ComSec Letter Volume VI, Number 1 YOGO 5.01 January, 1989 Prepared and Edited by James A. Ross ****************************************** SIXTH YEAR! This is the first issue of the sixth year of the ComSec Letter. Because it is a critical time in our growth, I am bumping a very important topic to page 2, and starting with something more personal __ something vital to the life of the ComSec Association. TURNING POINT I have been the president of the this association since it was formed in 1984. This long tenure is not by choice. As the old joke goes, it's by default ---- default of defact that nobody else has stepped forward to take the reins. Well, it's time. We need some new blood at the helm. As our next president we need, in my opinion, a leader who is a security professional but not a specialist in communications security. Also, we need to hire an executive director to manage the day-to-day activities, and to oversee our growth. (I've interviewed excellent prospects.) In order to get this process started, I'm asking you to send in nominations for the three vacancies on our board of directors. (You may nominate yourself.) (Biographical information needed also.) We do not yet have strict bylaws, so we can run a legitimate election on an ad hoc basis. The board will then elect officers. For the time being I'll continue as the editor of the ComSec Letter, but I'm looking forward to the day that we have decent cash flow and can hire a real editor. As usual, I'd sure like to have your ideas on all of this. I'm ready to discus any aspect with any member. Call me. Gosh, I'd love to have a caller say, "Ross, I'm a tiger, and I'm going to run for president so that I can make this association into a world force." Are you out there tiger? *********************************************** The ComSec Letter is the official organ of the Communications Security Association. Membership in the association is open to all who have an interest in communications security. Dues are $50 per year for individuals, and the membership year ends September 30. Life memberships are available for a limited time at $500. Corporate memberships are available; full information on request. *********************************************** DISA ABUSE AND THE WAR ON DRUGS Last month we passed along the information that a company had been ripped off for more than $50,000 in eight days by outsiders making overseas telephone calls through its DISA facility. This month we'll add some information and a new dimension. First, to review, one company with four trunks available for access through DISA (Direct Inward System Access) found that the language being spoken over their facilities was not English. The reason that they listened is that an executive had been unable to access the system for days and complained. Good thing he did or they would not have been aware of the theft until the bill came in. As it was, they lost a lot of money through theft of service. It is our considered opinion that these calls were made by and to people involved in illegal drug business. That conclusion is based partly on our knowledge of other theft-of-service calls which were definitely involved with drugs. Also, in this case, we considered that all of the calls went to the same country, Pakistan, which has had a problem with drug smuggling. Finally, because of the high level of usage of the available trunks, we rejected the idea that these were merely homesick students calling home through some hacked access codes. True, we were predisposed to believe that these calls relate to the illegal drug trade. However, we believe that our conclusion is accurate, namely that the abusers of the system were drug dealers. Now let's consider some more information, and see what conclusions we draw from it. The Pakistani Embassy, even before our December letter was published, had inquired of us as to how they could use modern telecommunications technology to investigate illegal drug trafficking. When we told them about the $50,000 worth of calls to Pakistan in eight days, they were not certain that drug smuggling is what was being discussed on those calls. However, they are concerned, and asked our help. Accordingly, we have provided to the Pakistani government a list of all of the numbers that were called in Pakistan. (If I were an investigator, I certainly would appreciate starting my investigation with a list of telephone numbers of probable suspects.) Now, how about the US government? What has the reaction been by our own people responsible for investigating drug smuggling? From where I stand, it looks as though the response has been zero, maybe less than zero. The company asked for help from AT&T and from law enforcement, and has essentially been ignored. This newsletter has provided information about this theft and possible drug connection to a list of folks interested in communications security, including many in law enforcement, but we have yet to hear a peep from anyone in our government. Hey! Wait a minute! What happened to the war on drugs in the USA? Is the Pakistani government sharper than the US government? THE WAR ON DRUGS, WHAT CAN WE DO? FIRST If your company has been burned through illegitimate DISA access, please contact me. Let me have the details. CDR printouts are best. Please send them along, but block out any information that would identify your company. I will not reveal the identity of your company without your permission, but I'm volunteering to be a data repository. Let's collect a lot of real data, and see if we can't make a difference. I see great benefits for government investigators in getting access to this information. Also, there is some slim chance that there might be some recompense for the companies that have had to pay for the telephone calls of others. Its worth a try. NEXT If you have any influence with anyone in our government who could wake up DEA or FBI (or whoever) to the golden opportunity that awaits them when they begin to cooperate with US business, then please do it. The situation is that it is in their own self-interest for these companies that have been burned to cooperate with law enforcement in tracing the calling numbers. Maybe, just maybe, they can recoup some of what they had to pay to their long distance carrier or 800 supplier. Law enforcement, on the other hand, by cooperating with these companies and the long distance carriers, would have the benefit of knowing the telephone numbers of probable active US drug dealers. A THOUGHT ABOUT PROCEDURE It seems to me that the FBI (or DEA, whoever is responsible) would be pleased to cooperate with companies that are being burned. Maybe a system could be set up whereby a company does not shut down its system but calls for help as soon as it discovers DISA abuse. Then the appropriate law enforcement entity would immediately agree to pay for feature group D and all illegitimate calls in order to collect the telephone numbers of suspected drug dealers. Don't laugh. How much do they spend on sting operations? How much did they spend to catch some futures traders in Chicago? How much would it cost to pay for feature group D so they can have the identity of all calling numbers? How much would it cost to pay for the LD charges to drug smuggling countries? Let's compare these costs, as a businessman would, to the cost per lead in current drug dealing investigations. I think that the cost would be peanuts compared to what they spend on other programs. CISA? More and more, it becomes apparent that communications security is intertwined with information and data security in the modern age. Therefore, it has been suggested that we change our name to "Communication and Information Security Association". What say ye? SURVEILLANCE EXPO '89 It looks as though this event will take place in Washington, DC late in '89. The ComSec Association will be a co-sponsor and other organizations are invited to inquire about becoming co-sponsors. Also, if you are interested in talking on any related subject, give us a call, and we'll see that the organizers contact you. We'll keep you advised of progress through this letter. CINCINNATI WIRETAP SCANDAL Perry Lyle sent us copies of some newspaper clippings which indicate that there is an interesting new twist in this affair. (Thanks Perry.) The city attorneys have succeeded in having some of the depositions of some of the police officers sealed. This has upset the Mayor, among others. Normally such information is available, but in this case the prosecutors say that it deals with "sensitive and confidential areas of investigative activities". It seems that they are concerned that the public might learn that police tap telephones. From our perspective, we suggest that it would be a good idea to wake everyone up to the fact that a phone tap is a very simple procedure, and not just legal taps are put on telephones. HO, HO, HO Keith Flannigan of Atlanta sent some interesting information. A specialty retailer in a large shopping center felt that certain competitors were taking advantage of him during this past Christmas season. So he hired a sweep, and ... Voila! There hanging on the store Christmas tree was a Santa decoration with a radio transmitter inside. Our thanks to Keith, and Seasons Greetings to the grinch. STANDARDS Some of us have been attempting for some time to get some standards adopted in the field of TSCM. In the area of terminology, I think that each time we hear a term we don't recognize, we all should ask the speaker to define it. As you know, some people try to impress by using words they don't understand; let's pin 'em down. If you learn any new terms, please pass them along. Thanks. ComSec Letter Volume VI, Number 2 YOGO 5.02 February, 1989 Prepared and Edited by James A. Ross ****************************************** SIXTH YEAR: WHAT'S BEHIND, WHAT'S AHEAD? In January, 1984 this letter started as a freebie to everyone on the Ross Engineering mailing list. During those days, it was printed on a dot matrix printer, reproduced on a Xerox in the Ross family dining room, collated, stapled, folded, stuffed, addressed, and hauled to the post office by family members. Complainers were easy to handle; we just told them that we'd refund every penny they paid for the subscription! During that first year, Arnold Blumenthal of PTN Publishing suggested that we make the letter into the vehicle for starting the Communications Security Association. After considerable discussion among security professionals, we did just that. In addition to offering the letter by subscription, it was mailed to members of the newly-formed CSA. In 1984, 1985, 1986, 1987, and 1988 we put out 10 issues per year (with a short hiatus while we were first recovering from injuries sustained in an auto wreck). It was usually four pages, once six pages, once a monster eight pages; and one time we only managed to get out two pages. (We were in a hurry to get something out to garner some support in our effort to make Congress make sense out of their gobbledygook ECPA of 1986). Your editor is aware that the letter has so far been without glitz, and we apologize for the "plain-jane" look. However, we'll never apologize for its content. Sometimes irreverent, sometimes with a touch of wry humor, but always honest; the facts and opinions in this letter have always been intended to enlighten. So, back to the heading: "What's ahead?" Gradually, as our finances permit we've been upgrading our hardware and software, and we recently added a scanner so that we'll be able to run schematics, drawings, pictures, etc. That will happen as soon as we can buy a new laser printer with Postcript capability. Also, we expect soon to again offer the letter by subscription. Our plan is to expand to at least 16 pages monthly, with more original and submitted content, letters, ads, etc. Your comments, as always, are solicited. *********************************************** The ComSec Letter is the official organ of the Communications Security Association. Membership in the association is open to all who have an interest in communications security. Dues are $50 per year for individuals, and the membership year ends September 30. Life memberships are available for a limited time at $500. Corporate memberships are available; full information on request. *********************************************** CCS IS NO MORE????? We received a call from Don Miloscia, who said that he's a retired US Marine and the president of Surveillance Technology Group. He called because he read that my company is looking for a telephone scrambler, and he said that he has just what we need. The shocker in the conversation came when he advised that he had bought CCS. That's right, he said that CCS is no more. He's the owner, and "....changes have been implemented across the board". It's really hard to imagine this world without CCS. For one, I'll miss those full-color brochures with fantastic claims and those ads in the airline and credit card magazines. Ah well, the passing of an era. Or is it? .... Your comments are solicited. CREDITS We've neglected to pass along our thanks to contributors for so long that we have a whole letter tray full of material. So let's start making up for lost time. What's on top of the heap? Well, Tim Wilcox of Indianapolis and Art Levaris in Maine passed along the ANI numbers for their areas. (In Maine it's 220, and in Indiana