From: Thom Taylor <globalpi2002@y...> 
Date: Wed Oct 9, 2002 3:11pm
Subject: Leaving the group
  
I am un-subscribing from the group. As a former Law Enforcement 
Officer (Local and Federal), I am not going to waist my time with 
people who obviously have some hard-on for law enforcement. These 
are usually people who tried to be a cop, and did not make the cut, 
so they have a chip on their shoulder. I will spend my time 
interacting with professionals in other groups
6364

From: spyworldltd <TSCM@s...> 
Date: Wed Oct 9, 2002 3:49pm
Subject: The Six P's
  
Keep it simple guys...

Prior
Preparation 
Prevents
Piss
Poor
Performance

cheers

David Emery
Spyworld Ltd
Tel 08701 206185
Fax 08701 206186
web www.spyworld.co.uk
6365

From: Matt Paulsen <mpaulsen6@a...> 
Date: Wed Oct 9, 2002 3:47pm
Subject: RE: Jane's Intel Digest
  
Not worth it. Maybe they give out free trade subscriptions like CMP does,
don't know though.

-----Original Message-----
From: Mitch Davis [mailto:MitchD@t...]
Sent: Wednesday, October 09, 2002 8:36 AM
To: TSCM-L@yahoogroups.com
Subject: [TSCM-L] Jane's Intel Digest


Was wondering if anyone on the list, that has a subscription to Jane's
Intelligence Digest,(monthly Printed Version)could tell me if it's actually
worth $450.00 a year?I was interested in it, but it reminded me of a
collation of news reports........
Thanks!
MD












-----------------------------------------------------------
Mitch Davis
TSCM/Special Operations Group,Inc.
(615) 837 9933 cell (615) 584 9933
e mail: MitchD@t...
website www.tscmusa.com
Nashville,TN.USA
-----------------------------------------------------------

[Non-text portions of this message have been removed]




========================================================
TSCM-L Technical Security Mailing List
"In a multitude of counselors there is strength"

To subscribe to the TSCM-L mailing list visit:
http://www.yahoogroups.com/community/TSCM-L

It is by caffeine alone I set my mind in motion.
It is by the juice of Star Bucks that thoughts acquire speed,
the hands acquire shaking, the shaking is a warning.
It is by caffeine alone I set my mind in motion.
=================================================== TSKS

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
6366

From: kondrak <kondrak@s...> 
Date: Wed Oct 9, 2002 8:33pm
Subject: Telephone FYI
  
>>
>>Wiretapping "Back Doors" Compromise Telephone Privacy
>>
>>
>>
>>By Mark Nestmann
>>
>>
>>
>>A law designed to make it easier for police to wiretap telephone
>>conversations has given foreign intelligence agencies, organized
>>crime, and perhaps terrorists, secret "back doors" into U.S.
>>telecommunications networks. The back doors can be used to monitor
>>telephone subscriber information and billing data and even detect the
>>presence of wiretaps.
>>
>>
>>
>>
>>These stunning revelations come from media reports that indicate that
>>since the mid-1990s, Israeli intelligence has been able to tap data
>>flowing from the State Department and the White House, among other
>>targets. As part of this operation, Israel supposedly monitored e-
>>mails from then President Clinton.26 An even more disturbing story
>>appeared in December 2001. Fox News reported that the U.S. National
>>Security Agency, America's largest intelligence agency, had warned
>>that records of telephone calls placed throughout the United States
>>were being diverted to foreign intelligence services and perhaps
>>other unauthorized parties. In some circumstances, unauthorized
>>parties could detect wiretaps placed by U.S. law enforcement.27
>>
>>
>>
>>This unprecedented compromise of the U.S. telecommunications system
>>was made possible by the requirements mandated by Congress in a 1994
>>law, the "Communications Assistance for Law Enforcement Act" (CALEA).
>>The law requires telephone manufacturers and companies producing
>>technology for telephone networks to install "back doors" in their
>>equipment to permit U.S. law enforcement and intelligence agencies to
>>monitor U.S. telecommunications networks.
>>
>>
>>
>>In enacting CALEA, Congress ignored the warnings of security experts
>>who warned that inserting technology mandating surveillance into
>>telecommunications networks would lead to unauthorized intrusions.
>>Indeed, the U.S. General Services Administration, the agency
>>responsible for equipment procurement for the federal government,
>>commented that the proposal could "adversely affect national
>>security." 28 This warning turned out to be devastatingly accurate.
>>
>>
>>
>>How to Wiretap the White House and the FBI
>>
>>
>>
>>Insight Magazine has revealed a FBI probe into allegations that the
>>government of Israel has penetrated White House telephone lines and
>>can convey conversations as they occur to Israel for analysis.
>>Similar intrusions were alleged to have occurred at the State
>>Department, the Pentagon and, into secret lines used by the FBI in
>>its counterintelligence work, including its investigation of the
>>Israeli operation.
>>
>>
>>
>>The businesses installing the wiretapping equipment and software
>>mandated by CALEA have continuing access to telephone company
>>computers, supposedly for testing and servicing purposes. One such
>>firm is an Israeli company called AMDOCs, which provides directory
>>assistance and billing services for all major U.S. phone companies.
>>In this capacity, AMDOCs has access to records of virtually every
>>call dialed in the United States.
>>
>>
>>
>>AMDOCs billing programs are developed with the assistance of the U.S.
>>Central Intelligence Agency. The FBI discovered that an AMDOCs
>>subcontractor on such a project was married to an employee of the
>>Israeli Embassy in Washington, D.C. In a search of the
>>subcontractor's office, the agency found "a list of the FBI's most
>>sensitive telephone numbers, including the Bureau's 'black' lines
>>that FBI counterintelligence used to keep track of the suspected
>>Israel spy operation."
>>
>>As many as 140 Israelis have been detained or arrested in a
>>continuing FBI investigation into this operation. But because of its
>>political sensitivity, the probe has occurred in almost complete
>>secrecy.
>>
>>
>>
>>It gets worse. Organized crime groups can reportedly monitor U.S.
>>telephone networks as well. In an investigation of drug trafficking
>>in 1997, call detail information was, according to Fox News, used
>>to "completely compromise the communications of the FBI, the Secret
>>Service, the DEA and the LAPD...The ring was able to track all calls
>>placed to and from the investigators' beepers, cell phones...even
>>their home phone numbers."
>>
>>
>>
>>Concerns that the U.S. telecommunications system may be compromised
>>were renewed in the wake of the attacks of September 11, 2001. In the
>>9/11 investigation, some suspects have been apparently been able to
>>detect FBI wiretaps. This has been inferred from the fact that they
>>change their telephone usage patterns as soon as a wiretap is
>>installed.
>>
>>
>>
>>Four Ways to Reclaim Telephone Privacy
>>
>>
>>
>>Due to the misguided insistence by law enforcement and Congress to
>>install back doors in telephone equipment, unauthorized third parties
>>have hijacked the U.S. telecommunications system. Your billing
>>records and possibly your conversations are at risk. To reduce your
>>vulnerability, follow these suggestions:
>>
>>1. Use public telephones. Make confidential calls from public
>>telephones. Use a network of pay phones, not just one. Unfortunately,
>>many payphones no longer accept incoming calls. The best way to deal
>>with this problem is to have persons you wish to call page you when
>>they are ready to receive your call. Then call back from a public
>>telephone to a pre-arranged number.
>>
>>
>>
>>2. Obtain an anonymous voice mailbox. This is a great way to have
>>a "local" phone number without obtaining local service. Almost no
>>voice mailbox provider will need confirmation of your identity.
>>Callers will usually believe that they have reached an answering
>>machine. You can retrieve these messages, or change your outgoing
>>message, from any touch-tone phone. Use a payphone to retrieve your
>>messages.
>>
>>3. Obtain anonymous telephone service. For about a 50% premium over
>>the local Bell provider, you can obtain local phone service without a
>>credit check and in many cases without showing proof of identify.
>>While such companies target persons with poor credit, the service is
>>attractive to privacy-seekers. You simply provide the company
>>your "name," the address at which you wish service to be connected,
>>and pay the hook-up fee. One major provider of this service is
>>Ameritel, which does business under the name 1-800-RECONEX: (800) 732-
>>6639. You can set up service at any participating Quick-Cash store.
>>
>>4. Purchase anonymous cellular service. This is possible by pre-
>>paying for the service. One of the most popular services is
>>called "Cricket." For US$32.95 a month, you obtain unlimited local
>>phone service. And you can purchase pre-paid long distance service
>>for eight cents per minute.
>
6367

From: kondrak <kondrak@s...> 
Date: Thu Oct 10, 2002 4:02am
Subject: More bad news..
  
