-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- RULES FOR INSURING PRIVACY IN AN ORGANIZATION. CONSTANT AWARENESS OF THREATS. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Written by: -Q- -=-=-=-=-=-=-=-=-The following is a brief abstract on the topic of privacy and the awarenessof threats and vulnerabilities. I shall in this text discuss some of thecommon rules that security experts and countermeasures technicians live by.I have found that the best set of rules published to date is byGlen H. Whidden which he draws upon from his 28 year career with the CIA.Mr. Whidden, noted as one of the countries most knowledgeable surveillancecountermeasures experts details these rules in the books which his companyTechnical Services Agency (TSA) publishes.I shall simply reprint these rules from his book "A GUIDEBOOK FOR THEBEGINNING SWEEPER". Mr. Whidden has lovingly given his rules a name,and that is: "THE MOSCOW RULES". I dont know what it specificallymeans.. Nothing really, just a clever slogan.. but anyway the rules areas follows.MOSCOW RULES FOR COUNTER ESPIONAGE INVESTIGATIONS=================================================(1) Assume that all LN's are hostile.(2) Assume that an approach by a non-LN is hostile until proven otherwise.(3) Assume that there is always hostile physical surveillance unless counter-surveillance proves otherwise.(4) Assume that all telephone conversations are monitored by LN's.(5) Assume that all enclosed areas are bugged unless they are 'secure' rooms.(6) Assume that incoming and outgoing mail will be subject to hostile examination.(7) Assume that anything that is left unattended will be subject to examination by LN's.(8) Assume that locks left unguarded or unprotected will be manipulated or bypased and the material they protect will be compromised.(9) Assume that simple traps will not deceive LN's.10) Assume that any guard can be recruited by LN's or is himself an LN agent.11) Assume that a pair of guards can be recruited by LN's or are themselves agents of LN's.MOSCOW RULES FOR COUNTERMEASURES INSPECTIONS=================================================(1) Assume that the eavesdropper is listening in the sensitve areas.(2) Assume that an eavesdropper has an agent near the sensitive area.(3) Assume that the eavesdropper is watching the entrances of the facility.(4) Assume that the eavesdropper can maintain a low vulnerability status when he is not listening.(5) Assume that the eavesdropper is guarding the NLJD band of frequencies.(6) Assume that the eavesdropper is watching for sweep receiver radiation.TRANSLATION INTO ENGLISH============================Mr Whidden, then goes onto explain what each one of the above rulesmeans in detail, but it is rather long-winded and I wont reprint itin this text. Most of the rules are very simpe to understand, buta few points warrant explanation which I'll put into my own words soI can explain it in more simplistic terms.First, Mr. Whidden uses the term "LN" (which stands for Local National)which means a person who is indigenous to a specific area. This term hasa greater meaning in the field of world intelligence as it means a citizenof a foreign country who may be an agent or informer of that country or itmay be a citizen of another country that you recruit as an "agent" or"asset" to work for you. However, in the context of the Moscow Rules itis simply a term of convenience which is not nearly so grande. In suchcontext of the rules it merely refers to a person who may work for anorganization or a corporation who is either acting on their own accord orunder the direction of others and the purpose of that individual is toinfiltrate and or compromise the corporation or organization usually in acovert manner (such as to steal business secrets in industrial espionage),but can be done in an overt manner also if the intent is to destroy or causeharm or embarress the organization.MOSCOW RULES FOR COUNTER ESPIONAGE INVESTIGATIONS:(1) Rule 1 which states that you should assume that all LN's are hostile roughly translates to the philosophy of "trust nobody!" This is extended to include the very person who hired you! As unlikely as it may seem, if you look at the rules it is a very logical conclusion, especially in a corporate situation. It is very common for the "security department" to be the one to request that a TSCM countermeasures sweep be performed, this can be done to please the bosses and make the executives feel that since the sweep was done all the confidential conversations are secure. In a real world situation it is likely that one or more individuals in the 'security department' itself may be the actual perpetrator and they thusly will be well aware of the search for eavesdropping devices and they will have the ability to easily deactivate or remove the clandestine devices before the search, wheras they can be replaced promptly after the search was performed. This tactic of infiltration not only gives the eavesdroppers the advatage of knowing when a sweep is to be performed but also provides a form of 'cover' since the security employee (really an LN "agent") will seem all the more legitimate since he is the one that ordered the sweep. One can reference Moscow Rules 10 & 11 to realize that "guards" and "security" should not usually be given 100 percent trust. The "SWEEPER" MUST obey what the security staff says, even if the sweeper suspects the guards or security staff as being the actual perpetrators, and once actual proof is established to concurr that fact, the sweeper should convey that possibility to some other person within the company who the sweeper feels is trustworthy.