THIS IS COMSEC BULLETIN #1, FEBRUARY 17, 1990. FOR FURTHER INFORMATION, CONTACT THE COMSEC BBS (202) 334-1304 OR CALL OUR OFFICE AT (301) 670-0512 AND LEAVE A MESSAGE. About the Bulletin The COMSEC Bulletin is published to provide a means of informing COMSEC Association members of the business of the association. It is published on a random basis with news that can affect members. Please note, the 'COMSEC Journal', which will be the association's premier publication, will be published quarterly and should not be confused with the bulletin. The association wants to thank all of our members for their patience during the associations transition. We hope that you will be satisfied with your membership in the coming year. What's Inside - Surveillance Expo '89 - Annual COMSEC membership meeting - Using a Spectrum Analyzer - Audio Tapes Available - Washington DC COMSEC Chapter News - S&L's Phone Bugged - Membership Certificates and Cards - Advertising - TECHNET Data Systems - First COMSEC Corporate Sponsor - Call to all writers - Competitive Intelligence - Hacker enters GRUMMAN Corp computer Surveillance EXPO '89 For those of our members who weren't able to make it to Surveillance Expo '89 we missed you. Needless to say the Expo was a rousing success with exhibitors and speakers that represented the entire spectrum of the security field. The Association is glad to have been one of the cornerstones that made this years Expo happen and we have already begun making preparations for the next Expo to be held 28-30 November, 1990. Mark that date on your calendars and plan to attend. Annual COMSEC Membership Meeting The annual COMSEC membership meeting was held on December 13, 1989 following the last Expo seminar of the day. Although participation could have been better , a majority of the board of the directors were present enabling us to make decisions that will affect the association for the following year. A number of topics were covered that all of the association members should be aware of. For those of you who were unable to attend they will be covered briefly. The first topic that was covered was membership goals for the coming year. Currently the association has a small but growing number of members. In order to provide reasonable membership benefits, cover the associations overhead and increase the name recognition of the association we have to increase the number of members that the association has. A number of ideas were floored that may help. It was first suggested that we limit our recruitment of new members to the Washington, DC area. Its a matter of simple logistics. Since a large portion of our members reside in the DC area and the national chapter has its offices in the area the recruitment of new members can be closely monitored. However this means that members outside of the DC area would suffer. Because of this the board decided that a 75/25% split of effort would be used to recruit new members with the majority of effort occurring in the Washington area. The next topic covered was the formation of local chapters. The Association is proud to note that the first local chapter has been established in the Washington area. The local chapter president is Mike Brumbaugh (phone 703-739-8313) and he has some interesting ideas. The first meeting of the Washington chapter will be in the month of April. If you are interested in attending please give him a call. The discussion covered then covered the possibility of starting other local chapters. A number of inquiries have been made but other than this there has been no progress. The major problem is finding individuals that are motivated enough to start a chapter. Its a difficult task and it takes a special kind of person to undertake the responsibilities and headaches associated with forming a local chapter. Because of the responsibilities associated with starting a local chapter it was decided that each local chapter president would also automatically become a member of the board of directors and would not be affected by the rule that board members cannot miss more than two consecutive board meetings. It was also decided that the minimum number of people required to start a local chapter would be increased from 5 to 10. It was felt that the more people involved in the initial formation of the local chapter the better the chances of success. Another topic discussed was the possibility of the COMSEC association joining forces with the National Computer Security Association. The Board of Directors and the director of NCSA believe that both organizations would profit from a merging of resources. The board plans on discussing this option further during the first meeting of FY90. This meeting will be held the 3rd Saturday of January. Subsequent board meetings will be held the 3rd Saturday of the first month of a calendar quarter: January, April, July and October. The final item of discussion was the status of the COMSEC Journal. The journal will be the cornerstone of the association and will provide timely articles of interest to all members of the association. Currently a number of articles are in the works for the March issue. These articles include Telecommunication network security problems and a story about a hacker who broke into a major telecommunications network. There might be an article on STU III if we can get it in time for publication. The association has also approached a number of companies to inquire if they might be interested in submitting articles for publication. Finally, the association is attempting to compile a listing of companies/ individuals involved in providing specialized security services. One of the concerns is how to provide a listing that holds some credibility. Members suggestions are welcomed and will be provided to the board of directors for consideration. Possibilities include a certification or training program. Overall the annual meeting was a success and the next meeting will even be better. Plan on being there. Using a Spectrum Analyzer The association received an interesting call a few weeks ago from someone who was attempting to use a spectrum analyzer to locate an clandestine listening device. The problem with any specialized piece of equipment is that the user must be aware of the limitations of the equipment