From: Perry Myers Date: Mon May 13, 2002 11:31am Subject: Cell Phone Bug Locater Just passing this along as the company has been soliciting this device. Thank you for your interest in the CAA. The CAA is a Cellular Activity Analyzer, based on a modified HP Jornada hand held computer. Its main purpose is to detect active and dormant hidden cellular phones, mainly cell-phones based bugging devices. The CAA is user-friendly, simply operated and easy to use. Performing bug-detection using the CAA completes the "traditional" detection operations. Its relatively low cost enables a quick return-on-investment: It can be sold to executives who are aware of information security importance, or rented to clients who can discreetly leave it at their office for several days or during important meetings. A report of detected cellular activity can be easily loaded to a Word document, providing a customer a with professional report and precise data: were there any cellular-based eavesdropping attempts, when did they take place, estimated location of the cellular-bugs, etc. This will provide an accurate, comprehensive investigation as well position the investigator as an updated, professional expert, who is aware of the most recent innovations, providing clients with state-of-the-art solutions. Please note that in addition to detecting cell-phone-based bugging devices, the CAA also functions as a handheld computer. Based on Windows Pocket PC operating system, the CAA enables you to synchronize your e-mails, colander, address book, Word and Excel files, MP3 music player etc. Enclosed you will find a PDF file containing further information about the CAA. You can view the file using Adobe Acrobat Reader. You may download the Acrobat Reader for free at the following website: <>. Netline is currently looking for worldwide distributors for the CAA, and would be glad to cooperate with your your company. Cellular phone technology has dramatically changed eavesdropping techniques. While a decade ago performing illegal eavesdropping was a complicated task requiring professional expertise (involving the installation of concealed transmitters and receivers on-site), today cellular phones can be easily converted into bugs and placed anywhere. Popular cell-phone models made by Nokia, Motorola and other market leaders, can transform into sophisticated, easily operated bugging devices through a small modification By a simple press of a button, a seemingly standard cell-phone device switches into a mode in which it seems to be turned-off. However, in this deceitful mode the phone will automatically answer incoming calls, without any visual or audio indications whatsoever. Since the airwaves are full with cellular phone transmissions, it is almost impossible to locate such cell-phone-based bugging devices. This task becomes even harder since transmission occurs only when the eavesdropper calls the cellular bug; hence practically - unless one knows where to look for - there is no way of detecting such bugs. The Solution <> Acknowledging this threat, Netline Communications Technologies releases the Cellular Activity Analyzer (CAA). Designed to fight cellular-based bugs, the Cellular Activity Analyzer detects active and dormant cellular phones. The CAA device is based on a modified handheld computer, used to monitor and detect all cellular communication activity in a given area (such as an office or yard). Whenever cellular transmission is detected, the CAA provides the user with real-time audio and visual alerts. CAA also creates a log-report of cellular activity that took place during a certain period of time, logging the exact time of every cellular-transmission, as well as transmissions' duration, type & strength. Using the CAA would enable you to detect active and dormant bugging devices. Based on a handheld computer, the CAA can be discreetly left at your customer's office for several days or during important meetings. Upon request, you will be able to provide your client with precise data: were there any cellular-based eavesdropping attempts, when did they take place, estimated location of the bugs, etc. As a professional in the private investigation field, offering a solution for cellular-based bugging-devices would position you as an updated expert - an expert aware of the most recent innovations, providing clients with state-of-the-art solutions. Perry D. Myers, CFE President & CEO E-mail: perry@d... MSI Detective Services Myers Service, Inc. Corporate Headquarters 2076 N. Elston Ave. Suite 200 Chicago, IL. 60614-3940 Phone 773-342-8300 Facsimile 773-486-4430 Professional Investigators Since 1959 Investigations Nationwide 24 Hour Availability www.detectiveservices.com Process Service Division - Downtown Chicago 205 W. Randolph St., Ste. 1210 Chicago, IL. 60606 Phone 312-782-4000 Fax 312-853-3119 For Security, Surveillance & Privacy Products U-Spy Store Chicago - Orlando - Internet Sales www.u-spystore.com Orlando Warehouse - (800) 393-4779 Chicago Sales - (773) 395-0220 For more information on our investigative services please visit our web site at www.detectiveservices.com This e-mail is strictly confidential. If you receive this e-mail in error, please forward immediately to info@d... --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.361 / Virus Database: 199 - Release Date: 5/7/2002 [Non-text portions of this message have been removed] 5344 From: Hawkspirit Date: Mon May 13, 2002 4:35pm Subject: Call for Sweep Articles Here is another historical article about bug sweeping that appeared in Popular Science August 1987. If anyone has this original article I would like to scan the pictures. My copy was a xerox. Also if you have any sweep articles that would be of interest for putting on my website as historical information or just educational material let me know. Roger Tolces Electronic Security Los Angeles http://www.bugsweeps.com/info/bugsweepers.html 5345 From: Justin T. Fanning Date: Mon May 13, 2002 4:27pm Subject: Re: PROGRAMME TO ID PAST E-MAIL Craig Snedden wrote: > Is your client using Microsoft Exchange? The facility exists within > the Exchange Server to trawl messages as described. Exchange can be "kludged" (via registry modifications) to copy incoming and outgoing messages to a "journal" e-mail box, but there is no such default behaviour as you described. [text removed] > Craig JF 5346 From: Justin T. Fanning Date: Mon May 13, 2002 5:24pm Subject: Re: [Fwd: The The Owl and the Doughnut - UK input Re: Cell Triangulation] George Shaw wrote: > Out of curiosity tonight I took apart a Nokia 3210e (Orange) powered > down and took readings across the range on the Rx side of the circuits > and YES it is powered even when the "switch" is off. Now that's interesting research! > I am running further tests now to see what exactly it is capable of > receiving but all indications are that it can indeed Rx when in "off" > mode which really is a standby mode I guess. What equipment do you have access to? Can you see data on the BUS? Can you probe the IF or is this within an IC? If you can confirm it's monitoring the control channel of your closest cell, that's a major discovery. I would probably go to the software level next and find exactly what functionality is available when in this mode. > I have several other phones here I can hack this week. Now if Nokia > are doing it I guess the others are as well, whether it's in the > spec or not. Look forward to hearing of your findings. JF 5347 From: Aimee Farr Date: Mon May 13, 2002 5:31pm Subject: The Dogs of Tierra del Fuego > WASHINGTON, May 10 ­ A federal judge sentenced former FBI agent > Robert Hanssen to life in prison without parole Friday for spying for > Moscow, closing a chapter in one of America's most-damaging espionage > scandals. That was a big story, but as the world turns, so is the press. People can focus on negative facts, and loose sight of the wisdom. CHARLES DARWIN, ON THE ORIGIN OF SPECIES (A parsed simile) Nor ought we to think that the occasional destruction of an animal of any particular colour would produce little effect: we should remember how essential it is in a flock of white sheep to destroy every lamb with the faintest trace of black. ....Let us take the case of a wolf, which preys on various animals, securing some by craft, some by strength, and some by fleetness; and let us suppose that the fleetest prey, a deer for instance, had from any change in the country increased in numbers, or that other prey had decreased in numbers, during that season of the year when the wolf is hardest pressed for food. Under such circumstances the swiftest and slimmest wolves would have the best chance of surviving, and so be preserved or selected, -- provided always that they retained strength to master their prey at this or at some other period of the year, when they might be compelled to prey on other animals. I can see no more reason to doubt this, than that man can improve the fleetness of his greyhounds by careful and methodical selection, or by that unconscious selection which results from each man trying to keep the best dogs.... ....the wolves inhabiting a mountainous district, and those inhabiting the lowlands, would naturally be forced to hunt different prey; and from the continued preservation of the individuals best fitted for the two sites, two varieties would slowly be formed. These varieties would cross and blend where they met.... according to Mr. Pierce, there are two varieties of the wolf inhabiting the Catskill Mountains in the United States, one with a light greyhound-like form, which pursues deer, and the other more bulky, with shorter legs, which more frequently attacks the shepherd's flocks. ....there exist savages so barbarous as never to think... yet any one animal particularly useful to them, for any special purpose, would be carefully preserved during famines...and such choice animals would thus generally leave more offspring than inferior ones; so that in this case there would be a kind of unconscious selection going on. We see the value set on animals even by the barbarians of Tierra del Fuego, by their killing and devouring of old women, in times of dearth, as of less value than their dogs. [...] 