E.D.I.T ------- Electronic Deception, Interception & Terrorism : The Radio Shack Reality! ------------------------------------------------------------------------ presented by Ian A. Murphy, President & CEO IAM / Secure Data Systems Inc. 1225 North Second Street Philadelphia, Pa 19122 (215) 634-5749 "Electronic Deception, Interception & Terrorism : The Radio Shack Reality! Š ------------------------------------------------------------------------ Objective and Scope of the Problem The use of personal computers and the growth of electronics into the mainstream population, will allow almost anyone with basic understanding of common technology, the possible interception and collection of information that would not be available under normal conditions. Suppliers of basic electronic equipment now provide a number of different devices for the unknown numbers of possibilities for interception of tele-communications, data communications, and microwave and satellite communications for a small price. Some equipment is advertised to be a small as a dime and may be purchased from the back of many electronic magazines for under $30.00. Other devices are a bit larger and need more expertise to operate, but are still in the hands of many. To all of this, we add the entry of the personal computer and its ability to collect millions of bits of data in seconds instead of the human needing to ingest and store such information. The information can be collected onto tape or floppy disk and removed to a safer location with ease as compared to the removal of such volumes of information in paper or book form. Other problems involved with possible comprimised conditions include outside data communication contact persons who have no authorized access. Groups known to both law enforcement and the public media have surfaced from time to time and with some most embarassing information about corporate and goverment networks and computer systems. Most invasions occur with little notice at the time of entry and are only detected when major system problems or audit information are scanned. Public (private) domain systems are accessible around the clock without cost to thousands and provide the underground with an excellent source for information. These systems contain information for the compromise of various communications networks and operating systems to the construction of explosive devices and different methods for gaining physical access to such networks. All is known to be in the hands of a vast majority of minors, but if such information is available to anyone with computer communications ability, then the threat of such incidents occurring increases tenfold. The reason is due to the ease of access from anyone with the right information available to call these outlets of sensitive knowledge. The statement from Thomas Jefferson, represents the spirit of the words, "Knowledge is Power." as frightning truth in today's information society. "Electronic Deception, Interception & Terrorism : The Radio Shack Reality! ------------------------------------------------------------------------ Results to Date With the continued expansion of computers, many individuals and groups have been brought to the attention of law enforcement authorities. Groups with names such as The Legion of Doom, Knights of Shadow, The 414 Gang, The Brotherhood of Ohm and others. These groups consist of minors who trade information on a number of computers and telecommunications systems. These individuals have become known due to their actions on the systems of their choice. Reasons for discovery include the blatant posting of about plans to attack such systems, pieced-together information from telephone company records, credit card frauds committed to obtain computer hardware and software, and systems security violated numerous times by outside telecom contacts. These groups have a small impact on overall communications insecurity and pose little threat to national and corporate security. But the major problem associated with the leak of sensitive knowledge, comes from the lack of true indicators of such incursions in these networks. If persons with little directed intent are able to gather sensitive data from a number of public and underground sources, then a directed force will have a much easier time gathering facts and building upon them. Such fact gathering abilities come from eastern bloc countries with representives in this country, using "listening posts" stationed in major urban areas under diplomatic immunity to average citizens with back yard satellite dishes, personal computers and home-built or store-bought electronics. An example; According to statements made by David L. Watters before the Senate Select Committee on Foreign Intelligence in Febuuary 1977, the Soviet embassy in Washington, D.C. was in a direct line of interception for most of the federal goverment microwave communications. The embassy had the ability to receive any transmissions from sites such as White House, Tennely Tower, the Pentagon, Ft. George Meade, Ft Belviour, Andrews Air Force Base, Walter Reed Medical Center and other such govermental sites. Costs of such methods do not come cheaply and require industrial communications equipment to gather and process large amounts of such traffic in an urban environment. It should be noted that the embassy is located on the highest piece of land in the city of Washington and that alone allows for very easy signal reception from such generating facilities in the metropolitian area. "Electronic