UnderGround Information










UnderGround Information










UnderGround Information





 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
                               E.D.I.T
                               -------
 
Electronic Deception, Interception & Terrorism : The Radio Shack Reality!
------------------------------------------------------------------------
                             presented by 
 
                    Ian A. Murphy, President & CEO
 
                    IAM / Secure Data Systems Inc.
                       1225 North Second Street
                        Philadelphia, Pa 19122
                            (215) 634-5749 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 


"Electronic Deception, Interception & Terrorism : The Radio Shack Reality!� ------------------------------------------------------------------------
Objective and Scope of the Problem 
 
 The use of personal computers and the growth of electronics into the 
mainstream population, will allow almost anyone with basic understanding 
of common technology, the possible interception and collection of 
information that would not be available under normal conditions. 
Suppliers of basic electronic equipment now provide a number of different 
devices for the unknown numbers of possibilities for interception of 
tele-communications, data communications, and microwave and satellite 
communications for a small price. Some equipment is advertised to be a 
small as a dime and may be purchased from the back of many electronic 
magazines for under $30.00. Other devices are a bit larger and 
need more expertise to operate, but are still in the hands of many. 
 
 To all of this, we add the entry of the personal computer and its 
ability to collect millions of bits of data in seconds instead of the 
human needing to ingest and store such information. The information can be 
collected onto tape or floppy disk and removed to a safer location with 
ease as compared to the removal of such volumes of information in paper 
or book form. 
 
 Other problems involved with possible comprimised conditions include 
outside data communication contact persons who have no authorized 
access. Groups known to both law enforcement and the public media have 
surfaced from time to time and with some most embarassing information 
about corporate and goverment networks and computer systems. 
 
 Most invasions occur with little notice at the time of entry and are 
only detected when major system problems or audit information are scanned. 
Public (private) domain systems are accessible around the clock without 
cost to thousands and provide the underground with an excellent source for 
information. 
 
 These systems contain information for the compromise of various 
communications networks and operating systems to the construction of 
explosive devices and different methods for gaining physical access to 
such networks. All is known to be in the hands of a vast majority of 
minors, but if such information is available to anyone with computer 
communications ability, then the threat of such incidents occurring 
increases tenfold. 
 
 The reason is due to the ease of access from anyone with the right 
information available to call these outlets of sensitive knowledge. 
The statement from Thomas Jefferson, represents the spirit of the words, 
"Knowledge is Power." as frightning truth in today's information society.
 
 
 
 


"Electronic Deception, Interception & Terrorism : The Radio Shack Reality!
 ------------------------------------------------------------------------
Results to Date
 
 With the continued expansion of computers, many individuals and groups 
have been brought to the attention of law enforcement authorities. Groups 
with names such as The Legion of Doom, Knights of Shadow, The 414 Gang, 
The Brotherhood of Ohm and others. These groups consist of minors who 
trade information on a number of computers and telecommunications systems. 
 
 These individuals have become known due to their actions on the systems 
of their choice. Reasons for discovery include the blatant posting of 
about plans to attack such systems, pieced-together information from 
telephone company records, credit card frauds committed to obtain computer 
hardware and software, and systems security violated numerous times by 
outside telecom contacts.
 
 These groups have a small impact on overall communications insecurity
and pose little threat to national and corporate security. But the major 
problem associated with the leak of sensitive knowledge, comes from the
lack of true indicators of such incursions in these networks. If persons 
with little directed intent are able to gather sensitive data from a 
number of public and underground sources, then a directed force will have 
a much easier time gathering facts and building upon them. Such fact 
gathering abilities come from eastern bloc countries with representives in 
this country, using "listening posts" stationed in major urban areas under 
diplomatic immunity to average citizens with back yard satellite dishes, 
personal computers and home-built or store-bought electronics. 
 
 An example; According to statements made by David L. Watters before the 
Senate Select Committee on Foreign Intelligence in Febuuary 1977, the 
Soviet embassy in Washington, D.C. was in a direct line of interception 
for most of the federal goverment microwave communications. The embassy 
had the ability to receive any transmissions from sites such as White 
House, Tennely Tower, the Pentagon, Ft. George Meade, Ft Belviour, 
Andrews Air Force Base, Walter Reed Medical Center and other such 
govermental sites. 
 
 Costs of such methods do not come cheaply and require industrial 
communications equipment to gather and process large amounts of such 
traffic in an urban environment. It should be noted that the embassy is 
located on the highest piece of land in the city of Washington and that 
alone allows for very easy signal reception from such generating 
facilities in the metropolitian area. 
 
