ComSec Letter Editor: James A. Ross YOGO 1 1985 COMSEC LETTER The ComSec Letter was started in 1984, The Year Of George Orwell, by Jim Ross. Initially it was mailed at no charge to everyone on his mailing list, and it was later offered by subscription. After the founding of the Communication Security Association, the letter became its official organ. In 1989 the association decided to create a new organ, Comsec Journal; and, in order to minimize confusion, the name of this letter was changed to Surveillance. What follows is an edited version of the contents of one year of the letter. (The letter has been edited to remove topical, superfluous, and outdated items.) Ross Engineering, Inc. 7906 Hope Valley Court Adamstown, MD 21710 Tel: 301-831-8400; Fax: 301-874-5100 January, 1985 THE RIGHT TO PRIVACY In a recent issue of Security Management there was a report of a judicial decision which gives rise to some most serious questions. From the magazine's Legal Reporter section: "Inciarrano v. Florida (35 Cr.L. 3273). The question in this Florida case was whether a tape recording made by the victim of his own murder at the hands of the defendant was admissible as evidence. The victim, unbeknownst to the defendant, had taped their last conversation, including the five gunshots [sic] that killed him. The defendant's attorney objected on the grounds his client had never consented to the recording -- consent is required under Florida law. The Florida Fourth District Court of Appeals agreed and suppressed the evidence." Alice stepped through the looking glass, and what she experienced was sane and orderly compared to this, in our opinion. A man commits murder, and evidence against him cannot be used because his right to privacy was abridged! Doesn't it seem reasonable that a person loses some of his protections under the law while he is violating the law? CREDIT WHERE CREDIT IS DUE. MORE ON CN/A News of a phone company which is doing something which is eminently sensible, logical, reasonable, and also makes them some money for a resource which they own and have never exploited. According to Telephony South Central Bell is now selling CN/A information. If you want to learn the name and address for the subscriber, you provide the operator with the number, and for the fee of 40 cents, SCB will relate the customers name and address (CN/A) including zip code. Although the service was first offered last August, it is not yet available throughout the SCB territory. They expect to have it available throughout their territory early in 1985, with 7.5 million CN/A listings updated continuously. Our congratulations to SCB. Let's hope the other telcos get the idea, and begin to offer this service. (This development makes us feel good because we have never liked the idea of advising people on how to use subterfuge to access phone companies' data bases.) STRESS DETECTION At least one person misunderstood one of our points in our earlier segment on lie detection, so we'll try again. We've been told, and we believe, that the language used by the examiner must be appropriate to the examinee. In our earlier article, we said thet there is a whole class of people who do not understand the concept of steal. We did not say that these people do not know what the word "steal" means; they just do not understand the concept of steal. If they take something from a store without paying, they do not think of that as stealing. YOGO During 1984 your editor started numbering these letters with this strange combination of letters in front of some numbers. This unexplained element in our masthead created absolutely zero response -- contrary to what we expected. The lack of response inspired us to announce a contest to guess what the letters meant. Thus was born the YOGO contest -- a somewhat whimsical test of your imagination. Responses were really interesting. Ed Leary got the first two words, but he missed the last two words with: "Year of Growing Opportunities", and "Year of Gratuitous Operation". (He also submitted "You're Only Growing Older"!) Dennis Steinauer of the National Bureau of Standards said, "Considering the content and flavor of your letter, the answer is obviously Year of George Orwell, and he won a one year extension to his subscription to COMSEC LETTER for that correct solution. Now let's be more serious. We're still numbering this letter based on 1984 being the zero year of George Orwell, and we intend to continue to point out examples of modern phenomena which were forecast in Orwell's fantasies. Some of these things that we see are merely humerous; others are frightening. For a "today" look at BIG BROTHER: The Private Sector by George O'Toole. W.W. Norton & Co. 1978. Reveals the existence of the Law Enforcement Intelligence Unit (LEIU), a "non-government" organization which compiles dossiers on private citizens, and seems to be immune to penetration under the provisions of the Freedom of Information Act. If any aspect of the fantasies in Animal Farm seem too far out, you should look into: Secret Agenda by Jim Hougan. Random House. 1984. The author maintains that the true story of the Watergate affair is a far cry from what we got from the news media. For example, he states that the telephone calls monitored in Howard Johnsons Hotel were not Democrat National Committee business; they were negotiations with rostitutes! However titillating that information may be, the book contains some chilling obsevations, e.g., 1. page 90. CIA agents putting their director under surveillance with written orders stating "At no time should the Director be made aware of SUGAR coverage......" 2. page 274. Secretary of Defense Schlesinger ".......countermanding in advance any 'unwarranted military directives' that President Nixon might issue." 3. page 312. "...Alexander Haig had ordered the Army's Criminal Investigation Command (CIC) [sic] to make a study of the President's alleged ties to organized crime ....." Here's some Newspeak from the Washington Post: In reporting that the government is allowing the phone companies to add two dollars per month to all our phone bills so that we can have access to what we already have acces to, the Post reports, with no editorial comment, "The FCC made the decision while releasing two reports justifying the charges as a way to hold down local phone costs ......." I guess everyone who sells to the FCC should start charging them more for things in order to help keep their expenditures down. QUESTIONS AND ANSWERS The following questions are from George Austin of Camelback Investigations, Phoenix, AZ. Q. What are the legal ramifications of accessing proprietary Bell or AT&T information (i.e. CNA)? A. ANI and CNA are two telco sources of information which can be of help to the investigator. In accessing ANI, you are using an infinitessimal amount of their computer time and probably not interfering with their operation in any way -- but you are still using something of theirs which is not intended for your use; in other words you are stealing. Do they care? I doubt it. CNA is a different story. To use this data base, you must pretend to be a telco employee, and you do use a real employee's time. So here you are involved in fraud and theft. Do they care? I'm sure they do. They're not dumb, and they know that investigators have been using this service; and in many places they will now only provide the customer's name -- we think partly to thwart outside use of their facilities. Is either of these things a big deal? In our opinion, no. We think that in taking protective steps, the telcos may be overreacting. On the other hand, we heartily endorse the move by South Central Bell to sell this information. It's valuable. It's not protected by any privacy act provisions because the records are available to many people in the ordinary course of doing business and therefore public. All telcos, in our opinion, should follow SCB's lead. Q. What is the current status regarding limited access to government and quasi-government data banks (i.e. NCIC) per recent legislation to locate missing juveniles and Interpol? A. Hoo Boy! You have asked a question for which we don't even have a hint of an answer -- but we'd sure like to! Can anyone help? Call or write if you have any information. Q. Under what area in federal and state purview do number recorders (surreptitiously planted to record outgoing calls) fall? A. First, the number recorders do not record calls; they record only the activity on the line -- time off hook, time on hook, dialed number on outgoing calls, number of rings on incoming calls. Second, they are not always surreptitiously planted. Sometimes they are used for business purposes such as checking up on which employee is in the habit of making personal long distance calls on the business phone. Now, finally, we'll get around to answering your question -- at least in general. There are many court precedents which hold that the information which these devices collect is public information and not protected by privacy statutes. (If you want specifics, we know a very sharp lawyer to whom we can refer you.) Another consideration, though, is how you connect the device to someone else's line if that person has not consented. In that case, there is no doubt that some trespass is involved. You are trespassing against either the telco or its subscriber; but, again, it's no big deal in most cases. (Of course, if breaking and entering is involved, then it becomes a big deal.) OPPORTUNISM, WORLD CLASS In a recent issue PC World details the saga of Southwestern Bell and its effort to garner even more revenue by declaring that those who send only two pure tones (via data modems) over their lines must pay more to use those lines than those who send the very complex waveform of human speech over them. In 1983 SWB started charging modem users (the article said modem owners, but that is too 1984ish for even us to believe) an additional $44.90 per month for phone service. Organized protests have resulted in a recission of the rate addition, but we'll bet that this phone company, and others, will all eventually figure out ways to convince the public utilities commissions that they deserve higher rates from modem users. In other words, we think that the victory by the little guys is a tactical setback for the big guys, but that the big guys will win big sooner or later. COMMUNICATIONS SECURITY ASSOCIATION If you have already subscribed to the COMSEC LETTER and now wish to join the Communications Security Association, everything that you paid for your COMSEC LETTER subscription can be credited to your first year's CSAdues. Just note on the CSA membership application that you want to do this. This offer is valid only through March, 1985, and your CSA membership will end at the same time that the original subscription would have ended. THAT INTERESTING AD IN SECURITY WORLD Bonnie Van Gilder ran an ad in the January issue of Security World which raised a lot of eyebrows. "Researcher looking for information on bugs in marital situations, ..." Several of our subscribers have called to bring it to our attention or to inquire as to its authenticity. Some time ago Bonnie contacted us and requested details regarding real bugging situations, but we never reveal information about our clients so all she got were some background facts regarding the laws, availability of equipment, etc. Considering the popularity of sting operations, and the famous (infamous?) one that the FBI has reportedly been engaged in recently with some sellers of countersurveillance equipment, we wonder if Bonnie will be able to collect any useable facts. SECURITY LETTER SOURCE BOOK Our hat is off to Bob McCrie and his staff for the breakdown of categories of security related equipment and services. In this field it is the best taxonomy we have ever seen -- in fact, we recommended it to the government office which is working on revamping SIC codes. We recommend this source book. Contact Bob McCrie, Security Letter, 166 E 96th St, New York, NY 10028. INTERESTING PUBLICATIONS FOR THE INVESTIGATOR Telephone Records and other titles are available from Thomas Publications, 937 Reinli, #1, Austin, TX 78751. February, 1985 EDITORIAL In rereading the YOGO 1.01 issue, I wondered if I had made myself clear, especially in the comments that I made about the laws. Just in case I had not, I'm adding these editorial remarks to be sure that I am not misunderstood. When I offer an opinion, it is just that -- an opinion. It might be more valid than someone else's; it might not. Yes, I have thought about the ideas that I express; and yes, I hope that I'm right and that you'll be better informed after reading my letter -- but I know that I'm not always right. If you disagree with any point, I'd be delighted to get a letter from you expressing your views (and I'd probably run it in this newsletter). In writing about the laws I'm not trying to provide legal advice. I'm not qualified to do that. All I'm trying to do is air some ideas which may be helpful. If thoughtful contrary opinions are sent in, I'll pass them along. MORE ON THE LAWS No matter what your politics or profession, one thing that you should be certain of is that there are no absolutes in questions of interpretation of the law. From time to time we see positive pronouncements as to what Title III (or some other law) means, and we wonder at the marvelous ego of the person who thinks he can predict with certainty how a law will ultimately be interpreted. Keep in mind that there are many stages in testing a law (trials, appeals, etc.); and that, even before any law is tested, it must be interpreted by many people with many differing points of view. We see many overlaps, gaps and ambiguities in the laws relating to communications. Further, as electronics engineers in the field of communications, we see a laxity in the use of our language which is downright frightening. Some examples of the lack of precision in language: "Oral", "verbal", and "aural" have all been used when the word "voice" (used as an adjective) would have conveyed the precise meaning intended. One Department of Justice instruction assumes (contrary to logic and many court decisions) that dialing instructions (call routing) are a part of the communication between the parties, and are therefore protected. In the same document, however, the DOJ takes the position that computerized data carried by wire are not protected because "aural acquisition" is not possible. (They apparently think that a person can hear only voice, not tones!) (The DOJ document which we refer to is dated 12-31-84, and it purports to "explain" the technical provisions of 50 USC 1801 and 18 USC 2510.) COMMUNICATION SECURITY ASSOCIATION Some correspondence that came in recently indicates that some folks just do not understand what becoming a charter member means. Let's back up and consider just what this new association is, and what it is not. It is not an AFCEA, or an IEEE, or an ASIS, or an IACP. It is not an established organization with a headquarters, and a staff, and history, and traditions, a million dollars in the bank, etc. It has no elected officers. In fact, its directors are only temporary directors until the membership can elect the first slate. All it is is an idea of a few people, and the only real benefit of membership is a subscription to this letter. So far the CSA staff cosists of one volunteer, Jim Ross. Its membership packet is the two sheets of paper composed by him on his computer, printed by his printer, and copied on his paper, using his Xerox, and mailed to everyone on his mailing list using his bulk rate mail permit. Two sheets of paper were mailed. Everyone got a double sided sheet describing what Jim Ross thinks CSA is. Everyone who had sent in $50 got a sheet entitled "MEMBERSHIP CONFIRMATION". Everyone else got a sheet entitled "MEMBERSHIP APPLICATION". To all who received that mailing, and asked when they would receive a membership packet: "That's it. You got all there is." Of course, there will be improvements. (We have nowhere to go but up!) Recently we arranged for some computer program enhancements, and we were able to hire some help to do a part of a mailing. Dave Olsen in Westchester volunteered to work with Arnold Blumenthal (PTN Publishing, Woodbury, NY) to put together a membership packet. (We have mailed him material from other associations to provide some ideas in his creative effort.) When finished it will be more detailed and will certainly look better than the Xerox material which was mailed last month. Soon we'll put out a list of members, and what they have offered to do, but it all takes time. There is a membership card and certificate coming along. However, all work on these things is being done by unpaid volunteers, and it will be finished when it is finished. Back to what it means to be a charter member. It means you are taking a chance. It means you wonder if the organization will survive. On the one hand, you may have your name listed in the organization's records as one of the pioneers who helped to get it started. On the other hand, the organization may not survive, and all you'll have to show for your $50 will be 12 issues of this letter -- which you could have purchased for $25. As these word are written, 89 brave souls have send in membership dues -- before any sort of membership packet (even two printed sheets!) was available. To your editor, that is very encouraging. Many who have joined have said that it is an organization which has been needed for some time. We think so, and we feel that the organization will succeed. Time alone will tell. Meantime, if you can help, you are certainly welcome. BOOK REVIEWS Read any good (or bad) books lately? Want to see your review in print? Contact the editor, or just send along your book review. ANI The name "Automatic Number Identification (ANI)" may be used to identify two entirely different telco functions. We have it on very good authority (Dolly Garrison of AT&T Communications) that it is digital information which is used by the BOCs in their billing process. This same name, however, is also used to identify a Bell function which is used by installers. They also, I think, call it ANI; but when they use those initials, they are referring to a service which allows them to quickly identify the number assigned to the pair that they are connected to. In operation it works like this: the installer hooks up his butt set to an unknown pair, switches to dial mode, and dials a code number. Telco equipment answers his call, and a voice (analog, not digital!) tells him the number assigned to the pair he is on. Anyone working on telephone installations would find this to be an extremely useful aid. So far we have only three numbers: Rochester: 511; Jacksonville: 311; NYC, Staten Island, and Long Island: 958. REPORTS FROM THE REAL WORLD Report #1 Recently one of our readers passed along an interesting story -- and we'll try to accurately pass it along to you. It seems that Party A called Party B and got his answering machine. Party A left a message on the machine, and then stayed on the line. He heard what he assumed to be Party B's machine disconnecting, and then he heard a synthesized voice state the date and time, and a second disconnect. Checking with Party B later he learned that Party B's answering machine does not have the capability to add the date and time after each call. Our analysis: some "super-smart" snoop with more money than brains, has connected a fancy recorder to the line, and doesn't know that it does not disconnect from the line before it adds the