IN T E L SE Ç T ECHNOLOGY

new NSA Special Collections Svc NIMA Promis JASON Alfred Loomis sapper drones taser bot Epoc duroquinone strays Tenet targets Alltel Information Services InQTel Amdocs & Comverse Ptech NSA's leviathan telcom database Megiddo Mormon tech F. Carlucci Carlyle Group NatSec kereitsu GOP reshuffle RPVs mayfly CTS omni-surveillance ebombs HAARP stray cat NRO OnStar CCS torture exports Hessians & PMCs Martian Cold War relics NatSec career fair Ctr for Public Inquiry CLW FPIF Infowar Defensetech Politech The Register WashTech (Wash.Post) professionals cold war facilities DEW Tempest Seeds of Fire, G.Thomas 11.01 Tom Bearden OKC Cathy O'Brien re C.O'Brien MKUltra T. Kazcynski Alfred Loomis Proj.Artichoke's 8 methods Fifth Horseman

To be politically active and not live in fear & mutual suspicion, stand at each meeting's start & insist on applause for enemy agents among us. Invite them to return with all their cohorts because their presence only strengthens our capability for resistance since our commitment & righteousness are invincible & inevitably triumphant. ~   Zopilote fronterizo

CTS will keep watch by equipping each camera with a processor, like the one in your computer. The chips will have programmed into them "video understanding algorithms" that can distinguish one car from another. At each checkpoint, the car's speed, time of arrival, color, size, license plate, and shape are all instantly passed on to a central server. If the early tests identifying cars go well, software that recognizes a person's face and style of walk could also be added.
By sharing only this refined data, instead of the raw video itself, CTS should keep fragile computer networks from becoming overloaded with hours & hours of meaningless footage. CTS would help govt networks avoid that burden, with each camera transmitting a mere 8 kilobits per second, instead of the 200 or so kilobits needed for high-resolution video. CTS would also keep the snoops who stare at the monitors from being overwhelmed. "We have enough cameras, but not enough people to watch the video feeds," said CTS head Tom Strat for DARPA's Information Exploitation Office.

CTS cameras might send back to headquarters only basic data or the occasional low-resolution image. But when there's something fishy going down, like a car speeding away unexpectedly, or a briefcase left in a train station, the images could come sharper, and more quickly. Proto-CTS programs from contractors Northrop Grumman & Sarnoff Corp. would interrupt monotony of surveillance footage, setting red boxes aflash around the suspect person or object. "It focuses your attention right there," said Bruce De Witte of Northrop.
CTS would do more than change what investigators see. It would also give them a record of everything that happens in a city's public places, potential evidence for prosecutors and terrorist hunters. In its presentation to industry, DARPA said it wanted CTS to be able to find the common threads between a shooting at a bus stop one month and a bombing at a disco the next. In theory, CTS could take an inventory of all of the cars around the bus stop and near the disco immediately before and after the incidents. Then it could examine where those cars went, to see if there were any vehicles in common or if a car acted as a sort of messenger between two others.

The forensic process could be further enhanced by one of DARPA's analysis programs, like LifeLog or Total Information Awareness. After mining license plate numbers from the footage, investigators could identify the car owners, then dig into the owners' Web-surfing trails, to see if there were any visits to explosive-making sites and scan e-mail accounts for virulent language and plumb credit card receipts for big fertilizer purchases.
To the uninitiated, storing & sharing all this information might seem like insurmountably complex tasks. According to CTS manager Strat, the ability to network surveillance cameras over a wide area is "not right around the corner." Defense and technology analysts have a different view. "(CTS) is pretty creepy. And the creepiest part about it is that it's not all that sophisticated," said privacy-rights proponent Electronic Frontier Foundation sr staff atty Lee Tien.

DARPA has mandated that the CTS demonstrations be done only with readily available, "off the shelf" equipt What may be harder is handing off information, a description of a suspicious vehicle, from one camera to the next. These lenses will be separated by hundreds, even thousands, of meters. And "appearances can change dramatically" in those distances, Johns Hopkins Univ. sr research scientist Chris Diehl said. Slight variations in light or in the camera's angle can make a car look very different to a mechanical eye. "If you read the literature, there really isn't a proven method" for solving this problem, he said.
Yet this obstacle seems surmountable. In a CTS simulation conducted by software developer Alphatech, a car could be tracked over 10 kilometers with accuracy of 90% or better with cameras placed 400m apart. The percentage went up, of course, as the cameras moved closer together.

CTS is but one of an array of private & public sector programs to sort through the ever expanding amount of surveillance imagery. UCSD Computer Vision & Robotics Research lab just received a $600,000 grant from a Defense Dept counterterror group for a CTS-like project. At Los Alamos National Laboratory, Stephen Brumby is using genetic algorithms, programs that are bred from smaller components of code, to automatically analyze satellite pictures. At the Sarnoff Corporation, a project dubbed Video Flashlight would morph cameras' views into a single 3D model. Using a joystick, a security officer could maneuver through this simulated world as though playing a game.

In order for Video Flashlight to work, however, it would have to use stationary cameras. CTS doesn't have that limitation; it's supposed to function with drones & other battlefield sensors. That's one of the reasons Globalsecurity.org's John Pike thinks the program could have a legitimate military function, "to the extent that it is relevant to urban operations, as opposed to the running of a well-oiled police state." Combat in cities "tends to quickly degenerate into small firefights," Pike explained. It's a lot harder to know what's happening in a crowded city than it is in an open desert. Radios cut out quicker; drones & satellites have a harder time peering through the concrete canyons and narrow passageways of urban life. CTS could restore some of that sight, giving U.S. generals a "broader situational awareness."

This assumes CTS has anything to do with urban combat. If it does, it'd be a surprise to some of the businesses bidding for the CTS contract. "The primary application is for homeland security," said Sarnoff Corp. spokesman Tom Lento. "The whole theme here is homeland security," added Northrop Grumman's De Witte. Strat disagreed. "DARPA's mission is not to do homeland security," he said.
In a presentation to industry, DARPA noted, "CTS technology will be demonstrated only within the observable boundaries of govt installations where video surveillance is expressly permitted, and operational deployment areas outside U.S. where it is consistent with all local laws." But in an interview, Strat did admit that "there's a chance that some of this technology might work its way" into domestic surveillance programs.

In the test at Ft Belvoir this year the aim is to track 90% of all of cars within the target area for any given 30-minute period. The paths of 1 million vehicles should be stored and retrievable within 3 seconds. A year after that, CTS is supposed to move on to testing in an urban combat setting, where it will gather information from 100 mobile sensors, like drone spy planes and "video ropes" containing dozens of tiny cameras.
"This is coming whether we like it or not," said CSIS Jim Lewis. "It's not how do we stop the tidal wave. It's how do we manage it."

Cyber national guard Defense Dept for controversial AZ cybersecurity plan 4.18.01   Kevin Poulsen SecurityFocus Pentagon cyber security wonks are looking to the Grand Canyon State for the future of information warfare defense, thanks to a bill in the Arizona legislature that would create the country's first State Infrastructure Protection Center (SIPC). Like its national namesake, the FBI-housed NIPC, the Arizona SIPC would be poised to respond to physical   cyber attacks on 7 critical infrastructures: telecommunications, energy, banking, finance, transportation, water and emergency services. But it would be overseen by the state's emergency management department, and be comprised primarily of state agencies. It would also maintain close ties to the Pentagon, which has endorsed the proposal. Under the plan, the Defense Dept would provide the SIPC with up-to-date, sanitized information on network vulnerabilities and ongoing attacks through a new Computer Emergency Response Team (CERT) established within the Arizona National Guard. "The National Guard is the perfect conduit between the [Defense Dept] & the state," says James Christy, law enforcement & counterintelligence coordinator for the Pentagon's Defense-wide Information Assurance Program, who helped draft the proposal. "The National Guard works for the state governor most of the time, but they can be federalized in times of crisis." The Guard's quasi-federal status is key to the plan, which Christy wants to see spread to all fifty states. He argues that state-level involvement is needed to protect critical infrastructures from terrorists & foreign info-warriors. "If we were ever to see a strategic attack on the nation, what you need is somebody on the local level, and then upstream it to the national level," says Christy. "The National Guard is the perfect conduit between the Defense Dept & the state." James Christy, Defense Dept "If something happens here in the state, it could disrupt Luke Air Force Base, for example, which is here in the Arizona," agrees Rep. Wes Marsh, the bill's sponsor. "The cyber impacts the physical, and that's what's so unique about the bill." But the SIPC bill is not without critics, and an earlier version passed Arizona's House of Representatives only to be shot down in the Senate. At issue: The legislation foresees crafting the SIPC out of existing hardware & personnel, at no cost to taxpayers, a proposition Arizona governor Jane Hull says is unrealistic. Moreover, the bill would require the state's technology managers to promulgate a series of cyber security plans including use of intrusion detection systems in every govt agency, but doesn't offer any money for that effort. "The governor has concerns because it's not funded, and it calls for the creation of 15 different plans with no implementation strategy or funding," says Susan Patrick, strategic communications manager with Arizona's Govt Information Technology Agency, the group that would be responsible for pushing the reforms. "It also calls for us to use existing resources, and we have no statewide information security specialists in our agency." Marsh counters that the state should already be using IDS systems, and other security measures, across the board, and argues that availability of freeware programs like Snort and PGP should alleviate cost concerns. "Current statutes require them to have disaster recover & reconstitution plans," says Marsh. "Information assurance is a critical component of that."