 
 
 
 
 
 


"Electronic Deception, Interception & Terrorism : The Radio Shack Reality!
 ------------------------------------------------------------------------
Results to Date (con't.)
 
 With common sense applied, one must assume that the goverment is using 
encryption methods to transmit information over communications channels. 
The one benefit the such methods allow is for the useful lifetime of 
the information to remain valid as well as keeping such information 
guarded from unauthorized sources. But since this information is secured 
from such easy desemenation, the value of interception decreases to a 
point where the ability to decipher such information becomes too costly 
in a time value stance. 
 
 One interesting twist to the encryption methods used by both the public 
and some goverment agencies, is the use of the DES (Digital Encryption 
Standard).The DES is an encryption method endorsed by the federal 
goverment for use in the public domain. This method is currently protected 
from disclosure outside the U.S. and selected NATO countries and has been 
classified as a "Material of War". The method was introduced as a secure 
method of encryption for information with the possibilities of the correct 
information being decoded in a one to a 72,000,000,000,000,000,000 chance.
 
 These odds are not to be ignored and do prove to be most formidable to 
unauthorized access with the exception of major goverments. The method was 
adopted by the commerical sector and has been deployed over a number of 
years in multiple sites, with little hesitation from the users. User 
confidence was quite high with this method, but a question must be raised 
about the release of such methods into the public domain.
 
 Since this method is secured from decryption in a time value stance 
according to goverment information, then why is such a method in the 
hands of the public? Can it be possible that the method has accessible 
trap doors imbedded to allow inspection of the encrypted information?
Would the federal goverment release a method so secure into the hands 
of the general public so that not even they could read such information? 
And why is the method not being re-certified by the goverment? Has 
the usefulness of this technique reached a saturation point where the 
time needed to decrypt the information, has become a matter of hours or 
days instead of the reported years?    
 
 The weakness of the DES system has been shown by a number of 
underground technicans working on the problem of encrypted satellite 
television transmissions. In one recent 90 day period, both the Oak Orion 
and the HBO scrambling systems have been cracked with skill. Chips for 
the decryption of these signals are on the underground market and can 
be produced as easily as most other commercially produced chips.
 
 
 
 
 


"Electronic Deception, Interception & Terrorism : The Radio Shack Reality!
 ------------------------------------------------------------------------
Continuing Development Activity
 
 In addition, the increased skill of persons with directed intent who 
are able to obtain knowledge for the invasion of networks and systems 
allows for penetration of systems with ease. These individuals are 
seeking ways to gain entry with little detection involved and may be 
using the underground sources of information as roadmaps to targets. 
These entries will be planned and used to the fullest possible extent 
without the owners of systems being any wiser.  
 
 Computer and communications facilities are being attacked by a vast 
group of computer literate persons seeking information and challenges 
that are not available in a normal data processing environment. People 
are seeking out connections to systems that answer and allow connection 
to same. The general public is being fed a constant diet of computers 
and communications. Society as a whole is undergoing a major re-education 
process in information processing and storage. Technology that needed 
space larger than any desk could contain is now available to sit on that 
desk and has more power than its predecessor, performing the same 
funcitions in half the time.  
 
 Individuals without computer skills are now able to use the technology 
to work better and faster. Others are able to solve problems that could 
not be solved 10 years ago due to the technology, and now most commerical 
products have some form of directed artifical intellegence in place 
and operational.  
 
 Information of a special or technical nature about electronics,
communications and computer safeguards, is traded like baseball cards on 
the street. Persons have in-depth knowledge of hardware and software 
security methods and discuss such topics in open public electronic forums 
around the country. Information on software such as IBM's RACF, (R)esource 
(A)ccess (C)ontrol (F)acility, Computer Associates "Top Secret", and DEC 
Vax / VMS Security methods and the like are discussed as common topics in 
underground circles. Meetings are held each and every Friday evening in 
New York for the discussion of these topics and more. Conferences held 
for science fiction readers contain large populations of these persons 
and allow for information to flow to sources not normally exposed to such.
 
 The possibility of information of a sensitive nature being in the hands 
of individuals who should not have access to such, is a problem that stems 
from the ability of persons to research information from a variety of 
sources available to the public. First Amendment rights allow for the 
discussion of information and technology and provide the needed 
stimulation to continue research and provide for new developments. 
Many areas offer small insights to overall changes in technology and 
invite inspection of other areas. 
 
