VOLUME 11 NUMBER 1 FEBURARY 1996



NO! NO! NO!
The Hot Micx is free! There is no Subscription fee! You don't have to belong to an admiration society to receive it. It's free!!! You do have to keep me posted when you move if you wish to receive it and you do have to let me know that you DON'T want it if you don't want it. Other than that, no gimmicks and no hidden charges. Just bear with the subliminal message when I do my advertising. For you who are receiving this issue of The Hot Micx for the first time, welcome. For those who have received back issues and are concerned that the last issue was dated July of 1995, not to worry. In as much as I am the editor, cut and paster, compiler, mailer and also operate Technical Security Consultants Inc, There wasn't enough of me to go around during the last quarter of 1995. First came work, then came our seminar in Las Vegas followed immediately with more work. We also traveled to Texas and provided in-house training to an organization having a requirement for that capability. All in all, very exciting.

  As many of you are aware, once a year I update my mailing list; names are added and names are deleted. Check your mailing label and if your name is printed in bold print, you will continue to receive the newsletter. It the printing is in regular print, you may or may not receive later issues. If you do wish to continue to receive copies, drop me a line and request your name be highlighted. Itıs that simpler.

E-MAIL ADDRESSES



  Please take a few moments of your time and mail or E-Mail me your E-Mail address if you are on America On Line or the Internet. Please include the whole address. I'm going to try sending The Hot Micx electronically if I can hit on a protocol that is friendly to everyone involved. Otherwise, I'll be looking to get a Web Page and I can let you know when something of importance (to all of us) is posted.
  E-mail me at dbugman@aol.com   or  dbugman@dbugman.com
Thanks in advance for your assistance and consideration.

Inside every large problem there is a small problem struggling to get out.

COMPUTER BREAKINS



  If you have a computer and it is accessible by someone else, you have a potential problem. Common sense items, turn off the modem when not in use. Fire walls are only so effective and can be penetrated if enough access is afforded. Compartmentalize your server and access control all compartments. For larger organizations, your Information Management Department should have software to set up and control accounts for this purpose. IMD personnel, don't let the user pick their password, do it for them, and make it difficult. If you have password generating software, utilize it for generating random passwords. Use upper and lower case characters if the system will support it. Make it hard for the bad guys, folks. Then when a problem occurs, it may be easier to determine how information was compromised. Did I mention encryption when saving or transferring information over unsecured lines?

I seen my duty and I done it.
- Anonymous

MORE COMPUTER SECURITY



Dateline New York Times --- The Arizona Republic, November 27, 1995. In another article, it was reported that at least 20 companies of 1290 queried responded that they had experienced computer breakins resulting in losses in excess of $1 million. Nearly half reported losses as a result of hackers, viruses, sabotage, corporate spies and incompetent employees. Pleasantly, the survey indicated companies were more aware of the risks and were taking stronger measures to protect their information.

When elephants fight, it is the grass that suffers.
- Anonymous Kikuyu

AUDIO AND VIDEO SERVICES



For those of you having a requirement for the services, I have identified what appears to be a very good source for working with audio and video tapes to recapture the intelligence. Phil Parmenter, owner of Secure Audio Services has been working with a commercial audio business account for more than five years doing audio and video enhancements/cleaning up for commercials and productions. In his studio, he has several racks of audio and video/computer equipment for digitizing and cleaning up analog signals. Phil stresses (as do technical specialists in the investigative field) that if you KNOW you are going to be recording something for evidence or for use in prosecution and feel it may need cleaning up, PLEASE use a DIGITAL RECORDER. When he does his work, the first thing he has to do is digitize a signal and then try filtering, limiting, etc to get usable audio. By digitizing in the first place, he has a lot more to work with. I'm going to give you a phone number that you probably won't remember (if you are like me), so give me a call when the requirement arises and I'll put the two of you in touch with each other. If you want to write it down on a rolodex card, he can be contacted at 602-812 9420.

Assumption is the mother of all screw-ups.

