"Electronic Deception, Interception & Terrorism : The Radio Shack Reality!
Objective and Scope of the Problem
The use of personal computers and the growth of electronics into
the mainstream population, will allow almost anyone with basic understanding
of today's common technology, the possible interception and collection
of information that would not be available under previous conditions. By
previous conditions, we mean the lack of extensive Data Communications
and powerful Desktop / Laptop Computer Systems.
When this paper was first published in the mid-80's, the state of the
art in general population information systems were 286's with 100 meg hard
drives and 9600 baud modems. Today, the average citizen has dial-up 56K,
2 Gigs of storage and 233 MHz processors. And this comes in a very portable
3.5 pound package and has a color screen. Multiple suppliers of basic
electronic equipment now provide a number of different devices for the
unknown numbers of possibilities for interception of tele-communications,
data communications, and microwave and satellite communications for a small
price. Some basic equipment is advertised to be a small as a dime and may
be purchased from the back of many electronic magazines for under $30.00.
Other devices are a bit larger and need more expertise to operate, but
are still in the hands of many.
To all of this, we add the entry of the personal computer and
its ability to collect millions of bits of data in seconds instead of the
human needing to ingest and store such information. The information can
be collected onto tape or floppy disk and removed to a safer location with
ease as compared to the removal of such volumes of information in paper
or book form. And this does not include the investigative methods that
are available through the Internet. And that door is wide open at this
time.
"Electronic Deception, Interception & Terrorism : The Radio Shack Reality!
Other problems involved with possible compromised conditions include
outside data communication contact persons who have no authorized access.
Groups known to both law enforcement and the public media have surfaced
from time to time and with some most embarrassing information about corporate
and government networks and computer systems.
In addition, most invasions occur with little notice at the time
of entry and are only detected when major system problems or audit information
are scanned. Public (private) domain systems are accessible around the
clock without cost to thousands and provide the Computer / Internet underground
with an excellent source for information.
These systems contain information for the compromise of various
communications networks and operating systems to the construction of explosive
devices and different methods for gaining physical access to such networks.
All is known to be in the hands of a vast majority of minors, but if such
information is available to anyone with computer communications ability,
then the threat of such incidents occurring increases tenfold.
The reason is due to the ease of access from anyone with the
right information available to call these outlets of sensitive knowledge.
The statement from Thomas Jefferson, represents the spirit of the words,
"Knowledge is Power." as frightening truth in today's information society.
Results to Date
With the continued expansion of computers, many individuals and
groups
have been brought to the attention of law enforcement authorities in
the past. Groups with names such as The Legion of Doom, Knights of Shadow,
The 414 Gang, The Brotherhood of Ohm and others were considered to be the
major players in the mid to late 1980's. These groups consisted of minors
who traded information on a number of computers and telecommunications
systems.
"Electronic Deception, Interception & Terrorism : The Radio Shack
Reality!
These individuals have become known due to their actions on the systems
of their choice. Reasons for discovery include the blatant posting
of about plans to attack such systems, pieced-together information from
telephone company records, credit card frauds committed to obtain computer
hardware and software, and systems security violated numerous times by
outside telecom contacts.
These groups have a small impact on overall communications insecurity
and pose little threat to national and corporate security. But the major
problem associated with the leak of sensitive knowledge comes from the
lack of true indicators of such incursions in these networks. If persons
with little directed intent are able to gather sensitive data from a number
of public and underground sources, then a directed force will have a much
easier time gathering facts and building upon them. Such fact gathering
abilities come from eastern bloc countries with representatives in
this country, using "listening posts" stationed in major urban areas
under diplomatic immunity to average citizens with back yard satellite
dishes, personal computers and home-built or store-bought electronics.
An example; According to statements made by David L. Watters
before the
Senate Select Committee on Foreign Intelligence in February 1977, the
Soviet embassy in Washington, D.C. was in a direct line of interception
for most of the federal government microwave communications. The embassy
had the ability to receive any transmissions from sites such as White House,
Tennely Tower, the Pentagon, Ft. George Meade, Ft Belviour, Andrews Air
Force Base, Walter Reed Medical Center and other such govermental sites.
Costs of such methods did not come cheaply and required commercial / industrial communications equipment to gather and process large amounts of such traffic in an urban environment. But today, the need for advanced communications / information gathering equipment is getting cheaper and offers the interception of a myriad of signals from cellular laptops to telephone and the new PCS systems. It should be noted that the Soviet embassy is located on the highest piece of land in the city of Washington and that alone allows for very easy signal reception from such generating facilities in the metropolitan area.