E-Bomb   more   In an eye blink, electromagnetic bombs can put civilization back 200 years. Terrorists' building cost is $400.   9.01   Jim Wilson Popular Mechanics … high-power microwave pulses … 1925 by physicist Arthur H. Compton, … the Compton Effect … first major test of an American electromagnetic bomb is scheduled for next year. … In the 1980s, the Air Force tested E-bombs that used cruise-missile delivery systems. … idea the U.S. studied but discarded, the Flux Compression Generator (FCG). … Virtual havoc 8.5.01   Jim Beamguard Tampa Tribune In the wee hours of a recent Sunday morning, a young oaf from Taiwan had me crawling around my attic, desperately searching for an old document I needed to save my sanity. It's a long, sad tale that began around 8 pm on a Saturday, when my younger son reported the computer had refused to play games. I watched him try again and saw a dreaded message: Virus detected. I took over and asked the virus detection program to seek and destroy. It wouldn't or couldn't. Nothing I tried worked. Round one to Chen Ing-Hau. I resigned myself to wiping clean the hard drive and reloading all the programs. But to my dismay, the emergency boot disk did not work. The hard drive refused to be erased or reformatted. Windows 98 wouldn't even try to load. It told me the computer had no room for an operating system. Give round two to the student from Taiwan. At this point I called Dell Computer, which guaranteed lifetime support. After a while I reached someone who gamely tried everything he could think of to restore my machine to meaningful life. Finally in frustration, he asked me to tell him exactly what had gone wrong. I mentioned seeing the name Windows95.CIH, and he let out a gasp of horror: The Chernobyl virus! Round three goes to Chen. MS-DOS layer still at the heart of Microsoft Windows 98 & Windows ME was first written in 1981, and even it was a quick "port" (without many changes) of an earlier operating system called CP/M, written in 1970s. Year 2038 problem 4.9.02 Roger M. Wilcox It was named after the initials of this Chen Ing-Hau, a university student who is said to have written & unleashed it to cause suffering worthy of a nuclear disaster. It does more than destroy data; it rearranges it to defy an easy fix. The voice on the phone worked me through a tedious process of typing in many short lines of arcane code and telling him what the machine did in reply. Together we gradually sandblasted clean my hard drive. After an hour's work, we had it as information-free as a newborn baby. I thanked the virtual surgeon, who left the rest to me. Round four to the home team. Now I could reload Windows 98, or so I thought. The CD began to load but stopped and asked for the verification number that came with the disk. It wanted to be sure I wasn't cheating Microsoft by borrowing someone's software. That meant a trip to the attic to search through boxes of stuff, most of which should have been thrown away, but you never know. The attic is cramped, hot and dark. Round five to Chen. Somehow I found the right paper. It was 1 a.m. and hope lived. The machine accepted the long list of numbers and letters from the authentication document but then shocked me by stopping to announce that what I had was a Windows 98 upgrade. The upgrade demanded to be installed on top of Windows 95. I had the Windows 95 disk handy and popped it in but was stopped again. The screen asked me to type in the Windows 95 authentication code. Chen wins round six. I had the code six years ago, probably had it still, but where? I should have kept it in a fireproof lockbox with my birth certificate and marriage license, but in fact I had lost it in some pile of computer stuff somewhere. Finally I found it and got things almost right. I went straight on the Internet to download a better, newer virus program. Round seven to the home team. After I paid $25 via credit card, it told me to print out the screen as a receipt. Oops, the printer wasn't reinstalled yet, so the computer froze. When I got it going again, the virus Web site wouldn't talk to me unless I first typed in my code name and password, which it had sent by e-mail. Trouble was, my Roadrunner e-mail program was gone. Round eight to Chen. I began setting it up again, and it refused to accept my sign-on name and password. I tried every password I've ever used and none worked. So early one Sunday morning, a Roadrunner worker got a call from a very grouchy customer. I convinced him I was not an identity thief and he confirmed my sign-on name & password, exactly what I had typed in, almost. The name needed to start with a lower-case letter, not an upper-case one. Around 2 a.m. I was able to get the e-mail, download the virus-fighting info and declare my computer safe and germ-free. Round nine and Chen finally went down for the count. But I didn't celebrate, just went to bed. If another virus strikes my household, I hope I catch it instead of my computer. Anything short of Ebola would cause less misery than Win95.CIH.

Weapons of the secret war   ¹ ² ³   £ Drug war signals honed intelligence for terrorism fight Nov. 2001   Paul Kaihla Business 2.0 The target never had a clue that he was in imminent danger. A high-ranking member of a Kashmiri terrorist group implicated in the World Trade Center attack, he had every reason to believe he had eluded the manhunt. He was lying low in a nondescript safe house on the outskirts of Peshawar in Pakistan's Khyber Pass region. He steered clear of phones and kept to himself. His sole contact with his global ring was through wireless e-mail transmitted by a high-frequency radio running on only eight flashlight batteries. Using that low-powered signal to send messages of only a few words at a time, keeping transmissions to short bursts, he was impossible to trace. Or so he thought. What the terrorist couldn't know was that signals intelligence operatives had been on his trail for months. His communications network relied on a base station hundreds of miles away in the Afghan desert; that device had been spotted by a robotic USAF Predator spy plane mapping radio traffic along mountainous Afghan-Pakistani border from an altitude of 25K ft. Thereafter, each radio message he sent brought his fate closer, the final one pinpointed by members of the U.S. antiterrorism unit, Delta Force, who were sweeping his outpost with handheld direction finders. They staked out the house with local commandos and waited. When their man stepped out for some air, they made a visual confirmation and radioed the kill order to a Pakistani sniper team. From a quarter-mile away, a shooter took out the target with a single .50-caliber bullet.

Hypothetical scenario above parallels almost exactly the real-life 12.2.93 demise of public enemy number one in the U.S. war on drugs, Pablo Escobar. That manhunt ended in Medellin, not Peshawar, and infinite justice was Colombian, not Pakistani commandos. Still, U.S. intelligence & military say 1990s drug cartel raids are model for antiterror strategy. In both, U.S. special forces advise indigenous troops, who do the actual dirty work. And in both cases, American signals intelligence technology plays a crucial role. Broadly speaking, signals intelligence (sigint) is the interception, exploitation, and jamming of electronic communication, whether it's radiated through the atmosphere and sea or through fixed lines like the telephone grid. In its 21st-century American application, it is a multibillion-dollar enterprise designed to eavesdrop on the conversations and data traffic of U.S. adversaries anywhere in the world. (However, the law prohibits blanket electronic monitoring of U.S. residents, one reason perhaps that intelligence agencies missed the hundreds of e-mails 9.11.01 hijackers exchanged with each other from personal computers and public library kiosks.)

Listening posts in worldwide surveillance network range from simple radio antennas wired into sophisticated receivers to P-3 Orion spy planes operated by the U.S. Navy & Customs Service to nuclear submarines like the USS Jimmy Carter , which can sit on the ocean floor for weeks at a time tapping undersea fiber-optic cables. The network even extends into space, where at least 8 geosynchronous spy satellites vacuum up radio and other waves emanating from earth, beam the captured data to receivers on various continents, and then relay them to Fort Meade, MD NSA HQ. Some listening points feed data computers of Cold War-inspired intelligence cooperative called Echelon, maintained by U.S., Canada, Britain, Australia, and New Zealand. Spectrum analyzers, like MRI-scanners for all electromagnetic signals in an area find radio transmitter in mountains & tell its energy source. Data-mining software combs hundreds of millions of intercepted e-mail msgs, faxes, and phone calls in minutes to find a single flagged sequence. System can pick single voice from thousands of cell-phone conversations in area, even if speaker is constantly switching phones to avoid interception.

At the controls are specialists who number only a few hundred in U.S. and perhaps 2,000 in the entire world. One of handful of private contractors told Business 2.0 he was hired by 3 letter govt agency 9.11.01 and has worked practically around the clock since. Steve Uhrig is another private sigint contractor, onetime "spook" with U.S. Naval Intelligence now one of most respected surveillance & technical countermeasure specialists in world. He installs bugs & wiretaps, sweeps for them, and designs "black boxes". Colombian army is by far his largest customer. Among surveillance systems he set up in Colombia is 100 "beeper busters" network, computer-driven receivers with decoders that filter both pager numbers & content of interest to authorities in real time. The instant suspect receive pager message, Colombian army intelligence has a copy.