(4) Rule 4 is an especially important one. Although it needs no elaboration, I cannot stress how important it is NEVER EVER to discuss anything sensitive over a telephone (that is even more so true if you have a cordles or cellular phone). Also, it should also be noted in my personal opinion, that not even encrypted phones/faxes should be beyond suspicion. Their exists many ways to defeat such encryption. The easiest is simply to compromise the keys which is not a difficult task if your target is unaware. A simple blag-bag job is all that is needed to either liberate the codes from the encryption unit itself or from a locked safe or drawer which can then be copied to floppy and the original code returned to its position undisturbed. Modern encryption units such as the STU phones do help to some small extent to guard against such attacks by the uses of "ignition or code keys" which can be physically taken from the unit to help secure the units key integrity, but their are ways around that. Then of course, it is never beyond reason to doubt that the encryption itself can be cracked if it is deemed a priority. This is a mere simple task which can be done in a half a second if your using weak encryption on your phone such as simple "inversion" chips or other simple encryption units which are widly sold in catalogs. It is also not out of reason to realize that even DES is not safe anymore, although its a hell of alot safer than "inversion chips" which can be cracked with a $50 kit available in the classifieds of most electronic magazines.(5) Rule 5 states that all conversations should be considered vulnerable unless conducted in a "secure" room. Personally, I hold to the philosophy that THEIR IS NO SUCH THING as a "secure" room, but then one must realize that this is reality and you cannot be completely paranoid. A "secure" room is a complicated term to define as their are many degrees of what is considered "secure". The ultimate "secure" room would be completely RF (Radio Frequency) proof and would thusly attenuate completely all RF transmissions from "bugs", but the security must be extended to insure that no wires/fiber enter the room or leave the room as they can carry clandestine signals hidden on that wire (or at the very least all wires must be monitored for hidden signals). The room must have no loudspeakers which can act as microphones, the room preferable would have no windows and if it did would attenute any Infrared light so as to protect against RF/IR transmitters. And lastly the room would be acoustically secure which means their would be virtually no acoustic leakage (in otherwords no sound could be heard on the other side of the wall using any types of devices such as microphones and high powered amplifiers.) Also, to be acoustically secure, the room should have sufficient random masking signals present and continuously fed into the secure room. Their should be several of such masking generators in use at different points in the room and in addition all plenums and air vents should be masked as well. In addition, the walls as well as any windows should be masked using a transducer element which vibrates all windows and walls in a random fashion to further defeat any clandestine listening devices such as contact microphones, spike or tube microphones which are drilled into the wall from the opposite non-guarded side, as well as techniques of 'laser/microwave pick-off'.(8) Rule 8 also warrants elaboration. All mechanical locking mechanisms are easily bypassed by persons with experience in such fields - which very often includes an eavesdropper himself - or on occasion, an eavesdropper may have a "keyman" which is a person who is an entry specialist (called "quick-entry" in the locksmithing field). To properly secure a facility electronic locking mechanisms should be used which are much harder (yet not impossible to defeat). Preferably a secure installation should go beyond simple electronic locking mechanisms (such as key card system connected to an electric strike). A complete access system must be incorporated with full provisions for software logging of all entries and exits, as well as "anti-passback" protection to further enhance accountability and security and tracking. All safes should be of the electronic type, NOT the mechanical combination type of yesteryear. It is not a difficult task to bypass combination safes nowadays. The top expert safecrackers can ply their trade in an hour to two hours time, and a device now exists on the market which cracks safes automatically using a computer controlled mechanism and does so in approximately 1 hour. Electronic safes are virtually 100 percent secure and are the current standard on all government facilities where classified information is stored. The electronic safe itself should preferably have accountability and logging features built-in with seperate access codes for multiple users of that safe.MOSCOW RULES FOR COUNTERMEASURES INSPECTIONS:(3) Rule 3 is a most important one and is something both the countermeasures technician as well as his client should keep in mind and previously discuss during the initial client contact. Although it does not suit every situation, but in many cases it would be wise not to be recognized as a countermeasures technician for obvious reasons. One does not want to spook the eavesroppers into either shutting their devices off, pulling them out temporarily or at worst "skipping town" never to be heard from, and unlikely to be caught. How does a countermeasures technician arrive at his clients office in a discreet manner? When it is deemed necessary, a simple "disguise" is in order. The TSCM Tech should blend in to look like all other employees, he should look and act like all employees, and in fact NO EMPLOYEES except a select few should even know the TSCM techs are who they are. The TSCM tech should arrive in a vehichle preferable a "work" vehicle which can be disguised as either a maintenance or utility company vehicle. All equipment should be carried in, under concealment. This means that some type of discreet yet common bag should be used to carry the equipment in. It is obviously suspicious for a person to carry in 5 briefcases (some of them being oversized cases indicating to the eavesdropper that its no "ordinary" briefcase) into a building. One tactic I have personally used