UnderGround Information
UnderGround Information
UnderGround Information
E.D.I.T
-------
Electronic Deception, Interception & Terrorism : The Radio Shack Reality!
------------------------------------------------------------------------
presented by
Ian A. Murphy, President & CEO
IAM / Secure Data Systems Inc.
1225 North Second Street
Philadelphia, Pa 19122
(215) 634-5749
"Electronic Deception, Interception & Terrorism : The Radio Shack Reality!� ------------------------------------------------------------------------
Objective and Scope of the Problem
The use of personal computers and the growth of electronics into the
mainstream population, will allow almost anyone with basic understanding
of common technology, the possible interception and collection of
information that would not be available under normal conditions.
Suppliers of basic electronic equipment now provide a number of different
devices for the unknown numbers of possibilities for interception of
tele-communications, data communications, and microwave and satellite
communications for a small price. Some equipment is advertised to be a
small as a dime and may be purchased from the back of many electronic
magazines for under $30.00. Other devices are a bit larger and
need more expertise to operate, but are still in the hands of many.
To all of this, we add the entry of the personal computer and its
ability to collect millions of bits of data in seconds instead of the
human needing to ingest and store such information. The information can be
collected onto tape or floppy disk and removed to a safer location with
ease as compared to the removal of such volumes of information in paper
or book form.
Other problems involved with possible comprimised conditions include
outside data communication contact persons who have no authorized
access. Groups known to both law enforcement and the public media have
surfaced from time to time and with some most embarassing information
about corporate and goverment networks and computer systems.
Most invasions occur with little notice at the time of entry and are
only detected when major system problems or audit information are scanned.
Public (private) domain systems are accessible around the clock without
cost to thousands and provide the underground with an excellent source for
information.
These systems contain information for the compromise of various
communications networks and operating systems to the construction of
explosive devices and different methods for gaining physical access to
such networks. All is known to be in the hands of a vast majority of
minors, but if such information is available to anyone with computer
communications ability, then the threat of such incidents occurring
increases tenfold.
The reason is due to the ease of access from anyone with the right
information available to call these outlets of sensitive knowledge.
The statement from Thomas Jefferson, represents the spirit of the words,
"Knowledge is Power." as frightning truth in today's information society.
"Electronic Deception, Interception & Terrorism : The Radio Shack Reality!
------------------------------------------------------------------------
Results to Date
With the continued expansion of computers, many individuals and groups
have been brought to the attention of law enforcement authorities. Groups
with names such as The Legion of Doom, Knights of Shadow, The 414 Gang,
The Brotherhood of Ohm and others. These groups consist of minors who
trade information on a number of computers and telecommunications systems.
These individuals have become known due to their actions on the systems
of their choice. Reasons for discovery include the blatant posting of
about plans to attack such systems, pieced-together information from
telephone company records, credit card frauds committed to obtain computer
hardware and software, and systems security violated numerous times by
outside telecom contacts.
These groups have a small impact on overall communications insecurity
and pose little threat to national and corporate security. But the major
problem associated with the leak of sensitive knowledge, comes from the
lack of true indicators of such incursions in these networks. If persons
with little directed intent are able to gather sensitive data from a
number of public and underground sources, then a directed force will have
a much easier time gathering facts and building upon them. Such fact
gathering abilities come from eastern bloc countries with representives in
this country, using "listening posts" stationed in major urban areas under
diplomatic immunity to average citizens with back yard satellite dishes,
personal computers and home-built or store-bought electronics.
An example; According to statements made by David L. Watters before the
Senate Select Committee on Foreign Intelligence in Febuuary 1977, the
Soviet embassy in Washington, D.C. was in a direct line of interception
for most of the federal goverment microwave communications. The embassy
had the ability to receive any transmissions from sites such as White
House, Tennely Tower, the Pentagon, Ft. George Meade, Ft Belviour,
Andrews Air Force Base, Walter Reed Medical Center and other such
govermental sites.
Costs of such methods do not come cheaply and require industrial
communications equipment to gather and process large amounts of such
traffic in an urban environment. It should be noted that the embassy is
located on the highest piece of land in the city of Washington and that
alone allows for very easy signal reception from such generating
facilities in the metropolitian area.