date and time to each recording. Dumb, dumb, dumb. For reasons that we think are valid, we're not identifying the source, or even the locale of the source. Report #2 A reader in NYC called to ask how it could be worked that Party C's phone rings, and Party D's phone rings at the same time -- but neither had called the other. As luck would have it, we had just installed a two-line phone from Teleconcepts which has hold and conferencing capability, so we tried an experiment to see if our analysis of the method was correct. It worked first try. It seems to us that the clients had been tapped by an ingenious new method. Here's how it goes. First, the two target people must know each other and be in the habit of calling each other frequently. Second, the targets must be the types who answer on the first or second ring. (In this case, there was an attorney-client relationship, and the two men met these criteria.) Then all that is necessary is for the bugger to dial one, quickly put that call on hold, dial the other on another line, hit the conference button, and wait for the two to start talking to each other. Voila! The bugger can listen. This strategem might work for a few times, but at some time, either Party C or Party D is going to say, "Why did you call me?" and after that the game is shortly over. (By the way, a modern telephone is not an absolute requirement; old-fashioned 6-button phones can be easily modified so that calls can be conferenced. Also, some specialty houses sell conferencing adapters for anyone who doesn't want to modify a Bell phone.) Report #3 We were recently consulted in connection with one of the wildest cases of telephone chicanery that we have ever heard of. We cannot provide details at this time, but we are in the process of trying to write it up with enough detail to make it worthwhile but without revealing anything that would allow anyone to guess the identity of our client. Stay tuned; you'll get all of the details. Report #4 Your editor, partly for business and partly on principle, has been making an effort to drag himself forward from the vacuum tube, analog world that existed when he went to school, into the solid-state, binary digital world of today. In the process, he has been trying to learn something of the hackers' world. So far, he's had only a small glimpse -- but it's awesome. Those in the establishment who think it can't happen are in for a big surprise. More detail in this letter as our education progresses. CN/A Recently the following CN/A numbers were reported to us, and we pass them along to you. For area codes 713 & 409 the new number is: 861-7194 SPEAKING OF CN/A, HERE'S A GOOD ONE ON THE PHONE COMPANY A caller asks us for the CN/A number for his area. We give him the latest in our file. He calls back laughing. The phone company had changed the number, but they were dumb enough (or greedy enough) to reuse the old number, assigning it to an unsuspecting subscriber. This subscriber got so fed up with being disturbed by CN/A calls, that he determined the new number, and gives it to everyone who calls. March, 1985 TPA, TELEPHONE PIONEERS OF AMERICA At the outset I must admit that my jaw has been hanging open since I was first informed of the membership restriction, source of revenue, and activities of this social/fraternal, do-good membership organization. I'm incredulous. First, that its name is so deceptive, in no way describing its makeup or function. Also, that I've been supporting it for years without being aware of it. Enough preamble. Time to relate what I experienced. Your editor discovered this story in his quest for information for this letter. I had seen something somewhere which mentioned a national organization called "Telephone Pioneers of America". Sounded interesting. (I'm a member of an organization called Missile, Space and Range Pioneers which is a group of people who worked in said areas in the early days -- pioneers of the space age.) Anyway, the Telephone Pioneers of America seemed to be something that an editor of a telecommunications related newsletter should know about. Who knows, having worked in the field for over thirty years, I might even want to join. So I looked in the DC yellow pages, called national headquarters, and asked for a membership packet. The young lady who answered didn't understand what I was talking about, but promised that her supervisor, Dao, would call me. Dao called, but she did not understand either, so she told me her supervisor would call me when she came back to work next week. On Monday, Barbara Kapen called. ......What a revelation! "Telephone Pioneers" are not telephone pioneers. Membership is not open to people who work in telecommunications, and there is no "pioneering" experience required. Membership is restricted to folks who work for (or worked for and retired from) Bell companies! Only Bell companies. Not Continental. Not General. No others need apply; only Bell. What does the organization do? Well, I was told that they do all kinds of nice things -- many charitable and do-good activities. And I think it's nice that a lot of people voluntarily spend their time helping others who are less fortunate. However, I object vehemently to the use of public utilities revenues and employees on these projects. When I choose to contribute to charity, I want to be the one who decides where my money goes. As it stands, money that I thought paid for telephone service is used on charitable projects chosen by others. It also pays the salaries of the people who handle administration for TPA because those people are current Bell Telephone Company employees! That's right. Part of what I pay for telephone service goes to pay the salaries of people who are in no way involved in telco activities. In other words, they decide what good works to do with the money that we all pay in. They decide how many Bell employees devote full time to charity while on the telephone company's payroll. C&P Telephone (The Bell company that I buy service from) is apparently quite defensive about its involvement with TPA. I make that statement because within an hour or two of my conversation with Barbara Kapen, I was called by Mary Jane Willier who identified herself as a C&P employee. She told me that TPA does all kinds of good works for the community, and when she found that I didn't work for a telephone company, accused me of misleading her into thinking that telecommunications was my field when it really wasn't. She admonished me to write the facts when I prepared this segment, but refused my offer of a free copy. So there it is. The Maryland Public Service Commission allows C&P to charge us extra so that C&P can support a social/fraternal do-good effort which masquerades under a YOGO name which in no way describes its function or membership. If you want to confirm for yourself that I was not having a pipe dream while I was talking to these people, the number for TPA in Washington, DC is 202-392-2461. Personally, I think it's time to suggest to the PSC members that they should look at what they authorize those companies to do with the money we pay them. (Part of what I was told is that not all PSCs allow TPA costs to be charged.) If you live in Maryland and wish to contact them, the address for the Maryland PSC is: American Bldg, 231 East Baltimore St, Baltimore, MD 21202. (P.S. One reason that this organization interested me is the intitials, TPA, and how much they resemble the initials, TAP!) COMSEC '85 Some time before the end of 1985 there will be a meeting in the Washington, DC area. This will be the first of the Communications Security Association's annual meetings. For all members interested in participating there will be a membership business meeting to elect directors and committee chairmen. Of more general interest will be exhibits, panel discussions, and featured speakers. Potential exhibitors: keep it in mind. You will be exposed to a very select audience. Some companies have already committed. NEW BULLETIN BOARD The National Bureau of Standards Institute for Computer Sciences and Technology has established a computer security bulletin board. 300 or 1200 baud, 8 data bits with no parity or 7 with even parity, 1 stop bit. Dial 301-948-5718. After connect message is displayed, 2 carriage returns puts you into the system -- 30 minute time limit. Voice line: 301-921-3485. TAPS FOR TAP? One year ago the new editor of TAP told me that he had the Jan/Feb issue ready for printing, but we haven't seen it yet. Is TAP really dead? Speak to us Ozzie. Any way to fan life into it? Can I help you find some volunteers? OOPS! (AGAIN) We've told some folks that if you tune to a cellular frequency, you'll hear only one side of a conversation. We were wrong. If you tune to the cell transmitting frequency, you'll hear both sides. 2600 We mentioned this one before, but it's worth mentioning again. This is a newsletter for folks interested in telecommunications. It might be characterized as an anti-telephone company letter, but it is worthy of your consideration if you are interested in modern telecommunications. It is well laid out, typesetting is great, has good information content, and is delivered on time. In fact, I have only two problems with it. First, with my astigmatism, I find it hard to read a telephone number which is printed as a string of ten tiny digits without even a dash anywhere. Second, I sometimes get the feeling that their authors assume that every person who works for any phone company has all of the awful characteristics of the phone companies. This, I believe, is the product of some shallow thinking -- but then a lot of the material I read in the Washington Post every day is the result of some generations of very shallow thinking. Try it. You'll like it! It's worth many times the $10 that it costs. Order from 2600, POB 752, Middle Island, NY 11953-0752. By the way, if you haven't figured it out, the title comes from the Blue Box frequency, 2600 Hz. FREQUENCY HOPPING Among the many spread spectrum modulation schemes, probably the easiest one for the layman to understand is frequency hopping because no math is needed to explain it. Frequency hopping refers to the carrier frequency, and means exactly what it says. The carrier hops from one frequency to another while transmitting. (The method used to modulate the carrier is immaterial.) Why move the carrier around? Simple. To make it difficult or impossible for anyone to listen to your communication. The way it works is that you need two tranceivers with the same set of frequencies and the same codes. When the first party transmits, a synchronizing signal is sent to the second party. If both tranceivers are set up on the same code, the synchronizing signal tells the second party's receiver when to start hopping. That receiver hops from one frequency to the next as specified by the chosen code. (In simple systems the code is only a list of the frequencies used, set in a specific sequence. For instance, code 1 might start with the "home" frequency, hop to frequency # 31, then to # 12, then to #4, etc.; and code 2 might move from the home frequency to # 17, to # 22, to # 9, etc.) More sophisticated systems can contain dynamic codes which change continuously, and can vary dwell time on each frequency as well as varying the sequence of frequencies used. (By the way, when we sell hopping equipment, we do so for export only. Our bill of sale says that the equipment is not approved for use in the United States, and the buyer is responsible for obtaining required export licenses, etc.) HOPPER EXPERIMENT While we were visiting in California recently, we tried an experiment involving a frequency hopping transmitter and a Fargo scanlock. The objective of the test was to determine whether the scanlock would "follow" the hopper's moves through the spectrum and provide understandable audio output. The answer is that that scanlock can follow ten hops per second and provide good audio output. Don't jump to conclusions. The fact that we got good audio out does not mean that the hopper is not a secure means of radio communication. Keep in mind that the scanlock demodulates the strongest signal at its antenna, and that during this experiment, the receiver was in the near field of the transmitter. If it had sufficiently removed from the transmitting antenna, it would have demodulated something else. TAINTED MONEY Recently we heard that a New York judge had told some lawyers that they could not accept cash payments from their clients because the clients were suspected drug dealers, and, therefore, their money was tainted. No kidding. Well, gosh. Yesterday's paper said that General Electric had been indicted on criminal charges for overcharging Uncle Sam. Guess we can't take GE money any more. It's tainted. American Express, Xerox, Gulf Oil, and many other well-respected names have been offering to sell a telephone tap detection device which can't detect even the simplest tap. Looks like some of their income is obtained through fraudulent advertising claims. Better not do any business with them. Their money is tainted. Hertz advertised no mileage charges from "here to eternity", but I had to pay mileage charges to Hertz. Tainted again. Really! ON WORDS -- AGAIN Last month we lambasted legislators for sloppy use of words, and this month we have to say "Oops!". Yup. We are guilty of gross misuse of a word relating to privacy of communications. First, let us give credit to the person who brought this flagrant abuse of the language to our attention. His name is Luis Suarez. He lives in Venezuela, and he wrote a letter to the editor of Monitoring Times. In his letter he pointed out that, since English is not his first language, he is especially careful to understand the words he reads in our language. (Bob Grove. If you send me his address, I'll send him a copy of this letter.) Luis pointed out that the word "intercept" means just what it means in football. (Those are not his words, but that's the meaning of what he wrote.) Sure 'nuff. Checking with several dictionaries convinces us that the word means to capture something, preventing it from arriving at its intended destination. So wiretapping does not result in interception of communications! Therefore, if we're serious about this technology, we should look again at 18 USC 2510, 2511, 2512, and every other place in the laws where the words "interception of wire or oral communication" are used. It looks like an accurate reading renders these laws essentially meaningless, because wiretapping does not prevent the message from arriving at its intended destination. Wow! Interlocution is a good word. It might have been used; or the legislators could have said something simple but accurate such as, "eavesdropping on voice communications without consent." What are your thoughts? April, 1985 FIRST THINGS FIRST Your editor apologizes for the tardiness of this letter. No excuses. Just too many things happening. (When I worked at Cape Canaveral, I invented the term "HPI" for High Priority Intrusion, and my life of late has been full of HPIs.) No gripes, though. Most of these intrusions have been good news, but being behind in my duties really is uncharacteristic and uncomfortable. Some of the information in the following segments may give you an idea of the activities I've been involved in, and may even give you some faith in my promise that things will get better as far as the schedule for this letter goes. NEW FORMAT Next month should be the last for the format that this letter has had since its birth. If all goes well, starting in June the letter will be typeset in a three column format. With that layout we'll be able to pump out fifty to one hundred percent more information each month. (Maybe we'll start to catch up on our backlog.) EEs FOR TSCM It seems that there are people out there who say that Jim Ross says that only electrical engineers should do countermeasures work. Yup. That's what people have told me that I believe. Well, gee, thanks a lot to those who have decided to be my spokesmen, but no thanks. Those who know me know that I'm capable of speaking for myself. Frankly, the idea that only an EE is qualified is silly and I resent the fact that some have attributed this idea to me. So let's air the subject out. Just who is qualified to do TSCM work? Can we determine if Jim Ross is qualified? Let's see now. I've taken IQ tests. Do they measure my qualifications? No? Well then, how about the Graduate Record Exam by Educational Testing Service in Princeton? I did real well on parts of that and not so hot on some others. Doesn't apply, you say. OK. Would you think that passing the FCC test for an advanced class ham ticket or first class commercial operator's license means I'm qualified? No again, huh. Gosh, I have two degrees in engineering and I have worked in the field designing and putting in various radio, wire, carrier, telephone and teletype systems -- does that mean I'm qualified, in your view? Still no, eh? I worked in R&D in missile and space systems, and in tracking systems and I have field experience in such operations. Doesn't relate, you say. Well, what does relate? One retired government technician told me that only a man who has installed bugs is qualified to look for them. That's certainly an interesting concept: if you haven't planted a bug, you're not qualified to find one. Let's explore that idea. Hey there, Mr. District Attorney. You can't prosecute that case for labor racketeering because you've never been a labor racketeer. You there, homicide detective. You can't investigate that murder until you've murdered a few people, or that rape until you've raped a few people. And you there, emergency room doctor. You can't treat those bullet wounds until after you have shot a few people. And, of course, only mass murderers will be allowed to work on mass murder cases. Silly, you say. Of course it's silly. Equally as silly, in my opinion, is the idea (espoused in a recent Security Management article) that the only people qualified are those former government technicians who have had "two months of formal classroom work performing simulated surveys .... followed by a minimum of six months on-the-job training." The plain and simple fact is that there are no criteria, no standards, no tests, and, therefore, no way to determine if a person is qualified to do this kind of work. In fact, even if we could somehow measure a candidate's technical knowledge, how can we prejudge how he will perform under field conditions -- will the pressure get to him? Or will he take every shortcut in order to do as little work as possible? Does Jim Ross think that only EEs are qualified to do TSCM work? No, he does not. For many reasons. For instance, as with any class, there are good performers and poor performers. Let's consider only the very best performing EEs. Are they qualified in my opinion? -- No, and here's why: Many EEs are not involved with communications in any way. Some, for instance, know network analysis inside out, but never stopped to consider how a telephone works. Some don't know the difference between Nyquist and Nyquil. Some deal only with power. Some deal only with digital theory, and don't know anything about analog theory or circuits. Even those who have studied electronic communications may have insufficient capabilities to do countermeasures work for one reason or another. No, I don't think an EE degree is required. In my opinion, the most important consideration should be character and not training or education. There are many people who don't think, and that's no good. There are "know nots" who