myself when doing the occasional sweep for a client, is to arrive in a borrowed van which bears the name of some maintenance company. My typical motife is to arrive as a "painter" and when I enter the office if its a large office I announce myself as such to the secretary. This of course must be made clear in advance to the client so that the secretary knows that the "painter" (or "plumber" or "carpentry contractor" will arrive), again it should be stressed that not even secretaries should be made aware of the TSCM Techs identity or purpose of visit. All equipment I carry in discreetly in a painters spackle bag which is just large enough for most of my sweep gear. And for my spectrum analyzer which is too large for the spackle bag, I just haul that into the office discreetly wrapped up in a large painters cloth tarp. Usually I strip the plates off of the van and I remove the inspection and registration sticker so as to avoid being "checked-out" by an LN agent who may find your van "suspicous". This in actuallity IS NOT THE IDEAL METHOD. I merely do that for convenience purposes. (because I am not rich I cant afford multiple vans and vehicles registered to multiple legitimate "ghost" companies which all must pay taxes and be registered with the state you do business in.) In fact its better to arrive in a van which has license plates and registration which is legitimate as well as the company logo painted on the side of the truck belonging to an established legal business. This provides a better degree of cover. Although it is very very rare, it should likewise not be considered out of the question that an LN might ckeck out the validity of your company (a simple check of the yellow pages should turn up your company name.. and if not.... suspicion..) It doesnt take a genius likewise to figure out that if you see a white van marked "Acme Painting Company" parked in front of your target building which you are eavesdropping upon, you should become suspicious.(4) Assume that the eavesdropper can maintain a low vulnerability status when he is not listening.What rule number 4 deals with, is the eavesdroppers ability to makehimself "invisible" to the TSCM Technician, Security Staff and hisintended "targets" by various methods too detailed to describe here.This mainly includes 2 tactics..  shutting the taps or bugs off remotely (and)  having an LN agent remove the taps/bugs after they are no longer needed and then promptly replacing them when they are needed again. It merely takes seconds for an agent who has access to the facilities to install such devices in the compromoised area.(5) Assume that the eavesdropper is guarding the NLJD band of frequencies.This one is a bit esoteric to the laymen, but the term NLJD refers toa device which is used by countermeasures technician to locateclandestine listening devices which may be buried under concealmentinside of a wall, desk, drawer, behind books, buried covertly insidea piece of wood or other structural material which could not be inspectedby any other means.The NLJD works much like a metal detector, only the principle involved isALOT more sophisticated. The device doesnt merely search for metal.Rather, it searches for semiconductor junctions such as transistors anddiodes which would be present in all "bugs" (transmitters) as well asin most microphones, etc.. The NLJD is mainly usefull for finding aclandestine device which is NOT ACTIVATED! This has to do with one ofthe rules above (Rule #4). The eavesdropper may have the ability toturn the device off remotely or even manually and as such would notbe detected with normal RF "sweeping" gear which looks for an RF/IR signal.(since if the device is OFF, it thusly generates no RF/IR signal).The NLJD works by transmittng a microwave frequency signal (between800 - 950MHz [depending on the version, and the laws of the countrywhich the unit is sold in]. The signal power of these units isrelatively low 20mW - 300mW for non-government ("consumer"/industry)versions [legal U.S.A versions a.k.a FCC approved] and 300mW to approx3 Watts for law enforcement and government units. The greater output powerof the government models allows a higher degree of penetration into deeplyembedded or dense materials. The typical radiated ouput for a U.S.A. versionNLJD is 915MHz and for European versions is often 888.5MHz.Since the unit emits a microwave it thusly radiates through the airwavesand the eavesdropper can thusly detect it using his scanner. A clevereavesdropper will continuously scan the band of frequencies, or a specificfrequency if the eavesdropper is relatively sure of the frequency on whichthe targets NLJD uses. Once the eavesdropper detects the signal, he can thenremotely deactivate his clandestine devices.It should be noted of course, that a clever eavesdropper has at theirdisposal, a number of uniquely different methods in which to "fool" anNLJD unit into not detecting the listening device completely, or methods tofool the user of the NLJD into believing that the reflected signal is afalse alarm.. One example is to modify the casing of the listening device,and RF filter all the leads when done in such a manner that they clandestinedevice will reflection a large portion of 3rd harmonics while keepingsecondary harmonics to a minimum thus indicating to the NLJD user perhapsthat the unit is picking up disimilar metals (sheetrock screws, nails, rebar,etc..) rather than semiconductors.I shall not detail these particular processes as its irrelevant and unwisebut if anyone actually cares to know the methods are I can discuss that withyou in more detail if you ask.