Copy Link
Add to Bookmark
Report
COMSEC Letter 1984
COMSEC LETTER
Editor: James A. Ross
Yogo 0
1984
COMSEC LETTER
The ComSec Letter was started in 1984, The Year Of George
Orwell, by Jim Ross. Initially it was mailed at no charge to
everyone on his mailing list, and it was later offered by
subscription. After the founding of the Communication Security
Association, the letter became its official organ. In 1989 the
association decided to create a new organ, Comsec Journal; and,
in order to minimize confusion, the name of this letter was
changed to Surveillance.
What follows is an edited version of the contents of one
year of the letter. (The letter has been edited to remove
topical, superfluous, and outdated items.)
Ross Engineering, Inc.
7906 Hope Valley Court
Adamstown, MD 21710
Tel: 301-831-8400; Fax: 301-874-5100
January, 1984
WELCOME!
This is the first of what we plan to be a monthly letter on
the subject of communications security. The fact that you have
received this first letter indicates that your name and address
somehow found its way into our mailing list. If you do not wish
to receive future editions, please let us know, and we'll remove
your name.
By the way, if our changeover to a computerized system has
mangled your name or address, please let us know, and we'll
correct it.
PURPOSE
The purpose of this newsletter is to provide accurate
information on private and commercial (not government)
communications security.
SUBJECT MATTER
Our prime area of interest is communications security. The
emphasis will be on electronic communications systems and the
protection of the information that they carry; but, with the
proliferation of intrusions into computers we'll also be
addressing the problem of protecting stored information. As a
matter of fact, our overall interest is in the protection of
information and privacy protection regardless of the method used
to collect information.
CONTENT
In these letters we plan to include topical information on
products and techniques, answers to questions submitted,
announcements of coming events, and reviews of books and
magazines. In addition to providing this business and technical
information, we'll also be advising you on services and products
available from Ross Engineering.
Feedback from you is encouraged. If there is an area of
particular interest to you, or any error (heaven forbid!) that
you want to call to our attention; please write or call. We are
trying to be a source of accurate, detailed, and unbiased
information in a technology which has had more than its share of
misinformation disseminated.
ADDITIONAL PROJECTS PLANNED
Naturally, we cannot do everything at once, but we have
plans to update and correct the reports which the government has
issued; to write a series of technical essays, and, in general,
to try to be a clearing house for information on this technology.
DEFINITION
Having said that we intend to be a clearing house for
information on this technology, let's try to define the
technology that we mean. What exactly is it? Well, for
starters, it has to do with the collection of information. Some
people use the term "Industrial Espionage" but that's not good
for two reasons. First, the word "industrial" seems to limit our
scope to manufacturing firms, and we are definitely not limited
in that way. Second, the word espionage refers to the collection
of information by clandestine means and usually brings up the
image of government vs. government spying, and our field is
private and commercial spying. (Governments have such
unbelievably vast resources available to them, that they exist in
a different world, in our opinion.) Because the principle
contributor to this newsletter is a man who has spent over forty
years working in, studying and teaching communications and
electronics, this publication will be heavily oriented toward
communications and electronics.
The following words, which have been used to describe our
countermeasures seminar, should give a feel for the technology we
are addressing: Technical Surveillance; Electronic Eavesdropping;
Industrial Espionage; Audio Surveillance; Electronic Spying.
However, we are interested in all means of collecting information
and we plan to present information which we judge to be of value
to our readership regardless of whether it relates to electronics
or not.
QUESTIONS AND ANSWERS
Having just completed a countermeasures seminar here in the
Washington area, some questions which were asked at the seminar
are fresh in our minds, so we might as well kick off the
"content" part of our first newsletter with some answers to
questions.
Q. How often do you find something really sophisticated?
A. If you mean 21st century Buck Rogers equipment, the
answer is we have not yet found anything in that category. We
are, of course, aware of some exotic equipment and techniques,
but we work in the commercial arena and we have not yet faced a
situation in which the enemy would have conceivably committed
resources of that magnitude.
However, as an engineer, I feel that the really elegant
systems are the very simple ones, such as the speaker of the
speakerphone being connected to a spare pair leading out of the
target area to the telephone closet. (That's the one that I
described to you which was installed in the CEO's office and
conference room in the company which lost $200,000,000 in
competitive bids in one year.) Taking advantage of the fact that
many spare pair are normally available from the target area to
the telephone closet, in my opinion, makes good sense. Also, the
Ma Bell equipment is of very high quality, so why not use it?
And the total cost to the bugger for equipment in the target area
was zero.
Q. Don't you think that the best people to find a bug are
people who have experience in planting them?
A. It is true that a man who has had experience in planting
bugs will certainly know some good places to look, but the most
valuable "looking" is done using sophisticated instruments and
the most important characteristic of the "looker" is that he
understand electronic communications and how to use these
instruments. Saying that a person should have "black bag"
experience before he works in countermeasures is like saying that
no surgeon should work on a bullet wound until he has shot a few
people; or no detective should investigate a rape until he has
raped a few people!
Q. Can you provide a checklist to be used to ensure that all
necessary checks are made during a specific TSCM activity?
A. No, because we believe that each TSCM activity starts
with the assessment of the threat and the development of the plan
for that specific job.
For example, when checking offices in a multi-tenant
building, it is usually very important to emphasize the physical
search, looking for hidden microphone and illegitimate conductors
leading out of the target areas because it is a simple matter to
conceal wires under a carpet and run them to a listening post in
another part of the building. In contrast, we recently did a job
in which the target area was all of a luxurious home which was
well isolated from other buildings and located on the waterfront.
In order to run wires to a listening post the bugger would have
had to bury them by trenching through a beautifully manicured
lawn, so, in this case, we did not have to spend time searching
for extra wires leading out of the target area. Instead, we
concentrated on looking for irregularities on the connecting
blocks and checking power lines for carrier current
transmissions.
Also, in a multi-tenant building it is usually important to
perform many audio conduction tests -- are there audio paths
which conduct target area audio to some place which could be used
as a listening post? In the case of the home mentioned above,
there was no possibility of the listening post being located in
the same building, so we did not perform any audio conduction
tests.
However, we do plan to put together some kind of a
comprehensive outline of the various countermeasures procedures
and try to develop a matrix to indicate under what circumstances
each activity is indicated. I used the word "try" advisedly --
this is a big undertaking and we are not going to put something
out which is not complete because "a little learning is a
dangerous thing".
Q. Can you recommend a good book which will help me get
started in studying electronics as it relates to eavesdropping?
A. When this question was asked at the seminar, we thought
of the textbooks that we used in teaching the electronic
technician course at Capitol Institute of Technology; but we
could not recommend this approach because the technician course
is one year in length with two hours of class and two hours of
lab each day, four days per week. Someone planning to study the
subject on a part-time basis while he holds down a full-time job,
can't possibly go through this much material -- so we were unable
to provide a good answer at the time.
Now, however, we think we can name two books which should
provide a good start. Both of these books have been prepared by
the Texas Instruments Learning Center, and they are both
exceptionally well done. In my opinion, you should be able to
get as much as you want out of them -- that is, if you want to
skim, you can get the essence; but if you want to dig, full
technical detail is provided. Further, the books have a lot of
practical content; and, most important, they are totally free of
the misconceptions and technical garbage which characterize most
of the older material.
The titles are: Understanding Telephone Electronics, and
Understanding Communications Systems. They are available at $6.95
each by mail from:
Texas Instruments Inc., Box 3640, MS 54, Dallas, TX 75285.
If you can find them, the same books are sold by Radio
Shack. We paid #3.49 for the telephone book and $2.95 for the
communications book.
TI also has many other titles in its "Understanding" series.
You might find some of the others to be interesting as well.
Good Luck.
NEWSPEAK
Newspaper Headline: Cease Fire Holds Despite Sniper Fire.
TOO CRITICAL?
My partner in Pegasus Industries, Inc. says that I'm too
critical of the material which has been published. He may be
right, but I believe that when a person holds himself out to be
an expert, he should be super careful about his pronouncements.
There is nothing wrong with not knowing everything (most of us
are in that situation), and there is nothing wrong with making an
error (the only people who don't make errors are those who don't
do anything); but there is something wrong when a person, who
says he is an expert, demonstrates, time and again, a basic lack
of understanding of the subject matter. Lest I be misunderstood,
let me amplify my thoughts. I believe that the professor who
would criticize a student for a lack of knowledge or
understanding has no place in the teaching profession. I have
never in my life uttered a critical word to a student (or to a
colleague) who expressed ignorance regarding some point. Such
activity, in my opinion, is destructive of the learning process,
cruel, unfair, stupid, demeaning, diminishing, and a few other
things.
My criticisms are reserved for self-styled experts who
expound on subjects that they do not even understand.
Specifically, I am referring to whoever first referred to a
"resonant" ringer instead of a microphonic ringer in a telephone.
I am referring to the person who first described what he called a
capacitive tap. I am referring to the first person who explained
the operation of an ultrasonic motion detector by saying that
standing waves are set up in the protected area. I am referring
to the first person who decided that telephone lines have a
characteristic impedance.
These people, and others of their ilk, have caused untold
confusion, because well-meaning folk have studied their errors,
silly ideas, and idiocies; memorized them and passed them on to
others who have studied them, memorized them, and passed them on,
etc.
(Complete explanations on these things, and more, will be
coming along in the series of technical essays which are in
preparation.)
I have respect for the experience that some of these authors
have -- they can offer us so much of great value. For instance,
I just finished reading a book by a man who had ten years
experience as an investigator, and some of his comments about
equipment used, procedures, etc. are immensely valuable.
However, when he attempts to explain the workings of some of the
electronic equipment that he has used his explanations simply
don't make sense. Too bad.
February, 1984
AH HA!
Our very first letter proved two points: 1) we're not
perfect,and 2) some people do read this letter. For all who
wondered, the address for the Security Journal is Box 15300,
Washington, DC 20003. Again, when you contact the editor, Robert
Ellis Smith, tell him Jim Ross sent you.
RELIABILITY
During the seminar, one of the discussions which always
takes place is a survey of what should be the characteristics of
a countermeasures service firm, and we normally start off with
adjectives such as ethical, technically competent, properly
equipped, etc. However, I personally think that reliability
should be near the top of the list. If your countermeasures
contractor says he'll be there at 10 AM on Saturday, he should be
there at 10 AM on Saturday. If he says he has inspected twelve
telephones, you should have total confidence that he has
thoroughly inspected all twelve telephones.
QUESTIONS AND ANSWERS
Q. What periodicals do you read?
A. When this question was asked last year by a retired
government technician, he gave the impression that he thought
that all qualified countermeasures practitioners should read
Telephony. In any event, the question piqued our curiosity so we
began to note the names of the publications which we normally
receive and read, and we were really astounded at the result of
our informal survey.
Before listing the publications, we must point out that we
do not read every word in every publication. In fact, we have
already decided that there are many of these periodicals that we
will not renew because they are not worth the time to even leaf
through. Some of the publications listed are paid subscriptions,
some are qualified subscriptions, and some have been provided to
us for review.
Listed alphabetically, the communications-electronics and
security (non- news, non-business) periodicals which we have been
reading are:
ASIS Dynamics, Assets Protection, Computer Decisions,
Computer Security Alert, Corporate Crime and Security, CQ,
Cryptologia, Data Communications, Defense Electronics, Electronic
Design, Electronic Imaging, Electronic News, Electronic Products,
Electronic Warfare Digest, Electronics, Fraud & Theft Newsletter,
High Technology, Industrial Communications, Integrated Circuits,
Investigative Leads, Journal of Security Administration, Law and
Order, Law Enforcement Communications, Law Enforcement News,
Microwave Systems News, Microwaves & RF, Monitoring Times,
National Centurion, PC, PC World, Personal Communications,
Personal Computing, Photonics Spectra, Police and Security
Bulletin, Police Newsletter, Popular Communications, Privacy
Journal, Private Security Case Law Reporter, Professional
Protection, QST, Radio Communications Report, Radio Electronics,
Security Dealer, Security Law Newsletter, Security Letter,
Security Management, Security Systems Administration, Security
Systems Digest, Security World, 73, Signal, Systems and Software,
TAP, Technology Review, Technology Today, Telecommunications
Week, Teleconnect, Telephone Engineer and Management, Telephony,
The Tortoise Report, and Washington Report.
All in all, we think that this is quite a list, and rereading it
reinforces our belief that we did the right thing in ordering a
rapid reading course!
To get back to the question which started our research: Yes, we
do read Telephony, and we also read Telephone Engineer and
Management which is very, very similar. These magazines both seem
to be addressing themselves to telephone company decision makers,
but their classified sections are full of help-wanted ads for
cable splicers and installers. Regardless of their intended or
actual readership, we find a lot of interesting material in the
ads and in the new product announcements. (Most of this material,
unfortunately, does not relate to countermeasures.)By the way, in
our opinion Teleconnect is much more fun to read, and more
informative in many ways.
