Date: Thu Apr 5, 2001 9:44pm Subject: Rambus allegedly had spy at JEDEC Rambus allegedly had spy at JEDEC http://www.electronicstimes.com/story/OEG20010405S0037 By Jack Robertson, EBN (04/05/01 19:59 p.m. GMT) Rambus Inc. had a mole called "Secret Squirrel" tipping it off to private SDRAM deliberations at JEDEC (Joint Electron Devices Engineering Council) in 1997, Infineon Technologies has charged in the federal district court in Richmond, Va. Rambus had resigned a year earlier from the JEDEC committee drafting the SDRAM standard. However, Infineon attorneys presented internal e-mails from Rambus files from a hidden source identified only as "Secret Squirrel," allegedly leaking details of the JEDEC discussions on SDRAM after Rambus had left. Internal Rambus documents disclosed last month at the trial also show a source inside JEDEC called "Deep Throat" claimed to be keeping the memory design firm informed of the confidential SDRAM standards discussions. The alleged Rambus spies inside JEDEC surfaced when the transcript of a March 15 pretrial conference was recently released into the court record. Infineon lawyers told Federal Judge Robert Payne that the e-mails from "Secret Squirrel" and "Deep Throat" provided details of the DLL technology that JEDEC was considering and ultimately included in the SDRAM standard. They charged that Rambus then subsequently included the DLL technology as part of its amended SDRAM patent application on SDRAMs filed in 1997. Rambus attorneys told the court that Richard Crisp, Rambus engineer and recipient of the Secret Squirrel and Deep Throat e-mails, had no knowledge of where the messages came from, according to the transcript. "Mr. Crisp testified it was one of the most bizarre experiences of his life was receiving these e-mails," according to Rambus attorney David Pendarvis. John Desmarais, Infineon lawyer, told Judge Payne, "It goes directly to the scheme here, because what happens [is] Rambus continues to modify its pending patent applications after withdrawing from JEDEC until they get it finally right in the patents,,,and one of them is in this suit." The secret e-mail allegations are only the latest bizarre twist in the bitter SDRAM patent litigation between Rambus and Infineon, and also with Hyundai Electronics Industries Co. and Micron Technology in eight courts in the U.S. and in Europe. A series of other e-mails from Rambus' Richard Crisp were previously disclosed in the separate patent suit against Hyundai in the San Jose, Calif. federal court, which discussed the company's strategy against the SDRAM standard under discussion at JEDEC from 1992-96. The latest transcript showed Infineon introduced yet another Crisp e-mail from 1992 which the German chip maker claimed showed Rambus' attempt "to derail the SDRAM standard. One of the ways they were going to do that was what Mr. Crisp calls a press war by essentially, disparaging SDRAM in the press," said Infineon attorney Desmarais. The transcript disclosed that Infineon also took its knocks from Judge Payne at the pretrial hearing, when it tried to introduce a promotional videotape touting its DRAM fab at White Oak, Va. outside Richmond to provide a local interest slant for jurors. Judge Payne chastised the lawyers, "Come on. You look at me and you tell me with a straight face that this can come in [as evidence]." Infineon withdrew the tape as evidence. -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2871 From: Steve Uhrig Date: Thu Apr 5, 2001 10:24pm Subject: Minox spy cameras The following was brought to my attention by another list member. It was printed in today's AFIO newsletter. AFIO = Association of Former Intelligence Officers. I know several members of this list also belong to AFIO. Anyone with an interest in or need for subminiature photography is invited to visit the site. --------------------------------------- SECTION IV -- OTHER MISCELLANEOUS ITEMS OF INTEREST NEW MINOX WEBSITE: There are many interesting aspects to the intelligence community. The hardware used by field intel types is a specialty area, and one studied heavily by experts in tradecraft such as AFIO member H. Keith Melton. A further specialty is miniature photography, the Minox submini cameras being an important and historical intelligence tool from the 1940s to the present day. Minox cameras have played a part in many major events in history, one being the Walker Brothers spy ring. The Walkers wore out three Minox model C cameras in photographing the approximately one million documents they turned over to the Soviets. AFIO member Steve Uhrig, President of SWS Security in Maryland, manufactures electronic surveillance equipment [motto: "In God we trust, all others we monitor"], and is a collector and world-renown historian on Minox submini cameras. Visit his webpage with descriptions of the various models of Minox cameras and accessories, tidbits of history involving Minox, and descriptions of cameras and accessories for sale. If you have a Minox camera, match it to the pictures on the webpage and learn something about the history of your model. Those who were issued and used Minoxes in the field will enjoy some reminiscing on this excellent site. Visitors wishing to learn about these marvelous