SEMINAR



  In response to your many requests for a seminar to be held on the East Coast, sing praises. TSCI contacted friends and acquaintances at USATREX International and arrangements are under way to have the next session at their facility in Vienna, VA, just outside Washington, DC. For this session, plan on attending THREE days, not the customary two. We feel the additional time will be warranted AND necessary as USATREX has numerous technically trained personnel on their staff who will be most interested in passing on information and answering your many questions. As in the past, we will be addressing electronic countermeasures/bugging/debugging, information protection, computer security and other related subjects. As an added bonus, USATREX brings to the seminar unique resources who can answer questions pertaining not only to the private sector, but to the government and international sector as well. As in the past, space will be limited and, as this session is being held in the Washington, DC area, I would strongly recommend advance reservations. Fax your reservation to Tom Barrett at USATREX (703) 448-1422, using the attached reservation sheet or contact me at (602) 786-0909 or Tom Barrett at USATREX, (703)448-0178 for additional information.

  Also, I was contacted by Vic Pichette in Providence, RI about presenting a two day seminar in his area. We are discussing it at this time and will consider it for this November. I'd like input from the readers on your thoughts about a Technical Surveillance Countermeasures / Protection of Proprietary Information seminar being held in or near Providence, RI, or if you feel there is enough interest, in your area. Call or write with your comments.

En boca cerrada no entran moscas. [The closed mouth swallows no flies.]

EQUIPMENT



  Attending the TSCM/POPI seminar in Las Vegas last November was Thomas Jones, General Manager of Research Electronics Inc. He demonstrated several items of equipment manufactured and sold by his company. One, called the OSCAR, looks very interesting, but don't rush out and buy it just yet. No one I know has had an opportunity to effectively evaluate the OSCAR or compare it against other equipment available. Judging from the limited time I had to evaluate it, though, it looks very promising, especially considering its price. The only serious drawback I encountered (and this is a personal preference) was the lack of listening while looking at a signal. Either audio or pan had to selected, not both. Hopefully, that operational characteristic can be remedied. If anyone has an opportunity to evaluate the unit, please let us know what you think. So far most of the responses have been positive, pending further evaluation.

  SPEAKING of equipment, I have available an ECR-1 Spectrum Analyzer and an ETA-1 Telephone Analyzer, both manufactured by ISA. If you're interested, call with your offer and something may be worked out. This equipment, along with several other items, came to me through a client who decided it was more efficient and effective to have someone do the work who was properly trained , equipped and knowledgeable.

Don't look Back. Something may be gaining on you.
- Satchel (Leroy) Paige

EVEN MORE COMPUTER STUFF



  Dateline, Litchfield, Conn --- The Arizona Republic, February 10, 1996 I just finished reading in the business section of The Arizona Republic about an FBI investigation which resulted in the arrest of an individual in Florida for 29 counts of computer crime, one count of third degree larceny and two counts of harassment. Seems he was fired from a company in Connecticut last year and went to work for a competitor. He later started his own business as a sub-contractor. What he was alleged doing was illegally accessing his former Connecticut employers computer mail and selectively intercepting, reading and deleting mail, messages and calls from clients or prospective clients. He would then contact them with sales pitch of his own. Part of his undoing came about as a result of calls from clients threatening to take their business elsewhere because their repeated messages were not being returned. It has been estimated he cost his former employer up to $1 million dollars in business. {He plead innocent and his lawyer stated that "we believe the state may have been mistaken in this matter".

Once you open a can of worms, the only way to recan them is to use a larger can.

AMERICA ON LINE
AND INTERNET ACCOUNTS



  I have e-mail accounts on both America On Line (D Bug Man@aol.com) and Internet (dbugman@dbugman.com). I'm also going to check about getting a Web Page with AMUG (Arizona Macintosh Users Group) and upload lots of my stuff (and anything I can beg from Kevin Murray). Experience has shown over the past week that no matter what I do, someone on the list is going to get an e-mail attachment they can't read.

  If you are a user of AOL, I was able, after about six months of pleading, crying and grovelling to get AOL to set up an area in their Public Safety Center for people in the Industrial Security field. To get there, sign on AOL, open clubs and interests, go to Public Safety Center, open Special Interest, select and open Special Interest topics and look for Industrial Security folder about the fifth from the bottom.

