From: Mike F Date: Thu Jun 1, 2000 3:26pm Subject: zone alarms has been updated Zone Alarm v2.125 updated may31, The software is free about 1.5 megs http://www.zdnet.com/downloads/stories/info/0,,0015P7,.html later4,mike f Michael T. Fiorentino Syracuse,NY 13206 "CONFIDENTIALITY WARNING" This electronic message contains information which may be privileged and/or confidential. The information is intended for use only by the individual(s) or entity named/indicated above. If you are not the identified/intended recipient, be aware that any disclosure, copying, distribution, or use of the contents of this message/information is prohibited. If you are not the indicated recipient or have received this message in error contact our offices immediately for instructions." 483 From: Andre Holmes <1ach@g...> Date: Thu Jun 1, 2000 11:29am Subject: Fw: Marty Kaiser Equipment -----Original Message----- From: Andre Holmes <1ach@g...> To: TSCM-L@egroups Date: Thursday, June 01, 2000 12:21 PM Subject: Marty Kaiser Equipment I want to say that Im proud to own some of the kaiser boxes they are the best you can get for the money. The 2044 is a very versital unit as compared to the scanlock and cpm and to say the least well worth the price. I join many of you out there who all ready own some of martys boxes and marty you should keep up the good work no matter what. Making sells is what we all are striving for and you can bet,[ side by side youve out done the others]. All that the other makers of Electronic countermeasures companys have done basically is increase the gig coverage and price. They havent shown any other detection features that they are sharing with us. Take second to none. Andre [Non-text portions of this message have been removed] 484 From: James M. Atkinson, Comm-Eng Date: Thu Jun 1, 2000 8:17pm Subject: United States Foreign Intelligence Surveillance Court Orders I thought the list might find this interesting: -jma ================ >Office of the Attorney General >Washington, D.C. 20530 >April 27, 2000 > >Honorable J. Dennis Hastert >Speaker of the House of Representatives >Washington, D.C. 20515 > >Dear Mr. Speaker: > >This report is submitted pursuant to the Foreign Intelligence >Surveillance Act of 1978, Title 50, United States Code, Section >1807, as amended. > >During calendar year 1999, 886 applications were made for orders and >extensions of orders approving electronic surveillance or physical >search under the Act. the United States Foreign Intelligence >Surveillance Court issued orders in 880 applications granting >authority to the Government for the requested electronic >surveillance and electronic searches. One application filed in 1999 >was pending before the Court until March 29, 2000, when it was >approved. Five applications which were filed in late December 1999 >were approved when presented to the Court on January 5, 2000. > >No orders were entered which modified or denied the requested authority. > > Sincerely, > > Janet Reno =================================================================== Do not meddle in the affairs of dragons, for you are crunchy and taste good with ketchup. =================================================================== James M. Atkinson Phone: (978) 381-9111 Granite Island Group 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@tscm.com =================================================================== Nil carborundum illigitimi =================================================================== 485 From: James M. Atkinson, Comm-Eng Date: Thu Jun 1, 2000 9:03pm Subject: Re: Fw: Marty Kaiser Equipment Marty Kaisers "little black boxes" are worth their weight in gold (literally). I personally use an entire briefcase full of his gear on almost every sweep, and probably have 1 or 2 of just about every TSCM item he makes. I have nothing but praise for the 2044 and 2057, the systems are incredibly sensitive and I am confident they could "hear a flea break wind at 1000 yards". The noise floor on the 2044 and 2057 is simply amazing, which reflects his excellent design and manufacturing skills. The 2030, SCD5, and 1059 also make an incredible system (which out performs many overpriced government black boxes). I suggest that you buy one of each for AC mains, and a second system just for phone usage (be sure to tweak the impedance matching circuit for optimal function). The 2045 can perform miracles when hunting for some of the nasty little 35 - 50 MHz sub milli-watt devices that other manufactures equipment misses (cough-cough... no names please). The 2057 also seriously "kicks butt" when hunting for WFM "Tokyo Spider" devices, and devices which use Sub-Carrier modulation. In a nutshell... Marty's equipment is incredible, and it's a damn shame that there isn't some type of industry award that we nominate him for. -jma PS: On a more humorous note... Why is Marty like an "Amish Engineer"... (with respect... I hope nobody takes offense) [duck] 1) He dresses all his equipment in black 2) He keep his prices low, and reasonable 3) Everybody gets a fair deal... and I mean everybody 4) He is honest, and a straight shooter 5) He is really a pleasure to do business with 6) The government has tried 100 times to run him out of business 7) Everything is custom build to order... and I mean everybody At 12:29 PM -0400 6/1/00, Andre Holmes wrote: >-----Original Message----- >From: Andre Holmes <1ach@g...> >To: TSCM-L@egroups >Date: Thursday, June 01, 2000 12:21 PM >Subject: Marty Kaiser Equipment > > >I want to say that Im proud to own some of the kaiser boxes they are >the best you can get for the money. > >The 2044 is a very versital unit as compared to the scanlock and cpm >and to say the least well worth the price. > >I join many of you out there who all ready own some of martys boxes >and marty you should keep up the good work no matter what. > >Making sells is what we all are striving for and you can bet,[ side >by side youve out done the others]. > >All that the other makers of Electronic countermeasures companys >have done basically is increase the gig coverage and price. They >havent shown any other detection features that they are sharing with >us. > >Take second to none. Andre =================================================================== Do not meddle in the affairs of dragons, for you are crunchy and taste good with ketchup. =================================================================== James M. Atkinson Phone: (978) 381-9111 Granite Island Group 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@tscm.com =================================================================== Nil carborundum illigitimi =================================================================== 486 From: Jay Coote Date: Thu Jun 1, 2000 9:11pm Subject: Anritsu Handheld S/A? Anyone have the sensitivity and RBW specs on the Anritsu 3 GHz handheld spectrum analyzer? I could not see the specs on their site and this "mature" computer won't ack PDF files. It looked like a nice toy. Thanks, Jay Coote 487 From: Date: Thu Jun 1, 2000 4:55pm Subject: On-hook Security Looking for a conference table type phone (multiple speakers/transmitters) that has on-hook security features like a STU-III or STE. 488 From: Steve Whitehead Date: Thu Jun 1, 2000 9:21pm Subject: AFRICA - Another view We would like to give our view on the recent comments posted by Andy Grudko about TSCM, etc in South Africa. As a professional TSCM company we are perhaps experiencing and seeing things from a different angle. We do not agree with his assessment regarding TSCM in general in South Africa. The same sophisticated devices available elsewhere in the World is perhaps more freely available in South Africa, because of the lack of proper Legislation regulating advertising, selling and possession of these devices. Our professional fees are lower than the US but compare quite favourably with fees from countries in Europe and elsewhere. There are many corporates and smaller companies in South Africa who are prepared to pay fairly decent fees for a professional service. Most corporates will not be fooled by operators walking around with a field strength meter and it is important to distinguish on which Level you offer services. The SA Government has excellent and well trained survey teams with sophisticated equipment and would never use a PI to conduct surveys for them. His rate of discoveries is astonishing. We have been involved in this business, (Government and corporate) for the many years and discoveries and signs of tampering are few and far in between. It appears that it is only the PI's in South Africa that regularly discover bugs. Unfortunately they are also regularly failing their polygraph tests regarding their "discoveries". (We recommend to