think they know (usually recognizable because they have absolute answers to every question); beware of them -- they are dangerous! There are people who will not dig into something that is questionable because they are lazy or because they are afraid that if they don't come up with a positive answer, they'll end up looking stupid. Look out for them -- whatever their training and experience. On the other hand, there are some extremely conscientious people -- the kind who question every little thing that appears to be out of line. I like to work with them. Engineer vs. technician. Education vs. training. Let's sort it out. Training teaches one what to do in a given set of circumstances, but only education provides the basis for evaluating new situations. If you want to evaluate something new, knowledge of theory becomes invaluable. (By the way, the classroom is not the only place to get an education -- experience is a great teacher -- if you're awake.) Does a field technician need to be able to draw the Thevenin equivalent circuit of a lead network or lag network and compute the critical frequencies? No, never. Does he need to be able to write the equations, and evaluate the definite integrals in order to be able to calculate the coeficients of a Fourier series? No, never. Does he need to know Bessel functions? Again, no. What the field technician needs is the ability to perform the necessary tests, and to recognize when something is out of line. He needs a back up with theoretical understanding of electronic communications theory. He needs the maturity and strenghth of character to admit it when he's stuck, and he needs to know how to get help when he needs it. TAP The printer had just started his run on last month's issue of this letter (which contained a segment entitled "Taps for TAP?") when we saw the latest issue of TAP, Spring '84. We'll keep you advised. INITIALS Had a call from a new subscriber who asked me to explain the initials that I use in this letter. Looks like we'll have to put together a short glossary, but for now: YOGO Year Of George Orwell ANI Automatic Number Identification CNA Customer Name and Address ANI and CNA are telco services, intended for use by telco people only, but lots of people know about them and use them. More later. Q & A Roger Tolces sent us an undated note (written in the margin of the YOGO 1.02 issue yet!) in which he refers to our comment that 89 people had joined CSA. Q. If you have 89 paid subscribers at $50 = $4,450. Why don't you put some money out for a call for papers and articles so this newsletter would have some content. How about a bugs found report column? I have at least 3 good stories. A. Well, Roger, you sure gave us a lot to chew on, and for that we thank you. First, we have to say that we're sorry that you think that this letter has no content. (It's a good thing that everyone doesn't think like Roger, or our confidence would be shattered!) Second, if you know how to maintain a business address, phone, etc. without spending any of your income, we really need to hear from you. Yes, CSA has taken in several thousand dollars in dues in the past year, but that doesn't mean that several thousand are available to pay for articles. Next, what the letter said was that 89 folks had already joined the Communications Security Association even though there had been almost no promotion or publicity, and that's a fact that we're very proud of. (In addition to the members of CSA who get this letter as a benefit of membership, a few other people have sent us subscription orders for the letter only.) You seem to imply that if money is paid for an article, it will be superior to a contributed article, and, we see evidence all the time of people who think like that -- namely that the value or worth of something is enhanced if more is paid for it. That concept, however, does not relate to our experience in this world. For instance, we have seen studies of average faculty salaries for colleges in the DC area, and in our opinion, the quality of the faculty (or the product) is not proportional to the salary paid. (In fact, it may be inversely proportional!) Another example: the Post Office in Frederick, Maryland (where you can park at a meter in the center of town for a nickle) just advertised for a janitor -- "must be able to read simple directions" -- for a starting salary of $19,991 per year. Meantime, the teachers in the county, who have four-year degrees and teaching certificates, start in the $16,000 range. In other words, we don't think that paying for an article will ensure that it will be of more value than one which is contributed. As for contributions, we're always glad to see them. In fact, the very issue that you mailed back to us contained two reports from the field, and it also solicited book revues from readers. Further to the point, if you look back through our history, you'll see that many times when we voice an opinion, we ask for reader comment. We're always glad to get feedback. At the moment we have many letters and press clippings in our source file which have been sent in by readers. Roger, if you wish to contribute information in any form, we'd be pleased to see it. If you don't want to go to the trouble of writing it out, just call. ANI For the Los Angeles area the number is 1223. For Puerto Rico, we think it's 158. May, 1985 CSA The Communications Security Association is moving, finally. We have a professional designing a membership certificate and card, and amembership solicitation kit. The COMSEC EXPO '85 meeting is rapidly taking shape. All members who did not specifically request that they not be included will be listed in our first membership roster. It will be mailed to all members in June. Things are happening. Feels good. Watch your mailbox if you are a member. If you're not, give us a call and we'll see that you get an invitation to join. ARE THE ZULUS SMARTER THAN OUR COLLEGE STUDENTS AND LEGISLATORS? Nothing against the Zulus. They've been around a long time, but they have not had the advantage (?) of being brought up watching television and having their idea of what's happening shaped by the distortions and shallow thinking of our "educated" journalists. Back to the heading. College kids in the US are spouting off and demanding sanctions against South Africa because they want to help the blacks there. Also, our legislators are currently considering sanctions for the same reason. Meantime, in South Africa it seems the Zulus think a little more clearly. They just asked these people to back off because, if sanctions are imposed, it will be the blacks who lose their jobs, not the whites. (Have you ever noticed how often the well-meaning liberal thinkers hurt the very people they say they're trying to help?) TALK ABOUT FEEDBACK! The story about TPA generated more feedback than any other piece that ever appeared in this newsletter. The feedback will provide the grist for a future feature in this letter, but for now, let's just say that a lot of folks don't appreciate being ripped off; and, on the positive side, there is at least one similar organization which is not customer supported. (Telephone Pioneers of America, TPA, is a fraternal, social, charitable, do-good organization with membership restricted to Bell Telephone people; and, in many places, paid for by Bell customers as a part of their regular telephone bill.) EDITOR'S RESPONSIBILITY, WHAT IS IT? When this letter first saw the light of day, Tom Serb sent us some neat notes each time we took a stand critical of journalists -- something like, "but now you are one!" Well, we're still not convinced that creating and editing this letter means that we are in the same profession as, say, the editor of the Washington Post. But the point here is not how Jim Ross is labeled. The point is in the heading -- just what is an editor's responsibility?? In your editor's case, he's writing about a field with a degree of technology involved, and he feels a great need to be sure that all technical material presented is accurate and complete. Also, he has a personal bent to try to be fair -- always. In a general sense, honesty and fairness seem to be good traits for an editor. If the editors of the newspapers that I read had those traits, I'm sure I could work up a slight degree of trust in what I read. However, when they seem to be going out of their way to influence, rather than to report, I wonder just how many people are taken in by their slanted offerings. The prime example from the recent past in the Washington Post is the furor over our president's visit to a German military cemetery. The first sentence of one of the stories in the Post used the words "Nazi SS Cemetery". Now, certainly, somebody on the editorial staff should know the difference between the Nazi party, a political party with very limited membership, and the special military organization, SS. Were they deliberately using emotion-generating words in an attempt to create a specific impression among their readers? I think so. They are not dumb. Was there a great national objection to the visit, or was the press trying to create public opinion? Personally, I think that the press people were trying to create national opinion. I have discussed it with many people, and found nothing like the response 'reported' in the press. To understand my own thoughts on the matter, it might help to relate some background. I enlisted in the Infantry during WW-II because my country was threatened. No, I never saw combat, but I was prepared to; and I take the position that I will salute the fallen soldiers of our former enemy. They gave their lives for their country -- and that is something which should be respected. The fact that there may be some bad people buried in a cemetery should have no bearing on whether it is appropriate to visit said cemetery. I'm sure that there are some bad people whose remains were interred in Arlington National Cemetary, but that doesn't stop thousands of people from visiting, nor our federal government from conducting ceremonies there - nor should it. What is an editor's responsibility? Should he assume that his readers are incapable of reaching reasonable conclusions from facts? Should he help his readers by drawing conlusions for them? Should he save their tiny brains the strain of accepting his conclusions by trying to make his conclusions look like facts? What do you think? NEWSPEAK (OR IS IT THE MAD HATTER?) Heard a Congressman being interviewed on the radio the other day. When asked why we meddle in the affairs in Nicaragua, he said: "We can't allow them to become dominant in the area because that would allow them to meddle in the affairs of their neighbors." Honest. That's what he said. 2600 The current issue of 2600 contains an editorial regarding the new interactive phone reservation system just introduced by People's Express Airline. The editor, Paul Estev, predicts that the new system will be self-defeating because it was not tested by the real users. In other words, it was designed without benefit of any input or testing by the ultimate users of the system. THE REAL MESSAGE The real message that we see in the 2600 editorial is a much larger one than the prediction of the failure of this expensive business communications system. The message that we see is one that all of us, especially our elected representatives now working on a budget for our country, should think of every time we must make a decision about how to use the resources available to us. That message is: Before we set out to do a job, let us first clearly define what it is that we intend to accomplish and what it is that we have to work with. Then, let us evaluate how each of the proposed activities will help us to reach our goals. Sounds simple and reasonable, doesn't it. Yet, our Congressmen are today trying to determine the size of the military budget based on last year's expenditures, or the size of the total budget, or the amount spent on social programs or or the rate of inflation; but nothing related to the mission of the military. (We have an essay in the works on this subject. Coming soon.) BACK TO 2600 2600 has its faults, but it is sure worth $12 per year if you work in this field. 2600, POB 752, Middle Island, NY 11953-0752 NEWSPEAK (AGAIN) Whoever it was that invented the term "telemarketing". Give him/her/them credit for a brilliant piece of Newspeak. It does not have a precise meaning that we've been able to determine. (We looked in a current Random House dictionary, the Telephony Dictionary of Telecommunications, Communications Standard Dictionary by Weik, and Roget's Thesaurus. No listing in any of them.) It seems to be one of those words that means what the hearer or sayer wants it to mean. What do you think of when you hear the word "telemarketing"? Do you see a telephone boiler room filled with commission sellers dialing number after number, and being regularly rejected? Do you see large print and TV media ads with "800" numbers to call to order the products. (Bloom County, anyone?) Are those order takers really engaged in marketing? In our opinion, they are not. As we understand the marketing process, they are a very small part of the overall function. They are attempting to sell, but, for the most part, they are taking orders. Telemarketing, indeed! Whoever invented the term should be given credit -- and then consigned to the same hell as the persons who invented the terms "point-to-point radio", "pin-point bombing", etc. Here is one wee small voice crying out that such misuse of the language is bringing us closer to the day when the language has deteriorated so much that humans will be back to communicating with grunts. Newspeak may be the precursor of "Nospeak". REMOBS Recently in 2600 there was a question in a letter to the editor inquiring about remote observation, REMOBS. This is a subject that should be of intense interest to the readers of this letter, so let's review what we have learned about remote observation. First, your editor must point out that he thinks that what he has been told is accurate, but he is always ready to be corrected. Remote observation is one capability of some modern systems whereby telephone company employees can check out individual lines in appropriately equipped exchanges from a remote location. In other words, it's not necessary to dispatch a crew to check out a problem. Using this technology, they can check various things such as loop resistance, capacitance, etc. Of prime interest to us, though, is REMOBS, the ability to monitor service -- that's what they call it when they listen to your telephone conversations. Now, as designed, the equipment will allow the observer to dial in to the REMOBS equipment from a remote location and specify (using standard DTMF [touchtone] signalling) the line that he wants to start with. In normal operation the equipment will "bridge" the specified line for a short period -- on the order of thirty seconds. Then it moves to the next pair in numerical sequence, and then the next, and so on. The telco person listens to each coversation to determine quality of transmission. If, then, it is truly a service observation capability, why are we writing about it? We're writing about it because it can be abused, and used by anyone at any time for remote listening to any line in any exchange which is properly equipped. In our files we have a letter from a young lady who discovered a number that she could dial so that after entering the last four digits of the target telephone, she could listen to conversations taking place on the target telephone line. We have also had a call from a man who makes his living at countermeasures who told us that he had been approached by a telco person who offered, for $1,500, to fix it so our correspondent could have the ability to listen to any number he wanted at any time he wanted by simply dialing a telephone number, then a code, then the target number. Yes, we're convinced that the capability exists. It would be a simple job to modify the REMOBS equipment so that it does not switch off of the number selected. The modification could be done in seconds with almost no chance that anyone would become aware of what was going on. TELCO THREE-WAY CALLING FOR SPECIAL TAP In our YOGO 1.02 issue we provided information on how a two-line telephone with the right features could be used to make a special type of remote tap. Now we wonder if a single line phone with three-way calling could not be used the same way. FUNNY NUMBER. WHAT DOES IT MEAN? If you dial 202-352-9911, you get a strange message. For a while that message included 516-751-2600 which is the phone number for the publication 2600, and that really did get their attention. Was it some kind of an establishment hit list, or what? Now however, the first number refers to another number which is answered, "Hello". Strange. If you can shed any light on it, please call. June, 1985 EDITORIAL This editorial is in response to a comment that the last issue was about politics and not about communications security. To those who think that YOGO 1.05 was about politics: I urge you to look a little deeper. That issue was about how generals and admirals miscommunicate with congressmen, and, of course, how the congressmen let them get away with it (military budget comments). It was about how people who call themselves journalists try to influence opinion by reporting their opinions as facts (Bitburg story). It was about the failure of those journalists to think about what they report (Zulus story). Let's back up for a bit and re-examine what it is we're trying to do with this letter. This letter is about communications security. Your editor, however, thinks it's a silly waste of time to try to secure communications if the communications are not sensible to start with. In an effort to try to bring this to the attention of people interested in secure communications we will from time to time present some examples of really bad communications. In the YOGO 1.05 issue we presented several examples of bad communications -- from generals and admirals playing games with congressmen, to newsmen trying to create news, to words that don't mean anything, to a congressman engaging in "Newspeak". Further, your editor thinks that people who make a living with words have an especial duty to use words properly so as to set an example for others. We think it is a gross sin for a professional user of words to use words incorrectly. We think this way because we know that some folks don't learn how to use our language in school; there are many people who are self-taught, and they tend to belive that what they see and hear is correct. Recently on a NYC talk show we heard an example of a professional who did not do his duty, in our opinion. The announcer introduced a guest in glowing terms -- foremost polygraph expert in New York City, etc., etc., and asked the guest to explain the operation of the polygraph. In his explanation, the guest said that the pneumatic cuff was used to measure the "inspiration-expiration ratio". No comment from the announcer. Now I know that those two words are sometimes used instead of "inhalation" and "exhalation", but the first impression of most thinking people, I think, would be that the expert was referring to some things other than breathing; and that, if his subject had expired, there would not be much chance of getting any response that the machine could measure. However, let's just suppose that everyone understood that the expert was referring to breathing -- it's our opinion that the interviewer sure dropped the ball 'cuz no