From: savanted1 Date: Tue May 18, 2004 11:15am Subject: Wiretap Reveals Terrorist Group by Roland Flamini Roland Flamini examines how one wiretapping leads to the arrest of terrorist suspects. http://www.upi.com/view.cfm?StoryID=20040510-034506-9384r 8657 From: kondrak Date: Wed May 19, 2004 2:01am Subject: G8 Summit Relies on Southern LINC for Communications > > >G8 Summit Relies on Southern LINC for Communications >Tuesday May 18, 9:58 am ET > >Southern LINC to Provide 450 Handsets and Service to G8 > >Summit Planning Committee > >ATLANTA--(BUSINESS WIRE)--May 18, 2004--Southern LINC®, the wireless >communications service from Southern Company (NYSE: SO - News), >announced today the G8 Summit Planning Committee will rely on the >company to provide a reliable communications solution. Southern LINC's >wireless communications solutions will keep hundreds of personnel >connected during the three-day summit, June 8-10, 2004, in Sea Island, >Ga. >The G8 Summit Planning Committee >has contracted for 450 handsets >and service to be used for the >international summit. In order to >ensure reliable coverage in the >coastal area, Southern LINC has >increased coverage and system >capacity in the region proving its >commitment to the G8 Summit >Planning Committee. The handsets >will be used by the Planning >Committee Ambassador, all >Directors, Deputy Directors, and >several hundred volunteers. > >"Southern LINC has become a vital >component of our overall Command >and Control Communications for the >G8 Summit," said Jim Ramsey, CIO of the G8 Summit Planning Committee. >"From day one all of the personnel within Southern LINC have been >professional, technically proficient and extremely helpful in supporting >my mission as the G8 CIO. All of the handsets will be deployed >throughout the G8 area of operations to coordinate all of the >operations, logistics, transportations, and many other critical aspects >for the G8 Summit Planning Committee." > >Southern LINC offers the G8 Summit Planning Committee multiple ways to >communicate. Committee members will be using Instant LINC(SM) two-way >radio to communicate to an individual or an entire group. In addition to >Instant LINC, the Committee will also use cellular phone, text messaging >and data services. All communications on the Southern LINC system are >inherently private, which means no known scanner can intercept >transmissions. > >"We are extremely honored that the G8 Summit Planning Committee is >relying on Southern LINC to ensure that hundreds of organizers are able >to communicate around the clock," said Bob Dawson, president and CEO of >Southern LINC. "We offer reliable communications solutions to a variety >of businesses, educational institutions, healthcare facilities, >government and public safety personnel, and we have the experience and >expertise to support the G8 Summit." > >About Southern LINC: > >Southern LINC, which stands for Long-range Integrated Network >Communications, covers 127,000 square miles in the Southeast, including >major metro and rural areas in Alabama, Georgia, southeastern >Mississippi and northwest Florida. Using Motorola's iDEN® technology, >Southern LINC combines multiple communication services into one handset >or installed device including Instant LINC(SM) two-way radio, phone >service, 1-way and 2-way text messaging, wireless Internet access and >wireless data access. > >More information about Southern LINC can be obtained by calling >1-800-818-LINC >(5462) or visiting the Southern LINC Web site at www.southernlinc.com > >About Southern Company: > >With 4 million customers and nearly 39,000 megawatts of generating >capacity, Atlanta-based Southern Company (NYSE: SO - News) is the >premier super-regional energy company in the Southeast and a leading >U.S. producer of electricity. Southern Company owns electric utilities >in four states, a growing competitive generation company, an energy >services business and a competitive retail natural gas business, as well >as fiber optics and wireless communications. Southern Company brands are >known for excellent customer service, high rel iability and retail >electric prices that are 15 percent below the national average. Southern >Company has been named three consecutive years No. 1 on Fortune >magazine's "America's Most Admired Companies" list in the Electric and >Gas Utility industry. Southern Company has been ranked the nation's top >energy utility in the American Customer Satisfaction Index four years in >a row, and in the latest survey tied for the highest score among all >service industry companies. Southern Company has more than 500,000 >shareholders, making its common stock one of the most widely held in the >United States. Visit the Southern Company Web site at >www.southerncompany.com. > >About the G8 Summit > >The G8 Summit brings together the leaders of the world's major >industrial democracies: >Canada, France, Germany, Italy, Japan, Russia, the United Kingdom, and >the United States. The European Union also attends the G8 Summit, >represented by the President of the European Commission and the leader >of the country holding the Presidency of the European Council. At >previous Summits, leaders have discussed a wide range of international >economic, political, and security issues. > >Southern LINC and Instant LINC are salesmarks or registered trademarks >of Southern LINC. Motorola and iDEN are >trademarks or registered trademarks of Motorola, Inc. > >http://biz.yahoo.com/bw/040518/185623_1.html 8658 From: Date: Wed May 19, 2004 3:11am Subject: Wald was under electronic surveillance by a team of police Brooklyn man gets prison term for sexual abuse By JONATHAN BANDLER THE JOURNAL NEWS (Original publication: May 19, 2004) WHITE PLAINS — A Brooklyn man who forced teenage girls to touch themselves during random obscene telephone calls apologized to his victims yesterday as he was sentenced to seven years in state prison. Philip Wald, a bipolar disorder sufferer whose family had tried for years to get him to stop his manic phone calling, said he needed treatment to help him understand why he does such things. "I do feel sorry for what happened," he told Westchester County Judge Joseph Alessandro, adding that he hoped "the victims and their families can at least get some kind of relaxed feeling that I'm locked away." Wald was miles from any of the victims and they were never in imminent danger when he made the phone calls during 2001 and 2002. But Assistant District Attorney Laura Murphy charged him with sexual abuse under the theory that he subjected the girls to physical contact they would not have engaged in otherwise, and his conviction was believed to be the first of that nature in New York state. The sexual abuse conviction will also force him to register as a sex offender when he is released from prison. Wald, 36, pleaded guilty to first-degree sexual abuse and first-degree coercion in February, admitting that he threatened six teenage girls if they would not take off their clothes or comply with sexual requests and that he was