'Doggies catch otters, old women, no'. -- VOYAGE OF THE BEAGLE 5348 From: Justin T. Fanning Date: Mon May 13, 2002 6:18pm Subject: Re: Detection of cell-phone-based bugging devices Hawkspirit wrote: >> Anybody know what this is about and how it works? Roger >> Detection of cell-phone-based bugging devices >> The New Threat >>image001.pngimage002.gif not very much help on a group that strips binary attachments >> Cellular phone technology has dramatically changed eavesdropping >> techniques. While a decade ago performing illegal eavesdropping was >> a complicated task requiring professional expertise (involving the >> installation of concealed transmitters and receivers on-site), today >> cellular phones can be easily converted into bugs and placed >> anywhere. >> Popular cell-phone models made by Nokia, Motorola and other market >> leaders, can transform into sophisticated, easily operated bugging >> devices through a small modification >> By a simple press of a button, a seemingly standard cell-phone >> device switches into a mode in which it seems to be turned-off. >> However, in this deceitful mode the phone will automatically answer >> incoming calls, without any visual or audio indications whatsoever. This is through the use of the hands free feature. When in hands free mode, most handsets assume they are in a cradle of sorts and are probably non visible to the eye. Thus the display is shut down and instead display information is sent to the control lines (which assume they are talking to a car kit). Most handsets can be programmed to auto answer in hands free (car kit) mode (to answer the phone while you are driving). Most handsets can be put into this mode by shorting select pins on the base of the handset, or via a keypad command. Once in hands free mode the handset will answer incoming calls without ringing or displaying anything (as all this data is sent only to the control lines). As no external mic/speaker is connected the existing mic/speaker are used. The perpetrator simply then needs to call the handset (usually from a phone with audio amplification ability - a speaker phone (on local mute) may suffice) and they will be piped room audio from the cell phone. >> Since the airwaves are full with cellular phone transmissions, it is >> almost impossible to locate such cell-phone-based bugging devices. >> This task becomes even harder since transmission occurs only when >> the eavesdropper calls the cellular bug; hence practically - unless >> one knows where to look for - there is no way of detecting such >> bugs. The 'bug' would poll the closest base station just like any other cellular device. I would like to think any TSCM'er worth their salt would detect a 2W burst of wide band data ~ every 20 minutes. Isn't one of JMA's favourite tricks to catch the really sneaky ones to leave a wide band peek logging spectrum analyser active for 24 hrs+ to catch burst transmitters etc. A cell phone would be picked up in under 30 minutes. >> The Solution >> image003.jpgimage003.jpg Again more images. >> Acknowledging this threat, Netline Communications Technologies >> releases the Cellular Activity Analyzer (CAA). Designed to fight >> cellular-based bugs, the Cellular Activity Analyzer detects active >> and dormant cellular phones. Dormant meaning switched on, but not actively on a call. >> The CAA device is based on a modified handheld computer, used to >> monitor and detect all cellular communication activity in a given >> area (such as an office or yard). Whenever cellular transmission is >> detected, the CAA provides the user with real-time audio and visual >> alerts. CAA also creates a log-report of cellular activity that took >> place during a certain period of time, logging the exact time of >> every cellular-transmission, as well as transmissions duration, >> type & strength. So it's a hardware receiver/decoder with a software logging back end. A poor mans cellular test/logging spectrum analyser of sorts. I was expecting more whiz bang, like a unit that scanned through the major cellular standards (TDMA, CDMA, GSM, AMPS etc.) emulating a base. Or even a unit that once it detected a bit stream, decrypted and decoded the stream in real time. This is just a smokescreen for a narrow band logging SA. >> Netline is currently looking for worldwide distributors for the CAA. The Spy Shop is pretty cashed up after their reverse-IPO... >> As a company that deals with security solutions, offering an answer >> to cellular-based bugging devices would position you as an updated >> expert, aware of the most recent innovations. Snake oil. If you've got a wide band spectrum analyser, by the time you've had your first coffee the 'bug' has already identified itself to the nearest cellular base. Just out of interest, while performing sweeps, do people ask clients to switch off all cellular devices (including staff etc. if the building is manned at the time)? or do people simply ignore this part of the spectrum? I guess no one will after reading this list the past few days! >> The CAA will join your existing line of products enabling you to >> continue to provide your clients with the most advanced technology >> available in the battle against bugging devices. Ockham's Razor... JF 5349 From: James M. Atkinson Date: Mon May 13, 2002 9:43pm Subject: Re: Detection of cell-phone-based bugging devices Curtis makes (or made) a similar unit. It scans the frequencies emitted from the mobile, and logs where the energy pops up on the spectrum. It then builds a chart of the signals while you move the instrument over the area being tested. You can then "hone in on" a specific signal by using a directional antenna. Next a small signal is generated (much to the FCC's annoyance) to make the cell phone think it just changed towers and the operator fools the suspect phone unto actually answering, and get a hard lock on the location. The instruments are totally inappropriate for eavesdropping, but are great for finding cellular phones being used in naughty ways. Always use an small loop antenna or equiangular unit to keep the unit highly directional. -jma At 12:04 PM -0700 5/13/02, Hawkspirit wrote: > >Anybody know what this is about and how it works? Roger >> >>Detection of cell-phone-based bugging devices >> >> >> >>The New Threat >> >> >> >>image001.pngimage002.gif >> >>[ Cellular phone technology has dramatically changed eavesdropping >>techniques. While a decade ago performing illegal eavesdropping was a >>complicated task requiring professional expertise (involving the >>installation of concealed transmitters and receivers on-site), today >>cellular phones can be easily converted into bugs and placed anywhere. >> >> >> >>Popular cell-phone models made by Nokia, Motorola and other market >>leaders, can transform into sophisticated, easily operated bugging devices >>through a small modification >> >>By a simple press of a button, a seemingly standard cell-phone device >>switches into a mode in which it seems to be turned-off. However, in this >>deceitful mode the phone will automatically answer incoming calls, without >>any visual or audio indications whatsoever. >> >> >>Since the airwaves are full with cellular phone transmissions, it is >>almost impossible to locate such cell-phone-based bugging devices. This >>task becomes even harder since transmission occurs only when the >>eavesdropper calls the cellular bug; hence practically - unless one knows >>where to look for - there is no way of detecting such bugs. >> >> >> >> >> >>The Solution >> >> >> >>image003.jpgimage003.jpgAcknowledging this threat, Netline Communications >>Technologies releases the Cellular Activity Analyzer (CAA). Designed to >>fight cellular-based bugs, the Cellular Activity Analyzer detects active >>and dormant cellular phones. >> >> >> >>The CAA device is based on a modified handheld computer, used to monitor >>and detect all cellular communication activity in a given area (such as an >>office or yard). Whenever cellular transmission is detected, the CAA >>provides the user with real-time audio and visual alerts. CAA also creates >>a log-report of cellular activity that took place during a certain period >>of time, logging the exact time of every cellular-transmission, as well as >>transmissions duration, type & strength. >> >> >> >>Netline is currently looking for worldwide distributors for the CAA. >> >>As a company that deals with security solutions, offering an answer to >>cellular-based bugging devices would position you as an updated expert, >>aware of the most recent innovations. >>The CAA will join your existing line of products enabling you to continue >>to provide your clients with the most advanced technology available in the >>battle against bugging devices. >> >> >> >> >> >>For further information, brochures, or any question, please contact: >> >> >> >>Ms. Loreen Haim >> >>Netline communications Technologies >> >>Tel: +972-3-5109855 Ext. 119 >> >>Fax: +972-3-5109821 >> >>Email: loreen@n... >> >>Website: www.netline.co.il >> >> >> > > >[Non-text portions of this message have been removed] > > > >======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: >http://www.yahoogroups.com/community/TSCM-L > > It is by caffeine alone I set my mind in motion. > It is by the juice of Star Bucks that thoughts acquire speed, > the hands acquire shaking, the shaking is a warning. > It is by caffeine alone I set my mind in motion. >=================================================== TSKS > >Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ -- -------------------------------------------------------------------------------------------------- The First, The Largest, The Most Popular, and The Most Complete TSCM, Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet. -------------------------------------------------------------------------------------------------- James M. Atkinson Ph: (978) 381-9111 Granite Island GroupFax: 127 Eastern Avenue #291http://www.tscm.com/ Gloucester, MA 01931-8008mailto:jmatk@tscm.com -------------------------------------------------------------------------------------------------- "...three shall be the number to count, and the number to be counted shall be three.....four shall thou not count......five is right out". - M. Python -------------------------------------------------------------------------------------------------- 5350 From: Steve Uhrig Date: Mon May 13, 2002 9:52pm Subject: Barry McCleary front and center Barry, if you have not been getting my emails, please call me Tuesday sometime. I need to settle with you, but it appears as if your email may be blocked by our anti spam measures. I have been replying to your mails but have not heard back from you. If you have been getting my mails, please acknowledge so I can settle up with you. Steve ******************************************************************* Steve Uhrig, SWS Security, Maryland (USA) Mfrs of electronic surveillance equip mailto:Steve@s... website http://www.swssec.com tel +1+410-879-4035, fax +1+410-836-1190 "In God we trust, all others we monitor" ******************************************************************* 5351 From: John M Date: Mon May 13, 2002 6:01pm Subject: Dangers of profiling While were all getting busy nailing Arabs, lets not forget: Who detonated a car bomb in Oklahoma City killing 168 persons? A) A muslim extremist male B) A pizza guy C) A white male, aged 25-35 Who attacked the USS Liberty, an unarmed, clearly marked US spy ship? A) A country full of muslim extremist males B) A country full of pizza guys C) Israel Who cost the United States taxpayers close to $500 billion dollars in the Saving & Loan looting spree in the 1990's? A) A bunch of poor blacks in the ghetto B) A bunch of poor muslim extemists in the ghetto C) A bunch of very wealthy, predominantly white-male businessmen Who ran the most power national security agency in the world for 50 years, collected dossiers on thousands of individuals, used said dossiers for blackmail purposes, while at the same time, was a drag queen thus exposing himself (and the most powerful national security agency in the world) to being blackmailed itself? A) A muslim extremist B) A pizza guy C) J. Edgar Hoover That's the tricky bit with the profiling, while your busy putting a stereotype under the microscope, there goes your twin brother carrying a bomb... __________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com 5352 From: dr_chevalier2002 Date: Mon May 13, 2002 9:27pm Subject: hello all Hello all, I wanted to introduce myself and agency( both can be found in the Email signature. I've been in the business for over 22 years both (public and private combined). If anyone needs Criminal Profiling performed on some cases, don't hesitate to make contact. Doc Dr. Dennis H. Chevalier PhD, LPI, APA, AABP DIRECTOR The CONSORTIUM of SCIENTIFIC INVESTIGATION & RESEARCH in cooperation with CHEVALIER AND ASSOCIATES Lic.