FBI agents illegally videotaped suspects, intercepted
e-mails without court permission and recorded the
wrong phone conversations during sensitive terrorism
and espionage investigations, according to an
internal memorandum detailing serious lapses inside
the FBI more than a year before the Sept. 11
attacks.

http://www.sfgate.com/cgi-bin/article.cgi?f=/news/archive/2002/10/09/national1632EDT0740.DTL

No bashing intended, merely the news....
6368

From: Damien O'Rourke <orourked@e...> 
Date: Wed Oct 9, 2002 5:18pm
Subject: Re:Infrared-Lasar intercept eliminators
  
I really don't know anything about this but I was just wondering if it
would be possible to build some sort of IR jammer. You hear about
jamming radio signals in Electronic warfare, so why can't it be done at
the frequencies (or should I say wavelengths) of IR light? It obviously
isn't a practical solution as the cost of building one would probably be
too much?? Just as a theoretical idea though...
Again its only a thought I had.

I had a quick look and saw this site if your interested in building one of
listening devices though! At least its supposed to work...

http://hot.ee/nuhk/laser.html
6369

From: Monty <monty399@y...> 
Date: Thu Oct 10, 2002 0:26am
Subject: Re: Re; infrared laser
  
THANK YOU KIRK !!!

Everyone kept talking about the window. But as
you said, the window is normally not the
target of choice. We have found in practical use
that normally the window is very difficult. You 
always had to deal with the outside noise along 
with the building noise. As long as the operator
can see something (almost anything) inside that
can vibrate to noise (soda can, post-it note, paper
tacked to wall, coffee cup, etc, etc, etc, etc)
you have not protected the area.


Thanks Kirk
Monty

--- Kirk Adirim <kirk@t...> wrote:
> Modulating the window with white/pink noise and/or
> music is a fine idea if
> you assume that the enemy is bouncing a beam off the
> window pane. However
> Real world laser eavesdropping is more sophisticated
> than that. A reflective
> surface, coating or microprisms are left behind on
> walls, ceilings, fixtures
> or other objects Inside the target room (even
> hairspray works). A window is
> just a portal to pass the beam through on it's way
> to and from the
> reflective surface (the glass of a picture frame,
> the frame, the picture, or
> the wall itself can be used).
> The reflective surface doesn't have to be bright and
> shiny to our eyes, it
> can be optically dull and flat in the visible
> spectrum. As long as it's
> reflective at the wavelength being used by the
> laser, and that doesn't
> necessarily mean it's in the Infrared spectrum.
> Final analysis..... Buy the curtains and modulate
> them with a fan or small
> vibrating motor.
> 
> Kirk
> www.tactronix.com
> 
> 
> [Non-text portions of this message have been
> removed]
> 
> 


__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com
6370

From: Steve Uhrig <steve@s...> 
Date: Thu Oct 10, 2002 10:14am
Subject: Foreign Caller ID
  
As a point of interest, Caller ID is now coming in on my office 
phones from other countries. This morning I have gotten a call from 
Bogota, one from somewhere in Chile and one from Dubai, UAE. All 
showed the country codes as the area code, and the correct phone 
number of the caller. 

I had never seen (or noticed) this before. International Caller ID 
would be a nice feature. Next we'll have to have a field for COUNTRY 
since there are so many oddball country codes and they keep changing 
city codes. It's like fifteen digits to dial London now.

Apparently the switches in the other countries now are sending CID 
info, and the low data rate (1200 baud?) is transmitted all the way 
to the destination tellyphone.

Steve


*******************************************************************
Steve Uhrig, SWS Security, Maryland (USA)
Mfrs of electronic surveillance equip
mailto:Steve@s... website http://www.swssec.com
tel +1+410-879-4035, fax +1+410-836-1190
"In God we trust, all others we monitor"
*******************************************************************
6371

From: Steve Uhrig <steve@s...> 
Date: Thu Oct 10, 2002 5:37pm
Subject: Anyone in the Reno area?
  
who would be willing to give a lunatic the warm fuzzies and maybe do 
a cursory look at suspected electronic harrassment?

I wouldn't bother, except the fellow claims to have 30 videotapes of 
things happening.

Contact me off list if you are interested and I will give you his 
email address and you take it from there.

Anyone responding, please be kind.

Steve

*******************************************************************
Steve Uhrig, SWS Security, Maryland (USA)
Mfrs of electronic surveillance equip
mailto:Steve@s... website http://www.swssec.com
tel +1+410-879-4035, fax +1+410-836-1190
"In God we trust, all others we monitor"
*******************************************************************
6372

From: The Protector <nracfi@y...> 
Date: Thu Oct 10, 2002 4:21pm
Subject: Re: The Six P's
  
Without the seventh "P" the rest is still subject to being screwed up!

Proper
Prior
Preparation 
Prevents
Piss
Poor
Performance

=====
Leopold T. Altman III
Member IAPPA, ABA, IALEFI, ASLET, PMA, INEOA, etc...
American Institute of Executive Protection 
http://www.americanexecprotection.com
AIEP@s...
Because chance favours the prepared mind!
Newsletters: http://aiep1.bravepages.com

__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com
6373

From: Hawkspirit <hawkspirit@e...> 
Date: Fri Oct 11, 2002 0:14pm
Subject: Smart Dust
  
>Subject: Smart Dust
>
>http://robotics.eecs.berkeley.edu/~pister/SmartDust/
>
>The science/engineering goal of the Smart Dust project is to demonstrate 
>that a complete sensor/communication system can be integrated into a cubic 
>millimeter package. This involves both evolutionary and revolutionary 
>advances in miniaturization, integration, and energy management. We aren't 
>targeting any particular sensor, in fact there is no direct funding for 
>sensor research in the project (but we've got quite a few to choose from 
>based on a decade or two of outstanding MEMS work at Berkeley and elsewhere).
>We're funded by DARPA, so we will demonstrate Smart Dust with one or more 
>applications of military relevance. In addition, we're pursuing several 
>different applications with commercial importance, and we've got a long 
>list of applications to work on if we only had the time. Here's a sampling 
>of some possible applications, in no particular order:
6374

From: <MACCFound@a...> 
Date: Fri Oct 11, 2002 10:01am
Subject: World's greatest computer hacker raises alarm
  
World's greatest computer hacker raises alarm
Barred from writing about his own case for 10 years, Kevin Mitnick describes 
classic computer crimes – and how to thwart them
By Simson Garfinkel

Kevin Mitnick may have been the greatest computer hacker the world has ever 
known. At least, the FBI treated him that way. In the 1980s, Mitnick 
allegedly broke into computer systems belonging to Pacific Bell, Digital 
Equipment, and the North American Air Defense Command. In the 1990s, Mitnick 
became the subject of a nationwide manhunt by the FBI. The New York Times ran 
a front-page story about his alleged attempts to steal cellular telephone 
software on July 4, 1994. He was finally apprehended by computer expert 
Tsutomu Shimomura on Feb. 15, 1995. 

Mitnick was held in jail for four years without facing trial because his 
attorney never had a chance to review the government's evidence against him. 
It was repeatedly withheld on the grounds that releasing it would compromise 
national security.

Meanwhile, three books were published on Mitnick's capture – including one by 
Shimomura and John Markoff, The New York Times reporter who many say stepped 
over ethical lines and participated in the investigation. Disney and Miramax 
produced a movie on the caper. It premièred in France but was shut down by a 
combination of protests and a lawsuit.

In the meantime, Mitnick's case became a cause célèbre among many in the 
shadowy world of the computer underground. When The New York Times website 
was hacked in September 1998, the hacker's message was that Mitnick had been 
unfairly targeted. Dozens of websites devote themselves to the treatment that 
Mitnick has received. Many others debunk the government's assertion that he 
was personally responsible for more than $80 million in corporate losses.

This backstory is critically important for understanding Kevin Mitnick's 
first book, "The Art of Deception," in which the reformed hacker- 
turned-security-consultant explains in painstaking detail how the reliance on 
modern communications technology has made US businesses more vulnerable to 
19th-century style cons and swindles.

His book contains roughly two dozen case studies of "social engineering" in 
which a hacker successfully identifies a piece of information, gets it, and 
then vanishes.

One such story describes how a man named Rick Daggot showed up one day at a 
small startup robotics company for a meeting with the company's founder and 
vice president. Daggot was friendly and well-dressed and claimed to be 
joining the company's team. There was just one problem: The founder wasn't in 
town; Daggot had inadvertently come on the wrong day.

Trying to make the most of a bad situation, Daggot offered to take the 
company's receptionist and a few engineers out for lunch. Over drinks they 
talked about – what else – the company's top-secret project. A few days 
later, Daggot called back, saying that he was in touch with the founder, and 
that copies of several key documents should be sent to the founder's new 
e-mail account, the only one he could get working while he was traveling.

Of course, the whole thing was a ruse. The founder was traveling, but Daggot 
worked for the competition. Having gained the trust of a few engineers and 
gotten the documents he needed, Daggot disappeared. When the founder 
returned, he called in the police, but was told that no crime had taken 
place. A few months later, the competitor announced a product that was nearly 
identical to the one described by the stolen documents.

Daggot's story is a good one, and there are a lot of them in "The Art of 
Deception." But alas, all of these stories have the same problem: None of 
them is true. Under the terms of Mitnick's plea bargain, he's prohibited from 
selling his story for 10 years. As a result, this book shines no light on the 
crimes that Mitnick allegedly perpetrated – or on the government's alleged 
excesses in prosecuting him.