it's 7999.) Also, Ed Steinmetz called with good information about digitized encrypted phones. His information is valuable because he's listened to them and reports that the higher sampling rate phone systems have much better voice quality than the earlier 2400 baud units. Our thanks to all who have written, and we intend to work our way through all of the back submissions. INTELLIGENCE IN BUSINESS We're indebted to one of our regular anonymous contributors for a copy of a speech made by a retired intelligence officer to a convention of people with the same background. I really got a chuckle out of it. What a speech! Here's a man who probably never met a payroll in his life, talking to a group whose members probably share that same lack of business experience, and what does he say? Why, he tells them how great it has been for the business community since the whiz kids from the pentagon lectured at the Harvard Business School, and taught them all about the value of intelligence. Wow! How does he suppose that those businesses prospered before their enlightenment? Does he really think that they had been ignorant of the value of intelligence? Further, can you imagine any competitive business that could even stay alive if they burned money on intelligence activities the way governments do, and received so little in return? Frankly, I like Jay Lubkin's assessment of the whiz kids better. I don't remember his exact words, but it had to do with their insistence that everything had to be purchased at the lowest offered price. As Jay said, "They never did figure out that the oats had a different value before and after the horse used them." VIRUS (WORM?) FEVER Boy, the press has sure been full of information and misinformation since that fellow Morris introduced that worm into some systems. Some comments from our observation post seem to be appropriate. Even though we make no claim to being expert in this field, we have confidence that these thoughts are valid. First. It was not a virus. Our knowledge of such things is limited, but we understand from reading some experts that there is a big difference between a virus and a worm. It is our belief that this was a worm because, after entering a system, it replicated itself until memory was full; but it did not destroy or damage any resident files. A virus would have eaten up all of the files on all of the infected systems. Next. Published reports are saying that it did ten million dollars worth of damage because of the time wasted to fix the affected systems. I somehow feel that that number is being bandied about because it is the largest number that any of the reporters have heard, and, of course, each one of them can't stand the thought that someone else might report a higher number. Does it stand up to analysis? I don't think so. Each of the systems reported some loss of time but they were all functioning within days at full speed. I personally think that improper placement of some lane barriers on I-270 (that's one of the main routes into DC from the north used by commuters) caused more lost time by several orders of magnitude. The worm may have amounted to a few hundred man hours of non-productive time, but the 270 fiasco wasted thousands of man hours daily for several months. This is a fascinating subject, and next month we plan to offer some new ideas for combatting such problems. Stay tuned. FACSIMILE TRANSMISSIONS SECURE? Some folks have assumed that transmitting information by fax assures privacy. I guess they think that, because it's not a voice transmission, it can't be intercepted. 'Tain't so; never has been. A recent issue of the CII Councillor reported the results of some experiments by Gerry Linton of Calgary. Gerry recorded some fax transmissions from a phone line, and played them back into a fax, demonstrating that fancy equipment or techniques are not needed to eavesdrop on this mode of transmission. Of course, the same is true of data transmissions sent via modem over phone lines. If they are recorded, even on a cheap tape recorder, they can be printed out on another computer system. (Comment on my use of "eavesdrop" is coming next month.) HIT, WITH QUESTIONS Recently a transmitter was found in a Philadelphia area business. It seems that two partners had agreed to "unpartner", and the sweep activity was precipitated when one became suspicious of the other's special information about his activities. In any event, the installation was unusual. First, the frequency used is one used by DEA, I'm told. Next, the transmitter was powered by mains power. Also, the microphone and transmitter were separated, and, last but not least, the antenna was fed through a hole in the side of the building so it was mostly outside. These facts give rise to many questions. Was this an installation by a government man moonlighting with government equipment? Was it a former government man using some device that he "liberated" upon his retirement? Why the remote transmitter? (It had enough power to be detected by the simplest field strength meter, even at its remote location.) Why hang the antenna outside? Was the installer one of those who was taught that the antenna should be vertical if at all possible? Hmmm. There seem to be more questions than answers. Anybody have any valid information? NO MORE CSA BBS Well, it was a great effort by Ned Holderby. The fact that the board did not become a smashing success is in no way his fault. In case you don't know what I'm talking about, let me recapitulate. Last September our member Ned Holderby set up a computer bulletin board system for the ComSec Association. It was to be a meeting place for members, a repository of information for members, a source of information about the association for prospective members, and so on. He operated this BBS using his own time, equipment, and money for four months. Unfortunately, he set it up at a time when our personal computer facilities were in turmoil, and our travel schedule had us out of the office for all but eight days in its first three months. I never did log on, and did not properly promote the capability through this letter, or in any other way. So, the blame is all mine for the lack of publicity and use of the board. So, Ned, I apologize. It was a great idea and a great effort, and I'm sorry that I could not help to get it off the ground. OFF AGAIN This letter is being mailed late in February, and on the 28th we'll be leaving for Europe for two weeks. Frost and Sullivan is again sponsoring my seminar in London, and we plan to visit with manufacturers in four countries while over there. So look for the next ComSec Letter late in March. CUL. ComSec Letter Volume VI, Number 3 YOGO 5.03 March, 1989 Prepared and Edited by James A. Ross ****************************************** BOARD OF DIRECTORS MEETING The next meeting of the board will convene at 10:00 AM on April 29, 1989 at the Holiday Inn Crowne Plaza in Crystal City, VA. The primary purposes of this meeting are to introduce our Executive Director, David Schmidt, and to discuss plans for the future of the association. David has started work on a major membership drive, and is planning a ComSec Association conference and meeting for August/September. As is the case with all board meetings, members are encouraged to come and to participate. MEMBERSHIP CERTIFICATES Recently, we've heard from some members who have not received their membership certificates. In checking we found that the initial supply has been totally used up. Because of this, and also because some had expressed less than enthusiastic delight at the original design, we have started afresh. So, if you have not received a certificate, or lost it, or just plain don't like the original one, just drop us a line and we'll see that you get a new one as soon as they are ready. (If you're entitled to a special one such as Charter or YOGO Charter, please indicate that in your message. Thanks.) PHONE TO LOOK OUT FOR Doug Ralph and a few others have commented from time to time on telephone sets which have the speaker connected to the talk pair while the phone is on hook. This, of course, means that the phone is a room bug. In order to hear room audio all you have to do is connect to the pair with an audio amplifier. (Certainly makes the bugger's job easier, doesn't it?) In any event, I'm sure that there are many such telephone sets in use in the world, but our recent conference in Tampa identified one for us positively. The Northern Telecom model 2018 has the speaker across the talk pair while the phone is on hook. If you do countermeasures, look for it. Warn your clients. DRUG DEALERS OR ENTREPRENEURS? After the recent letter in which I commented that the $50,000 worth of calls to Pakistan in eight days were, in my opinion, made by drug smugglers to drug smugglers, we heard from an old friend. Fred Fisher, who works in security for NY Tel in Manhattan, called to opine that the calls were made through street vendors who make a great living (tax free!) selling long distance service on the streets of New York (among other places). (Fred even invited me to visit the Port Authority building to observe the action, but I told him I'm too chicken to even walk through that place unless I absolutely have to.) Anyway, as friends sometimes do, I didn't agree with him, and he didn't agree with me. He may be right. I know that stolen or hacked credit card numbers are being used every day by street vendors, but I think the pattern of the calls (on the printout that I have) relates to organized business. I don't think that so many calls going to the same number several times per day for eight days represent homesick students calling mamma. In fact, if you have the ability to do an analysis of the calling patterns, I'll send you a copy of the printout. What say? INTERESTING PRODUCTS DynaMetric, Inc. offers the COM-205 which is an adapter that connects to your telephone handset, and cuts it off when the handset is in its cradle. This could be an exceptionally valuable item, but it looks as though it would fit only the AT&T System 25 (etc.) telephones. Anyone who has tried it is invited to send along his evaluation. (In order to fully protect against the phone being converted into a room bug, of course, the speaker of the speakerphone would have to be removed or rendered inoperable.) MetroTel of Hicksville, NY offers the Digit Grabber in two models. Each displays the numbers being dialed on the telephone line to which it is connected. One sells for $250 and the other for $695 (no decimal points anywhere in there). HACKER ANTIDOTE? In our last letter we commented on the worms, viruses, and what-have-you that have been causing so many problems and promised to present an idea for combatting such abuse. So here's the outline of the thought. I wonder why I have never heard or seen anything which proposes an attack on hackers. That's right, tit for tat, or, as my grandmother used to say, "What's sauce for the goose, is sauce for the gander." Why should the legitimate, above-ground world sit passively awaiting the next hacker attack; why doesn't the establishment recognize that the best defense is a strong offense? My thought goes like this. In order for a hacker to infect another's computer, he must first establish two- way communication with it. In the process of establishing his bona fides he must provide information to the target, and answer its queries. Is it not possible for the target, if it determines that the caller is not legitimate, to feed it a real virus? And I mean a virulent virus, one which will eat up all of the files in the attacker's computer in seconds. And I do mean all of the files: program files, operating system files, you name it. I'm not a hacker, nor even experienced in this field. However, in the world that I work in, I regularly see the bad guys taking advantage of the good guys' gullibility. Let's turn the tables; cause the hacker to make his system accessible to the target computer and introduce a short and sweet virus. Unethical? I don't think so. I've been following reports in the press about a situation that I think is analogous in our neighboring state of Virginia. They were vexed by the fact that some motorists were evading radar speed traps through the use of radar detectors in their cars. First they tried confiscating radar detectors, but they learned that in this country troopers are not allowed to be judge, jury and executioner. Next, they simply made possession of radar detectors a crime, but that was cumbersome, and would probably have been shot down in court. So now they've finally gotten smart. They have received FCC permission to set up unmanned oscillators along the roads, radiating on speed radar frequencies. This creates frequent false alarms on the speeders radar detectors, and will eventually make them worthless. Pretty shrewd, I'd say. I think turning the tables on hackers is a similar situation; it is giving them a dose of their own medicine. What do you think? ON WORDS, ANOTHER QUESTION Even though I know that it is not the right word, in a recent letter I used the word "intercept" in referring to an electronic eavesdropping system. I do not like to use that word in this context because it means (as it does in football) to seize something between the sender and the intended receiver, preventing its arrival at the intended destination. Electronic eavesdropping, except