(6) Assume that the eavesdropper is watching for sweep receiver radiation.This is a bit more esoteric and its something which I dont feel isany great threat. But their might be some government experts in thefield who are a bit more sophisticated who would say otherwise. Butin a real life situation I dont see it happening unless theeavesdropper is himself a former government employee.ALL electronic equipment generates EMI (Electromagnetic Interference)which is essentially spurious radiation emmited unintentionally. As suchthese radio wave emmisions are also generated from any type of "sweep"equipment which the countermeasures technician may use.A sophisticated eavesdropper can detect these spurious emmisions andtake it as a sign that sweep equipment is being used and the sweep isnow in progress. The eavesdropper then shuts his clandestine devicesoff remotely.In reality the ability to do this is actually quite simple. Its justthat I find it unrealistic and I dont think many buggist in this countrygo to all that trouble. Not unless its a super sophisticated operation,or unless the eavesdropper is being payed well to take such precautions.But then super sophisticated operations are not the norm. Not even close.Usually the bugging is done by amateurs using crude bugging equipmentwhich is easily detected, and is not even concealed well on top of it.Most bugging devices are usually not even remotely activated and likewisetheir usually not protected against NLJD sweeps either, unless the personwho is doing the eavesdropping is a pro which is rarely the case.MOSCOW RULES FOR TELEPHONE SYSTEM INSPECTIONS=============================================(1) Assume that the eavesdropper is listening to room sounds through the telephone instrument until tests prove otherwise.(2) Assume that the eavesdropper is listening across the line when the line is active.(3) Assume that the eavesdropper may be monitoring the line when it is inactive.(4) Assume that the eavesdropper is monitoring the line to detect TDR and RF tracing signals.MOSCOW RULES FOR TELEPHONE SYSTEM INSPECTIONS:(1) The eavesdropper has a variety of techniques at his disposal which enable him to listen to 'room sounds' ("room audio" [note 1]) from a remote location. I will not discuss that in detail, because all the techniques involved in telephone and wireline attacks could fill an entire book in itself. Generally however, their are two main techniques that could be employed. [Their are actually another 3 or 4 techniques but I shant get into discussing those for the sake of brevity.] [a] 'Hot-miked telephone' otherwise called a 'Hot-On-Hook telephone' is one method, which involves modifying an actual telephone which is in a targets location (in reality, the targets phone itself is not modified, but an identical replacement is brought in and switched with the original [this technique of switching phones of course warrants caution as the target could possibly notice the difference between the two by noting scuff marks, etc.. that were on the original phone]. The modification consists of a circuit that will allow the eavesdropper to listen to room sounds while the phone is still "on-hook". The modification "drops-out" once the phone is picked up for use and is brought "off-hook" (in which case, the eavesdropper would then have a seperate circuit which could monitor the phone conversation. [b] The second most common method is called an "infinity transmitter", which in the 'olden days' circa 1960/70 was called a "harmonica bug". This is a slight variation of the hot-miked telephone. It is similar in that it allows a person to listen to room audio from a remote location, however the system employed need not be part of the actual telephone. The device could be hidden anywhere along the phone line in close proximity to the target where a seperate microphone can listen to room audio which is then sent through the phone lines while the phone is 'on-hook'. When the phone is lifted 'off-hook', the device drops-out. The device is activated remotely by the eavesdropper by simply calling the targets phone line and then activating the device. Room sounds could also be monitored by simply placing a microphone across any line pair, preferably a line pair which is not currently activated for phone useage (ie: the second yellow-black pair.) This would allow constant monitoring of the room audio even when the target uses the phone (which would be on line pair 1 (red-green) and thusly would not conflict. The microphone could either generate its own signal 9which has the disadvantage of being easier to detect because the microphone transmits constantly , or could use a microphone element which requires an external voltage such as in a carbon mic. In the case of carbon microphones, the eavesdropper need only apply a small voltage to the line and the microphone will activate sending intercepted audio down the line. The device has the advantage that it is slightly harder to detect (especially inadvertently) because the unit only operates when the eavesdropper has the device activated. Countermeasures technicians can find the device (in its simplest form) easy enough by just applying voltage to the line. But more sophisticated set-ups would utilize a 4-layer diode, SCR, or a reverse polarity configuration or some other method to hinder and thwart detection.(2) Rule 2 is fairly obvious and needs little explanation. Always assume that a phone line can be, or currently is being monitored. It is very important for the laymen to make the distinction between the two facts in the above statement which are: [a] the phone/line "could" be tapped. [b] the phone/line "is being" tapped. It does not make one paranoid to come to the conclusion and realization that a phone "could" be tapped. It merely makes one alert and an informed individual. That does not mean that one should insist that a line "is" tapped, but it should simply be considered a possibilty which one must take into consideration and act accordingly on. Thusly, if one conducts confidential business in which it would be of important consequence to keep the conversation from prying ears of the eavesdropper, one should always employ end-to-end encryption through the use of telephone/fascimile "scramblers". [note 2] One must make the decision for themselves regarding what is to be kept secret and what can be disclosed, and you