watching to see if they complied. The first victim was a 17-year-old New Castle girl in September 2001. He made similar calls to two 14-year-old New Castle girls, a 13-year-old Scarsdale girl, a 12-year-old Mamaroneck girl and a 15-year-old Pleasantville girl. Those were among the dozens of such calls he made from his home using prepaid phone cards. Some of the victims used call tracing techniques, which eventually helped detectives from those communities and investigators from the District Attorney's Office track him down. They were assisted by an employee of Cisco Systems, Dean DeLitta, who helped to analyze the complicated phone records. Wald was under electronic surveillance by a team of police led by New Castle Detective John D'Angelo and Mamaroneck Detective Thomas Gisin when he made a similar call on June 7 and they arrested him at his Bensonhurst apartment. Defense lawyer Clinton Calhoun said his client wanted to spare the girls from having to testify and that the most crucial thing for him was to get proper medical treatment in prison. Reach Jonathan Bandler at jbandler@t... or 914-694-3520. [Non-text portions of this message have been removed] 8659 From: Steve Uhrig Date: Wed May 19, 2004 9:32am Subject: Will BPL result in privacy issues? With the beginning of the ultimately-nationwide BPL rollout, I smell some potential for exploitation. BPL = Broadband over Power Lines. High speed web access via the power lines. Simply plug in a modem to any AC mains outlet and you'll be on the web with high speed. No phone line, no cable modem, no DSL, no satellite. Practically everywhere has at least power infrastructure. Will we start seeing Pac Rim bugs on ebay, camoflauged in cube outlet taps or power switches, or electrical outlets? A mic, a few SMD chips and its own I.P. address will make a cheap bug, and your listening post can be anywhere in the world. The high bandwidth would allow for streaming video as well as high fidelity audio. Since there will be data on all power lines anyway, we won't be able to just look for packets of data to see if we have a hostile device on the line. We'll have to decode them somehow. Who will be the first to develop a black box to plug in decode legit or clandestine data on the line, for TSCM applications? Here's a moneymaking opportunity for someone. I well admit it's way over my head. Specs on BPL are available widely on the web. ------ Everyone's thoughts? ------ Steve ******************************************************************* Steve Uhrig, SWS Security, Maryland (USA) Mfrs of electronic surveillance equip mailto:Steve@s... website http://www.swssec.com tel +1+410-879-4035, fax +1+410-836-1190 "In God we trust, all others we monitor" ******************************************************************* 8660 From: Ocean Group Date: Wed May 19, 2004 10:09am Subject: GCHQ FYI Those of you that get Sky News I would suggest keeping an eye out for the piece on GCHQ... They visit the old GCHQ building and show some of the old test rooms....truely remarkable.... Especially the floating room and the plastic room.... Any ideas why they'd use a room with absolutely no metal, even the wall bolts were plastic, the rest wood.... Regards --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.684 / Virus Database: 446 - Release Date: 13/05/2004 8661 From: Thomas Shaddack Date: Wed May 19, 2004 10:11am Subject: Re: Will BPL result in privacy issues? > Since there will be data on all power lines anyway, we won't be able > to just look for packets of data to see if we have a hostile device > on the line. We'll have to decode them somehow. > > Who will be the first to develop a black box to plug in decode legit > or clandestine data on the line, for TSCM applications? Not all that necessary. BPL is quite similar to a cable modem or a 10Base2 Ethernet (or a 10baseT with a dumb hub), in the aspect it broadcasts data into the cable shared with others. All the communication that happens on the segment is available to anybody who listens. The network card or the cable modem usually listens only to the packets addressed to its MAC address and to the Ethernet broadcast (and hands only such packets over to the computer), but many (most) cards can be put in so-called "promiscuous mode" and then they hear (and report to the computer) everything. (A note on the side: The dumb HUBs that receive a packet on one port and then echo it on every other port are dirt cheap today and are useful for debugging the behavior of computers; connect the hub between a computer and the LAN, connect a monitoring computer on other port of the HUB, and run a packet monitor on it that in promiscuous mode listens on the traffic between the watched computer and the LAN. A pocket-sized hub of this kind and a laptop are a good combination for a field tech. Such device can also be used as a low-cost solution if you want to watch the entire traffic between your server and the rest of the Internet, which can be important for security reasons - such "passive tap" can't be detected by the adversary, doesn't even have to have its own IP address or broadcast at all (which you can enforce by cutting the Tx pair), and can be used later to a post-mortem analysis of an eventual attack. An interesting device could be using a cheap PC with tcpdump-like program and a suitably big disk with a circular buffer for the traffic. Data there can be a security risk though, when stolen or subpoenaed, as it's de facto your own Carnivore box, but if this is a concern, they can be encrypted by a public key, so only the owner of the private key (which can be also split in m-of-n scheme between n people) can then recover the traffic when it becomes necessary. Some time ago I wrote a tcpdump-style tool (well... took a libpcap example program and hacked it up a bit) that takes the packets, isolates their content, decides if it's a binary mess or BASE64-encoded binary mess or a potentially legible text, and shows either the length and type of mess, or the text. Embarassingly trivial, and extremely useful for analysis of what's happening on the LAN or why somebody can't log on the server (just today used it to see a colleague has a wrong FTP password), and all kinds of problems that can manifest on the protocol level.) I suppose there will be BPL adapters that will be possible to configure in such way. It's fairly common feature of all network interfaces and its lack is likely to be perceived as a disadvantage than as a safety measure (because if even one vendor sells them, the people who know what it is for will get it). However, the adversary then can encrypt the data. Then we have to use traffic analysis methods. Then the adversary can use traffic balancing, sending the same amount of traffic whatever's happening on the inputs. (Which is both bad and good, because then we can try to find it by its activity, according to the rules for conducted signals. I hope I have it right here, as I am so far only theoretical in EM stuff.) Which returns the game back to the point of detecting sources of