in the case of very sophisticated spooking at the government level, does not prevent the unaltered message from arriving at its intended destination. Barbara Rowan doesn't like the word eavesdrop because it originally described someone standing next to a thatched-roof dwelling, inside the line of rain dripping from the eaves, in order to be able to listen to conversations taking place within the building. I don't like it because even today it seems to imply live listening to human conversations by a human; and that omits radio transmitters, tape recording, and other significant electronic eavesdropping techniques. Can't we find a better, more accurate word -- one that conveys the exact meaning? How about it. Any ideas? CINCINNATI BELL TAP SCANDAL Our thanks to all who have been sending clippings. Please keep them coming; it's a fascinating story. All information that we get is valuable, so, if you have some, please call, write or fax it to us. (You can reach me on the Ross Engineering fax: 301-874-5100.) In the latest chapter in this saga, the city has hired a private investigator to study the allegations of wholesale illegal phone tapping by Cincinnati Bell employees under the direction of police and Cincinnati Bell officers. The investigator, John Baber of Business Risks International in Chicago, will be paid $75 per hour with a cap of $25,000 to look into the affair. At this time the investigator is limited in what he can see because Bell has asked the court to seal all records that have been turned over to the court and all depositions taken in the case. Well, we'll stay tuned, and pass along whatever information that we can in this landmark case. DOWN-UNDER BUGS Thanks to Michael Dever for sending along a bug catalog from Australia. Your editor is no expert on Australian law, but it appears from a quick reading that the use of radio bugs is not prohibited there. Creating radio interference is proscribed, as is breaking and entering, trespassing, etc., but possession and use of radio bugs is not. (If you're interested, the catalog has a price tag that says $3.25 which I would guess to be Australian dollars. The address is: Talking Electronics, 35 Rosewarne Avenue, Cheltenham 3192, Victoria, Australia.) BELATED THANKS This latest submission from Australia reminds us to send a long overdue "Thank You" to Dr. Jacqueline Morgan of the New South Wales Privacy Committee. Some time ago she sent us a copy of their annual report, and we found it to be fascinating reading. The difference in laws makes some of the details seem strange, but they certainly do valuable work in examining and reporting on various aspects of privacy. Some topics considered were: a national identification scheme, telephone interceptions, confidentiality in AIDS testing, credit bureau reports, confidentiality of personnel files and deletion of criminal conviction records. We live in different hemispheres with different laws, but we certainly have similar concerns. Again, our thanks to Jacqueline Morgan. 2ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄ0 The ComSec Letter is the official organ of the Communications Security Association. Membership is open to all who have an interest in communications security. Dues are $50 per year for individuals, and the membership year ends September 30. Life and corporate memberships are available; full information on request. 2ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄ0 ComSec Letter, POB 3554, Frederick, MD 21701 301-874-5311 ComSec Letter Volume VI, Number 4 YOGO 5.04 April, 1989 Prepared and Edited by James A. Ross ****************************************** APOLOGIES This issue, April, is being mailed in mid-May. I wish I could say that the delay is somebody else's fault, but I cannot. There is a lot happening, and I just did not schedule my time correctly, and I apologize. DIRECTORS MEETING As scheduled, the Board of Directors met on April 29. Many weighty issues were discussed, and many decisions reached. For now, let me just give you a thumbnail sketch. The meeting was attended by Mike Brumbaugh, Chuck Doan, Slick Poteat, Jim Ross, and David Schmidt. Absent were Jack Mogus and Ken Taylor. The terms and conditions of David's employment as executive director were approved by the board. Corporate membership and corporate sponsorship programs were discussed and detailed. The most important decisions, from my point of view, were related to research and publication of information. First, the association will develop a research capability, and its first area of study will be the vulnerabilities of CBXs to outside manipulation to allow theft of service and theft of information. Second, a new publication, yet to be named, will be established with a quarterly distribution schedule, first issue to be the last quarter of '89. There will be a full report coming as soon as Mike Brumbaugh finishes his write-up. (Mike takes all of the notes, so I'm dependent on him to be sure that my memory doesn't cause me to present some erroneous material in this letter.) GOVERNMENT COMSEC TRAINING In the past our government has always been very quiet about its COMSEC training programs. However, the GSA Information Security Training Center now offers telecommunications security specialist courses. Offered throughout the USA to US citizens, there is a five-day version for the people who actually do the work, and a four-hour overview for managers. This training is primarily for threat assessment, and not for learning how to do TSCM. However, it is certainly a step in the right direction, and we applaud the GSA. We'll be sending along more detail as we get it. THERE YOU GO AGAIN, ASIS Yep, they're at it again. ASIS, the membership organization whose constitution says "free and open interchange of information among members", is again promoting another meeting that is not open to more than 95% of the membership. Their 8th annual telephone security course is open only to "those employed on a full-time basis in security by legitimate communications common carriers". Last year, Kevin Murray raised sand about this policy, and the meeting was opened to all ASIS members. I attended, as did a few other telecom security professionals who are not employed by a telco. Also, there were some telco users, and some law enforcement types, etc. who attended. From my personal point of view, it was worthwhile. Almost all of the three and a half days was spent on subjects of no interest to me, but it was still worthwhile. It was exceptionally well run by John Cupples, and featured many speakers with excellent knowledge of their topics. I met some folks who had had their DISA facility burned badly, and some of the participants let the telco professionals know how their excellent telecommunications equipment was being used by the bad guys for theft of information and theft of service. Most important, some of us (telco, telco suppliers, and consultants) now know each other, and have agreed to share information in an effort to design ways to protect legitimate users from such abuses. So why is ASIS again allowing the use of the resources of the entire organization for the benefit of a tiny group? Why are members with a legitimate interest in telecommunications security barred from participating? OUTRAGE That may be a strong word, one to evoke strong responses. I hope so. Outrage is what I feel when I consider the intimidation of an honest businessman by the FBI over a non-offense. Did you think that the FBI mission was to investigate federal crimes, and protect us from foreign espionage? I did, and it is certainly a shock to learn that this magnificent investigative organization can be used for the selfish (and probably unethical) purposes of a Washington lobbyist group. To explain this properly I'll have to go back to the time when the ECPA '86 was in its formative stages. (If you're not familiar with the abbreviation, "ECPA '86" stands for the Electronic Communications Privacy Act of 1986, one of the most unbelievable pieces of trash ever served up by any legislature anywhere. And my senator, Mac Mathias, was one of its sponsors!) Anyway, our lawmakers in Congress were attempting to correct some faults with the federal privacy laws. The way they set out to do that was to assign some people who don't understand the technology involved, and arrange for them to be advised by some other people who don't understand the technology involved. Next, they grossly misquoted the old law regularly and continuously, so we'd all feel good about their wondrous development of the new law. Then they let some private special interest groups help them draft the law. One of those groups, The Cellular Telecommunications Industry Association, apparently was very influential. It seems that the manufacturers were becoming concerned that the public would learn that information broadcast by a radio transmitter is not secure. Time for a short lecture. Contrary to the assertions of cellular sellers, the content of broadcasts by any radio transmitter can be heard by other than the intended recipient. And so, back to the story. The CMT (cellular mobile telephone) salespeople were already lying through their teeth to make sure that they didn't lose a sale, but the lobbyists went all out to give them an even bigger lie to tell. Voila! they had our (their?) (maybe we all elected them, but they sure were in the pocket of the CMT manufacturers) legislators write a provision into this wondrous new law that makes it a felony to intentionally listen to what has been broadcast on cellular frequencies. Ah Ha! Now the seller can tell the prospect: "No one can listen to cellular conversations. It's against the law; it's a federal felony." Small aside re the efficacy of the new law. Its writers also made it a federal offense to intentionally listen to what has been broadcast "...on a subcarrier or other signal subsidiary to a radio transmission." What that provision means is that, if you intentionally listen to the MUSAK music on the elevator, or in the office, or anywhere else, you are committing an offense because MUSAK is broadcast on a subcarrier. I made an effort to be heard way back then. I wrote to every senator, called some, visited Capitol Hill with my spectrum analyzer. Some senators answered. (None of the answers was responsive.) I talked to some of the administrative assistants. One returned my call after his long and obviously liquid lunch. His response to my comments about this part of the law was, "It must be good. Both Motorola and Tandy favor it." One of the AAs who had been writing the law about listening to that which had been broadcast on a subcarrier asked me what was meant by "subcarrier". (I showed him a subcarrier on the screen of the spectrum analyzer, and I'm sure that made him the dean of all the law writers -- he had actually seen a subcarrier!) Anyway, the bill passed, the president signed it, and we're stuck with ECPA '86. Now, to the point. While the law was still a bill under consideration, Tandy was designing a great scanner, the PRO-2004. Somewhere, probably at the highest levels in Tandy, they had a marketing decision to make. They supported the law, but they were about to introduce a product, the 2004, that could be used to listen to cellular phone calls. --- Their decision was to add a diode to the unit so that the cellular frequencies were blocked. Well, the 2004 sold well, but American ingenuity being what it is, there were soon many tips on how to improve the 2004 -- make it scan faster, etc. Of course, restoration of the removed block of frequencies was one of the first improvements, and articles appeared in popular magazines with step-by-step instructions, with photos, on how to restore the "forbidden" frequencies. Again, it's time for a mini-lecture. It is important to understand that, even though some lobbyists would have had it otherwise, THERE IS NO LAW FORBIDDING MANUFACTURE OR POSSESSION OF A RADIO CAPABLE OF RECEIVING THAT WHICH HAS BEEN BROADCAST ON THE FORBIDDEN FREQUENCIES. Bob Grove, of Monitoring Times (a hobbyist periodical) and Grove Enterprises (a dealer in communications equipment), advertised the PRO-2004 in its original state, or modified with cellular frequencies restored at a slightly higher price. (I am absolutely certain of this because I bought a modified 2004 from him.) (It works fine, by the way.) So the FBI called on Bob Grove. The agent who called on him, according to Bob, couldn't have been more polite and gracious. (Bob said he very much appeared anxious to get back to real FBI duties like espionage investigations.) What was said, I don't know; but the result is that Bob no longer advertises a modified PRO 2004. To all of my friends who are current FBI agents, and all who are retired: "How does it feel to learn that your once proud organization is now a lackey, running scurrilous errands for a lobbying group? To all: I'm outraged. I'm ashamed for my country. To think that such stupidity could take place is appalling. How can we stand before the world as the model of a free nation, and allow such a thing to happen? Who in the FBI ordered such a silly activity? It is an especial shock to realize that the FBI agents who are sworn to uphold the law are not even aware of what it says. They spent their time enforcing a non-law; serving the interests of a lobbying group. Also, they either don't know or don't care that the Justice Department, for whom they work, has said publicly that they will make no attempt to uphold the "non-listening" portion of the law. It appears that, in this instance, the FBI got its orders from the CTIA, and charged off to subdue a dangerous enemy of the state. Meanwhile, here in Washington, foreign espionage agents are busy as bees, but we can all rest well in our beds. The mighty FBI has subdued that awful menace on Dog Branch Road, in Brasstown, North Carolina. 2ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄ0 The ComSec Letter is the official organ of the Communications Security Association. Membership is open to all who have an interest in communications security. Dues are $50 per year for individuals, and the membership year ends September 30. Life and corporate memberships are available; full information on request. 2ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄ0 ComSec Letter, POB 3554, Frederick, MD 21701 301-874-5311 ComSec Letter Volume VI, Number 5 YOGO 5.05 May, 1989 Prepared and Edited by James A. Ross ****************************************** NEXT BOARD OF DIRECTORS MEETING The ComSec Association Board of Directors will meet at 10:00 AM at the Tyson's Corner (Virginia) Marriott Hotel on June 10. The agenda includes defining the categories of corporate membership and sponsorship, planning the development of a research capability, discussing the ways and means of starting a quarterly publication, planning our next annual meeting, brainstorming various methods of making money, and discussing changes in our Constitution and By-Laws. Members are invited to attend, and to participate. TRAINING AND EDUCATIONAL PROGRAMS In the past the US government has been very quiet about its training programs having to do with communications security. (As a regular army signal officer, I went through the many courses that were required, but I don't recall that we ever had any intensive training relating to the TSCM aspect of COMSEC. Maybe some readers can bring me up to date on current practice in the services.) Now however, there is a movement to train people in this field. The Information Security Training Center of the General Services Administration has established two courses, to be offered throughout the USA to US citizens. These Telecommunications Security Specialist Courses are offered in five-day and four-hour versions. (The longer course is for the people who actually do the work, and the short course is an overview briefing for managers.) "Do the work" in the above does not refer to TSCM; it refers to doing self-assessments of systems, equipment, and procedures. The course is designed to assist government and government contractor employees to meet contractual requirement relating to telecommunications security, specifically, National Communication Security Instruction (NACSI) 6002. Graduates should be able to properly perform the appropriate self-assessment and then prepare a Telecommunications Security Program Plan (TSSP). Certainly, this is a move in the right direction. The more training and education the better. For information contact GSA, Symbol KVIST, 1500 E Bannister Rd, Kansas City, MO 64131-3088. Telephone: 816-926-6921. Autovon: 465-6921. FTS: 926-6921. 6ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ ÍÍÍÍÍÍÍÍ4 Copyright, 1989. Ross Engineering, Inc., Adamstown, MD, USA PREVIOUS BOARD MEETING As reported in the April letter, the board considered many important and far-reaching topics at its April meeting. Some definite decisions were reached, and some topics introduced for later decisions. Positive decisions: 1. The constitution and by-laws will be expanded. Details will be added to provide: means for expansion of the board of directors, method of removal of non- participating board members, establishment of a board of advisors, election of officers, etc. 2. For the sake of continuity, the current working members of the board will continue on the board until the annual membership meeting in 1991. The board will be expanded during that time, and new members added, but current working members will stay on through membership year 1991. 3. The board will meet at least quarterly. 4. Ross will search for a qualified person to replace him as president at the annual meeting. His guidelines are that the person should have a national or international reputation in the security field, but should not be a practitioner in the TSCM or data security field. He/she should be a generalist in security. 5. Ross will no longer be the editor of the association's organ as of October 1. The organ, yet to be named, will be a quarterly with expanded content on association affairs, technical articles, advertisements, etc. 6. David Schmidt will submit at least one proposal for a new logo to the board. He will also start work on new membership cards and certificates, to have them ready as soon as possible. 7. At the next meeting David Schmidt will present the board detailed proposals for the new classes of membership and sponsorship. Ideas include an initiation fee for new individual members (promotes prompt renewals), different levels of corporate membership depending upon the size of the business, and different levels of corporate sponsorship with differing benefits. 8. The association will sponsor a series of seminars or workshops on topics related to communications and data security. The objectives are to establish the association as a national educational resource, and to make some money so that we can afford to pay for all of our expanded activities. (By the way member, if you have an idea for a topic you could present (or a topic you'd like to learn about), drop me (Jim Ross) a note on my business fax, 301-874-5100.) 9. The next annual meeting of the membership will be held in conjunction with Surveillance Expo '89 in Washington, DC. 10. The association will cosponsor Surveillance Expo '89. 11. If at all possible, future annual meetings will be held in October, immediately after the membership year ends. (The idea is to provide a good incentive for renewal of memberships.) 12. Prior to the next meeting, Ross will propose an arrangement to the board for compensation for his efforts over the years, and for continuity of publication, and for the use of published material. 13. Poteat will continue to develop the data base on who works in the TSCM field, and what their qualifications are. 14. The association will develop a research capability. The idea is to establish a data bank with the full details of capabilities, vulnerabilities, etc. of various equipment, systems, software, etc. At the top of the list for attention are the vulnerabilities of CBXs to manipulation for theft of service and theft of information. Also, the association should have a data bank available to members so that they can get facts and figures on equipment and systems relating to communications, data and information security. These data banks must not be repositories for manufacturers data sheets and press releases; they must have full unbiased technical detail on all aspects for the benefit of members. 15. In consideration of the fact that the association plans meetings at various places around the country, a suggestion was made to approach a hotel chain to see if special arrangements could be made. The Marriott chain was suggested. 16. The DC area members will give attention to establishing a program for development of local chapters, with Washington, DC being the first chapter. 17. The next board meeting will be held on June 10. ANOTHER PHONE TO LOOK FOR Last month we commented on the NT 2018 telephone. It has the speaker connected to the talk pair while the phone is on hook, making it a room bug. Another telephone that is a room bug is the Comdial Executech II. It also has the speaker connected to the talk pair while the phone is on hook. Your editor recently checked an office complex with twenty-eight of these bugs in place. After the audio feedback test identified them as bugs, we used a Radio Shack audio amplifier to demonstrate that room audio was being conducted out to the telephone closet while the phone was on hook. True, the audio had a lot of interference from the fluorescent lights, but room audio could be easily heard, and a little filtering would clear up the audio. So, take heed; some modern telephones are room bugs. If you come across any of these beauties, please call, fax, or write us with the make and model and we'll pass the word. 'NOTHER WILD JUDICIAL DECISION I think I'll write a book. a book full of crazy decisions. This one will have to head the list. The situation was that some people figured out a way to make some money. They decided to establish a pirate radio broadcasting station on board a ship anchored in international waters off New York City. Not a bad idea, really. Let's say that you want to give this idea a try. If you can put up with the rolling of the ship 24 hours per day, and don't need money until you have a following and have sold some ads; you might just have a good business. Whoops. Forgot about the bureaucrats, didn't you. But how can the FCC bother you when you're not even in the United States? Simple. The FCC gets you in front of US District Court Judge John J. McNaught in Boston, and tells him that 47 USC 705 gives it authority over stations whose signals are received in the United States! He believes them, and orders you not to transmit!! Hey, judge, sir. Did you ever listen to shortwave? Signals from all over arrive here continuously. Do you think that the FCC should have authority to shut down Radio Moscow?. How about a ham in Egypt, or the BBC from London? How about other countries' satellites beaming RF down on us? C'mon judge, try thinking! By the way, the reason the FCC is concerned, they say, is that the pirate might interfere with a licensed station. (I think the real reason is that they fear for their fiefdom; pirates do not have to kowtow to them.) However, as it often is with government people, they don't understand free enterprise. The pirate has no interest in interfering with another station. That would mean that, for the most part, his signal could not be heard. Certainly, he's going to pick a spot in the spectrum which will allow his audience to hear him. (That's not too hard to figure out, is it FCC?) SPECIAL MESSAGE TO NEW SUBSCRIBERS The ComSec Letter was created by Jim Ross in 1984, the year of George Orwell, and it became the official organ of the ComSec Association shortly thereafter. As such, it was available only to members. Now, however, it is being offered by subscription at $35 per year (10 issues). This issue has a lot of association news because many changes are taking place at this time. Future issues will contain more on communications and data/information security. 2ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄ0 The ComSec Letter is the official organ of the Communications Security Association. Membership is open to all who have an interest in communications security. Dues are $50 per year for individuals, and the membership year ends September 30. Life and corporate memberships are available; full information on request. ComSec Association, 10060 Marshall Pond Rd, Burke, VA 22015. Subscriptions: $35/year from Ross Engineering, Inc. 2ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ÄÄÄÄÄÄÄÄ0 Ross Engineering, Inc, 7906 Hope Valley Ct, Adamstown, MD 21710 USA Tel: 301-831-8400 Fax: 301-874-5100 ComSec Letter Volume VI, Number 6/7 YOGO 5.06/7 June/July, 1989 Prepared and Edited by James A. Ross ****************************************** TO ALL NEW MEMBERS OF COMSEC This may be the first response that you have received since you joined the Communications Security Association, so I say, Welcome! As you'll read in the following paragraphs, the organization is undergoing many changes. You've joined at a time when many exciting things are just beginning. Read on. NEW EXECUTIVE DIRECTOR, ETC. As we had announced earlier, David Schmidt has joined us as executive director. That means that the association has gone from an all-volunteer force (mostly the Ross family) to a professionally run operation. The Comsec Letter phone that used to sit on my desk in my office has been taken out. Calls are now referred to the new number in David's office. (703-503-8572) All of the queries that come to the box in Frederick, Maryland are passed on to David at his office, 10060 Marshall Pond Road, Burke, VA 22015. MEMBERSHIP CARDS, CERTIFICATES, ETC. At the last board meeting a new logo was approved, and David is having new certificates and membership cards designed. Also, he has acquired the program that I've been using to keep membership records so as to facilitate transfer of information from computer to computer. If you have any questions, call David. However, please be patient. He has a lot of catching up to do. We have not even published a roster of members for the last three years, and that will be one of his priorities. Also, some members have decided to start local chapters, and he's involved in designing just how that gets done. Also, he and Ron St. Jean have been drafting new by-laws to replace the sketchy ones that I wrote, and may reincorporate in the state of Virginia for the sake of convenience and simplicity. As if all of the other things weren't enough to keep him busy, David has the major task of creating a new publication as the official organ of the organization. 6ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ ÍÍÍÍÍÍÍÍ4 Copyright, 1989. Ross Engineering, Inc., Adamstown, MD, USA DISCLAIMER The person named Ross who wrote the article for Radio Electronics on how to build a bug detector is not your editor. Although his name is Ross and he knows a lot about electronics; he is not Jim Ross, and he obviously doesn't work in the real world of bug detection. He says he created the device "to solve a problem that law enforcement personnel were having when using frequency counters to locate bugs". So here's a message from Ross to Ross: Using any frequency counter or field strength meter in the search for bugs is a waste of time. In the first place, most bugs are wired bugs, radiating no RF energy. Secondly, if you use a field strength meter searching for RF bugs in a metropolitan area, the reflections of legitimate RF signals will drive you crazy. As you move through a target area, you'll see variations in field strength all right, but you'll have no way of determining what is causing those variations. No, Mr. Ross, you haven't solved the problem that those law enforcement officers have; you haven't even identified their problem. The idea is very simple. If you want your shoes repaired, you go to a shoe repairman. If your car breaks down, you take it to an auto repair shop. Similarly, the lawyer takes care of legal problems, and the doctor takes care of medical problems. --- Are you getting the drift? It's simple. Their problem is that they are trying to work in a field in which they are not competent. Period. If you have an eavesdropping problem, hire someone who has education and experience in communication, electronics, and eavesdropping detection. There's more to the art than walking around a room with a magic wand. Far more. To all police and former police: I promise to leave the law enforcement tasks to those trained in law enforcement. I will do no murder investigations, I will do no crime scene searches, I will direct no traffic or give out parking tickets, etc. Please, stick to your business and leave this business to those of us who know what we're doing. THE END OF AN ERA This is the next-to-last ComSec Letter for all members of the Communications Security Association. CSA will begin publishing a quarterly periodical, and members will be receiving the premier issue in the last quarter of this year. If you have material to submit for publication, or want to get involved in any way, contact David Schmidt, Communications Security Association, 10060 Marshall Pond Road, Burke, VA 22015. (Tel: 703-503-8572 Fax: 703-425- 6079) WHAT IS THE DEAL WITH CCS? Now that we've passed along the information given to us by Don Miloscia, and SECURITY picked up on it and ran it as fact; we find that what we were told -- and reported -- is not fact. (Don told us that he had purchased CCS, replaced all of its people and policies; and renamed it Surveillance Technology Group.) Since that first conversation and our reporting of it, we've had additional information provided by the original source, and we're more perplexed than ever. The best we can do at this point is present all of the details that we have, and hope that someone will help us sort it out. The story goes this way. In my business's newsletter (which goes to everyone on the Ross Engineering mailing list) I stated that I was looking for a digitized, encrypted telephone with certain specific specifications. Shortly thereafter I received a phone call. A voice which identified its owner as Don Miloscia, a retired US Marine, told me that he had exactly what I needed. When he identified the company as Surveillance Technology Group, I told him that there was no way that I could afford to buy from CCS -- I could not afford the dollars, but more important, I could not afford to lose credibility in the professional community in which I work. That's when he, Don Miloscia, told me that he had bought CCS, that all of the old people were gone, that all of the old ways were gone, and that he had completely reorganized the operation. He assured me that it was a whole new ball game, and volunteered to send me information on the product that was just what I needed. I wondered if this was the end of an era, and I ran an item under the heading "CCS IS NO MORE ?????". That item solicited comments, and we have received many, including several from Don Miloscia himself. At the recent COPEX show in Baltimore, after I advised Don Miloscia that some people had been quoted as saying that CCS was still alive and that STG was a front, he admitted that CCS is still alive. However, he continued to claim that he had purchased CCS, but he also said that CCS sells to non-government, and that Surveillance Technology Group sells to government organizations. If anyone can provide factual information, we'll run it in this newsletter. (And Don, if you decide to offer some clarifying information, please explain why you were trying to sell me a telephone; I'm not a government.) COMSEC LETTER SUBSCRIPTIONS Yes, there will be a new official organ for the ComSec Association. However, this letter will continue, and will again be available by subscription directly from Ross Engineering, Inc. The rate will be $35 per 10- issue year. TO ALL NEW SUBSCRIBERS: If you are reading your first ComSec Letter as a result of participating in the Interest Survey for Surveillance Expo, I say, Welcome! (If you did not choose any desired reward, or if your entry was received late, the default award is this subscription -- it is the only prize that we had an unlimited supply of.) (We're aware that you may be receiving duplicate copies if you are already a member of the Communications Security Association. However, the pressure of meeting a deadline did not allow time for us to screen for dupes.) After the next issue (August/September), this newsletter will cease to be the official organ of the ComSec Association. If you are a member of CSA, you will begin to receive the association's new quarterly magazine. To recap: if you submitted an interest survey for Surveillance Expo '89 and did not qualify for any of the other awards, your name has been entered into our computer for a one-year subscription to this newsletter. We will continue to publish ten times each year. The letter will be, if anything, a bit more informative about the technology because there will be no association administrative matters to cover. It'll still be terse, and sometimes irreverent; but always straightforward with no hidden agendas. Again, Welcome! TELEMANAGEMENT If you are involved in telecommunications, I recommend that you take a look at this publication. It's a Canadian periodical, but it always has something of interest to this Yank. Give 'em a call. (Please tell them that Jim Ross sent you.) The editors are Ian and Elizabeth Angus. Angus Telemanagement Group, Inc, 1400 Bayly St, Office Mall Two, Suite 3, Pickering, Ontario L1W 3R2. Tel: 416-420-5050; Fax: 416-420-2344. This publication is usually very serious, but they put some rib ticklers into the current issue under the heading, "Son of elephant jokes". Included are a series of daffy LAN definitions, such as: a LAN which behaves strangely ..........a Loco Area Network or, a broken LAN ..........................a Local Area Notwork. You get the idea. See if you can invent some that they didn't include. Our offering: a barren LAN(d) ......................a Locust Area Network By the way, they are sponsoring the first world conference on Incoming Call Center Management. If you are any way involved in this activity, it looks like a conference that you won't want to miss. It's scheduled to be held in Toronto August 28 & 29 with an optional session on August 30. Call or fax them for full details. -30- ComSec Letter Volume VI, Number 8/9 YOGO 5.08/9 August/September, 1989 Prepared and Edited by James A. Ross ****************************************** ALOHA In the Hawaiian Islands, I'm told, they use the same word, "Aloha" for both a greeting and a farewell, and your editor is not one to pass up a chance to save a few words. So, I bid Aloha to two different groups who are receiving this late summer ComSec Letter. The first group, to whom I bid Farewell, comprises those members of the Communications Security Association who choose not to subscribe to the ComSec Letter at this time. (In case you hadn't noticed: this is the last issue of the ComSec Letter which will go to members of the association as a benefit of membership. The board has decided to start a quarterly publication to be created under the aegis of the new executive director.) (Of course, if you wish to continue to receive this letter, all you have to do is send us a renewal order with a check or credit card information.) The next group, to whom I bid Hello, comprises the few hundred people who have become subscribers since the letter was again made available through direct subscription. Welcome! This letter has been evolving since 1984 (the year of George Orwell), and we plan a few more changes in the next year. As always, anyone with a pertinent (or impertinent!) comment or question is invited to phone, mail, or fax it to us. REMINDER! The membership year of the Communications Security Association ends September 30. If you are currently a member, but have not taken advantage of the wonderful life membership offer, or renewed through September 1990; your membership will expire at the end of September. To renew, send the mailing label from the envelope that this came in (or your name, address, phone, etc. typed or printed legibly) with appropriate dues payment to Communications Security Association, POB 3554, Frederick, MD 21701. If you have any questions, call Jim Ross on 301-831-8400 or fax to 301-874-5100. If you are a new subscriber to this newsletter, and not a member of CSA, I urge you to consider joining. Until we hire a new executive director (see Help Wanted on page 4), you can contact Jim Ross, President, for information. (contact information above). 6ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ ÍÍÍÍÍÍÍÍ4 Copyright, 1989. Ross Engineering, Inc., Adamstown, MD, USA NON-COMMERCIAL VS. COMMERCIAL In the September, 1984 issue of this letter, I commented that, as a consequence of becoming the official organ of the Communications Security Association, this letter would of necessity have to become non-commercial. Through 1985, 1986, 1987, 1988, and so far in 1989, I have tried to keep this newsletter non-commercial. And, as I look back through the issues of those years, I think that I can honestly give myself good grades for my performance in that regard. I see many places where I really had to hold my tongue for fear of presenting information or opinion that would have rebounded to the benefit of my commercial business. As a matter of fact, a business partner, Ken Taylor, several times pointed out that my efforts on behalf of the association were only using my time and my family's time and causing us a lot of aggravation, but not making any money. His advice: chuck the whole effort; concentrate on your own business. Well Ken, CSA decided to hire an executive director, and to develop its own quarterly magazine. So Jim Ross will soon be free to spend his time on his business. Except for the periodic meetings of the Board of Directors, my time will again be my own. So this is the transition letter. It has some information about the Communications Security Association, and some about Ross Engineering. As the editor of the CSA's organ, I tried to cover communications security objectively, and for the best benefit of the members. (For many months we even carried announcements of training offerings sent in by competitors of my business.) In the future the emphasis will be on communications security as we see it from our perspective as eavesdropping detection professionals. One point, first made when we started in 1984: this letter is about the security of communications. However, you'll often find segments which emphasize good communications because I feel that its a silly waste to use any effort to try to protect ambiguities, inanities, and stupidities. BRITISH TELECOM Your editor is under contract to Frost and Sullivan to present his "Eavesdropping Detection" seminar in London from time to time. Recently, I suggested to them that we could liven up the presentation if I could have access to a working telephone so that I could demonstrate how very easy it is to tap a phone and also to modify it to make it into a room bug. Frost and Sullivan, in turn, sent the idea along to their headquarters in London, and they passed it on to British Telecom. British Telecom responded with two comments. First, if I showed anyone how to tap a telephone, that would be a crime. Second, if I modified a British telecom telephone with American components, it would cause the telephone to cease to function! If you're old enough, and ever got involved with Ma Bell in the old days, you'll recall that that is exactly the kind of garbage that they used to put out. (By the way, that's not a criticism of the people who say such things; they've been so brainwashed that they actually believe that those are truisms.) Let's be specific. 