Deception, Interception & Terrorism : The Radio Shack Reality! ------------------------------------------------------------------------ Results to Date (con't.) With common sense applied, one must assume that the goverment is using encryption methods to transmit information over communications channels. The one benefit the such methods allow is for the useful lifetime of the information to remain valid as well as keeping such information guarded from unauthorized sources. But since this information is secured from such easy desemenation, the value of interception decreases to a point where the ability to decipher such information becomes too costly in a time value stance. One interesting twist to the encryption methods used by both the public and some goverment agencies, is the use of the DES (Digital Encryption Standard).The DES is an encryption method endorsed by the federal goverment for use in the public domain. This method is currently protected from disclosure outside the U.S. and selected NATO countries and has been classified as a "Material of War". The method was introduced as a secure method of encryption for information with the possibilities of the correct information being decoded in a one to a 72,000,000,000,000,000,000 chance. These odds are not to be ignored and do prove to be most formidable to unauthorized access with the exception of major goverments. The method was adopted by the commerical sector and has been deployed over a number of years in multiple sites, with little hesitation from the users. User confidence was quite high with this method, but a question must be raised about the release of such methods into the public domain. Since this method is secured from decryption in a time value stance according to goverment information, then why is such a method in the hands of the public? Can it be possible that the method has accessible trap doors imbedded to allow inspection of the encrypted information? Would the federal goverment release a method so secure into the hands of the general public so that not even they could read such information? And why is the method not being re-certified by the goverment? Has the usefulness of this technique reached a saturation point where the time needed to decrypt the information, has become a matter of hours or days instead of the reported years? The weakness of the DES system has been shown by a number of underground technicans working on the problem of encrypted satellite television transmissions. In one recent 90 day period, both the Oak Orion and the HBO scrambling systems have been cracked with skill. Chips for the decryption of these signals are on the underground market and can be produced as easily as most other commercially produced chips. "Electronic Deception, Interception & Terrorism : The Radio Shack Reality! ------------------------------------------------------------------------ Continuing Development Activity In addition, the increased skill of persons with directed intent who are able to obtain knowledge for the invasion of networks and systems allows for penetration of systems with ease. These individuals are seeking ways to gain entry with little detection involved and may be using the underground sources of information as roadmaps to targets. These entries will be planned and used to the fullest possible extent without the owners of systems being any wiser. Computer and communications facilities are being attacked by a vast group of computer literate persons seeking information and challenges that are not available in a normal data processing environment. People are seeking out connections to systems that answer and allow connection to same. The general public is being fed a constant diet of computers and communications. Society as a whole is undergoing a major re-education process in information processing and storage. Technology that needed space larger than any desk could contain is now available to sit on that desk and has more power than its predecessor, performing the same funcitions in half the time. Individuals without computer skills are now able to use the technology to work better and faster. Others are able to solve problems that could not be solved 10 years ago due to the technology, and now most commerical products have some form of directed artifical intellegence in place and operational. Information of a special or technical nature about electronics, communications and computer safeguards, is traded like baseball cards on the street. Persons have in-depth knowledge of hardware and software security methods and discuss such topics in open public electronic forums around the country. Information on software such as IBM's RACF, (R)esource (A)ccess (C)ontrol (F)acility, Computer Associates "Top Secret", and DEC Vax / VMS Security methods and the like are discussed as common topics in underground circles. Meetings are held each and every Friday evening in New York for the discussion of these topics and more. Conferences held for science fiction readers contain large populations of these persons and allow for information to flow to sources not normally exposed to such. The possibility of information of a sensitive nature being in the hands of individuals who should not have access to such, is a problem that stems from the ability of persons to research information from a variety of sources available to the public. First Amendment rights allow for the discussion of information and technology and provide the needed stimulation to continue research and provide for