little intelligence tools or even purchase one will feel right at home here. Steve offers advice and consulting to new or seasoned Minox enthusiasts at no charge. He also is interested in purchasing Minox cameras or accessories if you have anything to sell. Highly recommended. mailto:Steve@s...; website http://www.swssec.com/minox.html, tel +1+410-879-4035, fax +1+410-836-1190. (recommended by AFIO President Gene Poteat) -------------------------------- Steve ******************************************************************* Steve Uhrig, SWS Security, Maryland (USA) Mfrs of electronic surveillance equip mailto:Steve@s... website http://www.swssec.com tel +1+410-879-4035, fax +1+410-836-1190 "In God we trust, all others we monitor" ******************************************************************* 2872 From: Charles P Date: Thu Apr 5, 2001 10:45pm Subject: Re: Useful site > to refer lunatics to who annoy you: > > http://zapatopi.net/afdb.html > > Steve > > Incredible! I'll have to keep a few in my tool case. 2873 From: James M. Atkinson, Comm-Eng Date: Thu Apr 5, 2001 11:18pm Subject: Breaking Foot-and-Mouth Satire Subject: [GCFL] Breaking Foot-and-Mouth Satire Foot-And-Mouth Believed To Be First Virus Unable To Spread Through Microsoft Outlook Atlanta, Ga. (SatireWire.com) Scientists at the Centers for Disease Control and Symantec's AntiVirus Research Center today confirmed that "foot-and-mouth" disease cannot be spread by Microsoft's Outlook email application, believed to be the first time the program has ever failed to propagate a major virus. "Frankly, we've never heard of a virus that couldn't spread through Microsoft Outlook, so our findings were, to say the least, unexpected," said Clive Sarnow, director of the CDC's infectious disease unit. The study was immediately hailed by British officials, who said it will save millions of pounds and thousands of man hours. "Up until now we have, quite naturally, assumed that both foot-and-mouth and mad cow were spread by Microsoft Outlook," said Nick Brown, Britain's Agriculture Minister. "By eliminating it, we can focus our resources elsewhere." However, researchers in the Netherlands, where foot-and-mouth has recently appeared, said they are not yet prepared to disqualify Outlook, which has been the progenitor of viruses such as "I Love You," "Bubbleboy," "Anna Kournikova," and "Naked Wife," to name but a few. Said Nils Overmars, director of the Molecular Virology Lab at Leiden University: "It's not that we don't trust the research, it's just that as scientists, we are trained to be skeptical of any finding that flies in the face of established truth. And this one flies in the face like a blind drunk sparrow." Executives at Microsoft, meanwhile, were equally skeptical, insisting that Outlook's patented Virus Transfer Protocol (VTP) has proven virtually pervious to any virus. The company, however, will issue a free VTP patch if it turns out the application is not vulnerable to foot-and-mouth. Such an admission would be embarrassing for the software giant, but Symantec virologist Ariel Kologne insisted that no one is more humiliated by the study than she is. "Only last week, I had a reporter ask if the foot-and-mouth virus spreads through Microsoft Outlook, and I told him, 'Doesn't everything?'" she recalled. "Who would've thought?" Copyright 2001, SatireWire Received from PackyHumor mailing list. [Moderators Note: April is such a fun time of the year] -jma -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2874 From: Rob Muessel Date: Fri Apr 6, 2001 8:29am Subject: panic buttons Thanks for the suggestions. Finding a suitable transmitter isn't the problem, though. Those are a dime a dozen. None of the receivers I've seen are intended to be portable; they are designed for fixed installations. I don't want to get into a repackaging and modification project. I'm just trying to do the guy a favor. But,..... -- Rob Muessel, Director email: rmuessel@t... TSCM Technical Services Phone: 203-354-9040 11 Bayberry Lane Fax: 203-354-9041 Norwalk, CT 06851 USA 2875 From: Robert G. Ferrell Date: Fri Apr 6, 2001 9:25am Subject: Re: Breaking Foot-and-Mouth Satire >Foot-And-Mouth Believed To Be First Virus Unable To Spread Through >Microsoft Outlook ROTFLMAO! RGF Robert G. Ferrell, CISSP Information Systems Security Officer National Business Center U. S. Dept. of the Interior Robert_G_Ferrell@n... ======================================== Who goeth without humor goeth unarmed. ======================================== 2876 From: James M. Atkinson, Comm-Eng Date: Fri Apr 6, 2001 9:38am Subject: Two indicted in theft of Cisco stock Two indicted in theft of Cisco stock A federal grand jury Wednesday indicted two Cisco Systems accountants, accusing them of breaking into the company's computer system and illegally transferring millions of dollars in Cisco stock into their own brokerage accounts, apparently by exploiting weaknesses in the networking giant's internal security. Geoffrey Osowski, 30, of Mountain View and Wilson Tang, 35, of Palo Alto were charged with computer and wire fraud in connection with allegations they started shifting shares of Cisco stock to themselves in December, then cashed in on the profits over the next several