Wisdom is not bought. I have some rather disturbing news to pass on. Recently, I've received several calls from Security Directors/Managers as a result of THE EXECUTIVES of their companies having concerns regarding certain aspects of corporate security. Some of you must be doing something right. A couple of inquiries had to do with the potential for eavesdropping on cellular conversations while another dealt with in house security of the communications system(s). Both these subjects have been discussed in past issues of the TSCI Newsletter: with this issue, I'll be able to make available (see below) a report dealing with mobile telephones. The video "Is Somebody Listening" also contains a segment addressing the threat. Regarding mobile (or cellular) communications, I have an article written by Bob Runyon of Albuquerque which does a very good job of addressing some of the vulnerabilities of mobile communications. The article was published about a year and a half ago by Days Communication Inc (Police and Security News) of Kulpsville, PA. Al Menear, the publisher, has graciously consented to the reproduction of the article in its entirety for those of you who might be interested. As always, there is no cost involved in acquiring a copy, other than a phone call or a letter of request. Zymurgy's First Law---Once you open a can of worms, the only way to re-can them is to use a larger can. For the aspiring authors, Days Communications is interested in an article which would outline the process involved in an individual transitioning from the public sector (local, state and federal law enforcement) to the private sector (corporate or private). His publication is widely read by both rank and file and management level in law enforcement organizations and many corporate organizations. Send articles to PO Box 330, Kulpsville, PA 19443 or contact Al at 215-538-1240 for additional information. Rogers' Observations---In a bureaucratic hierarchy, the higher up the organization, the less people aspire to Murphy's Law. What you say in private is your business. Keeping it private is ours. ©1987 Does anyone out there know anything about a device which can be attached to a private line and will give a digital readout of the calling number. I know the telephone company in New Jersey is making this capability available to their customers but the equipment requires interface with telephone company equipment. I believe I read or heard something along the lines of the independent device a couple of years ago, but it may have been the telephone company device. Any information regarding this aspect would be appreciated. It is a newspapers duty to print the news and raise hell. Chicago Times 1861 FYI Some of you in the Southwest are aware of my availability for speaking at ASIS meetings, as well as other functions, on the subject of electronic countermeasures and related positive applications. In most instances, the Southwest doesn't present any problems with scheduling and I am able to absorb the cost of travel. For those of you in other locations around the country, contact me regarding availability. My increased travel requirements may put me at your location when you're scheduled to have a meeting; if so, it would be my pleasure to stand in. The presentation can be tailored to your requirements, but generally includes a slide presentation and display of readily available devices. Questions and answers are handled throughout the presentation. These presentations are general in nature and, of necessity, are limited to approximately 45 minutes to 1 hour. (That's all the time most of us can afford to spend at the monthly ASIS luncheon presentation.) Recently, I have been providing three hour presentations at training sessions geared toward executive level protection/corporate security. The subjects, again, are primarily electronic countermeasures and positive applications of intelligence gathering, but are much more in depth in which equipment is demonstrated and specifics are provided. If you wish further information on the above, contact me. You are the sunshine of my life, that's why I'll always stay around. Recently, a Corporate Director of Security asked me to look at the security associated with their communications system (telephone). He felt there were problems, but wanted an outside opinion. A two or three hour walk through, while gathering information for a proposal for future countermeasures work resulted in the identification of a number of problem areas. Check your physical security. In most instances, control to telephone rooms, switches , computer rooms, etc. is superb. Access is controlled by card or key, programmers are regulated by password. But many of you are leaving one of the most vulnerable areas unsecured, the basement frame room. Quite often, the doors are propped open or secured with a low security lock. These are the areas where many eavesdropping attacks have been discovered, not to mention the potential for total disruption of your communications by a disgruntled employee or wacko. In a hierarchy, every employee tends to rise to his level of incompetence. Arizona Republic 2 April 1989--- Dateline Cincinnati----Fired phone company employees in Cincinnati claimed to have placed 1200 illegal wiretaps between 1972 and 1984. These were allegedly on orders from city police as well as phone company supervisors. The activity began in 1972 when a police sergeant, asked for assistance in placing a tap which he assured was legal. In the mid 70's, it appears the requests no longer came from the police but directly from phone company supervisors and changed from the criminal element and changed to phones of politicians, business executives and police officers. It is even alleged an attempt may have been made to tap the line of a telephone in the room of then President Ford during his visit to Cincinnati. Bucks County Courier Times January 13, 1989---Dateline Bordentown Township, NJ The owner of a Ford dealership admitted to bugging the office of his former partner in an Oldsmobile dealership. According to the article, the owner of the Ford dealership eavesdropped on conversations of his former partner and attempted to extort $9000,000.00 by threatening to make public recorded tapes. (The Oldsmobile dealer admitted they would have hurt his business if they had been made public.) Bucks County Courier Times 15 January 1989 --- It just went to hell in a hand basket for the Ford dealer, (See above) The local police seized 1/2 pound of alleged marijuana, $5000.00 in cash and a small arsenal consisting of 5 pistols. The marijuana and drug paraphernalia was located during a search for eavesdropping devices. Oregon State Barometer Dec 2 1988---The United States took its case against the Soviet builders of our Moscow embassy to Arbitration, asking the Swedish Chamber of Commerce to act as arbitrators. Is a change of venue in order for the Soviets now that a bugging device has been found in the Swedish Ambassadors residence in Moscow? It appears the device was installed when the building was built in 1971. Talk low, talk slow, and don't say too much. More countermeasures training/briefing information 5. Devices 5.1 Device Selection In Section 2.2, an Option Sequence was set forth leading us down to the point where, based upon the intelligence gathered during the Target Analysis, we must now commit our self to the selection of the device(s) upon which we must depend. Within this Section we