signals, tracking them down into the "physical world", and then identifying the devices themselves and deciding if their behavior is legitimate or not. 8662 From: Date: Wed May 19, 2004 6:51am Subject: Email address change Kindly change my Email address from AmcorIntl@c... to AmcorInternational@m... Thank you Al Kelly [Non-text portions of this message have been removed] 8663 From: Steve Uhrig Date: Wed May 19, 2004 4:25pm Subject: Anyone near Melbourne FL? Hi all, I need someone in or near the Melbourne, FL area sometime in the next few weeks to do an incredibly simple overt CCTV install. One camera, one analog timelapse machine, one monitor. Trying to catch and convict for the second time a lunatic neighbor vandalizing an auto in front of the residence. Installation is on a condominium. I am supplying some excess equipment to a friend, but he won't be there to install it. You'd deal with his wife directly, with me for full tech support backup via phone if needed, but I doubt it would be. I'm supplying everything down to the cable and tools. Anyone who can handle this please strobe me offlist and I'll put you in touch with the client. Tks ... Steve ******************************************************************* Steve Uhrig, SWS Security, Maryland (USA) Mfrs of electronic surveillance equip mailto:Steve@s... website http://www.swssec.com tel +1+410-879-4035, fax +1+410-836-1190 "In God we trust, all others we monitor" ******************************************************************* 8664 From: kondrak Date: Wed May 19, 2004 4:46pm Subject: Re: Will BPL result in privacy issues? Its already being worked on Steve...and countermeasures as well...bugging for voice will be inconsequential when one can capture every shard of personal data anywhere. Just imagine it as wiring the entire power grid to be one big bug. Privacy is only going to be an issue after the first big cases involving big-brother come to light. Think of it this way, setup a 2-80mhz carrier and let everything in the magnetic field modulate it. At 10:32 5/19/2004, you wrote: >With the beginning of the ultimately-nationwide BPL rollout, I smell >some potential for exploitation. > >BPL = Broadband over Power Lines. High speed web access via the power >lines. Simply plug in a modem to any AC mains outlet and you'll be on >the web with high speed. No phone line, no cable modem, no DSL, no >satellite. Practically everywhere has at least power infrastructure. > >Will we start seeing Pac Rim bugs on ebay, camoflauged in cube outlet >taps or power switches, or electrical outlets? A mic, a few SMD chips >and its own I.P. address will make a cheap bug, and your listening >post can be anywhere in the world. The high bandwidth would allow for >streaming video as well as high fidelity audio. > >Since there will be data on all power lines anyway, we won't be able >to just look for packets of data to see if we have a hostile device >on the line. We'll have to decode them somehow. > >Who will be the first to develop a black box to plug in decode legit >or clandestine data on the line, for TSCM applications? > >Here's a moneymaking opportunity for someone. I well admit it's way >over my head. > >Specs on BPL are available widely on the web. > >------ > >Everyone's thoughts? > >------ > >Steve > > >******************************************************************* >Steve Uhrig, SWS Security, Maryland (USA) >Mfrs of electronic surveillance equip >mailto:Steve@s... website http://www.swssec.com >tel +1+410-879-4035, fax +1+410-836-1190 >"In God we trust, all others we monitor" >******************************************************************* > > > > >======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.yahoogroups.com/community/TSCM-L > > It is by caffeine alone I set my mind in motion. > It is by the juice of Star Bucks that thoughts acquire speed, > the hands acquire shaking, the shaking is a warning. > It is by caffeine alone I set my mind in motion. >=================================================== TSKS >Yahoo! Groups Links > > > > 8665 From: Steve Uhrig Date: Wed May 19, 2004 6:48pm Subject: Re: Will BPL result in privacy issues? Once upon a midnight dreary, kondrak pondered, weak and weary: > Its already being worked on Steve...and countermeasures as > well...bugging for voice will be inconsequential when one can capture > every shard of personal data anywhere. Just imagine it as wiring the > entire power grid to be one big bug. Privacy is only going to be an > issue after the first big cases involving big-brother come to light. > Think of it this way, setup a 2-80mhz carrier and let everything in > the magnetic field modulate it. Thanks all who replied both privately and on the list. I admit most of the technical details are over my head. Thomas S. has some very valuable insight as always. I think the matter may justify some proactive discussion, and developing procedures the common man (meaning a TSCM practitioner still living in an analog world) can use to identify a potential threat. Unless sensitive info may be shared, it would be the most beneficial if all the folks who took time to comment on the matter would echo their posts to the list. I'm asking the question but I suspect a few more than me would be interested in the benefit of others' experiences and observations. Too many replies on and off list to thank each individually, but please keep the topic alive. www.arrl.org has some videos of tests run. Not scientific and results wouldn't be much good in court, but they do demonstrate some of the potential for interference. The constant presence of data, though, I think may affect our work. Seeing data alone doesn't mean anything. Whether it's carrying intelligence it shouldn't is a different story. Obviously a few of you are well capable of disassembling the packets and analyzing them. Codifying that down to something the common man can grasp and ultimately implement on his own will be another task. Eschew obfuscation. Steve ******************************************************************* Steve Uhrig, SWS Security, Maryland (USA) Mfrs of electronic surveillance equip mailto:Steve@s... website http://www.swssec.com tel +1+410-879-4035, fax +1+410-836-1190 "In God we trust, all others we monitor" ******************************************************************* 8666 From: Steve Weinert at Excel.Net Date: Wed May 19, 2004 7:10pm Subject: Re: GCHQ Have participated the construction of non-ferric buildings (all non-magnetic materials) and RF transparent buildings (Fiberglass beams, girders, bolts.....) Usually test and or monitoring facilities of some sort. Some were for high voltage reasons, and a couple for chemical reactivity reasons. Far from common, but less unique than one would think. Steve W ----- Original Message ----- > They visit the old GCHQ building and show some of the old test > rooms....truely remarkable.... > > Especially the floating room and the plastic room.... > > Any ideas why they'd use a room with absolutely no metal, even the wall > bolts were plastic, the rest