INTERESTING NEWSLETTERS
The Washington Crime News Service publishes several
interesting newsletters including Security Systems Digest and
Computer Crime Digest. For a complete list, and maybe some
samples, contact Betty Bosarge, Washington Crime News Service,
7620 Little River Turnpike, Annandale, VA 22003. Tell her Jim
Ross sent you.
BOOK REVIEW
This book was recently advertised in a national publication,
and sounded interesting so we bought it.
How to Avoid Electronic Eavesdropping and Privacy Invasion
William W. Turner. Paladin Press. Copyright 1972. Perfect
Bound. 192 pages. $9.95.
The back cover of this book says that the author was a
special agent with the FBI for ten years, graduated from their
"Sound School", and handled wiretapping and bugging assignments.
The content of the book demonstrates that the author has much
experience which could have been the basis for an interesting
book on the equipment, techniques, and practices with which he
was familiar. In addition, he probably could have told many
meaningful and engrossing "war stories" without endangering
sensitive information; but, sad to say, there are only brief
references to his experiences and a few revelations as to FBI
parlance.
Instead of a book of real, practical information based on
experience, the publisher has produced a book with two
outstanding flaws: first, there is a lot of "filler" material,
and, second, the author tries to explain how some electronic
systems work without knowing how they work.
The most blatant filler material is one section of 28 pages
which is merely a reprint of Title III, PL 90-351, and a full 50
pages of a verbatim copy of the detailed report of a man who was
working under cover as a gofer and clerk within a drug company in
order to collect information on that company. This section
contains painfully detailed reporting, but little which relates
to the title of the book, viz,
"8/18/65 I was ill and didn't work today.
8/19/65 This was a rather slow day here. We had only one
shipment come in, containing over-the-counter items and
cosmetics. Enclosed is the label......"
To a professional communications-electronics engineer, one
jarring feature of this book is the author's incorrect use of
electronic terms which have precise meanings. My feeling is
that, if you do not have any education in electronics, you'll be
bamboozled by the technical misinformation; and if you do have an
education in electronics, you probably don't need this book.
TRUTH IN ADVERTISING?
The Washington Post and other prestigious newspapers
continue to run ads for a tap detector which will not detect a
simple $15 tap and a bug detector which will not detect a $20
bug. Can it be after all these years that they still don't know
that these gimcracks don't work, or is it that they are more
interested in the ad revenue than they are in the truth?
March, 1984
FEEDBACK
The prize for the first feedback on our letter # 2 goes to
Doug Kelly, who said that he liked # 1 better than #2. His
comment caused us to take a critical look at #2, and we found
that we agreed. Too negative. Like it was written by some old
sourpuss, mad at the world.
Thanks for your comment Doug. We're going to make a real
effort to let the real Jim Ross with his very positive attitudes
shine through better in the future.
HITS
We cannot testify to the accuracy of any of these reports of
espionage and successful countermeasures activities -- we just
pass them on as items of interest.
After our first issue which contained a comment about the
speaker of a speakerphone being connected across a spare pair, we
got a call from a fellow in Texas who said he'd been in the
countermeasures business for six years, and had never seen that
compromise until the previous month, when he found two!
We also received a call from Arizona which reported that an FM
transmitter had been found in a Sheriff's telephone along with a
hook switch defeat system.
Last, but not least, a "usually reliable source" reports
that a compromised telephone instrument was detected in a high
level office of a petrochemical company which was the target of
an acquisition effort. He also said that detection of throwaway
transmitters in hotel rooms which had been selected for
negotiations resulted in their hiring guards to be sure the rooms
stayed "clean".
REBUTTING THE REBUTTAL
Recently Security Management carried an article by Doug
Kelly on the subject of debugging in which he set out some
guidelines relating to "sweeping". In the February issue of the
magazine is a letter offering a few unsubstantiated opinions to
correct "errors" in the article.
There is not enough room here to comment on all of the
pronouncements in this letter so let's concentrate on one of the
letter writer's opinions, namely that a spectrum analyzer "lacks
sensitivity and low frequency coverage" and should be used only
in conjunction with a countermeasures receiver.
First, the Texscan AL51-A can be tuned down to 20 KHz, and
we really can't imagine anyone building an RF bug to transmit
through free space at this low a frequency. The antenna would
need to be a city block or two in length; the final tank, in
order to get a decent Q, would need a coil as big as a barrel;
and if the Q were too low, we'd have harmonics which would
probably lead to accidental discovery of the bug because of
emissions in a broadcast band. In other words, a bug for
transmission through free space would be very impractical because
it would be very large and, therefore, hard to conceal.
But how about carrier current, the transmission of RF energy
over existing lines (power or telephone)? To check for this type
of threat Doug Kelly uses (and we use) a carrier current detector
that tunes from about 10 KHz to over 700 KHz, so if the bugger is
using carrier current we have the means to detect his signal.
The letter writer's other criticism of the spectrum analyzer
is that it is not sensitive enough, so let's look at some real
numbers and do some simple math. The analyzers that are used in
countermeasures operations are normally the rugged portable units
such as the Texscan AL-51A, the Cushman CE-15, and even the
Motorola Service Monitor R-2200. These units have sensitivities
ranging from about 0.5 to 1.5 microvolt, depending on frequency,
type of modulation, bandwidth, signal-to-noise ratio, etc. (This
sensitivity rivals that of most surveillance receivers.)
If any of these units is operated properly in the search for
an RF bug, it will probably be within a few feet of the bug
during the spectrum analysis -- let's say, to be very
conservative, the antenna will be within ten feet of the bug
while the operator searches the spectrum. The listening post, on
the other hand, will be well removed from the target area in the
normal case. Let's say, to make the numbers easy, that it is
either 100 feet away or, more realistically, 1,000 feet away.
Maxwell's equations tell us that the far field diminishes as the
square of the distance from the radiating antenna, so the field
strength at the two possible listening posts will be 1/100 or
1/10,000 of its value at the spectrum analyzer. To translate
these voltage ratios into dB we use the formula: Ratio(dB) = 20
log V1/V2. This computation tells us that we have either a 40 dB
(listening post 100 feet away) or an 80 dB advantage (listening
post 1,000 feet away) over the bugger. With this kind of an
advantage, it doesn't matter if the bugger's receiver is one or
two dB more sensitive than our spectrum analyzer; and, of course,
with a 40 or 80 dB advantage, the TSCM technician doesn't need
the additional one or two dB gain in sensitivity that he might
enjoy if he lugged along a surveillance receiver on every job.
N.B. These paragraphs have addressed only the letter
writer's contention that a spectrum analyzer lacks sensitivity
and low frequency coverage. The many other positive positions
taken by the letter writer are deserving of similar analyses, but
they will have to wait.
QUESTIONS AND ANSWERS
Q. When you are checking for a radio bug with the spectrum
analyzer, why don't you just use the audio output of the spectrum
analyzer and look for the audio feedback whistle?
A. Quickly tuning through the spectrum with the spectrum
analyzer demodulating each signal is a possible fast method of RF
bug detection, but it has a few drawbacks. First, if the bug is
using modulation on a subcarrier which is modulating the main
carrier, you will not get any audio feedback because the
unmodified analyzer is not capable of double demodulation. Next,
I believe that it is possible to tune through the signal from a
nearby bug without creating audible feedback. Also, the Texscan
gives you the option of either narrow band FM or AM detection and
it is possible to demodulate FM with the switch in the AM
position; but the converse is not true -- so you would have to be
continually switching from one detection mode to the other as you
tuned through the spectrum. Last but not least, the AL-51 has a
characteristic rattle when the audio gain control is turned up
too high while in the FM detection mode. This rattle (high
pitched motorboating) can easily be mistaken for audio feedback
oscillation. For all of these reasons, I do not use this
technique when looking for an RF bug.
Q. What are the specs on that AIWA TP-M7?
A. It's really a good thing that we do not normally accept
the claims made by salesmen, or we would have answered this
question incorrectly. By actual measurement, we got 17 minutes
on one side of an MC-30 microcassette, and exactly 30 minutes on
one side of an MC-60 with the AIWA operating at 2.4 centimeters
per second. If you were to operate it at 1.2 cm/s, you should
get double the above recorded times. (We haven't measured it,
but we have the feeling that the recorder is slightly more
sensitive at the higher speed.) Don't forget that if you use the
SLSS (Sound Level Sensing System), the tape will only be running
when there is some input above the threshold level that you set;
and, therefore, you can expect one tape to cover many hours --
depending on sensitivity setting, level of background noise, etc.
Q. How much do you charge for your TSCM services?
A. The amount charged for our services depends on a lot of
things, but a good estimate for an average job would be $300 per
room and $100 per telephone instrument. After we have computed
the "ball-park" figure using this simple formula, we modify it
based on factors such as: is the job a continuing effort or a
one-time affair; is it a residence or business; an isolated,
protected building or part of a multi-tenant building; etc. We
do not charge by the hour -- too much temptation to stretch it
out, and too much temptation for the client to try to rush us.
Usually we quote a $500 minimum for a local job, and a $1000
minimum on a job which requires extended or overnight travel.
Q. Our company is considering the purchase of encryption
equipment to protect data and facsimile transmissions. Can you
provide a list of vendors?
A. This is a field which is changing rapidly, and a full
answer to your question is not possible in a few words. However,
there is a good report available which provides copious detail on
established manufacturers of voice scrambling and encryption
equipment. This 182-page report, Who. What and Where in
Communications Security, is available at $75 from us or from the
publisher, Marketing Consultants International. (If you are a
consulting client or seminar participant, your special price from
us is $50.)
BOOK REVIEW
BASIC ELECTRONICS THEORY -- with projects and experiments
Dalton T. Horn. 532 pages. Hard cover. Copyright 1981. Tab
Books #1338. Tab Books, Blue Ridge Summit, PA 17214. $19.95.
A self-study text on electronics should presume no knowledge
of the subject matter on the part of the student, and should lead
the student slowly and carefully along. This book does just
that. It does not use any complicated mathematics which means
that some of the explanations are quite simplistic and
incomplete, but at least the reader does not have to struggle
through math that he does not understand. (In our opinion there
is nothing wrong with this approach if the student recognizes
that, if he wishes to advance to a level higher than technician,
he'll have to spend time learning the necessary mathematics in
order to be able to profit from the more advanced books in the
field.)
In looking through this book, we found no real errors. --
That may sound like a left-handed compliment, but it wasn't meant
to be; some of the technician-level books currently in print are
loaded with errors!
The only criticisms that we have are that the author used
the word "bridge" the way telephone company people use it rather
than the way it is used in electronics (see our glossary); and,
for some reason, the electret microphone is not listed in the
section on microphones.
Other than those two minor items, we found the book to be
excellent for its intended purpose. It provides a nice blend of
practical content (pictures of components, simple projects and
experiments) with fairly complete technical explanations of how
things work. The author covers all standard components including
vacuum tubes and solid state devices, and even briefly goes into
how stereophonic sound is transmitted and received, TV, and even
a short section on digital computers.
If you are just getting started in electronics, we recommend
this book.
SECURITY LETTER
Robert McCrie is the editor of Security Letter, an excellent
publication which is currently offering (until March 31) a
special rate to new subscribers. Address: 166 East 96th St., New
York, NY 10128.
TELEPHONY
Something striking happened in 1983. For the first time
since this seminar program started in 1977, phone companies began
to send people to our seminar -- where we discuss, among other
things, tapping telephones, how it's done, and how to protect
yourself.
In an effort to reach more phone company people we began
sending news releases to Telephony magazine, but they never ran a
single word about our activities. (Ours, by the way, is the only
seminar on this subject which is a seminar, and not a pitch to
sell equipment.) So we asked the editor why his magazine had
never run any information on our seminar, and he responded that
the magazine is telephone company specific and tapping telephones
is something which relates to industry as a whole!
Considering the number of telco security people who have
attended our seminar, we wonder if his subscribers feel as he
does. Oh well.
COMMENTS AND QUESTIONS
The main purpose of this letter is to shed some light on an
area of communications technology which has suffered too long
from the lack of light, and your comments and questions will help
shape its content.
April, 1984
OBJECTION!
Recently Security Management ran a series of articles on the
computer crime problem. Unfortunately, many of the articles were
written by lawyers -- and you can easily guess what their
proposed solution to the problem was. That's right: they are
proposing to enact some additional laws!
We object to this approach on principle, in general, and in
detail.
We object on principle because, in our lifetime, we have
watched our federal government legislators, time after time, try
to legislate the solution to a problem; and usually in the
process they create problems many times worse than the one they
were trying to solve. We give it as our fixed opinion that there
is a sickness in this land, the virulence of which increases with
proximity to the Capitol; and that that sickness is the ingrained
belief that the federal government can legislate a solution to
any problem.
