joe@cs.psu.edu (Joe Broniszewski) (01/01/91)
I read a very interesting book over the holidays titled "The Cookoo's Egg" by Cliff Stol. The book detailed a true story about computer espionage. In the book, Cliff mentioned what he called a *secure line*. When ever he called a government agency that meant business (ie. FBI, NSA, CIA) they would call him back on one of these secure lines. My questions: 1. Technically speaking what is the difference between a secure line and a non-secure line? 2. Are calls routed differently? 3. Who are the LDC's for such lines? 4. What role does the BOC play in such a set up? Joe Broniszewski Philadelphia Phillies Systems Department
bill@gauss.eedsp.gatech.edu (bill) (01/02/91)
Joe Broniszewski <astph!joe@cs.psu.edu> queries: > I read a very interesting book over the holidays titled "The Cookoo's > Egg" by Cliff Stol. The book detailed a true story about computer > espionage. In the book, Cliff mentioned what he called a *secure > line*. When ever he called a government agency that meant business > (ie. FBI, NSA, CIA) they would call him back on one of these secure > lines. My questions: > 1. Technically speaking what is the difference between a secure line > and a non-secure line? There is no such beast. When the "spooks" want to talk turkey, they use special telephones, not special telephone lines. There is a modern version of the "scrambler" phone around and it uses regular POTS, although a point-to-point setup is possible. > 2. Are calls routed differently? They may be routed on FTS, which is essential just a bulk WATS-type system that all the Federal agencies have access to. FTS can be used to call POTS or other FTS phones. If it is a military agency, they may use a network called AUTOVON. They could also be routed in the usual way that we civilians have our calls routed. Basically all they'd need is an RJ-11 connection, if that. Secure cellular phones are also used by the feds - remember Bush talking on a cellular from his golf cart up in Maine? That photo seemed to make quite a few papers. > 3. Who are the LDC's for such lines? > 4. What role does the BOC play in such a set up? Answer to 3: AT&T is the major contractor for FTS, US Sprint is the minority contractor (60/40% share split, respectively). Answer to 4: they may or may not provide the POTS line and dial tone, depending on the individual setup. Some military installations have their own switching equipment, as I understand it. I may not be 100% on this answer. FTS is a non-secure, general use, long-distance network which the federal government uses for the bulk of its long distance telephone and data traffic. It is not some secretive, spooky set-up - just a way for the feds to try to control their telephone costs and yet maintain some versatility. Cliff was inaccurate in his assessment of why the spooks wanted to call him back, they may have just been in the middle of something else at the time. Cliff, do you read TELECOM digest? :-) Bill Berbenich Georgia Tech, Atlanta Georgia, 30332 uucp: ...!{backbones}!gatech!eedsp!bill Internet: bill@eedsp.gatech.edu
lars@spectrum.cmc.com (Lars Poulsen) (01/02/91)
In article <15743@accuvax.nwu.edu> astph!joe@cs.psu.edu (Joe Broniszewski) writes: >I read ... "The Cookoo's Egg" by Cliff Stoll. ... In the book, Cliff >mentioned what he called a *secure line*. When ever he called a government >agency that meant business (ie. FBI, NSA, CIA) they would call him back on >one of these secure lines. I think Cliff was working for LLBL, i.e. DoE. They would qualify for the STU-III program, so I think that's what he meant. >1. Technically speaking what is the difference between a secure line >and a non-secure line? >2. Are calls routed differently? >3. Who are the LDC's for such lines? >4. What role does the BOC play in such a set up? STU-III is an encryption protocol; essentially, the telephones switch to "data mode" like modems. Any IEC may be used to carry such calls. Lars Poulsen, SMTS Software Engineer CMC Rockwell lars@CMC.COM
MCMAHON%GRIN1.BITNET@cunyvm.cuny.edu (McMahon,Brian D) (01/03/91)
In response to a question from Joe Broniszewski <astph!joe@cs.psu.edu> about "secure lines" referred to in Cliff Stoll's book, bill <bill@gauss.eedsp.gatech.edu> says: >There is no such beast. When the "spooks" want to talk turkey, they >use special telephones, not special telephone lines. But Lars Poulsen <lars@spectrum.cmc.com> says: >I think Cliff was working for LLBL, i.e. DoE. They would qualify for >the STU-III program, so I think that's what he meant. Aha! That sounds plausible. I grew up an "overseas brat" on U.S. Army bases in Germany. AFN, the Armed Forces Network, was constantly running radio spots about OPSEC (OPerations SECurity), which among other things exhorted everyone to answer the phone with "this line is not secure" whenever appropriate. Since we were in Munich, home of the 66th Military Intelligence Group HQ and assorted other spook shops, some people actually took security seriously there. :-) Hardly everyone, though. There was a wonderful