wood.... 8667 From: Steve Weinert at Excel.Net Date: Wed May 19, 2004 7:22pm Subject: Re: Will BPL result in privacy issues? Steve, I think your concerns that BPL is loosey-goosey security-wise are very valid. Stand-off equipment can usually capture the signals at some distance, and the techniques used for "protection" appear rather modest. Most clients with any BPL on their mains will have difficulty separating out or even discovering any piggy-backed datastreams for legit or illicit data collections. Where did all the concern that lead to mains power isolation exercises suddenly get set aside to allow digital carriers unfettered two-way over power services? Makes mockery of the large rotary sets put in to isolate the wave form and anything it carried from the outside world that organizations had used as a privacy/security measure. Another area of concern is radio based remote-read meters for utilities that are becoming popular with communities looking to reduce manning costs for electrical, gas and water meter reading. Many of these systems have huge additional bandwidth available to them. Some talk about selling this bandwidth to business and home consumers, but again the potential for "buggy" uses can't be discounted. Who would think that your water meter might be collecting your email, compressing it, and squirting packets of collected data to a remote collector? Interesting area, and one that needs consideration in securing a site where BPL or remote meter reading is in place. Steve W ----- Original Message ----- > Date: Wed, 19 May 2004 10:32:03 -0400 > From: "Steve Uhrig" > Subject: Will BPL result in privacy issues? > > With the beginning of the ultimately-nationwide BPL rollout, I smell > some potential for exploitation. > 8668 From: James M. Atkinson Date: Wed May 19, 2004 8:33pm Subject: American gentleman arrived in Paris American gentleman arrived in Paris The elderly American gentleman arrived in Paris by plane. At French Customs, he fumbled for his passport. "You have been to France before, monsieur?" the customs officer asked sarcastically. The old gent admitted that he had been to France previously. "Then, you should know enough to have your passport ready for inspection." The American said, "The last time I was here, I didn't have to show it." "Impossible. You Americans always have to show your passports on arrival in France!" The American senior gave the Frenchman a long hard look. Then he quietly explained. "Well, when I came ashore at Omaha Beach on D-Day in '44, I couldn't find any Frenchmen to show it to. ----------------------------------------------------------------------------------------------------- We Expertly Hunt Real Spies, Real Eavesdroppers, and Real Wiretappers. ----------------------------------------------------------------------------------------------------- James M. Atkinson Phone: (978) 381-9111 Granite Island Group Fax: 127 Eastern Avenue #291 Web: http://www.tscm.com/ Gloucester, MA 01931-8008 Email: mailto:jmatk@tscm.com ----------------------------------------------------------------------------------------------------- World Class, Professional, Ethical, and Competent Bug Sweeps, and Wiretap Detection using Sophisticated Laboratory Grade Test Equipment. ----------------------------------------------------------------------------------------------------- 8669 From: James M. Atkinson Date: Wed May 19, 2004 9:01pm Subject: Re: GCHQ A "Dielectric Room" is commonly used in EMI/EMC studies where metallic or semi-metallic isolation is required. This is the same reason we use a Teflon isolator or stand-off on TSCM antenna's as we do not want to effect the field we are trying to measure. -jma At 11:09 AM 5/19/2004, Ocean Group wrote: >FYI > >Those of you that get Sky News I would suggest keeping an eye out for the >piece on GCHQ... > >They visit the old GCHQ building and show some of the old test >rooms....truely remarkable.... > >Especially the floating room and the plastic room.... > >Any ideas why they'd use a room with absolutely no metal, even the wall >bolts were plastic, the rest wood.... > >Regards > >--- >Outgoing mail is certified Virus Free. >Checked by AVG anti-virus system (http://www.grisoft.com). >Version: 6.0.684 / Virus Database: 446 - Release Date: 13/05/2004 > > > > >======================================================== > TSCM-L Technical Security Mailing List > "In a multitude of counselors there is strength" > > To subscribe to the TSCM-L mailing list visit: > http://www.yahoogroups.com/community/TSCM-L > > It is by caffeine alone I set my mind in motion. > It is by the juice of Star Bucks that thoughts acquire speed, > the hands acquire shaking, the shaking is a warning. > It is by caffeine alone I set my mind in motion. >=================================================== TSKS >Yahoo! Groups Links > > > > ----------------------------------------------------------------------------------------------------- We Expertly Hunt Real Spies, Real Eavesdroppers, and Real Wiretappers. ----------------------------------------------------------------------------------------------------- James M. Atkinson Phone: (978) 381-9111 Granite Island Group Fax: 127 Eastern Avenue #291 Web: http://www.tscm.com/ Gloucester, MA 01931-8008 Email: mailto:jmatk@tscm.com ----------------------------------------------------------------------------------------------------- World Class, Professional, Ethical, and Competent Bug Sweeps, and Wiretap Detection using Sophisticated Laboratory Grade Test Equipment. ----------------------------------------------------------------------------------------------------- 8670 From: James M. Atkinson Date: Wed May 19, 2004 10:34pm Subject: Superscout Repairs and Modifications If you have an old FXR/Microlab Superscout NLJD and would like to have it repaired, re-calibrated, or tested for proper operation let me know as I now offer this service, and can turn the instrument around to you in about 10 working days, and at minimal cost. -jma ----------------------------------------------------------------------------------------------------- We Expertly Hunt Real Spies, Real Eavesdroppers, and Real Wiretappers. ----------------------------------------------------------------------------------------------------- James M. Atkinson Phone: (978) 381-9111 Granite Island Group Fax: 127 Eastern Avenue #291 Web: http://www.tscm.com/ Gloucester, MA 01931-8008 Email: mailto:jmatk@tscm.com ----------------------------------------------------------------------------------------------------- World Class, Professional, Ethical, and Competent Bug Sweeps, and Wiretap Detection using Sophisticated Laboratory Grade Test Equipment. ----------------------------------------------------------------------------------------------------- 8671 From: Peter McCollum Date: Wed May 19, 2004 9:17pm Subject: introduction Hi all, I just joined the list at the suggestion of Jay Coote. I am an amateur historian/researcher on the topic of "clandestine radios" (i.e. spy radios). It is all 'vintage' information - nothing modern. My