roeber@cithe1.cithep.caltech.edu (Frederick Roeber) (01/12/91)
I believe the confusion over the "secure phone" mentioned in the book, The Cuckoo's Egg, arises from Dr. Stoll describing a few phone calls he received: One day, he answered his phone only to hear a recording "This is not a secure phone..." The person on the other end hung up and tried again, with the same result. After a couple tries, he finally got through, and was able to start questioning Dr. Stoll. Dr. Stoll replied, "This is not a secure phone..." A friend of mine, who does military security work, said this is the result of calling a non-secure phone from the government's secure phone system and trying to initiate a secure call. When making a secure call on this system, one first makes an ordinary phone call -- over any network, FTS, AT&T, or whoever. When the other end has been reached, one presses the `secure' button. This makes each end call the main computer that controls the secure phone system. Through an encrypted conversation, the main computer sends each phone two numbers: a key with which they can communicate with each other (for that conversation only), and a key to be used for the next call to the main computer. Then the main computer drops out, and the phones can send encrypted traffic to each other. Of course, if you hit `secure' when other end is a regular phone, the main computer realizes it can't set up an encrypted link, and plays the warning message. It also logs the attempt. So Dr. Stoll need not have been anywhere near a secure phone to get such a call. Frederick G.M. Roeber | e-mail: roeber@caltech.edu or roeber@vxcern.cern.ch r-mail: CERN/PPE, 1211 Geneva 23, Switzerland | telephone: +41 22 767 31 80
russell@spdcc.com (Tim Russell) (01/13/91)
In article <72160@bu.edu.bu.edu> roeber@cithe1.cithep.caltech.edu (Frederick Roeber) writes: >A friend of mine, who does military security work, said this is the >result of calling a non-secure phone from the government's secure >phone system and trying to initiate a secure call. When making a >secure call on this system, one first makes an ordinary phone call -- >over any network, FTS, AT&T, or whoever. When the other end has been >reached, one presses the `secure' button. Quite true - my brother works as an engineer for a government contract company in Dallas that produces a new phone switch used, among other places, at Cheyenne Mountain. He was telling me that their system has this feature, where someone who calls in first hears a computer-played "Go secure" repeated over and over, then once they do that, connects them with their party. Anyway, the thing that's neat is that the message is his voice digitized, so his voice will be heard if/when "the big one" comes. Tim Russell Omaha NE russell@spdcc.com
dag@uunet.uu.net (Alex Darren Griffiths) (01/15/91)
In article <72160@bu.edu.bu.edu> roeber@cithe1.cithep.caltech.edu (Frederick Roeber) writes: >A friend of mine, who does military security work, said this is the >result of calling a non-secure phone from the government's secure >phone system and trying to initiate a secure call. When making a >secure call on this system, one first makes an ordinary phone call -- >over any network, FTS, AT&T, or whoever. When the other end has been >reached, one presses the `secure' button. I worked in the office next to Cliff at Lawrence Berkeley Labs for a year or so, including part of the time documented in the book "The Cookoo's Egg". While Lawrence Livermore Labs is crawling with spooks, special phones and phone networks I can assure you that nothing like that existed at LBL. Both Cliff and I simply had the standard PacBell phones everyone at the lab was issued and the standard government issue FTS lines. The FTS lines were publicised as a cost saving measure for calls between labs, we certainly didn't know of any encryption on the lines and neither of us had anything like a secure button, in fact the only security we had came from shutting the office door when talking to our girlfriends (I, for one, didn't care who listened when speaking to slimy spooks and I don't believe Cliff did either). I suspect that any calls back to the lab were made so the spooks could be sure of the person they were talking to. They already had Cliff's number and it's unlikely someone would sneek into his office and pretend to be him, although considering the security at LBL it would not be to difficult. After Cliff left the lab for a year or so I did here that there was a "special" phone somewhere, but I've no idea where it is at the lab or what makes it special. Cheers, darren griffiths dag%speedo%pgne@uunet.uu.net (I know the address is gross but I only design networks now, I don't run them, thank god, so don't blame me.)
namerow@pokvmcr3.iinus1.ibm.com (Wayne G. Namerow) (01/21/91)
I spoke with Cliff Stoll yesterday and informed him of the Telecom discussion regarding his 'secure' phone call. Cliff stated (quote) 'I have no idea what the guy was talking about' refering to the statement about calling back on a 'secure line'. Cliff suspected that it was fluff and that the guy just called him back normally. Cliff also said that he rarely reads any forums any longer, but he can be contacted directly at: cliff@cfa.harvard.edu. Or through Compuserve... Wayne