Ironically, it's Mitnick's reputation as a deceiver that gives him the 
credibility and even the moral authority to write this book. In interviews, 
Mitnick has confirmed that many of these stories are based on exploits from 
his past.

Although some will accuse Mitnick of creating a handbook that teaches crooks 
how to break into organizations, the truth is that we all need to understand 
these con games to protect against them. To stress this point, his last two 
chapters contain policies, procedures, and training that companies can 
implement to further protect themselves. In keeping with his premise that the 
most damaging security penetrations are the result of deceit – not technical 
penetration – almost none of Mitnick's suggestions is technical in nature.

The most important recommendation is that when somebody contacts you claiming 
to be from your organization, you need to verify that they are working for 
your organization – no matter whether they are asking for your help, offering 
to help you, or just trying to be friendly.

A more controversial suggestion is that organizations should launch simulated 
"social engineering attacks" on their own employees. Although the training 
would be invaluable, Mitnick acknowledges that some companies might not want 
to intentionally lie to their employees.

"Nine out of every 10 large corporations and government agencies have been 
attacked by computer intruders," states Mitnick, basing his analysis on the 
Computer Security Institute's annual survey. Let's hope that if they 
implement the strategies in this book, companies that are attacked won't be 
so easily penetrated.

• Simson Garfinkel is a graduate student at the MIT Laboratory for Computer 
Science, and the author of numerous books on computers, security, and privacy.

The Art of Deception: Controlling the Human Element of Secrecy
By Kevin Mitnick
John Wiley & Sons304 pp., $27.50
6375

From: R. Snyder <rds_6@y...> 
Date: Fri Oct 11, 2002 9:46am
Subject: RE: Foreign Caller ID
  
Caller ID info is transmitted over the subscriber loop
using 300-baud FSK Bell 103 modem tones. However, the
Caller ID info is passed before an actual voice
circuit is established, so Caller ID info is passed
inter-office via SS7. Presumably, other countries not
only have SS7 international trunks (which is to be
expected), but are also upgrading their local switches
to pass the necessary calling party ID on to the SS7
international trunks.

To add some relevancy to TSCM, these changes are
generally beneficial, as in-band communications beyond
the CO are inhibited unless a phone is actually
off-hook, which helps thwart hookswitch bypass,
infinity transmitter, and phreaker's black box usage
beyond the local CO. I am not aware of any successful
attempts to co-opt SS7 or Caller ID protocols to
convey non-signalling-related information.

__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com
6376

From: A.Lizard <alizard@e...> 
Date: Fri Oct 11, 2002 4:07pm
Subject: Re: Re; infrared laser
  
At 10:44 AM 10/11/02 +0000, you wrote:

Wouldn't the "vibrate the window" solutions jam any attempt to use a 
separate reflector put inside the room, both by randomising the beam 
placement within the room due to the refractivity of the glass being 
physically moved by the glass vibrations and by putting a secondary 
modulation onto the IR beam in both directions which would *not* 
necessarily be cancelled out via bi-directional passage through the glass?

A.Lizard


>Message: 2
> Date: Wed, 9 Oct 2002 22:26:57 -0700 (PDT)
> From: Monty <monty399@y...>
>Subject: Re: Re; infrared laser
>
>THANK YOU KIRK !!!
>
>Everyone kept talking about the window. But as
>you said, the window is normally not the
>target of choice. We have found in practical use
>that normally the window is very difficult. You
>always had to deal with the outside noise along
>with the building noise. As long as the operator
>can see something (almost anything) inside that
>can vibrate to noise (soda can, post-it note, paper
>tacked to wall, coffee cup, etc, etc, etc, etc)
>you have not protected the area.
>
>
>Thanks Kirk
>Monty
>
>--- Kirk Adirim <kirk@t...> wrote:
> > Modulating the window with white/pink noise and/or
> > music is a fine idea if
> > you assume that the enemy is bouncing a beam off the
> > window pane. However
> > Real world laser eavesdropping is more sophisticated
> > than that. A reflective
> > surface, coating or microprisms are left behind on
> > walls, ceilings, fixtures
> > or other objects Inside the target room (even
> > hairspray works). A window is
> > just a portal to pass the beam through on it's way
> > to and from the
> > reflective surface (the glass of a picture frame,
> > the frame, the picture, or
> > the wall itself can be used).
> > The reflective surface doesn't have to be bright and
> > shiny to our eyes, it
> > can be optically dull and flat in the visible
> > spectrum. As long as it's
> > reflective at the wavelength being used by the
> > laser, and that doesn't
> > necessarily mean it's in the Infrared spectrum.
> > Final analysis..... Buy the curtains and modulate
> > them with a fan or small
> > vibrating motor.
> >
> > Kirk
> > www.tactronix.com
> >
> >
> > [Non-text portions of this message have been
> > removed]
> >
> >
>
>
>__________________________________________________
>Do you Yahoo!?
>Faith Hill - Exclusive Performances, Videos & More
>http://faith.yahoo.com
>

************************************************************************
member The Internet Society (ISOC), The HTML Writers Guild.
"Those who would trade liberty for security shall have neither."
Benjamin Franklin
Personal Website http://www.ecis.com/~alizard
business Website http://reptilelabs.com
backup address (if ALL else fails) alizard@C...
PGP 7.0.3 key available by request,keyserver,or on my Web site
Download PGP from http://www.pgpi.org for e-mail privacy.
PGPfone v2.1 available for secure voice conferencing, get
your own (W9x,NT,Mac) at http://www.pgpi.org/products/nai/pgpfone/
Disaster prep info: http://www.ecis.com/~alizard/y2k.html
************************************************************************
6377

From: Fernando Martins <fernando.martins@e...> 
Date: Sat Oct 12, 2002 0:53pm
Subject: RE: World's greatest computer hacker raises alarm
  
"World's greatest computer hacker" should be corrected to "World's
greatest known computer criminal"
If I know how to pass alarm and access control systems, that makes me a
thief?

"The Art of Deception: Controlling the Human Element of Secrecy By Kevin
Mitnick"
Where is the elite art of deception and secrecy if he was in jail for
lack of both?

"In the 1980s, Mitnick allegedly broke into computer systems" ...
Allegedly? Yeah, right ...

In some site, so years ago, it was something like this, regarding
Mitnick:
"At the same time, in some IRC network some guys just keep a huge smile
... They got the world's greatest hacker ..."

""Nine out of every 10 large corporations and government agencies have
been attacked by computer intruders," states Mitnick, basing his
analysis on the Computer Security Institute's annual survey."
I just wich that some day Mr. Richard Power write a book with the rest
of what he knows ... Like, about all the other hackers that the world
don't know ...

FM
6378

From: kondrak <kondrak@s...> 
Date: Sat Oct 12, 2002 4:15pm
Subject: Re: RE: Foreign Caller ID
  
Correct, SS7 is sent via inter-machine circuits, and is thus "out-of-band" 
signalling, and not available to the end user. Its relatively safe, you'd 
have to hack into the switch and then the SS7 circuits.

> I am not aware of any successful
>attempts to co-opt SS7 or Caller ID protocols to
>convey non-signalling-related information.
6379

From: Steve Uhrig <steve@s...> 
Date: Sat Oct 12, 2002 8:18pm
Subject: Our friendly neighborhood sniper - some observations
  
This matter refers to the sniper operating in the MD suburbs of DC 
and in the Northern VA area. Eight deaths as I write this.

Upon doing an independent analysis over the last few days, I happened 
to notice the fact that EACH county or jurisdiction where a shooting 
took place was an area NOT covered by a digital public safety radio 
system.

Digital radio systems cannot be monitored by scanners or anyone 
without extensive authorized knowledge of the communications system. 
In other words, monitoring is not possible realistically in those 
jurisdictions. Some areas in Fairfax County, for example, do have 
arrangements to allow the press and others approved by the police 
dept to purchase their own digital radio and have it programmed to 
monitor only certain general dispatch services (talkgroups).

Analog (older) two way radio systems however, were used in EACH AND 
EVERY jurisdiction where a shooting occurred. Analog communications, 
including analog trunking, can be monitored on inexpensive scanners 
widely available from Radio Shack and elsewhere. This may indicate 
the shooter monitors public safety transmissions on a scanner and 
should be a valuable piece of information. If he can't monitor them 
(meaning in an area served by digital), he apparently stays away.

Due to the proliferation of digital systems, this info might help in 
profiling areas where he/she/it is likely to strike again. No sense 
wasting resources where they are not needed.

I don't have any contacts to share this observation with. If any MISA 
members are working the case and have a connection with someone who 
matters, this snippet of information probably would be quite 
valuable. Simply forward this email or print it and hand deliver. My 
contact info is in my signature.

Of course, this could be pure coincidence, but I seriously doubt it.

If I were the FBI, I would map each shooting, and indicate the exact 
type of commo system used by public safety in that jurisdiction. Then 
I would map all neighboring jurisdictions where analog still is in 
use. Those areas where analog still is being used are, in my opinion, 
far more likely to be target areas than where digital is implemented 
and where proactive resources should be deployed.

Another point for the profile: the sniper almost certainly is using a 
scanner and probably has some technical/communications background, 
possibly even public safety. I could go into more detail on the type 
of scanner if anyone feels this info is useful. I would need the info 
on the commo systems in each jurisdiction described above.