research is documented at www.militaryradio.com/spyradio/ . There is a "chapter" related to surveillance gear at www.militaryradio.com/spyradio/tsd.html -- the main item there is a CIA-made ST-2A transmitter from about 1957. I'm sure that many of you folks know all about this, but: I recently learned about "non-linear junction detectors". I think I can guess the general way it works, but I'd be interested in some details. Regards, Pete 8672 From: Steve Uhrig Date: Wed May 19, 2004 11:09pm Subject: Nonlins Once upon a midnight dreary, Peter McCollum pondered, weak and weary: > I'm sure that many of you folks know all about this, but: > I recently learned about "non-linear junction detectors". I think I > can guess the general way it works, but I'd be interested in some > details. Read the list archives on the website. Nearly everything which can be said about the things has been said. Steve ******************************************************************* Steve Uhrig, SWS Security, Maryland (USA) Mfrs of electronic surveillance equip mailto:Steve@s... website http://www.swssec.com tel +1+410-879-4035, fax +1+410-836-1190 "In God we trust, all others we monitor" ******************************************************************* 8673 From: David Alexander Date: Thu May 20, 2004 1:05am Subject: RE: GCHQ non-ferric buildings Another use for structures of this kind is to house Nuclear Magnetic Resonance (NMR) scanners. They generate magnetic fields up to 10,000 Gauss (1 Tesla, I think) and that has an affect on any ferrous metal, so they tend to do without them.... David Alexander Dbi Consulting Ltd Stoneleigh Park Mews Stoneleigh Abbey Kenilworth Warwickshire CV8 2DB Office : 01926 515515 Mobile: 07836 332576 Email : David.Alexander@d... Have you visited our website? http://www.dbiconsulting.co.uk -----Original Message----- From: Steve Weinert at Excel.Net [mailto:srw@e...] Sent: 20 May 2004 01:11 To: TSCM-L@yahoogroups.com Subject: Re: [TSCM-L] GCHQ Have participated the construction of non-ferric buildings (all non-magnetic materials) and RF transparent buildings (Fiberglass beams, girders, bolts.....) Usually test and or monitoring facilities of some sort. Some were for high voltage reasons, and a couple for chemical reactivity reasons. Far from common, but less unique than one would think. Steve W ----- Original Message ----- > They visit the old GCHQ building and show some of the old test > rooms....truely remarkable.... > > Especially the floating room and the plastic room.... > > Any ideas why they'd use a room with absolutely no metal, even the wall > bolts were plastic, the rest wood.... ======================================================== TSCM-L Technical Security Mailing List "In a multitude of counselors there is strength" To subscribe to the TSCM-L mailing list visit: http://www.yahoogroups.com/community/TSCM-L It is by caffeine alone I set my mind in motion. It is by the juice of Star Bucks that thoughts acquire speed, the hands acquire shaking, the shaking is a warning. It is by caffeine alone I set my mind in motion. =================================================== TSKS Yahoo! Groups Links 8674 From: Hawkspirit Date: Thu May 20, 2004 10:55am Subject: RE: Telco Sweeps... The tap was implemented using all existing wire. The telephone lines came in on coax multiplexed in with television channels and internet service. This is why the bridge that they placed was on the output side of the digital service unit bridging across the analog telephone feed. "Block" in my usage was a normal city street in length. Roger Tolces www.bugsweeps.com Date: Mon, 17 May 2004 17:43:19 +0100 From: Ocean Group Subject: RE: Telco Sweeps... Roger Was the telecom system wired using co-ax or was that an unauthorised addition? If that is the install, I presume it operates the same as a standard twisted pair.....why use co-ax...? What kind of telco systems are used over there in the US? In that, here we've got pots and isdn as the most used, however corporate wise you'll start to see VOIP. What's a "block" in engineering terms? Cheers Ois [Non-text portions of this message have been removed] 8675 From: Date: Thu May 20, 2004 7:03am Subject: Child-porn probe used first live Internet wiretap Child-porn probe used first live Internet wiretap By Sam Stanton and Denny Walsh -- Bee Staff Writers - (Published May 20, 2004) Every time Jason Heath Morgan sat down in his Chico apartment and tapped a key on his computer, the law was watching. For more than three weeks, every Web site, every e-mail, every photo image, every chat room conversation he viewed or took part in was scrutinized, as the 26-year-old Morgan unwittingly became the first person in the United States to have his Internet usage monitored live by federal agents probing child pornography under a new law. Wednesday, as federal and state officers involved in the probe were honored for their efforts in Washington, D.C., fallout from the case continued. Agents are tracking 1,700 e-mail and chat-room users Morgan allegedly was in contact with as part of a massive child-pornography ring. Suspects in Live Oak, Las Vegas and Stockton have been arrested based on leads from the wiretap evidence. And although civil libertarians have raised concerns about other government efforts to monitor personal computer use, this law, passed in the shadow of the Bush administration's highly publicized USA Patriot Act, so far has attracted little opposition. "It's a noble thing," said Ronald Wilczynski, the Sacramento FBI agent overseeing the probe. "These kinds of investigations involve a child someplace." For now, the Sacramento case marks the only use of the new surveillance authority. But the investigation and its unprecedented use of a real-time Internet wiretap is being heralded by law enforcement officials and children's advocates alike. At a ceremony Wednesday in the Dirksen Senate Office Building, U.S. Sen. Barbara Boxer, D-Calif., presented an award from the National Center for Missing and Exploited Children to Sacramento-based authorities involved in the case. Assistant U.S. Attorney Laurel White, FBI special agent Reginald K. Ogata and state Department of Justice special agent Jeff Mackanin were among those honored for their efforts. "This was the first time such authority was granted," said McGregor Scott, the U.S. attorney in Sacramento, who attended the ceremony. "What we did here was in real-time follow this guy as he's entering chat rooms or exchanging information." Morgan pleaded not guilty to child pornography charges and remains in federal custody. Based on wiretap information, he was also charged in Butte County with multiple sex crimes against children. Morgan came to the attention of law enforcement last year as he allegedly cruised chat rooms frequented by suspected pedophiles. Undercover agents from the California Department of Justice were in a chat room, one of them posing as a person seeking information on how to have sex with a young girl and boy in his care. "He (Morgan) was going to train them on how to perform