must come to some sort of plan of action regarding what the different levels of confidentiality are. Some secrets are worth keeping more than others. In fact one might even say some secrets are so great that you should not disclose them to anyone ever. That would be the ultimate form of security.. As an example, if you had just murdered someone, obviously any sane individual should not announce that over the phone lines, no matter how secure you feel that phone line is. Because their is no degree of security which is worth 25 years in prison or death. Even encryption (phone scramblers) should not be considered secure in such cases as they can be compromised rather easily by simply bypassing the encryption altogether through modification by the eavesdropper, or by simply liberating the code keys from the unit (which is a simple task with some encryption units while alot more difficult in the better units.)Whenever a line pair is to be examined or traced (for maintenancepurposes such as working on a phone or computer network in an officeor home, or when a countermeasures search is being done, it is preferablethat "audio" signals of a strange nature (line tracing signals) shouldNOT be placed across the line as they would be suspicious to an eavesdropperin which case the eavesdropper might deactivate remotely any deviceswhich he may have installed which could put the devices in a low-profilestatus making them more difficult to detect.So how then does one trace a line without using an "audible line tracer"as is the standard method among technicians? The alternative is touse either an RF (Radio Frequency) tracer system which is relativelyinexpensive (and also has many advatages over audible tracers such asthe ability to track wires through walls without having to open up the wallor structure for physical examination) or one could utilize an "ultrasonic"tracer device which sends an inaudible signal down the line. Theseaultrasonic tracers are an indespensible tool which come in two forms.The first is simply a aultrasonic tone tracer and merely produces asingle tone for identifying line pairs. The second type of ultrasonicdevice actually modulates a voice signals onto a wire pair so that itis inaudible and above both the range of human hearing and likewisecannot be picked up by either microphones of any type and cannot bedemodulated by any type of standard amplifier unit which is not designedto amplify sounds above the standard human hearing/speaking range.Only a specialized matching ultrasonic demodulation amplifier canintercept and convert the signals back into the human hearing range.Keep in mind with the above however, that rule #3 below shall apply.Rule #3 states that the eavesdropper "may" be able to hear your linetracing with the phone on-hook. So one has to balance thisconsideration out. Nine times out of Ten you would be better off sendingthese signals down the line because most eavesdroppers DO NOT monitora phone which is on-hook, nor do they look for signals on inactive lines(not unless they are professionals, or are simply getting payed alotof money to do that extra work which is often unnecessary).But if your up against a sophisticated eavesdropper and you know ofhis capabilities it would probably be wise in such case NOT to send anystrange signals down a wire pair other than ordinary phone conversations.(3) Most of the time, telephone surveillance, whether it be the interception of phone conversations where the phone is off-hook, or even monitoring of room conversations when the line is on-hook involves the use of some sort of "activation" device which records the conversations when and only when those conversations are present. When the conversation ceases the device will shut itself off (usually) so as to conserve tape (and in addition make it easier for the eavesdropper to find the conversations in the recorded tapes. When dealing with recording telephone calls, a device is used which monitors the voltage on the line for off-hook/on-hook conditions and then activates a special tape recorder (with a remote activation jack) when the phone goes off-hook. [although a more clever eavesdropper would not use such a device but would rather use a VOX (voice [sound level] activated unit as opposed a voltage sensing unit which can actually be "tricked" as well as "detected" alot more easily which should be coupled to an inductive pick-up coil (or at the least a high-impedance capacitively coupled interface). VOX units too also have their problems, namely they can have havoc wreaked upon them by the use of masking devices or "telephone security units" which are now widely sold on the market for a couple hundred dollars. These telephone security units have the ability to defeat most simple eavesdropping methods utilizing techniques such as masking as well as "Line Balancing". The latter technique of balancing performed by raising the voltage, while the current is simultaneously lowered. Such a technique does not interfere with the PSTN Central Office and will give the user a dial-tone when the line is raised off-hook(600 Ohms) and will thusly defeats most voltage activated devices such as simple telephone tap transmistters as well as drop-out relays (telephone recorder controllers). The foolish individual could conclude that if most eavesdroppers used a voltage activated device that only recorded audio when the phone was "off-hook", then the line should be secured in an "on-hook" condition. Example, a person could then transmit his voice within the household or office while the phone was still "on-hook" using a relatively simple circuit to do that and "supposedly" that would alow for safe conversation, and it would be safe "if" a voltage activated telephone recording adapter was used. However, many eavesdroppers (sophisticated ones) may be a bit more clever than that. The clever eavesdropper may monitor a line pair even when it is inactive (such as when a phone is "on-hook".) This would allow the eavesdropper to hear "AUDIO" [note 1] even when the phone is off-hook. Note I use the word AUDIO very carefully. Because in such an instance, the eavsdropper may NOT just be listening to secret conversations which occur "on-hook" but he may be listening to other audio which could be a potential threat to the eavesdropper such a the sounds of audible line tracing, ultrasonic line tracing or ultrasonic voice modulation, as well as RF tracing, and lastly the eavesdropper could be looking for the signals emmenating from a TDR (see rule #4 explanation).