companies to polygraph test operators on the discovery or location of any devices) We own professional equipment, spectrum analyser with accessories, 3 Non-Linear Junction Detectors, a single line as well as a multi-line telephone analyser, oscilloscope, power amplifiers, multi-meters, a variety of tools, as well as a number of probes, broadband receiver, Scanlock ECM and even a Winradio with software which we use for our training courses. (We offer a basic course which runs over 10 working days). We have spend nearly US $ 150 000 over the past four years on equipment since joining the commercial sector.We only offer TSCM services! (Grudko wrote " My monthy fee is only $ 300 so I really don't want to go out and buy a $ 21 000 Oscar") Actually it is spelled OSCOR. One would expect a professional to actually know the names of the equipment. We also regularly have a variety of demonstration equipment as we represent three well known manufacturers of TSCM equipment in South Africa. I also know of at least four other PI companies in South Africa that own professional and sophisticated equipment. How do they do it? Grudko wrote" ... and recommend that they ask our main opposition for a second opinion" What about the four companies mentioned here? Regarding his "RF signal in the Government office", How reliable is a CPM in a strong signal area? At the end of the day when an assessment is made it has to be based on experience, logic, physical search, interpretation of the readings and measurements, and if there is nothing, there is nothing. (We are the opposition referred to in his posting to the list). (The signal could have been present when he conducted his survey with the CPM, a few nights earlier, if there ever was one. We never got a printout, frequency, signal strength, etc) We agree with Grudko that more has to be done regarding educating companies about the overall lack of proper counterintelligence practices. We regularly present Workshops on the subject and usually feature an international speaker at the events. Rob Muessel of ISA visited South Africa twice as a keynote speaker at these workshops. A technician and an engineer from Winkelmann Ltd (UK) featured twice last year on our workshops and technical and engineering staff from REI will be keynote speakers at a Workshop we are hosting in September. During these workshops sophisticated devices and the countermeasures are discussed and even analysed during the presentations. We have another Workshop in July where we will analyse and evaluate very sophisticated audio devices from a well-known Scandinavian company. We regularly invite the local PI industry to these workshops but they never attend. Grudko is on record where he wrote us that "he is not into Workshops" when we mailed him an announcement of an upcoming workshop. There are a few companies in South Africa offering professional commercial TSCM services and the TSCM fraternity is a small group in South Africa and they all know each other. Grudko does not represent them or the level of services they offer, nor is he any opposition. On what basis can he give an informed opinion to the World what is available in South Africa or what level of sophistication we have to counter in South Africa? Perhaps he should consider to invest in professional equipment like the OSCOR and will be able to see, hear and detect things that are beyond the capabilities of a CPM and Scanlock. TSCM demands commitment, dedication as well as a large investment in equipment and constant training. We thank you for the opportunity to allow a different view of TSCM in South Africa. Steve Whitehead & Lorenzo Lombard Managing Members TSCM Services cc Tel (+2712) 664-3157 Fax (+2712) 664-3180 P O Box 16063, Lyttelton, 0140, Gauteng, South Africa E-mail sceptre@m... URL http://www.tscm.co.za Steve Whitehead Managing Member TSCM Services cc P O Box 16063, Lyttelton, 0140, Centurion, South Africa Tel (012) 664-3157 Fax (012) 664-3180 International (+2712) E-mail sceptre@m... URL http://www.tscm.co.za [Non-text portions of this message have been removed] 489 From: Date: Thu Jun 1, 2000 5:32pm Subject: computer forensic I am looking for information concerning computer data recovery. With todays computer hardware is it possible to verify if a hard drive was replaced within a certain period of time. Also, if someone 'scrubbed' their computer (deleting and refilling in sectors with new bits of info), is there any way to recover the information that the person tried to hide? Any info is appreciated. -Eric -------------------------------------------------- Rage with the Bulls... Get your FREE @ragingbull.com Email Address Visit http://www.ragingbull.com/ 490 From: James M. Atkinson, Comm-Eng Date: Thu Jun 1, 2000 9:34pm Subject: The Physics of Hell It is an oldie... but still a goodie... The following is an actual question given on a University of Washington engineering mid term. The answer was so "profound" that the Professor shared it with colleagues, which is why we now have the pleasure of enjoying it as well. Bonus Question: Is Hell exothermic (gives off heat) or endothermic (absorbs heat)? Most of the students wrote proofs of their beliefs using Boyle's Law, (gas cools off when it expands and heats up when it is compressed) or some variant. One student, however, wrote the following: "First, we need to know how the mass of Hell is changing in time. So we need to know the rate that souls are moving into Hell and the rate they are leaving. I think that we can safely assume that once a soul gets to Hell, it will not leave. Therefore, no souls are leaving. As for how many souls are entering Hell, lets look at the different religions that exist in the world today. Some of these religions state that if you are not a member of their religion, you will go to Hell. Since there are more than one of these religions and since people do not Belong to more than one religion, we can project that all souls go to Hell. With birth and death rates as they are, we can expect the number of souls in Hell to increase exponentially. Now, we look at the rate of change of the volume in Hell because Boyle's Law states that in order for the temperature and pressure in Hell to stay the same, the volume of Hell has to expand as souls are added. This gives two possibilities: 1. If Hell is expanding at a slower rate than the rate at which souls enter Hell, then the temperature and pressure in Hell will increase until all Hell breaks loose. 2. Of course, if Hell is expanding at a rate faster than the increase of souls in Hell, then the temperature and pressure will drop until Hell freezes over. So which is it? If we accept the postulate given to me by Ms. Teresa Banyan during my Freshman year, "...that it will be a cold day in Hell before I sleep with you.", and take into account the fact that I still have not succeeded in having sexual relations with her, then, #2 cannot be true, and thus I am sure that Hell is exothermic and will not freeze." the student received the only "A" given. =================================================================== Do not meddle in the affairs of dragons, for you are crunchy and taste good with ketchup. =================================================================== James M. Atkinson Phone: (978) 381-9111 Granite Island Group 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@tscm.com =================================================================== Nil carborundum illigitimi =================================================================== 491 From: Chad Clayton Date: Thu Jun 1, 2000 10:12pm Subject: Equipment Hello group, I am a recent newcomer to the list. And from reading the list I am the amateur in the group. I am a private investigator in the midwest who conducts low threat level sweeps. Most of my clients should be more concerned about basic information security procedures than worrying about an eavesdropping threats. Currently I use a CPM 700, Fluke 87 multimeter and a PSA 65C to 3.75 Gig and alot of physical searching. I am constantly trying to gain knowledge about the trade. I will be attending an additional 80 hours of training in July and plan to approach my boss for some additional equipment. I would like some input on what my next piece of equipment will help me the most a non linear junction detector, a TDR or ??? Advise and recommendations would be appreciated. Thanks, Chad 492 From: D. Douglas Rehman Date: Thu Jun 1, 2000 11:19pm Subject: RE: computer forensic > -----Original Message----- > From: eric@r... [mailto:eric@r...] > > I am looking for information concerning computer data recovery. > With todays computer hardware is it possible to verify if a hard > drive was replaced within a certain period of time. Also, if > someone 'scrubbed' their computer (deleting and refilling in > sectors with new bits of info), is there any way to recover the > information that the person tried to hide? Any info is appreciated. There are a lot of "it depends" in answering your questions; computers, software, operating systems, etc. are so complex that every situation is unique. Generally, yes, it is possible to determine when a hard drive was placed into service. It is often possible to tell that data has been purposefully deleted or destroyed. Depending on the manner that the data has been deleted, destroyed, or hidden, it can often be recovered. Microsoft operating systems tend to be very sloppy (infosec wasn't considered...) and often save information, unbeknownst to the user, to various areas of the hard drive. Information that has actually been written over is, for most practical purposes, lost. If that same information happens to have been written elsewhere on the drive, it can be recovered there. It is possible to recover information that has been overwritten, but you will need the budget of a small country. The information is recovered using Scanning Tunnel Microscopy. For this reason, the government usually shreds or melts hard drives that have contained sensitive information. While STM is extremely expensive today, it may well be affordable in a few years. As with TSCM, anybody can attempt computer forensics. The professionals will be trained, experienced, and equipped to do the best job possible. A non-pro almost always makes a mess out of the hard drive, often destroying evidence. Computer forensics is a lot like TSCM, you have to be at least as good as your opponent, or luckier... Best Regards, Doug Rehman Rehman Technology Services, Inc. Specializing in Computer Forensics and Technology Related Investigations License A-9800119 Mount Dora, Florida (Orlando Area) (352)357-0500 http://www.surveil.com 493 From: James M. Atkinson, Comm-Eng Date: Fri Jun 2, 2000 0:32am Subject: Re: Equipment At 10:12 PM -0500 6/1/00, Chad Clayton wrote: >Hello group, I am a recent newcomer to the list. And from reading the >list I am the amateur in the group. I am a private investigator in the >midwest who conducts low threat level sweeps. Most of my clients should >be more concerned about basic information security procedures than >worrying about an eavesdropping threats. Currently I use a CPM 700, >Fluke 87 multimeter and a PSA 65C to 3.75 Gig and alot of physical >searching. I am constantly trying to gain knowledge about the trade. I >will be attending an additional 80 hours of training in July and plan to >approach my boss for some additional equipment. I would like some input >on what my next piece of equipment will help me the most a non linear >junction detector, a TDR or ??? Advise and recommendations would be >appreciated. Thanks, Chad Your next purchase should be an OSCOR, and a small HH Dual trace Oscilloscope such as the Fluke 199 (and a little Kaiser ping box with two channels). If you don't already have then obtain the IR and Magnetic probes for the CPM-700, and maybe some extra batteries. You have several noticeable gaps in your first line countermeasure that the above equipment will help too close. To supplement the OSCOR you may also want to pick up 2 or 3 identical scanners and dump one of my bug frequency tables and have them running while you performing the physical inspection. Stay away from the NLJD for the time being, and don't buy a TDR quite yet. -jma =================================================================== Do not meddle in the affairs of dragons, for you are crunchy and taste good with ketchup. =================================================================== James M. Atkinson Phone: (978) 381-9111 Granite Island Group 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@tscm.com =================================================================== Nil carborundum illigitimi =================================================================== 494 From: Jordan Ulery Date: Fri Jun 2, 2000 1:59am Subject: Re: zone alarms has been updated Works like a charm and is worth the few minutes it takes. Be sure to join the list and get the other update info as well. Mike F wrote: > Zone Alarm v2.125 updated may31, > The software is free about 1.5 megs > http://www.zdnet.com/downloads/stories/info/0,,0015P7,.html > > later4,mike f > > Michael T. Fiorentino > Syracuse,NY 13206 > > "CONFIDENTIALITY WARNING" > This electronic message contains information which may be privileged > and/or confidential. The information is intended for use only by the > individual(s) > or entity named/indicated above. If you are not the identified/intended > recipient, be aware that > any disclosure, copying, distribution, or use of the contents of this > message/information is prohibited. If you are not the indicated recipient or > have > received this message in error contact our offices immediately for > instructions." > > ------------------------------------------------------------------------ > Accurate impartial advice on everything from laptops to table saws. > http://click.egroups.com/1/4634/1/_/507420/_/959891216/ > ------------------------------------------------------------------------ > > ======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.onelist.com/community/TSCM-L > > or email your subscription request to: > subTSCM-L@t... > =================================================== TSKS 495 From: Jordan Ulery Date: Fri Jun 2, 2000 2:04am Subject: Re: computer forensic Check out PI mall for computer forensic specialists. It is my understanding that if the government wipe of 7x rewrite (1 followed by 0 followed by a random three digit number) is used recovery of data is impossible. With the 3x standard availalbe from some programs, including Norton, some recovery may be possible, although not likely. As for the date of installation and removal that should be recoverable, but may be over written on the hard disc if the unit is reinstalled in another computer, therfore, go to the pros. eric@r... wrote: > I am looking for information concerning computer data recovery. With todays computer hardware is it possible to verify if a hard drive was replaced within a certain period of time. Also, if someone 'scrubbed' their computer (deleting and refilling in sectors with new bits of info), is there any way to recover the information that the person tried to hide? Any info is appreciated. > > -Eric > > -------------------------------------------------- > > Rage with the Bulls... > Get your FREE @ragingbull.com Email Address > Visit http://www.ragingbull.com/ > > ------------------------------------------------------------------------ > Sneezing And Wheezing? > Get $10 Today to Fight your allergies! > http://click.egroups.com/1/4851/1/_/507420/_/959913749/ > ------------------------------------------------------------------------ > > ======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.onelist.com/community/TSCM-L > > or email your subscription request to: > subTSCM-L@t... > =================================================== TSKS 496 From: Jordan Ulery Date: Fri Jun 2, 2000 3:01am Subject: Computer Forensics This is not an advertisement and I have no interest in the program or company. The information is offered as a service to the list and no warrantee is made regarding the product or its suitability to your needs. In light of the recent questions posed regarding computers this may be of interest. Caveat emptor! Below is the description of a Shareware ( Try it and Buy it) program for REAL data elimination. It reportably deletes files, registry entries, and other traces so thoroughly that the most sophisticated law enforcement and computer data reconstruction programs can not read the info. It is fully configurable. This information was gleaned from a PI list to which I am a member. The program is far to big ( 3.5 MB) to post here. Look for it at CD.net or on shareware sites. "This security tool eliminates all evidence from your PC in one single click of a button. In tests, Evidence Eliminator defeats "Forensic Analysis" software as used by investigators, law enforcement etc. It protects you from unwanted data becoming permanently hidden in your PC. Whoever you are, whatever you do, you need Evidence Eliminator. Free 30 day evaluation version is fully functional and gives complete protection. v4.5 now includes "Stealth Mode" invisibility and securely Under-Writes your existing files to defeat forensic hardware analysis. Short of dousing it with gasoline and setting it ablaze, the only way to keep things spotless and shiny clean is with Evidence Eliminator. Anything that's a potential problem is shredded, removed, or otherwise dealt with. There are lots