"Electronic Deception, Interception & Terrorism : The Radio Shack Reality!
------------------------------------------------------------------------
Results to Date (con't.)
With common sense applied, one must assume that the goverment is using
encryption methods to transmit information over communications channels.
The one benefit the such methods allow is for the useful lifetime of
the information to remain valid as well as keeping such information
guarded from unauthorized sources. But since this information is secured
from such easy desemenation, the value of interception decreases to a
point where the ability to decipher such information becomes too costly
in a time value stance.
One interesting twist to the encryption methods used by both the public
and some goverment agencies, is the use of the DES (Digital Encryption
Standard).The DES is an encryption method endorsed by the federal
goverment for use in the public domain. This method is currently protected
from disclosure outside the U.S. and selected NATO countries and has been
classified as a "Material of War". The method was introduced as a secure
method of encryption for information with the possibilities of the correct
information being decoded in a one to a 72,000,000,000,000,000,000 chance.
These odds are not to be ignored and do prove to be most formidable to
unauthorized access with the exception of major goverments. The method was
adopted by the commerical sector and has been deployed over a number of
years in multiple sites, with little hesitation from the users. User
confidence was quite high with this method, but a question must be raised
about the release of such methods into the public domain.
Since this method is secured from decryption in a time value stance
according to goverment information, then why is such a method in the
hands of the public? Can it be possible that the method has accessible
trap doors imbedded to allow inspection of the encrypted information?
Would the federal goverment release a method so secure into the hands
of the general public so that not even they could read such information?
And why is the method not being re-certified by the goverment? Has
the usefulness of this technique reached a saturation point where the
time needed to decrypt the information, has become a matter of hours or
days instead of the reported years?
The weakness of the DES system has been shown by a number of
underground technicans working on the problem of encrypted satellite
television transmissions. In one recent 90 day period, both the Oak Orion
and the HBO scrambling systems have been cracked with skill. Chips for
the decryption of these signals are on the underground market and can
be produced as easily as most other commercially produced chips.
"Electronic Deception, Interception & Terrorism : The Radio Shack Reality!
------------------------------------------------------------------------
Continuing Development Activity
In addition, the increased skill of persons with directed intent who
are able to obtain knowledge for the invasion of networks and systems
allows for penetration of systems with ease. These individuals are
seeking ways to gain entry with little detection involved and may be
using the underground sources of information as roadmaps to targets.
These entries will be planned and used to the fullest possible extent
without the owners of systems being any wiser.
Computer and communications facilities are being attacked by a vast
group of computer literate persons seeking information and challenges
that are not available in a normal data processing environment. People
are seeking out connections to systems that answer and allow connection
to same. The general public is being fed a constant diet of computers
and communications. Society as a whole is undergoing a major re-education
process in information processing and storage. Technology that needed
space larger than any desk could contain is now available to sit on that
desk and has more power than its predecessor, performing the same
funcitions in half the time.
Individuals without computer skills are now able to use the technology
to work better and faster. Others are able to solve problems that could
not be solved 10 years ago due to the technology, and now most commerical
products have some form of directed artifical intellegence in place
and operational.
Information of a special or technical nature about electronics,
communications and computer safeguards, is traded like baseball cards on
the street. Persons have in-depth knowledge of hardware and software
security methods and discuss such topics in open public electronic forums
around the country. Information on software such as IBM's RACF, (R)esource
(A)ccess (C)ontrol (F)acility, Computer Associates "Top Secret", and DEC
Vax / VMS Security methods and the like are discussed as common topics in
underground circles. Meetings are held each and every Friday evening in
New York for the discussion of these topics and more. Conferences held
for science fiction readers contain large populations of these persons
and allow for information to flow to sources not normally exposed to such.
The possibility of information of a sensitive nature being in the hands
of individuals who should not have access to such, is a problem that stems
from the ability of persons to research information from a variety of
sources available to the public. First Amendment rights allow for the
discussion of information and technology and provide the needed
stimulation to continue research and provide for new developments.