In 1993 the CIA & covert U.S. Army unit called Centra Spike spent months in Colombia monitoring Escobar's communications from both ground & air, finally pinpointing his location when he made a cell phone call. Colombian special forces commandos killed him as he ran barefoot across apt bldg rooftop. Escobar's death taught traffickers cell phones vulnerability. Cartel countermeasure is to "roll" cell phones to confuse wiretappers. Using scanners, they steal identities of innocent bystanders' mobile phones and program the "cloned" numbers into their own handsets for a few days at a time. Authorities can't keep track of what phone numbers they should be tapping. In response, authorities deployed surveillance techy that operates over Colombia from spy planes. It uses a series of intermediate frequency-to-tape converters with directional antennas, receivers, and wide-band recorders, to scoop major bands across entire cellular spectrum. Loaded with the proper gear, one aircraft can record all cell traffic in major city by circling at high altitude exploiting microwave signals that form handshake between cell sites in wireless networks. At plane's base, computer extracts audio files of conversations from captured signals. Audio files then filtered with voice recognition software, allowing identification by suspect's voice.

According to Uhrig, those vacuum cleaner technologies will not be as effective against Middle Eastern terrorists. Afghanistan has no cellular service. This year's successful prosecution of 4 terrorists implicated in 1998 African embassy bombings relied heavily on NSA intercepts of cellular & satellite phone calls between terrorist leader Osama bin Laden & his al Qaeda network. All too aware its phones were compromised, al Qaeda reportedly curtailed its use of phones. Task is the forte of unacknowledged U.S. intelligence agency named of Special Collections Service (SCS) in Beltsville, MD, short freeway ride from NSA HQ, jointly staffed by NSA & CIA. Operating under U.S. embassy cover around world, agency known for hiding bugs on pigeons on windowsills of Soviet embassy in WashD.C.

SCS currently eavesdropping on govt communications in MidEast capitals and, where possible, setting up listening posts around figures close to bin Laden's network. "They'll be trying to build a case to show the Taliban's support for al Qaeda," says retired U.S. special ops colonel still involved with military. Suspects try to blend into densely populated city talk on a radio freq they "snuggle" next to powerful signal like local tv transmitter. "Sweeping area for a radio, you'll miss it unless you know exactly what you're looking for," says Uhrig, technical consultant for film Enemy of the State. "Receiver will lock on to the big transmitter." In that case, hunt with spectrum analyzer for picture monitoring all signals big & small, and break them down into parts.

In mountains, Uhrig surmises low-powered high-freq radio network, whose signals drowned in background noise emitted by electronic car ignitions. In a manhunt, ascertain coordinates of a target. Modern direction finders get bearing on radio or a cell phone even if they capture as little as 20msec signal. Put Tomahawk into cave with laser detonator." Anything that creates RF signal, …