of obvious problem areas cleaned with Evidence Eliminator. Things such as your browser's cache, history file, and cookies, as well as things on your start menu such as the run history, find files history, and recent documents list. Not that overly impressed yet, huh? Most of that is stuff that you already know about or do by hand, right? Did you think about Internet Explorer's AutoComplete memory of form posts and passwords? Or perhaps the Windows swap file and application logs? What about slack space and deleted entries in the Windows registry and deleted filenames, sizes and attributes from your drive directory structures? Hmm, did you miss any of those on your own? The people you don't want snooping around your computer won't." [Non-text portions of this message have been removed] 497 From: James M. Atkinson, Comm-Eng Date: Fri Jun 2, 2000 9:40am Subject: Re: AFRICA - Another view At 4:21 AM +0200 6/2/00, Steve Whitehead wrote: >We would like to give our view on the recent comments posted by Andy >Grudko about TSCM, etc in South Africa. As a professional TSCM >company we are perhaps experiencing and seeing things from a >different angle. It's good to talk... it promotes growth and development within the industry. Of course we all see things from a different angle, and it's good to "compare notes", and to "agree to disagree". >We do not agree with his assessment regarding TSCM in general in >South Africa. The same sophisticated devices available elsewhere in >the World is perhaps more freely available in South Africa, because >of the lack of proper Legislation regulating advertising, selling >and possession of these devices. > >Our professional fees are lower than the US but compare quite >favourably with fees from countries in Europe and elsewhere. There >are many corporates and smaller companies in South Africa who are >prepared to pay fairly decent fees for a professional service. You can only charge what your market will bear, and you can only spend as much time at your clients site as they will permit. Personally I like to take 2-3 days for even the most basic of sweeps (1-3 offices), and generally prefer to work alone. However, if I have only a maximum of 4 hours then I have to adapt to my clients requirements. I also have clients who insist that any TSCM activity always involve at least 2 people, in which cases I also have to adapt to their requirements and bring a second person. Some clients want the RF spectrum evaluated in detail, some only want a cursory check. Others want every conductor in an area evaluated, others are happy with only the telephone lines being strobed with a TDR. >Most corporates will not be fooled by operators walking around with >a field strength meter and it is important to distinguish on which >Level you offer services. Actually they will be fooled.... until they come across a real TSCM'er who shows them real TSCM equipment, real TSCM procedures, and real TSCM protocols. >The SA Government has excellent and well trained survey teams with >sophisticated equipment and would never use a PI to conduct surveys >for them. Actually it depends on what level of government your talking about... While the national government may not, the local water plant manager, or local police department might (and often does) use PI's for TSCM services. Remeber that all governments have many layers. I know of numerous cases where some low level politician or bureaucrat had a local PI bring in a "wand waver" who in turn found a box full of bugs. >His rate of discoveries is astonishing. We have been involved in >this business, (Government and corporate) for the many years and >discoveries and signs of tampering are few and far in between. It >appears that it is only the PI's in South Africa that regularly >discover bugs. Unfortunately they are also regularly failing their >polygraph tests regarding their "discoveries". (We recommend to >companies to polygraph test operators on the discovery or location >of any devices) The rate of discoveries are of course limited, but the more time you spend performing sweeps the more bugs you will find. As far as tampering... If you are very observant you can find "issues" on every single sweep you perform. That's not to say that you will find evidence of bugging, but you will observe serious weaknesses which could facilitate a bugging (such as telcom closets with no locks, unlocked SACS, un-secure pedestals, use of cordless phones, etc). In a small number of cases you may even be lucky and find signs of previous eavesdropping but not the bug itself (ie: wire soldered together after a series device was removed, or the ground lead being removed from an outlet, etc.) >We own professional equipment, spectrum analyser with accessories, 3 >Non-Linear Junction Detectors, a single line as well as a multi-line >telephone analyser, oscilloscope, power amplifiers, multi-meters, a >variety of tools, as well as a number of probes, broadband receiver, >Scanlock ECM and even a Winradio with software which we use for our >training courses. (We offer a basic course which runs over 10 >working days). It sounds like you are well equipped to address realistic threats. I didn't see anything mentioned about thermal imaging, bore scopes, or Xray equipment ;-) >We have spend nearly US $ 150 000 over the past four years on >equipment since joining the commercial sector.We only offer TSCM >services! Sound like a fairly decent equipment complement. >(Grudko wrote " My monthy fee is only $ 300 so I really don't want >to go out and buy a $ 21 000 Oscar") Actually it is spelled OSCOR. >One would expect a professional to actually know the names of the >equipment. Again it depends on his clients, and the level of threat he is addressing. If he does 15 sweeps a week, spends fours hours at each sweep, and hits each client one a month for a low threat RF sweep then he is doing pretty well. Of course I wouldn't use a CPM-700 for a higher threat, but it is fine for cursory checks and for low threat situations. If the clients is unwilling to pay more then $300 for a sweep then all you can do is provide them with a level of service within their budget. I've mistyped the model names of equipment myself, so we can let that error slide (it's a common mistake). >We also regularly have a variety of demonstration equipment as we >represent three well known manufacturers of TSCM equipment in South >Africa. > >I also know of at least four other PI companies in South Africa that >own professional and sophisticated equipment. How do they do it? > >Grudko wrote" ... and recommend that they ask our main opposition >for a second opinion" What about the four companies mentioned here? I noticed that he said "Opposition", instead of "Competitor". Please feel free to post the four companies you are talking about to the list. >Regarding his "RF signal in the Government office", How reliable is >a CPM in a strong signal area? At the end of the day when an >assessment is made it has to be based on experience, logic, physical >search, interpretation of the readings and measurements, and if >there is nothing, there is nothing. (We are the opposition referred >to in his posting to the list). (The signal could have been present >when he conducted his survey with the CPM, a few nights earlier, if >there ever was one. We never got a printout, frequency, signal >strength, etc) The CPM-700 is only as good as the operator, and instruments that generate hard copy reports cost money. I've known TSCM people who could find a bug with a cheap $20 VOM, a coat hangar, and a ten cent diode. I've also know TSCM people who have a latest in everything, but couldn't find a five watt FM device in the same room as them with a 494. >We agree with Grudko that more has to be done regarding educating >companies about the overall lack of proper counterintelligence >practices. It's actually a worldwide problem. >We regularly present Workshops on the subject and usually feature an >international speaker at the events. Rob Muessel of ISA visited >South Africa twice as a keynote speaker at these workshops. A >technician and an engineer from Winkelmann Ltd (UK) featured twice >last year on our workshops and technical and engineering staff from >REI will be keynote speakers at a Workshop we are hosting in >September. > >During these workshops sophisticated devices and the countermeasures >are discussed and even analysed during the presentations. We have >another Workshop in July where we will analyse and evaluate very >sophisticated audio devices from a well-known Scandinavian company. Kindly add my name to the mailing list for these upcoming seminars, I may be interested in attending. >We regularly invite the local PI industry to these workshops but >they never