1. About crime. Tapping a phone is so simple that it can be done by a child. The equipment necessary can be purchased retail for one or two dollars. Only two connections have to be made, and those can be made with alligator clips. There is almost no danger of electrical shock. (The only way a person could feel any shock is to be in contact with the two wires at the time a ring signal was on the line.) There is no way that the tap, done right, will cause any deterioration of the quality of transmission, or in any way affect the operation of the telephone system. 2. About the effect of US components. It is very simple to modify an analog telephone, and make it into a room bug. I'm not familiar with British Telecom wiring and instruments, but I'm willing to bet a pint that any of their analog phones can be so modified in minutes. Further, I'll bet my next ten years earnings that my installation of US components will not cause the British telephone to cease operating. Electrons don't change characteristics when they cross political boundaries. They're dependable little fellows; they always react the same way to the same stimulus. So, British Telecom, as Ma Bell used to, pats the dim-witted dolt on the head, and says, "Go away child. This is too complicated for anyone but a telephone company person to understand." Jim Ross says, "Bah, humbug!" TELEPHONE ROOM BUGS With regard to the sarcasm above, I'm moved to again point out that some modern telephones are room bugs as built. That's right, the phone sitting on hook on the desk next to you right now might be sending all of the sounds in your office out of the area where they can be picked up by anyone who knows how. How did this happen? Well, those same people who have been assuring us that we can't possibly understand how a simple DC circuit works, have been designing telephones without considering communications security. They apparently assume that the phones will be used by nice people who have only nice people around them and competing with them. Sorry fellows; that's not the world that we live in. You're building bugs and the bad guys know it. ON WORDS Earlier, we raised the question about what to call a modern computerized PBX because the word "switch" confuses people who don't work in telecommunications every day. Well, after many discussions and much sober reflection, we've decided to use "CBX". Many will think that CBX stands for computerized business exchange instead of computerized branch exchange, but who cares. As long as we all see, in our minds eye, what is referred to, we're OK. CSA LOCAL CHAPTERS Mike Brumbaugh has done an outstanding job of putting together a complete program for the establishment of local chapters. People with like interests and concerns can meet and share information. See the enclosed sheet for details on how to proceed. SURVEILLANCE EXPO '89 The Communications Security Association is a cosponsor of this affair to be held in Washington, DC December 12 - 15, 1989. Members of CSA will be allowed a $200 discount when registering for the conference. Although there is no charge to preregister for the exhibits, the fee for the full four-day conference is $595 so here is a real payback for the $50 that you spent on dues in CSA. ComSec Letter is also a sponsor, and you'll be entitled to a $50 discount if you are a subscriber at the time of the expo. CSA ANNUAL MEMBERSHIP MEETING It's not really correct to call the December 1989 membership meeting an "annual" meeting because the last full membership meeting was in 1985 in conjunction with Comsec Expo '85. (Actually, we've held meetings, but there was no draw like the expo so the meetings were very sparsely attended.) In any event, there will be a CSA membership meeting on December 13 at the Sheraton Washington Hotel. Jack Mogus is putting together the details, and you will be advised as the session firms up. FIRST HOME TSCM TRAINING COURSE We'll be conducting a two-week, hands-on TSCM training course starting September 18 at a facility near Dulles Airport. Fee is $1,350. Call for information. (This letter may arrive on your desk after the course is underway, but we're announcing the course here in the hope that it will reach some of our readers in time.) HELP WANTED The person who had been hired as executive director of CSA abruptly quit. This leaves us in need of help. Inquiries are being received daily about corporate memberships, training classes, etc. There are a few options open, but we'd like to hear any ideas from any member or prospective member. The ComSec Letter is published monthly (10 issues per year) by Ross Engineering, Inc., 7906 Hope Valley Court, Adamstown, MD 21710 USA. The letter covers communications and information security concerns in the modern world. Subscription price is $35/year for US, Canada and Mexico; and $55/year for all other addresses. -30- ComSec Letter Volume VI, Number 10 YOGO 5.10 October, 1989 Prepared and Edited by James A. Ross ****************************************** NAME CHANGE COMING Soon the ComSec Letter will be no more. No, that does not mean that we will not fulfill your subscription. It only means that we will be having a change of name. The story is that the directors of the Communication Security Association voted to establish a new publication which will have COMSEC (or something like it) in the name. They see continuing confusion with two publications similarly named. Further, there has been widespread confusion because everything that has come out of the association has had my name on it. Jim Ross has been identified as the association, and vice versa. It's time for the association to establish its own independent identity. No, I did not want to change the name of the newsletter that I write. I created it in 1984, the Year Of George Orwell, and I enjoy writing it. However, I agree with the other directors that a great deal of confusion has existed; and, for the good of the association, I will change the name. Yes, you'll continue to receive a newsletter written by Jim Ross on the subject of communications, communications security, privacy protection, etc. It will be issued ten times per year and will contain at least four pages as in the past. It just won't be called ComSec Letter. The way it looks now, we'll continue to call this publication ComSec Letter through the December issue, and we'll carry CSA information till then. At that time the association will begin publishing a magazine for members of CSA, and this letter will have a new name starting with the January issue. If you have a zingy name to suggest, please give me a call. Looking back, we see that we've covered technical material, news, laws and legal decisions, personnel, techniques, etc. We're interested in all aspects of communications (especially good communication), surveillance, countersurveillance, privacy protection, eavesdropping detection technology, telecommunications, data/information security, etc. Your comments are solicited. 6ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ ÍÍÍÍÍÍÍÍ4 Copyright, 1989. Ross Engineering, Inc., Adamstown, MD, USA CSA BOARD OF DIRECTORS We've received a few calls from members asking just what is the situation with the board, and when new members will be elected by the membership. There is some concern that the east coast is represented, and the rest of the world is left out. Having been a member of organizations that were run by a tight cabal, I'm sympathetic to the concerns that have been expressed. For the benefit of those who have not been privy to the details, we have not had a big membership meeting since 1985 when we put on ComSec Expo '85. Since then, our meetings have been sparsely attended, and board members have been added to fill vacancies by a very small segment of the overall membership. It appears at this time that it would be a good idea to expand the board to nine members as had been the plan, and to do this in conjunction with the December membership meeting. Members with an interest in serving on the board are invited to make themselves known. Our new by-laws have not been formally adopted, but they will probably require attendance at two meetings per year as a minimum, with absence from two consecutive meetings requiring dismissal. Our plan is to establish a nine-member board, and to elect three new members each year at the annual meeting. SURVEILLANCE EXPO '89 This affair, to be held at the Sheraton Washington Hotel in Washington, DC December 12 - 15, is being sponsored by CSA and this newsletter. We expect many new people to join the association because of the discount offered to members, and we have tentative plans for even more participation by the association next year. Interested in the modern technologies of surveillance and countersurveillance? This is the show for you. Wonder what the laws mean? Want to get straight answers in layman's language? There will be four sessions relating to the laws, and many other seminars will include material on the laws. Want to know the latest technical surveillance systems found by TSCM teams? Visit one of the sessions on TSCM reports from the field, and join in a discussion with professional practitioners. Heard about TEMPEST, SCIFs and STU-IIIs, but don't really understand? Various seminars will cover these topics, and there will be several exhibitors featuring these products. Read about computer viruses, but don't know how vulnerable you or your employer are? Take in one or more of the seminars on this topic. Visit the exhibitors offering protection systems. Have any kind of a question relating to these technologies? Here's your chance to ask the experts. Remember, as a member of CSA, you'll be entitled to a $200 discount when you sign up for the conference. GSA TELECOMMUNICATIONS SECURITY SPECIALIST COURSES In our May issue this year we passed along some information about two courses being offered to anyone by the Information Security Training Center of the GSA. So far we've had no feedback, and that's unusual. If you have attended, we'd certainly like to hear from you. If you are interested in the training being offered, you can get information from: GSA, Symbol KVIST, 1500 E. Bannister Rd., Kansas City, MO 64131-3088. Please let us hear from you with any details about this unusual offering. MAIL Fred Villella of La Jolla, CA wrote to correct his address, and commented, "You appear to do good work. Keep it up!" Thanks, Fred. We'll do our best. Ramon Izaguirre of Buenos Aires, Argentina wrote to ask the meaning of several of the terms that were contained in the Surveillance Expo interest survey. Thanks, Ramon. The terms that you do not understand may not be understood by many readers of this letter, so we've created a mini-glossary which will be mailed with this letter. Thanks for your inquiry. Thomas E Crowley wrote to advise that he has a criminal justice data base on computer of 75,000 to 100,000 topics. You can contact him at 27450 Cottonwood Trail, North Olmsted, OH 44070. Phone: 216-779-9295. Alex Pacheco of Washington, DC wrote to ask about a subject that has really gotten a lot of attention recently; he wants to know about calling number identification. Well, Alex, many people are very interested in that subject, and some are even buying the box that you connect to your line which will display "Incoming Call Line Identification, ICLID". Unfortunately, unless you live in an area where the phone company offers this service (at an extra charge), you'll get no help from the black box. Nada. Zip. Nothing. Because this is also a subject which would be of interest to many of our readers, we're including information on it in the mini-glossary enclosed with this letter. COMING SOON CSA member Larry Rigdon has discovered a manipulation of a modern electronic PBX (CBX) being used by an employee to monitor the big boss's calls. Larry has promised to send us a copy (sanitized) of his report. We'll pass along the details. As we've said many times before, if a vulnerability exists, you can be sure that someone will take advantage of it. NEW EXECUTIVE DIRECTOR FOR CSA Mike Brumbaugh, a member of the CSA board, volunteered to become the new executive director, effective immediately. He will continue in his full-time job, and do this work part time. Mike has great ideas about expanding the membership and the benefits of membership. He has started a campaign to get local chapters organized around the country, and he is inaugurating a new magazine to be the official organ of CSA. If you have an article in your head that would be of interest to members, now's the time to put it down on paper and send it to Mike. The new CSA address is: POB 7069, Gaithersburg, MD 20898-7069. Telephone: 301-670-0512. If you have not received your membership certificate or card, contact Mike. Please be patient. He's just getting started, and we really were left in the lurch by the abrupt resignation of the previous director -- with many unfinished tasks. TRANSITION As we change names of the publications, and start with a new executive director, there are bound to be many questions. Let's all try to communicate and reduce the confusion level as much as possible. For instance, this letter will no longer be a benefit of membership. Everyone whose membership expired as of the end of September 1989 has been notified that subscriptions to the ComSec Letter are available @ $35/yr in North America and $55 elsewhere. We've had a very good response to that single notice; but, because of all of the confusion, we have decided to send at least one more