are going to look at various methods of attack, that is, the device(s). We will not at this time, begin to explore the esoteric electronics of the various devices. We will, however, examine the pros and cons involved with each selection. We will attempt to discuss these methods of attack in a broad way, weighing the advantages against the disadvantages. Early in this text it was said that the ideal method of eavesdropping was to be physically present during the discussion of interest, and still, we did not want to be detected; therefore our physical presence was ruled out. That would be possible only if we share the secret of Lamar Cranstom (The Shadow). Alas, lacking that talent, the next best thing to being there is to have placed the most basic of eavesdropping tools...the mic and wire run. 5.1.1 The Mic & Wire Run Advances in technology have greatly altered this simple approach. Not only are microphones available today that are unbelievably small, but transmitting wire as thin as a single strand of hair from your head is now available. It is virtually invisible to the eye and can be concealed in the cracks between the boards or tile on a floor. It can disappear into the minute crack existing between the baseboard and the wall. Microphones, either directional or non-directional, are no longer huge...extremely high fidelity microphones smaller in diameter than a pencil eraser are commonplace. It takes a great deal of time to properly install and conceal any microphone and, if one chooses to install the fine wire runs, great care must be exercised to avoid breaking the wires during the concealment process. Another disadvantage is that, unless one wants to run the transmission line into an RF Transmitter, install one or more line boosters, etc., the listening post must be close by. There are other methods to employ the microphone as your eavesdropping choice, among them would be tying the transmission line from the microphone to some fortuitous path. Perhaps excess wiring among the utility lines or, more commonly found, excessive and unused telephone wiring. Still, unless the listening post is nearby you will be forced to employ line amplifiers along the path. 5.1.2 R.F. Transmitters By far, the most popular choice of "bugging" any office. There are any number of potential frequencies available. The signal may be modulated in many many ways and combinations. Various esoteric techniques are possible, ranging from burst transmissions, to spread spectrum signals or swept frequencies. Simple frequency modulated or amplitude modulated signals might be "snuggled" with legitimate commercial signals; that is, transmitted at a frequency extremely close to the legitimate broadcast and at a signal level so weak in comparison that it is easily missed during any countermeasures effort. The transmitting devices available today can be easily acquired, simple devices such as "wireless FM microphones" which are legally sold over the counter in many electronics stores. They can also be extremely complex, easily concealable because of their small size. The devices can be hidden in the barrel of a fountain pen, in some office artifact, within a block of wood made to appear as a part of the furniture. The ways in which to hide an RF Transmitter are virtually limitless. Even though RF transmitters are often the first choice, they are not without their problems. There is the need to limit the output of the device in order to make its detection as difficult as possible. But even when reducing the signal output, you must still have enough power to receive it at the selected listening post. This means that one must carefully evaluate free space loss, building construction and other factors pertaining to signal attenuation. The necessary power to drive the device must be determined. Do you utilize batteries and risk having to replace them on a frequent basis or do you install the device in the existing AC wiring and risk its detection as a result of continued power drain. 5/1/3 The Carrier Current This attack has certain advantages since you can employ the existing AC poser lines within the targeted area. This approach has been used successfully in the past but is not frequently employed today. It is a rather easily detected attack, requires time to install and, of greatest concern, you must have your listening post close by. The signal imposed will not couple across a power transformer and so you will be required to set up the listening post on the same side of the transformer as the target, usually within the same building. 5.1.4 The Telephone Compromise Without doubt, the telephone represents the greatest threat to security (in terms of audio security) there is. To begin with, a telephone is generally found at or near the conversational center of the target area. It provides the would-be eavesdropper with all the necessary components (microphone, power, transmission path, etc) needed. One has the choice of performing any number of modifications to the instrument or tapping the lines, the difference being, of course that if you elect to "tap" you are going to limit yourself to eavesdropping on on-going and in-coming telephone conversations only. By modifying the instrument you will be able to pick up in house conversations while the instrument is in an "on-hook" condition. The only disadvantage is that you must be able to establish access to the instrument and/or frame room. 5.1.5 Other Attacks Let you imagination run wild...Laser attacks? Light attacks? The use of these will depend upon the Target Analysis you have accomplished. Also, many of these attack methods, while technically possible, are not practical and/or give less than desirable results. 5.1.6 It is a fact in government service that, if you have something secret to communicate, do not use the telephone. If it is essential to use a telephone, then messages should be encrypted AT THE TELEPHONE, and deciphered likewise at the recipients telephone. First, scrambling and speech inversion devices are relatively easy to "de-scramble". Beating the voice frequency with an audio oscillator often achieves this. Secondly, even the fairly sophisticated encryption systems can usually be broken given enough time, a suitably powerful computer and expert, experienced personnel such as are available to government or military authorities. Ultimately, the only positively unbreakable "codes" are those based on the one time pad, supposing the pads are truly random. Thirdly, even the most sophisticated telephone encryption system can be defeated by the cheapest, simplest eavesdropping device placed on the speaker prior to the encryption, such as a drop-in transmitter, to replace the existing telephone carbon microphone. Dear Security Professional, I am including the following questionnaire in an effort to better determine your (industry's) needs in the area of electronic countermeasures. Information provided by you and pertaining to you or your company is for use by TSCI alone and will not be made public in any way other than in a future issue of the TSCI Newsletter the overall results of the survey will be printed for your review and will consist of the number of questionnaires mailed, the number of replies and the types of replies. If the results of this questionnaire are what we hope they will be, future surveys will be performed addressing other aspects of security, soliciting questions from you, with the final results again being passed on to you.
|