(4) The last rule is a rather esoterical one which is of more concern to the countermeasures technician who is performing the search as opposed to concern of your ordinary individual or businessman concerned with the rules to insuring privacy. Rule #4 is just a follow up to rule #3 which states that an eavesdropper could possibly be monitoring the inactive line pair. In rule #4 we get specific in saying that an eavesdropper may be looking for RF signals or TDR signals which may be an indication of a countermeasures "sweep" which is being conducted. This should concern the eavesdropper for obvious reasons, which are that he could possibly be discovered very soon if the technician is a competant one, or if the eavesdroppers set-up is crude or poorly installed in which case it could possibly be detected. I have already explained ultrasonic and RF tracing above in rule 3, so I'll just deal with TDR's. A TDR is common abbreviation for a device known as a Time Domain Reflectometer. You pronounce the units name by simply saying the letters.. "T" - "D" - "R". The TDR is a common tool of anyone who works exensively with wires (or fiber optic cabling) of any type. The type of TDR we are discussing is only for the "wire" and not "fiber optic" type. TDR's are used by cable company technicians, computer network technicians, telephone lineman or repair personell, as well as surveillance countermeasures technicians. A TDR is a device (usually a hand-held size device although slightly larger and more powerfull bench-top units are available) which emits a mild powered signal into a wire pair. This signal gets sent down a wire pair, or through a coaxial cable and gets partially reflected off of any discontinuity on the line pair. Herein, I'll refer to any discontinuous reflections as an "anomaly" on the wire. I use the word as opposed to discontinuity (because its easier to type) and because much like an anomoly it is indicative of the unknown. And thats what your looking for when doing a TSCM TDR sweep of a wire pair. Your looking for unknown or strange situations. It is these anomalies which the technician is looking for which are a possible source of the problem (or could even indicate that everything is normal if their is supposed to be an anomoly at some point). The word "anomaly" is a generic term which refers to anything on the line which will interfere with the signal going through the line. To put it another way, it is something which causes part of the signal to literally reflect backwards from the point of origin instead of traveling freely and smoothly through the wire. This "reflection" of the signal is what the TDR is looking to receive after it emits the original pulse. The reflection which could be of varying degrees of intensity depending on how large the anomaly is. The larger the anomaly, the larger the reflection, and occasionaly that means the bigger the problem. Ideally the signal is supposed to travel through the wire impeded as little as possible. Anomalies are caused by a wide variety of things too great to discuss here. They can be caused by imperfections in the wire itself, they can be caused by splices in the line, they can be caused by "connectors" on a wireline which join 2 wires together or a wire to a piece of equipment. Anomalies can be caused by "termination plugs" which are a dummy loads placed at the end of a unused wirepair. Anomalies can also be caused by physical hardware on the line such as splitters, filters, junction boxes, 66/110blocks, entrance bridges, and the list can go on and on. The countermeasures technician is primarily interested in looking for things such as splices on the line which could be indicative of a telephone tap. Keep in mind, that the word "splice" does not necessarily preclude that a line was physically "spliced" (ie: cut and then re-connected.) It also can imply a simple "tap" on the line where one wire (alligator clip, etc..) is touching upon the original wireline. TDR's have a typical range of 1,000 - 10,000 feet. A typical handheld TDR used by computer network installers will have ranges of 1,000 - 2<html xmlns="http://www.w3.org/1999/xhtml"><body xmlns="http://www.w3.org/1999/xhtml"><pre xmlns="http://www.w3.org/1999/xhtml">k feet. Countermeasures technicians often utilize slightly more powerfull models extending 2,000 - 5,000 feet so they can have the ability to trace large amounts of wires present in office buildings. And benchmodel units which are usually the most powerfull (although some handheld units are capable of such) can extend upwards of 10,000 or more feet. These units can pinpoint "flaws" or "anomalies" on a wireline to a resolution of millimeters which makes them damned accurate devices which can tell you exactly where the flaw is down the line. (typically however in high powered devices the resolution is limited to feet or meters). The TDR is most effective when it is used on a routine basis and a day-to-day (or more likely week-to-week or moth-to-month) comparison can be made between the different or same results. Ideally, the results of the TDR should always be the same. Should a result be significantly different on one occasion, or something appears to have been spliced/tapped onto the line it will be readily apparent. Of course for the TDR test to be most effective, it should be realized that the initial tests of the TDR must be done when the line was "clean". If the line was tapped in the first place the first time you