issue with an expiration notice. However, if you joined during '89 expressly to receive the ComSec Letter, please let me know. I'll continue to send the letter to you until the normal expiration date of September 30. Mike Brumbaugh will be contacting all who have not renewed their memberships to remind them. If you do not understand, or have any question about these changes, I'd welcome a call from you. We certainly don't want anyone to think that he has not been treated fairly and honestly. The ComSec Letter is published monthly (10 issues per year) by Ross Engineering, Inc., 7906 Hope Valley Court, Adamstown, MD 21710 USA. Tel: 301-831-8400; Fax: 301-874-5100. The letter covers communications and information security concerns in the modern world. Subscription price is $35/year for US, Canada and Mexico; and $55/year for all other addresses. -30-ComSec Letter Supplement Volume VI, Number 10 YOGO 5.10 October, 1989 Prepared and Edited by James A. Ross ****************************************** MINI-GLOSSARY ANI. Automatic Number Identification. This is a telephone company facility, intended for their use alone, but widely used by others. To take advantage of this capability, you simply dial a code, and the response, in a computerized voice, is the number assigned to the pair that you are connected to. For instance, in New York City and parts of Long Island, you would dial "958" to determine the number assigned to the pair that you are connected to. If you dial from your home or office, you'll learn nothing that you didn't already know. However, if you are in the process of connecting a tap, this could save you a lot of time. CNA. Customer Name and Address. Again, this is a telephone company facility in this country by which telephone companies help one another by providing the name and address of a customer whose number is known. It is widely used by investigators in the practice of their profession. DNR. Dialed Number Recorder. The first of these, built 50 or 60 years ago, used a fountain pen to make marks on moving chart paper in response to the pulses of current in the line as the phone was dialed. (They were called "pen registers" because a pen was used to mark the paper.) An operator or technician had to count the marks to interpret the number dialed. Modern DNRs are much more sophisticated, and do much more. (However, journalists and politicians still use the outmoded and antiquated name, pen register.) (Too lazy to learn anything new?) Today's DNR (and Radio Shack's CPA-1000 is a low-cost marvel @ $99.95) records and prints time off hook and time on hook for all calls. For incoming calls, some of them print out the number of rings before the answer. For outgoing calls, they also print out the number dialed. It doesn't matter whether the dialing is pulse or tone, or a combination of both. Also, some provide a recap of all daily activity at midnight each night. Some even format the number, putting in dashes US style, making it easier to read. LLLTV. Low Light Level Television. SCIF. Secure Compartmentalized (Compartmented?) Information Facility. This is a US government invention. It is a facility that is built to government specifications that assures that what is said in the room is heard only by the people in the room. Government contractors are being required to develop SCIFs for sensitive and classified meetings. STU III. Secure Telephone Unit number three (pronounced "stew three"). AT&T, Motorola, and RCA (GE?) are building these after a government sponsored development. They are secure telephones to be used by government contractors when talking about sensitive information on the phone. TEMPEST. This is the name that our government has given to the field that relates to compromising emanations from electrical and electronic equipment. In short, electronic equipment radiates interference as it is operated. Given close proximity, much expensive equipment, trained technicians, and a lot of time; it is possible, theoretically, to determine what has been typed, for example, on an electronic typewriter nearby. CALLING NUMBER IDENTIFICATION Many, many people are very interested in this subject. We get at least one telephone call per week from a person who wants the service NOW. They have seen something about it in the press, and they're ready! Unfortunately, there are some mail order sellers who offer boxes that they say will display the calling number. People are buying these boxes, and learning, too late, that they should have investigated before investing. Sure the box is capable of displaying the calling number. However, it cannot display anything if the telephone company provides nothing. Unless you live in an area where the phone company offers this service (at an extra charge), you'll get no help from the black box. It can only display "Incoming Call Line Identification", "ICLID" in areas where that service is offered, and then only to subscribers who have contracted for the service. Service is being offered in various localities, and is spreading rapidly because of the free market forces driven by the publicity that this technological advance has generated. If you want this service, I suggest that you call your telco's business office and ask when the service will be available. As usual when dealing with phone company people, don't allow yourself to be put off by the first service rep who can't find the answer in the "answers to every subscriber's questions" script. Persist. Speak to a supervisor. If enough people ask about it, maybe they'll will realize that they can make some more money by offering the service. Nationally, the service will someday be implemented. It is a part of what is informally called "System 7", the full name of which is "Common Channel Interoffice Signalling System 7". On a local basis the facility has been offered under the name "CLASS" which is an acronym for "Custom Local Area Signalling System". One final note about this wonderful new capability. The American Civil Liberties Union (which I usually agree with) has taken the stand that this system violates the privacy of the calling party by revealing his number to the called party. That's right, the ACLU says that the person who dials you, causing your phone to ring and interrupting your activity, is having his privacy violated if you are allowed to learn his number. ComSec Letter Volume VI, Number 11 YOGO 5.11 November, 1989 Prepared and Edited by James A. Ross ****************************************** SURVEILLANCE EXPO '89 Just a reminder: This affair will take place in the Sheraton Washington Hotel in Washington, DC December 12 - 15, 1989. The seminars start at 2:00 PM on the 12th, and the exhibits open at 9:00 AM on the 13th. Each morning that the exhibits are open there will be no-charge seminar sessions at 8:00 AM. Anyone with any kind of a Surveillance Expo '89 badge will be able to attend free. As this is written, we have already received conference registrations from Australia, Canada, Denmark, and South Africa, as well as all over the United States. If you attend, you'll have to choose between outstanding speakers. Many well qualified people volunteered to speak, and the committee had to disappoint many with excellent credentials. If you cannot get to all sessions that you are interested in, take heart, the Comsec Association is arranging to have all sessions recorded with tapes available on site or by mail. (If you are not able to attend at all, you'll still be able to order tapes of the sessions you are interested in.) It looks as though there will be about fifty exhibitors and we have over thirteen hundred people preregistered to visit the exhibits during the three days. From the titles and company names on the registration forms, we're convinced that this will be a quality audience. Certainly the members of the fourth estate are interested. We've had requests for press passes from all over. So far we are holding press passes for several TV stations, trade press representatives, national news magazines, etc. World News Tonight with Peter Jennings has arranged for four passes (and we're delighted that Jim Bamford, author of "The Puzzle Palace" will be one of the ABC reps. If you haven't read his book, your education on surveillance is not complete.) USA Today on TV has interviewed the conference chairman, and National Public Radio couldn't wait for the mail; they insisted that we fax them a copy of the program. See the highlights sheet enclosed in the envelope with this letter for information on some of the exhibits and some of the seminars. Remember, if your membership in CSA is current, you'll be entitled to a $200 discount. 6ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ ÍÍÍÍÍÍÍÍ4 Copyright, 1989. Ross Engineering, Inc., Adamstown, MD, USA TECHNOLOGICAL ASSESSMENT PROGRAM Frank McGuire sent us a mailing that he had received from the Department of Justice Technological Assessment Program (TAP). This document stated that TAP planned to establish standards for pen registers. Pen register!?? Please, fellows. Can't we use modern terms to describe modern technology. The pen register was modern technology forty years ago, and the term is inappropriate for use in this day and age. The modern term is DNR for dialed number recorder; and, if an old fogy like me can step up to modern technology, why can't you whippersnappers? By the way fellows, contrary to what you printed, the DNR prints only the number dialed, not "the specific numbers of the telephones involved". Question. Do any of the manufacturers have DNRs that can also print out the calling number, where that information is available? ON WORDS In the segment above we commented about the use of "pen register" to describe a modern DNR. (It's akin to calling a Corvette a horseless carriage.) Let's consider some other words that, I believe, should be used carefully and precisely. The first set: "tailing" and "tracking". In my usage, tailing means following, with or without the aid of electronic or radio aids, keeping the subject in sight, or within the range of the electronic equipment. The process involves movement, the physical following of the target. On the other hand, tracking means keeping track of the target's movements while remaining at a fixed location. Through electronic means the target's position is recorded and/or displayed at some fixed site. And another set, the old bugaboo: "tap" and "bug". These continue to be used interchangeably by members of the press and even by some people who sell their services in countermeasures. For the sake of good communication, let me offer definitions. Very simply, a tap is eavesdropping on what is carried over phone lines, and a bug eavesdrops on all room audio. The product of a tap is that which is being carried over telephone lines, and the product of a bug is all target area audio. I do not find these definitions hard to understand, and their careful usage makes for less ambiguous communication. However, not everyone is ready to be precise. One man in a recent seminar in London reacted hotly to my statement that a telephone tap, properly done, cannot be remotely detected by any instrumentation. His question to me was, "Are you saying that all of that equipment that they use out at Scotland Yard is worthless?" It seems that he did not understand that I was talking about a tap, a connection to a telephone line. He could not differentiate between the two words even with repeated instruction as to their meanings. While we're talking about being precise, it's time to ask you to observe how many people will be expounding about the next decade, the nineties, starting in 1990. Each time you hear that or read it, think back. Did we start numbering years with the year "zero"? No, we didn't; we started with "one". That means that 1990 is the last year of this decade, not the first year of the next decade. (Yes, engineers can be picky, but the next time you're at thirty thousand feet, thank your lucky stars that a lot of aeronautical design engineers were very thorough and very picky.) SUBCARRIER Subcarrier is a method of carrying more than one set of information over a radio link. In short, the main carrier, in addition to being modified by the main modulating signal (which carries information), is also modulated by another carrier, called a subcarrier. That subcarrier, in turn, is modulated by another modulating signal, also carrying information. In the US there is a provision in the rules allowing broadcast stations to transmit information on subcarriers. Its called SCA for Supplemental Communications Authority. FM broadcast stations use three different frequencies for these (SCA) transmissions. The subcarrier frequencies used for analog (music, readings, etc.) information are 67 KHz and 92 KHz. Digital (mostly paging) information is carried on 57 KHZ. If you are a scanner buff, and have a low frequency receiver, you can tune to these subcarriers. Be careful though. Big Brother may be watching. The Electronic Communications Privacy Act of 1986 made intentional listening to that which has been broadcast on a subcarrier a crime. OTHER STUPID LAWS I remember when the old timer in a nearby small town began to lose towing business from car wrecks because a new operator was listening to police calls, and got to the wrecks first. As I recall, the local govt passed a law making it illegal to listen to police calls. How dumb, and