bin Laden's software   10.01   Gordon Thomas Accenture Ptech stolen supercellphone Iraq Regulatory Data Corp corporate welfare untracked pensions Vince Foster Seeds of Fire Robert Maxwell: Israeli superspy Osama bin-Laden is using the world's most sophisticated software to track PM Tony Blair, Pres. GWBush and key members of the Coalition against Global Terrorism. Convicted FBI super-spy Robert P Hanssen stole the software for his Russian paymasters. They sold it to bin-Laden for £Stg 3 million a month before he launched his attack on America. As well as tracking the Coalition leaders, bin-Laden is using the software to avoid intelligence agencies trying to freeze his vast fortune, estimated at over £Stg 400 million and deposited in over 100 accounts in banks around the world. The software was used to empty his holdings in the City of London, Wall Street, the Frankfurt Bourse and other key financial centers. Bin-Laden's money is now believed to be stored under a variety of aliases in China's banking system. So far the Beijing regime has refused to collaborate with Western financial specialists trying to trace the funds. The software is called Promis and is designed to be operated from a laptop computer by spies. It has been sold to the CIA, FBI, MI5, MI6 and European agencies like Germany's BND. It was developed by a small specialist company in Washington called Inslaw, long at the cutting edge of creating electronic intelligence-gathering equipment. Its President, William Hamilton, a 45 year old bearded computer expert who is regarded as one of the world's leading experts in the field of electronic surveillance confirmed the Promis software gives bin-Laden access to any govt database including Downing Street and the White House. "It also has the ability to empty his bank accounts in the blink of an eye and organise money-laundering operations. With Promis, bin-Laden can monitor efforts to track him down. The irony of it is that Promis is so sophisticated that it can be used by somebody who is not really computer literate. All bin-Laden has to do is to insert the software into a computer and press the command buttons on his screen." That simplicity of operation has pressed panic buttons in the White House and Downing Street. Evidence of that emerged last week when the BBC was castigated by the govt after reporting the travel movements of Tony Blair to the MidEast. Fearful that bin-Laden could attack the White House when both President Bush & VP Cheney, were together, the FBI has ordered the men to stay apart. Cheney now operates out of a bunker 250 miles from Washington. Its location is classified. Known as Hotel Armageddon, … The first hint that bin-Laden had obtained Promis came on the morning of 9.11.01. As Air Force One flew Bush from Florida to Washington, the chief of the Secret Service detail on board was called to the communications shack behind the flight deck. Karl Rove, Bush's senior adviser, remembered: "The chief was told that a coded message had just come in that said 'Bush, you are next'. It was clear from the message that somebody knew how to break through all the procedures and the daily code book. The only way that could be done is with the Promis software." Air Force One was diverted to a military airfield in Louisana. "You can change the codes and procedures. But Promis is designed to work its way past them," said Hamilton. "To know what is going on in any seat of govt, all bin-Laden has to do is to insert an electronic trapdoor in his software. It would give him an eavesdropping facility that would probably cost no more than £400 to install," added Hamilton. Since last week Germany's BND, its external intelligence service, has stopped using its Promis software in case it can be intercepted by bin-Laden. Promis is designed to "electronically speak" to other versions of the software. In one of his last overseas assignments before being arrested, Hanssen flew to London and supervised the installation of Promis in MI5 and MI6 headquarters. He has assured the FBI in return for being spared the death sentence for his treachery that there are no trapdoors in Britain's intelligence computers. But last week it emerged that secret details about bin-Laden's organisation and its contacts with the Real IRA, ETA (the Basque separatist group), and other Middle East groups with cells in Montreal, had been electronically lifted from computers of the Canadian Secret Intelligence Service (CSIS). CSIS has had a poor reputation in recent years for maintaining operational secrecy. The country's internal security service, operated by the Royal Canadian Mounted Police, the Mounties, has already conducted one lengthy investigation last year into the misuse of Promis. The results of that investigation have remained secret. Cops tap database to harass, intimidate Some say police misuse frequent, but punishments rare 7.31.01   M. L. ElrickM. L. Elrick Free Press Police throughout Michigan, entrusted with personal & confidential information in a state law enforcement database, have used it to stalk women, threaten motorists and settle scores. Over the past 5 years, more than 90 Michigan police officers, dispatchers, federal agents and security guards have abused the Law Enforcement Information Network (LEIN), according to a Free Press examination of hundreds of pages of LEIN records & police reports. In many cases, abusers turned a valuable crime-fighting tool into a personal search engine for home addresses, for driving records and for criminal files of love interests, colleagues, bosses or rivals. Even police are vulnerable to having their privacy violated. Former Center Line police chief Adam Garcia's name was run through the LEIN by one of his own officers when he took the job in June 1998. Garcia said his record was clean and he had nothing to hide. "It was meant to harass and intimidate me," Garcia said. "And to let me know that they knew all about me when they weren't supposed to know." Police said they think the system, which is used to make about 3 million background checks each month, is more widely abused than anyone knows. "I wouldn't doubt that it happens very often," said Lawrence Carey, who retired this month as Plymouth Township's police chief. "A lot of them are taken care of internally." Since 1967, the LEIN has been a powerful weapon in the fight against crime. Using the FBI's National Crime Information Ctr, Michigan Sec.State vehicle registrations & driving histories, and other databases, LEIN can tell police whether someone is wanted on an arrest warrant, is a sex offender, was reported missing, or is deemed dangerous. Police can find out where someone lives as well as confidential information such as whether the person applied for a concealed weapon permit or has a suppressed juvenile record. All it takes to access someone's detailed personal information is their name or license plate number. Sometimes, one officer will have another officer run a questionable LEIN check for them, possibly as a way of avoiding detection. Despite rules limiting LEIN use to law enforcement purposes, police told the Free Press their colleagues use LEIN to check out attractive people they spot on the road. "I'm not going to be so naive as to say an officer hasn't seen a pretty girl and run her plate," said Carey, who also was once chief in Troy. Former Memphis Police Chief Phillip Ludos said the practice is so common it is known simply as "Running a plate for a date." Part-time Memphis police officer Scott Woods, also known by his Internet nom de plume, BRN 2B NAKED, used the LEIN to find out personal information about a woman he met on the Internet around March 1999, according to Memphis police reports. Woods, who was also working as a Macomb County Jail guard, asked a friend in Detroit's 9th (Gratiot) Precinct to get information on a St. Clair Shores woman, according to a Memphis police incident report and Macomb County sheriff's investigation report. Woods began corresponding with the woman, and over the course of 2 months told her he was a widower raising a baby daughter. The woman told the Free Press she was afraid to talk about the case and did not want her name used. According to police records, the woman gave Woods her phone number and arranged to meet him after work one night. But instead of going on a date, Woods sat outside her workplace in his sport-utility vehicle, the woman told police. She said she waved Woods in, but he just sat there. Woods later told the woman he had followed her home the night before, according to police records. He called her by her middle name, which she had not told him. He described her height & weight. He went on to call her at home and work up to 3 times a day, according to police & sheriff's records. Woods declined to discuss the case. "It's something from my past," he said. "That was all blown out of proportion." Ludos, who was Memphis chief at the time, said Woods confirmed the woman's account when confronted. Ludos said he fired Woods from the Memphis force for conduct unbecoming an officer in 1999. He resigned from the Sheriff's Dept. Sharing LEIN information is a misdemeanor in Michigan, punishable by up to 90 days in jail and a $500 fine, upon conviction. As is often the case, the Detroit officers accused of abusing the system to help Woods were not prosecuted. Both are facing a hearing on possible departmental discipline, but it has not been scheduled. Sometimes the LEIN is used as a weapon in domestic disputes. Former Oakland Cty asst prosecutor Cathy McGuigan said she should not have been surprised when her ex-husband, John Knechtges, ran her new husband's information through the LEIN. "When you start getting into the romantic entanglement dept, I think that's when the cops abuse it a lot," she said. "Anybody who's ever been involved with a police officer should be concerned about it happening to them." Knechtges, then a Troy police lt, and a friendly FBI agent ran McGuigan's husband through LEIN. Armed with information, Knechtges took McGuigan to court and attempted