With common sense applied, one must assume that the government
is using
Encryption methods to transmit information over there communications
channels.
The one benefit the methods allow is for the useful lifetime of the
information to remain valid as well as keeping such information guarded
from unauthorized sources.
"Electronic Deception, Interception & Terrorism : The Radio Shack
Reality!
But since this information is secured from such easy dissemination,
the value of interception decreases to a point where the ability to decipher
such information becomes too costly in a time value stance. But that is
fast becoming a misnomer
in today's fast changing microprocessor world.
One interesting twist to the encryption methods used by both the public
and some government agencies, is the use of the DES (Digital Encryption
Standard). The DES is an encryption method endorsed by the federal government
for use in the public domain. It recently was the subject of intense discussions
on Capitol Hill concerning the export regulations with encryption. While
this debate raged on for months, the use of encryption has increased exponentially
across the board.
But then we get crypto-programs like Vin-Crypt, written by the comoputer
underground, Pretty Good privacy, Blowfish and 128 bit encryption methods.
Inclusive in this was the recent decision by the Federal Govt. not to prosecute
Philip Zimmerman These methods are currently protected from disclosure
outside the U.S. and selected NATO countries and has been classified as
a "Material of War". But in all reality, all of these packages are outside
the country and in world wide circulation. Such methods were introduced
as a secure method of encryption for information with the possibilities
of the correct information being decoded in a one to a 78,000,000,000,000,000,000,000,000,000,000
chance. Good Luck!
These odds are not to be ignored and do prove to be most formidable
to
unauthorized access with the exception of major governments. Or so
it was thought. Until recently, the DES was considered secure from being
broken. But that came to a screeching halt in the last few months with
contest to break the algorithm. The method was huge in practice, and required
that a number of computers were used over a period of months. But it was
proven that the code could be broken, (In addition, the SETI team is currently
using this same type of multi-processing approach and offering any number
of persons the chance to scan and establish a link in the search for extraterrestrial
signals.) and this was adopted by the commercial sector and has been deployed
over multiple sites, with little hesitation from the users. User confidence
was quite high with this method, but a question must be raised about the
release of such methods into the public domain.
"Electronic Deception, Interception & Terrorism : The Radio Shack
Reality!
Since this method is secured from decryption in a time value stance
according to government information, then why is such a method in the hands
of the public?
Can it be possible that the method has accessible trap doors imbedded
to allow inspection of the encrypted information? Would the federal government
release a method so secure into the hands of the public so that not even
they could read such information? And why is the method not being re-certified
by the government? Has the usefulness of this technique reached a saturation
point where the time needed to decrypt the information, has become a matter
of hours or days instead of the reported years?
The weakness of the DES system has been shown by a number of
underground technicians working on the problem of encrypted satellite television
transmissions. In one recent 90 day period, both the Oak Orion and the
HBO scrambling systems have been cracked with skill. Chips for the decryption
of these signals are on the underground market and can be produced as easily
as most other commercially produced chips.
Continuing Development Activity
In addition, the increased skill of persons with directed intent
who are able to obtain knowledge for the invasion of networks and systems
allow for penetration of systems with ease. These individuals are seeking
ways to gain entry with little detection involved and may be using the
underground sources of information as roadmaps to targets. These entries
will be planned and used to the fullest possible extent without the owners
of systems being any wiser.
Computer and communications facilities are being attacked by
a vast group of computer literate persons seeking information and challenges
that are not available in a normal data processing environment. People
are seeking out connections to systems that answer and allow connection
to same. The general public is being fed a constant diet of computers and
communications. Society as a whole is undergoing a major re-education process
in information processing and storage. Technology that needed space larger
than any desk could contain is now available to sit on that
desk and has more power than its predecessor, performing the same functions
in half the time.
"Electronic Deception, Interception & Terrorism : The Radio Shack
Reality!
Individuals without computer skills are now able to use the technology
to work better and faster. Others are able to solve problems that could
not be solved 10 years ago due to the technology, and now most commercial
products have some form of directed artificial intelligence in place and
operational.
Information of a special or technical nature about electronics,
communications and computer safeguards, is traded like baseball cards on
the street. Persons have in-depth knowledge of hardware and software security
methods and discuss such topics in open public electronic forums around
the country. Information on software such as IBM's RACF, (R)esource (A)ccess
(C)ontrol (F)acility, Computer Associates "Top Secret", and DEC Vax / VMS
Security methods and the like are discussed as common topics in underground
circles. Meetings are held each and every Friday evening in New York for
the discussion of these topics and more. Conferences held for science fiction
readers contain large populations of these persons and allow information
to flow to sources not normally exposed to such.