In general we object to the tenor of those articles because
they did not even attempt to define the problem before they
proposed methods of combatting it. (There seemed to be an
assumption that the computer crime problem consists solely of
hackers gaining access to computers by telephone, and the authors
seemed to be unaware of any other facet of computer crime.)
In detail, we object because so many uninformed opinions
were offered as facts. Two of those unsupported conclusions are:
"....all indicators point to a bright future for the computer
criminal." and: "Law enforcement sources are quick to point out
that professional criminals can, in time, learn to circumvent
even the best computer security measures." We disagree. It is
our professional opinion that the indicators point to
technological developments (equipment, procedures, and
techniques) which will diminish the overall chances of success
for computer criminals. For instance, currently available
hardware includes telephone access control systems featuring
call-back to the authorized telephone number and cryptographic
systems that would take thousands of years of computer time to
break. More important, however, the computer itself is a
fantastic tool to use in innovative new audit procedures to catch
the main culprit -- the trusted company employee who has figured
out how to rip off his employer. More on this (much more) later.
Please note that we are not taking the position that no
legislation is needed. Our point here is that the computer crime
problems cannot be cured by legislation. Laws prohibiting
trespassing, theft, vandalism, conversion after trust, etc. may
well need to be broadened to include data being stored or
transmitted electronically or optically.
QUESTIONS AND ANSWERS
Q. How can you claim that your seminar is "the only seminar
on this subject which is a seminar, and not a pitch to sell
equipment"?
A. We make that claim because, to the best of our knowledge,
it is completely true.
First, our seminar is a seminar. It is not a lecture. It
is not a training session. It is not a workshop. It is a
seminar in every sense of the word. Look in a good dictionary;
or, better yet, ask some educators to list the characteristics of
a seminar. They'll tell you that it is an informal meeting of a
small group of advanced students with their professor,
characterized by a lot of "give and take" between all of the
participants.
Our seminar participants are not specialists in electronics
or communications (in eight years we've had only two people with
EE degrees); but they are senior security people -- they are
directors of security, government and private investigators,
businessmen, managers, etc. They are people with a lot of
experience, and they are advanced students in our view. The size
of our seminar group is deliberately kept to a small number, and
this old professor tries his best to keep the atmosphere informal
so as to encourage two-way communication, the key to learning.
Yes, this company does sell equipment. However, we do not
sell for any one manufacturer; in fact, we do not even endorse
the entire line from any one manufacturer. During the seminar we
make recommendations in response to specific questions, but no
effort is made to sell equipment and we sometimes have the
situation that a seminar participant will take our recommendation
and go directly to the manufacturer to order.
It is possible that one or two of the one-week and two-week
technician training courses are not pitches to sell equipment,
but that would not invalidate our statement because a hands-on
technician training course is not in any way a seminar,
regardless of what it is called by its promoters.
Do the sponsors of these other "seminars" try to sell
equipment to attendees? The literature that one of them sends to
prospective distributors says, "Remember, seminar attendees are
customers." The literature describing a Monday-through-Thursday
workshop explains that attendees who have purchased equipment may
stay over for an intensive hands-on day of training on Friday!
Yes, these companies are trying to sell equipment at their
sessions, and we do not criticize them for that. However, we are
not aware of any true seminars, other than ours, which are not
heavily oriented toward the sale of the sponsor's equipment.
Q. Why have you been reviewing books about basic electronic
theory in the COMSEC LETTER?
A. Those reviews have been included for two reasons.
First, some young folks (Have you ever noticed that some old
folks don't want to even be exposed to anything new?) have asked
for just this information.
Second, Jim Ross thinks that many people now working in the
field of countermeasures should begin to learn electronics
because they will soon face a vital life decision. Either they
are going to have to learn some electronics theory so that they
can work on new systems, or they'll have to join the charlatans
and put on a good act, or they'll have to get out of the
business. In the past it might have been sufficient to memorize
the normal connections on the network in standard telephones like
the 500, the 565, and the 1500; but we're here to tell you, in
case you hadn't noticed, things are changing! New instruments
with new features are being introduced daily. Even the AT&T
Phone store now offers equipment with new features like automatic
redialing of a busy number. (For more detail on the proliferation
of new instruments, features and systems, see the next segment,
"What's Happening?".)
WHAT'S HAPPENING?
In case you haven't looked recently, we're in the midst of a
telecommunications revolution. Divestiture, Ma Bell, Baby Bells,
LATAs, RBOCs, and so on.
Something else is happening which is, we think, of major
import to all who claim to be professionals in the
countermeasures business -- and that something is an astounding
increase in new telephone equipment and features, with more being
introduced every day. To back up that observation with some
facts, we offer the following: The February 1984 issue of Today's
Office magazine contained a buyer's guide detailing the features
of the PBXs currently available. Included were 91 different PBXs
from 26 different manufacturers!
However, it appears that the Today's Office researchers
missed a few because the March issue of Teleconnect had a much
shorter review of PBXs, which contained 9 that were not listed in
the other feature.
To further reinforce the same point, a quick survey of the
March issue of Teleconnect reveals that that one issue, in ads
and text, showed or mentioned 27 different PBXs and 56 different
telephone instruments from 36 different manufacturers.
Things are changing, and the wise will plan ahead.
HELP!
When we published a list of periodicals that we read, we had
no idea that it would generate so much response. We've had so
many requests for addresses of magazines that we can no longer
answer all of them individually, and still have time to get
anything else done. Therefore, we are mailing, with this letter,
an updated version of the flier which lists the security
publications that we offer for sale. In this flier you'll find
address lists for periodicals, membership organizations,
manufacturers, etc. If you buy the periodicals address list, and
find that we missed any that you are interested in, let us know
and we'll revise the list again and send you a no-charge copy of
the new one.
NEWSLETTER
If you work in security in an organization which has many
employees, significant assets, or the appearance thereof, Private
Security Case Law Reporter is a publication you should take a
serious look at. It is exactly what its name says, and it could
save your company a bundle by advising you of law precedents.
Contact the publisher, Richard M. Ossoff, at 1375 Peachtree
Street NE, Atlanta, GA 30309.
TIMM-2
While counselling a TSCM practitioner recently, we advised
him to look in his TIMM-2. He countered with, "I don't have one.
Where can I get it?"
We're stumped. Do you know of a source? If so, please let
us know. LEA used to sell them, but the last time I tried to
order they were out. Maybe we'll have to have some copies made
of ours and add it to the publications list.
(If you've never heard of it, TIMM-2 is a telephone
installation and maintenance manual which is extremely helpful in
the TSCM business if you are working on one of the standard
telephones.)
FEEDBACK
Your comments are solicited. Ideas for technical essays,
critical comments, questions, rebuttals, whatever. Send them
along.
Also, we'd like to hear any ideas that you may have
regarding the format (layout etc.), or anything else to make it
better.
CHALLENGE
Can you write a good definition for "tap"? No, not a water
tap; tap as we use it in our business of privacy protection.
We'll offer ours in an upcoming COMSEC LETTER, but we'd like to
hear yours -- might even publish it and give you credit in print.
May, 1984
WHY ARE WE DOING THIS?
This interesting question has been asked a few times, and
deserves an answer in print.
As we have mentioned before, the very sensitive information
will not be revealed in a general distribution newsletter -- not
because we're trying to prejudge how it will be used by our
readers. Not at all. We don't reveal everything because some of
our earnings come from consultation, and if we gave everything
away free, we'd starve. Purely practical.
But as to why we've embarked on a mission of educating
anyone interested in a field that many consider very sensitive,
let's go on record. We believe that strength comes through
education and communication is the route to education. To those
who cry, "You'll teach all those bad guys how to tap telephones
and plant bugs!", we say, "Hogwash! The bad guys already know
those things. The bad guys are totally goal-oriented, and they
have a communication system which is nearly perfect."
The level of education and training necessary to build and
use electronic equipment capable of doing a good job of bugging
or tapping is 9th grade hobbyist. If we, the good guys, are to
have any chance at all to protect ourselves, we must know what
the threats are and what the appropriate countermeasures are.
Our objective is to provide accurate, usable technical
information to anyone who wants it because we believe in strength
through knowledge. We believe that the entire ethical community
will be better off when more people understand what is really
possible in the field of technical surveillance and technical
surveillance countermeasures.
TECHNICIAN TRAINING COURSES
We have had some inquiries regarding sources of training for
countermeasures technicians so we'll relate what we are aware of,
and ask anyone with pertinent information to send it along.
First, a general comment. A person does not learn how to be
a competent countermeasures technician with a few hours of
training. In our view, education, training, and experience are
all required, and the amount of each is dependent on each
person's background. Someone with a lot of good experience in
investigations, a ham radio experimenter, some telephone people,
some military communicators, and some electronic security people
will easily learn the TSCM trade. However, we all know that some
people learn more in one year on the job than others learn in
ten, and we've all met the theoretician with a string of degrees
and no practical sense. So there are no set rules, and no
absolutes as to how much training it takes.
To try to put it into perspective, the technician course at
Capitol Institute of Technology consists of two hours of class
and two hours of lab four days each week for one full year, and
this course is not quite enough to ensure passing the test for
the FCC Commercial Radiotelephone License.
Now let's consider the training courses which are offered.
Dektor, the last we heard, offers a one-week and a two-week
course for countermeasures technicians. I have seen their
classroom and I sat in on one of the lectures. Each table seats
two students, and it looks like each table has one tool kit and
one telephone for hands-on training. Their instructional
material gives the impression that they try to start at zero and
cover all analog electronic communication theory assuming no
prior knowledge on the part of the student. My feeling,
therefore, is that they may be trying to do too much in a short
period. Dektor is located in Savannah, Georgia, and if you are
interested, contact Bill Ford or Allan Bell.
Down in Texas there is a course which looks very similar to
the Dektor course except that they take their students into the
field and show them how to enter telephone company pedestals,
etc. Our information on this training program is sketchy and
mostly derived from an article by Ted Swift who works for DEA and
moonlights in countermeasures. (See: Training Countermeasures
Specialists in the November/December 1983 Data Processing and
Communications Security magazine.) Ted's article says the
teacher is Charles Taylor, and you can reach him at Texas A & M
University.
ISA (Information Security Associates) has just announced a
four-day workshop which, again, sounds very similar to the Dektor
course. This course has not been presented yet so we have no
feedback from any attendees. ISA is located in Stamford,
Connecticut, and your contact would be Dick Heffernan or Sam
Daskam.
Jarvis International Intelligence Inc., located in Tulsa,
OK, offers an interesting array of training courses such as:
Technical Surveillance, Eavesdropping Countermeasures, Technical
Intercept, Methods of Entry, and Computer and Data Security, .
Your contact here would be the president of the company, Ray
Jarvis.
BOOK REVIEW
How To Get ANYTHING ON ANYBODY. Lee Lapin. Copyright 1983.
Auburn Wolfe Publishing, 584 Castro St. #351, San Francisco, CA
94114. $29.95 plus $4.00 P & H. Toll free order # 800-345-8112.
This perfect bound, 264 page, 81/2 x 11" book is a good
source of information. It is written in a flippant and
irreverent style, but it contains a tremendous amount of
information which can be of great value in two different ways.
First, if you want to "get" something on somebody, it might tell
you how; and, second, if you think you have to protect yourself,
this book might give you an idea of how someone might attack your
privacy.
Don't believe all of the promotional material (including
some in reviews). The "undetectable" bugs are not undetectable,
etc. In fact, don't believe everything in the book. Some of the
equipment touted is pure junk; the analysis of lie detection
methods and equipment varies from insightful to simple
recitations of some extremely shallow and unscientific "studies";
some of the conclusions stated as facts are questionable, and so
on.
Regardless of its shortcomings, however, we like its style,
and are really impressed with its content. Those portions
dealing with our specialty, even with the obvious errors in
theory and equipment evaluations, are probably of more value than
the government reports which cost us taxpayers millions of
dollars.
It's worth the price.
KUDOS
A couple of times we've been critical of the content of some
material published in Security Management so it's only fair that
we also sound off when they do something worthy of praise.
'Tis time.
Several months ago they carried an article pointing out that
optical fiber would be a great way to carry the alarm and
supervisory signals for intrusion detection systems because an
optical fiber link is next to impossible to tap as contrasted
with wire lines. The author's point was that a bad guy could tap
into a wire line and figure out the coding used to pass
information back and forth and then use this knowledge to fool
the central station by sending normal responses to it while he is
breaking in.
We don't have all of the details, but heard last month that
this scenario had actually occurred in NYC. A high level
protection system was tapped by the bad guys, and they figured
out how the intrusion detection system reported "All OK" so they
substituted their equipment which kept telling the central
station that all was OK while they broke into a bank and made off
with a bundle.