to gain custody of their son. McGuigan said Knechtges was unsuccessful, but his power play helped end her new marriage. Knechtges was reprimanded and suspended for a week without pay. FBI agent James Triano, who ran McGuigan's husband through LEIN, received a letter of censure and was put on probation for 6 months, said Detroit FBI Special-Agent-In-Charge John Bell Jr. Bell called the incident "very serious, you're talking about our bread & butter, controlling information." But, he said, the agent acted out of concern for the couple's child. Triano did not respond to requests for an interview. Knechtges, who now works for a glass manufacturer, declined to comment. It's not uncommon for police to help friends get information through LEIN. One hour after Carl Daisy exchanged heated words with another motorist in Northville on 4.7.98, Highland Park Public Safety Officer Eric Hollowell, who was not involved in the altercation, asked a dispatcher to run Daisy's license plate number through the LEIN system, state records show. Less than an hour later, Daisy received the first of many ominous calls. "You're talking to God. I know everything about you," the man told Daisy. On at least one occasion, Daisy said the caller told him he "had a beautiful wife and that it would be a shame if anything happened to her." The caller was never identified. Hollowell is not suspected of calling Daisy, and he denies abusing the LEIN system. But Ronald Parham, who was Highland Park Police Chief at the time, said he concluded that Hollowell used the LEIN to help an acquaintance locate Daisy. Parham said he reprimanded Hollowell, and Wayne County prosecutors declined to prosecute.That outrages Daisy. "What would happen if I accessed that information?" he asked. "There are stalking laws. I'd be creamed." Hollowell's explanation for being linked to the LEIN check on Daisy: a bookkeeping error or another officer requesting a LEIN check under his name. "I honestly don't remember running that plate," Hollowell said. "If I did run it, it was legitimate. It wasn't for any bull." In 1996, police running license plates through LEIN exposed a secret surveillance operation, according to state records. St. Clair Police were investigating a major seller of illegal cable boxes when a Detroit police detective and a Michigan State Police trooper separately ran LEIN checks on their undercover vehicles, St. Clair Police Chief Donald Barnum said. Records don't show why the checks were made. St. Clair police didn't learn they had been exposed until they searched the suspect's home and found LEIN printouts, Barnum said. "That information was very, very classified and very, very difficult to obtain," he said. "That information could have been very detrimental to the outcome of our case." Investigators were unable to determine which trooper tapped into the database, but records show that the Detroit detective was suspended for 2 days. Sometimes LEIN abuse becomes a part of political campaigns. Genesee County Sheriff's Dept Sgt. Chuck Melki blames LEIN abuse for undermining his campaign against incumbent Sheriff Robert Pickell in the 2000 Democratic primary. On 6.21.00, Genesee County Jail administrator Kenneth Emigh, a Pickell appointee, had deputies run the license plates of 3 cars with pro-Melki bumper stickers. State police investigated after an anonymous letter writer reported the incident. As word spread within the dept, Melki said his supporters became intimidated. "A lot of my support shrunk up, went underground when they found out they were running people's plates," Melki said. Pickell suspended Emigh for 3 days. Emigh said he used bad judgment, but was not trying to help Pickell. "I really regret doing it," Emigh said. "I have not run one since. It's not worth the trouble." Said Melki: "The public can't use it for personal gain, why can a police officer? ...If you'd have done that, we'd have been getting a warrant on you." Database on U.S. visitors set for huge expansion 6.2.04   Anitha Reddy & Sara kehaulani goo Wash.Post Dept of Homeland Security yesterday awarded a contract worth up to $10 billion to Accenture LLP to oversee & expand a massive U.S. program to track millions of foreign visitors as they cross American borders. The project, called U.S. Visit, collects & stores information about foreigners entering & exiting the country on visas through airports & seaports. The data, incl digital photographs & fingerprints, are stored in an electronic database and shared among some govt agencies to ensure that visitors do not overstay their visas and to help authorities capture suspected terrorists and criminals. The program debuted at U.S. airports & seaports in January and has processed more than 4.5 million people. Homeland Security officials said they have used U.S. Visit to deny entry to suspected terrorists and to arrest more than 500 wanted or suspected criminals. Now the program will expand to track all foreign visitors entering & exiting the country, incl those who don't need visas and those who arrive by land. About 94% of all foreign visitors enter and exit the country by land. Accenture will oversee or replace a number of govt contractors that are working on the existing pieces of the U.S. Visit program, which began under the former Immigration & Naturalization Service. Co. task will be to vastly broaden the project to visitors crossing land borders without slowing intl commerce. "I don't think you could overstate the impact of this responsibility, in terms of security of our nation," said Dept of Homeland Security undersecretary for Border & Transportation Security Asa Hutchinson. "If you look at the 9.11.01 terrorists, they came here in violation of our immigration laws." Some critics complained that Reston VA based Accenture LLP should not have won the contract over competitors Lockheed Martin Corp. & Computer Sciences Corp. because its parent consulting firm Accenture Ltd. is based in Bermuda. "Accenture isn't contributing its fair share to the costs of the very contract that it's now been given," because of the tax advantages it receives, said Rep. Lloyd Doggett D-TX who authored a bill to eliminate incentives for American companies that move their headquarters abroad. Homeland Security's Hutchinson said yesterday that Accenture LLP is a U.S. taxpayer and is qualified to bid on U.S. govt contracts. He said the agency chose Accenture based on its management & technical ability, its past performance on govt contracts and the amount of its bid. Officials yesterday declined to provide total value of the 5 year contract, saying it would range from $10 million to $10 billion, depending on how much funding the program receives from Congress, the agency's policy decisions and Accenture's performance. Homeland Security officials said Accenture bid $72 million to complete the first year's work. Accenture will help Homeland Security meet 2 ambitious deadlines. By 12.31.04, Homeland Security must begin fingerprinting & photographing foreigners who enter the country at the 50 busiest land borders. A Homeland Security spokesman said initially most Canadians & Mexicans will be exempt from the program, but eventually all Mexicans & Canadians may have to comply. By 12.31.05, the program will be extended to all land crossings. Some vehicles crossing land borders are already equipped with radio frequency tags that transmit data about the driver, incl photographs, to immigration & customs officers, much as EZPass technology works at tollbooths. Homeland Security officials envision eventually using similar technology to allow drivers & passengers to transmit their personal information instantly while crossing the border. Under Accenture's plan, U.S. Visit would create "virtual" folders for each foreign traveler entering by air, sea or land that would electronically store visa application information, fingerprints, photographs, entry and exit dates, and the purpose of the visits. For travelers with a student visa, for example, the folder would also include relevant details such as the school and period of enrollment. "They selected us because we had a clear understanding for their vision of the future of border management for this country," said Accenture managing partner for defense & homeland security Eric Stange. Accenture will create a chief privacy officer because the system will give inspectors unprecedented access to travelers' personal information. Originally conceived as an immigration program, U.S. Visit is now being designed to integrate immigrations databases and to share information about millions of foreigners with a host of federal & state agencies. The program will enable Homeland Security officials to share information about individuals with the DoJ, Transportation &Commerce Dept and FBI. Officials said they would only share information with other agencies as part of a specific criminal investigation or "authorized purpose," such as the agency's Citizenship & Immigration Services, which processes citizenship applications. Electronic Privacy Information Ctr general counsel David L. Sobel said govt should be more clear about the conditions under which it shares people's information. "The large-scale collection & sharing of information is a serious concern," he said. "Its always inevitable that once one agency has a large collection of information, it's really only a matter of time [before] that information" is sent throughout the govt. The contract is largest yet awarded by the 18-month-old Homeland Security agency and is widely seen as a stepping stone to other big dept contracts. U.S. Visit program received $367 million for fiscal 2003 and has received $340 million for fiscal 2004. "That's why all of these companies are working so hard to really try to win these contracts," said defense research firm Teal Group analyst Philip Finnegan. "They all really see homeland security as a bit of a wild card but a real potential growth area." Accenture team comprises 29 subcontractors, incl AT&T Corp., Dell Inc. and Halliburton Co. subsidiary KBR.