# A07811 Web site: http://www.behavioral-sciences.org Email: doc@b... Main direct 817.263.9599 Fax 817.314.8092 Pager 817.432.6058 Cell 817.992.8993 Join a team for a cure for Cancer, Alzheimer disease and Genetics mutations at: http://members.ud.com/services/teams/team.htm?id=1E52EF2C-86C4-407B- 9209-B7FC63800495 5353 From: Gregory Perry Date: Mon May 13, 2002 11:09pm Subject: Re: Cell Triangulation] > Do you have any websites for these briefcase bandits? Are they sold as > legitimate testing tools like a GSM test-set of sorts, a law > enforcement tool or are they strictly for the grey market? I'll dig around tonight and see if I can find the German company that makes the briefcase model, it is not a grey market product but rather a modified cell site/BSS used for legitimate law enforcement interception. With a properly modified BSS, one could wreak havok in GSM networks. There are several niche spectrum analyzers that include similar functionality, but are not specifically tailored for interception capability... > > It was a bit more than that, Mitnick in collusion with an Israeli > > national retrieved handset source code from Motorola. Shimmy tracked > > him down with a modified Oki-900 handset and CTEK cable (also very > > much illegal). Congress had to give Shimmy immunity in order to > > testify about the case. > > I don't know the specific details to comment here, though it sounds > fascinating. Perhaps you could enlighten us, what was the cellphone > modified to do exactly? The original Oki-900 actually had several "vendor specific anomalies" that allowed you to put it into debug mode, and do pretty much anything you wanted with an analog AMPS system (scanning cell freqs, forward control channel dumps, specific frequency overrides etc.). There was a company (called Network Wizards I recall) that developed a special cable that you could augment the Oki-9 with a handheld or PDA to do illegal neat things, like monitor various control and paging channels to watch handoffs, track calls (a first gen trunk tracker if you will), grab reverse control channel info (ESN/MIN pairs, dtmf digits dialed field etc). In addition, the early model Oki's had a socketed PROM which made custom mods trivial; the first mod was 4006, a tumbler modification that generated a new ESN/MIN pair each time you turned the phone on. At that time, few MTSOs were real time connected to the network, so if you came up with a correct manufacturer code + random ESN + out of area M! IN, you could validate with the network and make one call before your ESN/MIN pair was blacklisted. Some MTSOs would accept whatever MIN you gave them, so you could on boot punch in the number you wanted the phone call to appear from (say the payphone in front of the FBI building) and that would be your ANI information. One company that initially developed a cellular digital data interpreter (DDI) that was similar to the Curtis ESN grabber eventually made their millions by selling retrofits for cell sites that did only one thing - look for tumbled calls, and forge a disconnect from the handset to the cell site. Early generation cell sites did not have the capability to disconnect calls, e.g. once you pulled off a tumbled call you could ride out on the line for hours (or days), even after the ESN/MIN was blacklisted, simply because the cell site had never been built with the capability of disconnecting calls in progress. Later generation mods for the Oki-9 became increasi! ngly more advanced, including one (called the vampire mod) that put the phone into Rx mode while on hook, monitored the reverse control channel, did the necessary manchester decoding, and stored each ESN/MIN pair in memory to be used one time for each call (basically piggy backing on captured ESN/MIN pairs). Shimmy got a CTEK cable, Oki-9 and handheld loaded with indial numbers for the ISP Mitnick was using, and used that with help from a telco to triangulate Mitnick (as he was using a modified Oki-900 with an RJ-11 interface to dial into his ISP and break into networks over cellular data connections). Anyway, Mitnick got a federal prison sentence, Shimmy got immunity, and the devil is in the details. Two wrongs might not make a right, but they made for a book and movie deal for Shimmy. Thank God all of those problems have been fixed with current generation digital and GSM networks. Ahem. 5354 From: James M. Atkinson Date: Mon May 13, 2002 11:25pm Subject: Re: hello all I would like to invite you to kiss my ass Dennis... both cheeks, and then the pucker, and please take your time. If you recall, you came to my website about 2 years ago, stole my entire bio and simply replaced my name with your own and plastered it all over your website at www.realspy.com claiming it was your own. You also stole dozens of my graphics, and completely ignored my requests to delete them. It wasn't until I confronted you on the phone, and got you stop lying that you even admitted that the website was even yours. Quite a few respect members of the TSCM and security all visited the site in question, and will confirm that the page you had up as your own BIO was grossly pilfered from my own website. Several of these people also contacted you and discussed the credentials that were presented on your site (and even got you to confess that the bio was yours, and that you do all you own html coding, etc). In a nutshell you were acknowledging that you knew that not only was the meters there, but only claimed they where YOUR credentials, and that YOU were the one who placed them there. On top of that you actually had the balls to print our the stolen materials and pawn it off on your clients, and claim that it was your own credentials. Clients where not amused by your prancing around their office for 30 minutes with a Bearcat scanner and a broadband diode detector only to have you claim that you detected four bugs (but couldn't tell the victim where the bugs were, provide a bearing, or even what frequencies they were on). Where you ever curious why your contact there tossed you out of the building after less then two hours on site. Of course when you realized that you had been caught lying and stealing you claimed that someone had hacked you website; and yet you felt it was OK to borrow or even steal anothers creditably. So why would a group of hackers break in to your website and upload a modified BIO they swiped from someone else, and yet you didn't detect it for over seven months. Not only did you not detect it, but you even printed it up, reproduced it, and used it as a sales tool... Of course it must have been the evil hackers doing all these things. Dennis, we both know that you stole from me, and that you are full of shit.. We also both know that you still owe me over $300,000 dollars for the period of time you were unlawfully using my materials. On top of that it shames the real veterans, the military, and even the honor of the uniform when you try to make people thing that you were some kind of a colonel in the USAF. It is a disgrace what you are doing, and you need to stop. No doubt you claim to have a medal of Honor, or even a SEAL Budweiser. We do not need posers such as yourself making the entire industry look bad. So kindly go fuck your self, -jma At 2:27 AM +0000 5/14/02, dr_chevalier2002 wrote: >Hello all, I wanted to introduce myself and agency( both can be >found in the Email signature. >I've been in the business for over 22 years both (public and private >combined). >If anyone needs Criminal Profiling performed on some cases, don't >hesitate to make contact. >Doc > >Dr. Dennis H. Chevalier PhD, LPI, APA, AABP > >DIRECTOR > > > >The CONSORTIUM of SCIENTIFIC INVESTIGATION & RESEARCH >in cooperation with CHEVALIER AND ASSOCIATES Lic.# A07811 >Web site: http://www.behavioral-sciences.org >Email: doc@b... >Main direct 817.263.9599 >Fax 817.314.8092 >Pager 817.432.6058 >Cell 817.992.8993 > >Join a team for a cure for Cancer, Alzheimer disease and Genetics >mutations at: >http://members.ud.com/services/teams/team.htm?id=1E52EF2C-86C4-407B- >9209-B7FC63800495 -- -------------------------------------------------------------------------------------------------- The First, The Largest, The Most Popular, and The Most Complete TSCM, Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet. -------------------------------------------------------------------------------------------------- James M. Atkinson Ph: (978) 381-9111 Granite Island GroupFax: 127 Eastern Avenue #291http://www.tscm.com/ Gloucester, MA 01931-8008mailto:jmatk@tscm.com -------------------------------------------------------------------------------------------------- "...three shall be the number to count, and the number to be counted shall be three.....four shall thou not count......five is right out". - M. Python -------------------------------------------------------------------------------------------------- 5355 From: Matthew Paulsen Date: Tue May 14, 2002 0:34am Subject: RE: Dangers of profiling Hey this is fun. Here's one I just thought up. Who turned over 'classified secrets' (Heard that on the news the other night. As opposed to those non-classifed secrets. Or non-secret classifieds? It's a want ad :P) to US enemies for 22 years, earning $1.4 million and killing at least 3 operatives in the field. A) A muslim extremist male B) A pizza guy C) A middle aged white male working for the FBI, with a home, wife and kids (and stripper on the side). Anyone else got one cooking? Thanks, Matt Paulsen Orange Networks LLC - Computers, Networks, Internet and Security http://www.orange-networks.com 503.533.4767 -----Original Message----- From: John M [mailto:johnem101@y...] Sent: Monday, May 13, 2002 4:01 PM To: TSCM-L@yahoogroups.com Subject: [TSCM-L] Dangers of profiling While were all getting busy nailing Arabs, lets not forget: Who detonated a car bomb