WAY TO GO, AT&T!
We just received six AT&T credit cards.
Surprise #1: they were mailed to us bulk rate. We're
surprised because they were probably trying to save postage, but
our experience with bulk rate has been that many pieces get lost
..... and we wonder what happens to lost credit cards.
The other reason that we were surprised is that they mailed
these six cards in six different envelopes -- which means that
they paid six times as much postage as they had to! (Up to three
ounces bulk rate costs the same as one featherweight piece.)
Welcome to the competitive world, AT&T.
TIMM-2
Last month we asked for a source of TIMM-2, and so far we
have received replies from Jeffrey Larson and Charles Augustine
which confirm that the TIMM-2 is out of print, and giving us the
information on its replacement. Thanks guys.
If you need wiring diagrams, parts ordering information,
wire pair standard assignments, etc. for standard telephones (Ma
Bell types only, we presume), you can order the ITT Telephone
Apparatus Practices Manual, PN 820870-101, from ITT
Telecommunications Corp., Box 831, Corinth, MS 38834. It sells
for $50.00 paid-in-advance, and will be shipped via UPS about 30
days ARO.
In addition, GTE and REA (Rural Electrification
Administration not Ross Engineering Associates) have various
publications. We're trying to find our copies of their catalogs
so we can add their addresses, etc. to our lists of sources of
information.
While we're on the subject of the TIMM-2, has anyone ever
found a standard telephone which needs all four wires which run
between the handset and the instrument? All of the schematics
that we have checked show two of these four conductors connected
together inside the instrument which means, of course, that one
of them is superfluous. A connection inside the handset would do
the job.
YOUR COMMENTS, PLEASE
In the March 26 issue of Telephony in the section entitled
"Plant Man's Notebook" there was an item which raises some
questions. This news item said that the Barnes Hospital in St.
Louis had saved a fortune on new wiring for its new telephone
system by buying the old wiring from Southwestern Bell for
$600,000.
That's interesting because, in our experience, old wiring is
normally abandoned by the Bell companies. When we work on
countermeasures in buildings which have had many tenants we find
layer on layer of old wiring which has been abandoned. In fact,
we've often joked about starting a new side business in which we
charge clients for removing old wiring as a communications
security measure, and then selling it. We are certainly not all
wise and all knowing when it comes to all of the phone companies
everywhere, but we thought that all of the Bell companies used to
operate the same way.
So then, the questions are: Do all Bell companies abandon
old wiring? If so, does that mean that Barnes Hospital paid
$600,000 for something that they could have had for nothing? If
they don't abandon old wiring, what is all this stuff we've been
working around and taking pictures of? Do some companies
sometimes recover old wiring? If so, which companies? And how
do they decide what to leave behind and what to recover?
Your comments, please.
QUESTIONS AND ANSWERS
Q. Why are you opposed to the LEIU?
A. Primarily because we believe that the LEIU is an attempt
to thwart the law by people who are sworn to uphold the law.
(For anyone who is not familiar with the initials, LEIU stands
for Law Enforcement Intelligence Unit. The best reference that
we have seen regarding this extra-legal activity by law
enforcement organizations is the book, The Private Sector, by
George O'Toole. In his book O'Toole in a calm and totally
unsensational manner provides details on this
activity/organization.)
Now it's always possible that our information is incorrect,
and therefore, our conclusions are all wet; but we see the LEIU
as an effort on the part of participating police departments to
collect "dossiers" on people in this country without running the
risk of having to reveal the contents of these dossiers under the
provisions of the Freedom of Information Act. If this is its
purpose, we are opposed.
It's not that we are not sympathetic to the plight that law
enforcement people find themselves in when some kook takes a shot
at a public figure. We don't like to see anyone taken advantage
of, and the media hue and cry following such an event certainly
is good for ratings and sales of newspapers, but it is not at all
fair. What we refer to is the accusation that the Secret
Service, the FBI, or whoever should have known that that man (or
woman) was "after" the president or the senator, should have had
him/her under observation, should have locked him/her up long
ago, etc.
We're sympathetic, but we're still opposed to the LEIU. No
one who has any depth of knowledge about Jim Ross will ever
accuse him of having a soft spot in his heart for politicians,
especially legislators; but dear friend and fellow voter, we put
those legislators in their powerful positions and they represent
us. If the laws that they pass are lame-brained, then we should
replace the legislators, not concoct ways to violate the laws.
It is especially distressing to consider that the people who
operate LEIU are the people who have sworn to uphold the law.
NEWSPEAK
In the May 1984 edition of the magazine, Inc., there is a
full-page ad by IH (the International truck maker) which
proclaims, "When idling, our 6.9 liter medium diesel burns about
300% less fuel than a comparable gasoline powered engine."
Now let's see -- if the gasoline powered engine burns one
gallon per hour, 300% less would be 3 gallons per hour less, or a
net increase of 2 gallons per hour.
Better not let that diesel idle too long, or you'll be
pumping diesel fuel all over the street as the fuel tank
overflows!
CORDLESS TELEPHONES
Recently the Washington Post newspaper ran a feature article
on the privacy problems people face when using cordless
telephones. The article seemed to imply that some expensive
equipment or special knowledge is required to listen to these
calls.
'Taint so.
If you want to alert your management to the ease with which
these calls (and possible others) can be overheard, here's what
you do. Buy a low cost scanner (We like the J.I.L. SX-100 @
$129.95) and scan the five transmit frequencies used by the
hand-held units (49.830, 49.845, 49.860, 49.875, and 49.890 MHz).
Once you are certain that there are cordless telephones operating
near your office, call a meeting and let your execs hear some
calls live. They'll be astounded at the things people will say
on the air just because they're talking on a telephone and they
know that it is a private conversation. (By the way, listening
to what is on the radio is legal, but revealing what you hear,
acting on information received, recording, and a few other things
are illegal under federal law. Consult a communications lawyer
for details.)
June, 1984
EDITORIAL
Now that we've completed one half of our first year of
publishing this newsletter, it's about time to advise you of our
intentions.
From the outset, the objective of all of our educational
efforts has been to shed some light on the technology variously
know as ECM, TSCM, countermeasures, countermeasures surveys,
sweeps, etc. and the full field of protection of privacy. This
newsletter is called COMSEC LETTER because we believe that
communications security deserves top billing in this field.
Our education and experience dictate that we emphasize
electronics; however, because of the interest that your editor
has in good communication (in the generic sense), the letter will
contain material which addresses good communication overall --
not just electronic communication. Further, because the
telephone companies play such a large part in communications, the
letter will contain a good deal of information which relates to
the phone companies.
With regard to communications in general, in this letter
you'll find criticisms of the creeping degeneration of our
language due to the ever-more-popular habit of using a euphemism
in place of the correct word.
You'll also find that this engineer, as do most engineers,
usually prefers accurate, precise words, rather than some of the
ambivalent words which change meaning depending on what the
speaker (or listener) wants them to mean.
Further, we really believe that 1984 is here. Our
government is not yet as far along as the government in the book;
but, with a lot of help from media, industry, PR flacks, and
super-addlepated bureaucrats, NEWSPEAK is here, and we'll serve
up small doses of outstanding examples from time to time.
Meantime, back at the ranch, there is still an urgent need
for full, complete and accurate information on the threats to
privacy through the use of electronic equipment and techniques to
intercept communications and to alter or steal stored
information. COMSEC LETTER is our first effort to begin to
address that need. We also have plans for a series of technical
essays and a book, but while those things are in the making, this
letter and the "Electronic Spying and Countermeasures" seminar
are the principal media for an exchange of ideas on this
technology.
Also, we'll describe electronic technician training courses
from time to time.
Last but not least, we try in each issue of the newsletter
to provide some information on sources of information such as
books, newsletters, magazines, etc.
To sum up, even though the title is COMSEC LETTER, this
newsletter relates to good communication overall, and to the
protection of privacy overall.
YOUR EDITOR'S MAIN BIAS
Let's face it. everybody with a functioning brain and
experience in this world has some bias. Some are strong. Some
are weak. Some are dangerous, and some are innocuous.
Edward R. Murrow is quoted as saying, "Everyone is a
prisoner of his own experiences. No one can eliminate prejudices
-- just recognize them."
I have a natural dislike of people/organizations which take
advantage of others -- sometimes I even feel sympathy for a
politician who's getting unfair treatment by our fourth estate!
However, my principal prejudice is that I hate a cheater,
especially one which is clearly dominant in its field.
My experience has been that the dominant organization in any
particular field tends to try to take advantage of people in ways
that would probably get a "Mom and Pop" organization in trouble.
Example #1: Hertz ran a full page ad in the Washington Post
to deliver the message that it is better than its competition
because "you never pay a mileage charge at Hertz". The day the
ad appeared I received the bill from Hertz for a car that I had
rented in the Washington suburb of Frederick with -- you guessed
it -- a mileage charge. (The Frederick Hertz manager has since
confirmed that he still charges for mileage even though Hertz has
signs in airports proclaiming "From here to eternity, there's
never a mileage charge at Hertz.") (Is Frederick on the other
side of eternity?)
Example #2: Bell Atlantic is trying to sell its cellular
mobile phone service called Alex, so they run a full page ad in
the Washington Post business section which shows a smiling,
handsome young man holding his Alex telephone in his automobile
and saying "The first call I made with Alex paid for this car."
(Now, we all know that a telephone call does not pay for a car,
but it's reasonable to assume that the ad-writer was trying to
imply that some business deal was consummated during the call,
and that business deal earned a profit which was great enough to
pay for the car.) I think that if an ordinary (non-dominant)
business had run that ad, it would have been forced to produce
hard evidence that the picture was of a real customer and that
his first call had actually earned enough to pay for the car; or
that company would have had to face some kind of sanctions from
government or consumer protection organizations. However, the
Washington Post is certainly dominant as is Bell Atlantic, so
that's the end of that.
Yes, your editor is biased -- primarily against dominant
businesses which try to take advantage of others. He also has a
problem with people who cheat whether by taking a parking place
reserved for the handicapped or by not living up to agreements
like finders fees, etc. However, his principal prejudice relates
to the giants and shortly you'll see comments on some businesses
which are super-dominant, namely utilities (especially the phone
companies).
SP
Tony Anastasio points out that IH may have trouble with
math, but, at least they know how to spell "diesel".
(Confidentially, we know how to speel it also; we just put
in errors like that to see if anybody reads these letters.)
(And if you believe that, send us your name and address
--there's a bridge we'd like to sell to you!) Thanks Tony.
BUYERS' DIRECTORY
Data Processing and Communications Security magazine has
just published a directory of suppliers of products and services
for computer and communications security. The directory lists
over 900 vendors classified into 22 categories and 165
subcategories. The book seems to be reasonably complete (some of
the "interesting" companies do not appear, by choice or by
accident, we do not know). It is now available, and the price is
$10.00. Contact Paul Shaw, Data Processing and Communications
Security, Box 5323, Madison, WI 53705. Phone
(608) 231-3817.
NEW CORDLESS FREQUENCIES
Starting on October 1, 1984, there will be twice as many
frequencies authorized for cordless telephones and the base
stations will no longer transmit at about 1.7 MHz using power
lines as antennas. Both base and handset will transmit through
conventional antennas with the base frequencies starting at 46.61
MHz and the handset frequencies starting at 49.67 MHz.
It's reasonable to assume that the market for the old
equipment will dry up, and prices should drop drastically as the
starting date for the new channel pairs approaches.
The new frequencies (in MHz) are:
Channel # Base Frequency Handset Frequency
1 46.61 49.67
2 46.63 49.845
3 46.67 49.86
4 46.71 49.77
5 46.73 49.875
6 46.77 49.83
7 46.83 49.89
8 46.87 49.93
9 46.93 49.99
10 46.97 49.97
COME NOW!
Telephone Engineer and Management in its April 15 issue
reports that the US Air Force, because of divestiture, now pays
$800 for service that formerly cost $75, and $445 for a plug that
used to cost $7.50! We wonder if both parties to these
transactions don't think that they are dealing with play money.
Somebody wake them!
However, their fiscal irresponsibility seems almost sane
when compared to the article's final fillip which said, ""While
the Air Force said it will search out new suppliers in an attempt
to lower costs, it was doubted that an adequate competitor can be
found because of the sensitivity of services."
Can you believe that the editor of a responsible publication
would swallow such an inanity, and then lend credence to it by
publishing it without comment?!?! Can you believe that the US
Air Force takes the position that only AT&T, among the qualified
vendors, can be trusted?!?! (The way AT&T is taking them to the
cleaners financially, we wonder why the USAF thinks they can be
trusted with "sensitive" information.)
Come on, Air Force. Try calling GEEIA, or the Signal Corps.
Or if you must hire a civilian firm, we'll help you find many
which are qualified, cleared, and can be trusted to refrain from
stealing government secrets OR taxpayers' money.