cartoon in the _Stars and Stripes_ newspaper for a while, called "Lt. Kadish." This was one of several "local" cartoon strips which appeared in the 'Stripes from time to time. In one cartoon, the left panel showed the Lieutenant in a phone booth asking, "Hello, S-2? Is this a secure line?" [Note: S-2 is the intelligence officer in a unit's staff] The middle panel showed a Soviet officer with headphones, and the right panel showed the S-2 saying, "It sure is." MI gets very little respect *within* the Army, too... :-) This could lead into several other telcom-related stories ... you may not want to get me started. :-) Brian McMahon <MCMAHON@GRIN1.BITNET> Grinnell College Computer Services Grinnell, Iowa 50112 USA Voice: +1 515 269 4901 Fax: +1 515 269 4936
larryc@mtuxo.att.com (Larry Chesal) (01/04/91)
In article <15743@accuvax.nwu.edu>, astph!joe@cs.psu.edu (Joe
Broniszewski) writes about "The Cuckoo's Egg".
While I haven't gotten around to the book yet, I did see a TV version
of the story on the PBS "Nova" program. VERY entertaining and
educational. Folks that read this group would probably enjoy the
scenes where the hacker's calls are traced through the AT&T network
(we've got him to the [Sacramento?] 4E; this is C&P, we've traced him
to [Reston?] 4E) until they finally track the call back to Germany
where a technician has to check an old mechanical switch circuit by
circuit. Cliff Stol does a great job of acting himself.wb8foz@mthvax.cs.miami.edu (David Lesher) (01/04/91)
|In the book, Cliff mentioned what he called a *secure |line*. When ever he called a government agency that meant business |(ie. FBI, NSA, CIA) they would call him back on one of these secure |lines. There is no such thing as a "secure line" for a phone call. Once it's out on lines in areas not totally controlled by your own trusted people, it's public. There did exist a class of service called "Special Service Protection" that BSP 460-110-100 discusses. It consisted of special caps on the test points, held on with exotic tie-wrap gadgets. You had to cut the tie to get across the pair -- at least it said that in the book. I figure it would take about thirty seconds to find another place to tap the line. If you need to discuss classified subjects on the phone, use a secure phone. These encrypt your voice with an algorithm that is approved by the appropriate federal agency. Possible sets include the old KY-3, the KY-71/STU-11 and the current favorite: the STU-III (Secure Telephone Unit). Before you ask, no - one model cannot call another. The phone on the far end, when equipped with correct key, decrypts the incoming data into (somewhat ;-} ) understandable voice. So what WAS Cliff talking about? I can hazard several outright guesses as to why the folks in the Intelligence Community would want to call him back each time, but they are guesses -- I have no inside data. 1) If you call back, you have a number. If nothing else, that lets you know where the Yo-Yo owner calling you is located. That's a good start to finding out more about him. It never hurts to know a little about the guy telling you your database is under attack;-} 2) It would take a LOT of manpower for the Bad Guys to collect and transcribe all the traffic on EVERY trunk to one of those building in Virginia or Maryland with the 10 ft barbed wire hedge. So I'd target some offices by extracting and looking at the incoming PBX TT data until I found a call to an extension of interest. This can be defeated to some extent by having lots of OUTGOING trunks, maybe from many locations interconnected by encrypted T1 trunks. When Mr. Trenchcoat wants an outgoing line, he randomly gets one from another site. 3) It sound more mysterious. 4) Some other reason. I'd take 1,4,3,2 as the order on the finish line, but you readers can make your own guess. I'll close with a line a retired Community member told me years ago: Never say ANYTHING on the black {i.e. non-STU} phone you don't want to read about tomorrow in the {Washington Post}. wb8foz@mthvax.cs.miami.edu (305) 255-RTFM 570-335 33257-0335
floyd@ims.alaska.edu (Floyd Davidson) (01/06/91)
In article <15758@accuvax.nwu.edu> bill@eedsp.gatech.edu writes: >Joe Broniszewski <astph!joe@cs.psu.edu> queries: >> In the book, Cliff mentioned what he called a *secure >> line*. When ever he called a government agency that meant business >> (ie. FBI, NSA, CIA) they would call him back on one of these secure >> lines. My questions: >> 1. Technically speaking what is the difference between a secure line >> and a non-secure line? >There is no such beast. When the "spooks" want to talk turkey, they >use special telephones, not special telephone lines. End-to-end encryption makes a "secure" line. Such beasties are available to the military and other defense agencies. The book gave no indication that such was available to Cliff or that he was using one. He may or may not have been. >> 2. Are calls routed differently? >They may be routed on FTS, which is essential just a bulk WATS-type >system that all the Federal agencies have