in Oklahoma City killing 168 persons? A) A muslim extremist male B) A pizza guy C) A white male, aged 25-35 Who attacked the USS Liberty, an unarmed, clearly marked US spy ship? A) A country full of muslim extremist males B) A country full of pizza guys C) Israel Who cost the United States taxpayers close to $500 billion dollars in the Saving & Loan looting spree in the 1990's? A) A bunch of poor blacks in the ghetto B) A bunch of poor muslim extemists in the ghetto C) A bunch of very wealthy, predominantly white-male businessmen Who ran the most power national security agency in the world for 50 years, collected dossiers on thousands of individuals, used said dossiers for blackmail purposes, while at the same time, was a drag queen thus exposing himself (and the most powerful national security agency in the world) to being blackmailed itself? A) A muslim extremist B) A pizza guy C) J. Edgar Hoover That's the tricky bit with the profiling, while your busy putting a stereotype under the microscope, there goes your twin brother carrying a bomb... __________________________________________________ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com Yahoo! Groups Sponsor ADVERTISEMENT Height: 4567 ft 01234567891011 in Weight: Sex: F M ======================================================== TSCM-L Technical Security Mailing List "In a multitude of counselors there is strength" To subscribe to the TSCM-L mailing list visit: http://www.yahoogroups.com/community/TSCM-L It is by caffeine alone I set my mind in motion. It is by the juice of Star Bucks that thoughts acquire speed, the hands acquire shaking, the shaking is a warning. It is by caffeine alone I set my mind in motion. =================================================== TSKS Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service. 5356 From: Matthew Paulsen Date: Tue May 14, 2002 1:13am Subject: RE: Dangers of profiling >> As a former pizza guy, I object to the stereotyping... Now, lawyers... They're fair game... Stereotyping? I only see profiling going on here. Matt (note: Received the above quote directly from someone. Reposting w/o their creds. We wouldn't want to profile the pizza guy's background too much. It could lead to "demographic data mining" Wait.. I hear the marketing hounds approaching :) [Non-text portions of this message have been removed] 5357 From: David Alexander Date: Tue May 14, 2002 8:27am Subject: UK input Re: Cell Triangulation >Can you show me in the 6,000 pages of GSM spec... This is precisely the kind of information that would not be included in the published specifications, similar to the fact that there is a back door built into the GSM encryption algorithm so that the authorities can monitor conversations. To my knowledge that is not published anywhere either, other than by Ross Anderson. My 2C. _______________________________ David Alexander M.INSTIS Global Infrastructure Director Bookham Technology plc Tel: +44 (0) 1327 356264 Mobile: +44 (0) 7799 881284 Fax: +44 (0) 1327 356775 http://www.bookham.com ======================================================================= This e-mail is intended for the person it is addressed to only. The information contained in it may be confidential and/or protected by law. If you are not the intended recipient of this message, you must not make any use of this information, or copy or show it to any person. Please contact us immediately to tell us that you have received this e-mail, and return the original to us. Any use, forwarding, printing or copying of this message is strictly prohibited. No part of this message can be considered a request for goods or services. ======================================================================= Any questions about Bookham's E-Mail service should be directed to postmaster@b.... [Non-text portions of this message have been removed] 5358 From: Hawkspirit Date: Tue May 14, 2002 8:37am Subject: Curtis Jim, Is there web information on this unit? Roger From: "James M. Atkinson" Subject: Re: Detection of cell-phone-based bugging devices Curtis makes (or made) a similar unit. 5359 From: David Alexander Date: Tue May 14, 2002 9:20am Subject: re: tracing e-mail Raymond Further to your query. If the company in question are any good they will be making backups of their servers, including the e-mail server, on a daily basis. It is a time-consuming but often useful exercise to look through the backup tapes for any traffic logs that may have been overwritten, deleted, etc, to see if the message or addressee is lurking in the tapes. To avoid web mail being used for such purposes (and to prevent viruses and Trojans getting in this way, which is almost impossible to scan effectively) we block access to all webmail services on our firewall and proxy servers. I may not be a TSCM professional, but when it comes to computer security, I'm your man. If you want any more advice on this then feel free to e-mail me offline. regards _______________________________ David Alexander M.INSTIS Global Infrastructure Director Bookham Technology plc Tel: +44 (0) 1327 356264 Mobile: +44 (0) 7799 881284 Fax: +44 (0) 1327 356775 http://www.bookham.com ======================================================================= This e-mail is intended for the person it is addressed to only. The information contained in it may be confidential and/or protected by law. If you are not the intended recipient of this message, you must not make any use of this information, or copy or show it to any person. Please contact us immediately to tell us that you have received this e-mail, and return the original to us. Any use, forwarding, printing or copying of this message is strictly prohibited. No part of this message can be considered a request for goods or services. ======================================================================= Any questions about Bookham's E-Mail service should be directed to postmaster@b.... [Non-text portions of this message have been removed] 5360 From: Marcel Date: Tue May 14, 2002 9:27am Subject: WAS-UK input Re: Cell Triangulation Now-Motorola Files for GSM Bugging Patents Motorola Files for GSM Bugging Patents Motorola http://www.mot.com Summary: 7:54:01 AM 4/13/2000 Britain's "New Scientist" magazine has revealed some insight into how secure GSM phones can be monitored by police and security agencies via Motorola technology that now is in the patent process. The Motorola patent says the weak point comes when the caller logs on and has to make his or her details known to a central computer handshake to check the ID and to arrange billing. If a caller or recipient is on a wanted list, the call is diverted to the authorities. The patent reportedly makes no mention of how the coded calls are deciphered; presumably, the authorities have a back-door key. In Australia, GSM was delayed until such agencies as the Defense Signals Directorate could decode it. Reported by Newsbytes. Further information available. Full Article: SYDNEY, AUSTRALIA, 2000 APR 12 (NB) -- By John Stackhouse, Computer Daily News. Now that much of the world is using supposedly "secure" GSM (Global System for Mobile communications) mobile phones, did you ever wonder how the police and security services manage to bug the calls? Britain's New Scientist magazine found the answers in patents which US-based Motorola [NYSE:MOT] filed recently. As long suspected, ordinary mobiles are tapped at the land interface. Each caller has to log on to a cell and most go through another cell or a switch to complete the call, depending on whether they're mobile-to-mobile or mobile-to-line calls. Monitors can arrange to nominate callers and listen in. The question of satellites was more intriguing. Many calls will go on satellite-to-satellite relays (as in the late, lamented Iridium) and be re-broadcast direct from near space to the recipient on Earth. The Motorola patent says that, as with terrestrial mobiles, the weak point comes when the caller logs on and has to make his or her details known to a central computer handshake to check the ID and to arrange billing. If a caller or recipient is on a wanted list, the whole call is diverted to the authorities. The patent makes no mention of how the coded calls are deciphered. Presumably the authorities have a back-door key. GSM is the world's most common mobile phone system with around 250 million users around the globe, or more than two thirds of all users. In Australia, introduction of GSM was delayed until services such as the government's shadowy Defence Signals Directorate could be sure that it could decode GSM. David Alexander wrote: > >Can you show me in the 6,000 pages of GSM spec... > > This is precisely the kind of information that would not be included in the > published specifications, similar to the fact that there is a back door > built into the GSM encryption algorithm so that the authorities can monitor > conversations. To my knowledge that is not published anywhere either, other > than by Ross Anderson. > > My 2C. > > _______________________________ > David Alexander M.INSTIS > Global Infrastructure Director > Bookham Technology plc > Tel: +44 (0) 1327 356264 > Mobile: +44 (0) 7799 881284 > Fax: +44 (0) 1327 356775 > http://www.bookham.com > > > ======================================================================= > This e-mail is intended for the person it is addressed to only. The > information contained in it may be confidential and/or protected by > law. If you are not the intended recipient of this message, you must > not make any use of this information, or copy or show it to any > person. Please contact us immediately to tell us that you have > received this e-mail, and return the original to us. Any use, > forwarding, printing or copying of this message is strictly prohibited. > > No part of this message can be considered a request for goods or > services. > ======================================================================= > Any questions about Bookham's E-Mail service should be directed to postmaster@b.... > > [Non-text portions of this message have been removed] > > > ======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.yahoogroups.com/community/TSCM-L > > It is by caffeine alone I set my mind in motion. > It is by the juice of Star Bucks that thoughts acquire speed, > the hands acquire shaking, the shaking is a warning. > It is by caffeine alone I set my mind in motion. > =================================================== TSKS > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ -- "NEXTEL1 IT'S NOT JUST NEXTEL" Subscribe to Nextel1: http://www.groups.yahoo.com/subscribe/NEXTEL1 "NEXTEL2 FOR iDEN SOFTWARE DEVELOPERS" Subscribe to Nextel2: http://www.groups.yahoo.com/subscribe/NEXTEL2 "WIRELESS FORUM HOMELAND SECURITY GROUP" The Complete Resource for Wireless Homeland Security. Subscribe to WFHSG: http://www.groups.yahoo.com/subscribe/WFHSG 5361 From: James M. Atkinson Date: Tue May 14, 2002 9:38am Subject: Smarter Spying