attend. Grudko is on record where he wrote us that "he is >not into Workshops" when we mailed him an announcement of an >upcoming workshop. Ouch... Why don't you extend your offer to him again, buy him dinner and drinks, and try to "smooth out some ruffled feathers". >There are a few companies in South Africa offering professional >commercial TSCM services and the TSCM fraternity is a small group in >South Africa and they all know each other. I know of about 45-50 TSCM people in SA, with a two thirds of them being federal government employees. >Grudko does not represent them or the level of services they offer, >nor is he any opposition. On what basis can he give an informed >opinion to the World what is available in South Africa or what level >of sophistication we have to counter in South Africa? It's probably just a matter of perspective >Perhaps he should consider to invest in professional equipment like >the OSCOR and will be able to see, hear and detect things that are >beyond the capabilities of a CPM and Scanlock. No doubt that in time he will. >TSCM demands commitment, dedication as well as a large investment in >equipment and constant training. Amen >We thank you for the opportunity to allow a different view of TSCM >in South Africa. I welcome such open and frank discussion in the list... thank you for expressing your views and concerns. I would like to see more open discussion of this nature in the list (but let's be nice). >Steve Whitehead & Lorenzo Lombard >Managing Members TSCM Services cc >Tel (+2712) 664-3157 Fax (+2712) 664-3180 >P O Box 16063, Lyttelton, 0140, Gauteng, South Africa >E-mail sceptre@m... >URL http://www.tscm.co.za =================================================================== Do not meddle in the affairs of dragons, for you are crunchy and taste good with ketchup. =================================================================== James M. Atkinson Phone: (978) 381-9111 Granite Island Group 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@tscm.com =================================================================== Nil carborundum illigitimi =================================================================== 498 From: the cynic Date: Fri Jun 2, 2000 10:59am Subject: Re: computer forensic Regarding determining whether or not a particular piece of hardware was replaced at a given time, no. There is no real way to determine whether or not someone shoved a new floppy drive, or hard drive, or zip drive, or whatnot, into a computer within a given time period. One can try to do certain things, for example if you know for a fact that a given computer was installed on such and such a date, say Nov 5 1996, and you have it in your possession you can check the physical information on the Drive. The Directory Tables on a FAT filesystem contains information like the date that a file or directory was created and the time. I would guess that you can look at the directory table information for important system files that do not update themselves, and see when they were created. IF more recent than the knwon install date of the system this could indicate either a new filesystem was put on an old drive, or a new drive in all was shoved in with a new file system. This obviously not a fool proof method :-) Other than that nothing that I am aware of. As for recovery of deleted data I refer you to the paper: _Secure Deletion of Data from Magnetic and Solid-State Memory_ Gutmann, Peter. Interesting stuff. 499 From: A Grudko Date: Fri Jun 2, 2000 8:04am Subject: Marty Kaiser Equipment Marty Kaiser and others Please eMail me privately a list of the TSCM equipment & specs. you have available with approx export prices (excluding shipping) and any training as I am looking at renewing my kit and having a technician trained up. andy@g... Andy Grudko (CEO) - Grudko Wilson Associates (SA) (Pty) Ltd - Crime investigations & intelligence Johannesburg - Cape Town - Durban - Pretoria - UK - US - Canada - Australia Israel - www.grudko.com. - (+27 11) 465 9673 - 465 1487 (Fax) - Est. 1981 Members of : SCIP (Gauteng Chairman), SACI (President), GIN (Charter), WAD, CALI, SASFed, SASA, SAMLF, UKPIN, AFIO (OS) Prisoners' Rehabilitation & Education Trust --- "When you need it done right - first time" --- 500 From: A Grudko Date: Fri Jun 2, 2000 9:52am Subject: Digital phones Long preamble to say what we do currently, followed by short question. Digital instruments on a PABX are a pain in the rear and are getting more common. One method of tapping them if it is a 2 wire system, as most are here, is to pick up the receiver (earpiece/speaker) connection - usually on a dandy 4 pin mini connector ('cos the side tone gives you both sides of the conversation) and run the audio ('cos it's not been converted to digital yet) down to the plug via the unused pair in the 4 core and off to an amplifier then recorder. We have seen this done. One could also stick a TX on the same point - no Steve, I'm not claiming we've found one of these, I'm theorising. This is easy to detect on a physical inspection, either by opening up the body of the phone or by inspecting the socket. You can also pick up the audio off the cable with a simple amplifier and of course it shouldn't be there on a digital phone - something of a giveaway. If the line has been actually tapped - i.e. on the pair, with a digital to analogue converter, it could be anywhere - like a tap on an analogue phone. Obviously a pro will use a high impedance pickup, or capacitivly decouple, or even couple inductively, making electronic detection hard. Again theory - I don't claim to have seen this done. On high risk extensions we unplug the phone, disconnect at the PABX frame ('peg out' in our local parlance )and run the standard checks for resistance, capacitance and impedance (which obviously won't detect inductive coupling). We also do physical searches at all the distribution points 'cos we acknowledge that you can't just rely on equipment, and we also use an RF type probe - a cable tracer - to 'sniff out' any diversions - but again it'll probably miss an inductive coupling. All this is time consuming. My question is, would a TDR be the right way to go to be more efficient? I don't own one but operated one a few years ago on a course and wasn't very impressed, but no doubt technology has improved. I'd prefer private replies unless you really want to share it with the group. Thanks. Andy Grudko (CEO) - Grudko Wilson Associates (SA) (Pty) Ltd - Crime investigations & intelligence Johannesburg - Cape Town - Durban - Pretoria - UK - US - Canada - Australia Israel - www.grudko.com. - (+27 11) 465 9673 - 465 1487 (Fax) - Est. 1981 Members of : SCIP (Gauteng Chairman), SACI (President), GIN (Charter), WAD, CALI, SASFed, SASA, SAMLF, UKPIN, AFIO (OS) Prisoners' Rehabilitation & Education Trust --- "When you need it done right - first time" --- 501 From: Date: Fri Jun 2, 2000 10:39am Subject: Scanlock Further to my recent message regarding the new Scanlock M2 Countermeasures Receiver, and for those who want to download the Advance Data Sheet, information is available in pdf format on www.audiotel-int.com (be patient with us - we are re-building the site). I assume there is no harm in manufacturers like us occasionally posting information on TSCM One-list with regard to major technical advances and new products, you know who we are and we are up-front about our intentions. Equally, I suppose there is license for dealers to promote their products. For example Mr Atkinson reps certain brands, but he tells us this and although he generally recommends a certain manufacturer's product line, we know he is a vendor who is knowledgable, fair and open minded. On the other hand, when manufacturer's reps praise products which they are selling, without disclosing a connection, there is a real danger that advice and information on what is internationally regarded as an important forum will be devalued. In our experience TSCM'ers are usually pretty smart and most will carefully examine specifications/get a detailed demo before they get out the cheque (or should that be check?) book. Adrian Hickey Sales Manager 502 From: Robert G. Ferrell Date: Fri Jun 2, 2000 10:48am Subject: RE: computer forensic >As with TSCM, anybody can attempt computer forensics. The professionals will >be trained, experienced, and equipped to do the best job possible. A non-pro >almost always makes a mess out of the hard drive, often destroying evidence. I have to second this assertion. STM is a complex process and requires considerable training; it would be not only expensive but verging on the insane for someone not specifically trained in its use to attempt it. Moreover, just opening a hard drive requires a clean room environment, serious