months. Osowski, a financial analyst, and Tang, an accounting manager, admitted the scheme to FBI agents when confronted two weeks ago, according to an FBI affidavit. http://www0.mercurycenter.com/premium/business/docs/fraud05.htm http://www.techtv.com/news/politicsandlaw/story/0,24195,3320550,00.html -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2877 From: James M. Atkinson, Comm-Eng Date: Fri Apr 6, 2001 11:37am Subject: Watch Those Conducted Signal Paths Folks Watch Those Conducted Signal Paths Folks Recently, I had a client contact me to come in for an unscheduled and after hours evaluation of a executives desktop computer. Their in-house security people came across an "anomaly" and wanted an outside consultant to check it out. Security Posture: Client has good locks, good doors, good alarm system, good lighting, good video coverage of ingress and egress points and so on. The entire building is also subject to random TSCM inspections. He and his staffs office are check weekly by their internal security people for RF devices (plus a physical inspection). Also, an outside TSCM service provider (guess who) comes in every 90 days or so for a full extended survey. Articulated Threat: Client was suspicious as his firm has been laying off people in droves, the stock is in the dumps, competitors are trying a hostile takeover, they are embroiled in multiple lawsuits, etc, etc, etc. He feels that his desk and files have been getting rummaged though several times a week, and their security people are fairly certain that it is one of their senior tech support people (can you say "covert video"). Confirmation and Rationale: "Word has leaked" just prior to several layoffs about certain very specific things that were being said in this executives specific office concerning specific people, their separation packages, and other details. Additionally, covert audio recordings from some of these meetings (in that specific office) have been played back to executives in an attempt to manipulate the negotiation of larger severance packages. General Findings: A senior tech support person appears to have modified the suspect computer to pass audio though the un-used cable pairs used on the 100 -Base-T computer network. Furthermore, software was found on the tech support persons computer to allow long term digitizing of the audio which appeared on the LAN tap which was programmed to automatically email copies of the compressed audio files to a secondary off-site computer (where it was being served up as MP3 files). Evaluation of automated backup tapes located copies of these MP3 files being downloaded by, or being anonymously e-mailed to other employees in the company. Finding Details: Modification consisted of two Kynar wires tack soldered to microphone input on [executives] computer motherboard, a small AGC microphone driver circuit board (kit type) drew power from mother board and pushed the audio signal down the LAN wires to the IDF where it was cross wired to the LAN wiring which went to the tech's desk (several floors away). LAN wiring was traced back to [techs] computer where it appeared on his LAN card. [Tech's] computer was checked and a similar patch was found from the LAN card to his microphone input on the motherboard (he was using the executives microphone as his own). There was no foreign RF emanations, and no visible external mods to either machine. Clear room audio was observed on the punch blocks in the IDF phone room on un-used pairs but the wall plates were un-modified. Excessive damage (relative) to other cable pair punch connections (scratches and plastic deformation) which provide related services the same room indicated that there have been multiple past intrusions. There were no modifications external to the computers other then the jumper wires in the phone rooms. Inspection of the techs desk and work areas by the companies security department located change and master keys for the entire complex, various recording devices, catalogs for eavesdropping devices, a handgun, ammunition, and other contraband (he claimed to be a reserve cop). Computer records [on his machine] indicate that the intercept had been in operation for only a few weeks prior to discovery. After Action: The tech was interviewed and dismissed (with a severance package) the next business day and a formal incident report filed with the appropriate law enforcement agency (but the company will not press charges). During the the extensive interview session the subject confessed and prepared a written statement where he stated it was done simply for revenge (he was upset about not getting a Xmas bonus). Client is now performing a full conductor check for the entire facility, as well as a hardware and software physical inspection. They are also replacing all lock cores and locking down the building, etc. -jma [Note: I was given permission to post this incident report to the TSCM-L list provided that the client (who's security people are list members) was not identified in anyway... They have reviewed this sanitized posting and approved its release] -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2878 From: Craig Meldrum Date: Fri Apr 6, 2001 6:17pm Subject: Re: Panic Buttons Rob One of my "other