A federal technoweenie will be able to read between the lines on all 
this and would not need any input from me to understand exactly what 
I am saying.

If this guy isn't picked up, there may be no Halloween activity in 
this area of Maryland which would disappoint kids and dentists.

Steve


*******************************************************************
Steve Uhrig, SWS Security, Maryland (USA)
Mfrs of electronic surveillance equip
mailto:Steve@s... website http://www.swssec.com
tel +1+410-879-4035, fax +1+410-836-1190
"In God we trust, all others we monitor"
*******************************************************************
6380

From: frost_bitten_ca <mccoy@i...> 
Date: Sat Oct 12, 2002 8:12am
Subject: Coming soon to a theatre near you - endless mischief potential
  
We've heard hypersonic sound. It could change everything.

by Suzanne Kantra Kirschner

It's the most promising audio advance in years, and it's coming this 
fall: Hypersonic speakers, from American Technology (headed by the 
irrepressible Woody Norris, whose radical personal flying machine 
appeared on our August cover), focus sound in a tight beam, much like 
a laser focuses light. The technology was first demonstrated to 
Popular Science five years ago ("Best of What's New," Dec. '97), but 
high levels of distortion and low volume kept it in R&D labs. When it 
rolls out in Coke machines and other products over the next few 
months, audio quality will rival that of compact discs. 

The applications are many, from targeted advertising to virtual rear-
channel speakers. The key is frequency: The ultrasonic speakers 
create sound at more than 20,000 cycles per second, a rate high 
enough to keep in a focused beam and beyond the range of human 
hearing. As the waves disperse, properties of the air cause them to 
break into three additional frequencies, one of which you can hear. 
This sonic frequency gets trapped within the other three, so it stays 
within the ultrasonic cone to create directional audio. 

Step into the beam and you hear the sound as if it were being 
generated inside your head. Reflect it off a surface and it sounds 
like it originated there. At 30,000 cycles, the sound can travel 150 
yards without any distortion or loss of volume. Here's a look at a 
few of the first applications. 

1. Virtual Home Theater 
How about 3.1-speaker Dolby Digital sound? With hypersonic, you can 
eliminate the rear speakers in a 5.1 setup. Instead, you create 
virtual speakers on the back wall. 

2. Targeted Advertising
"Get $1 off your next purchase of Wheaties," you might hear at the 
supermarket. Take a step to the right, and a different voice hawks 
Crunch Berries. 

3. Sound Bullets
Jack the sound level up to 145 decibels, or 50 times the human 
threshold of pain, and an offshoot of hypersonic sound technology 
becomes a nonlethal weapon. 

4. Moving Movie voices
For heightened realism, an array of directional speakers could follow 
actors as they walk across the silver screen, the sound shifting 
subtly as they turn their heads. 

5. Pointed Messages
"You're out too far," a lifeguard could yell into his hypersonic 
megaphone, disturbing none of the bathing beauties nearby. 

6. Discreet Speakerphone
With its adjustable reach, a hypersonic speakerphone wouldn't disturb 
your cube neighbors. 

http://www.popsci.com/popsci/science/article/0,12543,351353,00.html
6381

From: Gregory Perry <gvp@c...> 
Date: Sat Oct 12, 2002 9:45am
Subject: Re: RE: Foreign Caller ID
  
Right, SS7 is out of band signalling - there are some potential issues with Call Waiting CLID, however. SS7 is also very TCP/IP-like in nature, so a lot of the same vulnerabilities apply (on the network side); sequence number prediction, spoofing attacks etc. 

---------------------------------

"Seekers there are in plenty:  but they are almost 
all seekers of personal advantage.    I can find so 
very few Seekers after Truth."  (Sa'adi)


The following message was sent by "R. Snyder" <rds_6@y...> on Fri, 11 Oct 2002 07:46:18 -0700 (PDT).

> Caller ID info is transmitted over the subscriber loop
> using 300-baud FSK Bell 103 modem tones. However, the
> Caller ID info is passed before an actual voice
> circuit is established, so Caller ID info is passed
> inter-office via SS7. Presumably, other countries not
> only have SS7 international trunks (which is to be
> expected), but are also upgrading their local switches
> to pass the necessary calling party ID on to the SS7
> international trunks.
> 
> To add some relevancy to TSCM, these changes are
> generally beneficial, as in-band communications beyond
> the CO are inhibited unless a phone is actually
> off-hook, which helps thwart hookswitch bypass,
> infinity transmitter, and phreaker's black box usage
> beyond the local CO. I am not aware of any successful
> attempts to co-opt SS7 or Caller ID protocols to
> convey non-signalling-related information.
> 
> __________________________________________________
> Do you Yahoo!?
> Faith Hill - Exclusive Performances, Videos & More
> http://faith.yahoo.com
> 
> 
> 
> ========================================================
> TSCM-L Technical Security Mailing List
> "In a multitude of counselors there is strength"
> 
> To subscribe to the TSCM-L mailing list visit:
> http://www.yahoogroups.com/community/TSCM-L
> 
> It is by caffeine alone I set my mind in motion.
> It is by the juice of Star Bucks that thoughts acquire speed,
> the hands acquire shaking, the shaking is a warning.
> It is by caffeine alone I set my mind in motion.
> =================================================== TSKS 
> 
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 
> 
> 
>
6382

From: kondrak <kondrak@s...> 
Date: Sun Oct 13, 2002 5:56am
Subject: Under the Kremlin :
  
>
>CIA Kremlin bug 'saved Gorbachev'
>
>The newly revealed exploits of spies who operated in underground tunnels
>
>Nick Paton Walsh in Moscow
>Sunday October 13, 2002
>The Observer
>
>The CIA dug a tunnel under the Kremlin and installed a hi-tech bugging
>system to eavesdrop on the Soviet Union's most senior figures, according
>to the former US intelligence officer who executed the plan.
>
>The device was put in by a US agent who had to wear a protective suit
>and was guided by satellite and sonar images of Moscow's underground.
>The bugging formed part of audacious operations to rescue a key
>defector, a KGB officer with responsibility for eavesdropping, and to
>alert Boris Yeltsin to the attempted coup against Mikhail Gorbachev.
>
>This wasn't part of the Cold War - the intrusion into the seat of Soviet
>power occurred in 1989, when Washington and Moscow were trying to smooth
>relations.
>
>'The stories about a five-level city beneath Moscow are true,' said Tony
>Mendes, a former Moscow-based CIA technical officer, now retired. 'These
>are tunnels from ancient times - Ivan the Terrible did a lot of digging
>and torturing. But some of the tunnels were recently made.'
>
>An agent, whom Mendes refuses to say worked for the US government,
>entered the tunnel system one night equipped with computer guidance
>systems, air filters and maps. He negotiated the sewer and metro system
>to reach tunnels running under the Kremlin. One of these passed directly
>beneath the nerve centre of the 16th Directorate, the KGB's electronic
>ears, which also dealt with state communications.
>
>That night Mendes was in the Kremlin theatre attending a performance of
>the ballet Koppelia. The audience also included a US mole in the 16th
>Directorate, 'Major Peter Leonov', and his wife. Two of the ushers were
>CIA agents in disguise.
>
>When the Russian couple went to the toilet during the interval, they
>were joined by the two agents, who donned disguises to make them look
>like Leonov and his wife and returned to the couple's seats. The
>Leonovs, now dressed as the ushers went to the service lifts.
>
>They went to a tunnel entrance to meet the subterranean agent. Leonov
>then reportedly showed the agent where to plant the listening device in
>the communication system.
>
>The Leonovs left the Soviet Union days later on a ferry from one of the
>Baltic states.
>
>Mendes claims the eavesdropping device was instrumental in thwarting the
>coup in August 1991, when Gorbachev was detained at his dacha by the
>military. President George Bush Senior and Prime Minister John Major
>called Yeltsin to urge him to stand up to the army.
>
>'How do you think they knew about all this?' said Mendes. However,
>Russian moles in US intelligence betrayed Mendes's network.
>
>'For years we were mining high-grade gold,' he said. 'But things started
>going awry in 1985. We thought we knew what the KGB was doing, but then
>our group of 25 started being caught and executed.
>
>'This all had to do with Aldrich Ames and Robert Hanssen [Russian moles
>in the CIA's Russia department and the FBI's intelligence unit], but we
>did not find out until years later.'
>
>Guardian Unlimited © Guardian Newspapers Limited 2002
6383

From: <TSCM-L@yahoogroups.com> 
Date: Sun Oct 13, 2002 2:56pm
Subject: File - Gold List
  
The current version of this list may be found at: http://www.tscm.com/goldlist.html

------------------------------------------------------------------------

Recommended U.S. TSCM Firms 

The following is a list of private TSCM firms who specialize in "bug sweeps" and wiretap detection and all of whom have legitimate TSCM training, credentials, and equipment (all are very well respected within the industry). 

