Electronic Countermeasures

COMPUTER SECURITY COUNTERMEASURES

  1. Conduct background investigations on new hires. Watch employees for disgruntled trends.
  2. Provide proper training on computer operations, handling and use.
  3. Do not allow use of dial-up modems.
  4. Limit access to computing facility and escort all visitors.
  5. Do not allow magnetic media to enter or exit computing facility without proper controls.
  6. Conduct frequent virus scans of all system software.
  7. Install access control software on all computer systems.


VIRUSES, TROJAN HORSES AND TIME BOMBS

  1. ALL ARE MALICIOUS CODES THAT CAN DAMAGE, DESTROY AND ALTER DATA FILES OR SOFTWARE PROGRAMS.
  2. DAMAGE CAN RANGE FROM A NUSIANCE TO TOTAL DESTRUCTION OF ALL COMPUTERIZED INFORMATION.
  3. VIRUSES INFECT MAGNETIC MEDIA AND ARE SPREAD FROM ONE SYSTEM TO ANOTHER AS MEDIA IS DISBURSED. MOST COMMON SOURCES OF VIRUSES ARE COMPUTER BULLETIN BOARDS, SCHOOL COMPUTERS AND NEW SOFTWARE.
  4. A TROJAN HORSE IS A SOFTWARE PROGRAM THAT IS DISGUISED TO DO SOMETHING HARMFUL, UNKNOWN TO THE USER. ie: A COMPUTER GAME, WHILE BEING PLAYED, ERASES ALL THE INFORMATION ON THE HARD DISK.
  5. A TIME BOMB IS MALICIOUS CODE THAT ACTIVATES AT A SPECIFIC TIME AND/OR DATE. ie: THE PAYROLL COMPUTER CRASHES TWO WEEKS AFTER AN EMPLOYEE IS FIRED.


THE COMPUTER SECURITY THREAT

HOW?
  1. FILES ON MASS STORAGE ARE ALTERED, ERASED OR HIDDEN.
  2. FILES & SOFTWARE COPIED TO REMOVABLE MEDIA, THEN STOLEN.
  3. FILES ACCESSED THROUGH MODEMS, COPIED, ALTERED, ERASED, OR HIDDEN.
  4. VIRUSES, TROJAN HORSES, AND TIME BOMBS INTRODUCED INTO A SYSTEM.
  5. PHYSICAL DAMAGE TO COMPUTER HARDWARE, WIRING OR POWER SOURCES.


THE COMPUTER SECURITY THREAT

WHO?
  • DISGRUNTLED EMPLOYEES.
  • MAINTENANCE PERSONNEL.
  • VANDALS AND HACKERS.
  • COMPETITORS.
  • INTELLIGENCE GATHERING ORGANIZATIONS.