tested it, then all subsequent comparisons thereafter are of little use because you cant compare a "clean" like with a "tapped" line. However, that factor doesnt render a TDR test completely useless. One does not necessarily rely solely on the technique of comparison from one time to another. Other methods exist for using the TDR which are a combination of tracing the line physically with the TDR from the demarc point inwards to the telephone instruments and physically searching the line for taps/splices in conjunction with the use of voltmeters or telephone analyzers to search for imbalanced loops, or imbalanced lines to ground, crossed line pairs as well as suspicious line impedances. Likewise, the search should occur from the demarc point outwards towards the telephone company as far as one can go. The search should extend out the end of the customers property, but a countermeasures technician who does not mind breaking a few laws might feel free to extend the test point up to the neighborhood cross connect cabinets where the distribution cable meets the feeders. [note 1] In surveillance lingo, the word "AUDIO" is often used as opposed to the word "SOUND" or "CONVERSATION". The meanings are almost synonymous, but their is a slight difference. The word "audio" is used because it denotes any type of intelligence which could be collected and is not limited to intercepting spoken conversations (spoken words). [note 2] Even encryption (phone scramblers) should not be considered secure as they can be compromised rather easily by simply bypassing the encryption altogether through modification of the telephone instrument by the eavesdropper, or by simply liberating the code keys from the unit.-----------------------------WHAT THIS MEANS TO YOU AND ME-----------------------------One may ponder the question of "what the hell does this article haveto do at all with me?"How does this concern you if you dont run a company?How does this concern you if you are not doing anything illegal?How does this conern you if you believe your not a target being watched?I have no answer. Take from this article what you will. It is providedfor informational purposes. I have discussed not only quite a bit aboutsurveillance as well as countermeasures, but also the some of the termswhich is used by people who work in that field. These are terms which youmay run across one day if you work in the field of general security, andyou will thusly be able to speak a bit more authoritatively to yourcolleagues who may not know much about espionage.But if you have any respect for your own privacy, then you should heedsome of the advice discussed herein.You need not be a corporate executive to realize the need not only for yourprivacy but the need to recognize how many people by their own actscontribute to the privacy violations. They do this by using cordless phones,cellular phones, by using paging beepers and even by holding confidentialconversations on unsecured phone lines instead of in person.I write this specific article for those people on computer bulletin boardsystems, and this is aimed SPECIFICALLY at those who refer to themselves as"computer hackers" or "telephone phreaks".. If you do not recognize thevalue in this article then you are a great fool indeed.Remember folks.. Paranoia is our friend. You never know who is watchingor listening. Always assume the worst and thusly disclose the leastyou can; even to so-called friends. ----------------------------------Never discuss anything illegal over a telephone be it landline or cordless.Never keep any incriminating material at your home. Or at the very leastany such information if illegal, should not be 'feloniously' illegal.Never discuss any majorly illegal acts (in my book thats defined as anythingthats a felony) with anyone else, even friends. And if you do, then youshould be sufficiently vague and even intentionally misleading to yourfriends so as to give the eavesdroppers "misiformation".Never disclose to any friend the full capabilities of your power, yourknowledge, etc.. If necessary intentionally mislead those friends byoverstating or understating your capabilities or knowledge in order tofeed misinformation to an eavesdropper. This can be done to "spook" youreavesdropper and make them enact a move prematurely, or to make thembelieve what you want them to believe for whatever reason you see fit.In addition, feed just enough thruthfull information so as to 'whet theappetite' of the eavesdropper and not give away your conversation astotal obvious misinformation.
Archive for September, 2010
Tags: RULES FOR INSURING PRIVACY IN AN ORGANIZATION CONSTANT AWARENESS OF THREATS
Tags: Lock Pick
from http://www.itstactical.com very good info.
Today we’re going to show you how to create a Lock Pick Rake and Tension Wrench using two simple paperclips and a Multi-Tool.
As we’ve mentioned in previous Lock Picking articles, the Rake/Tension Wrench is the most versatile combo to carry for bypassing standard pin/tumbler and wafer locks.
In our last Lock Picking article on the SerePick Bogota Entry Toolset, a lot of people commented that they were unable to purchase Lock Picks, and couldn’t get involved in learning the skill-set.
After today, you’ll have no excuse not to make your own simple picks, buy a cheap padlock and work on your raking technique. In fact, while we demonstrate creating a rake, you could also make a feeler pick to start learning how to “feel” the individual pins and how they move/bind under tension.
The first thing you’ll need is a supply of larger paperclips. These that we’ll be using are not the standard small paperclips, but the larger versions. One will be needed for the Rake and one for the Tension Wrench. As you’ll see in the video below, it’s easy to snap these as you’re bending the rake.
This will happen if you bend one direction, and then try to re-bend it in the opposite direction. If you keep to a single bend direction though, these will last a long time and remain strong.