http://www.nytimes.com/2002/05/14/opinion/14KRIS.html?todaysheadlines=&pagewanted=print&position=top MCLEAN, Va. - While visiting the C.I.A.'s headquarters here and admiring the high-tech perimeter fence as well as displays of gadgetry like a K.G.B. electrical plug that doubles as a bug, I've been thinking back on my first encounter with the Spooky World. It was 1988, and my wife, Sheryl WuDunn, and I had just moved to Beijing. While I was on a ladder hanging pictures in our new apartment, I found a cubbyhole covered with wire mesh. Taking a hammer, I smashed the mesh and found a nest of electrical devices. On one of them was a row of Chinese characters that translated literally as "electric sound-carrying device." So our apartment had been bugged! Sheryl and I disappeared into the bathroom, turned on the shower to drown out the bugs and whispered into each other's ears. Should we smash the bugs? No! We would leave them there to feed disinformation to Chinese State Security. For example, we would praise the willingness of the leading hard-liner, Li Peng, to leak documents to us. For now, it seems as if Congress will also wield a hammer soon. It is launching a major investigation of America's spooks in the coming weeks. A tough investigation is essential, for this is a rare chance to diagnose and fix deep problems in the $30-billion-a-year intelligence apparatus. Conversations with people in this shadowy world suggest that America's spies, nurtured on cold-war tasks like monitoring the Soviet Army, are struggling to adapt to newer threats like Al Qaeda. The spies are hobbled by a culture of timidity and by the proclivity of any ponderous bureaucracy to eschew risk and waddle behind the curve. "You had to get permission to talk to anybody who wasn't in the Rotary Club," said Senator Richard Shelby, vice chairman of the Senate's Intelligence Committee, speaking of pre-9/11 constraints on C.I.A. officers. George Tenet, the C.I.A. director, denies that 9/11 reflects an "intelligence failure." Mr. Tenet, who in the last few years has made progress in fixing the problems, knows better. As early as 1995, Philippine police spent weeks extinguishing cigarettes into the flesh of a terrorist named Abdul Hakim Murad, who had taken flying lessons in Texas, New York and North Carolina. It turned out that he was plotting to bomb 11 commercial planes and crash another into C.I.A. headquarters. A year earlier, Islamic terrorists had hijacked a plane in a plot to crash it into the Eiffel Tower. Ashton Carter, a former assistant secretary of defense, notes that a standard preventive approach in the military is to assign a "red team" to come up with methods of attack, and a "blue team" to design countermeasures. If this had been done, then the red team might have dreamed up something like 9/11 - while the blue team might have thought of steps like reinforced cockpit doors. Robert Baer, in his recent C.I.A. memoir, "See No Evil," describes being based in Tajikistan during the Afghan civil war and pleading for a speaker of Dari or Pashto to interview Afghan refugees and collect intelligence on Afghanistan. Headquarters instead offered to send him a four-member team to brief him on sexual harassment. Today's touchy-feely C.I.A. even has Take Our Daughters to Work Day, although children are closely monitored so that they do not overthrow small African governments. And, in the ultimate indignity of small-minded civilian oversight, C.I.A. employees must not exceed a 25 mile per hour speed limit within their own headquarters compound - for, a sign warns, it is "radar-enforced." To his credit, Mr. Tenet has moved aggressively since 9/11 to take risks and redeploy against terrorist threats. The head of operations, Jim Pavitt, claims that 10 times as many operations people are being trained now as six years ago. The new emphasis on human intelligence is essential, for it is much better than electronic intercepts to answer the crucial questions for American foreign policy: Will China become a military threat? Will the Saudi monarchy collapse? How can we better control Russian nukes? Oh, and another reason to cultivate spies who really know foreign societies, rather than dilettantes who get excited at the first gadget they find: As Sheryl and I discussed our plans to release disinformation to the Chinese, a friend arrived at the front door, and we learned the colloquial meaning of "electric sound-carrying device." It's "doorbell buzzer." -- -------------------------------------------------------------------------------------------------- The First, The Largest, The Most Popular, and The Most Complete TSCM, Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet. -------------------------------------------------------------------------------------------------- James M. Atkinson Ph: (978) 381-9111 Granite Island GroupFax: 127 Eastern Avenue #291http://www.tscm.com/ Gloucester, MA 01931-8008mailto:jmatk@tscm.com -------------------------------------------------------------------------------------------------- "...three shall be the number to count, and the number to be counted shall be three.....four shall thou not count......five is right out". - M. Python -------------------------------------------------------------------------------------------------- [Non-text portions of this message have been removed] 5362 From: James M. Atkinson Date: Tue May 14, 2002 10:33am Subject: Apology to the list Good morning, The below posting was supposed to have been sent to Dennis privately, and was not intended to be public. Such material is inappropriate for posting to the list, and should sent privately. I was tired when I made the post and somehow accidently cross posted it to the list, but I feel that it is an accurate account of the facts concerning Dennis ripping me off by plagiarizing off my website. I apologize for posting it to the list as it was supposed to be a private message to Dennis. -jma At 12:25 AM -0400 5/14/02, James M. Atkinson wrote: >I would like to invite you to kiss my ass Dennis... both cheeks, and >then the pucker, and please take your time. > >If you recall, you came to my website about 2 years ago, stole my >entire bio and simply replaced my name with your own and plastered it >all over your website at www.realspy.com claiming it was your own. >You also stole dozens of my graphics, and completely ignored my >requests to delete them. It wasn't until I confronted you on the >phone, and got you stop lying that you even admitted that the website >was even yours. > >Quite a few respect members of the TSCM and security all visited the >site in question, and will confirm that the page you had up as your >own BIO was grossly pilfered from my own website. Several of these >people also contacted you and discussed the credentials that were >presented on your site (and even got you to confess that the bio was >yours, and that you do all you own html coding, etc). In a nutshell >you were acknowledging that you knew that not only was the meters >there, but only claimed they where YOUR credentials, and that YOU >were the one who placed them there. > >On top of that you actually had the balls to print our the stolen >materials and pawn it off on your clients, and claim that it was your >own credentials. Clients where not amused by your prancing around >their office for 30 minutes with a Bearcat scanner and a broadband >diode detector only to have you claim that you detected four bugs >(but couldn't tell the victim where the bugs were, provide a bearing, >or even what frequencies they were on). Where you ever curious why >your contact there tossed you out of the building after less then two >hours on site. > >Of course when you realized that you had been caught lying and >stealing you claimed that someone had hacked you website; and yet you >felt it was OK to borrow or even steal anothers creditably. So why >would a group of hackers break in to your website and upload a >modified BIO they swiped from someone else, and yet you didn't detect >it for over seven months. Not only did you not detect it, but you >even printed it up, reproduced it, and used it as a sales tool... Of >course it must have been the evil hackers doing all these things. > >Dennis, we both know that you stole from me, and that you are full of >shit.. We also both know that you still owe me over $300,000 dollars >for the period of time you were unlawfully using my materials. > >On top of that it shames the real veterans, the military, and even >the honor of the uniform when you try to make people thing that you >were some kind of a colonel in the USAF. It is a disgrace what you >are doing, and you need to stop. No doubt you claim to have a medal >of Honor, or even a SEAL Budweiser. > >We do not need posers such as yourself making the entire industry look bad. > >So kindly go fuck your self, > >-jma > > > >At 2:27 AM +0000 5/14/02, dr_chevalier2002 wrote: >>Hello all, I wanted to introduce myself and agency( both can be >>found in the Email signature. >>I've been in the business for over 22 years both (public and private >>combined). >>If anyone needs Criminal Profiling performed on some cases, don't >>hesitate to make contact. >>Doc >> >>Dr. Dennis H. Chevalier PhD, LPI, APA, AABP >> >>DIRECTOR >> >> >> >>The CONSORTIUM of SCIENTIFIC INVESTIGATION & RESEARCH >>in cooperation with CHEVALIER AND ASSOCIATES Lic.