anti-static precautions, and very, very meticulous technique. An inexperienced person with bug-locating equipment might, in a target-rich environment, luck out and find one. An inexperienced person who tries to recover overwritten data on a hard drive will fail universally, and probably destroy the drive in the process. You can take that to the bank. Cheers, RGF Robert G. Ferrell, CISSP Information Systems Security Officer National Business Center, US DoI Robert_G_Ferrell@n... ------------------------------------------------------------ Not an official statement by any entity of the US Government ------------------------------------------------------------ 503 From: James M. Atkinson, Comm-Eng Date: Fri Jun 2, 2000 11:39am Subject: Ping Box A ping box is a simple circuit that consists of a low voltage battery, two TL555 timers, four resistors, and some small value timing capacitors (ie 2pf). The circuit is powered by 4 AA alkaline batteries in a small case. The function is to provide a 15-20 ns pulse at a repetition rate of 75 KHz (which is simple to do for under five bucks). One of the resistors should be variable so that you can extend the pulse width relative to the length of cable being tested. This pulse signal is applied to a line under test and its behavior observed with a oscilloscope. The time between the pulse being released and "impedance bumps" is divided by 2 and then again by the speed of light (1.017 ns per foot). The results are then multiplied by the Velocity of Propagation Coefficient for the specific cable you are testing (it's actually easy to do in your head after a few hundred times). The time to these "impedance bumps" tell us WHERE things have been done to a wire, and the polarity and/or amplitude tells use WHAT was done to it. This signal can be directly squirted into a wire provided that no voltage or load is present (ie: a 500 ft roll of Cat 5 wire sitting on your work bench) If you want to "drive" something such as a phone line then you will have to buffer the signal which requires a 2N3904 or similar transistor and another 2-3 resistors. Also, you should consider adding a small impedance load, and variable compensation cap for what you are measuring for optimal results. Failure to "buffer" a driven line will result in a small explosion as your ping box is reduced to shrapnel. Also, on the off chance the phone rings things will also go poof unless you add a transient limiting circuit. If you want higher resolution you will need to shift to a CMOS oscillator and create a signal with a 250-300 pS rise time. What you have just done is create a TDR for under five bucks (not including a battery). -jma =================================================================== Do not meddle in the affairs of dragons, for you are crunchy and taste good with ketchup. =================================================================== James M. Atkinson Phone: (978) 381-9111 Granite Island Group 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@tscm.com =================================================================== Nil carborundum illigitimi =================================================================== 504 From: James M. Atkinson, Comm-Eng Date: Fri Jun 2, 2000 11:56am Subject: Re: Scanlock Adrian, At 4:39 PM +0100 6/2/00, Adrian@a... wrote: >Further to my recent message regarding the new Scanlock M2 Countermeasures >Receiver, and for those who want to download the Advance Data Sheet, >information is available in pdf format on www.audiotel-int.com (be patient >with us - we are re-building the site). When you post a web site please remember to add the appropriate preamble: http://www.audiotel-int.com/ >I assume there is no harm in manufacturers like us occasionally posting >information on TSCM One-list with regard to major technical advances and >new products, you know who we are and we are up-front about our >intentions. Please by all means plug you products periodically on the list, I strongly encourage you and the other manufacturer's talk about your own products (but try to keep it oriented towards a technical audience, and be gentle with the sales push). However, be discrete and don't over do it. >Equally, I suppose there is license for dealers to promote their products. >For example Mr Atkinson reps certain brands, but he tells us this and >although he generally recommends a certain manufacturer's product line, we >know he is a vendor who is knowledgable, fair and open minded. If a client expresses interest in a product I will try to set up a relationship with the manufacture so I can provide my client with the equipment they seek. I try to shy away from sales activities, but I feel that it is an important to provide a client with a channel where they can draw equipment at a fair price, get a fair deal, and not have to deal with "spy shop" hype. My primary efforts are in performing services, and I would much rather perform a sweep for a client rather then sell him equipment. But then of course most client are not going to have we come in once a week for a sweep. >On the other hand, when manufacturer's reps praise products which they are >selling, without disclosing a connection, there is a real danger that >advice and information on what is internationally regarded as an important >forum will be devalued. Agree'd, but then again there is a very limited number of legitimate and functional TSCM equipment out there. TSCM equipment also tends to come in various threat levels, various consumers, and various geographic preferences. >In our experience TSCM'ers are usually pretty smart and most will >carefully examine specifications/get a detailed demo before they get out >the cheque (or should that be check?) book. > > >Adrian Hickey >Sales Manager =================================================================== Do not meddle in the affairs of dragons, for you are crunchy and taste good with ketchup. =================================================================== James M. Atkinson Phone: (978) 381-9111 Granite Island Group 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@tscm.com =================================================================== Nil carborundum illigitimi =================================================================== 505 From: James M. Atkinson, Comm-Eng Date: Fri Jun 2, 2000 0:10pm Subject: Re: Digital phones At 4:52 PM +0200 6/2/00, A Grudko wrote: >Long preamble to say what we do currently, followed by short question. > >Digital instruments on a PABX are a pain in the rear and are getting more >common. Yikes... I LOVE digital Instruments on a modern PBX... tampering is so easy to find provided the entire circuit is only service a a single pair. The instrument itself only require an X-ray followed by an internal physical search. It when we are dealing with analog signals, multiple cable pairs for power, voice, data, that things start to get messy. I'll take a modern PBX with a PCM or IDSN connection any day over a typical analog loop line or [shudder] a KEY system. >One method of tapping them if it is a 2 wire system, as most are here, is to >pick up the receiver (earpiece/speaker) connection - usually on a dandy 4 >pin mini connector ('cos the side tone gives you both sides of the >conversation) and run the audio ('cos it's not been converted to digital >yet) down to the plug via the unused pair in the 4 core and off to an >amplifier then recorder. We have seen this done. > >One could also stick a TX on the same point - no Steve, I'm not claiming >we've found one of these, I'm theorising. > >This is easy to detect on a physical inspection, either by opening up the >body of the phone or by inspecting the socket. > >You can also pick up the audio off the cable with a simple amplifier and of >course it shouldn't be there on a digital phone - something of a giveaway. Ah... or it could also be a covert data stream of audio running 40 dB down from the main signal at a different pulse rate (or even RF). >If the line has been actually tapped - i.e. on the pair, with a digital to >analogue converter, it could be anywhere - like a tap on an analogue phone. >Obviously a pro will use a high impedance pickup, or capacitivly decouple, >or even couple inductively, making electronic detection hard. Again theory - >I don't claim to have seen this done. Capacitive or Inductive coupling would show up on the cross talk analysis. >On high risk extensions we unplug the phone, disconnect at the PABX frame >('peg out' in our local parlance )and run the standard checks for >resistance, capacitance and impedance (which obviously won't detect >inductive coupling). We also do physical searches at all the distribution >points 'cos we acknowledge that you can't just rely on equipment, and we >also use an RF type probe - a cable tracer - to 'sniff out' any diversions - >but again it'll probably miss an inductive coupling. All this is time >consuming. How about "going to copper" with a Oscilloscope and SA before disconnecting anything to avoid alerting the eavesdroppers. >My question is, would a TDR be the right way to go to be more efficient? I >don't own one but operated one a few years ago on a course and wasn't very >impressed, but no doubt technology has improved. A TDR is nothing more then a Oscilloscope with a simple ping box. If you already have a good scope, then you don't have to have a TDR. But then again I am a "belt and suspecnders" kind of guy and I use both a scope and a TDR. >I'd prefer private replies unless you really want to share it with the >group. Thanks. > >Andy Grudko (CEO) - Grudko Wilson Associates (SA) (Pty) Ltd - Crime >investigations & intelligence >Johannesburg - Cape Town - Durban - Pretoria - UK - US - Canada - Australia >Israel - www.grudko.com. - (+27 11) 465 9673 - 465 1487 (Fax) - Est. 1981 >Members of : SCIP (Gauteng Chairman), SACI (President), GIN (Charter), WAD, >CALI, SASFed, SASA, SAMLF, UKPIN, AFIO (OS) Prisoners' Rehabilitation & >Education >Trust --- "When you need it done right - first time" --- =================================================================== Do not meddle in the affairs of dragons, for you are crunchy and taste good with ketchup. =================================================================== James M. Atkinson Phone: (978) 381-9111 Granite Island Group 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@tscm.com =================================================================== Nil carborundum illigitimi =================================================================== 506 From: Robert G. Ferrell Date: Fri Jun 2, 2000 0:25pm Subject: Re: Computer Forensics >"This security tool eliminates all evidence from your PC in one single >click of a button. Even DoD overwrite algorithms are not proof against scanning tunnel microscopes, which resolve surface structure topologies of the hard disk's platters to a nanometric scale. Once a magnetic pattern has been written to a disk, some residual of that pattern remains even after the area has been overwritten. Of course, as was pointed out earlier, this forensics process is inordinately expensive at the moment, since Atomic Force/Scanning Tunnel microscopy is still a new technology. Just be aware the products which make claims to "eliminate all evidence" from a disk are kidding themselves and you. If you want to eliminate all evidence from a disk, melt it to slag and carbon dust with a blowtorch and then bury the residue in a deep hole. RGF Robert G. Ferrell, CISSP Information Systems Security Officer National Business Center, US DoI Robert_G_Ferrell@n... ------------------------------------------------------------ Not an official statement by any entity of the US Government ------------------------------------------------------------ 507 From: Jordan Ulery Date: Fri Jun 2, 2000 3:23pm Subject: Re: Computer Forensics YUP "caveat emptor" "Robert G. Ferrell" wrote: > >"This security tool eliminates all evidence from your PC in one single > >click of a button. > > Even DoD overwrite algorithms are not proof against scanning tunnel microscopes, > which resolve surface structure topologies of the hard disk's platters to > a nanometric scale. Once a magnetic pattern has been written to a disk, some > residual of that pattern remains even after the area has been overwritten. > > Of course, as was pointed out earlier, this forensics process is inordinately > expensive at the moment, since Atomic Force/Scanning Tunnel microscopy is still > a new technology. Just be aware the products which make claims > to "eliminate all evidence" from a disk are kidding themselves and you. > If you want to eliminate all evidence from a disk, melt it to slag and carbon > dust with a blowtorch and then bury the residue in a deep hole. > > RGF > > Robert G. Ferrell, CISSP > Information Systems Security Officer > National Business Center, US DoI > Robert_G_Ferrell@n... > ------------------------------------------------------------ > Not an official statement by any entity of the US Government > ------------------------------------------------------------ > > ------------------------------------------------------------------------ > Take your development to new heights. Work with clients like Dell and > pcOrder. Submit your resume to jobs@l.... Visit us at > http://click.egroups.com/1/4358/1/_/507420/_/959966877/ > ------------------------------------------------------------------------ > > ======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.onelist.com/community/TSCM-L > > or email your subscription request to: > subTSCM-L@t... > =================================================== TSKS 508 From: James M. Atkinson, Comm-Eng Date: Fri Jun 2, 2000 4:59pm Subject: Re: Computer Forensics At 12:25 PM -0500 6/2/00, Robert G. Ferrell wrote: > >"This security tool eliminates all evidence from your PC in one single > >click of a button. > >Even DoD overwrite algorithms are not proof against scanning tunnel >microscopes, >which resolve surface structure topologies of the hard disk's platters to >a nanometric scale. Once a magnetic pattern has been written to a disk, some >residual of that pattern remains even after the area has been overwritten. > >Of course, as was pointed out earlier, this forensics process is inordinately >expensive at the moment, since Atomic Force/Scanning Tunnel >microscopy is still >a new technology. Just be aware the products which make claims >to "eliminate all evidence" from a disk are kidding themselves and you. >If you want to eliminate all evidence from a disk, melt it to slag and carbon >dust with a blowtorch and then bury the residue in a deep hole. > >RGF > >Robert G. Ferrell, CISSP >Information Systems Security Officer >National Business Center, US DoI >Robert_G_Ferrell@n... I was taught (at a government school) that the laws of physics dictate that you can never really erase a magnetic track alignment once it is laid down, and that hard drive and tape heads tend to drift "inside the track". This drifting ensures that data is still retrievable even after thousands of over writes (providing of course the spy has access to some heavy forensic gear). Magnetic tape, disks, and so on have a slight offset of the heads each time it makes a pass inside a track. In some cases dozens, and sometimes hundred of specific "writes" can be extracted from a single track with the data being written parallel to each other and other overleaved over prior data. Of course the last track signal written will be the strongest signal of all, but all the previous signals will still be there. We (as in my government days) used to shred all of our flexible magnetic media into 1/16th inch pieces, screen it for oversized pieces, and mix it into a solvent slurry before it could even leave the building to be burned. The shredding only happened after the media was over written X number of times, and then degaussed in an X gauss field for X minutes. If you wanted to sterile a hard drive you have to disassemble the platters themselves, degauss each of them, sand off all of the magnetic coating (using a HEPA filter), then put each of the platters on a metal lathe and cut away the first half millimeter on each side. Then and only then could you cut the actual disc into 10 mm or less squares, add in all the filings, and send it off to be smelted. Each IC on each PCB had be zeroized, and a center punch had to be applied to each IC dice. The actual heads which come into contact with the drive surface had to be cleared via a swept signal, and then overloaded until the actual coil overloads. The actual drive chassis itself in then cut into pieces roughly the size of a sugar cube and placed into a barrel with the other scrap from the sterilization. The barrel (when the sterilization was complete) would then be shipped out to a government smelter and maintained at a "roaring boil" for at a full hour and poured out into ingots as scrap metal. Each ingot was then X-rayed to ensure nothing was accidently missed. The following was related to me by a retired Red Banner instructor: Back in to 60's, 70's and early 80's the U.S. government used millions of reels of magnetic tapes a month (both data and voice). The tape tended not to last very long, and was simply being degaussed and sold for scrap (by the dumpster load). Unknown to the CI people a huge quality of this tape was being bought up by a number of front companies who where stacking it into cargo containers and shipping it back to the Soviet Union for exploitation. Tape reels that had any kind