A Multi-Tool works the best to create the necessary bends and twists for the combo. You’ll be mimicking the bends of a “C” Rake, and the right angle of a tension wrench with the second paperclip.
Rather than try to explain the bends and twists, we’ve created a video that will help show you a hands on demonstration of the creation and successful bypass of a pin/tumbler lock. This DIY combo will take a bit longer to use than a standard Rake/Tension Wrench, but nevertheless just as effective.
We encourage everyone reading this article to get involved with lock picking as a skill set through various lock sport groups such as Toool and Lock Sport International. There’s a large community out there of people who understand the value of this skill-set and also like to have fun picking locks.
Here’s the Lock Sport code of ethics, which sums things up nicely:
“You may only pick locks you own or those you have been given explicit permission to pick.”
Lock sport is an honest, ethical, and legitimate hobby. Unfortunately, the whole world hasn’t figured that out yet (though we’re working on it!). Because the lay person has a tendency to perceive what we do as somehow nefarious, it is extra important that we commit to following a strict code of ethics. For this reason, the above credo is non-negotiable in the locksport community. Lockpicking should never, ever be used for illegal or even questionable purposes. Please do not misuse this information. We assume no responsibility for your actions, and in no way condone immoral activity. Help keep locksport fun for all by following strictly the one rule.
The rules are associated with Moscow because the city developed a reputation as being a particularly harsh locale for clandestine operatives who were exposed. The list may never have existed as written; agent Tony Mendez wrote "Although no one had written them down, they were the precepts we all understood … By the time they got to Moscow, everyone knew these rules. They were dead simple and full of common sense…".
An abbreviated list of the probably-fictional Moscow Rules has circulated around the Internet and in fiction:
- Assume nothing.
- Murphy is right.
- Never go against your gut; it is your operational antenna.
- Don't look back; you are never completely alone.
- Everyone is potentially under opposition control.
- Go with the flow, blend in.
- Vary your pattern and stay within your cover.
- Any operation can be aborted. If it feels wrong, it is wrong.
- Maintain a natural pace.
- Lull them into a sense of complacency.
- Build in opportunity, but use it sparingly.
- Float like a butterfly, sting like a bee. (borrowed from Muhammad Ali, aka Cassius Clay.)
- Don't harass the opposition.
- There is no limit to a human being's ability to rationalize the truth.
- Technology will always let you down.
- Pick the time and place for action.
- Keep your options open.
- Once is an accident. Twice is coincidence. Three times is an enemy action. (taken from Ian Fleming's novel Goldfinger)
Referred to in the works of John le Carré e.g. Tinker, Tailor, Soldier, Spy and Smiley's People. The newest novel that uses these rules is by Daniel Silva, entitled 'Moscow Rules'. In these works, the rules are not general precepts, but methods of tradecraft, such as using chalk marks and thumbtacks as signals, the use of dead drops, and the ways to signal the need for a (rare) face-to-face meeting. Moscow Rules are important at the beginning of Smiley's People, where the General invokes the rules to request a meeting with Smiley, but he is followed and killed by KGB assassins before it can happen. The applicable rule states that no documents may be carried that cannot be instantly discarded, in this instance a 35mm negative concealed in an empty pack of cigarettes.
In the International Spy Museum in Washington, D.C., the Moscow Rules are:
- Assume nothing.
- Never go against your gut.
- Everyone is potentially under opposition control.
- Don't look back; you are never completely alone.
- Go with the flow, blend in.
- Vary your pattern and stay within your cover.
- Lull them into a sense of complacency.
- Don't harass the opposition.
- Pick the time and place for action.
- Keep your options open.
Tags: kit up
just goes to show new does not mean better. all Glock owners must see!
Tags: open carry
Five open carriers went into a restaurant. One patron called police to check them out, stating she "felt uneasy" despite their calm behavior. The city is classifying it as disorderly conduct (disturbing the peace), noting "The DC statute does not require an actual disturbance take place, only that conduct in question is of a type that tends to cause or provoke a disturbance."
The relevance of that is unknown. The city's position must boil down to — conduct that is both legal and peaceful becomes a misdemeanor if it upsets someone to where they call police. And that, even if it is constitutionally protected. It seems like a 2A version of the 1A "hecklers' veto" — we will ban your speech, the content of which is permissible, because your opponents might become violent if you gave it.
UPDATE: the point about respondeat superior raises an interesting issue. In a §1983 civil rights action, there is no respondeat superior liability (as I recall, because a violation of constitutional rights cannot be within the scope of duty of a government employee). To make a governmental unit liable, you have to prove that its organizational actions were wrong — one approach being to argue that the unit gave insufficient training to its agents. Usually, though, this is more easily claimed, than proven.
But the City has just officially determined, as an entity, that disorderly conduct charges should be issued. It's no longer a decision by officers on the scene, but an official determination by the City through its highest decisionmakers. I think the City is on the hook.