NATURE OF AN AUDIO SURVEILLANCE OPERATION

  1. When we think of a TARGET, we tend to think in terms of the CLASSIFIED OR SENSITIVE information which will be compromised by an Audio/Surveillance (A/S) device.
    1. POSITIVE information is desired if it can be obtained, but rarely does that occur.
    2. OPERATIONAL information is the real goal of most A/S operations.
      1. PERSONALITIES - Corporate leaders
      2. ACTIVITIES/ORGANIZATIONS - Projects or departments
      3. COUNTER INTELLIGENCE (CI) INFORMATION - in conjunction with other investigative techniques to identify means and methods of information protection and security weaknesses.
      4. AGENT CONTACTS - Develop contacts within an organization/department.
      5. POSITIVE INTELLIGENCE - Determine what information may be of use and methods in which it can most effectively be obtained.
    3. KEEPING TRACK of the opposition to find out what they are up to in order to counter their moves.
  2. TYPES OF SYSTEMS AVAILABLE
    Generally three types
    (1) Microphone and wire
    (2) Energy Transmitters
    (3) Telephones
    1. MICROPHONE AND WIRE
      -CONSIDERATIONS-
      1. Microphone connected to wire must be routed to a listening post.
      2. Microphone concealment
      3. Wire run concealment
      4. Listening Post (LP) location and
      5. Maintenance
      -ADVANTAGES-
      1. Very reliable
        1. Little that can go wrong once it is in place.
        2. Pre-amplifiers and line drivers provide a fairly long distance capability.
      2. Difficult to detect if properly installed.
        -DISADVANTAGES-
        1. Most time consuming of the installations if it is done properly.
    2. ENERGY TRANSMITTERS
      1. RADIO FREE SPACE (RF)
        -ADVANTAGES-
        1. Quick and dirty in most instances. No wire runs.
        2. Wide variety of modulation schemes and variations.
        3. Battery eliminator for alternating current (AC) voltage installations.
        4. Remote control capability.
        -DISADVANTAGES-
        1. Servicing can be a problem if using batteries.
        2. Receivers - Once on the air, anyone with a receiver scanning that frequency range can pick up the transmissions.
      2. CARRIER CURRENT
        -ADVANTAGES-
        1. Security of mike and wire with good quality.
        2. No free space radiations.
        3. More difficult to detect with low power with a balanced transmission line.
        4. Remote controlled.
        -DISADVANTAGES-
      1. Noise on the line.
      2. Listening post location must be on the same leg of the transformer.
      3. Installation time.
    3. TELEPHONES
      1. TAPS
        1. Probably most common Audio/Surveillance technique used.
        2. Can be accomplished anywhere between the telephone and central office.
        3. Easy to install.
        4. Difficult to detect.
      2. COMPROMISED OR "HOT" TELEPHONE
        1. Access to target areas.
        2. Two (or three) built in microphones.
        3. Remote - RF tap.
      3. TELEPHONE RUN
        1. Infinity transmitters
        2. Carrier transmitters - on line
        3. Radio transmitter - on line
      4. INSTRUMENT AS CONCEALMENT DEVICE
        1. Microphone and wire
        2. RF transmitter
        3. Carrier transmitter
  3. TYPES OF TARGETS
    1. CONTROLLED
      1. Safe House
      2. Office
      3. Reception rooms
    2. OPPOSITION STRUCTURES
      1. OFFICIAL
        1. Embassies
        2. Consulates
        3. Military installations
        4. Cabinet offices
        5. Heads of state
      2. NON-OFFICIAL
        1. Trade delegations
        2. Traveling groups
      3. RESIDENCES
        1. Homes
        2. Apartments
        3. Hotels
    3. OPERATIONAL TYPES
      1. LONG RANGE
      2. OPPORTUNITY
    4. MISCELLANEOUS
      1. AUTOMOBILES
      2. BRIEFCASES
  4. TARGET SPOTTING AND CASING
    1. ASSETS INVENTORY
      1. SURVEILLANCE TEAM
        1. Indigenous
        2. U.S.
      2. AVAILABILITY OF TECHNICIANS
        1. On hand
        2. Called in on a timely basis
      3. AVAILABILITY OF EQUIPMENT
        1. On hand
        2. Called in
      4. AREA INFORMATION
        1. Complete