of classified markings received special and expedited handling. In the USSR the tape were then read on modified equipment and high classified information extracted from the reels by simple "punching up the signal". At one point they even went to far as to break into certain salvage yards so they could swipe reels with certain markings, and not wait for the salvage release dates. Just something to think about. -jma =================================================================== Do not meddle in the affairs of dragons, for you are crunchy and taste good with ketchup. =================================================================== James M. Atkinson Phone: (978) 381-9111 Granite Island Group 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@tscm.com =================================================================== Nil carborundum illigitimi =================================================================== 509 From: Jay Coote Date: Fri Jun 2, 2000 5:20pm Subject: Surge protector for RF, CC and SA's? I am looking for some simple circuits for protecting receiver, spectrum analyzer, scope and audio amplifier frontends from voltages which may be found on phone, CATV, LAN, power and other lines. A small budbox with banana/bnc or other appropriate connectors plus HV capacitors has worked for me thus far to protect my equipment from and AC or DC voltages... Anyone using 1N914 diode clippers or other simple, passive circuits? Thanks, Jay Coote Los Angeles (Please disregard the date error... it's not the PC, but an Ms thing, to be resolved later) 510 From: Date: Fri Jun 2, 2000 1:40pm Subject: News Story - sweeper in the news I thought that this would interest my fellow list people. The URL for the story is nyjournalnews.com : News Story or http://www.nyjournalnews.com/pirro/jnap018.sht. The URL contains links to previous articles. WHITE PLAINS --The husband of Westchester District Attorney Jeanine Pirro hired an investigator from her office to check for wiretaps on behalf of a client, then directed that the bill be sent to a company in his law office, the investigator testified yesterday. Acting Chief Investigator Patrick Spatafore said he later received a $1,077.50 check from the company, Baumeister Enterprises, that was displayed to the jury at lawyer Albert Pirro's federal tax-fraud trial. The check bore a distinctive signature that Albert Pirro's executive assistant identified earlier this week as that of her boss. Spatafore's testimony did not make clear the significance of the transaction, which he said involved work at a Manhattan apartment and the Harrison home of Albert Pirro's client, Marvin Singer. "He told me there was a matrimonial dispute," Spatafore said, when asked why Pirro hired him to work for Singer. But during opening statements last month, prosecutor Cathy Seibel said that Albert Pirro used Baumeister Enterprises -- which she called a "shady little company" -- to increase the cost of the work by more than $1,600. And two weeks ago, prosecutors showed jurors a $2,693.75 invoice from Baumeister Enterprises for an "audio countermeasures survey" at Singer's Manhattan clothing company, Depeche Mode. In court papers filed earlier in the case, prosecutors alleged that Albert Pirro pocketed the difference between the two bills, and changed the location of the work so that Singer -- a client, friend and golf partner -- could illegally deduct the cost as a business expense. Albert Pirro and his younger brother, accountant Anthony Pirro, are charged with conspiracy and tax evasion in an alleged scheme to illegally deduct almost $1.2 million in personal spending by Albert Pirro as business expenses. Jeanine Pirro is not charged in the case. Defense lawyers had tried previously to block introduction of the evidence involving Marvin Singer, and they argued about it again yesterday during an hourlong sidebar with federal Judge Barrington D. Parker, Jr. Parker allowed Spatafore's testimony, however, as well as that of two subcontractors Spatafore hired to do the work, one of whom, Mark DelVecchio, is also an investigator in the District Attorney's Office. Afterward, defense lawyer Gustave Newman called the testimony "so prejudicial" to Albert Pirro that he had to ask for a mistrial. Parker denied the request. During his testimony, Spatafore said his outside work involved a home-based company called Secure Communications Services that focused mainly on preventing corporate espionage. Spatafore said he filed an annual disclosure statement with the District Attorney's Office, and avoided any jobs that could lead to uncovering wiretaps or listening devices installed by law enforcement agencies. District Attorney Jeanine Pirro would not speak with reporters yesterday, but has said previously that her investigators were allowed to moonlight after their outside work was reviewed and approved by administrators in her office. Pace University law professor Bennett Gershman, who has been attending the trial and was present for yesterday's testimony, called moonlighting by Spatafore and DelVecchio a "staggering conflict of interest." A spokesman for Bronx District Attorney Robert Johnson said that office allowed its investigators to perform outside work on a case-by-case basis. But spokesman Steven Reed said Johnson would "probably not" let an investigator work for the district attorney's spouse or friends, because it could create the "appearance of a conflict." Staff writer Oliver W. Prichard contributed information for this report. 511 From: James M. Atkinson, Comm-Eng Date: Fri Jun 2, 2000 7:04pm Subject: Re: Surge protector for RF, CC and SA's? At 6:26 PM -0400 6/2/00, Jay Coote wrote: >I am looking for some simple circuits for protecting receiver, >spectrum analyzer, scope and audio amplifier frontends from voltages >which may be found on phone, CATV, LAN, power and other lines. A >small budbox with banana/bnc or other appropriate connectors plus HV >capacitors has worked for me thus far to protect my equipment from >and AC or DC voltages... Anyone using 1N914 diode clippers or other >simple, passive circuits? >Thanks, >Jay Coote >Los Angeles Jay, The following is my own design, so please give appropriate credit. First use a small fuse that is easy to change. Use two high voltage (several kilovolts) capacitors in series with the signal to de-couple the signal. Determine value of these capacitors based on what you are feeding into the circuit, and what you want to reject (your using them as a high pass filer). In the case of "polite signals" you would only used these caps for DC blocking, or not at all. Next you will need a gas tube voltage protector but the breakdown voltage you pick will depend on your specific application (Ethernet, telephone, AC-110, AC-220, etc). This component is installed in parallel with, and behind the de-coupling caps. After this I like to put in some kind of low wattage light, LED, or Neon bulb to develop a load across the line. What you use of course depends on the voltages you are testing (ie: do not use an LED on a 480 volt 3 phase box) Next you will want a low value resistor in parallel across the signal. something between 200 and 300 ohms will be fine. Next you may optionally want to install a low value variable resistor in series here to act as an attenuator. The next component(s) in parallel is a glass passivated junction to knock down anything that may have leaked though. This is most important when try to couple your spectrum analyzer into the power lines. This component must be easy to change, and helps to limit the possibility of blowing the 1N914's. Next I used two 1N914 diodes back to back in parallel with the signal.for a classic limiting circuit. These diodes must be easy to change. Be sure to check your circuit on a signal generator before using on a live circuit to ensure it works and knocks out the hostile signals. Also, watch your grounds, and consider using a shielded enclosure. I very commonly plug one of my boxes right into the AC mains, decouple it and filter out the AC, run it though one of these circuits, and then punch it up with an 30+ dB LNA and drop it directly into the front end of a spectrum analyzer or radio (don't try this at home). -jma =================================================================== Do not meddle in the affairs of dragons, for you are crunchy and taste good with ketchup. =================================================================== James M. Atkinson Phone: (978) 381-9111 Granite Island Group 127 Eastern Avenue #291 http://www.tscm.com/ Gloucester, MA 01931-8008 jmatk@tscm.com =================================================================== Nil carborundum illigitimi ===================================================================