company's" puts together a system something like what you are looking for. It all dependes on where you want to send the signal to. The system consists small transmitters smaller than a garage remote which transmit back to a receiver which can be connected to almost anything you want. We have systems connected to computers and a standalone system that retransmits the incoming signal to a pager. Average cost per transmitter around $50. The receiver setup cost would depend on what you wanted to do with the signal. We are also looking at developing a simple device that consists a receiver and transmitter in one unit for use a by a mobile team. When one pushes his button the rest of the team get a vibrating alert on their unit. This was asked for by a nightclub who wanted each of their bouncers to be able to alert the rest if he needed assistance and the vibra-alert was because it was too noisy in a night club to hear a beeper. The only limitation on such a system is that if you have 5 or 6 units you cannot be sure who pushed the button or where they are if you can't see them but it does alert the team that one of the others is in need of assistance. Cheers Craig ========================================================= Craig Meldrum, Managing Director Communications Security Ltd, PO Box 8314, Symonds St, Auckland, New Zealand Ph: 64-9-3093386 Fax: 64-9-3021148. craig@c..., www.comsec.co.nz Selective Communications Group Ltd, PO Box 8798, Symonds St, Auckland, New Zealand, Ph: 64-9-3021142 Fax: 64-9-3021148 craig@s..., www.selective.co.nz Australian Office: i-Mobile Pty Ltd, PO Box 446, Burwood NSW 1805, Australia. Ph: 61-2-97152238 Fax: 61-2-97152941 craig@i..., www.paging-data-receiver.com ========================================================= 2879 From: James M. Atkinson, Comm-Eng Date: Sat Apr 7, 2001 5:39am Subject: Insider trading probe like `spy stuff' Insider trading probe like `spy stuff' http://www.thestar.com/cgi-bin/gx.cgi/AppLogic+FTContentServer?GXHC_gx_session_id_FutureTenseContentServer=04626d67fdf274ee&pagename=thestar/Layout/Article_Type1&c=Article&cid=986504048027&call_page=TS_Business&call_pageid=968350072197&call_pagepath=Busin Rob Ferguson BUSINESS REPORTER Private investigators looking for evidence of insider trading through numbered offshore accounts at RBC Dominion Securities could be greasing palms in the Bahamas and interrogating staff in Toronto. ``This is no different from spy stuff,'' said Al Rosen, a York University professor and head of Rosen@Associates, a forensic accounting and investigations firm that has handled several major probes. Investigators will be pressuring officials at private banks in the Bahamas and Switzerland for the identities of the holders of numbered accounts used in the suspected insider trading, Rosen said. Those private banks routed what RBC Dominion Securities said were ``suspicious'' stock trades in companies the investment dealer - owned by the Royal Bank of Canada - was advising in top-secret mergers and acquisitions. But those foreign bankers may not co-operate because of banking secrecy laws. ``If you get the law thrown back at you, then it's a matter of getting the information through other means,'' Rosen said. ``We pass it over to specialists. Would they bribe? Yeah. They get the information a little too quickly.'' RBC Dominion, the country's largest investment dealer, has hired the forensic accounting firm of Kroll Lindquist Avey to conduct an investigation. Kroll investigators are already overseas and officials in Toronto could not be reached for comment on their methods yesterday. RBC Dominion officials also could not be reached. Meanwhile, investigators will be looking for anyone in the investment dealer's mergers and acquisitions department who had the motivation and opportunity to make extra cash by peddling information, said Len Brooks, a forensic accounting professor at the University of Toronto. Office phone and e-mail records can be searched, phone calls may have been monitored and assessments of personal financial circumstances can be made, he added. There is also a more direct route, according to Rosen. ``You put the heat on them. Who has the biggest mortgage, the biggest car, the biggest number of ex-wives, the most mistresses?'' ``Certain people, as you ask the questions, they're nervous or evasive. It becomes basic police work.'' RBC Dominion, the country's biggest investment dealer, shocked Bay Street Wednesday by revealing it has uncovered a series of ``suspicious'' stock trades. Many of the trades were in shares of companies the firm was advising on upcoming mergers and acquisitions, raising the possibility insider information was leaking out. Few details of the trades were made public. The Ontario Securities Commission and the Toronto Stock Exchange are also conducting their own investigations. One complication is that the holders of the Swiss and Bahamian accounts could be holed up anywhere around the globe, perhaps hiding at the end of a long paper trail through many more banks. ``It's a question of unravelling the mystery,'' Brooks said. ``You can have this stuff go five times around the world,'' Rosen added. ``If anyone is any good at it, they'll move it (the money) three or four places or