MAXWELL'S EQUATIONS REVISITED
Maxwell's Equations tell us that the far field diminishes as
the square of the distance from the radiating antenna. To look
at it the other way, if you want to double the range of a
transmitter you must increase its output power by a factor of 2
squared or four; a 10 times increase in range would require an
increase in power of 10 squared or 100; and so on. Other things
being equal, this is a simple mathematical relationship which
holds up.
Now comes an advertiser in security magazines who says his 1
watt transmitter has a range of 1-2 miles, and his 5 watt
transmitter has a range of 8 to 10 miles. To increase the range
from 1 mile to 8 miles would require a power increase to 64
watts, but somehow he does it with an increase to 5 watts. He
should share his technical secret with the world -- or send his
copy writer back to doing ads for soap which is "new and improved
and lemon flavored."
CORDLESS PHONES, AGAIN
Not only are cordless phones a threat to your privacy, they
may even damage your hearing. According to The Harvard Medical
School Letter of April '84, if you happen to have one of the
cordless phones which transmits its ring signal through the
speaker (earpiece), and have it next to your ear when a ring
signal is received; the sound transmitted out of the speaker can
be of sufficient intensity to cause "instant and permanent
destruction of nerve cells responsible for detecting sound."
PUBLICATIONS FOR SECURITY MANAGERS
"International Terrorist Attacks" and "Political Risk
Letter" are two publications that might be of interest to our
Security Manager readers. For a sample, contact Victor Hertz,
Frost and Sullivan, Inc., 106 Fulton Street, New York, NY 10038.
(212) 233-1080.
July, 1984
QUOTE OF THE MONTH
"There's plenty of precedent for a trade press that has no
original thinking. God knows." Teleconnect, July '84.
QUESTIONS AND ANSWERS
Q. Is equipment available to identify the telephone number
of the calling party?
A. The answer to this question is a qualified "Yes." We
know, for instance, that many emergency (911) boards have the
ability to freeze a call so that the caller stays connected to
the emergency board no matter what the caller does. We've been
told that some of these boards have the ability to display the
identity of the calling number (and probably the name and address
of the subscriber). However, we're quite certain that such a
capability will not be universal any time soon because it would
require a tremendous expenditure to implement in the older
exchanges.
We have been advised that Bell has said that it will be
totally equipped with the 56 Kb/s CCIS #7 (called CCITT # 7 in
one article) before the end of 1985. (Considering the actual
state of affairs, including the fact that Manhattan is not yet
even fully converted to ESS, we wonder about the credibility of
this schedule.) This version of the ESS switch will provide
calling party identification in binary decimal coded form to each
telephone switching center between the calling party and the
called party's exchange. Therefore, the phone company will be
able to identify the calling number of all calls routinely and
instantaneously. This identifying tag, however, will not be
attached to the call when the call is connected to the called
telephone. (Seems like this would be easy enough to do, but
apparently Ma thought we wouldn't need it or want it -- or maybe
she's just protecting us from ourselves.)
As we understand it after the new system is installed,
subscribers will have the following options available for an
additional monthly fee.
1) Calling number restriction. Subscriber will be able to
instruct the computer to intercept calls from numbers which he
specifies -- therefore, he can refuse to take calls from those
pesky bill collectors, etc. (It may also be possible for the
subscriber to provide a list of numbers from which he will accept
calls, and all others will be intercepted.)
2) Call trace. If the subscriber wants to learn the calling
number after the call is terminated, he can dial a code within a
prescribed period of time and learn the calling number. Note
that this can be done only after the call is over.
During the recent seminar in New York, there was a
discussion on this subject and we were left with the question of
the availability of calling number identification at the called
number while the phone is ringing before the call is answered.
After checking with our consultants and talking to one of the
manufacturers, this is what we come up with: Such a feature is
currently available from several manufacturers, but the only
callers which can be identified are those which are served by the
same electronic PBX. That means that you would be able to see
the identity of the caller only if the caller was another
extension served by the same PBX. You will not have the ability
to see who is calling from the other side of the PBX.
Q. Who makes high quality scramblers?
A. For a complete answer to that question I refer you to the
publication, "Who, What and Where in Communications Security."
There are many reputable companies in the field, but I'm not
going to try to name any because I can't do the question justice
in a few words -- so I recommend this 182 page book to anyone
seriously looking at the possible purchase of speech scrambling
or data encryption equipment. The book is a real "bible" with
detailed information on the technology and the established
manufacturers and their products. We offer it for sale at the
publishers list price of $75, and we discount it to consulting
and seminar clients at $50. If you want to know more about this
report, drop us a line or give us a call, and we'll mail you some
descriptive material.
Q. What do you know about this Britton organization in
Hawaii? Do any of their designs work?
A. About seven years ago I bought a lifetime subscription
from Don Britton Enterprises. It was supposed to guarantee me a
copy of every new plan that they introduce for the rest of my
life. To date, I have written to them twice; but I have never
received a single plan since the first packet arrived. I don't
know whether they are a con outfit, or whether there have been no
new plans since I subscribed. I know they have my address
because they keep soliciting my business.
We have never built one of their designs, but they look
reasonable, but be careful; when you try to build from someone
else's plans, you find that most circuits have glitches in them.
Q. Where does the stuff you put into your newsletters come
from?
A. The opinions are strictly my own. I hope they are based
on real factual information, and I hope that they are helpful. If
I am not really certain of the facts, I qualify the opinion.
Many ideas come from questions asked by phone and during the
seminar. Also, I have copies of most of the material that has
been published, and most of it is so bad that it will provide
ideas for many, many technical essays.
The factual information that appears in this letter comes
from many sources. Some, of course, is based on my education and
experience. In addition, we subscribe to an unholy number of
periodicals and also many people provide ideas and information.
Stuff, indeed!
Q. How do you rate the Dektor equipment versus the ISA
equipment?
A. Both companies sell high quality equipment. However, we
do not endorse any manufacturer's line across the board, but in
response to questions during the seminar we discuss specific
items and cover the tradeoffs. (For more information, come to
the seminar!)
DATA COMMUNICATIONS PRIMER
If you are involved with data communications in any way, we
have a booklet to recommend to you. It is short, full of
explanatory line drawings, full of good information in layman's
language, and it's FREE. The title is Making It Through The Maze
Of Data Communications and it's available from Infotron Systems
Corp., 9 N. Olney Ave, Cherry Hill, NJ 08003. 609-424-9400.
COMPUTER CRIME
The current issue of Security Letter contains the results of
a poll on computer crime. Much food for thought. Security
Letter, 166 East 96th St., New York, NY 10128.
POINT OF VIEW
We were admonished (gently and courteously) recently because
the site of our last seminar was advertised as New York City, but
it actually took place in a suburb on Long Island. To all who
thought that was deceptive, we offer our sincere apology. Our
objective in naming a city is only to give folks coming from afar
an idea of the locale. If we had said Uniondale, NY, even most
natives would have had to look at a map to see where to book a
flight to.
There was no intent to deceive, but we've been thinking a
lot about it and offer the following observations.
This is the eighth year of our seminar. Most of those have
been held in the Washington, DC area and our promotional
materials all say "Washington, DC." All of these seminars have
been held in a Maryland suburb and we have yet to hear a comment
on this. Yet the first time we advertise New York City, and hold
the seminar in a suburb, we're told that we are misleading. Why
is this? Are New Yorkers that parochial? (If you'd care to
comment, anyone, we'd be glad to hear from you. We'd be
especially glad to hear from you Dick, because you were the first
to bring it to our attention.)
Another thought. We've heard West Point referred to as "in
upstate New York." Now I lived at West Point for six years and I
never for a moment considered that it was upstate. Maybe that's
because most of my family resides in the Schenectady area. Of
course, we have a daughter in Plattsburgh, and there's no doubt
that that is upstate!
It's all in your point of view.
Again. Sincere apologies if anyone was deceived.
By the way, we're now looking for a site in Manhattan for a
seminar late this year. Any ideas?
OUR STRANGE LANGUAGE
Tender, as a noun, means "offer"; yet it is always used in
the financial pages as an adjective modifying the word "offer",
viz, tender offer.
Excise, as a noun, means "a tax"; yet it is always used by
lawyers as an adjective modifying the word "tax", viz, excise
tax.
Strange, no?
LITERATURE
Telephony magazine reports that the Bell System Catalog of
Publications, PUB 10000 is now available. Contact Bell
Communications Research Information Exchange, 30 Vreeland Rd. Rm.
S103, Box 915, Florham Park, NJ 07932.
INTERESTING CONTRACT
We were asked recently if we could tap a telephone line for
a private investigator with an unusual contract. It seems that
he had been hired by a company to demonstrate that the records
which are stored in their computer were vulnerable.
Security managers: Good idea or no, in your opinion?
By the way, we told the inquirer, "Yes, we can tap the
phone. If you like, we can also provide the man to break into
the computer and copy some files."
NEW SCANNER
Lee Greathouse of Personal Communications magazine sent us a
product data sheet on the new Regency MX7000 scanner. Looks
great. Synthesized (no crystals), 20 channels, 25 MHz - 512 MHz
and 800 MHz - 1.2 GHz. Includes the new cordless frequencies and
the cellular frequencies. However, we have heard that cellular
will hop from one channel to another on each transmission --
which means that eavesdropping on one call will not be simple,
even with a scanner like this one.
AT&T (BUT A NICE COMMENT THIS TIME)
At first we didn't think it was so nice. As a matter of
fact, when we saw the charges on our bill for long distance
information, we thought it was stupid and counterproductive of
AT&T to charge for this service. However, after a little
reflection ol' JAR decided that he was the one who was stupid.
Why should AT&T give me free information so I can dial the call
on MCI?!?!
Wonder when we'll be able to get free information from MCI?
August, 1984
SOME OF MY BEST FRIENDS ARE.........
Telco employees. Seriously. It's true. I even have a
cousin who works for Ma Bell. (Actually, she works for a Baby
Bell.)
The reason that this particular item is appearing at this
time is that one of those friends, who is also a respected
colleague in the countermeasures business, recently said, "Jim, I
detect a hint of a bite in your words when you are writing about
a telco.
Very perceptive. If he had been less gentle, he would have
said "a hint of acrimony", or "a great deal of antipathy".
In any event, his comment triggers us to present this
segment, so that you may better understand our bias with regard
to telcos.
Jim Ross may be good friends with some telco people, but no
one who knows him will ever accuse him of being a friend of any
telco -- at least not any telco with which he has had dealings.
(There may be one which he could like, but he hasn't seen it
yet.)
So what's the problem? Why the antipathy?
There are three main reasons for my dislike of telcos, and a
mixed bag of other reasons -- some significant, and some quite
insignificant.
The first main reason is your editor's bias against dominant
entities as explained in an earlier issue.
The next main reason applies to any government controlled
utility, and I'm sure that every other independent businessman
shares some of my feelings. Every businessman has to stand on
his own two feet and make a profit to survive. If he hires too
much help, he loses his profit and maybe his business. If he
makes a mistake, he has to pay for it. If it's a big mistake, it
can put him out of business. (Can you imagine spending six
million dollars to publicize a name, a la American Bell, before
you find out that you cannot use the name?!?) I think it is
natural for those of us who must survive in a competitive
environment to resent a business which is guaranteed a profit by
the government. If a utility hires too much help, it only has to
get authority for a rate increase to cover the additional expense
plus some additional profit. If a utility makes a mistake, it
just arranges to raise rates so the captive customer ends up
paying for it. The government regulated utilities are probably
the only businesses in the world in which all of the players are
profitable.
The final principal reason for my antipathy cannot be as
easily pinned down. It has to do with attitudes and
characteristics which have been acquired over the years, and a
lot of policies and practices which relate to how management and
individual employees of the companies see their company.
We'll try to outline some ideas from our experience.
"Hubris." Is the company really a part of the government --
or slightly superior to it?
"Greed." According to Teleconnect, telcos' profit, as a
percentage of sales, ranges from about 30% to more than 50%.
Wow!
"Green-eyeshade school of management." Have the computers
crank out how long on average it takes to answer an information
('scuze me: "directory assistance") call. Demand that the
average time decrease. Measure the performance of each operator.
Pressure everyone whose time per transaction is above the norm.
(Do the same with service calls, etc.) (Since this was written,
a local phone company made headlines by firing an information
operator of sixteen years experience for falling below the norm.)
"Hubris." Start with a company which has always been a
monopoly, and which demonstrates continually that it knows
nothing about making it in a competitive environment. Spend
millions of dollars on national TV ads to deliver the message
that the telco will teach your company how to do "telemarketing".
Then allow the advertised "800" number to stay busy for days on
end. Or have the given telemarketing department number answered
with a recording that says, "All of our sales people are in a
meeting until 11:30. Please call back after that time." Can you
conceive of a competitive business spending a fortune to
advertise, and then not be prepared to answer the phone?!?!!!