# A07811 >>Web site: http://www.behavioral-sciences.org >>Email: doc@b... > >Main direct 817.263.9599 >>Fax 817.314.8092 >>Pager 817.432.6058 >>Cell 817.992.8993 >> >>Join a team for a cure for Cancer, Alzheimer disease and Genetics >>mutations at: >>http://members.ud.com/services/teams/team.htm?id=1E52EF2C-86C4-407B- >>9209-B7FC63800495 >-- > >-------------------------------------------------------------------------------------------------- >The First, The Largest, The Most Popular, and The Most Complete TSCM, >Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet. >-------------------------------------------------------------------------------------------------- > James M. Atkinson Ph: (978) 381-9111 > Granite Island GroupFax: > 127 Eastern Avenue #291http://www.tscm.com/ > Gloucester, MA 01931-8008mailto:jmatk@tscm.com >-------------------------------------------------------------------------------------------------- >"...three shall be the number to count, and the number to be counted shall >be three.....four shall thou not count......five is right out". - M. Python > >-------------------------------------------------------------------------------------------------- > > >======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: >http://www.yahoogroups.com/community/TSCM-L > > It is by caffeine alone I set my mind in motion. > It is by the juice of Star Bucks that thoughts acquire speed, > the hands acquire shaking, the shaking is a warning. > It is by caffeine alone I set my mind in motion. >=================================================== TSKS > >Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ -- -------------------------------------------------------------------------------------------------- The First, The Largest, The Most Popular, and The Most Complete TSCM, Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet. -------------------------------------------------------------------------------------------------- James M. Atkinson Ph: (978) 381-9111 Granite Island GroupFax: 127 Eastern Avenue #291http://www.tscm.com/ Gloucester, MA 01931-8008mailto:jmatk@tscm.com -------------------------------------------------------------------------------------------------- "...three shall be the number to count, and the number to be counted shall be three.....four shall thou not count......five is right out". - M. Python -------------------------------------------------------------------------------------------------- 5363 From: Date: Tue May 14, 2002 0:57pm Subject: File - Gold List The current version of this list may be found at: http://www.tscm.com/goldlist.html Recommended U.S. TSCM Firms The following is a list of private TSCM firms who specialize in "bug sweeps" and wiretap detection and all of whom have legitimate TSCM training, credentials, and equipment (all are very well respected within the industry). While most TSCM specialists are available for travel outside of a specific geographic area they tend to avoid such engagements, or will limited the services to vulnerability analysis, pre-construction assistance, non-instrumented inspections, simple RF checks, in-place monitoring, or limited TSCM services involving only a briefcase sized in-place monitoring system (such as a single spectrum analyzer, MSS, Eagle, ScanLock, OSCOR, SPECTRE, ROSE, or similar system). These private TSCM firms tend to operate in a specific geographic area limited to a few hundred miles (usually within a four to six hour automobile drive). However, all of the TSCM firms listed here are available for travel anywhere in the United States or the World on short notice, but only provide limited services when operating outside of their normal coverage area. This limited coverage area is due to the logistics involved in transporting hundreds and often thousands of pounds of sophisticated, highly sensitive electronic instruments, equipment and tools. Bug sweeps and wiretap detection involves the use of ladders, pole climbing equipment, LAN analyzers, X-ray systems, large antennas and other equipment which is not easily transported by airplane. TSCM firms also tend to restrict their operations to a specific geographic area to facilitate an expert level of knowledge regarding the RF environment, construction methods used, community zoning, population demographics, civil engineering, aeronautic or maritime facilities, local military bases, and related areas. Knowledge of such regional information is critical for a successful TSCM project. The TSCM specialist must also have an intimate knowledge of the telephone systems, engineering methods, fiber optics, major cable locations, central office switches, test numbers, and related communications infrastructure present or being used in an area (which tends to be very regional). An understanding of what types of eavesdropping devices, methods, and frequencies are being used in an area is also important, as is a knowledge of what type of surveillance equipment is being sold within that region (and other areas). The TSCM Procedural and Protocols Guides used by a specialist also tend to be based on specific issues and variables present in that specific geographic area. On a more interesting note, many of these firms are located in, or near major maritime port cities. The heaviest concentrations are around major cities on the East and West coasts with a very limited presence in the Mid-West, Great Plains, and Rockies. If you are in the Mid-West, Great Plains, or Rockies area you would need to engage a TSCM firm from one of the major port cities. For example customers in Chicago, St. Louis, Memphis, Denver, Salt Lake City, Minneapolis, Billings, etc. would need to fly a TSCM specialist in from Boston, New York, Washington DC, Los Angles, Lexington, or Seattle. ------------------------------------------------------------------------ Please be patient when contacting these firms, as if they are out serving a client they may not be able to return your call for several hours. Rates generally are non-negotiable and reflect the cost of the sweep practitioner's time, investment in equipment acquisition and maintenance, several weeks of in-service training a year, travel, administrative and communications time and expense to coordinate the sweep and written report, and a fair profit for their services. It is very unwise to shop for sweeps by using price as a criteria as it only invites getting ripped off. Legitimate TSCM professionals are not interested in, nor will then engage in negotiating for a lower price. When you contact persons on this list, you are talking with someone in the same league as an attorney or surgeon, not a salesman. In fact most of the people listed on this page have more time in their specialized training than do most attorneys or medical professionals. Anything beyond an initial phone call usually will be billable time. Attorneys and doctors don't consult for free, and neither do legitimate TSCM specialists. If a potential client calls with a long list of questions not pertaining directly to hiring the practitioner, or wants to know how to do his own sweep, or wants to know how to use the sweep kit he purchased on his own, expect to pay an hourly rate in advance for consulting services. If you are considering engaging (or have already engaged) a TSCM firm and they are not listed in the following directory you would do well to immediately ask some awkward questions. It is also important you understand that legitimate services by a competent TSCM firm rarely start at less then several thousand dollars for even a basic sweep. Keep in mind that there only a small number of legitimate and competent TSCM counterintelligence specialists or "Bug Sweepers" in the U.S. private sector. Legitimate TSCM firms are in very high demand, hard to find, and expensive; so be patient when trying to find one to help you. Also, the firms listed on this page are not attorneys and cannot tell you whether it is legal or illegal for you to monitor your own phones. Always call a competent licensed attorney for legal advice. Without exception, no one listed here performs eavesdropping services or sells surveillance equipment to any other than government agencies AND WILL NOT REFER YOU TO ANYONE WHO DOES. When you contact any of the following firms please mention that you saw them listed on this web site. This file is set to automatically go out to list members every two weeks, Please review it, and ensure that you are listed properly (correct address, phone, etc). ------------------------------------------------------------------------ All of New England, Upstate New York, and the Boston Metropolitan Area (MA, RI, CT, VT, NH, ME, New York State including Long Island, and some of New Jersey) James M. Atkinson Granite Island Group 127 Eastern Avenue #291 Gloucester, MA 01931-8008 (978) 381-9111 Telephone URL: http://www.tscm.com/ E-mail: jmatk@tscm.com ------------------------------------------------------------------------ Stamford, Connecticut Metropolitan Area (also, Manhattan, Long Island, and New Jersey) Sam Daskam Information Security Associates, Inc. 38 Settlers Trail Stamford, CT 06903 (203) 329-8387 Telephone URL: http://www.isa-tscm.com/ E-mail:sales@i... ------------------------------------------------------------------------ Norwalk, and Lower Fairfield Country Area (also, Manhattan, Long Island, Philadelphia, and New Jersey) Rob Muessel TSCM Technical Services 11 Bayberry Lane Norwalk, CT 06851 (203) 354-9040 Telephone URL: http://www.tscmtech.com/ E-mail:rmuessel@t... ------------------------------------------------------------------------ Greater Philadelphia and Harrisburg Metropolitan Area (also, serving South-Eastern and Central Pennsylvania) Bob Motzer RCM and Associates 609 Sandra Lane Phoenixville, PA 19460 (888) 990-6265 Telephone E-mail: 1RCM@M... ------------------------------------------------------------------------ Washington DC and Baltimore Metropolitan Area (also, Virginia, Delaware, and Pennsylvania) Steve Uhrig SWS Security 1300 Boyd Road Street, MD 21154-1836 (410) 879-4035 Telephone URL: http://www.swssec.com/ E-mail: steve@s... ------------------------------------------------------------------------ Houston, Dallas, Austin, and Galveston (also, Gulf Coast of Texas and Louisiana) Rick Udovich Communication Security, Inc. 2 Shadow Lane Bay City, TX 77414 (979) 244-4920 Telephone URL: http://www.bugsweep.com/ E-mail: rjudo@s... ------------------------------------------------------------------------ Lexington KY Metropolitan Area (also, Louisville, Cincinnati, and Central Midwest) Bill G. Rhoads Intelcom, Inc. 121 Prosperous Place, Suite 4B Lexington, KY 40509 (859) 263-9425 Telephone E-mail: bgr101@a... ------------------------------------------------------------------------ Atlanta Metropolitan Area, Southeastern US (including AL, FL, GA, NC, SC, TN) Buzz Benson Executive World Services, Inc. P.O. Box 33 Braselton, Georgia 30517-0033 (678) 316-7002 Telephone URL: http://www.executiveworldservices.com/ E-mail: sales@e... ------------------------------------------------------------------------ Washington State and Seattle WA Metropolitan Area (also, Oregon, and the Pacific North West) Gordon Mitchell Future Focus, Inc. P.O. Box 2547 Woodinville, WA 98072 (425) 489-0446 Telephone URL: http://www.bug-killer.com/ E-mail: gordonm@b... ------------------------------------------------------------------------ San Francisco and all of Northern California (also, Silicon Valley Area) William Bennett Walsingham Associates, Inc. P.O. Box 4264 San Rafael, CA 94913 (415) 492-1594 Telephone E-mail: walsingham@c... ------------------------------------------------------------------------ Los Angeles Metropolitan Area, Beverly Hills, Orange County, Los Angles County, San Diego County (also, Riverside County, and Ventura County) Rick Hofmann Microsearch LLC P.O. Box 2084 Cypress, CA 90630 (714) 952-3812 Telephone URL: http://home.earthlink.net/~microsearch E-mail: tscmsweeps@e... ------------------------------------------------------------------------ Los Angeles Metropolitan Area, Beverly Hills, Orange County, Los Angles County, San Diego County (also, Riverside County, and Ventura County) Roger Tolces Electronic Security 6646 Hollywood Blvd. #212 Los Angeles, CA 90028 (323) 462-1351 Telephone URL: http://www.bugsweeps.com/ E-mail: info@b... ------------------------------------------------------------------------ 5364 From: Date: Tue May 14, 2002 0:57pm Subject: File - mission.txt TSCM-L Technical Security Mailing List - Dedicated to TSCM specialists engaging in expert technical and analytical research for the detection, nullification, and isolation of eavesdropping devices, wiretaps, bugging devices, technical surveillance penetrations, technical surveillance hazards, and physical security weaknesses. This also includes bug detection, bug sweep, and wiretap detection services. Special emphasis is given to detecting and countering espionage and other threats and activities directed by foreign intelligence services against the United States Government, United States corporations, establishments, and citizens. The list includes technical discussion regarding the design and construction of SCIF facilities, Black Chambers, and Screen Rooms. This list is also for discussing DIAM 50-3, NSA-65, and DCID 1/21, 1/22 compliance. The primary goal and mission of this list is to "raise the bar" and increase the level of professionalism present within the TSCM business. The secondary goal of this list is and increase the quality and effectiveness of our efforts so that we give spies and eavesdroppers no quarter, and to neutralize all of their espionage efforts. This mailing list is moderated by James M. Atkinson and sponsored by Granite Island Group as a public service to the TSCM, Counter Intelligence, and technical security community. 