access to. FTS can be used >to call POTS or other FTS phones. If it is a military agency, they >may use a network called AUTOVON. They could also be routed in the >usual way that we civilians have our calls routed. Basically all >they'd need is an RJ-11 connection, if that. Secure cellular phones >are also used by the feds - remember Bush talking on a cellular from >his golf cart up in Maine? My bet is that one is definitely encrypted. >Answer to 4: >FTS is a non-secure, general use, long-distance network which the >federal government uses for the bulk of its long distance telephone >and data traffic. It is likely that the spooks have encryption equipment on T streams between them and whatever toll switch they connect to. From that point on it definitely is not a "secure" line, but... Any FTS-2000 satellite link is encrypted. Most autovon satellite links are encrypted. Chances are fairly good that a normal connection that you make calling them could be monitored, chances are fairly poor that a call they make to you could be monitored. At least by accident. The lines are not "secure", just a bit safer. They keep the amatuer spooks out of it, but not the pro's. Floyd L. Davidson floyd@ims.alaska.edu Salcha, AK 99714 paycheck connection to Alascom, Inc. When I speak for them, one of us will be *out* of business in a hurry.
dag@cup.portal.com (01/09/91)
lars@spectrum.cmc.com (Lars Poulsen) writes: >In article <15743@accuvax.nwu.edu> astph!joe@cs.psu.edu (Joe >Broniszewski) writes: >>I read ... "The Cookoo's Egg" by Cliff Stoll. ... In the book, Cliff >>mentioned what he called a *secure line*. When ever he called a government >>agency that meant business (ie. FBI, NSA, CIA) they would call him back on >>one of these secure lines. >I think Cliff was working for LLBL, i.e. DoE. They would qualify for >the STU-III program, so I think that's what he meant. >STU-III is an encryption protocol; essentially, the telephones switch >to "data mode" like modems. Any IEC may be used to carry such calls. Cliff worked at Lawrence Berkeley Labs (LBL) at the time. LBL is frequently confused with Lawrence Livermore Labs (LLNL), and although they work closly on many projects they are definately two different beasts. I worked in the office next to Cliff for a couple of years and I can assure you that neither of us had or wanted any special phone lines other than the standard unsecured, government issue FTS lines. I do recall hearing of a special phone line at one point but I believe there was only one of 'em at the whole lab. I have no idea where it is, and I doubt if Cliff would know about it. LLNL on the other hand is crawling with spooks and special phone lines. Cheers, dag
Jim.Redelfs@iugate.unomaha.edu (Jim Redelfs) (01/12/91)
> There is no such thing as a "secure line" for a phone call. Once it's > out on lines in areas not totally controlled by your own trusted > people, it's public. > Never say ANYTHING on the black {i.e. non-STU} phone you don't want to read > about tomorrow in the {Washington Post}. Although your was an EXCELLENT discussion of the "how to" and "why use a" secure (a) line, but it sure makes ordinary loops sound virtually non-private! Virtually everything I have heard in the course of my years has not been memorable, yet ordinary subscribers are increasing concerned about the security of their ordinary transmissions! I had a new-home installation recently where the subscriber insisted that the Network Interface be placed INSIDE the home, and that the dropwire enter the foundation BELOW grade! The customer's primary concern was the integrity of his home security system. After two hours and a dozen calls, we (US WEST Communications/NE) acquiesed and accomodated the customer. I explained that all a reasonably skilled burglar would have to do was to simply walk out to the wirepost in front and cut the line. He was not swayed. Another customer had their security system installer build a wooden box around the protector housing and (drop) riser tube, complete with magnetic switch! Explaining to the customer that two minutes (or less) with a tile spade would circumvent THAT safeguard (dig up and cut the shallow drop). In my (not yet) vast experience, I have encountered only ONE "tap" and it was merely a (convicted) case of "Theft of Services"!! Has there been much (any) traffic here regarding unauthorized entry into residential SNIs (Standard (telephone) Network Interfaces - complete with working, RJllC jack) on the backs of homes? I recall seeing a short bit about it on CNN Headline News a couple of years ago. Our SNI vendor (Seicor) finally replaced the "can wrench" bolt with the Allen/Torx-like-headed bolt. GREAT! Just another tool to carry to the back of each house! JR Copernicus V1.02 Elkhorn, NE [200:5010/666.14] (200:5010/2.14)
macy@fmsystm.uucp (Macy Hallock) (01/14/91)