And what they were advertising is the service of teaching you how
to sell by phone!!!!!!!!!!!!!!!!!!!!!!!!!
"Combination." Ingrain into the minds of all business
office people who speak with customers that the only thing that
is important is the telco employee's time. The customer's time
is worth nothing; keep him on hold interminably. Never offer to
call back after you have found the necessary information.
NOW WAIT JUST A MINUTE.
The normal rejoinder when someone speaks ill of Ma Bell is,
"We have the world's best telephone system. How can you knock
that?
Nowhere have I said that we don't have the best system in
the world. I'm not qualified to make that judgment because I
don't know all about all systems. However, ours is really good,
maybe the best. (Although we had DDD available to us when I was
stationed in Germany in the early fifties.) Doesn't matter. I
am critical of the company, not the system, and not the people.
When I telephone telco repair and tell the young lady that I
have 60 Hertz hum on the line, it is not her fault that she
doesn't know what I mean. (It is her fault that she says,
"You'll have to speak English if you want me to help you.")
When I talk to the telco repair people and describe a
problem which obviously exists in an exchange about 30 miles
away, and they dispatch a repairman to my house; it's not that
repairman's fault that the company is wasting his time and mine.
The company policy appears to be that all problems are assumed to
be the customer's fault until proven otherwise.
After I have many problems with call forwarding and ask to
speak to someone knowledgeable, and get a man who starts reading
from the instructions, "It says here that you dial 72, and when
you hear another dial tone ... etc." His lack of familiarity is
not his fault.
All of these problems, in my opinion, are due to severe
comparmentilization in the "old" telco. Know your job, but don't
ever look beyond its limits. Don't think; you have a procedure
to tell you what to do.
My feeling is that the "new" telcos will be different. I
see it. I feel it. I think they must encourage capable people
to expand beyond the old boundaries. Time will tell.
Just don't let anyone tell you that Jim Ross doesn't respect
the telco. Just because he is critical of some things doesn't
mean that he doesn't appreciate the high quality equipment, and
procedures, the excellent overall quality of service and the fact
that Bell Labs knows more about communications theory than the
rest of the world put together.
COMMUNICATIONS SECURITY ASSOCIATION
All of the details are not firm, but this membership
association is currently being organized. Anyone interested in
the overall subject of security of communications -- oral,
telephone, radio, data, and every conceivable kind of
communications -- is invited to join. Charter members will be
those joining before the end of 1984, and the regular annual dues
of $50 will provide paid-up membership through 1985.
The most important benefit of membership will be the
ability, through newsletters and meetings, to exchange
information with others in the field -- either people who have
similar problems or people who are professionals at solving
COMSEC problems.
Other benefits of membership will be a subscription to the
COMSEC LETTER, reduced rates for attendance at local and national
workshops, conferences, panels, exhibits and functions such as
COMSEC '85.
Some folks who heard about these plans by word of mouth have
already sent in their first year's dues and we thank them. We
hope to have a membership solicitation packet put together in
about one month.
Let us hear from you if you can help. We all need to work
together if we want an organization which serves its members.from September
September, 1984
COMMUNICATIONS SECURITY ASSOCIATION
A few hardy souls have committed themselves to the
establishment of a national membership organization for
individuals and businesses interested in communications security.
The principal objective of the association will be to
collect and disseminate information on COMSEC.
The primary vehicle for exchange of information will be a
members-only newsletter. Members are encouraged to submit
articles, anecdotes, news items, new techniques/equipment
descriptions, gripes, etc. Anything which could be of interest
to CSA members is wanted. The COMSEC LETTER will be sent to all
members as one of the benefits of membership. This publication
will be slightly different in content and make-up than the one
which you have been receiving without charge. The editor will
still be Jim Ross, but COMSEC LETTER itself will become
non-proprietary and non-commercial. CSA will also provide its
members with opportunities to exchange information through local
and national meetings. When we're able, we'll install a computer
bulletin board so that members can have instant access to the
association's data bases, and be able to exchange messages with
other members. Also, we'll be offering some new educational
programs -- seminars, workshops, video tapes, etc. Let us know
if you are interested in participating.
Members will be offered discounts on training programs,
educational activities, advertisements, products, publications,
etc. so that annual dues will be recouped easily for any member
who participates in even a few activities.
Once each year we're planning a national meeting with
panels, exhibits, etc. The first of these, COMSEC '85 is
tentatively scheduled for Washington, DC in the fall of '85.
Many details have yet to be considered. If you would be
interested in participating in the organization process, let us
know. At the time that this is written we have made no decision
on the various categories of membership -- student, foreign,
corporate, etc. All we have determined is that, to start, dues
for individuals will be $50 per year. Everyone who joins during
1984 will be listed as a charter member, and his dues will cover
membership through December 1985.
ACCESS CHARGES
Lessee now. Access charges. That's what C&P Telephone just
started charging its customers in order to give them access to
what they've always had access to.
No. Some of the trade press uses the term in referring to
the money that AT&T Long Lines paid back to local telcos
(kickback?).
But, no. There all of these stories about how we all have
some right to equal access to any LD company. Maybe access
charges mean we have to pay to use MCI or Sprint or whoever.
Oh well.
POSITIVE SUGGESTIONS
We have been throwing rocks at our phone companies (which
usually provide excellent communication, admittedly) quite
regularly in this letter, and we keep thinking that we should
offer some positive suggestions rather than just criticizing.
Therefore, we have started to list (in the computer) some serious
ideas for making the companies better -- or, at least, less
irritating. We'll run some of these in a later issue. If you
would like to put in your two cents worth, let us know.
COMPUTER CRIME
This topic seems to have caught the attention of the press,
the legal professionals, the legislators, and the man on the
street. However, most of the material which has appeared in
print has not attempted to define the problem, but focused
instead on the exploits of hackers such as the Milwaukee
youngsters who called themselves the "414s" after their area
code. (One recent story said that they derived their name from
the fact that they were all members of Boy Scout Troop 414.
Anything to sell more papers!)
In our opinion, most of the material which has appeared,
even in the trade press, is shallow and self-serving in the
extreme. The authors seem to be assuming that unauthorized entry
into computers via modems and telephone is computer crime.
We take a quite different approach. Although we agree that
unauthorized access via telephone is some sort of trespass, and
some theft or vandalism might occur making this crime more
serious than walking on a neighbor's lawn; we do not agree that
this is all there is to computer crime. In fact, this aspect
might even represent the least significant part of the problem.
Let's see if we can get a start toward defining the problem;
and, maybe, convince you to look at it from a slightly different
perspective.
First, what is computer crime?
To us, computer crime means:
1) using one's special knowledge of digital
computer hardware and software to commit a crime that you could
not commit without that knowledge, and
2) in an environment in which digital computer
hardware and software is essential.
Note that this definition excludes all of those "computer
crimes" in which the computer is used in place of the old paper
and pencil record keeping systems. That is, if the bookkeeper
figures out a way to get checks sent to bogus addresses which the
bookkeeper controls, it is not a computer crime even though a
computer was involved in the bookkeeping and check writing
process. This crime is as old as the hills, and the fact that a
computer is involved is immaterial. Something has been stolen by
subterfuge, and the computer is incidental, not central, to the
process. The thief is a clerk, without special knowledge of
computer hardware or software. He could just as well have been
using a pencil or punching keys on a typewriter as on a computer
keyboard.
On the other hand, if he uses his special knowledge of
software to circumvent automatic checks and balances or audit
trails, then he has truly committed a computer crime -- one which
he could not have committed without knowledge of hardware and
software.
Yes, this definition flies in the face of most of what has
been printed. We'd like to hear your opinion. Let's get some
ideas, and maybe, working together, we can develop some good
definitions.
Back on the question of breaking into data bases via modems
and telephone connections: We'd like to strongly suggest that
this is an example of what the lawyers call an "attractive
nuisance", and the keepers of these nuisances should face
punishment. (If you put a swimming pool in an unfenced yard, and
an infant falls in and drowns, the law does not punish the
infant. The law punishes the irresponsible person who created
the attractive nuisance.)
What do you think?
YOGO CONTEST
Earlier this year we introduced the YOGO element in our
masthead, and to date only the proofreader (our everlovin' of 25
years) has asked what it means. We doubt that every reader has
figured it out -- in fact, we wonder if anyone has figured it
out. So, just for kicks, here's a contest: the first person who
calls with the correct answer will get his name in print in this
letter, and have his subscription extended for one year at no
charge. (Ross family members are not eligible. This means you,
Marilyn and Jim!)
ASK AND YE SHALL RECEIVE
In our July letter we commented on AT&T's new charges for LD
directory assistance, and wondered when MCI would offer reduced
rate service. Sure enough! MCI dropped its announcement on us
shortly thereafter. They allow two free inquiries per month, as
does AT&T, but they charge 45 cents per call vs. AT&T's 50 cents.
KANSAS SUPREME COURT
According to Telephony magazine, "The Supreme Court of
Kansas has ruled that police may legally monitor and record
conversations conducted over cordless telephones and use the
recordings as evidence in court. The court determined that such
conversations, which were heard over an ordinary FM radio set,
were equivalent to oral communications and not subject to wiretap
laws."
If the court really made that ruling, it should be ashamed
-- for several reasons.
Anyone who wants to know what the law really says is
referred to 18 USC 2511 which makes it a felony to record oral
communications without the consent of one of the parties. The
communication in question, however, was a radio communication at
the point of interception, not an oral communication; and,
therefore, the law relating to interception of radio
communication applies.
What we see from here is that, in addition to its lack of
understanding of 18 USC 2511 (contained in the latest law, "PL
90-351, The Omnibus Crime Control and Safe Streets Act of 1968"),
the court apparently has not been referred to the Communications
Act of 1934. In it, 47 USC 605 defines the rules for handling
intercepted radio communication. (We have an essay in
preparation on this. It should be ready soon.)
CNA
Here we are taking on another supreme court (or this time
maybe it's only the editor of a trade publication), but we
honestly believe in strength through knowledge, and that
knowledge comes through free and open communication. In any
event, Telephony magazine reported: "The California Supreme Court
ruled that police officers acting without a search warrant can no
longer obtain the names and addresses of people with unlisted
numbers from telephone companies."
That statement is factually incorrect. It's true only if
the court meant the only official way to get the information is
with a search warrant. During our seminar, however, we explain
how the CNA system works, and how anyone can use it to get
Customer Name and Address for any telephone number, listed or
unlisted.
(Consulting clients and seminar participants: call us if you
want the latest information on CNA.)
LIE DETECTION
During our recent seminar in New York, we got into a
spirited discussion on the subject of lie detection which was
exceptionally valuable because we had some experienced, and
intelligent, examiners in the group. The consensus was that
there are some technological aids which will help an examiner to
detect stress, but the person giving the test must use his own
mind to evaluate all bits of information before he can hope to
come to a conclusion on which to stake his reputation.
Specifically, some of our participants pointed out that, if
the subject does not understand the words that are used, the
equipment will detect no stress, because there will be no stress
because the examinee does not understand the question.
That may sound like a fatuous statement, but one of the
experienced examiners emphasized that there is a whole class of
people with whom you don't use certain words such as "steal". As
he pointed out, you ask, "Did you take the watch?" and the
subject will understand; and you'll get a stress reaction if
he/she was involved in the theft. If you say, "Did you steal the
watch?", you'll get no stress response because the individual
doesn't understand the concept of "steal."
The subject of lie detection is one that we believe needs to
be aired, and we have an essay in preparation which will present
our views on the subject. Your contribution is welcome, anytime.
TSCM, BASIC EQUIPMENT NEEDS
The question of what basic equipment is needed in order to
be able to work in the TSCM field has been asked more than once
and really deserves an answer.
We have an answer in the works, but it will not be a simple
list of equipment, sources and prices. It will be a full
treatment of the problem, with emphasis on threat assessment,
etc.
Your comments are solicited.
QUESTIONS AND ANSWERS
Q. What are the standard "bug" frequencies?
A. Wow! What dynamite is packed into that question!
For reasons which may be valid or may not be valid, we're
not going to list any frequencies which are authorized for use by
law enforcement. That leaves illegal bug frequencies, and they
can be anywhere; but let's use some reason and try to limit the
field.
First, to go extremely high in frequency requires special
effort which is beyond the means of most buggers. Second, very
low frequencies require large components making a bug hard to
hide. Third, if you were planting an illegal bug, you'd want to
set the frequency to minimize the chance of accidental detection,
so you'd stay outside of bands in common use. However, to build
a good receiver from scratch is quite a project, so you'd
probably pick an operating frequency just outside a standard band
so you could modify a commercial receiver.
Ron (and anybody else who's interested), there is no set
answer to your question, but I hope this gives you enough
information to get you started.