5365 From: Aimee Farr Date: Tue May 14, 2002 2:53pm Subject: RE: Dangers of profiling > >> As a former pizza guy, I object to the stereotyping... Now, lawyers... > They're fair game... Tough crowd. I already profiled myself as "the mindless nurse." An order, alert, or even advice, will seem 100% clear to you, and not ambiguous at all...until I prove to you JUST HOW DUMB I AM (assuming it was in doubt) -- by following it to the letter, or putting some insane context on it. The authority bias in warnings can be dangerous, because of perceptual ambiguity. Forms and checklists carry that same bias. In a general warning, people will not rely on the warning, but on their own expectations and perceptions. This includes distortions from other channels. One of the strongest biases we have is to assimilate new information into the context of prevailing expectations, and people will twist very clear directions and information so as to fit that preconception. Pearl Harbor -- mind boggling examples. I've been looking at those hearings/studies lately, so that email just set me off (inordinately), even though it was tongue-in-cheek. There are professionals that can "help" us make these mistakes. They're opportunistic mischievous pigtail pullers. Our terrorist image, admitted or not, might ice somebody's cake. (Piggy-backing on terrorist events comes to mind.) In a world of zero warning span, channel/signal distortion, etc., somebody might capitalize on this perceptual cover, alerting weaknesses, opportunities for post-event distortion.....as your lists grow longer, so do theirs. You create more expectations. Democracy is important, because the consensus-building that precedes an offensive act requiring public sacrifice, gives other nations a threat perception. Democracy is not "voting." When you see a country growing intolerant of dissent, and engaging in high-level close decision-making -- it's ominous, and more so if decision-makers have known success with "trickery."* Democracy has a flipside: it tends to give away your expectations & goals -- the most deadly weapons of all. ~Aimee *Blatant Cold War jab. 5366 From: Aimee Farr Date: Tue May 14, 2002 2:57pm Subject: RE: The Dogs of Tierra del Fuego > What's your point? Barbarians of Tierra del Fuego: no gadgets, different values. Scholars suggest they didn't really eat their old women, but I think Darwin's interviews still point to a different value system. They didn't rely on gadgetry for defense, or see their world through purely inventionist eyes. Their dogs were an evolutionary product. They could always "get new dogs," but they wouldn't be *The Dogs of Tierra del Fuego* -- because they were irreplaceable. They were the result of selection from wild stock and training, but through generational passage, they took on a different character. -Maybe some of our protectors are like The Dogs of Tierra del Fuego? -Maybe we didn't see this character so as to value them as we should have? -As opposed to toaster ovens, which can be mass manufactured to spec the minute we need them? There always comes a time when you have to call the dogs. ~Aimee 5367 From: Craig Snedden Date: Tue May 14, 2002 3:49am Subject: RE: PROGRAMME TO ID PAST E-MAIL S' funny, I just trawled my Exchange server (MAPI setup) to do just that.....(Just to check, I thought I was going daft. I found I was the only person subscribing to the TSCM list.) Of course the messages have to still be in the server somewhere, but it can trawl all the server side mailboxes (public and private) and the Message Store), which is where they should be in an MAPI setup otherwise MAPI aint gonna work the way it is intended to and then there is absolutely no point spending money buying and setting up Exchange, if you just want a POP server there are many (far) cheaper (better implementations for POP) applications available..... ...... Simple searching of mailboxes (From/To/Text/Date Range) is a built in function in Exchange. For more detailed searching you need to download the mdbviewer from Microsoft (Go to the Technet Exchange pages). mdbviewer allows very detailed analysis of mailbox contents. From the "forensic" point of view it is invaluable, as it also gives access to the other functions stored on MAPI such as Calendar, contacts, Inbox, Outbox, Drafts, Sent Items, Tasks & Deleted Items for individual users. Using this just to find email messages containing a specific text is a slightly sledgehammer approach, but luckily there is another way to do this using Exmerge. See Microsoft XADM "How to Find Mailboxes That Contain a Specific Message" (Knowledge Base Q246916) covering Exchange server versions 4.0 , 5.0 , 5.5, Exchange 2000 Server. (http://support.microsoft.com/default.aspx?scid=kb;EN-US;q246916) Exchange Server is a beast. I've yet to meet few who know all the in's & out's of setting up and administering Exchange properly and that includes a number of so called "Microsoft Certified Professionals". By "default" setup you'd be very lucky to get Exchange to work at all. Germain to all of the above is that the mailboxes are on the server. Otherwise you'd have to go to each workstation and copy the local mailbox files, hack the password if any, then scan the mail within. A fairly simple task, but if you have 900 plus potentials, quite a long one...... From what I do know of the structure of Lotus Notes, it is put together with a very different approach to Microsoft Exchange. I spoke to my Notes expert this morning, who assures me it is a relatively easy task to write a script to trawl the mailboxes in a similar way to above. Further, all the mail servers (whatever flavour) that I have come across (and that's been quite a number) have an admin setup enabling the server admin to "sample" messages incoming/outgoing, usually by individual user or all traffic. Generate log reports, intercept all incoming/outgoing mail before delivery etc. etc... This is just about standard. No need for registry "hacks" or "kludging".... :-( Confused..........! Peace and love. -----Original Message----- From: Justin T. Fanning [mailto:Justin@f...] Sent: 13 May 2002 22:28 To: tscm-l@yahoogroups.com Subject: Re: [TSCM-L] PROGRAMME TO ID PAST E-MAIL Craig Snedden wrote: > Is your client using Microsoft Exchange? The facility exists within > the Exchange Server to trawl messages as described. Exchange can be "kludged" (via registry modifications) to copy incoming and outgoing messages to a "journal" e-mail box, but there is no such default behaviour as you described. [text removed] > Craig JF ======================================================== TSCM-L Technical Security Mailing List "In a multitude of counselors there is strength" To subscribe to the TSCM-L mailing list visit: http://www.yahoogroups.com/community/TSCM-L It is by caffeine alone I set my mind in motion. It is by the juice of Star Bucks that thoughts acquire speed, the hands acquire shaking, the shaking is a warning. It is by caffeine alone I set my mind in motion. =================================================== TSKS Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 5368 From: Brian Dugan Date: Tue May 14, 2002 7:00am Subject: Re: hello all Well said, James. >>> "James M. Atkinson" 05/14/02 12:25AM >>> I would like to invite you to kiss my ass Dennis... both cheeks, and then the pucker, and please take your time. If you recall, you came to my website about 2 years ago, stole my entire bio and simply replaced my name with your own and plastered it all over your website at www.realspy.com claiming it was your own. You also stole dozens of my graphics, and completely ignored my requests to delete them. It wasn't until I confronted you on the phone, and got you stop lying that you even admitted that the website was even yours. Quite a few respect members of the TSCM and security all visited the site in question, and will confirm that the page you had up as your own BIO was grossly pilfered from my own website. Several of these people also contacted you and discussed the credentials that were presented on your site (and even got you to confess that the bio was yours, and that you do all you own html coding, etc). In a nutshell you were acknowledging that you knew that not only was the meters there, but only claimed they where YOUR credentials, and that YOU were the one who placed them there. On top of that you actually had the balls to print our the stolen materials and pawn it off on your clients, and claim that it was your own credentials. Clients where not amused by your prancing around their office for 30 minutes with a Bearcat scanner and a broadband diode detector only to have you claim that you detected four bugs (but couldn't tell the victim where the bugs were, provide a bearing, or even what frequencies they were on). Where you ever curious why your contact there tossed you out of the building after less then two hours on site. Of course when you realized that you had been caught lying and stealing you claimed that someone had hacked you website; and yet you felt it was OK to borrow or even steal anothers creditably. So why would a group of hackers break in to your website and upload a modified BIO they swiped from someone else, and yet you didn't detect it for over seven months. Not only did you not detect it, but you even printed it up, reproduced it, and used it as a sales tool... Of course it must have been the evil hackers doing all these things. Dennis, we both know that you stole from me, and that you are full of shit.. We also both know that you still owe me over $300,000 dollars for the period of time you were unlawfully using my materials. On top of that it shames the real veterans, the military, and even the honor of the uniform when you try to make people thing that you were some kind of a colonel in the USAF. It is a disgrace what you are doing, and you need to stop. No doubt you claim to have a medal of Honor, or even a SEAL Budweiser. We do not need posers such as yourself making the entire industry look bad. So kindly go fuck your self, -jma At 2:27 AM +0000 5/14/02, dr_chevalier2002 wrote: >Hello all, I wanted to introduce myself and agency( both can be >found in the Email signature. >I've been in the business for over 22 years both (public and private >combined). >If anyone needs Criminal Profiling performed on some cases, don't >hesitate to make contact. >Doc > >Dr. Dennis H. Chevalier PhD, LPI, APA, AABP > >DIRECTOR > > > >The CONSORTIUM of SCIENTIFIC INVESTIGATION & RESEARCH >in cooperation with CHEVALIER AND ASSOCIATES Lic.