The possibility of information of a sensitive nature being in
the hands of individuals who should not have access to such, is a problem
that stems from the ability of persons to research information from a variety
of sources available to the public. First Amendment rights allow for the
discussion of information and technology and provide the needed stimulation
to continue research and provide for new developments. Many areas offer
small insights to overall changes in technology and invite inspection of
other areas.
Collection of information by electronic methods has become very
standard in today's society. Multiple devices can be placed in locations
never suspected as being active listening posts, and size is no longer
considered a problem due to the development of integrated circuits. Some
support devices can offer close unlimited range with proper set-up. Others
allow for the interception through standard off-the-shelf technology and
completely bypass any common physical security methods
used to enforce.
"Electronic Deception, Interception & Terrorism : The Radio Shack Reality!
Low cost systems may be purchased and bastardized for the required
purpose. Small radio transmissions systems with ranges stated to be in
excess of one mile are very easy to obtain by calling or writing the manufacturer.
Others are discussed in the general print media and complete volumes are
available with plans, parts lists and construction methods needed for operation.
All this information and equipment is in the hands of the general
population and if it is so available, then what is the way to protect such
information from interception and use? Is the trust of the user of this
information questioned? Is the information real or placed in the media
to dis-inform possible threats? What is the truth of the matter? Facts
presented in one media are contested in others. Papers are presented and
discussed with point and counter-point. All offer a number of possible
facts that allow for the gathering of small but connected thoughts that
provide the necessary details.
Techno-fables are widespread; government, industry and the general
public refuse to accept such stories due to lack of understanding. Capabilities
well beyond what most of us would think are in the hands of common persons.
Simple electronics offer a whole new world of eavesdropping and collection
abilities for under 200.00 dollars and still we have persons who think
such things are science fiction.
Imagine using a common household microwave oven for such actions.
Most would not see the use of such a device, but microwave ovens may be
purchased for under $59 dollars in most areas and with a bit of component
re-structuring, can produce frequencies well within commercial transmission
range as well as front-end equipment damage to such sites. Belief in the
"tap proof" security of fiber optics has been smashed. Simple fiber technology
is the way, and counter-devices may cost 100 to 1000 times more for the
detection and protection of such circuits.
"Electronic Deception, Interception & Terrorism : The Radio
Shack Reality!
Homemade satellite transmissions stations are being constructed by
HAMS and such for under $100 dollars, while current orbiting systems
are
completely vulnerable to outside interference and jamming. The classic
example is the Captain Midnight caper in early 1986. "Tempest" frequencies
readers or scanners may be built for under $150.00 dollars and plans
for
such devices may be purchased for $19.95 through the mails. Cable location
service is just an 800 number call away, and still the industry does
nothing about the
problem, cause or solution!
Summary
The use of common electronics and standard research in public
domain databases will allow for the possibilities of simple terroristic
activities happening with regularity to major telecommunications and computer
centers. Already, computer centers in western nations have become the target
of terroristic organizations. Computer hackers are reported as standard
news today, and reports of special frauds and thefts continue with predictable
time periods between each case and the results
always being hidden from view to authorities due to the lack of understanding.
Some results of such frauds are presented in plain view at times, and the
investigators cannot "see the forest for the trees." The general population
does not see computer intrusions as a problem related to them.
Public knowledge of "computer crimes" comes from embellished
stories presented by the media. Crimes committed against the different
telephone carriers are responded to with a sense of wonder and awe from
the general populace. The resident problem stated comes to the simple premise
of basic "today" education. But if the education teaches the populace how
to interact with the systems, is it able to police the same with confidence?
Can the users be educated with the basic instruction for security as they
have been about other forms of security? Do they understand what is being
presented in the new age and are they willing to learn new methods for
insuring security for all users? Can the security be maintained for the
information as the information and its vessel grows?
"Electronic Deception, Interception & Terrorism : The Radio Shack Reality!
Conclusion
The need for security in today's information age will require
more thought and understanding of a criminal nature to secure the assets.
A new form of asset transference is as available as the six shooter was
in the early days of the West. To close, the words of Thomas Jefferson
once again state the truth for this age, " If you remove a little bit of
freedom for the sake of security, then in time you will have neither".
Ian A. Murphy
Copyright Ian A. Murphy, IAM / Secure Data Systems, Inc., 1987