You might also check on equipment from Japan which was
originally intended for their own domestic use. (Broadcast bands
are different in Japan.) I have heard that there are stores in
the Canal St. area in NYC which carry this stuff.
BS DEGREE BY MAIL?
It is possible to earn an accredited BS degree in
electronics engineering technology by mail. We have no
reservations in recommending this program because some years ago
your editor was retained by the Accrediting Commission of the
National Home Study Council to evaluate the program, and he found
it to be very good.
This is a bona fide college and any degree awarded has been
earned. You will have to take courses, study, and demonstrate
that you have learned the course material before you get a
passing grade in any course. This is not one of those "funny"
degrees that you get for "life experience" after you have sent a
check for the right amount.
Contact Grantham College of Engineering, 2500 South La
Cienega Blvd., Los Angeles, CA 90035.
IDEA FOR THE INVESTIGATOR
We have long had a plan to develop a tailing system which we
would make available on rental to those who might have a need for
such a capability, and just this week received a flier in the
mail which strikes us as something similar which might be of
interest to our government and private investigator readers.
Thrifty Rent-a-Car is offering to rent '73 through '84 models for
surveillance purposes. They offer vans, trucks, station wagons,
etc. which don't look like "cops cars." Seems like a good idea
to us non-investigator types.
TECHNICIAN TRAINING COURSES
Received since we last published information on such
courses: First, the address for the course in Texas is: Texas
A&M University System, College Station, Texas. 409-845-6391.
Also, Dick Heffernan pointed out that the extra day at the
end of the ISA course is for people who already own equipment and
want additional training.
ANI
Automatic Number Identification. As explained to us, this
is a method whereby it is possible to contact a telco facility
and hear voice identification of the telephone number of the pair
being used. It was designed to be an aid to telco installers,
but it sure could be helpful to a lot of other folks -- now that
it is OK for us to work on our own inside wiring.
To use the system it is only necessary to dial a three digit
code, and a synthesized female voice will speak the number
assigned to the pair that you are connected to. In parts of New
York City and Long Island the code is "958". Dial that number
and you'll be told the number that you are calling from.
Who knows the codes for other areas? Call us.
WHOOPS!
Since the segment above (on ANI) was written, we read in
Telephone Engineer and Management that ANI is a part of the Bell
system which provides billing information to the telco. Now, we
know that what we said about New York is true, but we wonder if
what TE&M said is also true. (It doesn't seem likely that the
same system would simultaneously provide analog voice information
and digital computer information.)
Who knows? Is it one, or the other, or both??? Call us.
PUBLICATIONS
If you are interested in telephone communications security,
you should be reading TAP. This publication has recently been
undergoing some major changes (redirection?), but the content is
worth much more than the ten dollars asked for a one year (six
issue) subscription. TAP, 147 W 42nd St. #603, New York, NY
10036.
(If you order a subscription, have patience. The office was
recently broken into and torn up. The new editor has rescued
what he could; has everything in cardboard boxes in a new
location, and hasn't published a new issue since Jan/Feb '84.
Hang on! He'll catch up soon, we're confident.)
If you have an interest in radio communications, you should
be reading Monitoring Times. It is an excellent source of
information on the hobby of radio monitoring and the equipment
used -- receivers, scanners, antennas, etc. (The July issue had
a feature on what are the radio listening laws in all of the
individual states.) Also, MT provides a lot of detail on secret
and underground transmissions. Send them $10.50 for a one year
(12 issue) subscription or contact Bob Grove for a sample. MT,
Grove Enterprises, Inc., 140 Dog Branch Rd., Brasstown, NC 28902.
NEWS NOTES
We have been informed that Col. C.R. (Mac) McQuiston
recently demonstrated his Veremetric L-1000 digital voice stress
analyzer. We'd like to hear from him or from anyone with
details.
Also, we're told that the following took place recently.
Scene: large metropolitan area on east coast of USA.
Players: attorneys for the defendant in a large class action
suit. Activity: TSCM in offices of law firm. Finding: one
telephone, in critical area, has been modified with a hook switch
bypass. Action: modified instrument replaced. No identification
of bugger, and no investigative effort contemplated because suit
was settled out of court shortly thereafter.
BUYING PHONES?
If you are thinking about buying a multiline phone system,
we recommend that you get a copy of a booklet called "THE HOW TO
BUY A PHONE BOOK." It's not about buying a phone book; it's a
book about how to approach buying a phone system. Self-serving,
but after all the people who offer it for free want you to buy
their phones. Really good anyway. Contact Walker Communications
Corp., 200 Oser Ave, Happauge, NY 11788. 516-435-1100. (We like
the way they write their phone number also, and we're going to
eliminate the brackets around our area code in the future.)
(Think we'll start a national trend?)
MODERN TELECOMMUNICATIONS TECHNOLOGY & DISCOUNT LD CARRIERS
Big hassle. The different discount LD services have
different policies for when they begin timing a LD call for
billing purposes. The reason for the confusion is that they
don't get the supervisory signal which indicates that the called
number has answered. AT&T gets this signal but MCI, Sprint, etc.
don't. Two questions:
1. Why does AT&T get the supervisory signal and the others
don't?
2. If, for some valid technical reason, this signal cannot be
provided to non-AT&T carriers, why don't these carriers use some
of the available technology to sense the status of the call?
There are ICs available off the shelf which can sense (and
report) ringing, busy circuit, busy line, and complex waveforms
such as speech. Why don't they use this technology?
OUR INTERESTING LANGUAGE
Heard: "Makes a sneer." Actually sung: "Makes us near."
October, 1984
NEW ON OUR MAILING LIST
Effective this issue we're adding some names to our mailing
list, and we're making this introductory comment to try to catch
the attention of each individual who has been added. (Unless you
tell us to desist, you'll get three issues without charge.)
First, we're adding Art Sundry, GM of Motorola
Communications and Electronics Inc., and the young lady who said
she is the boss of their telemarketing operation, Mary Adelaide
Burns. Our astounding communication with this operation is
recounted in this issue, and we repeat the offer that we made by
phone to Mary Burns: if Motorola wishes to respond, we'll carry
the response in this newsletter (unless they expect us to publish
a book and distribute it at no charge).
Next, and we have also added the members of the Society of
Telecommunications Consultants. Again, if you get this letter
unbidden, and have no interest in COMSEC, please let us know and
we'll stop sending it.
Last, bnl, we're adding all of the people who stopped at our
booth at the ASIS show in Chicago in September. Welcome.
CSA
The Communications Security Association is a non-profit
memebership organization of people and companies interested in
the field of communications, especially communications security.
At this time, Jim Ross is the CSA unpaid, "volunteer"
administrator, working part time to try to do the things
necessary to get a new organization started. If you have
requested a membership packet, please be patient. Information is
being assembled, created, and word-processed; and something will
be forthcoming in the next week or two. Preliminary packets will
be prepared and copied on the same equipment used to create the
COMSEC LETTER, namely the IBM PC and XEROX 1035. A fancier
package will be typeset and printed after the organization can
afford it.
If you wish to become a charter member, and don't need more
information before making a decision, send $50.00. Annual dues
are $50.00 for individuals in the USA, and dues received before
the end of 1984 qualifies you as a charter member with dues paid
up through 1985. If you're not sure, or want more information,
send your inquiry to CSA. Please be patient.
To all who have already sent their dues: "Thanks. You will
be receiving a packet of information including a blank form
asking you how you can help to get the new association
functioning."
COMSEC '85
The founders of CSA have tentatively planned the first
annual meeting for Washington, DC during the fall of 1985 and
have named this meeting "COMSEC 85". Presentations, panel
discussions, exhibits, and other activities are planned. YOUR
input is invited.
COMSEC LETTER
This letter will normally be four pages and will be mailed
bulk rate early each month. As a CSA organ it will be
non-proprietary and non-commercial.
QUOTE OF THE MONTH
Plant Man's Notebook, Telephony magazine: "Life is half over
before you realize that it's one of those do-it-yourself deals."
ITT & FBI VS. LONG DISTANCE STEALERS
A recent issue of Telephone Engineer & Management notes that
ITT Communications Service and the FBI have collaborated to crack
down on those who steal long distance service by using someone
else's identification. More power to them! Maybe there should
be a system set up to reward those who provide information on
such thieves.
We don't condone stealing, but, we predict that the system
of coding used will be very simple to break and the phreaks will
be passing along the formula very soon. With all of their money
and all of their brains AT&T really should be able to come up
with something with at least a tad of security.
AIWA TP-M7
This microcassette recorder is our favorite. It is slightly
larger than the Olympus Pearlcorder S-910, but our AIWA is much
more sensitive than our Pearlcorder. We have heard that AIWA is
no longer making the 7, opting instead to manufacture the 9 which
has fewer features and a higher price (shades of Detroit!).
NAME THAT SEMINAR
Our seminar started out with the name "Electronic Security"
and evolved into "Electronic Spying and Countermeasures" because
most of the information on access control, intrusion detection,
etc. was available elsewhere, but everybody was interested in
bugs and taps. During the two-day affair, though, we discuss
much more than just electronic spying. We cover the laws
relating to surreptitious interception of communication, other
methods of collecting information, any modern electronics systems
or techniques which relate to security and investigations, etc.
So what should we call the seminar?
After a conversation with Jack Dyer in California, we're
inclined toward "Industrial Espionage Countermeasures". What do
you think?
PRIVACY, WHAT IS IT?
Our recent experience with Motorola began when we saw an ad
which implied that Motorola is offering a line of mobile radios
which provided secure radio communications. That ad is long
since gone, but the one running in the current issue of SIGNAL
magazine is headlined, "PRIVACY-PLUS RADIO GIVES YOU RELIABLE
COMMUNICATIONS. AND LETS YOU KEEP THE CONVERSATION TO YOURSELF."
One of the brochures we received in response to our request is
entitled "PRIVACY PLUS PERFORMANCE..."
Those three words contain the essence of the problem. To me
they conveyed the idea that Motorola was offering a two-way radio
system which provides private communication to the users plus the
kind of reliable performance that we have come to expect from
Motorola products. What do those words convey to you?
Looking for some detail for the readers of the COMSEC
LETTER, we called the Motorola telemarketing number to get the
full story. During the conversation, we explained to the sales
rep that we are not a potential customer, but rather producing a
newsletter on communications security. Pricing information was
easy to get, but how security is achieved was another story. At
one point she told me that I should study up on radio
communication theory so that I could understand her. When I
asked her if they were using some modulation type other than a
standard such as FM or ACSB, she told me that she would only talk
to me if I learned how to speak to her nicely, and hung up on me.
When I called back and asked to speak to the boss, Mary
Burns tried to explain the privacy feature by using an analogy.
She said that in the old days people had party line telephones,
but now most people have private lines, and asked me, "Don't you
agree that this conversation that we're having is a private
conversation?" That certainly was the wrong question to ask a
guy who spends a large part of his life writing and speaking in
an effort to get the message across that telephones are not
secure means of communication! (Even TIME magazine agrees with
me; see page 38 of the October 29 issue.)
In any event, after a careful reading of their literature, I
now appreciate what the Motorola system does and what it doesn't
do. It does not, as the heading says, provide private
communications. All it does is prevent other users of the same
repeater from hearing your communications on their two-way
radios. Anyone in your area with the appropriate receiving
equipment can listen with no trouble.
Now, it may be that the users of repeaters will appreciate
that this system will only keep other users of the same repeater
from hearing on their two-way, fixed-frequency radios, but does
that mean that Motorola is selling a product which provides
"privacy"?
Is this another case of a dominant entity getting away with
something that would land a small company in hot water?
What do you think?
YOGO CONTEST WINNER
Dennis Steinauer of the National Bureau of Standards is our
winner. In a later issue of COMSEC LETTER we'll explain YOGO,
and give some samples of some very imaginative contest entries.
November, 1984
SOME IDEAS FOR COMMUNICATIONS SECURITY ASSOCIATION
What do you think about establishing a panel of experts to
answer members questions? Computer bulletin board? How about
providing expert witness referral service? Speakers bureau?
THANKS
Our thanks to Jack Dyer who arranged for us to speak to the
San Fernando Valley ASIS Chapter February 5, and to Joe Rodrigues
who has offered us the use of his offices as our headquarters
while we are visiting in the Los Angeles area during that week.
We look forward to in-person meetings with many of our Los
Angeles area correspondents.
ANOTHER COURT (SMART ONE THIS TIME)
In Alexandria (VA) Circuit Court the judge instructed the
jury that "interception of an oral communication" is defined as
the "aural acquisition" or hearing of an oral conversation that
had been recorded. Great.
What it means is that simply recording a conversation is not
intercepting the conversation. If no person has ever listened to
what has been recorded, then no interception has taken place.
Simple. Logical. Accurate. Great!