Many areas offer small insights to overall changes in technology and
invite inspection of other areas.
"Electronic Deception, Interception & Terrorism : The Radio Shack Reality!
------------------------------------------------------------------------
Continuing Development Activity (con't)
Collection of information by electronic methods has become very
standard in today's society. Multiple devices can be placed in locations
never suspected as being active listening posts, and size is no longer
considered a problem due to the development of integrated circuits.
Some support devices can offer close unlimited range with proper set-up.
Others allow for the interception through standard off-the-shelf
technology and completely bypass any common physical security methods
used to enforce.
Low cost systems may be purchased and bastardized for the required
purpose. Small radio transmissions systems with ranges stated to be in
excess of one mile are very easy to obtain by calling or writing the
manufacturer. Others are discussed in the general print media and
complete volumes are available with plans, parts lists and construction
methods needed for operation.
All this information and equipment is in the hands of the general
population and if it is so available, then what is the way to protect
such information from interception and use? Is the trust of the user of
this information questioned? Is the information real or placed in the
media to dis-inform possible threats? What is the truth of the matter?
Facts presented in one media are contested in others.
Papers are presented and discussed with point and counter-point. All
offer a number of possible facts that allow for the gathering of small
but connected thoughts that provide the necessary details.
Techno-fables are widespread; goverment, industry and the general
public refuse to accept such stories due to lack of understanding.
Capabilities well beyond what most of us would think are in the hands
of common persons. Simple electronics offer a whole new world of
eavesdropping and collection abilities for under 200.00 dollars and
still we have persons who think such things are science fiction.
Imagine using a common household microwave oven for such actions.
Most would not see the use of such a device, but microwave ovens may be
purchased for under $59 dollars in most areas and with a bit of
component re-structuring, can produce frequencies well within commerical
transmission range as well as front-end equipment damage to such sites.
Belief in the "tap proof" security of fiber optics has been smashed.
Simple fiber technology is the way, and counter-devices may cost 100 to
1000 times more for the detection and protection of such circuits.
"Electronic Deception, Interception & Terrorism : The Radio Shack Reality!"
------------------------------------------------------------------------
Continuing Development Activity (con't)
Home-made satellite transmissions stations are being constructed by
HAMS and such for under $100 dollars, while current orbiting systems are
completely vunerable to outside interference and jamming. The classic
example is the Captain Midnight caper in early 1986. "Tempest" frequencies
readers or scanners may be built for under $150.00 dollars and plans for
such devices may be purchased for $19.95 through the mails. Cable location
service is just an 800 number call away, and still the industry does
nothing about the problem, cause or solution!
Summary
The use of common electronics and standard research in public domain
databases will allow for the possibilities of simple terroristic
activities happening with regularity to major telecommunications and
computer centers. Already, computer centers in western nations have
become the target of terroristic organzations. Computer hackers are
reported as standard news today, and reports of special frauds and thefts
continue with predictable time periods between each case and the results
always being hidden from view to authorities due to the lack of
understanding. Some results of such frauds are presented in plain view at
times, and the investigators cannot "see the forest for the trees."
The general population does not see computer intrusions as a problem
related to them.
Public knowledge of "computer crimes" comes from embellished stories
presented by the media. Crimes committed against the different telephone
carriers are responded to with a sense of wonder and awe from the general
populace. The resident problem stated comes to the simple premise of basic
"today" education. But if the education teaches the populace how to
interact with the systems, is it able to police the same with confidence?
Can the users be educated with the basic instruction for security as they
have been about other forms of security? Do they understand what is being
presented in the new age and are they willing to learn new methods for
insuring security for all users? Can the security be maintained for the
information as the information and its vessel grows?
Conclusion
The need for security in today's information age will require more
thought and understanding of a criminal nature to secure the assets.
A new form of asset transference is as available as the six shooter was
in the early days of the West. To close, the words of Thomas Jefferson
once again state the truth for this age, " If you remove a little bit of
freedom for the sake of security, then in time you will have neither.".
Ian A. Murphy
Copyright Ian A. Murphy , IAM / Secure Data Systems, Inc., 1987