sex, that's what he thought he was doing with the undercover agent," Wilczynski said. "But he was very cagey with us." Frequently, pedophiles try to detect undercover agents by asking that they e-mail child pornography or take part in acts that the officers cannot legally perform. "He was very cagey with these litmus tests, and would say, 'Send me some pornography,' " Wilczynski said. "Of course, they couldn't do that. "They could see he was very active (on the Internet) but he wouldn't do the dance with law enforcement." Previously, agents would have had limited ability to go after Morgan, other than obtaining a search warrant for his computer and its contents. But, a federal law passed in April 2003 provided a new option. The PROTECT Act - officially Prosecutorial Remedies and Other Tools to End the Exploitation of Children Today - gave authorities the right to tap into a suspect's computer to catch child abusers, including Internet pornographers. Most of the publicity generated by the act has focused on provisions that increased penalties for child abusers and took much of the sentencing discretion out of the hands of federal trial judges. When Sacramento agents made their request in August 2003, the wiretap provision had not yet been used, and authorities had to convince a federal judge to grant the authority. "This is the technique of last resort," Wilczynski said. "You have to articulate and say all these other things won't work, therefore we want to go and do an interception." The court order was granted, with a requirement that two groups of agents be involved in monitoring Morgan. The first scrutinized his computer use and culled out everything not related to the investigation. The rest was turned over to the second team. Technology used in the surveillance is very similar to a phone tap. Agents attached a monitoring device to Morgan's phone line, then tracked his Internet activity from remote computers. With the wiretap in place, "it doesn't matter who you're dealing with, we're standing over the top of you watching everything that's going on," Wilczynski said. And, with Morgan, there was plenty to see, officials said. "There were almost 1,700 people intercepted," Wilczynski said. "We just got one case outside of California, where the agents went up to a guy's house and did a 'knock and talk' and he said, 'I was expecting you.'" Others snared through the wiretap include Tim Weintraut, 37, of Las Vegas; John Palmer, 35, of Live Oak; and Frank Lagomarsino, 28, of Stockton. Weintraut and Palmer have pleaded guilty and agreed to cooperate. Lagomarsino has pleaded not guilty and is awaiting trial. Officials say Morgan's arrest last September was as routine as such cases can be. Agents staked out his apartment, waited until he left to go to a convenience market for a soft drink and confronted him when he returned. "There was nothing remarkable, we just met him at the front of the apartment and said, 'This is what we're about,'" Wilczynski said. "They had some discussion and entered his apartment. "His machine was on, and on his screen was one of the chat rooms we'd been seeing." About the Writer --------------------------- The Bee's Sam Stanton can be reached at (916) 321-1091 or sstanton@s... . Web chat Lt. Bob Lozito, operations commander for the Sacramento Valley Hi-Tech Crimes Task Force, and Deputy Attorney General Robert Morgester will answer reader questions about computer crime in a live Web chat June 17 on sacbee.com. Post your questions by visiting http://forums.sacbee.com/computer_crimes. [Non-text portions of this message have been removed] 8676 From: Hawkspirit Date: Thu May 20, 2004 0:31pm Subject: Historical devices _____ Peter I think you might like to look at some of the TSCM historical articles on my website, they picture many old devices. Roger http://www.bugsweeps.com/info/index.html Look at this one http://www.bugsweeps.com/info/telephone_taps.html Roger Tolces Date: Wed, 19 May 2004 20:17:11 -0600 From: "Peter McCollum" Subject: introduction Hi all, I just joined the list at the suggestion of Jay Coote. I am an amateur historian/researcher on the topic of "clandestine radios" (i.e. spy radios). It is all 'vintage' information - nothing modern. My research is documented at www.militaryradio.com/spyradio/ . There is a "chapter" related to surveillance gear at www.militaryradio.com/spyradio/tsd.html -- the main item there is a CIA-made ST-2A transmitter from about 1957. I'm sure that many of you folks know all about this, but: I recently learned about "non-linear junction detectors". I think I can guess the general way it works, but I'd be interested in some details. Regards, Pete [Non-text portions of this message have been removed] 8677 From: Steve Uhrig Date: Thu May 20, 2004 0:51pm Subject: Mr. Fulford only, in FL Please mail me off list regarding your order. I misplaced your contact info. All others ignore. Tks .. Steve ******************************************************************* Steve Uhrig, SWS Security, Maryland (USA) Mfrs of electronic surveillance equip mailto:Steve@s... website http://www.swssec.com tel +1+410-879-4035, fax +1+410-836-1190 "In God we trust, all others we monitor" ******************************************************************* 8678 From: Ocean Group Date: Thu May 20, 2004 1:19pm Subject: RE: Di-electric Room Jim I don't understand what you mean by di-electric room in regards to signals activity. How would metallic isolation be achieved by using a plastic room and subsequently how does that transpose into an application...? A teflon or otherwise RF Isolator can reduce the amount of RF radiating from coax feeding an antenna and stray RF can result in a loss of radiated power from the antenna, which will lead to a reduction in signal strength, which is obviously important for low power applications..... Therefore making the room act as a dielectric, it acts as an insulation layer between the conductor within the building (the test device...) and .......what...? The outer world....freespace.....what acts as the conductor on the other side....