  I was also able to get AOL to give us a CHAT SESSION time allocated to Industrial Security on Wednesday evenings at 8PM eastern time. It is still in its throes of evolution, but we've had a few good sessions discussing gun control, computer security, debugging, security officers, etc. It gets pretty interesting when some of the firefighters, para medics and law enforcement types come up to see what's gong on and start asking questions or adding comments. I think you'll enjoy it if you try it. Look forward to seeing you in the future.

In a bureaucratic hierarchy, the higher up the organization, the less people appreciate Murphy's law.

ARTICLES FOR THE NEWSLETTER



I'm always looking for articles on items relating to bugging, electronic spying/espionage or the unusual for inclusion in The Hot Micx. Feel free to mail them.

  If you know where I can get a good software package containing unusual and/or interesting Quotes, please pass the information on to me. When I uploaded on my new computer and tried opening Quotable Quotes, I got a type 1 error message.

Those who can - do.
Those who cannot - teach
Those who cannot teach - administrate.


  • Technical Security Consultants, Inc. and USATREX International, Inc. will be presenting a three day Technical Surveillance Countermeasures (TSCM)/ Protection of Proprietary Information (POPI) Seminar in Vienna, VA on Monday, Tuesday and Wednesday, 17, 18 and 19 June 1996.

  • The seminar will cover computers and their weaknesses; fax, cellular and electronic telephones and the threats encountered; TSCM (debugging) equipment, the cost, quality, and capabilities of the various types of equipment available and how it should be used; determining when a TSCM examination might be required and how to select the best qualified person/organization for the job; establishing an in-house TSCM capability or contracting for the service; locks and alarms and access control; shredding machines; information protection; monitoring devices and how they may be used; etc.

  • Due to the sensitivity of the information to be discussed, attendance is restricted primarily to security directors, managers or persons within an organization responsible for the protection of information, law enforcement and government contractor personnel.
  • If you are not in the above categories but would like to attend, give me a call. Exceptions are granted on a case by case basis.

  • Technical Security Consultants, Inc. and USATREX International Inc. reserves the right to refuse admittance and/or refund payment without explanation.

  • Attendance is limited and reservations are necessary. Cost for attendance will be $600.00 per person, $200.00 for second person from the same organization. Reservations are available on a first come-first serve basis. A standby list will be established in the event there are cancellations.

  • The seminar will begin at 8:00 AM on all three days and continue until approximately 5:00 PM. If you plan to attend, please provide the required information on organizational or departmental letterhead, as indicated on the attached enrollment form.

  • Dress comfortably. No smoking in the seminar room. If you have any further questions, feel free to contact me at TSCI or Tom Barrett at USATREX (703) 448-0178




Tim Johnson
President

REGISTRATION FORM
TSCM/POPI SEMINAR
McLean, VA
17, 18, 19 June 1996



  To register for the Technical Surveillance Countermeasures / Protection of Proprietary Information Seminar, to be presented on 17, 18, and 19 June, 1996 in McLean, VA. please provide the following information on Corporate or Department Letterhead to
Tom Barrett
USATREX International, Inc.
1953 Gallows Road, Suite 810
Vienna, VA 22182-3934
(703) 448-0178
Fax (703) 448-1422

  A signature is required and indicates attendees are aware that transmitters, listening devices and/or video equipment may be activated without their immediate knowledge for purposes of demonstration.
TSCI and USATREX International reserves the total right to restrict admission. Requests will be reviewed and attendance is limited primarily to local, state and federal agencies/ law enforcement organizations and corporate security personnel. Seminar fee is $600.00. 2nd person from same organization $200.00. Please contact TSCI and USATREX with your intentions as soon as possible as spaces are limited.
NAME______________________________
TITLE______________________________
ORGANIZATION______________________________
ADDRESS______________________________
CITY, STATE, ZIP______________________________
Telephone______________________________
Number attending______________________________
SIGNATURE(Required)______________________________