FBI 'Magic Lantern' reality check 12.3.01   Thos.C Greene The Register Washington   There's been a lot of noise since MSNBC's Bob Sullivan broke the story of a new viral snoop tool called 'Magic Lantern' which the FBI is purportedly developing to capture crypto passphrases so they can decrypt files on suspects' computers. Of course this all comes from an anonymous source whose level of access isn't even hinted at, so we remain unconvinced. The tool is described, Sullivan implies, in the blacked-out sections of a series of documents obtained by the Electronic Privacy Information Center under an FIOA request. Right. Next, ZD-Net's Robert Lemos grabbed it and affected to be skeptical, calling it a Trojan. He said it was nothing new, but he didn't seem to doubt it exists. Then AP's Ted Bridis grabbed it and added another unsubstantiated embellishment, claiming that anti-virus outfit McAfee had contacted the FBI offering to engineer its products to fail to alert users when Magic Lantern heads their way. McAfee has flatly denied Bridis' claim. In reply, Bridis, like Sullivan, appealed to an anonymous source. So what we have here are 3 stories, none of which contains a single verifiable fact substantiating the existence of an FBI 'virus' or 'Trojan' or any conspiracy between the Feds and the AV industry to ensure that it remains undetected. Some truth Assuming Magic Lantern exists, we can be sure that it's not a virus and that it's not Trojan according to Lemos' examples of BO2K and SubSeven. The FBI simply is not going to root someone's box. That would give them remote access, which means they would blow the bust because they'd be open to reasonable doubt that they planted evidence. The only thing it could reasonably be is a simple self-extracting keylogger concealed as a friendly progie or upgrade, which is far from ground-breaking news. Software keyloggers like Ghost have been available for ages, and it's hardly surprising that the FBI might be interested in them. Technical challenges Getting the malware to the right person's machine will be a bit of a trial. For this, perhaps the FBI can leverage the malware propagation features cleverly coded into Microsoft Outlook and Outlook Express, and e-mail malicious porn files and whack-a-mole games to drug lords & intl terrorists. Once a victim is infected, there are quite a few countermeasures he can employ. A proper firewall properly set up should inform a watchful user of any attempts by malware to phone home. Preventing e-mail from going out in secret is a bit more of a problem, but setting up a bogus default account might give one an edge. Now, Windows has a handy 'system restore' feature which works wonders. Simply clean install the OS, load all your apps and progies and drivers, and back up your system before you do anything else. Once the backup is done, you can revert to the clean version periodically. In Win 9x, go to C:\Windows\System\Msconfig.exe and start the program. You'll find a button that says 'Create Backup'. That's how you take a 'snapshot' of your system. Whenever you get the urge, just bring up the utility and hit the other button which says 'Restore Backup'. Goodbye Magic Lantern (probably). In Windows Me, 2K, XP, go to the Start menu, Programs, Accessories, System Tools, System Restore. You can also do this the hard way by following the twin-HDD routine elaborated in this article. This method is more troublesome, but more thorough if you prefer not to leave anything to chance. Search or wiretap? Of course, even a simple keylogger is ripe for official abuse; and ever since the September 11 disaster Mueller's FBI and Ashcroft's DoJ have exhibited a most neurotic, Stasi-like compulsion to trample the Bill of Rights for the public good. The technology itself may be enormously duller than the press has been hoping, but it's perfectly suited to dirty deeds. The chief question is whether the Feds should be required to get a wiretap warrant which demands a higher level of evidence rather than a simple search warrant before they can use a keylogger. To my mind, logging someone's keystrokes is a lot more like a wiretap than it is like a search, and I personally believe that the conditions for a wiretap warrant should have to be satisfied before it can be authorized. The FBI will of course argue that if they have a search warrant to examine the files on someone's computer, and logging keystrokes to capture crypto passphrases is necessary for them to execute the search fully, then the right to do so is implied in the warrant. Another abuse that comes to mind is using any sort of data, including key logs, which has been gathered improperly to extract a confession during interrogations. If a suspect doesn't realize that the evidence against him is useless in court, he may be frightened into accepting a plea arrangement straight away. But this is not a problem specific to Magic Lantern; it's a problem specific to a frightened Bush Administration which has elected to take as many pages as it can from the Stalinist playbook to keep us safe from bad men who sneak about in the shadows and use violence, deception and coercion against us. I wouldn't worry too much about keyloggers. I'd worry a good deal more about the sudden, dramatic erosion of laws protecting us from their misuse by zealous, terrified Feds. FBI takes page from Mormons' data book 3.22.02   Kevin Johnson USA TODAY WASHINGTON   The FBI is consulting Mormon Church computer experts who oversee the institution's vast genealogy data bank to help rebuild the bureau's outdated information system. Officials say repeated failures by the FBI system have hindered some of the bureau's most important investigations in recent years, including the probe into 9.11.01. In days after the attacks, the FBI computer system did not have the capacity to distribute mug shots of the 19 suicide hijackers to investigators in the bureau's 56 U.S. field offices and its posts overseas, FBI Exec. Asst Dir. Robert Chiaradio told the Senate Judiciary Committee on Thursday. Instead, Chiaradio said, FBI officials involved in the largest probe in U.S. history had to send critical, time-sensitive material, including the hijackers' mug shots, by overnight mail to agents around the world. ''At senior levels, we must lead the bureau back to where (information management) is accepted as second nature,'' Chiaradio said. Earlier this week, the FBI's computer problems were cited in a report that examined why the bureau initially failed to disclose more than 3,000 documents related to the trial of Oklahoma City bomber Timothy McVeigh in 1997. The discovery of the documents last year led officials to delay McVeigh's execution by one month, until a federal judge ruled that the FBI's snafu did not warrant a new trial. Justice Dept investigators determined the FBI did not intentionally withhold information from prosecutors and defense attorneys. Even so, ''the FBI's troubled information management systems are likely to have a continuing negative impact on its ability to properly investigate crimes,'' says Justice Dept Inspector General Glenn Fine, who reviewed the FBI's conduct in the McVeigh case. ''The FBI has both a paper and an electronic management system in place, neither of which is reliable.'' Chiaradio says the FBI has begun addressing its problems in managing & analyzing the mass of information it gathers in investigations. As part of that effort, Mormon officials are providing advice for developing name- recognition programs that would assist authorities in finding & tracking suspects. The system currently available to agents, which is more than a decade old, is so limited that its search engines do not automatically provide investigators with alternate spellings for suspects' names. An agent must spell a suspect's name exactly right, or the FBI computer will not recognize it. That can be particularly frustrating in cases such as 9.11.01 in which suspects have used multiple names and sometimes created identities simply by switching a few letters in their names. Based in Salt Lake City, the Mormon Church is known throughout the world for maintaining a popular & accessible data bank for tracing family histories. FBI officials say the church has expertise in developing programs that respond to deviations in spelling & other name constructions. Congress has given the FBI $417 million for a new computer system. FBI officials say they expect it to be operational by early next year. Among its features, Chiaradio says, is a security system that will allow senior officials to check who is accessing confidential files. That is aimed at preventing a situation such as that orchestrated by former FBI agent Robert Hanssen who spied for Moscow for more than a decade before he was caught last year. He is serving a life sentence. Information abuse has many forms 8.1.01   M.L. Elrick Free Press "There isn't anybody, anywhere in law enforcement that doesn't check people out," said former Ingham County Sheriff's Deputy Ted Palmer. "If they say they don't, I'd stake you a hundred that they're lying." Palmer knows the Law Enforcement Information Network, or LEIN, from both sides of the law. The Ingham County prosecutor in July 1999 charged him with 5 counts of abusing the system after his ex-wife told sheriff's investigators that he may have run as many as 17 friends & relatives through the LEIN in 1998 & 1999. Palmer called the charges a witch-hunt and sued. Although he acknowledged in an interview that he ran identifying information of family & acquaintances through LEIN, he said he was investigating or checking to make sure he did not consort with felons. "It is not illegal for any law enforcement officer to run anybody that they want to," Palmer said. He also said what constitutes legitimate LEIN use "is a gray area." Prosecutors dropped their case against Palmer after he quit the Sheriff's Dept and abandoned his lawsuit. Robin Richey didn't give much thought to the foul-mouthed driver of the black sport-utility vehicle that rushed up behind her on Dodge Park Road in Sterling Heights on 5.30.00. She made an obscene gesture. 8 days later, Richey said an irate caller left a message on her home machine, warning her to be careful about making rude gestures. The caller said he knew where she lived and threatened to damage her cars, according to a Sterling Heights police report. "I was really scared," Richey said. "I just didn't want this guy coming after me or my 3 children." After calling police, she began sleuthing on her own. Surmising that the caller tracked her by her license plate, Richey contacted the Secretary of State's Office, which told her Clinton Township Police Capt. Thomas White had run it. "If it was any Joe Blow off the street, I could take it with a grain of salt," Richey said. "But this was someone who was supposed to be protecting people, not abusing them." White did not return messages seeking comment. White told investigators he ran Richey through LEIN after he saw her driving erratically. He was suspended for 30 days without pay, according to state records on LEIN violations. Jesse Robitaille knew something was wrong when he got a call Sept. 1999 demanding $917 for repairs to a car he never hit. What concerned the Lake Odessa man more was that a retired police sergeant allegedly used the LEIN to locate him. The caller claimed Robitaille ran him off the road and said that if Robitaille paid up, he wouldn't call police. However, State Police found no evidence of an accident. Robitaille called State Police, who suspected that a retired Kentwood police sergeant ran Robitaille through LEIN for an acquaintance. The suspicion was not proved. Michigan State Police Sgt. Ken Olney, who investigated, said the retired officer was working as a civilian employee of a State Police task force when the LEIN check was run. Penalties uneven for data misuse Some cops are sanctioned severely, some not at all 8.1.01   M.L.Elrick Free Press Detroit   Michigan's system for disciplining officers who abuse the confidential Law Enforcement Information Network is flawed, meting out unequal justice for violators and victims alike. Overseeing the system is a committee virtually powerless to punish those who have used the system's database of addresses, criminal records, license plate numbers and driving records to seek romance, revenge or an upper hand in personal, legal or political conflicts. Instead, it must rely on individual depts to deal with their own; the punishments they hand down vary widely. Free Press review of more than 90 cases of LEIN abuse during the past 5 years reveals that the system is vulnerable to misuse and that there are wide disparities in how local, state and federal depts deal with those who abused it. The LEIN is a state law-enforcement database that contains personal information, incl addresses, driving records and criminal records. Because LEIN machines are often left on and users are not assigned individual passwords to access the system, investigators frequently have trouble proving who violated the system. Even when investigators identify abusers, punishment varies widely. Cases:   An Albion police officer was suspended for one day after using the system to pursue a woman he wanted to date. By contrast, a Memphis police officer was fired after using LEIN to find out background information about a woman he met through the Internet.   An FBI agent received a written reprimand after running a criminal background check for a friend, yet a U.S. Border Patrol agent was prosecuted and forced to resign after checking out a license plate for an acquaintance.   A Renaissance Ctr security guard & his supervisor received written reprimands after running the guard's ex-wife through LEIN. But at the Detroit Medical Ctr, a guard was fired for making unauthorized checks. LEIN users are required to attend at least one day of training, which explains how the system works and how each transaction is tracked by the user's name. The training emphasizes one point above all: The system must only be used for legitimate police work. Nevertheless some officers abuse the system, making inquiries under another person's name or falsifying the purpose of their query to cover their tracks, according to state records of suspected LEIN violations. People whose privacy was violated by officers wrongfully using LEIN can file complaints with the Criminal Justice Information Systems Policy Council, a group of prosecutors, police executives, judges and Michigan Secretary of State's Office officials. But the council is essentially powerless to impose discipline. Law enforcement agencies that tap into the LEIN agree to abide by its rules or face revocation of their privileges. But the council is reluctant to levy such a serious penalty, the only one available to it. "That's something that nobody wants to see happen because law enforcement officers out in the field are going to be harmed," said Clinton County Prosecutor Charles Sherman, who chairs the council's committee that reviews allegations of LEIN abuse. So the council relies on its ability to persuade local police depts to investigate and punish their own. Concerned that violators were escaping punishment, a state senator 3 years ago authored a law making it a crime to misuse the LEIN. Still, of the approximately three dozen police officers who misused the system since July 1998, only 3 have faced prosecution. Most avoided criminal charges because prosecutors have interpreted the law to say that sharing LEIN information is a misdemeanor only when it is shared outside law enforcement. "You could have a police officer gaining information and using it to stalk somebody, but they haven't committed a misdemeanor because they're using it themselves," Sherman said. State Sen. Chris Dingell, D-Trenton, a lawyer who wrote the law, said tapping into the network for personal reasons is enough for prosecution. To close any loopholes, Eaton County Prosecutor Jeff Sauter, member of the LEIN policy council, said the council is drafting new legislation. "One of the proposals is to expand the criminal penalty to unlawful access, use or dissemination," he said. "In other words, to cover the gamut." But the public has limited ability to find out about violators. After reviewing an incident, the council shreds its records. Sherman said the shredding policy is a compromise between the council, which wants details on alleged abuses, and some police officials, who object to providing detailed reports. With prosecution difficult, the council also refers instances of LEIN abuse to the Michigan Commission on Law Enforcement Standards, which can decertify police officers. So far, none has been sanctioned. So police chiefs impose discipline based on factors such as an officer's work record, the circumstances that led to the offense and local union rules. But that system allows some violators to escape punishment. State Police Sgt. Diane Oppenheim said she gave the Detroit Police Dept the name of an employee suspected of using LEIN to help Warren City Councilman Mike Wiecek allegedly harass a political foe in August 1999. But, according to LEIN policy council minutes, the dept took no disciplinary action. Wiecek, a former Detroit police officer, told the Free Press he did not ask anyone to run a LEIN check. Wiecek said he was wrongly accused of stalking by the boyfriend of Jennifer Faunce, his opponent in a state House primary. Oppenheim's investigation determined that a LEIN check had been run on Faunce's boyfriend by a specific Detroit police employee. But Detroit police told state officials they could not identify the employee who did the check. "It was kind of a joke when they had someone from DPD investigating one of their own," Oppenheim said. "It just doesn't seem kosher to me." Dingell, the state senator, said he does not have much confidence in any dept scrutinizing its own officers. "The American system of govt never trusts a body to investigate itself," he said. Sherman said that without more staff to investigate alleged abuses, the LEIN policy council must rely on local depts. "We just have to trust that they have the integrity to look into a matter like that and they're not going to want to have an officer doing things that are in violation of the law," he said. Some depts take a hard line on LEIN violations. For allegedly obtaining a stripper's address for a friend in 1997, U.S. Border Patrol Agent Lonnie Duncan was forced to quit his job and agree not to apply for any other federal law enforcement jobs. He also agreed to do 40 hours of community service. Duncan said he was duped into running the license plate for a friend who often passed along the license plate numbers of possible illegal aliens. Duncan said he was angry when when he found out the friend's real purpose, and told him, "I'm not running down your girlfriends for you." Asst U.S. Atty Lynn Helland, who prosecuted Duncan, said LEIN abusers must pay for violating the public's trust. "We're concerned with public confidence that when the govt does have access to a lot of information, it's going to use the information responsibly," he said. "By bringing a prosecution, we want to make clear to the public & law enforcement itself that this is a sacred trust and we need to be accountable for that trust." LEIN policy council exec. dir. Kathy Rector said individual passwords may soon be assigned to LEIN users to improve security by matching police to individual LEIN inquiries. Dingell said violators should be locked out of the system. Michigan lawmakers are expected to consider that proposal in the fall. In the meantime, some police depts are asking outside agencies to investigate possible LEIN violations. Oscoda County Sheriff's Dept recently turned to the Michigan Sheriff's Association Mission Team to investigate whether one of its deputies misused the LEIN.