      5. ACCESSIBILITY OF TARGET
        1. Physical security
        2. Alarms
        3. Dogs/guards
      6. LISTENING POST
        1. Nearby
        2. Relate to surroundings
      7. PROCESSING CAPABILITIES
        1. Transcribers
          1. Available
          2. Recruited
          3. Tape processing location
          4. Research facilities in order that any meaningful information can be rapidly processed for effective use.
      8. CROSS CHECK WITH OTHER AGENCIES TO PRECLUDE CONFLICT OF INTEREST
        1. Obtain approval
        2. Once approved or you expect approval
          1. Check Maps
            1. Street information
            2. Surrounding area
          2. Files check
            1. Areas
            2. Personalities
            3. Structures
          3. Obtain first hand knowledge of target and surrounding area
            1. Street traffic
            2. Routes (One way traffic - etc.)
            3. Types of structures - homes, apartments, offices
          4. Obtain photographs of target and surrounding area
          5. Hours of operation of target area
          6. Personnel in area surrounding target
          7. LP Location availability
            1. Proximity to target
            2. LP must be cased as closely as target area
    2. TARGET ENTRY (IF POSSIBLE) FOR CASING
      1. DO IT YOURSELF, IF POSSIBLE
      2. AS LAST RESORT, BRIEF AGENT
      3. TECHNICAL DATA
        1. Power - 110-220 volt, 50-60 cps
        2. Ceilings - height, material, fixtures
        3. Walls - height, material, fixtures
        4. Baseboards - what kind, mounting
        5. Floors - wood, tile, carpeting
      4. TACTICAL DATA
        1. Target room or area
      5. TENTATIVE SELECTION OF TYPE OF SYSTEM
        1. Microphone
        2. Transmitter
        3. Telephone
    3. PLANNING
      1. COLLECT ALL DETAILS AND COMMIT TO PAPER
        1. Photo's
        2. Maps
        3. Floor plans
        4. Diagrams
        5. Technical details
        6. Paint samples
      2. PLAN A COMPLETE AND DETAILED INSTALLATION OF THE AUDIO SYSTEM FROM DEVICE TO THE L.P.
        1. Microphone and wire or transmitter or
        2. Any backup
      3. ENTRY PLAN COMPLETE AND DETAILED
        1. Approach (car, bus, taxi, foot)
        2. Time
        3. Exit
        4. Alternates
      4. EMERGENCY PLANS
        1. Exit procedures
        2. Communications
      5. EXIT PLAN COMPLETE AND DETAILED
        1. Carefully as the entry
        2. Maintain discipline
        3. Complete check - tools, foot prints, cigarettes, and smell
      6. EQUIPMENT REQUIREMENTS
        1. Assemble all tools and equipment
        2. Prewire and check everything prior to operation
        3. Recheck equipment, even during installation
        4. Have reserves on hand
      7. TIMETABLE - DETAILED
        1. Entry time - lock pick, etc.
        2. Installation time
        3. Time check points during installation
        4. Exit time
        5. Stick to operations plan
      8. PERSONNEL
        1. One person in charge
        2. Specific assignments
        3. Minimize number of people in target area
        4. Clothing
        5. Documentation/personal papers
        6. Rehearse (step by step)
        7. Maintain discipline
    4. EXECUTE
    5. DETAILED AFTER ACTION REPORT
      PLANNING
      1. Security
      2. Assign a team chief
      3. Research on target
        1. Files
        2. Floor plans
        3. Any other information
      4. Casing
        1. Routes to and from
        2. Location (Customs in that area)
        3. Guards (Number - schedule - armed - etc.)
        4. Alarms (local-central)
        5. Locks (Type - number - etc.)
        6. construction
        7. Windows
        8. Entrances/exits
      5. Equipment
      6. Set up area (for dry run)
      7. Timing
      8. Clothing
      9. Documentation
      10. Cover story
      11. Transportation (meeting place)
      12. Communications (Check out in the area of the operation)
      13. Team chief responsible for entry and exit
      14. Emergency exit procedures
      15. Do not over extend allocated time
      16. After action check list and report