equipment is necessary to measure that ratio. In every living person that ratio is precisely 1. The whole point is that the expert was not trying to communicate; he was trying to impress by using the fanciest sounding words he could muster (ratio instead of rate, etc.) even if the statements made no sense. A classic example of bad communication was the wire, sent from England to Hollywood by a writer doing a story on Cary Grant. He wanted to know Grant's age, so he sent a wire that said "How old Cary Grant?" The response was, "Old Cary Grant fine. How you?" Circumlocutions and euphemisms may yet kill our language. If you were a visitor from another country with scant knowledge of the English language (American version), what do you suppose your abbreviated dictionary would tell you about the meaning of a sign along an interstate highway that advises that the rest stop ahead has "no comfort facilities". Do you think you would be able to figure out that there are no toilets at that stop? DOING BUSINESS WITH BIG BUREAUCRACIES Some fun. They (big bureaucracies) have developed so many layers of systems to keep employees from making errors (or stealing) that it's a miracle that they (the people who work for BBs) can ever get anything done. Case in point. We just processed three subscription orders for three different US government organizations: one consisted of 4 pages, one of seven pages, and one of nine pages -- to order a twenty-five dollar subscription! The State of New Jersey, though, wins the prize. They didn't send a bunch of papers. They sent a check. (And for that, by the way, we are very grateful!) We just wish they had sent along a name and an address for the recipient of the subscription. Right now our subscriber list contains "Invoice #" for the first name entry, and "272022" for the last name entry. We hope that by identifying their invoice number we'll help the mail room people to find the person who is supposed to get the COMSEC LETTER. TELCO COURTESY (OR THE LACK THEREOF) Recently Teleconnect (our favorite telecommunications magazine, by the way) ran a story about a lady who had had her credit card (ab)used for $109,504.86 worth of unauthorized calls. Her comment, after it was all straightened out: "No one at the phone company has ever said: 'Hey, we're sorry for the inconvenience.' Not even a form letter." Our experience during the time when we had a number similar to a C&P (our local phone company) number left us in awe of telco employees' lack of courtesy when using the telephone. Our number was 468-2268, and the C&P Marketing Locator's number was 468-2688. Frequently telco people dialed wrong. We answered call after call, "Ross Engineering"; and were asked, "Marketing Locator?" With one exception in several years, the response to our negative reply was to be hung up on without a word. Even with all of the "green-eyeshade" pressure on them, it seems that some of those people should have had parents who taught them a little courtesy before kicking them out of the nest. -- Or does C&P retrain its people to teach them to be discourteous? Oh well. PHONE COMPANY, AGAIN It's to their advantage to get everyone onto DTMF (touchtone) dialing as soon as possible. So how do they encourage us to use touchtone? Why, of course, with perfect logic they charge a fee for conversion, and charge customers who use the new system more than customers who use the old system. First they try to discourage you from changing over, and then they charge you more for using the system which is a much more efficient user of their plant. Isn't this something that the public utilities commissions should control? Personal note. Our home phone already had the capability before we told them we wanted it, but they charged us for the "conversion" anyway. Oh well. REDEFINITION In a recent letter we said that telephone tapping does not result in interception of communication because "interception" means to capture something, preventing it from arriving at the intended destination. All that is true. But as one person wrote: "I'm not going to rely on that as my defense at my trial." And, of course he's right. The laws relating to eavesdropping define inteception as "aural acquisition" of the contents of an oral or wire communication. Our correspondent is wiseto know that what is written in the laws requires very careful interpretation. We think that it is interesting to note that, in writing the laws hich attempt to control eavesdropping on voice conversations between humans, the legislators did not use any of those words (eavesdropping, voice, conversations, humans). We wonder why. Do you suppose they were trying to impress rather than to communicate? In any event, we're going to try to be even more careful in the future in how we use words. TSCM, AND THEN WHAT? A former associate bugged (bad choice of word?) us for years to join him in developing and teaching capture techniques. His idea was simple: after TSCM has demonstrated that there is a bug or tap in place, let's not remove it; let's leave it in place and proceed to catch the bugger. This certainly would provide a new dimension in this profession, but we are not convinced that it is going to become standard practice. Our experience with our clientele (mostly commercial accounts) leads us to believe that this idea is not going to catch on. Time and again we have been amazed that no action was taken to identify and do something to the bugger. Perhaps the executive who had been spied on thought that the bugger had incriminating information on him personally. Or it might just be that bureaucrats in big companies will do anything to keep from rocking the boat -- and keep from affecting the price of the stock. Do you think that such techniques would be used if they were developed? What has your experience been? ANI This subject continues to come up during the seminar, and we get calls asking about it all the time. So let's update everybody on Automatic Number Identification, ANI. Yes, these initials are used within AT&T as the name of the system which keeps track of billing information, and transfers information back and forth digitally. That's not the ANI that we're referring to here. We are interested in the ANI (isn't it confusing to have two different things in the same company called by the same name!) which provides number identification with an analog voice announcement. This is the way it works. In an exchange which offers the service all you have to do is dial a three or four digit code, and a voice will tell you the number of the telephone line that you are on -- not pair assignments or any other internal record, the actual telephone number as listed in the phone book. What good is it? Well, if you dial the code from your home number, it's not going to tell you anything that you don't already know. But suppose you were in a telephone closet, and want to know if the pair you're on is the correct pair. Beautiful. Just dial the code, and you'll hear a voice speaking the number assigned to that pair. We don't have codes for every place in the country by a long shot, but we have a few. ANI CODES New York & Long Island: 958 Jacksonville: 311 Rochester: 511 Los Angeles: 1223 Other upstate NY: 960 Puerto Rico: 158 FUNNY NUMBER In our YOGO 1.05 issue we published a phone number in DC and asked if anyone could identify it. 'Sho nuff.' We got an answer. The number is that of a telephone company (C&P, we think) facility which goes by the name of "Switching Center Control Unit". That's why the disembodied voice says "SCCU" after the music from the other side fades. Wild. It is a computer facility which controls hunks of the telco operating capability, and it is accessible by phone and apparently commandable via touch tone pad. Entry is said to be by a sequence of only two of the standard DTMF tone combinations. How vulnerable can the phone company get? ANOTHER COURT DECISION A county court in Georgia approved a series of wiretaps in a criminal investigation. Some of the telephones which were tapped were out of the court's jurisdiction, but the court said it had the authority to issue the orders because the "devices" used (tape recorders) were located within the court's jurisdiction. Carried to the ultimate it looks like this would mean that a local court could authorize taps anywhere, regardless of the location of the phone being listened to, if the law enforcement investigators accessed the telephone company system for remote observation (REMOBS) from a location somewhere within the bounds of the local court's jurisdiction, and located their recorders in the same place. This modern service observation system allows telephone company employees to "monitor service" remotely by dialing in to the REMOBS equipment and instructing it which line(s) to monitor. The persons talking on those lines cannot tell that their words are being monitored, and REMOBS can be dialed up from anywhere. (See our segment on REMOBS in the YOGO 1.05 issue.) If we follow the Georgia judge's reasoning, the "device" (tape recorder) is located in his jurisdiction, so he can authorize taps anywhere that REMOBS capability exists. Hmmm. TRAINING Hands-on training on TSCM equipment is available in one of our facilities or in yours. Our equipment or yours. Call for further information. COMSEC EXPO '85 This two-day meeting is really shaping up. Scheduled for December 17 & 18, 1985 in the Washington Sheraton, it will feature exhibits and eighteen panel discussions on subjects of interest to professionals in the fields of communications and information security. At this time, early in the registration process, over three hundred people have registered to visit the exhibits. We plan to run some national ads, and to expand our mailing effort, and we're confident that we'll have a big turnout. (For an application which will allow you to pre-register for free entry to the exhibits, write to COMSEC EXPO '85, Post Office Box 868, Frederick, MD 21701.) Although the exhibits will be open to the public, the conference itself is an official meeting of the Communications Security Association, open only to members of the association, and your full CSA dues will be deducted from the entry fee to the conference. If you wish to attend the conference, there will be three educational tracks for you to choose from: I. Industrial Espionage/Countermeasures II. COMSEC/Encryption III. Investigations Technology, Private & Law Enforcement Each day there will be three meetings of one and one-half hours each, one in the morning and two in the afternoon, for each of the three tracks. That means a total of eighteen meetings, of which one person could attend a total of six. (Some subjects are included in more than one track because they would be of interest to people in different tracks.) Panel members are now being selected from the many who have expressed an interest, so if you want to be heard on your specialty, drop a line to COMSEC EXPO '85 at the address above, and you will be contacted. In addition to the exhibits and the conference, there will be a business meeting of the association, and several committee meetings. Let the organizers know what you would like to be involved in. If your company would benefit by exposure to thousands of exhibit attendees, contact COMSEC EXPO '85 at the address above. July, 1985 EDITORIAL Sometimes a catchy turn of phrase will be echoed by many persons, and be accepted by all who hear it. That's OK if the statement is true, but it's bad news if the statement is incorrect. It's amazing how fast misinformation spreads and becomes a "known". Erroneous conventional wisdom tends to spread like wildfire, infecting all who hear but don't think. An example of a catchy turn of phrase which caught on and caused great confusion occurred at Cape Canaveral in the early days when your editor was the first project officer on the Mercury program -- the first man-in-space program. Someone was quoted as saying that the impact area for the Redstone (sub-orbital) manned flights would be in the shallow water area off Grand Bahama Island "in order to facilitate recovery". Members of the press liked these words, and echoed them religiously. And the public believed them. As the man responsible for planning the recovery, your editor did not like the idea because it made no sense. Shallow water may be fun to wade in, but our recovery ships would not find any fun in trying to recover an astronaut from a capsule in three or four feet of water. Grand confusion, and many arguments, were caused by the slavish repetition of this catchy phrase. That is an example of how a false idea became a part of conventional wisdom. Today we have another example of incorrect information being repeated by many people, to the point that the idea is becoming accepted as truth. That idea is that data being transmitted by wire is not protected by the federal privacy laws. Now, your editor is ready to stand up and be counted when the critics of the privacy laws convene, but he has to point out that data, and anything else being transmitted by wire, clearly is covered by Title III, PL 90-351. (Lawyers refer to the particular paragraph as 18 USC 2511.) Having read and studied the legislative history and the laws, your editor is certain that the legislators really intended to provide laws to try to control eavesdropping on voice conversations between humans, and there is no doubt that they were thinking about voice communications being transmitted over telephone wires when they wrote the laws. However, they did not use any of the key words -- eavesdropping, voice conversations, humans -- in the law. Instead they prohibited interception of "wire or oral" communications, and defined interception as "aural acquisition". Clearly then, anything being transmitted over wires is covered if aural acquisition is possible. So let's see. What does "aural acquisition" mean? Nothing fancy. It means "hear". (And at least one judge has ruled that it means heard by a human.) OK. So data is being transmitted. Or facsimile. Or teletype. The question is, "Is aural acquisition possible?" Well, all of these information transmission systems transmit their information in the form of tones that are in the range of frequencies which can be heard by humans, so "aural acquisition" is indeed possible. Some folks will say that the human hearing the tones used to transmit data will not be able to understand the message, and that certainly is true. But, so what? The law does not refer to "understanding"; it refers to aural acquisition. The analagous situation would be a tap on a telephone line being used by persons speaking a language which is not known to the tapper -- aural acquisition has taken place but comprehension has not. And aural acquisition is what the law says -- not understanding or comprehension. So those who are repeating the incorrect idea that federal laws do not protect data being transmitted over wires are not doing anyone any favors. They are slavishly repeating a bit of misinformation, and doing it so frequently that a lot of folks who should know better are repeating it and lending it credence. CNA One new CNA number to report: 617-787-2750. (As with all of the others, we have not tested and do not guarantee that it is accurate.) PLEASE HANG IN Yes, the COMSEC LETTER has been arriving late. No, it's not the fault of the Postal Service. It's pure and simple. The fault lies with your editor. He did not realize how much additional handling is involved in having it typeset and formatted outside. It's not the fault of the people doing the typesetting and printing; it's just a lot of extra handling, proofing, etc. Better days are coming, we're sure. After we've turned out two or three in the new format, we'll have worked out the bugs, and will be back on schedule. Please bear with us. Thanks. FEEDBACK The interests of the readers of this letter are certainly varied. One letter said, "I don't have that much interest in the subject matter, but I like to read your letter because it is written in something which closely resembles English." Then there are some folks who like the technical comments -- like the explanation, using Maxwell's equations, to rebut a published "expert" comment that a spectrum analyzer is not sensitive enough to use in TSCM. And then there are those who like the comments on the laws. Also, we've heard that we should stick to communications security and not concern ourselves with whether the communications are worth securing. So, to all who have provided feedback we say, "Thanks". The COMSEC LETTER will continue to try to provide something for all of these varied interests. We'll continue to lament the lack of objectivity of journalists, and we'll continue to point out examples of outstandingly poor communication. And, yup, we'll try to provide good technical information on COMSEC, TSCM, and something that the government has started to call COMPUSEC, computer security. Naturally, the phone company will get special attention. COMSEC EXPO '85 PLANNING COMMITTEE The time is running short, but several people have volunteered to help with planning for COMSEC EXPO '85, the first annual meeting of the Communications Security Association. At the time of this writing the committee's primary efforts are aimed at defining the best topics for the 6 different panels in each of the three technical tracks. We want to be sure to cover all of the important issues relating to communications and information security and investigations technology. Some subjects appear to be of interest to all three technical tracks, and will, therefore, be offered on all three tracks. In every case, we're trying to see that all points of view are represented by knowledgeable and articulate panelists. At this time the committee members are; Face-to-face group (DC area): Ric Blackmon, PTAH Technical Services Major Raymond L. Gaudreau, USAF OSI Bill Norman, Security Advisor to the New Zealand Embassy Jim Ross, Ross Engineering Russ Weller, Computer Sciences Corporation Commenting by mail and phone: Arnold Blumenthal, PTN Publishing, Woodbury, NY Salvatore Gallo, Martin-Marietta, Orlando Ben Jacobson, Phillip Morris, New York City David C. McFadden, Phillips Petroleum Co. Ken Taylor, CBC, Miami Representing Galaxy Conferences: Tammy Brock John Laughlin In addition to upgrading the outline of the program, the committee will be developing guidelines for panelists and moderators. (How much time to each panelist. Encourage panelists to bring slides or other visual aids and handouts. Etc.) Also, the committee will be looking at some other aspects of this first annual meeting, such as scheduling and arranging for: General Membership meeting to elect a board of directors, etc. Board of Directors meeting to elect officers. Establishment of standing committees and electing their chairmen A meeting of members interested in forming local chapters to share ideas, etc. Door prizes? Cocktail party/reception sponsored by the exhibitors? Two luncheons? One dinner? Speakers for luncheons/dinner Head table guests for luncheons/dinner Anyone who is interested in participating in any phase of getting COMSEC EXPO '85 off the ground is invited to join in. Many of the people who are working on this committee are located in the Washington, DC area because that facilitates getting together in person, but anyone anywhere is welcome to participate -- call, write, wire, or communicate your ideas in any fashion. DPMA SURVEY The Data Processing Management Association (505 Busse Highway, Park Ridge, IL 60068) recently reported the results of a survey of data processing