# A07811 >Web site: http://www.behavioral-sciences.org >Email: doc@b... >Main direct 817.263.9599 >Fax 817.314.8092 >Pager 817.432.6058 >Cell 817.992.8993 > >Join a team for a cure for Cancer, Alzheimer disease and Genetics >mutations at: >http://members.ud.com/services/teams/team.htm?id=1E52EF2C-86C4-407B- >9209-B7FC63800495 -- -------------------------------------------------------------------------------------------------- The First, The Largest, The Most Popular, and The Most Complete TSCM, Bug Sweep, Spy Hunting, and Counterintelligence Site on the Internet. -------------------------------------------------------------------------------------------------- James M. Atkinson Ph: (978) 381-9111 Granite Island GroupFax: 127 Eastern Avenue #291http://www.tscm.com/ Gloucester, MA 01931-8008mailto:jmatk@tscm.com -------------------------------------------------------------------------------------------------- "...three shall be the number to count, and the number to be counted shall be three.....four shall thou not count......five is right out". - M. Python -------------------------------------------------------------------------------------------------- ======================================================== TSCM-L Technical Security Mailing List "In a multitude of counselors there is strength" To subscribe to the TSCM-L mailing list visit: http://www.yahoogroups.com/community/TSCM-L It is by caffeine alone I set my mind in motion. It is by the juice of Star Bucks that thoughts acquire speed, the hands acquire shaking, the shaking is a warning. It is by caffeine alone I set my mind in motion. =================================================== TSKS Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 5369 From: Hawkspirit Date: Tue May 14, 2002 7:27pm Subject: Addcom Performance comparison simulation Among the test and measurements products on show at the recent CDMA International Congress in Korea were Addcom's mobile call simulators (MCS) for CDMA systems-MCS-III and MCS-IV. Both evaluate call processing capacity and system performance and provide simultaneous RF data logging and call generation test function in either a lab test or field test environment. Whilst the MCS-III enables the user to collect RF parameter data across different CDMA service providers (PCS/cellular) for performance comparison testing, the MCS-IV offers the same capability but is able to collect data from an additional 24 mobile units-to a maximum of 40. According to Addcom, both simulators offer a number of advantages such as testing of bench marking and call processing capability, CDMA parameter and RF optimization, and equipment and manpower reduction. Also on display was the new Land Call Generator (LCG ) which can be used with both MCS-III and MCS-IV to evaluate the call processing capacity of the CDMA system. It has automatic local call generation and local call answer function to aid service quality assessment in the case of mobile-to-land call or land-to-mobile call. Addcom has also introduced its CDMA Air Link Analysis System (CALAS) which is a post-processing tool for simultaneous forward and reverse air link data analysis of RF problems affecting CDMA mobile communications networks. CALAS allows the user to evaluate system performance relating to power control, handoff and forward/reverse link balance. 5370 From: Hawkspirit Date: Tue May 14, 2002 8:13pm Subject: Cell Phone Remote Update One aspect of the deal with Ericsson and Red Hat will be development of software that allows gadgets to be updated by the company that sells them--a big change from the PC practice of making people responsible for downloading and installing patches. The remote update method is used by cell phone companies to enable new services without customers having to install new software. The remote update and management software requires that software be developed not only for the client but also for the telecommunications company's server that's in charge of doing the updating. Knuttila said he believes it's "extremely likely" that such servers will run Red Hat's Linux. http://news.com.com/2100-1001-243925.html?legacy=cnet 5371 From: Hawkspirit Date: Tue May 14, 2002 8:32pm Subject: Cell Phone Flaw Cell phone flaw opens security hole By Sara Robinson Interactive Week September 18, 2000 4:01 AM PT Your cell phone may be multilingual -- and that could be detrimental to your privacy. Computer security researchers said a design flaw in the protocol used in global system for mobile communication cell phones could allow eavesdropping. The trick: Just make the cell phone think it's somewhere else. Only 6.5 million people in North America use global system for mobile communications cell phones -- through providers such as Pacific Bell Wireless and VoiceStream Wireless -- but worldwide, it's the most widely used standard, accounting for 65 percent of the total wireless digital market. GSM phones are increasingly popular in the United States because they allow roaming in Asia and Europe upon insertion of the appropriate smart card. Since Western Europe can't export encryption products to certain countries, such as targets of United Nations sanctions, the default version of the GSM protocol does not use encryption. This in itself isn't necessarily a problem, said David Wagner, a professor of computer science at the University of California-Berkeley, but GSM also does not authenticate its base stations, the hardware that communicates with the handsets -- and that is potentially troublesome. Experts said it is possible to build a phony base station that jams the signal from the real base station and forces the cell phone to connect to it. The base station then tells the cell phone, in essence, "You're in Iraq, don't use encryption," and the call proceeds unprotected with the false base station relaying information between the real base station and the handset. A handful of researchers have been aware of the loophole for several years now, but it's been "a well-kept secret," Wagner said. Security experts call this a "man-in-the-middle" attack because the phony base station sits between the handset and the real base station, intercepting their communications, but neither the real base station nor the handset knows it's there. "We know about it as a technical issue, but we haven't seen it demonstrated," said James Moran, fraud and security director at the GSM Association. He added that building an interception device would require considerable technical skill. Moran said the next GSM standard would address the problem. Other cell phone standards probably don't authenticate base stations either, Wagner said, perhaps because their designers were more concerned with preventing handset cloning, which allows someone to bill his or her calls to someone else's number. But the phony-base-station trick is a particular problem for GSM because different strengths of encryption are used in different places. "Whenever you have to support both weak and strong cryptography, one very real risk is that you end up with 'least common denominator' security," Wagner said. Cracking different pieces of the cryptography that protects GSM cell phones from eavesdropping has long been a favorite pastime for computer security researchers. Just last December, two Israeli researchers announced that they had found a fast method of cracking the A5/1 algorithm, the strong encryption used to protect GSM phone calls in Europe and the United States. But the phony-base-station strategy obviates the need for any encryption busting. 5372 From: Gordon Mitchell Date: Tue May 14, 2002 9:02pm Subject: Re: Addcom Since CDMA coverage has grown to most of the US I have recommended it to clients who want cellphone call security. What do you see in terms of threats to CDMA users? Are on-air intercept sets becoming available outside government operations? Reading your posting it seems that these are commercial tools that can do traffic analysis or cell site simulation but not interception. -- Gordon (800) 284-5457 or +1 (425) 489-0446 see cases we have worked on at www.FutureFocus.com eSleuth.com finding clues in computers Bug-Killer.com preventing electronic eavesdropping Hawkspirit wrote: > > Performance comparison simulation > Among the test and measurements products on show at the recent CDMA > International Congress in Korea were Addcom's mobile call simulators (MCS) > for CDMA systems-MCS-III and MCS-IV. Both evaluate call processing capacity > and system performance and provide simultaneous RF data logging and call > generation test function in either a lab test or field test environment. > Whilst the MCS-III enables the user to collect RF parameter data across > different CDMA service providers (PCS/cellular) for performance comparison > testing, the MCS-IV offers the same capability but is able to collect data > from an additional 24 mobile units-to a maximum of 40. According to Addcom, > both simulators offer a number of advantages such as testing of bench > marking and call processing capability, CDMA parameter and RF optimization, > and equipment and manpower reduction. Also on display was the new Land Call > Generator (LCG ) which can be used with both MCS-III and MCS-IV to evaluate > the call processing capacity of the CDMA system. It has automatic local > call generation and local call answer function to aid service quality > assessment in the case of mobile-to-land call or land-to-mobile call. > Addcom has also introduced its CDMA Air Link Analysis System (CALAS) which > is a post-processing tool for simultaneous forward and reverse air link > data analysis of RF problems affecting CDMA mobile communications networks. > CALAS allows the user to evaluate system performance relating to power > control, handoff and forward/reverse link balance. > > > ======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.yahoogroups.com/community/TSCM-L > > It is by caffeine alone I set my mind in motion. > It is by the juice of Star Bucks that thoughts acquire speed, > the hands acquire shaking, the shaking is a warning. > It is by caffeine alone I set my mind in motion. > =================================================== TSKS > > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/