While most TSCM specialists are available for travel outside of a specific geographic area they tend to avoid such engagements, or will limited the services to vulnerability analysis, pre-construction assistance, non-instrumented inspections, simple RF checks, in-place monitoring, or limited TSCM services involving only a briefcase sized in-place monitoring system (such as a single spectrum analyzer, MSS, Eagle, ScanLock, OSCOR, SPECTRE, ROSE, or similar system). 

These private TSCM firms tend to operate in a specific geographic area limited to a few hundred miles (usually within a four to six hour automobile drive). However, all of the TSCM firms listed here are available for travel anywhere in the United States or the World on short notice, but only provide limited services when operating outside of their normal coverage area. This limited coverage area is due to the logistics involved in transporting hundreds and often thousands of pounds of sophisticated, highly sensitive electronic instruments, equipment and tools. Bug sweeps and wiretap detection involves the use of ladders, pole climbing equipment, LAN analyzers, X-ray systems, large antennas and other equipment which is not easily transported by airplane. 

TSCM firms also tend to restrict their operations to a specific geographic area to facilitate an expert level of knowledge regarding the RF environment, construction methods used, community zoning, population demographics, civil engineering, aeronautic or maritime facilities, local military bases, and related areas. Knowledge of such regional information is critical for a successful TSCM project. 

The TSCM specialist must also have an intimate knowledge of the telephone systems, engineering methods, fiber optics, major cable locations, central office switches, test numbers, and related communications infrastructure present or being used in an area (which tends to be very regional). 

An understanding of what types of eavesdropping devices, methods, and frequencies are being used in an area is also important, as is a knowledge of what type of surveillance equipment is being sold within that region (and other areas). The TSCM Procedural and Protocols Guides used by a specialist also tend to be based on specific issues and variables present in that specific geographic area. 

On a more interesting note, many of these firms are located in, or near major maritime port cities. The heaviest concentrations are around major cities on the East and West coasts with a very limited presence in the Mid-West, Great Plains, and Rockies. 

If you are in the Mid-West, Great Plains, or Rockies area you would need to engage a TSCM firm from one of the major port cities. For example customers in Chicago, St. Louis, Memphis, Denver, Salt Lake City, Minneapolis, Billings, etc. would need to fly a TSCM specialist in from Boston, New York, Washington DC, Los Angles, Lexington, or Seattle. 

------------------------------------------------------------------------

Please be patient when contacting these firms, as if they are out serving a client they may not be able to return your call for several hours. 

Rates generally are non-negotiable and reflect the cost of the sweep practitioner's time, investment in equipment acquisition and maintenance, several weeks of in-service training a year, travel, administrative and communications time and expense to coordinate the sweep and written report, and a fair profit for their services. 

It is very unwise to shop for sweeps by using price as a criteria as it only invites getting ripped off. Legitimate TSCM professionals are not interested in, nor will then engage in negotiating for a lower price. When you contact persons on this list, you are talking with someone in the same league as an attorney or surgeon, not a salesman. In fact most of the people listed on this page have more time in their specialized training than do most attorneys or medical professionals. 

Anything beyond an initial phone call usually will be billable time. Attorneys and doctors don't consult for free, and neither do legitimate TSCM specialists. If a potential client calls with a long list of questions not pertaining directly to hiring the practitioner, or wants to know how to do his own sweep, or wants to know how to use the sweep kit he purchased on his own, expect to pay an hourly rate in advance for consulting services. 

If you are considering engaging (or have already engaged) a TSCM firm and they are not listed in the following directory you would do well to immediately ask some awkward questions. 

It is also important you understand that legitimate services by a competent TSCM firm rarely start at less then several thousand dollars for even a basic sweep. 

Keep in mind that there only a small number of legitimate and competent TSCM counterintelligence specialists or "Bug Sweepers" in the U.S. private sector. Legitimate TSCM firms are in very high demand, hard to find, and expensive; so be patient when trying to find one to help you. 

Also, the firms listed on this page are not attorneys and cannot tell you whether it is legal or illegal for you to monitor your own phones. Always call a competent licensed attorney for legal advice. Without exception, no one listed here performs eavesdropping services or sells surveillance equipment to any other than government agencies AND WILL NOT REFER YOU TO ANYONE WHO DOES. 

When you contact any of the following firms please mention that you saw them listed on this web site. 

------------------------------------------------------------------------

 All of New England, Upstate New York, and the Boston Metropolitan Area 
(MA, RI, CT, VT, NH, ME, New York State including Long Island, and some of New Jersey)
Available on a limited basis to cover any location within 1000 miles of Boston. 


James M. Atkinson 
Granite Island Group 
127 Eastern Avenue #291 
Gloucester, MA 01931-8008 

(978) 381-9111 Telephone 

URL: http://www.tscm.com/ 
 E-mail: jmatk@tscm.com

------------------------------------------------------------------------

Stamford, Connecticut Metropolitan Area 
(also, Manhattan, Long Island, and New Jersey) 

Sam Daskam 
Information Security Associates, Inc. 
38 Settlers Trail 
Stamford, CT 06903 

(203) 329-8387 Telephone 

URL: http://www.isa-tscm.com/ 
 E-mail:sales@i...

------------------------------------------------------------------------

Norwalk, and Lower Fairfield Country Area 
(also, Manhattan, Long Island, Philadelphia, and New Jersey) 

Rob Muessel 
TSCM Technical Services 
11 Bayberry Lane 
Norwalk, CT 06851 

(203) 354-9040 Telephone 

URL: http://www.tscmtech.com/ 
 E-mail:rmuessel@t...

------------------------------------------------------------------------

Greater Philadelphia and Harrisburg Metropolitan Area 
(also, serving South-Eastern and Central Pennsylvania) 

Bob Motzer 
RCM and Associates 
609 Sandra Lane 
Phoenixville, PA 19460 

(888) 990-6265 Telephone 

 E-mail: 1RCM@M...

------------------------------------------------------------------------

Washington DC and Baltimore Metropolitan Area 
(also, Virginia, Delaware, and Pennsylvania) 

Steve Uhrig 
SWS Security 
1300 Boyd Road 
Street, MD 21154-1836 

(410) 879-4035 Telephone 

URL: http://www.swssec.com/ 
E-mail: steve@s...

------------------------------------------------------------------------

Houston, Dallas, Austin, and Galveston 
(also, Gulf Coast of Texas and Louisiana) 

Rick Udovich 
Communication Security, Inc. 
2 Shadow Lane 
Bay City, TX 77414 

(979) 244-4920 Telephone 

URL: http://www.bugsweep.com/ 
E-mail: rjudo@s...

------------------------------------------------------------------------

Atlanta Metropolitan Area, Southeastern US 
(also, AL, FL, GA, NC, SC, TN) 

Buzz Benson 
Executive World Services, Inc. 
P.O. Box 33 
Braselton, Georgia 30517-0033 

(678) 316-7002 Telephone 

URL: http://www.executiveworldservices.com/ 
E-mail: sales@e...

------------------------------------------------------------------------

Lexington KY Metropolitan Area 
(also, Louisville, Cincinnati, and Central Midwest) 

Bill G. Rhoads 
Intelcom, Inc. 
121 Prosperous Place, Suite 4B 
Lexington, KY 40509 

(859) 263-9425 Telephone 

E-mail: bgr101@a...

------------------------------------------------------------------------

Michigan and Surrounding Area 
(also, Indiana, Ohio, and Northern Midwest Region) 

Chad Margita 
Off Duty Security 
18301 Eight Mile Rd, Suite 214 
Eastpointe, MI 48021 

(586) 774-1675 Telephone 

E-mail: offdutysecurity@c...

------------------------------------------------------------------------

Washington State and Seattle WA Metropolitan Area 
(also, Oregon, and the Pacific North West) 

Gordon Mitchell 
Future Focus, Inc. 
P.O. Box 2547 
Woodinville, WA 98072 

(888) BUG-KILR Telephone 

URL: http://www.bug-killer.com/ 
E-mail: enquiries@b...

------------------------------------------------------------------------

San Francisco and all of Northern California 
(also, Silicon Valley Area) 

William Bennett 
Walsingham Associates, Inc. 
P.O. Box 4264 
San Rafael, CA 94913 

(415) 492-1594 Telephone 

E-mail: walsingham@c...

------------------------------------------------------------------------

Los Angeles Metropolitan Area, Beverly Hills, Orange County, Los Angles County, San Diego County 
(also, Riverside County, and Ventura County) 

Rick Hofmann 
Microsearch LLC 
P.O. Box 2084 
Cypress, CA 90630 

(714) 952-3812 Telephone 

URL: http://home.earthlink.net/~microsearch 
E-mail: tscmsweeps@e...

------------------------------------------------------------------------

Los Angeles Metropolitan Area, Beverly Hills, Orange County, Los Angles County, San Diego County, San Francisco, Silicon Valley, San Jose, San Diego, and Las Vegas. 
(Also, anywhere in a thousand mile radius from Los Angeles.) 

Roger Tolces 
Electronic Security 
6646 Hollywood Blvd. #212 
Los Angeles, CA 90028 

(323) 462-1351 Telephone 

URL: http://www.bugsweeps.com/ 
E-mail: info@b...