soon overturned. Monitoring Times recently reported that a man in Michigan was fined $500 for having a scanner in his vehicle. Imagine! He was punished just for having a scanner in his vehicle. These laws are stupid and repressive. "Let the buyer beware" is valid, so let's coin: "Let the transmitter beware". If you broadcast, you have no right to expect privacy. If you broadcast your private information by radio by using a cordless or cellular telephone, you are acting irresponsibly, and our legislators are acting stupidly when they pass laws to "protect" you. If you transmit, others will receive, regardless of what any law says. Further, I think that passing laws limiting what people can listen to is unbelievably repressive and akin to the rules which forbad teaching slaves to read and write. WE KEEP GETTING THESE THINGS IN THE MAIL "The Secure Phone II has the capability to defeat any and all automatic telephone recording devices for secure communications." First, how in the world can anyone assert that defeating an automatic recording device insures secure communications? Of course, anyone with any experience in this world (not just in electronics) will wonder about the sweeping "any and all". That really takes the cake! Wow! Let's all rush out and buy a few. During this month and next, while Mike Brumbaugh is getting the first issue of the ComSec Journal put together, we'll be carrying information on association activities as a service to the association. Remember though, this is no longer the official organ of the association. It is a newsletter available by subscription to anyone any where in the world. If you've let your association dues lapse, you'll be hearing from Mike shortly. COMSEC ASSOCIATION ANNUAL MEMBERSHIP MEETING The annual meeting of the members of the Communications Security Association will be held in the Colorado Room of the Sheraton Washington Hotel from 6:00 till 7:30 PM on December 13. Jack Mogus is making the arrangements, and, if you have questions, you can reach him on 703-281-7400. BOARD MEETING At the board meeting held on November 18, there were some interesting decisions made. The first is to make every president of every local chapter a voting member of the board while he/she is in office. This should provide broad national representation on the board. (These members will be exempt from the "miss two consecutive meetings and you're out" rule which will be adopted when our new by-laws go into effect.) The plan for CSA to publish the program for Surveillance EXPO '89 fell through. Mike learned that getting advertisers is more of a job than he thought. Oh well, maybe next year. There is some possibility that CSA will enter into some joint programs with The National Computer Security Association, NCSA. They're headquartered in Washington, DC, and have a decent sized membership and some interesting programs. The board asked Jim Ross to stay on for another year as president, and he agreed because Mike Brumbaugh has taken over as executive director, and Ross sees relief ahead. The ComSec Letter is published monthly (10 issues per year) by Ross Engineering, Inc., 7906 Hope Valley Court, Adamstown, MD 21710 USA. Tel: 301-831-8400; Fax: 301-874-5100. The letter covers communications and information security concerns in the modern world. Subscription price is $35/year for US, Canada and Mexico; and $55/year for all other addresses. -30-ComSec Letter Volume VI, Number 12 YOGO 5.12 December, 1989 Prepared and Edited by James A. Ross ****************************************** A DAY LATE & A DOLLAR SHORT Well, we're not really a dollar short, but we're more than a day late. This December letter is being mailed in January. I really wish that there was some way that I could blame the delay on some uncontrollable disruption, but the truth is that your old editor just let time get away from him. I'm sorry, and I'll try to do better in the new year. SURVEILLANCE EXPOS Your editor has been deeply involved (in many ways) in developing this series of shows relating to surveillance and countersurveillance. In fact, in this letter we're reporting on the first Surveillance Expo, and announcing the next one. Some of the reactions that we've had so far really surprised us, so we're using a little of our space to detail those reactions and to explain our primary motive in sponsoring these shows. The press response to all of our information, and even to exposure to the high-quality, professional-level products and services amazed us. Most of the reporting made us out to be some kind of a "spy shop" operation. Seems to be some fantastic bias at work there. Also, we were surprised that there were people who were shocked that we had computer hackers making presentations -- as if associating with hackers would result in personal contamination! So let's consider our motives. First, in simple terms, Jim Ross thinks that the good guys should be taught what the bad guys already know: "Strength through education; and education through communication". A philosopher said (as best I can remember his exact words): "All that is necessary for evil to triumph, is for good men to remain silent." I really believe in that idea, and my efforts to develop this educational activity are proof that I am willing to put my money and my time where my mouth is. Final thought: The primary emphasis during the development of the seminar faculty was to find people with hands-on experience. We did not want lofty theoretical talks, nor government approved (read sanitized) talks; we sought people with practical experience. And who better than a hacker to explain the threat from hackers? 6ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ ÍÍÍÍÍÍÍÍ4 Copyright, 1989. Ross Engineering, Inc., Adamstown, MD, USA SURVEILLANCE EXPO '89 It is our opinion (prejudiced, of course) that the first Surveillance Expo was the COMSEC, INFOSEC and INVESTIGATIONS TECHNOLOGY event of the year. In two and one-half days 642 people visited the exhibit hall with forty-five booths filled with the latest in surveillance and related technology products and services. In the break-out rooms, we had fifty-six seminars presented during three and one-half days. We've heard from many of the participants, and we'll try to pass along the essence of the commentary. OVERALL One observation that we heard from exhibitors, time and again, was that we had brought in a quality audience. There were decision level executives and very sharp technical people, but no macho men in camouflage fatigues with Soldier of Fortune sticking out of their back pockets. One consultant lined up two contracts on the first day, the surveillance vehicle exhibitor handed out 542 brochures and is currently working 72 promising leads, etc. We expect to see all of the exhibitors back again next year. We've also heard from some companies that held back and did not exhibit because it was a first show. Three of them urged us to put the event on again in six months so they would not have to wait a whole year to have the opportunity to exhibit! That's good news. Most of the speaker evaluation forms that we received were very favorable, and we expect that the committee will invite many of them back next year. THE CHOICE OF DATES We were chided by more than one participant for holding the event so close to the holiday season. Certainly we agree that the dates were not the best. However, when we started looking for space in January we learned that trying to find space in the Washington, DC area is tough, and we took what we could get. THE DECEMBER DATE, POSITIVES There are two good things about holding a show in Washington so late in the year. First, there is not that much competition from other shows. Second, after Congress adjourns for its holiday recess, there is not that much news in DC, but a lot of hungry newsmen and women. This year we had over 40 press representatives cover the expo. The Associated Press ran an article, Dan Rather had a crew of four in the exhibit hall for hours, NPR covered the show, Post Newsweek TV put on a special, the Washington Post ran a feature article, etc. (However, there may be a negative side to all of this coverage; see the segment "MEDIA BIAS".) THE DECEMBER DATE, NEGATIVES One negative aspect of the late date is that many people don't want to travel that close to the holidays. Also, many companies have expended their travel and promotional budgets. (However, one exhibitor pointed out that he wasn't concerned with his company's fiscal year; he was concerned with the federal government's which starts on October 1!) The most compelling argument against a meeting in Washington in the winter, however, is the weather and weather forecasters. Our local forecasters, burned a couple of years ago by not predicting a crippling snowstorm, tend to protect themselves by putting the worst possible interpretation on data. (Also, scary forecasts get attention.) For the Surveillance Expo '89 opening date they said, "sleet, freezing rain and snow", and the same for the following night. What we actually got was some snow each day. There is no doubt that attendance was down due to the actual weather, and down even further due to the gloom and doom forecasts. MAKING IT BETTER How can we make it better? Well, The Defense Intelligence College was upset because they had not heard of it until too late so we'll be sure that they get plenty of notice for next year. A Canadian businessman called to advise us to notify the embassies. Also, we were told that we should have more exhibitors and more big companies exhibiting, and that is a sentiment that we agree with. Considering the success of this show, from the exhibitors standpoint, we expect that many of the "on-the-fence" firms will sign up for next year. And, of course, the really big firms had people in attendance, and will have plenty of time to plan to participate in 1990. To get more publicity, we'll be asking several organizations to become cosponsors. So far we have the Communications Security Association and the National Computer Security Association, and we plan to talk to an association of investigators. These outfits will help with publicity, and also in selecting topics and locating and screening speakers for the seminars. Further, the registration contractor has provided us with an hour-by-hour breakdown of registrations. We'll use that information in planning next year's registration hours and to schedule exhibit and seminar hours. SEMINAR PROGRAM The Ross Engineering seminar has been slimmed down to one day. It is aimed primarily at security managers and investigators who need the overall big picture without a lot of technical detail. (Those who need more detail or hands-on practice with equipment can visit our new training facility for those functions.) The kick-off of the new one-day program will be in February. We're in Miami on the 5th, Dallas on the 7th and Los Angeles on the 9th. For more information, please call, write or fax. MEDIA BIAS On the negative side of all of the expo media coverage is the tendency for the journalists to tend to see things with a jaundiced eye. It's our feeling that the folks who work in the news business are the people who took all liberal arts courses and no hard science courses. Therefore, they don't understand any new technological development, and so, see it as something sinister. Sad. The masses depend upon them for unbiased news. Much of the coverage of this show tended to create the impression that the exhibitors were a bunch of "spy shop" people with simple doodads available to use to spy on your neighbors. That false impression brought calls from all over. One lady called me, and said that her son had told her to come to the expo and buy one each of each product! If she had tried to do that, she would have found that she couldn't buy the Motorola STU III secure telephone at any price because sales are made only to approved government contractors on classified government contracts. However she could have purchased a pair of AOE's top-of-the-line secure telephone for $39,000. But that's just a start. She would have really needed a strong bank balance to buy such things as the surveillance vehicle, the closed circuit TVs, the specialized lenses, the high power lights, the night vision equipment, the countersurveillance equipment, the system for transmitting pictures over phone lines or two-way hand-held radios, etc. Too bad that she got the idea that this was a dilettante type show. It wasn't. SURVEILLANCE EXPO '90 Place: Hyatt Regency, Crystal City, Virginia (adjacent to Washington National Airport. Dates: November 28 - 30, 1990. More detail soon. OUT WITH THE OLD; IN WITH THE NEW This will be the last newsletter under the name of "ComSec Letter". As we've mentioned before, the Communications Security Association is starting a new publication with COMSEC in its title and we are changing the name of this letter to minimize confusion. Care to guess the new name? A subscription extension of one year for a correct guess. Call, write or fax. The ComSec Letter is published monthly (10 issues per year) by Ross Engineering, Inc., 7906 Hope Valley Court, Adamstown, MD 21710 USA. Tel: 301-831-8400; Fax: 301-874-5100. The letter covers communications and information security concerns in the modern world. Subscription price is $35/year for US, Canada and Mexico; and $55/year for all other addresses. -30-