In article <16014@accuvax.nwu.edu> JR writes: >> Never say ANYTHING on the black {i.e. non-STU} phone you don't want to read >> about tomorrow in the {Washington Post}. >Although your was an EXCELLENT discussion of the "how to" and "why use >a" secure (a) line, but it sure makes ordinary loops sound virtually >non-private! Well, that's because its true. Most of the security we have on normal telephone loops is primarily due to the ignorance of the masses of telecom technology. The casual layman is unable to do much with that mysterious telephone wire... This is changing. Prior to deregulation, or better yet, Carterphone (1968) the telco's did everything they could to keep the information to themselves. It was to their benefit, and they were successful. The only others who knew much about telecom were very large organizations, such as governmental or multi-national groups who had internal communications networks independant of the telco's. Now, you can go to Radio Shack or your local library and obtain a text with accurate and understandable information regarding common telecom technology. The local loop is now considerably less of a mystery. Many people are able to work with the standard two wire loop telephone line. And they do. My sons are familiar with this technology, and either one of them could do a good job of tapping a line with less than $ 10.00 worth of overpriced parts from Radio Shack ... or some of the junk in their workshop. I can assure you they are not unique. (I do wish more of our youth were more technically adept...) >Virtually everything I have heard in the course of my years has not >been memorable, yet ordinary subscribers are increasing concerned >about the security of their ordinary transmissions! Having owned an alarm company for fifteen years, I can assure you that more and more people are becoming concerned about the security of their telecommunications. Much of this concern is based on what they have seen television or rumor. What is important is that they feel compromise of their telecommunications is not only possible, but probable under the right set of circumstances. They also beleive that since they have seen it done with reliative ease, and in a manner they understand (namely cutting a wire or clipping a couple of wires onto a terminal) that it can be done just as easily to them. >I had a new-home installation recently where the subscriber insisted >that the Network Interface be placed INSIDE the home, and that the >dropwire enter the foundation BELOW grade! The customer's primary >concern was the integrity of his home security system. >After two hours and a dozen calls, we (US WEST Communications/NE) >acquiesed and accomodated the customer. I explained that all a >reasonably skilled burglar would have to do was to simply walk out to >the wirepost in front and cut the line. He was not swayed. This is a common requirement in our alarm installations. The phone companies here are grudgely cooperative, but are always trying to discourage it, often by levying ridiculous fees. The argument the phone companies make is that complicates their testing. Note that these are the same phone companies that send out newsletters crowing about their abilities to test lines remotely, without entering the premises. The idea here is to discourage the casual burglar easy compromise of the phone line. We also ensure the line going up the pole is in rigid metal conduit. We also seem to find most of the pedestals (terminals for buried cables) unlocked or unbolted, and require the phone company to secure these terminals in accordance with their own policies. Of course, the professional burglar will know how to effect a compromise of the buried phone line, but we aim to make his job as tough as possible. In some installations, we even leave a decoy conventional telephone terminal on the side of the house. On others, we will have two separate buried phone lines entering from two different places on the premises ... all of which is carefully monitored and alarmed. Since the phone companies have priced conventional leased alarm lines and other special services so outlandishly now, most home and business owners are now using the standard phone line for alarm transmission, just as the phone company intended. Yet they place obstacles in the way of those who try and secure these facilities, since the phone company will not. In most cases, these additional security arrangements actually increase the reliability of the phone line. I might add that the phone companies have begun to offer the "piggyback" alarm transmission services in some large cities. These use the regular phone line to provide both dial tone and a relatively sercure supervised (monitored) link between the CO and premises. The charge to the home/business owner is even fairly reasonable. The charges to the alarm company are not reasonable. The special circuits and backbone arrangements required are expensive and not able to be afforded except by the largest alarm companies, and then only in densely populated areas. In instances where we need extra phone line security at a premises, we now use cellular telephone data links through the regular cellular carriers. This does no good for those outside cellular service