Cellular Telephones Versus Privacy

   The same technology that has led to the current popularity of cellular telephones has also made cellular telephone systems all the more susceptible to unauthorized interception. A common misconception held by many cellular telephone users today is that the advanced level of technical sophistication employed in cellular telephone systems correspondingly reduces vulnerability to interception of their mobile telephone calls. They are greatly mistaken.

   While the sophisticated complexities of the cellular telephone system may frustrate the efforts of casual radio monitoring curiosity seekers, they are a tremendous asset to the professional intercept operator. Not only do they facilitate monitoring the conversations of a specifically designated target, but the exchange over radio waves of digital data between the cellular telephone unit and the main cellular telephone system computer provides a wealth of information to the skilled intercept operator.

   Few cellular telephone users are aware that once their mobile or portable cellular telephones are turned on, there is a continual exchange of information between their units and the main computer. This information exchange occurs every few minutes and is the means by which the cellular telephone informs the computer of who it belongs to, where it is located, and that it is ready to receive or initiate a call for the unwary user, there is no observable indication that this data exchange is taking place even though the cellular telephone is not actually being used in a conversation. An example of just part of the information being exchanged will illustrate its importance to the intercept operator.

   The Mobile Identification Number (MIN) is the standard ten digit telephone number of the cellular telephone. The cellular telephone frequently transmits its own telephone number to the cellular system computer to identify itself and disclose its location. If there is an incoming call for the cellular telephone, the system computer will know that it is available to receive the call and in which cellular cell coverage area it is located. The computer will then address that particular cellular telephone by its number. The cellular telephone also sends its own telephone number, as well as location determining information, when an outgoing call is placed. From the area code and first three digits of the telephone number, the intercept operator can quickly determine the geographical area in which the cellular telephone owner is a subscriber. This is called its home base.

   Another means of determining the home base of the cellular telephone is through the System Identification Designator (SID), which is a 32 bit code that identifies the specific company, and its location, to which the user subscribes for cellular telephone service. Each individual company system throughout the world has its own unique identification code, and that code is programmed into the cellular telephone unit. This is how the cellular telephone companies know where to send the subscriber's bill. If a cellular telephone user from New York uses his unit in San Francisco, the automatic transmission of the System Identification Designator data will tell the San Francisco cellular telephone company exactly where to send the subscriber's bill in New York. It also tells the intercept operator the location of the user's home base.

   For the intercept operator, the Electronic Serial Number (ESN) is of paramount importance. The Electronic Serial Number consists of a series of bits of information representing the unique identifying serial number of each individual cellular telephone. While the Mobile Identification Number and the System Identification Number can be changed with relative ease, the Electronic Serial Number is permanently programmed into the cellular telephone at the factory by the manufacturer. It is what identifies a single cellular telephone out of the millions distributed worldwide, and is as unique as a person's fingerprints.

    Quite often, an intercept operator will simply program the monitoring equipment to activate upon receipt and recognition of an Electronic Serial Number rather than the Mobile Identification (telephone) Number. Should a targeted cellular telephone user change the Mobile Identification Number, or obtain service from another company, the intercept operator would immediately have the new Mobile Identification Number and the System Identification Designator information and simply update the programming of the monitoring equipment.

   Once the intercept operator locks on to a specific cellular telephone it will respond to control instructions from the cellular system computer much the same as the cellular telephone being monitored. Whenever the cellular telephone is switched from one channel to another as it passes through a cell, or from one cell to another, the monitoring equipment will switch likewise to enable continuous, uninterrupted monitoring and recording throughout each and every conversation. The user's only defense is to exercise caution in what is discussed when using a cellular telephone.

   But a good intercept operator can do more than simply acquire identification information and eavesdrop on sensitive cellular telephone conversations. Every cellular telephone consists of a radio transmitter and receiver. The transmitter emits a signal that the intercept operator can use to home in on and precisely locate the unsuspecting user. If the cellular telephone is installed in a vehicle, the signal it radiates--even when the cellular telephone is not in use- can be used to track the vehicle as it moves about. Cellular telephones often make excellent tracking transmitters.

    Worse yet, cellular telephones, especially mobile units, can be used in assassination efforts. A miniature, relatively simple, preprogrammed digital dual-tone decoder circuit and a compact explosive, lethal gas, or incendiary device can easily be connected to a cellular telephone. Then days, weeks, or months later, the assassin simply calls the cellular telephone user. Once the assassin's intended target is using the cellular telephone, the assassin quickly dials the appropriate preprogrammed code. In less than half a second the code is detected and the lethal device activated. The assassin could conceivably originate the deadly call, and activate the device, from half-way around the world via an international direct-dial call.

   Corporate executives, diplomats and government officials, defense contractors, business people, and celebrities are all subject to having their most confidential cellular telephone conversations monitored. For the competent intercept operator, one target is just as easy to monitor as the other. The Electronic Communications Privacy Act making unauthorized interception of cellular telephone conversations a crime is hardly a deterrent to most illegal intercept operators because it is almost impossible to detect their activities. They simply sit quietly in their hotel rooms or vehicles and monitor the air waves. Since their compact monitoring equipment is fully automatic, they do not even have to be present as sensitive cellular telephone conversations of their unsuspecting targets are being recorded.

   Commercial and industrial espionage has become a multi-billion dollar a year business, and selective monitoring of cellular telephone conversations is one of the easiest, most expedient, cost effective means of acquiring sensitive information while incurring minimal risk of being discovered. Cellular telephone are wonderful devices, but the convenience and ease of operation they offer lull perhaps too many users into a false sense of security--a security that simply does not exist. Ask any intercept operator.