that they are using and also apply a little thought to how to systematically locate a transmitter once there is a positive indication that it exists. In this particular case a spectrum analyzer with a audio speaker must be utilized. Without a speaker the operator of the analyzer cannot tell whether they are looking at a signal that is caused by RF interference, a genuine signal put out by commercial transmitter or a clandestine transmitter that is located in the room or building. Remember, in this particular instance we are discussing only one of many means that some type of device may be utilized to listen to a conversation in a room. First, place a sound source in the room you are checking. Your analyzer should also be located nearby since most transmitters of this type have a limited range. You should then go slowly through the frequency range to locate a signal source transmitting the same audio that the sound source is transmitting. If you should find that there is a transmitter located nearby, the sound source can be moved in the room to see where it is best picked up by the transmitter. At this point a physical search would have to be done. Audio Tapes Available Audio tapes of all the seminars given at EXPO 89' are available to COMSEC members. They can be obtained by contacting: Audio Archives International 3043 Foothill Blvd Suite #2 Crescenta, CA 91214 Washington DC COMSEC Chapter News The first meeting of the DC chapter will be April 1990. Mike Brumbaugh is looking for help in setting up a successful chapter and meeting. If you are interested in helping him, mike can be reached at 703-739-8313. Mike said that details of the first meeting will be sent to members as they become available. S & L'S Phone Bugged The Washington Post noted in a recent article that the phone used by California state S&L examiners had been bugged. The phone, which was supposed to be a private line, had been tampered with so the investigators calls could be monitored from other phones in the building. (Editors note: I'm not sure bugged is the correct word, jury rigged sounds more like it. Besides who, in their right mind would pass sensitive information of any type in the same building they are working in.) Private Investigators were called in to track down were the calls were being monitored from but were unable to because the key to the phone room could not be found! When they returned two days later the phone lines had been returned to normal. The bugged phone was cited as one of the ways that Lincoln Savings & Loan attempted to frustrate regulators. Hacker, Age 15, Enters GRUMMAN Corporation Computer System A youth from Levittown, New York gained access to the computer that Grumman uses to handle military customers including the Pentagon. Grumman stated that all the material that the youth had gained access to was recovered and he was caught because Grumman's own computers detected his illegal entry into the system. Membership Certificates and Cards Membership certificates and cards will be sent to all members in the months of January and February. The association wants to apologize to all our members for the delay. For those of you that received the membership cards with a expiration date of 1-1-90, you may send them back and we'll send you a new one with a correct date. Advertising Both the COMSEC BULLETIN and the COMSEC JOURNAL will accept paid advertising. This will allow both publications to increase their scope and provide even more pages per issue. If you are interested in placing any type of advertising in either publication contact the COMSEC Association at 301-670-0512. TECHNET DATA SYSTEMS - First COMSEC Corporate Sponsor Technet Data Systems has become the COMSEC Associations first corporate sponsor. Technet is a small corporation that provides computer services ranging from installation of small and large systems to troubleshooting existing systems. Located in the Washington, DC area the have provided a wide range of services to large and small corporations. TECHNET also will custom build a system to fit in your price range. They can be reached at 703-471-8714 or by writing : 44901 Falcon Place Suite 110 Sterling, VA 22170 Call To Writers COMSEC members, you can now enhance your professional prestige and even give your company a plug by authoring a article for publication in the COMSEC JOURNAL. The association is seeking individuals who can speak authoritatively on different aspects of the security field and wish to become involved. If you are one of those professionals with a knack for writing let the association know. Competitive Intelligence For those of us who believe that corporate spying has gone the way of the EDSEL, think again. Todays term of competitive intelligence may sound nicer but major corporations still spend large sums to stay one step ahead of their competition. Most companies simply employ improved telecommunications and computer systems to evaluate their competitors but others have gone as far as hiring ex-FBI agents to uncover information. The undercover work may be as straightforward as reading the other guys employee publications or as complicated as analyzing all of a competitors operations. One major US corporation has admitted that they have sent their personnel to count smokestacks, delivery trucks and employees cars at a rival facility. A spokesperson for the corporation stated "This type of information can help you determine how well your rival is doing." One of this competitive intelligence firms most prized intelligence coups was a competitors in-house phone book, which was used to reconstruct and estimate the competitions pricing structure. Here are a few examples of major corporations that utilize information on their competitors. * AT&T has an 800-man world-wide network of employees who monitor competitors sales teams, trade publications and research papers for the latest developments. This information is fed into a data base, analyzed and then supplied to key management on a daily basis. * Kraft Inc analyzes point-of-purchase scanner data to get not only price information but also product features and promotional programs. Kraft has also gone to the extreme of hiring consultants to interview competitors under the guise of "independent market research."