------------------------------------------------------------------------
6384

From: <TSCM-L@yahoogroups.com> 
Date: Sun Oct 13, 2002 2:56pm
Subject: File - mission.txt
  
TSCM-L Technical Security Mailing List - Dedicated to TSCM specialists engaging in expert technical and analytical research for the detection, nullification, and isolation of eavesdropping devices, wiretaps, bugging devices, technical surveillance penetrations, technical surveillance hazards, and physical security weaknesses. This also includes bug detection, bug sweep, and wiretap detection services. 

Special emphasis is given to detecting and countering espionage and other threats and activities directed by foreign intelligence services against the United States Government, United States corporations, establishments, and citizens. 


The list includes technical discussion regarding the design and construction of SCIF facilities, Black Chambers, and Screen Rooms. This list is also for discussing DIAM 50-3, NSA-65, and DCID 1/21, 1/22 compliance. 


The primary goal and mission of this list is to "raise the bar" and increase the level of professionalism present within the TSCM business. 


The secondary goal of this list is and increase the quality and effectiveness of our efforts so that we give spies and eavesdroppers no quarter, and to neutralize all of their espionage efforts. 


This mailing list is moderated   by James M. Atkinson and sponsored by Granite Island Group as a public service to the TSCM, Counter Intelligence, and technical security community.
6385

From: Dave Emery <die@d...> 
Date: Sun Oct 13, 2002 1:35am
Subject: Re: Our friendly neighborhood sniper - some observations
  
On Sat, Oct 12, 2002 at 09:18:26PM -0400, Steve Uhrig wrote:
> This matter refers to the sniper operating in the MD suburbs of DC 
> and in the Northern VA area. Eight deaths as I write this.
> 
> Upon doing an independent analysis over the last few days, I happened 
> to notice the fact that EACH county or jurisdiction where a shooting 
> took place was an area NOT covered by a digital public safety radio 
> system.
> 
> Digital radio systems cannot be monitored by scanners or anyone 
> without extensive authorized knowledge of the communications system. 
> In other words, monitoring is not possible realistically in those 
> jurisdictions. Some areas in Fairfax County, for example, do have 
> arrangements to allow the press and others approved by the police 
> dept to purchase their own digital radio and have it programmed to 
> monitor only certain general dispatch services (talkgroups).
> 

Your information is very interesting and matches what I myself
have speculated but not known as I don't live down there...

However I think you may exaggerate the difficulty of obtaining
access to unencrypted APCo-25 (and even EDACS) public safety digital
radio systems. Quite a few serious hobbyists and media types have
programmed radios purchased on eBay or via auctions or hamfests to
monitor digital systems. And apparently the correct hacks to the
Motorola RSS software to do so without formal access to "system key"
file encryption information are in fairly wide circulation, both among
legitimate users (dealers and others who have purchased it from
Motorola) and bootleg. Obtaining the relevant trunking information
required such as the system ID and active talkgroups can be readily done
with a PC and a scanner by monitoring the control channel with available
PC based public domain data dumping software.

And far more important than the fact a few dedicated hobbyists
and media types have purchased and programmed commercial radios to use
in receive only mode to monitor systems, is the soon to be available
family of digital capable scanners. Uniden is about to start shipping
two - a portable and a mobile type and AOR is about to start shipping an
adapter for their high end receivers that decodes the APCO-25 data
stream. Others may soon follow. And these of course will follow ALL
non-encrypted talk groups on the systems...

Obviously no one who lacks inside information could ever 
determine encryption keys for encrypted talkgroups (in less than many
centuries of trying with very fast hardware), but monitoring digital
traffic on non encrypted talk groups hardly requires "extensive
authorized knowledge of the communication system". APCO 25 is
documented and published and radios that will decode the basic
modulation have been sold to and by the public for years. And it hardly
is impossible for smart members of the public with no authorized
connection to law enforcement at all to figure out a way of programming
a radio to listen to a system whose frequencies, talk groups and other
information they already know. Nor have those with software skills
ignored the possibility of decoding APCO-25 on a PC connected to the
discriminator of a scanner.

On the other hand, of course, I will grant you that the skill
and determination required to obtain access to the digital traffic prior
to the public availability of digital capable scanners is perhaps an
order of magnitude or two greater than what is required to monitor
analog fm based public safety radio systems with a scanner purchased at
Radio Shack. But certainly not something that requires extensive
AUTHORIZED knowledge, or something outside the ken of smart members of
the general public, perhaps including someone like terrorists or a smart
but deranged sniper.

I might close with the observation that to this observer (who is
an engineer, not a LEA type) the sniper attacks look like an Al Qaeda
distraction and deception operation intended to tie up law enforcement
and the public in the DC area whilst the real bastards drive the yellow
or blue truck with the nuke or 20 tons of ANFO or whatever right into DC
unmolested. I hope LEAs have thought of this possiblity....

-- 
Dave Emery N1PRE, die@d... DIE Consulting, Weston, Mass. 
PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
6386

From: News Tracker <healey@s...> 
Date: Mon Oct 14, 2002 5:36pm
Subject: How Mobile Phones Let [Government] Spies See Our Every Move
  
Dang, they mean 'see' in the literal sense, possibly even through walls in future planned refinements! 

Who would have thought this was even technically possible? 
- Vic -

How Mobile Phones Let Spies See Our Every Move

Celldar project uses mobile phone masts to allow security authorities to watch vehicles and individuals 'in real time' almost anywhere in Britain.

Link to story in The Guardian (London, UK):
http://politics.guardian.co.uk/homeaffairs/story/0,11026,811084,00.html


[Non-text portions of this message have been removed]
6387

From: Marcel <Marcelrf@B...> 
Date: Mon Oct 14, 2002 10:26pm
Subject: Re: How Mobile Phones Let [Government] Spies See Our Every Move
  
The People at VA Tech MPRG have been experimenting with this technology since the 1990's. They also hold a few patents.

News Tracker wrote:

> Dang, they mean 'see' in the literal sense, possibly even through walls in future planned refinements!
>
> Who would have thought this was even technically possible?
> - Vic -
>
> How Mobile Phones Let Spies See Our Every Move
>
> Celldar project uses mobile phone masts to allow security authorities to watch vehicles and individuals 'in real time' almost anywhere in Britain.
>
> Link to story in The Guardian (London, UK):
> http://politics.guardian.co.uk/homeaffairs/story/0,11026,811084,00.html
>
>
> [Non-text portions of this message have been removed]
>
>
> ========================================================
> TSCM-L Technical Security Mailing List
> "In a multitude of counselors there is strength"
>
> To subscribe to the TSCM-L mailing list visit:
> http://www.yahoogroups.com/community/TSCM-L
>
> It is by caffeine alone I set my mind in motion.
> It is by the juice of Star Bucks that thoughts acquire speed,
> the hands acquire shaking, the shaking is a warning.
> It is by caffeine alone I set my mind in motion.
> =================================================== TSKS
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

--
"NEXTEL-1 IT'S NOT JUST NEXTEL"
Note The New address
Subscribe to Nextel-1: http://www.groups.yahoo.com/subscribe/NEXTEL-1

"NEXTEL2 FOR iDEN SOFTWARE DEVELOPERS"
Subscribe to Nextel2: http://www.groups.yahoo.com/subscribe/NEXTEL2

"WIRELESS FORUM HOMELAND SECURITY GROUP"
The Complete Resource for Wireless Homeland Security.
Subscribe to WFHSG: http://www.groups.yahoo.com/subscribe/WFHSG
6388

From: kondrak <kondrak@s...> 
Date: Mon Oct 14, 2002 9:54pm
Subject: another compromised box
  
This box is attempting to send bugbear viri....

X-Persona: <kondrak>
Return-Path: <TSCM-L@j...>
Delivered-To: kondrak@s...
Received: (qmail 1104 invoked by uid 417); 15 Oct 2002 02:15:59 -0000
Received: from user2.pro-ns.net (HELO mail.pro-ns.net) (208.200.182.45)
by 192.168.0.5 with SMTP; 15 Oct 2002 02:15:59 -0000
Received: from djai2 (d232.pro-ns.net [208.200.182.179])
by mail.pro-ns.net (8.12.6/8.12.5) with SMTP id g9F251nN087276;
Mon, 14 Oct 2002 21:05:17 -0500 (CDT)
(envelope-from TSCM-L@j...)
Date: Mon, 14 Oct 2002 21:05:01 -0500 (CDT)
Message-Id: <200210150205.g9F251nN087276@m...>
From: <TSCM-L@j...>
Subject: [TSCM-L] Digest Number 290
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----------QJJSREYCJT3AFBO"
To: undisclosed-recipients:;


Registrant:
Professional Network Services, Inc.
1313 5th St SE
Suite 105
Minneapolis, MN 55414
US

Domain Name: PRO-NS.NET

Administrative Contact:
O'Hanlon, Bill wmo@p...
1313 5th St SE
Suite 105
Minneapolis, MN 55414
US
612-379-3958
Fax: 612-379-1529

Technical Contact:
O'Hanlon, Bill wmo@p...
1313 5th St SE
Suite 105
Minneapolis, MN 55414
US
612-379-3958
Fax: 612-379-1529



Registration Service Provider:
Professional Network Services, Inc., wmo@p...
612-379-3958
http://www.pro-ns.net


Registrar of Record: TUCOWS, INC.
Record last updated on 21-Mar-2002.
Record expires on 28-Aug-2003.
Record Created on 29-Aug-1996.