Next, of course, the court will have to extend its
definition because there are computer-driven transcription
systems which can prepare a written record of the recorded
conversation with no human listening. In that case no
interception takes place until a human reads the transcript, in
our opinion.
(Sam. This is a point that I was yammering about when first we
met --- and the judge agrees with the engineer!)
STRANGE, NO?
We recently received an inquiry from Continental Telephone
of the West, and their business letterhead has no phone number on
it!
Q & A
From Ted Genese, several questions.
Q. Kindly send the latest information on CNA.
A. Ted, in your area the CNA number is 518-471-8111. CNA is
a service of your friendly telco -- which has heretofore been
intended for the use of other telcos. (Now available in some
places for anyone to use -- details in a future letter.)
Here's how it works. Suppose you check your phone bill and
find a call to East Waubeek that you know you didn't make. You
call your telco business office and the telco person reads from
script 47, and assures you that he/she will check into it. That
person then calls the CNA (Customer Name and Address) number for
the exchange for East Waubeek, saying to the telco person who
answers something like: "This is Joe Gahockus in the Golden
Westchester Telephone Company and we have a #%$&@#$ subscriber
here who is trying to beat us out of some money by claiming he
never called this number so I need customer name and address for
YYY-XXX-ZZZZ." The telco person at the other end yawns, keys in
the number, and reads the CNA information off the screen.
That's how the phone company uses the system. Of course,
they try to hold the CNA numbers, and the very fact that the
service exists, close to the vest; but keeping a goodie like that
a secret is impossible. Changing the numbers and coding the
numbers add an unbelievable administrative burden and make the
system cumbersome, so the numbers tend to stay the same for some
time. (One caller from NYC told me that they change every few
months, but that 518 number has been valid for years.) So the
service exists, and is known to the wily investigator. Don't you
suppose that a private investigator who needs to know the name of
the person/business to whom a phone number is assigned might be
tempted to pretend to be a telco employee, and call CNA for
information?
Q. Canal Street is a long street. Is it possible to narrow
it down a little, such as the name or address?
A. (This question refers to a comment we made about
equipment available from merchants on Canal Street in NYC.)
Sorry, Ted. It's been about 40 years since we visited Canal
Street, and all we remember is that there are many sources of
almost anything electronic. Can anyone help? Tony, Harold,
John, ... anyone?
Q. Where is Thrifty Rent-a-Car?
A. The man who wrote to us is Bob Rish, Thrifty, 6461 Edsall
Rd., Alexandria, VA 22312. 703-354-5939. However, I'm sure that
they must have outlets in the NYC area.
Q. Any more information available on ANI?
A. More will be forthcoming in later issues of the COMSEC
LETTER, and in the CSA members-only letter.
NEWSLETTER
Paul Estev is the editor of a newsletter called 2600. (Bet
you can't guess where that name came from!) For a sample copy
contact him at 2600 Enterprises, Box 752, Middle Island, NY
11953-0752.
RF SCREEN ROOMS
Excellent reference: Shielded Enclosures. Electronic
Construction Service, 17256 Napa St., Northridge, CA 91325.
818-885-5188
FEEDBACK
Here's the text of a letter which we recently received, and
our open letter response:
From Al Smith, The Windsource Co., Wamsutter, Wyoming.
"Dear Sir: I'm interested in Communications Security
Association, but I'm wondering what is in store there. I've
enjoyed reading COMSEC LETTER but its information has been mostly
'old hat' to this reader. A higher level of information is
needed to warrant $25 or $50, specifically in the areas of radio,
telephone, and digital techniques. Topics I'd like to read about
include spread spectrum/frequency hopping, digital encoding,
decoding, digital television bugging, microwave bugging, Shamrock
and Baby Bells, Soviet comsec, TEXTA highlights, digital code
decryption theory.
Would you please advise whether this sort of writing is in
the command of the staff you've assembled. If so, you'll have the
proscribed [sic] cash!
Another concern of mine is whether advertising will be
available, and its cost. Would really appreciate a sample of the
first CSA newsletter if that's possible."
Open letter from Jim Ross to Al Smith, The Windsource:
"Dear Al:
Your letter is certainly interesting, but I'm sure that I
alone cannot give you an adequate answer, so, with this comment,
I'm asking others in my readership to help out.
As for what's ahead for CSA -- I don't know. I am merely an
unpaid, volunteer editor trying to act as a catalyst to get a
meaningful membership organization started. As I told a recent
caller, I cannot dictate what the organization should do. I'll
make some suggestions, but it is a membership organization, and
it is going to do what the membership decides. If you join,
you'll have a say in what takes place. With your wide variety of
interests and advanced education, I'm sure you could contribute
many articles to the CSA organ.
Now, with regard to your specific questions, the technical
staff is severely limited in its education and experience and
cannot address all of the items you list. In fact, the staff (me)
hasn't even heard of some of the things you mention -- for
instance, to us Shamrock is an oil company, and TEXTA rings no
bells at all. Further, we have no knowledge of Soviet comsec,
and, if we did, we certainly would not expound on it in a general
circulation letter.
We will be discoursing on frequency hopping and other spread
spectrum types, and encryption/decryption will be a favorite
topic. You confuse us somewhat with the way that you use the
words relating to codes and ciphers. It is our understanding
that the words mean entirely different things, and we will be
explaining our understanding of the differences for those in our
readership who might be interested.
For decryption theory, we recommend Cryptologia; that topic
is far too specialized for our audience.
From this vantage point, advertising in the CSA organ would
seem to be a good idea. More revenue could mean a decrease in
dues; or, more likely, an increase in services.
So there you have it, Al. I hope you will decide to join the
new organization and help it get started.
As for your request for a free sample of the new
publication, please try to understand that I've been creating and
mailing a newsletter each month for a year without charge, while
trying to keep a business going, run seminars all over the
country, testify as an expert in federal and state courts, design
TSCM equipment, start a manufacturing business, start a new
association, and keep up with the work associated with a house in
the country with two acres to maintain, etc. My answer to you
must be the same as the madam gave the pentagon colonel who
thought "fly before buy" was an accepted way of doing business.
I'm sure you know what she told him, and I hope you're not
offended by my refusal of your request to sample the merchandise
before you make a $50 decision.
Sincerely,
Jim Ross"
December, 1984
OUR THANKS
Because this is the last COMSEC LETTER that will go to the
full mailing list, we think this is the best place to give credit
to our proofreader, and our stuffer and mailer -- there wouldn't
have been a COMSEC LETTER without you. From Jim Ross (the elder)
to Lynne Ross and Marilyn Roseberry: Thanks.
SEASON'S GREETINGS
No time for cards this year, so we send our greetings via
this letter. To all of our nice readers (and the mean ones too):
a late but sincere, "Merry Christmas and Happy New Year!"
.... LAST ISSUE .... UNLESS ....
This is your last issue of COMSEC LETTER unless you have
joined CSA, or we receive your subscription order. Membership
packets for CSA will go out during January, but if you're already
convinced, send $50 (to CSA c/o Ross Engineering) for your
individual dues for 1985. (Dues for corporations and other
special categories have not yet been set.)
RATES
We recognize that this letter has been going to many, many
people who probably have only a passing interest in the subject
matter, and we hope that it has been of value. However, there is
an old engineering design (and business!) principle which says:
"There ain't no such thing as a free lunch." ... We must derive
some revenue from the time spent in this effort, and therefore,
in the future it will only be available by subscription.
This letter is aimed at an audience which consists primarily
of security practitioners and investigators who are involved in
protection of information -- data, telephone, teletype, whatever.
We believe that the people we are thinking about could realize a
return of hundreds or thousands of times the annual subscription
cost of $25 if one idea, one product, one technique or one caveat
rings a bell and proves useful. It has happened before.
MORE ON KANSAS SUPREME COURT DECISION
Open letter to the Kansas Supreme Court Jurists:
"Apparently you assumed that because some of the sellers of
cordless telephones have privacy warnings in their user's
manuals, all users of all cordless telephones have no expectation
of privacy (18 USC 2510) because they have been warned.
"We just read all the way through a user's manual from
General Electric and it doesn't mention anything about privacy.
"Further, we wonder about your understanding of the real, as
opposed to theoretical, world. Would that you had at some time
in your experience tried your hands at teaching! Your assumption
that what is printed is read, and that what is read is
understood, and that what is understood is retained, and that
what is retained is used in making conscious decisions relating
to everyday occurrences, is patently absurd. Even in the
classroom, where both professor and student are desirous of
transferring as much information as possible, experience teaches
that what you have assumed just is not real.
"How can you, in good conscience, hold a person responsible
for understanding, and abiding by, the contents of an instruction
book which he may never have seen, when you yourselves, with
research staff and practically unlimited time to make a decision
in the quiet of chambers with no distractions, didn't even bother
to determine the meaning of the simple, but key, word, "oral"?!
"For a practical lesson in whether cordless phone users
think that they have an expectation of privacy, we urge you to
get a scanner and tune to cordless telephone frequencies. -- Sad
but true: people think that telephone communications are secure.
The stuff they say will convince you that they think that their
conversation is private. The fact that their expectation of
privacy is due to abject ignorance does not alter the fact that
they are conducting themselves as though they were having a
private conversation.
"When you walk down the street, do you think your
conversation is private? When you lean over the table in a
restaurant to impart a juicy tidbit, do you think your
conversation is private? Most people talking on the telephone
think that their conversation is private. They have an
expectation of privacy. That expectation may be erroneous, but
they have it nevertheless."
FEEDBACK
Steve U. (he doesn't want us to reveal his name) writes:
"Your newsletter is marginally interesting; occasionally useful.
Do you intend the thing to be a gossip column for the
intelligence clique in the know? I usually have the feeling that
I am missing a phantom page each month as some th
ings are non
sequitur."
Very Interesting. Let's consider some different thoughts
triggered by Steve's comments.
First, why does he say, "Do NOT ever (NEVER!) release my
name outside your firm for any reason without my express
permission."?
Second, thanks for saying that we are sometimes useful. We
try.
Third. Do you think that our stories about IH, Motorola,
Hertz, etc. are gossip? If so, we urge you to look back in early
letters where the editor revealed his biases relating to how
stupid use of the language imperils good communications, and also
his dislike of the fraud and near-fraud committed through lies in
some claims.
Fourth. Implying that we are some part of an intelligence
community clique is really wild. Your editor has done some work
for some of these organizations, but he has never been a part of
the intelligence community, and never been a part of any clique.
However, we know what it feels like to be on the outside of
a closed club. The Washington DC ASIS Chapter has refused to
carry any of our seminar announcements, or even to let their
members know that they could have had a no-charge trial
subscription to this letter in 1984. We first joined in 1978 so
it's not that we're new. We're in our second year of advertising
in their newsletter, so we're not unknown to them. They do carry
releases for other folks, so it's not a blanket policy to keep
the membership in the dark. (They even ran one that was phoned
in announcing demonstrations of a manufacturer's product!) Tell
us about cliques -- but don't accuse us of being a part of one!
Now, as to phantom pages and non sequiturs, we are really at
a loss to figure out what you mean. Our most dangerous
assumption might be that we see the letter as a continuum, and
assume that previous issues have been read. Other than that, we
assume little knowledge of electronic communications theory, but
we do assume some reasonable level of intelligence and
experience. Also, there are times when we address a comment to
an individual -- there is nothing sinister in that; it's merely
an old professor's ploy to try to keep everyone awake and
listening. However, as for any non sequitur: you find it, and
we'll eat it.
A GOOD QUESTION FROM A MYSTERY MAN
His business doesn't have a phone and he doesn't have a
phone, but he sent us a good question. He asked us to explain the
difference between COMSEC LETTER and the CSA.
OK Al (or whoever you are), here goes.
The COMSEC LETTER is a newsletter regarding information, its
storage and its transmission; and the protection thereof. It
relates to all types of information and communication -- voice,
data, teletype, facsimile, television, radio, microwave, or
whatever. Even data in storage is of interest.
The Communications Security Association is a non-profit
membership association incorporated in the District of Columbia
for which COMSEC LETTER is a benefit of membership.
COMING IN 1985:
STRESS DETECTION
At least one person misunderstood one of our points in our
segment on lie detection, so we'll try again in a future issue.
Q & A
To all who have written and called with questions and
comments: your letters are appreciated and you will be answered.
YOGO
We got some great answers in our YOGO contest. Details in
'85.
CN/A
For John Nakic and others who have inquired: We are
preparing a short report on the CN/A system. It will explain the
system, and include the latest numbers that we have. Price will
be nominal.
CONTENT
Starting in January, 1985 the COMSEC LETTER will become an
organ of the Communications Security Association. It will no
longer be a no-charge publication, prepared and distributed by
Jim Ross at his expense. Therefore, in addition to watching the
calendar, your editor will have to be careful to be totally
even-handed in announcing things like training sessions,
products, etc.