The team, which consists of investigators from sheriffs' depts throughout Michigan who volunteer their time, determined that the deputy abused the system. The man was disciplined and is no longer a deputy.

If you suspect you have been improperly checked through the Law Enforcement Information Network, or LEIN, write to Kathy Rector, exec. dir., Criminal Justice Information Services Policy Council
c/o Michigan State Police 7150 Harris, Lansing MI 48913
Include your name, dob, driver's license number, license plate number and any details that caused you to suspect a LEIN abuse. Also include the date you suspect the violation occurred, who may have misused the LEIN and your phone number.

Confounding Carnivore How to protect your online privacy 11.29.01   Omar J. Pahati AlterNet U.S. backs radio technology that sees through walls 2.15.02   Jonathan Cox Bloomberg News WASHINGTON   U.S. regulators approved a new technology that lets law enforcement find objects buried in rubble, helps drivers avoid accidents and may give consumers options for high-speed communications in their homes and offices. The Federal Communications Commission said it took a cautious approach to so-called ultra-wideband, adopting strict guidelines for services using the system of wireless transmission. The rules will prevent the system from interfering with air traffic control operations and global positioning satellites that track military troops, hikers and other people. Ultra-wideband, developed by companies such as closely held Time Domain Corp. of Huntsville, Alabama, operates over a wide slice of airwaves using bursts of radio signals. Opponents, such as the Pentagon, mobile-phone carriers and other U.S. agencies, feared the service might interfere with equipt. "Our first step today is extremely conservative and cautious," said FCC Commissioner Kathleen Abernathy. "I'm pleased we've come as far as we have; I wish we could go further." It will review rules within the next six to 12 months to determine whether it may relax restrictions on the technology to promote more uses. Ultra-wideband has been discussed in Washington for almost three years, with govt agencies and companies preparing competing studies about potential risks. One analyst compared today's decision to the approval of transmission systems in the 1980s that led to the development of the mobile-phone industry. 'Big Deal' "This is a big deal," said Scott Cleland, chief executive of the Precursor Group in Washington. "This is a once-in-a- generation new technology." The agency allowed three types of ultra-wideband devices to be used. Law enforcement, rescue personnel and some companies may use imaging systems to track criminal suspects through walls or look underground to seek individuals trapped in rubble or find cracks in water pipes. Automakers such as DaimlerChrysler AG may install equipt in cars to warn drivers when they get too close to vehicles in front of them or that adjusts suspension systems to handle changes in road conditions. Consumers may be able to buy new gear letting them set up home wireless networks to broadcast, for example, digital tv signals to a mobile receivers anywhere in the house. "The interest level is phenomenal," said Ralph Petroff, chief executive of Time Domain in a statement e-mailed to reporters. smart card   TWIC Britney Spears woos fans with smart cards Feb.2002   Card Technology.com Pop star Britney Spears is offering her fans smart cards that will give them exclusive access to behind-the-scenes videos & photos, as well as to promotional offers. The singer's Web site is offering 5 versions of the multicolored SmartFlash Collectible Card, each bearing an image of Britney and carrying a different feature in its chip. Fans will plug in smart card readers to their personal computers and insert the cards, which will take them to restricted sections of the Web site to find back-stage concert photos, rehearsal videos, samples of new music & other content not available to others. The Web site says the cards will be available soon. Spear's representatives did not respond to requests for comment, but sources say the Britney Spears card is the first in a series of smart cards featuring sports, music & film celebrities. Meanwhile, another company has launched a smart card aimed at video game enthusiasts. Norwalk, CT based StatCard Entertainment Inc. began selling its XAction Skate chip card at the Toys 'R Us store in midtown Manhattan last month, and the toy retailer will offer the cards nationwide in March, says Art Swanberg, StatCard's president & CEO. Once kids plug a smart card reader into a PC, they can insert cards featuring likenesses of skateboarding stars that take them to a StatCard Web site. There, they can earn points & add features to their cards by playing a skateboarding video game. They can also play against other kids on the Internet, winning or losing points based on the results. Swanberg says the company plans to introduce a snowboarding game card in the fall, and has plans for sports & music cards, a well. He projects selling 3 million to 5 million smart cards this year. The cards, which sell for $7.99, carry an 8-kilobyte chip from Germany's Zeitcontrol Cardsystems GmbH and are manufactured by Versatile Card Technology Inc. of Downers Grove, IL (2.6.02) Threat from cloned cards real, French banking official says Feb.2002   Card Technology.com The French banking association Groupement des Cartes Bancaires has no evidence any of its members' more than 40 million payment smart cards has been cloned, but there is a "concrete threat" counterfeiters will strike, acknowledges association CEO Yves Randoux. In addition, most of the credit & debit smart cards complying with international EMV standards to be issued over the next few years in Europe & elsewhere are at risk, say sources. The clone will work only with the current French chip cards & cards that use the weakest of the authentication methods specified in the EMV standards. Under this method, called static data authentication, the digital signature that identifies the cardholder never changes, which is why fraudsters can copy it directly onto a counterfeit card and expect any POS terminal to accept it just as it would the genuine article. "It's not that you can break the system, it's totally, totally public; it's as secret as this evening's newspaper," says Paris-based smart card consultant Jerome Ajdenbaum. How easy is it to clone one of France's current banking smart cards? "Click, click," responds computer expert Michaël Pagis, who demonstrated the clone in the Paris office of the newly formed European Institute for Information System Security. Would-be counterfeiters do have to have some technical savvy. Even then, the cloned cards will only work when the transaction stays offline, which it usually does for low-value purchases. If the terminal calls the bank for approval, as it will for higher-value purchases & withdrawals from automated teller machines, the bank will reject the transaction. The chief option is for banks to use the other main authentication method available under EMV, which changes the digital signature with each transaction. But this requires the chip to pack more processing power, which will raise the price of cards by 50% to 100%. For French banks, which last fall finished a 2 year swap-out of cards that had been compromised by hackers, that price is too high for the time being. They plan to start rolling out EMV this year, but will put off issuing the more sophisticated EMV cards until late 2003. The extra time will also be needed to complete tests of the more secure cards, says Cartes Bancaires' Randoux. (2.15.02)

Do-it-yourself Internet anonymity
11.14.01   Thos.C Greene The Register

Proxies
These are your first line of defense, so let's start with them. Proxies provide a useful layer of mediation between your machine and the Internet. There are several types, but Web proxies and Socks proxies are the two most relevant to our purposes. Grossly oversimplified, a proxy is a remote machine which you connect through to the Net, which forwards your IP traffic, and which you then appear to be originating from. When you contact a Web site via an anonymous proxy, it's the proxy's IP which shows in their logs. You can use either Web or Socks proxies with your browser, and Socks proxies with other Net clients to obscure your IP from prying eyes. But you do have to choose them with care.
Socks proxies are the best, general-purpose proxies. This is so because Socks are non-caching, which means, for example, that there won't be a record of the Web pages you fetched while connecting through one, except on your own machine, and this you can fix rather easily (more on that in 'Browser Settings'). It also means they're slow, but if you want anonymity, you shouldn't quibble. But older versions of Internet Explorer and Netscape don't support Socks. What to do? You can upgrade, but I prefer an older browser with fewer 'features', which I equate with fewer security leaks (though these should be patched regularly, of course). Rather than upgrade, you can download an application called SocksCap, and use it to 'socksify' any IP client you use. It will work with browsers, e-mail clients, telnet, SSH, chat clients, even your l4me e-mail bomber. Test it; socksify your e-mail client and send a message from one of your accounts to another. Check the header. Is the originating IP your proxy? If so, your e-mail now appears to originate from the proxy's IP. This can be extremely useful, as we'll see below.

Useful but not foolproof. Of course the proxy machine's admin can easily learn that you connected to it after perusing his logs, so a proxy doesn't actually conceal you; it just adds a layer between you and whatever you're contacting on the Net. This layer can be thick or thin, depending on where the proxy machine is physically located. If your proxy is located in a country unlikely to cooperate with requests for their logs from foreign officials, or a country where your mother tongue is rarely spoken, it can be, in practical terms if not theoretical terms, quite an effective layer of protection.
It's easy to determine a proxy's country of origin with the $20.00 Patrick Project DNS utility, which will resolve IPs to addresses and vice versa, and a good deal more to boot. You cheapskates out there can go to SamSpade.org and do it all for free. Now you know how to determine your proxy's location. The more exotic the better: Korea is better than Japan; Thailand is better than Korea; Indonesia is better than Thailand; Papua New Guinea is pure gold. Kenya is better than Morocco; Ghana is better than Kenya; Guinea is better than Ghana; Burkina Faso is pure gold. You get the picture. Now you need to test the proxy for anonymity. Some of them can leak appalling amounts of information, like your true IP, for example. There are several environmental variables checkers on line which will tell you just what information your proxy is leaking to the world, and a nice links page to a heap of them is located at Proxys4all.com.

And what do env checkers tell you? The chief variables you need to know about are: REMOTE_ADDR: Your apparent IP, which should be the proxy. If not, use another proxy.

REMOTE_HOST: Your apparent address, which should resolve to the proxy IP. or better yet not be resolvable at all. If it resolves to you, use another proxy.

HTTP_X_FORWARDED_FOR: Sometimes your true IP is revealed -- get another proxy.

HTTP_USER_AGENT: Your browser type -- unimportant.

FORWARDED: Reveals the fact that you're using a proxy; not fatal, but better if blank.

VIA: Reveals the fact that you're using a proxy; not fatal, but better if blank.

CLIENT_IP: Sometimes your IP is revealed -- use another proxy.

HTTP_FROM: Sometimes your IP is revealed -- use another proxy.

You can use a free application called ProxyHunter to scan ranges of IPs and find your own proxies. These you can evaluate, determining location and anonymity according to the guidelines above. A scan such as this is non-invasive and non-destructive, but it's still possible one may get a nastygram from one's ISP for performing them.
Socks proxies are located on port 1080, so you'll want to use that in most searches with ProxyHunter. HTTP proxies on ports 80, 3128 and 8080 are useful, and can be loaded directly into your browser, but they're not quite as secure. You can load a good Socks in your chat clients like IRC and ICQ; and with SocksCap you can run your telnet and e-mail clients and browser through one as well.

For even more anonymous surfing, you can give yourself an added measure of security by connecting to a Web proxy like Anonymizer through a Socks (or even a decent HTTP proxy). Feel free to e-mail me if you can't figure all this stuff out, but please, I beg you, give it a fair go on your own first. I'm a humble news reporter, not a help desk. When you find a Socks proxy with ProxyHunter, or by perusing the many public Web sites where they're listed, and you get satisfactory results from the env check, and your proxy is located on some God-forsaken corner of the Earth, then you've acquired a decent layer of protection. Congratulations. But that's far from the whole shebang.

Anonymous dialups
Whenever you dial in to an Internet connection, your ISP can determine your phone number with caller ID. This information is recorded, and can be turned over to nosy Feds on request with an administrative subpoena, which doesn't require a judge's approval. If you've got a regular ISP account billed to a credit card, your ISP knows perfectly well who and where you are, so concealing your phone number from them is hardly an obstacle to associating you with your Net activity. In much of Europe, the telco is the ISP, so the possibility of making anonymous dial-ups is remote. In that case, all I can suggest is trying to find a data-capable pay-as-you-go mobile phone, and of course paying cash for it. If you're asked your name, lie. If you're asked for ID, leave.