Domain servers in listed order:
NS.PRO-NS.NET 208.200.182.10
NS2.PRO-NS.NET 208.200.182.11



NOTE: THE WHOIS DATABASE IS A CONTACT DATABASE ONLY. LACK OF A DOMAIN
RECORD DOES NOT SIGNIFY DOMAIN AVAILABILITY.
6389

From: zack <10-33@c...> 
Date: Tue Oct 15, 2002 7:02am
Subject: Virus sent from TSCM-L@j...
  
Someone is sending a virus, not on this list I belive, but please note the 
from line : From: <TSCM-L@j...>
Subject: [TSCM-L] Digest Number 290 You might mistake it from our list 
and open it.



Received: from mail.pro-ns.net (user2.pro-ns.net [208.200.182.45])
by www.copscops.com (8.10.2/8.10.2) with ESMTP id g9F2Cfg18418
for <10-33@c...>; Mon, 14 Oct 2002 22:12:41 -0400
Received: from djai2 (d232.pro-ns.net [208.200.182.179])
by mail.pro-ns.net (8.12.6/8.12.5) with SMTP id g9F251nN087276;
Mon, 14 Oct 2002 21:05:17 -0500 (CDT)
(envelope-from TSCM-L@j...)
Date: Mon, 14 Oct 2002 21:05:01 -0500 (CDT)
Message-Id: <200210150205.g9F251nN087276@m...>
From: <TSCM-L@j...>
Subject: {VIRUS DETECTED} [TSCM-L] Digest Number 290
MIME-Version: 1.0
content-type: multipart/mixed; boundary="----------QJJSREYCJT3AFBO"
To: undisclosed-recipients:;
X-MailScanner: Found to be infected
X-UIDL: &)(!!kEF!!5j^!!PR2!!
Status: U

------------QJJSREYCJT3AFBO
Content-Type: text/html;
Content-Transfer-Encoding: quoted-printable

<HTML><P><B><FONT SIZE=3D"+1" COLOR=3D"red">Warning: </FONT>This message ha=
s had one or more attachments removed. Please read the "VirusWarning.txt" a=
ttachment(s) for more information.</B><BR></P>
<HEAD></HEAD><BODY>
<iframe src=3Dcid:7Js9I9Nkf7vf9 height=3D0 width=3D0>
</iframe>
<FONT></FONT>
------------------------------------------------------------------------<br>
Free Conference Calling with Firetalk!<br>
Host your next egroup meeting live on Firetalk.<br>
Click here!<br>
http://click.egroups.com/1/5478/1/_/507420/_/962101633/<br>
------------------------------------------------------------------------<br>
<br>
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D<br>
TSCM-L Technical Security Mailing List<br>
"In a multitude of counselors there is s
</BODY></HTML>

------------QJJSREYCJT3AFBO
Content-Type: text/plain; charset="us-ascii"; name="VirusWarning.txt"
Content-Disposition: inline; filename="VirusWarning.txt"
Content-Transfer-Encoding: quoted-printable

This is a message from the MailScanner E-Mail Virus Protection Service
----------------------------------------------------------------------
The original e-mail attachment "The Basicsfinal.doc.scr"
was believed to be infected by a virus and has been replaced by this warning
message.

Due to limitations placed on us by the Regulation of Investigatory Powers
Act 2000, we were unable to keep a copy of the infected attachment.

If you know who sent the message please notify them of this Virus Protection
message and ask them to disinfect their original version and send you a cle=
an copy.

If this is from an unknow or bogus source please notify abuse.com
so we can add them to the server ban list.

At Mon Oct 14 22:12:49 2002 the virus scanner said:
/home/spool/MailScanner/incoming/g9F2Cfg18418/The Basicsfinal.doc.scr I=
nfection: W32/Bugbear.A@mm
Windows Screensavers often hide viruses in email in The Basicsfinal.doc.=
scr

--=20
Postmaster

------------QJJSREYCJT3AFBO--


visit http://www.copscops.com
Washington DC Police Department http://mpdc.dc.gov/main.shtm

"Unity... Resolve... Freedom. These are the hallmarks of the American spirit."
George W Bush

God Bless The USA .. NEVER forget 9-11-01
http://www.copscops.com/blessusa.htm




[Non-text portions of this message have been removed]
6390

From: James M. Atkinson <jmatk@tscm.com> 
Date: Tue Oct 15, 2002 2:05pm
Subject: Re: Virus sent from TSCM-L@j...
  
The virus is not actually coming from the list, but coming from 
someone using the email address of "TSCM@j... " (note there is 
no "-L").

"TSCM@j... " is in fact a member of this list, and the virus came 
from HIS COMPUTER, but not from the list.

-jma




At 8:02 AM -0400 10/15/02, zack wrote:
>Someone is sending a virus, not on this list I belive, but please note the
>from line : From: <TSCM-L@j...>
>Subject: [TSCM-L] Digest Number 290 You might mistake it from our list
>and open it.
>
>
>
>Received: from mail.pro-ns.net (user2.pro-ns.net [208.200.182.45])
> by www.copscops.com (8.10.2/8.10.2) with ESMTP id g9F2Cfg18418
> for <10-33@c...>; Mon, 14 Oct 2002 22:12:41 -0400
>Received: from djai2 (d232.pro-ns.net [208.200.182.179])
> by mail.pro-ns.net (8.12.6/8.12.5) with SMTP id g9F251nN087276;
> Mon, 14 Oct 2002 21:05:17 -0500 (CDT)
> (envelope-from TSCM-L@j...)
>Date: Mon, 14 Oct 2002 21:05:01 -0500 (CDT)
>Message-Id: <200210150205.g9F251nN087276@m...>
>From: <TSCM-L@j...>
>Subject: {VIRUS DETECTED} [TSCM-L] Digest Number 290
>MIME-Version: 1.0
>content-type: multipart/mixed; boundary="----------QJJSREYCJT3AFBO"
>To: undisclosed-recipients:;
>X-MailScanner: Found to be infected
>X-UIDL: &)(!!kEF!!5j^!!PR2!!
>Status: U
>
>------------QJJSREYCJT3AFBO
>Content-Type: text/html;
>Content-Transfer-Encoding: quoted-printable
>
><HTML><P><B><FONT SIZE=3D"+1" COLOR=3D"red">Warning: </FONT>This message ha=
>s had one or more attachments removed. Please read the "VirusWarning.txt" a=
>ttachment(s) for more information.</B><BR></P>
><HEAD></HEAD><BODY>
><iframe src=3Dcid:7Js9I9Nkf7vf9 height=3D0 width=3D0>
></iframe>
><FONT></FONT>
>
>------------QJJSREYCJT3AFBO
>Content-Type: text/plain; charset="us-ascii"; name="VirusWarning.txt"
>Content-Disposition: inline; filename="VirusWarning.txt"
>Content-Transfer-Encoding: quoted-printable
>
>This is a message from the MailScanner E-Mail Virus Protection Service
>----------------------------------------------------------------------
>The original e-mail attachment "The Basicsfinal.doc.scr"
>was believed to be infected by a virus and has been replaced by this warning
>message.
>
>Due to limitations placed on us by the Regulation of Investigatory Powers
>Act 2000, we were unable to keep a copy of the infected attachment.
>
>If you know who sent the message please notify them of this Virus Protection
>message and ask them to disinfect their original version and send you a cle=
>an copy.
>
>If this is from an unknow or bogus source please notify abuse.com
>so we can add them to the server ban list.
>
>At Mon Oct 14 22:12:49 2002 the virus scanner said:
> /home/spool/MailScanner/incoming/g9F2Cfg18418/The Basicsfinal.doc.scr I=
>nfection: W32/Bugbear.A@mm
> Windows Screensavers often hide viruses in email in The Basicsfinal.doc.=
>scr
>
>--=20
>Postmaster
>
>------------QJJSREYCJT3AFBO--
>
>
>visit http://www.copscops.com
>Washington DC Police Department http://mpdc.dc.gov/main.shtm
>
>"Unity... Resolve... Freedom. These are the hallmarks of the American spirit."
> George W Bush
>
>God Bless The USA .. NEVER forget 9-11-01
>http://www.copscops.com/blessusa.htm
>

-- 

--------------------------------------------------------------------------------------------------
The First, The Largest, The Most Popular, and The Most Complete TSCM,
Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet.
--------------------------------------------------------------------------------------------------
James M. Atkinson Ph: (978) 381-9111
Granite Island GroupFax: 
127 Eastern Avenue #291http://www.tscm.com/
Gloucester, MA 01931-8008mailto:jmatk@tscm.com
--------------------------------------------------------------------------------------------------
Vocatus atque non vocatus deus aderit
--------------------------------------------------------------------------------------------------
6391

From: Elliott & Associates, Ltd. <information@p...> 
Date: Tue Oct 15, 2002 2:38pm
Subject: Re: Virus sent from TSCM-L@j...
  