managers. Just over twenty percent of the responses indicated at least one case of computer "abuse" during the previous three years. About half of the companies responding have no full-time or part-time staff assigned to data security, and offenses by outsiders are thought to be only about two percent of the total. Our question is: if no one is watching the store, how do you know that a lot of hackers have not been tromping around in your data? Captain Zap (Ian Murphy) points out that hacking and cracking targets are becoming easier to find because of the ever increasing number of firms going to distributed data bases. THE GREAT NEW JERSEY BULLETIN BOARD BUST July 15, 1985. We had had some calls relating to the raids on computer bulletin boards in New Jersey. The details related were fascinating. The raiders, we were told, included Plainfield police, Middlesex County police, representatives from the Secret Service, Postal Service, FBI, and, of all things, AT&T! All this to be sure that a teenager does not get away with anything. The raiders had a warrant which authorized them to seize all records, equipment, etc. And they did. They even took the telephone! Tried to take a desk calculator, but relented on that item. That evening on TV network news we watched as a grim faced investigator (or prosecuter, we forget which) says, "We have the names of 630 people who logged onto these boards." Gosh. Sure sounds serious. Looks like your editor is about to become famous. Look for his picture on the post office wall, because he logged onto one of those boards three days before the raid and the seizure of all of the equipment and records. Please do not misunderstand our position. We do not intend to make light of any criminal activity. We do not condone theft of any kind, in any amount, from any entity. Some people think that stealing from the phone company is not stealing, but they don't realize that they are stealing from everybody who uses a telephone. Phone companies never lose money; we all end up paying for whatever is stolen from them. We do not condone any theft. We do not say, or even imply, that there are not some bulletin boards which condone or promote illegal activity. They do exist, and we have seen a lot of material from some of these boards. However, just because some boards foster crime does not mean that all board activity is criminal. In fact, the board that we logged onto greeted us with a message containing specific instructions as to what message content was acceptable. In our opinion, that board was squeaky clean. In any event, we have the spectacle of the establishment, and the media, trying to make things sound as sinister as possible. For instance, one of the comments heard was to the effect that some of the boards even listed some phone numbers of people in the pentagon. Aren't they aware of the fact that the government printing office sells the pentagon phone book? How do they suppose anyone ever comunicates in the pentagon if the very phone numbers are some deep dark government secret? DAY LATE AND A DOLLAR SHORT Not really. More like two years late and $25 short! We're referring to the recent issue of the Journal of Security Administration which states that subscriptions to the COMSEC LETTER are free. To all who read that and wonder what is going on, here's the real story. In 1983, when we announced the beginning of the COMSEC letter, we offered a free subscription to anyone who requested it on company letterhead. During 1984, no one paid for the letter. Late in 1984 we announced that, effective in January 1985, the letter would be available for $25 for a one-year subscription. Since that time, subscriptions have been offered for a fee, but not for free. We have arrangements with some other newsletters to trade subscriptions and we offer samples, but the letter is no longer offered free. Our apologies to anyone who was mislead. Rates for a one year subscription are: USA: $25; Canada and Mexico: $35; Other international addresses: $45. NEW PRODUCT Ross Engineering Associates, Inc. recently announced the availability of a bug locator called Superhound. It is a small, battery powered broadband detector with light and sound output to indicate proximity to a transmitter. Contrary to prevailing industry standards, the product was built, field tested, and put into production before the product data sheets were prepared. We wanted to be sure that the product would perform as advertised, so we built it first. Therefore, if you have requested information on this product, and don't have it yet, please stand by. The product data sheets are being prepared and will be available soon. TAP DETECTION One of the points made during our seminar on communications and information security is that there is no electronic instrument that will detect even a simple tap. Yes, we know that American Express, XEROX, Golf Oil, and a few other companies sell an item for tap detection for $49.95. We also know that there are tap detectors being sold for one thousand times that price. And still we state: "There is no electronic instrument that will detect even a simple tap." Sure, we detect taps. We do it through a combination of techniques which take advantage of some instuments, some tools, some characteristics of some taps, a lot of hard work and physical inspection. Some taps are easy to detect. We go over this in detail during the seminar. But there is no electronic instrument which can detect even a simple tap. There are some procedures for detecting specific types of taps. For instance, if a commonly available tape recorder starter is used, it is only necessary to isolate the segment of telephone line (that is, disconnect all instruments and the telco feed), and use an instrument capable of measuring very high resistances to measure the resistance between the two conductors. An FCC approved tape recorder starter will indicate something over 10 megohms. Without this device across the line, the reading will be overload or infinity. But there is no electronic instrument which can detect even a simple tap. We have tested many devices and instruments, and none of them has been able to detect even a simple tap -- a very simple tap. However, some things can be done, and a properly equipped and trained countermeasures team can usually provide good assurance that no tap is connected on premises. Off premises is another story. We are not privvy to all of the techniques used by all of the people who tap telephones, but we are well aquainted with the various devices and techniques used for tap detection, and we'll put our position this way: We can tap a telephone and record every conversation, and our tap will be detectable only by physical inspection. We'll beat electronic tap detection one thousand times out of one thousand attempts. By the way, no one has taken us up on our challenge to write a definition of a telephone tap. As a matter of fact, no one has even asked us to publish our definition. Anybody interested? MORE REPORTS FROM THE REAL WORLD George Austin of Phoenix sent us a page out of The Arizona Republic of March 28, 1985. Fascinating story. A scanner enthusiast in Phoenix occasionally heard a neighbor lady putting her baby to bed, singing lullabies, etc. (Scanners are modern radios which can be set to scan through a set of frequencies and stop when they hear something. A lot of people use them to listen to fire, police, hams, airplanes, etc.) Late one night, however, when baby was sleeping, he plainly heard the lady and her husband and their activities in the master bedroom which apparently was next to the baby's room. He did not specify what he heard, but he said he heard things "that should not be broadcast all over north Phoenix". Embarassed, he enlisted a third party to advise the lady that she was broadcasting, and what she was broadcasting. It seems that she had purchased a Fisher-Price Nursery Monitor. This monitor is not a carrier current device like some of the one-way intercoms on the market. This one, instead of transmitting over the power lines, transmits through the air on cordless telephone frequencies. The monitor in question transmitted on 49.890 MHz. The lady, althogh embarassed, was certainly thankful to be told, and the manufacturer said that a warning would be printed in the instructions in the future. If you have a cordless telephone, or a cellular telephone, or a wireless intercom of any type, be advised: YOU CAN BE OVERHEARD. NETWORK SECURITY CONFERENCE RCA Network Services has announced a conference on network security to be held at the Sands Hotel in Atlantic City, NJ on October 2 & 3, 1985. Fee: $695. For information contact: RCA Network Services, Inc. Network Security Conference (Mail Stop 1-13) 4 Research Way Princeton, NJ 08540-6684 609-987-7555 This conference, unfortunately, conflicts with the ASIS annual meeting and exhibits being held in Dallas at the same time. Otherwise, we would definitely be participating. Many of the topics being covered are similar to parts of the COMSEC EXPO '85 program which the Communications Security Association is offering at the Sheraton Washington December 17 & 18, 1985. Specifically, they are addressing vulnerability of systems to outside hackers and inside abusers, National Security Directive #145, and the Commercial COMSEC Endorsement Program (CCEP). RCA has arranged for some very qualified people to discuss these issues, among others, and it should be a very worthwhile conference. We'd be pleased if you would mention the fact that Jim Ross sent you when you contact them for details. Thanks. August, 1985 NEWS(?)PAPERS In Intelligence Report in a recent PARADE magazine, LLoyd Shearer lauds Jimmy Carter for his wonderful achievement in getting our hostages released after 444 days in captivity in Iran. Is it any wonder that thinking people believe little of what they read in the press? FEDERAL LAWS RE EAVESDROPPING Yes, everything being transmitted by wire is protected by federal law, in our opinion. However, at least one judge has ruled that, if "aural acquisition" by a human has not taken place, no "interception" has taken place. So, if you're tapping a phone line, or recording from a phone line, don't listen. --- Then, of course, be sure to get that same judge to sit at your trial! FRAUD & THEFT NEWSLETTER This newsletter is a publication which would be of interest to any business which bills credit card companies for goods and services sold to customers. Its purpose is to help merchants by educating them with regard to fraudulent practices and credit card scams. (F&T Information Bureau, POB 400, Boynton Beach, FL 33425. 305-737-7500.) Recently this publisher announced the availability of a book listing all of the banks which issue Master Card and Visa credit cards. The book is an aid to businessmen because they can use it to look up the telephone number of the issuing bank so they can call the bank to verify the cardholders name and address. (No, the "approval" or "authorization" number given to the merchant by phone does not mean that the transaction is approved and will be paid: all it means is that there is a card by that number in existence.) This technique, by the way, is the one step that a banker suggested to a recent seminar group as a method of protecting against losses due to fraudulent credit card use. So what happens? Why, of course, Visa and Master Card sue the publisher claiming that it has "blatently disclosed" trade secrets. Now, we haven't seen the book nor the charges, but it is hard to imagine how a list of banks with their phone numbers can be a trade secret -- certainly such lists must be maintained by the banks themselves with access possible for almost anyone. This is of intense interest to us because we do provide goods and services based on credit cards, and more importantly, because we are involved in publishing and the suit smacks of an attempt to limit the freedom of the press. Anyone with good information on this (or a different point of view) is invited to call or write. THERE IT GOES AGAIN! The current issue of Computer Security Digest asserts that only conversations are protected by federal wiretap laws. As we pointed out recently, in our opinion, this is not true. We believe that a strict interpretation of the law indicates that the law protects all wire communications (with some strange limitations). See our July issue. LAWS. CANADA AND USA It seems that these two great friends and neighbors have wildly different laws relating to public records and to evidence. At the recent annual meeting of the Council of International Investigators a Canadian member related some details of a case in Canada in which a private investigator was tried and convicted for possession of criminal records. (There is probably a lot more to the story which would be of interest, and we'll publish more information as we get it.) This surprised us because we think that court records are public records and, therefore, should be available to all. The rules relating to the admissability of evidence also seem to be different. It is our impression that all evidence which can be tracked back to illegally obtained evidence cannot be used in the US. In other words, if an illegal wiretap led to other evidence, which by itself would be admissable, that new information would be considered tainted and inadmissable. According to an article in a recent Security News Bulletin, in Canada only the authenticity of a tape recording is considered. If the court is satisfied that a tape has not been altered, and contains information which could help a jury reach a decision, the tape recording may be introduced into evidence. Any reader who wishes to add anything or correct any wrong impressions is invited to call or write. WAR STORIES At the seminar we get mixed reaction to the use of war stories. Some people think they are a waste of time; others think that they add practical value. We intend to continue as in the past, discussing real events without revealing the identity of the players, because we want to make the seminar as valuable as possible and we believe that actual details of actual experiences in the field are important to a good understanding of the subject matter. Also, sometimes the stories can convey a message while providing some humor. Such as: Two investigators have had a suspected drug dealer under surveillance, but haven't really gotten anywhere. One of them buys a cordless telephone, calls the suspect pretending to be a disk jockey and tells him that he has won a prize. They deliver the cordless telephone, and begin a radio surveillance using a scanner in their vehicle. The suspect uses the phone to make some deals, the investigators listen, get what they need, and make the arrest. That's what you call initiative and enterprise. ANOTHER ANI NUMBER For the San Francisco area we're told the ANI number is 760. Also, Roger Tolces advises that the number we published for Los Angeles, 1223, is good only for GTE. He says the Pacific Bell number is different, but he doesn't know what it is. CNA During the recent annual meeting of the Council of International Investigators, members offered comments on the spreading access to CNA without subterfuge. In case you are not familiar with it, CNA is a telephone company service which used to be intended for use by telephone company employees in the business office. When a customer complained that he found a long distance call on his bill that was not his, the telco business office person would check the name and address of the called party as the first step in proving the customer wrong and collecting the bill. CNA stands for customer name and address, and there are CNA numbers for each area code. To learn the name and address of a customer at a specific number the proceedure is to call the appropriate CNA number and ask for the name and address associated with the number in question. It used to be that a certain amount of acting was required; that is, the caller had to pretend to be a telco employee at another location. However, we have been told by hackers that we trust that many CNA offices no longer care who they are talking to. On the other hand, some telcos have responded to the heavy non-telco use by trying to make it more difficult for non-telco people. For instance, in New York, the CNA office will only give out the name and city of the customer; and in some places, the CNA office asks for a call back number. However, there are some places, even in phone companies, where reason prevails. Months ago in this letter we advised that South Central Bell had initiated a program to sell CNA information at forty cents per inquiry. To our minds, that makes eminent good sense. The telcos have an extensive data base of public information which they update on a continuous basis. We think that they should all sell this information -- it's almost found money, and maybe will delay that next rate increase. Anyway, back to the CII members' comments. A man from the northwest said that CNA information is available in Oregon and Washington at 75 cents per call. Another member said that he had heard that several southwest companies had agreed to form a consortium and to offer the service soon. (He may have been referring to ScanTel. See our report on that in this issue.) Any reader who has direct information on any activity relating to CNA is invited to call, and we'll pass along the latest. "HACKERS ARE MORONS" We put this heading in quotes because we are directly quoting Byron G. Wels, editor of Computer Digest. After Mr. Wels made this statement in an editorial, he received a so much comment that he decided to run another editorial to expand on the theme. In the later editorial, inaddition to calling hackers morons, he goes on to call hackers thieves and criminals. "I have no gripe with the guy who experiments with computers within the confines of his own realm. That's our reader!" That is certainly an interesting concept. Readers of Computer Digest are all simon pure, and hackers are all morons, thieves, and criminals. Talk about generalizing from a specific! Of course there are hackers who are thieves and criminals. We have no doubt that many hackers are ripping off many unsuspecting entities regularly. On the other hand, tacking the label "moron" onto all hackers sounds kind of dumb to us. We doubt that many morons have the ability to perform as hackers -- seems to be a contradiction in terms. (Maybe Mr. Wels was not trying to be accurate, he was just trying to insult those who hack.) But back to the basic idea: Mr. Wels states that hackers are thieves and criminals because some of them have committed crimes and stolen things. Let's carry that kind of thinking over to another group, say editors. Recently, we read two perfectly stupid editorials. Using Mr. Wels' thinking, we should now condemn all editors as being stupid. However the editors that we know personally are anything but stupid, just as the hackers we know personally are anything but morons, thieves and criminals. So much for generalizing from a specific. (Radio-Electronics, which contains Computer Digest is one of the publications that we read regularly in our effort to stay abreast of developments in communications and electronics so we really can't cancel our subscription in protest.) (Gosh. Everybody who reads COMSEC LETTER better appreciate what we go through to try to bring you the best and latest information!) SPEAKING OF STUPID We have to give this month's award to the National Bank of Detroit. They just returned a letter to us because the employee addressed is no longer employed there. We appreciate