areas, though. >Another customer had their security system installer build a wooden >box around the protector housing and (drop) riser tube, complete with >magnetic switch! Explaining to the customer that two minutes (or >less) with a tile spade would circumvent THAT safeguard (dig up and >cut the shallow drop). Yes, we have done that, too, for a customer. I might add we have acutally stopped several burglary attempts with these measures, and have even had a few apprehensions, too. The customers seem pleased with the results. The phone company's answer, when shown this information was either "lease a line and pay the bill" or "sorry, nothing we can do". >In my (not yet) vast experience, I have encountered only ONE "tap" and >it was merely a (convicted) case of "Theft of Services"!! >Has there been much (any) traffic here regarding unauthorized entry >into residential SNIs (Standard (telephone) Network Interfaces - >complete with working, RJllC jack) on the backs of homes? I recall >seeing a short bit about it on CNN Headline News a couple of years >ago. Yes, we have had several experiences. Besides compromises to service for burglary, we have seen a couple of taps. In both cases, the local phone company and police department did little about it. We counseled the customer to seek legal counsel and consider a suit. In both cases, the client did not want the publicity a suit would bring. (One of these clients was a judge, the other involved in a very messy divorce case) We also find that customers are willing to use network interfaces for their intended purpose (testing the outside phone line to locate a line fault) more readily when they can access the interface jack easily. A closet or basement location seems ideal. In many condo's we have worked on, they are in the closet in the garage. When customers test their phone line at the network interface when their phones do not work, everyone wins. The phone companies here act as thought they are trying to discourage this testing by customers ... although that's not what they say. I wonder if this might have anything to do with their attempts to sell inside wire maintenance for revenue enahancement? >Our SNI vendor (Seicor) finally replaced the "can wrench" bolt with >the Allen/Torx-like-headed bolt. GREAT! Just another tool to carry >to the back of each house! Still not terribly secure. In this area, the phone installers do not even want to tighten the bolts on their terminals. The SNI's here have a plastic door that snaps shut, along with a place to put a lock. No lock is ever used, though. (Not that it would offer much security, anyway) Macy M. Hallock, Jr. macy@fmsystm.UUCP macy@NCoast.ORG uunet!aablue!fmsystm!macy
MCMAHON%GRIN1.BITNET@cunyvm.cuny.edu (McMahon,Brian D) (01/22/91)
(Here's hoping the list hasn't gotten tired of this thread yet... :-) Nigel Allen <contact!ndallen@utdoe.uucp> writes: >I remember seeing a conventional 500-type set at a military base in >Halifax with a warning sticker saying "This line is not secure". Which reminds me -- again -- of another Munich experience. My folks are over there with the University of Maryland's Munich Campus, set up for the college-age dependents of U.S. overseas personnel. UMMC is located right on the base, McGraw Kaserne (due to close eventually). I recall several years ago, working my usual summer job on the Maryland switchboard, when the fourth and fifth floors of the building were taken over for an exercise. I think it was called "Carriage Trader," or something like that, and involved setting up a Corps-level HQ and operations center. This was serious stuff -- armed MPs barring access past the third floor, a cluster of radio trucks parked outside surrounded by rolls of razor-wire, the works. The telecom angle on all of this is that the MPs weren't there for the first phases of set-up, and I could wander around a bit on my lunch hour. The commo technicians were stringing wire and setting up phones all over the place. The phones looked like the old, rotary dial, standard black military phones (as far as I could tell), but had little blue labels on them saying "SECURE". I presume they either tapped into T.S. common gear in the trucks, or ran next door to the Military Intelligence headquarters. I guess they could spare a line or two. :-) (I did also wonder just how "secure" a phone could be if I could get at it unsupervised, but that's another matter...) It's doubtful the building itself contained much in the way of secure wiring. For one thing, you had us damn civilians running around all over the place. Also, some of the switch boxes still had "REICHSPOST" stamped on them. :-) The Maryland switchboard was only marginally better, all electromechanical stuff from DTN (Deutsche Telefon und Normalzeit). By counting clicks, I could tell what numbers people were dialing on outgoing calls -- sounded like a gigantic popcorn popper. Ah, those were the days. Brian McMahon <MCMAHON@GRIN1.BITNET> Grinnell College Computer Services Grinnell, Iowa 50112 USA Voice: +1 515 269 4901 Fax: +1 515 269 4936