Actually I got my copy of the virus from

TSCM-L@g...



There is the very real possibility that the address is being spoofed.


Bill Elliott, CII
ELLIOTT & ASSOCIATES, Ltd. (GMT -6)
http://www.prvt-eye.com
http://www.cybercrimeinternational.com




----- Original Message -----
From: "James M. Atkinson" <jmatk@tscm.com>
To: <TSCM-L@yahoogroups.com>
Sent: Tuesday, October 15, 2002 1:05 PM
Subject: Re: [TSCM-L] Virus sent from TSCM-L@j...


>
> The virus is not actually coming from the list, but coming from
> someone using the email address of "TSCM@j... " (note there is
> no "-L").
>
> "TSCM@j... " is in fact a member of this list, and the virus came
> from HIS COMPUTER, but not from the list.
>
> -jma
>
>
>
>
> At 8:02 AM -0400 10/15/02, zack wrote:
> >Someone is sending a virus, not on this list I belive, but please note
the
> >from line : From: <TSCM-L@j...>
> >Subject: [TSCM-L] Digest Number 290 You might mistake it from our list
> >and open it.
> >
6392

From: kondrak <kondrak@s...> 
Date: Tue Oct 15, 2002 6:26pm
Subject: Re: Virus sent from TSCM-L@j...
  
And thank YOU Bill, for responding in a quick manner. I deal with these 
kind of things all the time, and its refreshing to see a sysadmin who's 
responsive.
I know no one wants to be sending this stuff out in the first place, but 
its amazing the amount of deaf ears/blind eyes when a lot of admins are 
contacted about such problems.

For you and your customer, theres a disinfection tool available at symantec:
http://securityresponse.symantec.com/avcenter/venc/data/w32.bugbear@mm.removal.tool.html

Hope this is some assistance to you.




At 14:47 10/15/02 -0500, you wrote:

>Hi Matt,
>
>Thanks for the heads-up. We think our customer has been infected with
>a virus, and we'll contact them to get them to clean up their computer.
>
>Sorry for the difficulty.
>
>-Bill
>
>
>--
>Bill O'Hanlon wmo@p...
>Professional Network Services, Inc. 612-379-3958
>http://www.pro-ns.net
>
>On Tue, Oct 15, 2002 at 09:37:16AM -0700, Matt Paulsen wrote:
> > The originator is not tscm-l@j... it is 208.200.182.179 which is
> > pro-ns.net the same as the one that kondrak displayed in the 1st email.
> > Read the header - Received: from djai2 (d232.pro-ns.net [208.200.182.179]).
> > Bill, please notify your user that they are sending virii to a listserve of
> > government spooks. Not exactly the way I'd like my company to get
> > recognized by the government if it were me...
> >
> >
> > 1st virus header 1st, 2nd farther down.
> > X-Persona: <kondrak>
> > Return-Path: <TSCM-L@j...>
> > Delivered-To: kondrak@s...
> > Received: (qmail 1104 invoked by uid 417); 15 Oct 2002 02:15:59 -0000
> > Received: from user2.pro-ns.net (HELO mail.pro-ns.net) (208.200.182.45)
> > by 192.168.0.5 with SMTP; 15 Oct 2002 02:15:59 -0000
> > Received: from djai2 (d232.pro-ns.net [208.200.182.179])
> > by mail.pro-ns.net (8.12.6/8.12.5) with SMTP id g9F251nN087276;
> > Mon, 14 Oct 2002 21:05:17 -0500 (CDT)
> > (envelope-from TSCM-L@j...)
> > Date: Mon, 14 Oct 2002 21:05:01 -0500 (CDT)
> > Message-Id: <200210150205.g9F251nN087276@m...>
> > From: <TSCM-L@j...>
> > Subject: [TSCM-L] Digest Number 290
> > MIME-Version: 1.0
> > Content-Type: multipart/alternative; boundary="----------QJJSREYCJT3AFBO"
> > To: undisclosed-recipients:;
> >
> > -----Original Message-----
> > From: zack [mailto:10-33@c...]
> > Sent: Tuesday, October 15, 2002 5:03 AM
> > To: TSCM-L@yahoogroups.com
> > Subject: [TSCM-L] Virus sent from TSCM-L@j...
> >
> >
> > Someone is sending a virus, not on this list I belive, but please note the
> > from line : From: <TSCM-L@j...>
> > Subject: [TSCM-L] Digest Number 290 You might mistake it from our list
> > and open it.
> >
> >
> >
> > Received: from mail.pro-ns.net (user2.pro-ns.net [208.200.182.45])
> > by www.copscops.com (8.10.2/8.10.2) with ESMTP id g9F2Cfg18418
> > for <10-33@c...>; Mon, 14 Oct 2002 22:12:41 -0400
> > Received: from djai2 (d232.pro-ns.net [208.200.182.179])
> > by mail.pro-ns.net (8.12.6/8.12.5) with SMTP id g9F251nN087276;
> > Mon, 14 Oct 2002 21:05:17 -0500 (CDT)
> > (envelope-from TSCM-L@j...)
> > Date: Mon, 14 Oct 2002 21:05:01 -0500 (CDT)
> > Message-Id: <200210150205.g9F251nN087276@m...>
> > From: <TSCM-L@j...>
> > Subject: {VIRUS DETECTED} [TSCM-L] Digest Number 290
> > MIME-Version: 1.0
> > content-type: multipart/mixed; boundary="----------QJJSREYCJT3AFBO"
> > To: undisclosed-recipients:;
> > X-MailScanner: Found to be infected
> > X-UIDL: &)(!!kEF!!5j^!!PR2!!
> > Status: U
> >
> > ------------QJJSREYCJT3AFBO
> > Content-Type: text/html;
> > Content-Transfer-Encoding: quoted-printable
> >
> > <HTML><P><B><FONT SIZE=3D"+1" COLOR=3D"red">Warning: </FONT>This 
> message ha=
> > s had one or more attachments removed. Please read the 
> "VirusWarning.txt" a=
> > ttachment(s) for more information.</B><BR></P>
> > <HEAD></HEAD><BODY>
> > <iframe src=3Dcid:7Js9I9Nkf7vf9 height=3D0 width=3D0>
> > </iframe>
> > <FONT></FONT>
> > 
> ------------------------------------------------------------------------<br>
> > Free Conference Calling with Firetalk!<br>
> > Host your next egroup meeting live on Firetalk.<br>
> > Click here!<br>
> > http://click.egroups.com/1/5478/1/_/507420/_/962101633/<br>
> > 
> ------------------------------------------------------------------------<br>
> > <br>
> > 
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> > 
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
> > =3D=3D=3D=3D=3D=3D<br>
> > TSCM-L Technical Security Mailing List<br>
> > "In a multitude of counselors there is s
> > </BODY></HTML>
> >
> > ------------QJJSREYCJT3AFBO
> > Content-Type: text/plain; charset="us-ascii"; name="VirusWarning.txt"
> > Content-Disposition: inline; filename="VirusWarning.txt"
> > Content-Transfer-Encoding: quoted-printable
> >
> > This is a message from the MailScanner E-Mail Virus Protection Service
> > ----------------------------------------------------------------------
> > The original e-mail attachment "The Basicsfinal.doc.scr"
> > was believed to be infected by a virus and has been replaced by this 
> warning
> > message.
> >
> > Due to limitations placed on us by the Regulation of Investigatory Powers
> > Act 2000, we were unable to keep a copy of the infected attachment.
> >
> > If you know who sent the message please notify them of this Virus 
> Protection
> > message and ask them to disinfect their original version and send you a 
> cle=
> > an copy.
> >
> > If this is from an unknow or bogus source please notify abuse.com
> > so we can add them to the server ban list.
> >
> > At Mon Oct 14 22:12:49 2002 the virus scanner said:
> > /home/spool/MailScanner/incoming/g9F2Cfg18418/The Basicsfinal.doc.scr
> > I=
> > nfection: W32/Bugbear.A@mm
> > Windows Screensavers often hide viruses in email in The
> > Basicsfinal.doc.=
> > scr
> >
> > --=20
> > Postmaster
> >
> > ------------QJJSREYCJT3AFBO--
> >
> >
> > visit http://www.copscops.com
> > Washington DC Police Department http://mpdc.dc.gov/main.shtm
> >
> > "Unity... Resolve... Freedom. These are the hallmarks of the American
> > spirit."
> > George W Bush
> >
> > God Bless The USA .. NEVER forget 9-11-01
> > http://www.copscops.com/blessusa.htm
> >
> >
> >
> >
> > [Non-text portions of this message have been removed]
> >
> >
> >
> >
> > ========================================================
> > TSCM-L Technical Security Mailing List
> > "In a multitude of counselors there is strength"
> >
> > To subscribe to the TSCM-L mailing list visit:
> > http://www.yahoogroups.com/community/TSCM-L
> >
> > It is by caffeine alone I set my mind in motion.
> > It is by the juice of Star Bucks that thoughts acquire speed,
> > the hands acquire shaking, the shaking is a warning.
> > It is by caffeine alone I set my mind in motion.
> > =================================================== TSKS
> >
> > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
> >
> >