it when we get information to correct our mailing list, but in this case, they did not help us much. The instruction to remove the name from the mailing list was printed on an opaque label which was glued to our envelope completely covering the label containing the addressee's name and address! LETTER BOMB DETECTOR Recently we were asked to recommend a letter bomb detector by two of our clients. After checking the operation of the least expensive one on the market, we advised against its use. The one we tested was sensing the presence of metal in the package which means that a paper clip could cause an alarm, but a bomb without metal would be passed. We could not in good conscience sell this item, and the next step up in price was a giant step to an X-ray machine. However, there may be a low cost alternative to buying a large and expensive X-ray machine. We have been told that if you spray suspect parcels with freon, the freon wets the wrapping and makes it transparent. On the plus side, we are told that the freon dries and leaves the parcel unmarked. On the negative side, we don't know the effect of breathing even small amounts of freon, so please be careful if you try this. We'd appreciate hearing from anyone with experience -- either with freon or with any accurate letter bomb detector. NEWSLETTERS Business Computer Digest by BC Newsletter Associates, POB 3007, Boca Raton, FL 33431-0907 is an interesting monthly publication that you'll find of value if your company uses minis or micos or lap computers. Much detail on trends, software, product reports, etc. $88 per year. Private Intelligence Exchange also publishes a newsletter. Contact them at POB 1931, Whittier, CA 90609. If you are interested in either of these, tell them that you heard about them in COMSEC LETTER and we're sure that they'll send you a sample copy. SCANTEL Mountain Bell (Arizona, Colorado, Idaho, Montana, New Mexico, Utah, and Wyoming) has made available, but not yet publicized, a service called ScanTel. This service allows searches of their customer listings by computer for a fee. At present the system will search for a name or an address, but will sometime allow searches by phone number. The pricing for the service is 50 cents per minute of connect time, plus 25 cents for each request plus 5 cents for each response. Looks like CNA may be on the way out -- except for unlisted numbers. BOOK REVIEW Spy Tech by Graham Yost. 1985. Published by Facts on File Publications, New York City and Oxford, England. Hard Cover. List price: $17.95. This book tries to cover two distinctly different kinds of spying. In Part I the author describes spying from planes and satellites, and in Part II he presents some information relating to earthly spying. Part I To evaluate Part I we referred to his recounting of our early days in space because we have firsthand knowledge of that period. We found that he grossly insulted a dedicated US team of space pioneers, and we wonder about the accuracy of all of the material presented by the author in this book because his account of events that we participated in differs from our own knowledge of those events. It seems that he may have been influenced more by press releases and press accounts than by facts. History according to Graham Yost: "With the embarrassing first launch failure, the United States government returned quickly to Von Braun's Orbiter plan and, somewhat miraculously, managed to send up a satellite, Explorer I." History as it actually occurred: The US Army team that launched that satellite did not depend upon miracles. It was the same team that fired the first ballistic missile from Cape Canaveral, the same team that fired the first long range ballistic missile (3300 miles), the same team that [with the navy's help] recovered the first nose cone, and, truth be known, it was prepared to orbit the first satellite over one year before it was given the go-ahead. (Your editor admits to a bit of predjudice; he was, for a time, a member of that team which accomplished so much in those early days.) So Part I of the book presents at least one distorted view of history. Let's look at earthly spying. Part II To evaluate Part II we started at the beginning, but we never made it out of the first chapter of Part II because the author convinced us very quickly that there was no reason to go on. He starts off by asserting that the telephone system in the United States was entirely owned by AT&T until the breakup of AT&T in January 1984. Then he sagely advises that telephone off hook current is 48 volts. Something he calls "48 line volts" is used to ring a telephone, and he says the phone company can easily detect a series tap because it causes a drop in line voltage of over 20 milliamperes, and when that happens the phone company sends out a repairman to investigate! (In case you have not taken the first course in electronics, let us explain: All of the statements above are pure hogwash. Voltage is measured in volts; current in amperes. Ringing voltage in the US is 90 volts, 20 Hertz. No comment on his series tap information because it makes no sense whatsoever. -- And we all know how often the phone company sends out repairmen before we call to report trouble.) After demonstrating that he knows nothing about basic electronics and does not have even a proofreader to help him out, he advises that the little tap detector (with the tiny red light) that you screw onto your telephone handset in place of the carbon microphone will detect most taps. The device that he refers to is the very same one that we demonstrate during the seminar (when there is a phone available to tap). First we connect it to the telephone and adjust it according to directions. Then we make a call. Then we tap the phone line with an $11.95 amplifier so that everyone in the room can hear the call, and see that the little red light does not come on. -- It does not detect even a simple tap; and yet, this author who holds himself forth as an expert, advises the world that it will detect most taps. So what can we say good about this book? It has a nice dust jacket and it is nicely bound. Some of the illustrations are good. (We have to say that because we use some of the same ones in our seminar notebook -- copied from government reports.) Some of the pictures are excellent. Do not depend upon the contents of this book. We've often said that the level of expertise necessary to tap a phone or bug a room is 9th grade hobbiest, and this author should have looked one up to be his technical advisor. It could only have improved the content. September, 1985 DEFINITION OF A TAP In one of the early COMSEC LETTERS we asked all of our readers to submit proposed definitions of the word "tap" as in telephone tap. The response was truly underwhelming -- not one entry. Your editor knows how to go with the flow, so he tried again two months ago. Still no response. So we'll stick our necks out and offer our definition of tap, and we hope that there are some folks in our readership who will criticize our effort so that the second generation definition is better than this one. Tap, n., v., ---n. The act or process or equipment used to monitor and/or record the content of messages being transmitted over wireswithout degrading the quality of transmission or interfering with transmission in any way, and especially without being detected. The product of a tap is the content of messages being transmitted over wires. ---v.t. To perform the necessary steps to accomplish a tap. N.B. Because most taps seem to have conversations between humans as their objective, it has become common to think of taps as having a product which is human voice conversations. (In fact, to simplify terminology during the seminar we refer to listening to microwave or satellite-borne telephone conversations as taps.) Note that the definition above does not refer to voice conversations between humans. Anything being transmitted over wires can be tapped. That means that data, teletype, facsimile, etc. can be the product of a tap. Also, keep in mind that the definition refers to anything being transmitted over wires, and is not limited to baseband transmissions. That means that modulated RF, CW, ICW, or any transmission at any carrier frequency, unmodulated or modulated using any type of modulation, is included in the definition. So let's go critics. Have a shot at the first definition of "tap". LETTERS From Charles J. Augustine, Security Services Center, Cleveland, Ohio. How do you obtain schematics and circuit diagrams for ITT and GTE equipment as well as AT&T and Western Electric products? I have tried their customer information offices and been met with replies such as: "It's confidentila proprietary information" and "Why do you need to know how to install and service it?". Calls to suppliers have met with even less response. Hope you can be of assistance. By the way, what happened to my June and July issues? Our Response. Dear Charles, Thanks for your interest and your contributions. Your letter raises some interesting questions. At first, we were certain that the answers would be simple to find in our well-organized (What a Lie!) library, but we find that we do not have a definite answer to your questions. So this is a plea to our readers -- if you know the answers or can provide the references needed, please send them to us, and we'll pass them along. Further, we're listing some names and addresses of possible sources of the information that you need: AT&T Commercial Sales POB 19901 Indianapolis, IN 46219 Bell System Catalog of Publications Publishers Data Center Bell Communications Research Box CF38, Pratt Street Station Brooklyn, NY 11025 GTE Automatic Electric Inc. 400 North Wolf Rd. Northlake, IL 60164 ITT Telecommunications Corp. Box 831 Corinth, MS 38834 National Technical Information Services 5285 Port Royal Rd. Springfield, VA 22161 National Telecommunications & Information Administration Department of Commerce Washington, DC 20230 Rural Electrification Administration 4051 South Bldg, USDA/REA 14th & Independence Washington, DC 20250 Western Electric Commercial Sales Box 20046 Greensboro, NC 27420 Western Electric Company IDC Commerial Sales Box 26205 Indianapolis, IN 46226 Stangely enough, the Rural Electrification Administration has many publications on telephone communications, but their catalog is out of print, and they don't know when they'll have the new one out. (We've been waiting for about three months.) With regard to your question about the missing issues of COMSEC LETTER, all we can say is that we got behind, but we're catching up. This is the September letter, and is being mailed in October. We hope to get the October letter out before the end of the month, and to be back on schedule in November. Please hang in. Ed. SEMINARS The National Crime Prevention Institute of the University of Louisville has an extensive seminar program. They are heavily oriented toward law enforcement and crime prevention, but they occasionally offer something in our field. (In fact, the report "Security Applications of a Spectrum Analyzer" is one of the best sources of information on TSCM that we have ever seen; and it was presented at one of their conferences.) NCPI, UOL, Louisville, KY 40292. CORDLESS TELEPHONES, ANOTHER PROBLEM Several new products have appeared on the market under "Part 15" FCC specifications. They are small, low-powered tranceivers and they use the cordless frequencies 49.830, 49.845, 49.860, 49.875, and 49.890 MHz. The potential problem to cordless phone users is that they may interfere with phone calls. So, if you use a cordless phone, don't be surprised to hear more than the other party to your call. We are reminded by a clipping provided by Roger Breslow that cordless phones have a much more serious problem than interference, and that is that some of them can cause permanent hearing loss if held to your ear while a ring signal is being received. So the tally on cordless phones is: 1. Eavesdropping on your conversations is easily accomplished, 2. You may be interfered with by a $9.95 tranceiver, and 3. You may be permanently deafened. We wonder why anyone uses 'em. HERE IT IS AGAIN In PC Magazine Steve Metalitz, staff director of the US Senate Judiciary Subcommittee on Patents, Copyrights, and Trademarks (which has jurisdiction over privacy legislation) is quoted as expressing his concern about the privacy of data transmissions, saying, "If they've never been in voice form, they're not protected by the wiretap law." We have commented on this misconception before, but this person certainly should be an authoritative source. So we went back and read the law again, and still cannot find the word "voice" anywhere in the law. So again we say: EVERYTHING transmitted over wires is protected. The law defines interception as "aural acquisition" and aural acquisition of the tones used to transmit data is possible. No, the person hearing those tones will not understand the message -- but the law says "aural acquisition"; it does not say anything about comprehension. The analagous situation would be the tapper hears a voice conversation in a language that he does not understand. Aural acquisition has taken place; comprehension has not. A wire communication has been intercepted according to the law, and wire communications are covered by the law. Yes, the law could be improved. Yes, it should be improved. What is your opinion? SPREAD SPECTRUM The FCC recently authorized various uses of spread spectrum modulation techniques. In one action they authorized hams to use spread spectrum; and in another, they authorized spread spectrum modulation in the Public Safety, and Industrial, Scientific and Medical Services bands. If the equipment becomes popular, the buggers are going to learn how to use it, and the debuggers are going to have to develop new equipment and techniques. C'MON, LET'S COMMUNICATE! We don't know about the rest of the country, but in DC there have developed some vexing, and sometimes potentially dangerous, lapses in communications due to uneducated uses of our language to convey numbers during voice communications. The vexing bad habit is to state a zip code by saying, for example, "two thousand nine". What the sayer means is "20009", but what he actually says is "2009", and that is really not important -- just confusing. However, on our scanner we heard a very serious communications failure when a DC ambulance went to "115" because the dispatcher had said "one hundred fifteen" for the street address, "10015". Now that is a serious breach of communications, in our opinion. COMSEC EXPO '85 Y'all come! Comsec Expo '85 is shaping up. TSCM, voice scrambling, message enciphering, big brother, hackers, and many other subjects will be covered during the eighteen panel discussions. Every panel will have knowledgeable panelists representing differing points of view, so you'll have an opportunity to hear the different sides to the issues that you are interested in. Some real TSCM (Technical Surveillance Countermeasures -- debugging) professionals will display and demonstrate real equipment, and you'll hear horror stories about the unqualified charlatans -- the "magic wand" operators. Simple and complex, analog and digital scramblers will be covered -- technical explanations as well as considerations relating to tradeoffs in hardware selection. You'll also be made aware of why so much excellent scrambler equipment is not used by the executives for whom it was procured. Details of the first ever "Secrecy Order" from NSA and the aftermath of this government suppression of a privately-developed scrambler will be covered. You'll be able to hear discussions of encryption methods from the Caesar Cipher to the RSA algorithm. We expect a lively discussion on why the government approved DES uses a key which is 56 bits in length while hackers (private individuals) use 800 bit keys. The impact of various new government directives will be discussed in detail by affected industry representatives and sponsors in government. Exhibitors have begun to find out about the Expo despite our late start, and you'll find many products and services of interest. For information write to: COMSEC EXPO '85, POB 868, Frederick, MD 21701, or call Tammy Brock at 301-662-9400. COMPUTER SECURITY PUBLICATIONS Available from NBS: Publication List 91, Computer Security Publications. Contact: Institute for Computer Sciences and Technology, NBS, Gaithersburg, MD 20899. GOOD BOOKS ON COMMUNICATIONS TECHNOLOGY Texas Instruments has published a series of books called the "Understanding Series". We haven't seen them all, but, based on the excellence of the first one we bought, we'll recommend them all. TI, POB 225474, MS 8218, Dallas, TX 75265. 