split the account. You don't want a paper trail that's too easy to follow.'' However, if the offshore banks are ``corresponding banks'' with which the Royal Bank regularly does business, finding the identities of the account holders should be routine, Brooks said. In that case, another recourse is through law enforcement agencies such as the RCMP, which can deal directly with foreign police forces or market regulators. In cases like these, investigators have also found the accounts have been opened by one person in another person's name, complicating the chase. ``Then you start pursuing that trail,'' Rosen said. ``You find who it is and interview that person and break them down and ask if they're getting 5 per cent and if some other person's getting 95 per cent. Then it's just normal police work.'' The account holders would then have to be tracked down and questioned about relationships with anyone at RBC Dominion. Rosen said the forensic accounting field is so busy, he's winding up his teaching career at York. And the University of Toronto's Rotman School of Management is launching a distance-education diploma program for chartered accountants in forensic and investigative accounting, said Brooks, who is the director. ``White-collar crime is a growth area. You need training beyond the C.A. designation in areas of evidence and interviewing and investigating to do a good job.'' -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2880 From: James M. Atkinson, Comm-Eng Date: Sat Apr 7, 2001 5:41am Subject: E-mail wiretapping used to spy on corporate communications E-mail wiretapping used to spy on corporate communications http://www.theregister.co.uk/content/8/18147.html By: John Leyden Posted: 06/04/2001 at 11:12 GMT Corporate spies are using covert JavaScript code within email to track the contents of sensitive financial communications. That's the warning from managed service provider Activis which said that it is seeing increasing use of malicious JavaScript coding to create Web bug that spy on Internet traffic. These Web bugs can be embedded into HTML based emails before they are sent. The code then acts to covertly copy the original sender each time this email is forwarded on within the recipient's system. The issue has been well known within the security community since February, when online watchdog the Privacy Foundation highlighted the problem. Activis says it is a live threat that is been actively exploited. It picked up the trend in the course of providing content management services for its clients. Despite the bleak picture painted by Activis the situation is far from hopeless. It is possible to eradicate 'e-wiretapping' via Web bugs by installing email encryption software, or turning off JavaScript in HTML messages. The advice is timely because there is evidence that businesses do not take email security seriously enough, despite conducting more and more sensitive business negotiations over the Net, chiefly because it greatly speeds up discussions. A recent report on email security within mergers and acquisitions, published by IT services company Northgate Information Solutions, found 100 firm out of 500 sent 70 per cent or more of confidential information via email. Despite this, only 11 per cent of the total sample said that they had secure, encrypted email. Lawyers, who really ought to know about the need for confidentiality, were the worst offenders with only eight per cent insisting on using encrypted emails when sending confidential information to external parties. -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. ======================================================================= 2881 From: James M. Atkinson, Comm-Eng Date: Sat Apr 7, 2001 7:04pm Subject: Corporate spy case unfolds in lawsuit Corporate spy case unfolds in lawsuit Fruit of the Loom worker admits sharing secrets http://www.chicagotribune.com/business/businessnews/article/0,2669,ART-51039,FF.html By Robert Manor Tribune staff reporter April 8, 2001 An international case of corporate spying is playing out in Chicago, with a former manager at underwear maker Fruit of the Loom confessing she betrayed her employer and gave critical trade secrets to a competitor. "This case is about industrial espionage at the highest corporate level and the lengths to which predatory competitors will go to obtain commercial advantage," Fruit of the Loom lawyers charged in documents filed in U.S. District Court here. Fruit of the Loom filed suit last week against Gildan Activewear Inc., of Montreal, and one of its top executives. In the case, Fruit of the Loom seeks unspecified damages and asks the courts to prohibit Gildan from using confidential production and sales forecasts it allegedly obtained late last year. On Thursday U.S. District Judge Joan Gottschall issued a temporary restraining order against Gildan. A Gildan spokeswoman Friday declined to comment on the lawsuit, saying the company is still studying it. At the heart of the case is this allegation: That the Canadian company, with the help of the former Fruit of the Loom executive, stole trade secrets to gain a competitive edge and grab market share and sales from its competitor in the cut-throat apparel business. Such high-profile charges of corporate espionage are not uncommon, security consultants say. Kraft Foods, for example, filed a lawsuit this year against Marshall, Minn.