new developments. Many areas offer small insights to overall changes in technology and invite inspection of other areas. "Electronic Deception, Interception & Terrorism : The Radio Shack Reality! ------------------------------------------------------------------------ Continuing Development Activity (con't) Collection of information by electronic methods has become very standard in today's society. Multiple devices can be placed in locations never suspected as being active listening posts, and size is no longer considered a problem due to the development of integrated circuits. Some support devices can offer close unlimited range with proper set-up. Others allow for the interception through standard off-the-shelf technology and completely bypass any common physical security methods used to enforce. Low cost systems may be purchased and bastardized for the required purpose. Small radio transmissions systems with ranges stated to be in excess of one mile are very easy to obtain by calling or writing the manufacturer. Others are discussed in the general print media and complete volumes are available with plans, parts lists and construction methods needed for operation. All this information and equipment is in the hands of the general population and if it is so available, then what is the way to protect such information from interception and use? Is the trust of the user of this information questioned? Is the information real or placed in the media to dis-inform possible threats? What is the truth of the matter? Facts presented in one media are contested in others. Papers are presented and discussed with point and counter-point. All offer a number of possible facts that allow for the gathering of small but connected thoughts that provide the necessary details. Techno-fables are widespread; goverment, industry and the general public refuse to accept such stories due to lack of understanding. Capabilities well beyond what most of us would think are in the hands of common persons. Simple electronics offer a whole new world of eavesdropping and collection abilities for under 200.00 dollars and still we have persons who think such things are science fiction. Imagine using a common household microwave oven for such actions. Most would not see the use of such a device, but microwave ovens may be purchased for under $59 dollars in most areas and with a bit of component re-structuring, can produce frequencies well within commerical transmission range as well as front-end equipment damage to such sites. Belief in the "tap proof" security of fiber optics has been smashed. Simple fiber technology is the way, and counter-devices may cost 100 to 1000 times more for the detection and protection of such circuits. "Electronic Deception, Interception & Terrorism : The Radio Shack Reality!" ------------------------------------------------------------------------ Continuing Development Activity (con't) Home-made satellite transmissions stations are being constructed by HAMS and such for under $100 dollars, while current orbiting systems are completely vunerable to outside interference and jamming. The classic example is the Captain Midnight caper in early 1986. "Tempest" frequencies readers or scanners may be built for under $150.00 dollars and plans for such devices may be purchased for $19.95 through the mails. Cable location service is just an 800 number call away, and still the industry does nothing about the problem, cause or solution! Summary The use of common electronics and standard research in public domain databases will allow for the possibilities of simple terroristic activities happening with regularity to major telecommunications and computer centers. Already, computer centers in western nations have become the target of terroristic organzations. Computer hackers are reported as standard news today, and reports of special frauds and thefts continue with predictable time periods between each case and the results always being hidden from view to authorities due to the lack of understanding. Some results of such frauds are presented in plain view at times, and the investigators cannot "see the forest for the trees." The general population does not see computer intrusions as a problem related to them. Public knowledge of "computer crimes" comes from embellished stories presented by the media. Crimes committed against the different telephone carriers are responded to with a sense of wonder and awe from the general populace. The resident problem stated comes to the simple premise of basic "today" education. But if the education teaches the populace how to interact with the systems, is it able to police the same with confidence? Can the users be educated with the basic instruction for security as they have been about other forms of security? Do they understand what is being presented in the new age and are they willing to learn new methods for insuring security for all users? Can the security be maintained for the information as the information and its vessel grows? Conclusion The need for security in today's information age will require more thought and understanding of a criminal nature to secure the assets. A new form of asset transference is as available as the six shooter was in the early days of the West. To close, the words of Thomas Jefferson once again state the truth for this age, " If you remove a little bit of freedom for the sake of security, then in time you will have neither.". Ian A. Murphy Copyright Ian A. Murphy , IAM / Secure Data Systems, Inc., 1987