20-20 In our YOGO 1.01 issue, we mentioned an interesting ad in Security World which asked for details of actual illegal surveillance cases. If you watched the segment on eavesdropping on the 20-20 television show, you saw a part of the product of the young lady who ran the ad. HARRASSING PHONE CALLS One of our readers called to ask if we could design a device which could be used to blast the eardrums of a harrassing caller. We haven't begun that design because we think that the phone system would limit the sound level at the receive end, but we haven't done any tests to see if that is true. Because of our overload, it didn't look like we'd get to that project for some time, so we told him what we do when a caller doesn't identify himself, or talk, or get off the line -- we hit the redial button on the phone which caused a fast, evenly-spaced series of tone to go out over the line. Seems to work. Our theory is that it's a kid on the other end, and hearing tones like that, he thinks it's some special system for tracing the call. Menwhile, we think we have a good approach to a piece of hardware which could help. We'll work on it, and keep you advised. INTERESTING NAMES ON OUR MAILING LIST All American Associates is, of course, headed by Jack Armstrong. (Young folks are excused if they don't understand.) How 'bout a company name, "Windforce"? The man who used that name in correspondence with us, does not have a telephone business listing under that name, nor does he have a personal listing under the name that he signed. Oh Well. It takes all kinds. HACKERS AND CRACKERS Cap'n ZAP (Ian Murphy) defines these terms this way: A Hacker is a person who hacks away at a program, removing errors and bugs, until he finally either gives up or makes the program work. A Cracker is a person who cracks into a computer (gains access to its stored information) without benefit of any prior information as to the computer type, operating system, privacy protection measures, etc. MORE ON ELECTRONIC TECHNICIAN CERTIFICATION In addition to the certification programs mentioned in earlier letters, there is an association, International Society of Certified Electronics Technicians, which awards certification in various specialties. ISCET, 2708 W. Berry St. #3, Ft. Worth, TX 76109. JUST WHAT IS A FRAUD? Last year an ad offered gold coins for sale, and the telephone number to call to place an order was 1-800-USA-MINT. The person who answered the phone did not want to give us a direct answer, but, after prolonged weaseling, admitted that it was a private company not associated with the US Mint or any other part of the government. At the same time Seequa Computer Corporation was running an ad with a headline which said "Seequa shows you how to get an IBM PC for just $1595". We do not see any attempt to defraud in the second ad because it was run in a magazine read by a computer-using audience, it showed a picture of a Seequa computer, and the text plainly said that they were offering the Seequa computer for sale and that it does everything that an IBM does. That first ad, though, makes us wonder. Was there a deliberate attempt to make the reader think that he was dealing with the US government? Did people place orders thinking they were buying coin of the realm? MORE ON THE LAWS If you are engaged in what you think is a private conversation on a public street, you have no Fourth Amendment right to privacy. That was the ruling in United States vs. Lopez, US District Court for Connecticut, H-84-31, 6-7-84. So we're back to the question of whether an individual has an expectation of privacy, and this court thinks that you have no expectation of privacy on a public street. Seems reasonable. PUBLICATIONS The publications which are offered by this firm are copies of articles in the public domain, contributed articles, and some original work by your editor. The objective in offering these publications is to be a source of good information on this technology. We are not trying to get rich by offering these items, in fact, handling them takes a lot of time. So please don't be offended when we ask for payment in advance. Our experiences a few years ago led us to the conclusion that that is the only way to go. Billing a company or government agenciy for a few dollars was simply not worth the time. Also, we accepted occasional COD orders and handled them for a while. However, that went sour because orders were refused, meaning that we had wasted our time and money to package and ship. NEWSPEAK Sign above the door of an office on the first floor of the Philadelphia city hall: "Room 143 Mayor's Office for Sexual Minorities" Anyone who can define "sexual minority" is invited to mail it in, and if it's printable, we'll print it. CNA Don Peterson of Minneapolis mailed us a copy of a flier which describes the CNA service now available in Minnesota, North Dakota, and South Dakota. To access the service call 402-580-2255. the charge is 50 cents and you can get two listings per call. No non-published number information will be available. Don's information also says the booklet, "The Changing World of Telecommunications", can be obtained free by calling 800-342-4242. MODERN INTERPRETATION NEEDED? We think that our legislators (and jurists) should be considering the First Ammendment implications with regard to material on computer bulletin boards. The writers of that ammendment intended to ensure freedom of the press, and they did a good job. At the time that they wrote it, they were thinking of the press as only Newspapers, but interpretations have also extended protection to radio and television. Should not electronic bulletin boards also be covered? What do you think? TOUCHSTAR Southern Bell in Orlando and Bell Atlantic in Harrisburg are offering a new package of services under the name Touchstar. If you subscribe, you can select numbers from which you will not accept calls, give selected callers a distinctive ring, call back the last person who dialed your number, or determine the calling number of an incoming call. Sounds great! October, 1985 CCS Well, CCS, Ben Jamil, and Carl Lande made the Washington Post recently. Big article in the business section. (Send SASE if you want a copy.) For those in our readership who are not familiar with this company, let us list some of the claims made by them over the years: "....eliminates illegal bugs and taps permanently." "Through an electronic breakthrough, this advanced miniature device enables you to detect hidden "BUGS" wherever you go." "Automatically screens out illegal wiretaps now on your phone or lines...or which may be added later." "New, automatic telephone bug detector quickly and thoroughly detects wiretaps on your telephone line or in the instrument itself." "This compact, ultra sensitive instrument gives you an immediate warning when someone wearing a bugging device enters the room." "It checks both telephone sets and lines for irregularities up to 10 miles and then not only reveals an eavesdropping device but helps pinpoint its location." "Crammed with electronic circuitry, this compact, battery-operated unit sweeps a room and warns you by a visual or audio signal of the presence of a hidden microphone or other recording device." "....remarkable miniaturized device...that, with a mere turn of a knob, automatically renders any illegal wiretap, present or future, totally inoperable." TAP DETECTION In the YOGO 1.07 issue (July, 1985) of this letter we used a significant amount of space to expound on the theme that there is no electronic device that can detect even a simple tap on a telephone line. Reflecting on some of the claims made by CCS (elsewhere in this issue), we feel obliged to make it clear that all of the electronic instrumentation that we are aware of is incapable of differentiating between a court-approved tap and an illegal tap. In its claims, CCS seems to be trying to emphasize that their equipment can tell the difference between a legal tap (or a law enforcement tap) and an illegal tap. Maybe they're trying to keep law enforcement people from getting upset with them -- by assuring law enforcement that their equipment will not detect their taps. Interesting. ASIS SEMINAR AND EXHIBITS We think it is ironic that, at the ASIS Annual Seminar and Exhibits in Dallas, we were passing out complimentary copies of our July COMSEC LETTER which contains a feature explaining that there is no electronic device that will detect even a simple tap on the phone line; and, a few booths away, Winklemann International was handing out literature claiming "Complete protection against wiretaps". No, they were not touting scrambling equipment or other methods of securing communications; they were talking about an analyzer which, in their words, "...performs scientific tests which enable it to factor out innocent variations of electrical characteristics, so you can determine with confidence whether your telecommunications lines are clean." Obviously, either our article is wrong, or their claims are wrong. What do you think? Q & A In addition to questions which have come to us by mail, some of the questions related here were asked during our briefing of the Tidewater Chapter of ASIS. [The first one was asked anonymously (passed on by the meeting organizer), and it gave us the opportunity to start that meeting with an answer to a question.] Q. Why did you prostitute yourself to develop the Superhound and offer it for sale? A. Good question. First let's explain the reason that the Superhound was developed, and then let's talk about prostitution. A couple of years ago we were hired by a Fortune 100 company to brief some of their engineers and technicians on our specialty. As we usually do, we pointed out several times on the first day that broadband detectors (field strength meters, etc.) are not sensitive enough to detect a very low power transmitter like the Radio Shack Wireless Microphone. During the demonstration of the spectrum analyzer on the second day, we could see room audio on one of the signals on the spectrum analyzer, so we checked very carefully to be sure that all of our test transmitters were turned off. Room audio was still obvious on the signal on the SA. Finally, one of the technicians said, "I guess you know what you're talking about", and he reached under the table and pulled out a Radio Shack Wireless Microphone. After checking to be sure that his transmitter was turned off, we could still see room audio on the signal on the SA. More discussion ensued, followed by the same technician reaching under the table to pull out a second transmitter, tuned to the same frequency as the first. So the technicians had put the engineer to the test. He passed, so he became OK in their eyes. Last year, the same company again contracted for a briefing of some other engineers and technicians. This time they were more direct. They had heard that the first group had hidden two transmitters, so they hid four and challenged their instructor to find all four. One of them 'volunteered' to carry the 30 pound analyzer, and aided by the signals on the screen and the snickers from the group, we eventually found all four transmitters. The upshot of that experience was a realization that the analyzer is an extremely valuable tool to determine that an illegitimate transmitter is on the air, but is not a good tool to locate the transmitter. Therefore, we set out to develop a broadband transmitter locator, and the Superhound is the result. Have we prostituted ourselves? Not really. Not any more than the person who goes to work each day even though he can't stand his job, or his boss, or whatever. He's engaged in something that he does not like in order to earn money, and that could be called prostitution. On the other hand, we thoroughly enjoy our work and had a good time with the design and development of the Superhound. We designed and built a needed product. We advertise it as a bug locator, not as a primary tool for bug detection. In this role the Superhound is the best of the broadband units on the market -- by actual test it has outperformed units selling for many times its price. As a matter of fact, its operating instructions say that we recommend that it be used with an instrument with adequate sensitivity and tuning range such as a spectrum analyzer. Why does it have a bunch of lights instead of a meter? It has lights because that's what people want. The winkin' and the blinkin' is what sells; and, after all, our objective is to make money. We plead not guilty to the charge of prostitution. Q. Will you refund the fee you charged for countermeasures if someone else finds a bug after you leave? A. No. First, we're very confident of our ability to find whatever is in place while we are working. That's not just idle braggadocio; we have a track record. We're very confident. Second, how do we know what has transpired since we left? How do we know that the "finding" team was not the "placing" team? Q. What do you charge for expert testimony? Not just testimony. You have evidence of a breach of communications, you preserve the evidence, bring it to court, etc. How much do you charge? A. Our fee for a TSCM manager or senior engineer is $200 per hour. That applies to all preparation time, travel time, waiting time, etc. (The only exception is when extended travel is involved; then we charge only four hours during each day of extended travel.) Q. That's not enough. You should charge much more. A. That's all we charge. Maybe, if we were involved in a criminal case that involved keeping detailed written and photographic records, a chain of custody records, etc, we'd have to charge much more. Our experience, though, is that our commercial clients are not interested in pursuing civil remedies after they discover that their privacy has been breached. Among the reasons that they are reluctant to sue their enemy are: the immense difficulty in proving who did it, the adverse effect that public dislosure would have on public confidence in the company and on the value of its stock, and the perfectly human reaction of wanting to keep such embarassing information quiet. Further, some of our clients are very prominent, and they are wary of that kind of publicity. The major "finds" that we've been involved with all resulted in no publicity whatsoever, and we're not going to "leak" anything because we intend to preserve our reputation. Q. What are the cordless telephone frequencies, and what type of monitoring device would be adequate to scan those frequencies? A. The new cordless frequencies are: Channel # Base Frequency Handset Frequency 1 46.61 49.67 2 46.63 49.845 3 46.67 49.86 4 46.71 49.77 5 46.73 49.875 6 46.77 49.83 7 46.83 49.89 8 46.87 49.93 9 46.93 49.99 10 46.97 49.97 As to the type of device you would want to use to listen in on these frequencies, you used the right word in your question; you would probably choose a modern scanner. There are many good ones on the market, and they are much lower in price and easier to use than a surveillance receiver. Be sure to get a modern scanner with a synthesizer, and not one which requires crystals. Also, check the frequency coverage; some of the manufacturers leave out coverage of some of the interesting bands. If you don't know where to turn to find this equipment, drop a note to Monitoring Times, 140 Dog Branch Rd, Brasstown, NC 28902; and we're sure that editor Bob Grove will send you a sample copy. PRIVACY GUARANTEED! Remember when Cose Technology first ran the ad with that headline? Sure got a lot of people's attention. Now we have companies like American Express, XEROX, and Gulf Oil all selling the Phone Guard from Cose Technology and saying that it will protect you from telephone taps. Interesting legal question. If you buy it and rely on the seller's claims, and somebody taps your phone, steals your secrets and puts you out of business; can you sue the seller for damages? Simple fact. Phone Guard will not detect even a simple tap. 'Nother question. Why do companies with international reputations to protect make claims without making even a small effort to find out if those claims are valid? OUR INTERESTING LANGUAGE When someone engages our professional services, we call him a client. He pays us. We perform some service for him. Social workers call welfare recipients "clients". In that case the client doesn't pay; he gets paid. And nobody performs any service for anybody. Oh well. YOGO During the first year of publishing this newsletter, we began numbering its issues with a coined word (actually an acronym), YOGO. When no one inquired as to the meaning of that strange word we challenged readers to guess its meaning, and Dennis Steiauer of NBS was the winner, saying, "Considering the content and flavor of your letter it has to be Year Of George Orwell". YOGO continues in the masthead as your editor's way of trying to remind you of the messages in George Orwell's books. If you have not read them, we urge you to drop in to your public library, and get started. As you read, think about the events that you see happening in this world and this country today. George Orwell saw the future, and wrote about it with amazing clarity. He saw Newspeak and Big Brother coming, and all of us should take heed and be watchful. (See our segment on Big Brother elsewhere in this issue.) BIG BROTHER A seer, commenting on hackers and crackers in a recent publication, said: "What I can forsee is a Government examination on the use of computers before you're allowed to use one. An examination that goes into the do's and don'ts so that if you elect to violate the law and get caught, you won't be able to say "Hey! I didn't know." And I can see much tighter controls on modems too, with Government agencies freely tapping in to monitor and dropping in on violators to confiscate their equipment." The seer is Byron G. Wels, editor of Computer Digest. Yes, the very same one who called hackers morons, thieves and criminals in earlier editorials (COMSEC LETTER, YOGO 1.08). This man certainly has some interesting ideas. We're especially impressed by the fact that, every time he used the common noun "government", he capitalized it -- not all nouns, just that one. We think someone who thinks like this deserves a forum, and he's been invited to participate in a panel on hackers during COMSEC EXPO '85, December 17 & 18 in Washington, DC. Considering the fact that representatives of government and industry will be participating, along with some hackers, Mr. Wels will have an excellent chance to expand on his ideas. He could, for instance, outline what kind of training each of us will need before we take that examination before we qualify for a government permit to use a computer. He could be more specific as to who must pass the exam. Will it be all operators including the kindergartners who play games on their families' Commodores? Will all operators of all main frame terminals be required to pass his exam in order to retain their jobs? Of course, the one thing we're most anxious to learn about is "Government agencies freely tapping in to monitor". Mr. Wels can explain to us what he intends to do about our Constitution so that his Thought Control agents will not be hampered in their activities. And, last but not least, Mr. Wels can explain the definition of "violator" so that we'll all be able to understand what it is that is being transmitted over telephone lines that characterizes the sender as a violator. P.S. He has received an invitation, and has agreed to appear on the Hackers and Phone Phreaks panel. We're looking forward to it! ANI Stewart Glickstein has passed along some more ANI information which we pass along to you. First, he calls the service "Annabelle", or maybe it's spelled "ANIBELL'. Anyway, he says to use the service in most parts of Florida you dial "200" or "300" (sometimes a "1" is needed first) and seven digits. Thanks Stewart. Anybody else have anything to pass along? CONVENTIONAL WISDOM Recently we looked through some of the literature which is sold to provide information on this technology, and, as usual, we were appalled. One Rube Goldberg circuit had twelve or fifteen components in it and performed the function of a single-pole, single-throw switch (which, of course, was included in the bunch of components anyway). This particular book made a great thing about emphasizing the need for "impedance matching" when connecting to the telephone lines. Hoo Boy! It even showed a "matching transformer" matching 900 ohms to 900 ohms! For any reader who is not versed in electronic theory, let us just say that the idea that it is necessary to match impedance when tapping a telephone is a lot of hokum. Yes, we're aware that comment flies in the face of a lot of what has been taught to government technicians; but it is, nevertheless, true. Someday we'll prepare an essay on impedance, and impedance matching; but, for now, let's just say that when you tap a telephone line you want an impedance mismatch of the highest order. LETTERS W. Bonham of Central Wisconsin Detective Agency in Wausau responded to our comments on the use of freon as a letter bomb detector in our YOGO 1.08 issue. "I would like to offer, from my experience, the benefits and caveats of utilizing freon. On the positive side, the process of using freon in a spray method on letters is beneficial, but the saturation is extremely difficult and is somewhat hazardous as exposing your skin to a 'freeze burn'. The amount of saturation is also important, as not enough freon in an area over a letter will not allow a very good view, and it evaporates so quickly that it diminishes the exposure of the contents of the letter. "Some of the negative aspects of using freon on letters are that some envelopes contain a double inside which, even with the use of freon, will not allow the person to see what is inside the letter. "Concerning the use of freon on a package, I doubt whether this is feasible at all, unless the package was submerged totally in freon, and I don't know how an individual would do that. "Again, speaking from my experience, in case of a suspected package, probably the safest avenue to pursue would be to have it X-rayed. "Again, even handling the suspect letter or package could prove to be hazardous in itself." COMSEC EXPO '85 Mark your calendar. Sheraton Washington Hotel, December 17 & 18, 1985. Two days of panels, demonstrations, and exhibits relating to Industrial Espionage Countermeasures, COMSEC/encryption, and