-based pizzamaker Schwan's Sales Enterprises Inc., alleging that in the late 1990s Schwan's hired an investigator to uncover Kraft's plans for a rising dough pizza. Last year Cargill Inc. paid $100 million to settle a lawsuit alleging that it had used secret biotech material provided by a former employee of a competitor, Pioneer Hi-Bred International. Fruit of the Loom's lawsuit against Gildan, meanwhile, relies in large part on the admission of a former Fruit of the Loom insider that she supplied confidential company documents to an executive at Gildan. The woman in question is identified in court papers as Elizabeth Walton, formerly a Rockfield, Ky.-based employee of Fruit of the Loom. Walton, who is not named as a defendant in the lawsuit, is expected to testify for Fruit of the Loom if the case goes to trial. Walton, the lawsuit says, worked for David Cherry, who was a vice president at Fruit of the Loom until 1998, when he left to become an executive vice president at Gildan. Cherry is a top executive at Gildan, serving on its executive management committee. Cherry, the lawsuit says, remained in touch with Walton after he left Fruit of the Loom. In an affidavit filed as part of the case, Walton spells out what allegedly happened next: "On Nov. 27, 2000, Cherry called me at work and left a voice mail message asking me to call him," Walton said. Cherry, she says in the affidavit, instructed her to use a pay phone. And when she called him, Walton says, Cherry asked her "if I could do him a favor and get my hands on a Fruit of the Loom forecast report and a sew plan report," she said. Valuable reports Fruit of the Loom contends that these reports set out a wealth of information about its plans and production capabilities-data that Gildan can exploit to win customers and sales away from Fruit of the Loom. The two reports include production goals for the company's plants in El Salvador, Honduras, Mexico and elsewhere. They would allow Gildan to estimate production costs, Fruit of the Loom says. They detail sales to specific customers, trends in demand and budget information. "In sum, the sew plan and forecast report provide Gildan with a road map to Fruit of the Loom's production and sales strategies worldwide," the company says. In the sort of dry language typical of legal affidavits, Walton goes on to say that she honored her former boss' request for the confidential documents. "After talking with Cherry, I returned to my office and used my office computer to access a company file containing the company's current forecast report and I (already) had a copy of a sew plan report," Walton said. "I put a copy of the forecast report and my copy of the sew plan report in a FedEx envelope" and sent them to Cherry. "When I sent the reports to Cherry," she went on in the affidavit, "I knew they were confidential Fruit of the Loom information that was not publicly available and that they should not have been provided to anyone outside of the company." Fruit of the Loom and Gildan have been on remarkably different trajectories. At fast-growing Gildan, profits have soared from $6 million in 1997 to $56 million last year, and the company's stock, which trades on the New York Stock Exchange, has shot up 230 percent since 1998. Fruit of the Loom, meanwhile, has wallowed in bankruptcy since late 1999 after moving production from the U.S. to plants in Third World countries, a decision that led to severe transportation and management problems. Executive departures At least five Fruit of the Loom executives have taken jobs at Gildan in recent years. One of those executives, sources say, alerted Fruit of the Loom about the alleged theft after copies of the reports began circulating around Gildan's offices. The court papers don't say why Walton left Fruit of the Loom, where until recently she was director of customer service. And John Ray, general counsel for Fruit of the Loom, said it is unclear why Walton turned over such valuable information to a competitor. She wasn't paid for the documents. Walton couldn't be reached for comment. Cherry, through a Gildan spokeswoman, declined to be interviewed. If Fruit of the Loom was victimized by Gildan, it would not be not the first company to suffer from corporate espionage. The American Society for Industrial Security estimates that Fortune 1000 companies lose at least $45 billion a year due to corporate spying. E-mail rmanor@t... -- ======================================================================= Sed quis custodiet ipsos Custodes? "In a time of universal deceit, telling the truth is a revolutionary act" - George Orwell ======================================================================= James M. Atkinson Phone: (978) 546-3803 Granite Island Group Fax: (978) 546-9467 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@t... ======================================================================= The First, The Largest, The Most Popular, and The Most Complete TSCM, Technical Security, and Counterintelligence Site on the Internet. =======================================================================