However, there are free ISPs like NetZero on which you can register with totally fictitious personal information, and to which you can connect with caller ID disabled. This isn't a solution in itself, but combined with the judicious use of good proxies, it can add a second layer of anonymity to your comings and goings. It can make you a bit more difficult to identify. These ISPs don't allow you much free surfing time, usually something like ten hours a month; and they feed adverts to you and they're slow (made slower still by proxy use); but they can be a superb means of connecting when you need to be even more anonymous than usual, such as when you make a controversial post to a newsgroup or BBS, or send a sensitive e-mail.
Get your ducks in a row: first, go to an Internet cafe or a library. If they require identification, go elsewhere. When you find a public place where you can surf anonymously, set up an account with NetZero using fictitious personal information. Even better, go through a Web proxy while you're at it. Record your login, password, and a dialup number convenient for your home location. Now go home, and disable caller ID (contact your phone company for instructions), and dial in to your new fictitious account. And always dial in with caller ID disabled.

Finally, use an anonymous Socks proxy with your e-mail client for newsgroups, and a Socks along with a Web proxy for BBS posts. Theoretically, you can still be traced because the phone company knows what you're up to; but unless you're under active surveillance by the Feds, you can safely gamble that no one from NetZero is ever going to peg you. You're getting very close to effective anonymity, and you still haven't gone beyond what our friend Harry Homeowner can handle.
There are other things you can do with this caller-ID-off+Netzero+Socks+Web-proxy setup. You can, for example, open a Web-based e-mail account with fictitious personal information and send and receive anonymously, so long as you set up your NetZero account properly, and always connect to it with caller ID disabled, always use a Socks with your browser, and/or always use a Web proxy. You've got ten hours a month. Spend them wisely, and you can surf almost anywhere or post almost anything on line with no repercussions.
But what if your e-mail is intercepted by something hideous like the FBI's packet sniffer Carnivore? Unless you stupidly identify yourself in your mail, you're almost certain not to be identified, but you still may not want the contents read by anyone but the intended recipient. You don't have to be a criminal to desire privacy, much as the Feds like to pretend otherwise.

Crypto Now this is funny. If you use a nice, free crypto program like PGP, you can easily encrypt your e-mail. Just follow the instructions, there's really nothing to it. The problem here is that the Feds, if they happen to be watching, can gather that you sent an encrypted message to Recipient X, a fact which you may not wish them to know. If you follow the scheme above, you can send a message anonymously via a Web-based account. But unless I'm missing something, you can't use PGP to encrypt Web-based e-mail messages. So how do you have your cake and eat it too? It's quite simple: you create an encrypted text file and attach it to your Web-based anonymous e-mail, or copy it into the message body. Now all the Feds can determine is that Recipient X got an e-mail message with an encrypted body or an attachment from Monica_Lewinski666@hotmail.com or whatever. Browser settings Proxy or not, your browser can leak ghastly amounts of information about you. Fortunately, tightening it up is easy when you know what to do. Since our Harry almost certainly uses MS Internet Explorer, we'll deal with that, though Netscape users should find this information easy to apply to their own setups. Get into Tools/Internet Options. Set 'days to keep pages in history' to zero. Go to Tools/Internet Options/Security. Go to 'Custom Level' and disable 'Download unsigned ActiveX Controls' and 'Initialize and script ActiveX Controls not marked safe for scripting'; set 'Java permissions' to 'High Safety'; disable 'Meta Refresh'; disable 'Launching programs and files in an IFRAME'; set 'Software Channel permissions' to 'High Safety', disable 'Userdata persistence'; disable 'Active scripting', 'Allow paste operations via script', and 'scripting of Java applets'. Accept session cookies but not stored cookies. Never use in-line auto-complete, and never allow Windows to save any of your passwords. Now go to Tools/Internet Options/Advanced and clear 'Enable Profile Assistant', select 'Do not save encrypted pages to disk', clear 'Enable page hit counting', and select 'Empty Temporary Internet Files folder when browser is closed'. That should about do it. While you're about it, pop over to Control Panel/Network and ensure that File and Printer sharing are disabled. Spyware While you're on the job, never do anything with your company's computer that you wouldn't want your Grandmother to know about. Spyware is ubiquitous in the work place. Don't even mess with a company-issued laptop, which may well contain 'remote administration' features which will enable a company admin to connect to it. If you want to be anonymous, use your own equipment. If you're using anyone else's hardware, assume that anonymity is impossible. You can get a fab program for detecting Trojans called The Cleaner for $30.00 from Moosoft. A number of Trojans fail to be detected by the fine products of the popular anti-virus companies, in spite of their powerful suggestions to the contrary. Moosoft picks up most of them. Most software firewalls are notoriously bad at stopping, or even notifying you, when a malicious program sends data out from your machine. An application like The Cleaner can go a long way towards assuring you that no such contaminant exists on your box. PC Hygiene There's a crucial difference between deleting a file and wiping it. A deletion leaves a file's entire contents on your disk, until the space it occupied happens to be overwritten by a subsequent file. In the mean time, the data can be recovered with forensic techniques. A proper wipe, on the other hand, overwrites that space immediately so the file's contents can't be recovered. Utilities capable of this include BCWipe, Norton Wipeinfo, Evidence Eraser, and PGP. The only certain way to keep your machine free of incriminating files and alien malware is to wipe your HDD periodically and clean-install your OS from original media while preserving those files and progies you can't do without. If you're serious about anonymity and file preservation, then you'll cough up the $200.00 or so needed to maintain two HDDs, because nothing beats a spare, non-removable magnetic storage device; and nothing beats a true file wipe, which is the only insurance against forensic probing. This is how I do it, and I do it frequently: I have two HDDs in my Windows box. When I get ready to wipe my primary, I've already done an fdisk and format /u and a thorough 'govt wipe' on the secondary using Norton Wipeinfo. I simply copy all the files and progies I wish to preserve onto that thoroughly-wiped secondary disk. I then switch the primary and secondary, and install Windows from original media onto the wiped disk, from which I'll boot. I install Norton Utilities, naturally. I then fdisk and format /u the former primary and do a thorough 'govt wipe' using Norton Wipeinfo.

To hell with proprietary encryption algorithms 8.27.01   Winn Schwartau Network World I sat in the front seat of a Mustang convertible, next to the driver. In the back seat sat The Third Man, who was demonstrating how easy it is to break into a wireless network using a laptop, Global Positioning System, wireless LAN card and free downloadable software. We drove around Las Vegas the day before DefCon and found an endless supply of wireless networks. How do you break in? Reboot your computer, the wireless access point sees you, Dynamic Host Configuration Protocol assigns you an IP number, and you're a remote wireless node on the net. In only 2 cases did we find networks that use the Wired Equivalent Privacy (WEP) algorithm. WEP is fundamentally useless because the 26-bit algorithm can be routinely cracked in less than 4 hours, again using downloadable tools. Why anyone would use wireless nets is beyond me, esp. knowing that break & enter is as simple as firing up Windows from a car or the nearest McDonald's. So I talked to folks who live & breathe breaking through security & encryption. RSA Security just announced a $200,000 prize for the crypto-geek who can successfully factor impossibly large numbers. That reminded me that the older & weaker RC-4 algorithm was cracked by a distributed processing assault. During the last decade, companies have routinely tried to crack proprietary cryptography. Elcomsoft has a host of products whose sole goal is to crack password protection on Microsoft & other major products, ostensibly to recover lost corporate files. Search for "password crackers" and you'll find every kind imaginable. The cryptography in Lotus Notes is another victim of aggressive & successful crypto-hacking. Things only get worse from there. It turns out that major mission-critical, enterprisewide software packages are just as vulnerable to crypto-""hacks. Imagine if you found that your entire database was not really protected by "strong proprietary encryption algorithms," as the vendor claimed; or that your payroll system's password security was similarly vulnerable because the vendor figured it could out-design the best cryptographers in the world. Later this year, a group of security professionals plans to release a study naming some top enterprise applications with screamingly weak cryptographic implementations. They are esp. focusing on embedded cryptographic security for database applications. This study will provide enough evidence of how weak these "strong proprietary cryptographic algorithms" are. But the authors will stop one step short of releasing the step-by-step methodology on how to crack them. The goal is to get vendors to 'fess up to their crypto-errors then repair the hundreds of thousands of vulnerable systems deployed worldwide. No matter; soon enough hacks such as these become public knowledge, to the benefit of malicious insiders & external attackers. I don't get it. As an industry, we have some pretty good cryptography out there. Whence comes the arrogance that applications vendors can do a better job than the best mathematicians and trained cryptographers the National Security Agency, Govt Communications HQ and academia can muster? We have the Data Encryption Standard (DES), which still provides a free & reasonably good, well-tested means of protection. Triple-DES, which is good enough for the banking community, is also free & thoroughly understood. The new Advanced Encryption Standard will take us a "guesstimated" 20 years forward,