Investigations Technology. All aspects will be covered including physical and electronic access control and security, tradeoffs in equipment capabilities, government-industry interface, sources of information and equipment, and many others. Demonstrations will include hackers, computer bulletin boards, and data base utilization. Panelists are qualified, and each panel has been balanced so that you'll hear differing points of view. This is the first annual meeting of the Communications Security Association, and it looks like it will be a dandy! TO PONDER "The Moving Finger writes; and, having writ, moves on; nor all your piety nor wit shall lure it back to cancel half a line, nor all your tears wash out a word of it." TECHNOLOGY THAT WILL NEVER BE ACCEPTED In IEEE SPECTRUM, under the heading "No more fish stories" is a report of a computerized fishing pole. Microprocessor controlled, the system measures things like the pull on the line and the bending of the pole. Properly calibrated, it will report the weight of the fish caught and the length of the fight to bring him in. Some fish story. MORE WORDS IEEE SPECTRUM offers some new words to add to our vocabularies. With reference to telecommunications they tell us that if POTS stands for Plain Old Telephone Service, PANS should stand for Pretty Amazing New Services. They also enhance our knowledge of language used in banking circles by explaining that POYs are Parents of YUPPIES, GUMs are the Great Unwashed Masses, and HICKs are Hobbyists and Inner City Kids who make up about one third of the active modem users. (Banks are concerned about what the HICKs might do to them -- and they should be concerned.) LET'S VOTE In a recent letter in IEEE SPECTRUM the writer points out some of his pet peaves in spoken technical language. One of those is his assertion that giga (as in gigaHertz) should be pronounced with a soft "g", as in gigantic. He may be precisely right, but we'll stick with the hard "g". We just can't imagine someone saying, "That signal is on 2.2 jigs." We also like the way our techs refer to picofarads as "puffs", and we intend to continue to use "gigs" and "puffs" because their use, in our opinion aids communication. What do you think? November, 1985 EDITORIAL: SHOULD WE CHANGE THE NAME OF THIS LETTER? This is the next to last issue of the second year of COMSEC LET TER. During these two years, we have tried to present balanced material on good communication and on the protection of communica tions. However, one thing has become apparent during these two years: we cannot separate communication from information from com puters from communication. They are wound in a tight bundle, and we believe that we must address all of these areas if we are to properly provide privacy protection guidance/advice/leadership. In this regard, the first annual meeting of the Communications Security Association, dubbed COMSEC EXPO '85, generated additional comments relating to the name of the association and to the name of the show. These comments were triggered primarily by the fact that "COMSEC" is a word that has been used by the military for a long time, and it has come to mean a very specific segment of the whole area of protection of privacy. This letter and this associa tion, on the other hand, address the overall field of protection of privacy. That is, in addition to communications, we're also interested in protecting data in storage and data in transit. Accordingly, we're thinking of a name change. CIC SECURITY comes to mind. CIC, of course, to many of us means Counter Intelligence Corps and that would lend a certain air of mystique to the publication. Seriously though, the letters stand for Communications, Information, and Computer. Maybe C.I.C. or C2I could be used. Maybe some other combinations are better. How about "Privacy Protection Letter? Protection of Privacy Let ter (POPL)? We're reasonably sure that we don't want to call it the Computer and Communications Security letter (CCS LETTER, for short). Maybe we should just stay the way we are. Maybe we'll announce another contest. Please call or write with your ideas. WELCOME Welcome to all who joined the Communications Security Association at the COMSEC EXPO '85 conference. (A part of your attendance fee paid your first year's dues in CSA, and a subscription to this newsletter is one of the benefits of membership.) We hope that you'll find the letter informative and useful, and we hope you'll send us your comments. Your editor likes feedback. (Read the FEEDBACK segment in this issue for an example.) As a new reader, you'll probably immediately react to the fact that the November letter is coming to you in January. Well, that's right. Your editor got involved in too many things and this letter fell behind schedule. We hope to be back on schedule in January, and we have confidence that we'll be able to do it. Stay tuned. COMSEC EXPO '85 General Looking back, we don't really understand how a few volunteers and Galaxy Conferences managed to put on such an event with so little time for planning and promoting. Yes, of course there were many glitches and communications lapses, but let us quote one of the exhibitors: "It was a good show. Sure some exhibitors will gripe, but don't pay any attention to the naysayers. We were prepared, and we did well. We'll be back next year for sure." Overall, the consensus seems to be that it was an outstanding meeting for a first meeting. The one common gripe (which is really a nice compliment in a way) was that the people attending the panel sessions did not have enough time to spend in the exhibit area. They wanted to visit the exhibits thoroughly, but found they could not decide on a panel to skip to make time for the exhibits. In fact, the most frequently heard comment was praise for the quality of the panelists, and the quality of the audiences. Panelists were true experts with the ability to organize their thoughts and to articulate them well. Questions from attendees were thoughtful and indicated a high level of understanding. Volunteers The volunteers, whose great efforts in planning and managing assured the success of this show, are: Program Chairman: Tom Simpson Track Chairmen: Track I: Bob Bryant Track II: Ric Blackmon Track III: Jack Reed Special: Paul Bowling Panels One of the panels that your editor participated in was the Title III panel, and during that session we were treated to an analysis of the laws relating to eavesdropping and recording by Barbara Ann Rowan. She did an excellent job, and many favorable comments were heard from the attendees. (By the way, the updated version of Bar bara's book, "Handbook on State Laws Regarding Secretly Recording Your Own Conversations" will be available Jan 31 from Independent Hill Press, POB B37, Alexandria, VA, 22314. $15.00.) The other panel that your editor participated in was the two-part affair on technical surveillance countermeasures. Again, comments by the attendees were very complimentary. From the point of view of the panelists, we all were impressed with the level of knowl edge of the people asking questions. Many folks have commented on the Hackers and Computer Crime pan els. We've heard that the different points of view expressed were well and forcibly expressed and that the panelists really got everyone's attention. -- What different points of view, you say? Well, we heard that Byron Wels took the position that hackers should be locked up in prison, and that the hackers disagreed. Your editor heard only the end of the computer crime panel, and thoroughly enjoyed the contrast between George Caldwell (Bell Atlantic Security) and Ian Murphy (Captain Zap); and especially appreciated the depth of knowledge and professionalism of both men. Feedback on the panel on modern telephone systems again was very positive as to the competence of the panelists. We understand that modern systems were well described and that they also discussed the Horizon, Dimension, and Merlin possible weaknesses. The panels in the Investigations Technology Track were well attended, and generated a lot of comment. Jack Reed, who was in charge of that track as Track Chairman, suggests that each panel ist should have at least 30 minutes next year for his presenta tion. Jack also suggests two panels on optical surveillance next year. He especially suggests more hands-on demonstrations. (We're all in favor of that. In fact, that was one of our guiding principles when we defined this conference, namely a minimum of theory and conjecture and a maximum of practical, down-to-earth nuts and bolts information. Unfortunately, a lot of the material which was prepared to guide the panelists was never provided to the panel ists so each panel chairman was pretty much left without guidance as to ideas, thrust, and desired content.) Those people who attended our bonus sessions were laudatory about what they had seen. Unfortunately, our communication system left a lot to be desired, and many people were not aware of everything that was available to them. Paul Bowling was in charge of the "Special Track" (bonus and early bird sessions), and he has sug gested some techniques and some equipment which can be used to make the computer screen information more accessible to more people next year. The early bird sessions also suffered due to our lack of good communication to the attendees. Actually, they were open to every one, including those who registered for exhibits only, but that word just didn't get out to everyone. Exhibits We noted that traffic in the exhibit area dropped off in mid- afternoon, and we attribute that to the preponderance of local people attending the exhibits only -- and, of course, they want to miss the awful evening traffic rush if they can. Next time we'll offer something special for them to try to hold them a little longer so that they'll be tempted to wait until the evening rush hour has tapered off. Also, we will be allowing more time for conference attendees to visit the exhibits. One of the most popular exhibits was a simulated "shoot out" with loud sound effects. (It was popular with everyone but the adjoin ing exhibitors, that is.) CSA Organization The Communications Security Association hosted a luncheon for members at which a start was made on assignments to various organizing committees. Arnold Blumenthal is in charge of getting things underway and is looking for help on the membership, activities, by-laws, and local chapters committees. If you'd like to get involved, call or write. Much help is needed. You can reach Arnold at PTN Publishing Company, 101 Crossways Parkway West, Woodbury, NY 11797. 516-496-8000. Next Year Plans are underway for next year's meeting, and your comments are solicited. TYPOS THAT GOT INTO PRINT It's really embarrassing -- especially when you consider that this is a letter dedicated to communications security, with heavy emphasis on the need for creating good communications before expending effort to try to protect those communications. Boy, have we let some typos slip through! We wrote: "now being defined" (relating to a new seminar offering); we printed: "not being defined". Last month's error is even worse. Somehow an errant "not" found its way into a sentence relating to impedance matching; and, of course, made the whole sentence wrong. Let's try again. It should have read: "For any reader who is not versed in electronic theory, let us just say that the idea that it is necessary to match impedance when tapping a telephone line is a lot of hokum. ... when you tap a telephone line, you want an impedance mismatch of the highest order." More on this in a technical essay later; but, for now, apologies to all who wondered. There is no mystery in how these things get through. It's simple; your editor is the world's worst proofreader. However, all is not lost. Somehow we're going to lick the incompatibility problem between our computer and the computer in the firm that does our typesetting. After that problem is taken care of, there will no longer be a need for all of our material to be rekeyboarded -- whatever exists in our file will be transmitted electronically to their equipment. FEEDBACK From Jim Samuels: "Dear Security Ass, I would love to go to your COMSEC '85, but you sent me the info 5 days before the date to be there. I have no time to set up air, time off, mail payment, etc. Please, if you are going to have something, give me more than 5 days notice. Our answer: Of course, Jim is right. He should have had many MONTHS of notice before the date of the event. To anyone who was disappointed by our late notice: our apologies. It was not by design. We tried to do too much too fast, but we had a good show despite our late start. We promise to do better next year. COMMUNICATIONS SECURITY ASSOCIATION, MEMBERS-ONLY NEWSLETTER The Board of Directors has decided that, starting in January, the COMSEC LETTER will be available only to members. Subscriptions currently in force will be honored, but no further independent subscriptions will be accepted. Thus, this letter becomes the organ of the association. Membership dues are $50 per year (special rate for students: $10). CSA, 655 15th St. #320, Washington, DC 20005. NEW (OLD) FORMAT To try to catch up we're skipping the typesetting process for the next few issues, and having the output of our printer printed. Won't look as nice, but we'll sure get it out faster. Stand back! December, 1985 EDITORIAL In the first two years of publishing this letter we have tried to provide practical, usable information to assist our readers on the road to good communications and the protection of their privacy. This issue is only 2 pages instead of the usual 4, 6, or 8 pages: but it may well be the most valuable of all of the letters because it contains two segments which can be of immeasurable importance. First, if you are using, or contemplate using, a Horizon, Dimen sion, or Merlin telephone system, you should read the segment entitled, "POSSIBLE WEAKNESSES. DIMENSION, HORIZON, MERLIN". If the information which has been given to us is true, every one using one of these systems is in jeopardy. If the informa tion is not true, it's all a tempest in a teapot. In either case, as free citizens of a free country, we are entitled to know the facts. Second, as free citizens of a free country, we should be aware of what our federal legislators are proposing in the bills entitled "Electronic Communications Privacy Act of 1985". These bills, if enacted, would remove all protection of oral communications. These bills, if enacted, would make it a crime to receive what is being broadcast on certain frequencies. These bills, if enacted, would make a shambles out of the law relating to telephone taps. POSSIBLE WEAKNESSES. DIMENSION, HORIZON, MERLIN It is possible that these telephone systems represent the great est threat to privacy that this country has ever faced. We have been told that these systems, in some configurations, can be reprogrammed remotely. We have been told that a CIA study details these weaknesses. At present, we are trying to collect enough information so that we can conduct some tests. It has been said that one can remotely monitor activity on a spe cific line by accessing the computer's maintenance line and giving it the proper commands. (REMOBS without having the exchange equipped for REMOBS.) It has been said that it is possible to turn on a telephone's hands-free feature by accessing the computer's maintenance line and giving it the proper commands. It has been said that by accessing the computer's maintenance line and issuing the proper commands, we can cause it to dial a second number every time the user makes an outgoing call. If these allegations are true, these systems represent a horrendous threat. If any agency of our government has evaluated these systems and discovered that these weaknesses do indeed exist, that agency has an obligation to make their findings public immediately. If these weaknesses do exist, you can bet your bottom dollar that some very smart people who don't worry about laws, have already discovered it, and are using it daily for their own purposes. ANOTHER THREAT, THIS ONE FROM OUR LEGISLATORS The Electronic Communications Privacy Act of 1985 would outlaw almost all radio listening other than commercial broadcasts, CBs, hams, and a few other categories. This, despite the fact that when something is transmitted by radio, there is no way to control who receives it. Congress can pass a million laws to the contrary, but it cannot change that fact. Propagation of radio waves is not amenable to control by man-made laws. (And Congress looks mighty silly even discussing such laws.) Readers of this letter who are concerned about Big Brother are urged to check into this situation. Can you imagine that listening to what has been broadcast on certain frequencies would be a crime? Supposing you had a not-so-good receiver, with lots of images, and one of those images happened to be a forbidden frequency.... There you go, off to jail just 'cuz you had a receiver which had poor image rejection. (And we wonder how they think such a law could be enforced!) Further, in their effort to improve the old law (PL 90-351), our legislators have removed all protection which had existed regard ing oral (that is, face-to-face) communications. It used to be that you were protected from someone leaving a hidden recorder in your office, or home, or bedroom or whatever; but, if this bill is enacted, you will no longer have any such protection. Then there's the old bugaboo, the definition of "intercept". According to the dictionary, it means to capture something between sender and intended receiver, thus preventing that something from reaching the intended receiver. Well, telephone taps do not pre vent the information being transmitted over telephone lines from reaching the intended receiver. All they do is to allow someone to record or listen to the material being transmitted. The tap does not intercept, it merely eavesdrops. So our legislators wrote their own special definition of "interception" into the old law, defining it as the "aural acquisition" of the material being transmitted. This simply means that a human hears (with his ears and auditory nerves and brain) that which is being transmitted. (As a matter of fact, it does not even specify that a human must "aurally acquire"; could be a dog or cat or cow or ???) However, this definition was too much for even the people who wrote it to understand. Now they say their law does not pro tect data because data is not speech. Shoot! Data is transmitted out of the modem as a series of tones, which are in the range of frequencies that can be heard. Therefore, "aural acquisition" is possible, and so data transmissions are protected regardless of the mindless repetition of statements to the contrary. You should ask your Congressman or Senator to send copies of this bill(HR 3378) and also the senate version (S 1667). (Also, get a copy of PL 90-351, because the new bill simply substitutes words and phrases in place of words and phrases in the old law. -- Takes a lot of effort to determine just what they intend to become the new law. D'you suppose they did that on purpose?) COMMUNICATIONS SECURITY ASSOCIATION, MEMBERS-ONLY NEWSLETTER The Board of Directors has decided that, starting in January, the COMSEC LETTER will become the official organ of the association. Subscriptions currently in force will be honored, but no further independent subscriptions will be accepted. Membership dues are $50 per year (special rate for students: $10). CSA, 655 15th St. #320, Washington, DC 20005.