(other than air propagation, am I looking for a metallic conductor)... Appreciate any enlightment.... All the best Ois *********************** Message: 4 Date: Wed, 19 May 2004 22:01:00 -0400 From: "James M. Atkinson" Subject: Re: GCHQ A "Dielectric Room" is commonly used in EMI/EMC studies where metallic or semi-metallic isolation is required. This is the same reason we use a Teflon isolator or stand-off on TSCM antenna's as we do not want to effect the field we are trying to measure. -jma --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.684 / Virus Database: 446 - Release Date: 13/05/2004 8679 From: Ocean Group Date: Thu May 20, 2004 1:26pm Subject: RE: Telco Sweeps... Hi Roger Is the phone data running on the cable tv lines...I presume this is one of these services where you get phone, net and tv from your cable tv provider. In that case surely the line would be digital, therefore if your services are multiplexed into the house then their must be an additional decoder box within the house, what was the purpose of the unit outside the house, apart from acting as a junction box. How was the analogue line that was connected to the RF tx connect to the exterior junction box if the data is digital and multiplexed...was their an analogue port just for the phone line at the exterior connection box...? Regards Ois PS. How long is an average piece of string...? *************** Message: 9 Date: Thu, 20 May 2004 08:55:27 -0700 From: "Hawkspirit" Subject: RE: Telco Sweeps... The tap was implemented using all existing wire. The telephone lines came in on coax multiplexed in with television channels and internet service. This is why the bridge that they placed was on the output side of the digital service unit bridging across the analog telephone feed. "Block" in my usage was a normal city street in length. Roger Tolces www.bugsweeps.com --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.684 / Virus Database: 446 - Release Date: 13/05/2004 8680 From: Ocean Group Date: Thu May 20, 2004 4:06pm Subject: Courses for potential sweepers.... Someone was just commenting on the greatness of ARRL courses and how they are great value for money etc on another newsgroup.... Would I be write in saying that potential sweepers would be better off doing these ARRL courses instead of signing up for often expensive and useless 2-3 day TSCM commercial courses found in the US.... Present company excluded naturally... Anyone could any thoughts or opinions on this...Steve? Regards Ois --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.684 / Virus Database: 446 - Release Date: 13/05/2004 8681 From: Steve Uhrig Date: Thu May 20, 2004 5:28pm Subject: Re: Courses for potential sweepers.... Once upon a midnight dreary, Ocean Group pondered, weak and weary: > Someone was just commenting on the greatness of ARRL courses and how > they are great value for money etc on another newsgroup.... Yes, if you are interested in formal amateur traffic handling for volunteering your services in times of emergency, as backup communications support. The ARRL is pushing the Emergency Communications course heavily. My own ham club list has had a thread for a few days on it. ARRL courses are very vertical and presume one already is licensed and has proven their knowledge of basic electronics and communications theory and practice. My personal feeling is that presumption would not necessarily apply to many members of this list. And I don't think there's enough of a crossover to bother with the ARRL courses. If one is a ham and interested in developing his skills to volunteer during disasters, it may be worth the USD $75 or $45 depending on whether you're a member or not. www.arrl.org for info. Note I have not been an ARRL member since the early 1970s. > Would I be write in saying that potential sweepers would be better off > doing these ARRL courses instead of signing up for often expensive and > useless 2-3 day TSCM commercial courses found in the US.... I don't think the ARRL courses will be of any significant benefit to TSCMers. Amateur radio, by definition is amateur. Not professional. In fact, doing any amateur-related service for compensation specifically is prohibited by law. TSCM should be professional. *Should* be. Professionals make money at what they do. That criteria alone also eliminates the majority of people pretending to be active in TSCM. However, I agree with you on the commercial courses offered in the U.S. Having audited some of them, I feel it was a waste of time and virtually always was a thinly disguised sales pitch for the equipment peddled by the person offering the course. One could buy the equipment on their own, cheaper, from the same source, but the psychological pressure to buy from the instructor or school nearly is irresistable. I think I surprised some and broke their perfect record of selling gear to students. I don't have any other suggestions on specific quality private sector training for TSCM. In my opinion, there isn't any in the U.S. of which I am aware. I automatically eliminate any courses offered by manufacturers of equipment as you are paying your money to be given a sales pitch regardless of any claims to the contrary. You are trained on that manufacturer's gear, and you WILL buy it. Audio Intelligence Devices' National Intelligence Academy (AID/NIA) trained students on their equipment and thus had a virtual lock on the surveillance equipment market worldwide until they went under. They could have given away their training and considered it a marketing expense for their products. Govenrment training is being phased out, but that's insignificant unless you're employed by a government agency who will feed and water you and spend the money to train you. The few independent training courses I've seen peddled make a big splash then quietly disappear and never are conducted. This leads me to believe there isn't enough *genuine* interest in private sector training to support the infrastructure necessary to set them up. I had considered it to offer myself, and found there is a huge difference between people who claim they're interested and people who be willing to commit and actually spend money. Also, there is the credibility issue. Unless training is offered by a recognized and reputable institution (Bob Gruber are you listening?), it means little. Reputable means in the minds of others, not just in the mind of the person conducting the training! Recently there was a decent thread started by a gentleman preparing for a U.S. government career which will involve him in TSCM. The advice from several contributors was right on target. Off the top of my head, I would guess 75% of training in prep for TSCM should be general electronics and communications, NOT TSCM-specific. Other training would not be TSCM-specific either but would include some investigative training, English classes and *how to write a decent report* being among them. However, those classes are not glamourous, so they're neither offered nor sought. If I offered TSCM training, I'd emphasize the business side of things and the ability to communicate issue. Those skills are far too scarce in the profession. My impression is far too many people want to run before they can walk, and FAR FAR too many people start by buying equipment way before they're ready to do so. Get the training first, then the toys later. Having the violin does not make you the musician. Soapbox mode Steve ******************************************************************* Steve Uhrig, SWS Security, Maryland (USA) Mfrs of electronic surveillance equip mailto:Steve@s... website http://www.swssec.com tel +1+410-879-4035, fax +1+410-836-1190 "In God we trust, all others we monitor" ******************************************************************* 8682 From: Steve Weinert Date: Thu May 20, 2004 8:55pm Subject: Re: Courses for potential sweepers.... --- In TSCM-L@yahoogroups.com, "Steve Uhrig" wrote: > Once upon a midnight dreary, Ocean Group pondered, weak and weary: > > > Someone was just