 


"Electronic Deception, Interception & Terrorism : The Radio Shack Reality!
 ------------------------------------------------------------------------
Continuing Development Activity (con't)
 
 Collection of information by electronic methods has become very 
standard in today's society. Multiple devices can be placed in locations 
never suspected as being active listening posts, and size is no longer 
considered a problem due to the development of integrated circuits. 
Some support devices can offer close unlimited range with proper set-up. 
Others allow for the interception through standard off-the-shelf 
technology and completely bypass any common physical security methods 
used to enforce. 
 
 Low cost systems may be purchased and bastardized for the required 
purpose. Small radio transmissions systems with ranges stated to be in 
excess of one mile are very easy to obtain by calling or writing the 
manufacturer. Others are discussed in the general print media and 
complete volumes are available with plans, parts lists and construction 
methods needed for operation. 
 
 All this information and equipment is in the hands of the general 
population and if it is so available, then what is the way to protect 
such information from interception and use? Is the trust of the user of 
this information questioned? Is the information real or placed in the 
media to dis-inform possible threats? What is the truth of the matter? 
Facts presented in one media are contested in others. 
Papers are presented and discussed with point and counter-point. All 
offer a number of possible facts that allow for the gathering of small 
but connected thoughts that provide the necessary details. 
 
 Techno-fables are widespread; goverment, industry and the general 
public refuse to accept such stories due to lack of understanding. 
Capabilities well beyond what most of us would think are in the hands 
of common persons. Simple electronics offer a whole new world of 
eavesdropping and collection abilities for under 200.00 dollars and 
still we have persons who think such things are science fiction. 
 
 Imagine using a common household microwave oven for such actions. 
Most would not see the use of such a device, but microwave ovens may be 
purchased for under $59 dollars in most areas and with a bit of 
component re-structuring, can produce frequencies well within commerical 
transmission range as well as front-end equipment damage to such sites. 
Belief in the "tap proof" security of fiber optics has been smashed. 
Simple fiber technology is the way, and counter-devices may cost 100 to 
1000 times more for the detection and protection of such circuits. 
 
 
 
 
 
 


"Electronic Deception, Interception & Terrorism : The Radio Shack Reality!"
 ------------------------------------------------------------------------
Continuing Development Activity (con't)
 
Home-made satellite transmissions stations are being constructed by 
HAMS and such for under $100 dollars, while current orbiting systems are 
completely vunerable to outside interference and jamming. The classic 
example is the Captain Midnight caper in early 1986. "Tempest" frequencies 
readers or scanners may be built for under $150.00 dollars and plans for 
such devices may be purchased for $19.95 through the mails. Cable location 
service is just an 800 number call away, and still the industry does 
nothing about the problem, cause or solution!  
 
Summary
 
 The use of common electronics and standard research in public domain 
databases will allow for the possibilities of simple terroristic 
activities happening with regularity to major telecommunications and 
computer centers. Already, computer centers in western nations have 
become the target of terroristic organzations. Computer hackers are 
reported as standard news today, and reports of special frauds and thefts 
continue with predictable time periods between each case and the results 
always being hidden from view to authorities due to the lack of 
understanding. Some results of such frauds are presented in plain view at 
times, and the investigators cannot "see the forest for the trees." 
The general population does not see computer intrusions as a problem 
related to them. 
 
 Public knowledge of "computer crimes" comes from embellished stories 
presented by the media. Crimes committed against the different telephone 
carriers are responded to with a sense of wonder and awe from the general 
populace. The resident problem stated comes to the simple premise of basic 
"today" education. But if the education teaches the populace how to 
interact with the systems, is it able to police the same with confidence? 
Can the users be educated with the basic instruction for security as they 
have been about other forms of security? Do they understand what is being 
presented in the new age and are they willing to learn new methods for 
insuring security for all users? Can the security be maintained for the 
information as the information and its vessel grows? 
 
Conclusion
 
 The need for security in today's information age will require more 
thought and understanding of a criminal nature to secure the assets. 
A new form of asset transference is as available as the six shooter was 
in the early days of the West. To close, the words of Thomas Jefferson 
once again state the truth for this age, " If you remove a little bit of 
freedom for the sake of security, then in time you will have neither.".  
 
Ian A. Murphy 
 

  Copyright Ian A. Murphy , IAM / Secure Data Systems, Inc., 1987