commenting on the greatness of ARRL courses and how > > they are great value for money etc on another newsgroup.... > > Yes, if you are interested in formal amateur traffic handling for > volunteering your services in times of emergency, as backup > communications support. The ARRL is pushing the Emergency > Communications course heavily. My own ham club list has had a thread > for a few days on it. > > ARRL courses are very vertical and presume one already is licensed > and has proven their knowledge of basic electronics and > communications theory and practice. > > My personal feeling is that presumption would not necessarily apply > to many members of this list. As a list member who has taken several of the ARRL CCE courses I 100% agree. The focus of these courses is either technical (modest level, excepting the antenna design theory course which appears intense) or administrative-procedure focused. They are decent enough courses for what they are, but in no specific sense are they TSCM targeted. > If I offered TSCM training, I'd emphasize the business side of things > and the ability to communicate issue. Those skills are far too scarce > in the profession. Actually Steve those skills are far to scarce in most professions. Attitude and communications skills seem to be innate requirements, usually the rest can be mentored or trained into the apprentice. Steve W 8683 From: Steve Weinert Date: Thu May 20, 2004 9:05pm Subject: Re: GCHQ non-ferric buildings The last couple medical examination level MRI/NRM/CAT/Scan-of-week facilities we participated in seemed to have somewhat relaxed requirements on ferrous metal contant and placement. The concern that nothing ferrous moves or is intermitantly grounded (which can act as a simple signal generation circuit) was still a focus. Has anyone else seen the systems that use lasers & targets on a structure to monitor vibrations & deflections? Used in coarse modes to monitor tankage, retaining walls, floor/roof loadings, structural system loadings, airpressure differential on large glazed structures, and so on, some of the systems appear to have the potential for exploitation in the TSCM sense. Steve W --- In TSCM-L@yahoogroups.com, "David Alexander" wrote: > Another use for structures of this kind is to house Nuclear Magnetic > Resonance (NMR) scanners. They generate magnetic fields up to 10,000 Gauss > (1 Tesla, I think) and that has an affect on any ferrous metal, so they tend > to do without them.... > 8684 From: Steve Uhrig Date: Thu May 20, 2004 9:27pm Subject: Re: GCHQ non-ferric buildings At one government agency where I worked, we had on a remote area of post a decent sized facility made completely of wood. It was about the size of a 2 story house. There was ZERO metal used in construction. Skylights provided illumination and of course the building could be used in daytime only. It was used for calibrating extremely sensitive transducers and related sensors used in intelligence applications. Workers there wore cotton jumpsuits and no jewelry. When the tests actually were being conducted, no one was in the building. The ground for perhaps 20 meters around the building was kept bare of vegetation with herbicides and had gravel laid. A fiberglass fence surrounded the building outside the cleared perimeter. Travel in was via golf cart only. We had a bit of an argument with the safety people over not having fire extinguishers in the building. Especially being wood, in a remote area and usually unmanned, it was a legitimate concern. Apparently national security won out over the safety concerns as I never saw extinguishers in there. This was back in the mid 1970s. Steve ******************************************************************* Steve Uhrig, SWS Security, Maryland (USA) Mfrs of electronic surveillance equip mailto:Steve@s... website http://www.swssec.com tel +1+410-879-4035, fax +1+410-836-1190 "In God we trust, all others we monitor" ******************************************************************* 8685 From: Date: Fri May 21, 2004 2:40pm Subject: Folcroft Borough Police Dept. Bugged - 2 articles Folcroft Borough Police Dept. Bugged May 20, 2004 — The DA's office is trying to figure out who planted the recording device inside the police department, what they were looking for and why. Tiny pin holes and wires were coming out of them. They mark the spots where investigators discovered and dismantled an elaborate network of hidden cameras and recording devices. They were concealed in smoke detectors and emergency lights. Investigators say for years the cameras recorded the action of the Folcroft Borough police force inside their own headquarters. Officers had heard rumors that they were being watched by borough bosses. A few months ago the police chief decided to put the rumors about the police department being bugged to rest, so he hired a private investigator to sweep the building. According to court documents, that investigators found recording devices in the evidence room the squad room and the hallway. The chief decided to go to the district attorney. On Tuesday night, the D-A's office did another search. This time, they found even more cameras, including one in the locker room where officers, including the department only female, change their clothes. The court documents suggest employees suspect two borough officials have something to do with the bugs, but so far no one is named as a suspect and no arrests have been made. Employees are watching their backs. The DA traced the equipment to a private investigative outfit in Chester County. The DA's office found invoices that indicate the firm charged the borough nearly $4000 to carry out the surveillance work. But who hired the firm and why is not known. http://abclocal.go.com/wpvi/news/052004_nw_folcroftcameras.html Recording Equipment Discovered In Folcroft Borough Hall Police: Women Were Videotaped While Dressing POSTED: 12:18 am EDT May 21, 2004 UPDATED: 12:48 am EDT May 21, 2004 FOLCROFT BOROUGH, Pa. -- Secret video and audio recordings have been discovered inside the Folcroft Borough Hall in Delaware County, and cameras and microphones were even found in rooms where women undress. Police said they discovered they were being spied on one year ago, so they set up their own surveillance equipment to determine why anyone would do it. Now, the case is in the hands of the Delaware County district attorney's office. The equipment reportedly appeared shortly after 26-year-old Folcroft Police Officer Leslie McLean was hired. She said she is devastated that someone videotaped her dressing. Other hidden cameras and recording equipment were found in the building, police said Two tapes dating back as far as 2002 and a VCR were seized from the old office of one of the suspects, which he used while serving as district judge, police said. Police said they also discovered bills showing that the borough purchased the surveillance equipment for $4,000. No charges have been filed in this case, and no arrests have been made. http://www.nbc10.com/news/3330052/detail.html