Friday, May 19, 2006
Meet The Hackers
Dimitry Ivanovich Golubov doesn't look like an arch criminal. A baby-faced 22-year-old Ukrainian, he is described by his lawyer as an unassuming part-time student at Mechnikov University in Odessa.
But when the Ukrainian police arrested him last July for his involvement in credit-card fraud, U.S. law enforcement officials hailed it as a big break in their fight against cybercrime. Subsequently, in January, 2006, the U.S. Attorney's office for the Central District of California charged Golubov with a number of cybercrimes, including credit-card fraud. An affidavit by a special agent with the Federal Bureau of Investigation states that Golubov held the title of "Godfather" for "an international ring of computer hackers and Internet fraudsters that has...trafficked in millions of stolen credit card numbers and financial information." U.S. Postal Inspection Service senior investigator Gregory S. Crabb, who worked with Ukrainian authorities on their case, says Golubov and others controlled the numbers, names, and security codes attached to credit cards. Low-level criminals would use that to load up fake cards and withdraw cash from automated teller machines or buy merchandise. "Golubov was known as the go-to guy," says Crabb.
But last December, Golubov's story took a bizarre twist. Two Ukrainian politicians, including Vladimir Demekhin, deputy chairman of the Energy Committee of the Ukrainian Parliament, vouched for Golubov's character in court. The judge hearing the case released Golubov on a personal recognizance bond from the two officials. (Demekhin did not respond to e-mails and phone calls.) U.S. officials say they are worried that Golubov may leave the country, and a date for his trial hasn't been set. "Chat from the carding community" indicates Golubov may be back in business, says Crabb. Golubov's lawyer, Petro Boiko, claims he isn't hiding and the charges are groundless: "There has been a legend made of Golubov, of a big hacker. There is no evidence linking him to this case. He knows how to use a computer, but he is not a hacker by any means."
At least authorities had their hands on Golubov, however briefly. Usually, the people they suspect of conducting computer crime leave behind only traces of their existence: a quirky online nickname, a few postings on illicit Web sites, and a trail of financial mayhem. But BusinessWeek, working with information and photos supplied by officials at the U.S. Postal Inspection Service, as well as state law enforcement agencies and private Internet security experts, compiled descriptions of some of the most sought-after targets in cybercrime investigations. Shown the list, the United States Secret Service said it is investigating some of those on it as well, but declined to comment further. The FBI also declined to comment.
The picture that emerges is of organized gangs of young, mostly Eastern European hackers who are growing ever more brazen about doing business on the Web. They meet in underground forums with names like DarkMarket.org and theftservices.com to trade tips and data and coordinate scams that span the globe. (Those and other Web sites and organizations named by investigators did not respond to e-mails, instant messages, or phone calls seeking comment.) "Financial payment fraud has evolved tremendously," says John Corbelletta, a former police officer who is director of fraud control for Visa U.S.A. Inc. "Most of the cases I investigated when I was a cop involved people who had their cards stolen out of their purse. We didn't even think of counterfeiting cards."
Today, cyberscams are the fastest-growing criminal niche. Scores of banks and e-commerce giants, from JPMorgan Chase & Co. (JPM ) to walmart.com (WMT ), have been hit, sometimes repeatedly, by hackers and online fraud schemes. The 2005 FBI Computer Crime Survey estimated annual losses to all types of computer crime -- including attacks of viruses and other "malware," financial fraud, and network intrusions -- at $67 billion a year. Of the 2,066 companies responding to the survey, 87% reported a security incident. The U.S. Federal Trade Commission, which says identity theft is its top complaint, on May 10 created an Identity Theft Task Force following an executive order signed by President George W. Bush.
To track cybercrime, law enforcement officers work with companies such as eBay Inc. (EBAY ) or Microsoft Corp. (MSFT ) as well as with authorities around the globe. EBay has 60 people combating fraud, while Microsoft's Internet Safety Enforcement team has 65 operatives, including former law enforcement agents and federal prosecutors. To document the extent of the activity, BusinessWeek reporters also scoured underground Web sites where stolen data is swapped like so many baseball cards on eBay. Consider this e-mail promoting the launch of an online trading bazaar, vendorsname.ws, last year:
"During the battle with US Secret Service, we !@#&! all those [law enforcement] bastards and now are running a brand new, improved and the biggest carder' forum you ever seen." The message brags about its array of stolen goods: U.S. and European credit-card data, "active and wealthy" PayPal (EBAY ) accounts, and Social Security numbers. Those who "register today" get a "bonus" choice of "one Citybank account with online access with 3K on board" or "25 credit cards with PINs for online carding."
What follows is a look at four individuals, besides Golubov, who are identified by multiple law enforcement authorities as high-priority targets in their investigations. It's no coincidence that all are Russian. Strong technical universities, comparatively low incomes, and an unstable legal system make the former Soviet Union an ideal breeding ground for cyberscams. Also, tense political relations sometimes complicate efforts to obtain cooperation with local law enforcement. "The low standard of living and high savviness is a bad combination," says Robert C. Chesnut, a former U.S. federal prosecutor who is a senior vice-president directing antifraud efforts at eBay.
SHIPPING AND RECEIVING
Among the most pernicious scams to emerge over the past few years are so-called re-shipping rings. And U.S. officials believe the king of these is a Russian-born hacker who goes by the name Shtirlitz -- a sly reference to a fictional Soviet secret agent who spied on the Nazis. In real life, Shtirlitz is being investigated by the U.S. Postal Inspection Service in connection with tens of millions of dollars worth of fraud in which Americans are signed up to serve as unwitting collaborators in converting stolen credit-card data into tangible goods that can be sold for cash. "We think he is involved in the recruitment of hundreds of people," says William A. Schambura, an analyst with the U.S. Postal Inspection Service. Shtirlitz did not respond to e-mail requests for comment.
Investigators believe that people like Shtirlitz use stolen credit cards to purchase goods they send to Americans whose homes serve as dropoff points. The Americans send the goods overseas, before either the credit card owner or the online merchant catches on. Then the goods are fenced on the black market. BusinessWeek found that re-shipping groups take out advertisements in newspapers and spoof ads from online job sites. "We have a promotional job offer for you!!" beckons one e-mail for a "shipping-receiving position" from UHM Cargo that appeared to come from Monster.com (MNST ). It states that "starting salary is $70-$80 per processed shipment. Health and Life benefits after 90 days."
In truth, these scams come and go so fast that the "shippers-receivers" don't know what hit them. One retired business executive from Florida was furious after learning that he had become entangled in a company that U.S. officials believe was run by Shtirlitz. The man sent about 40 packages, mostly computers and expensive cameras, to Finland before a department store notified him of the scheme. "At that point I wanted to do everything I could to destroy them," says the former exec, who is helping with the Postal Inspection Service investigations.
Officials do not know Shtirlitz' real name but believe he is 25 to 27 years old and lived in the San Francisco area at one time after his parents emigrated. They do not know where he is now but believe he is active. In one forum of CardingWorld.cc, a person with the alias iNFERNis posted this request on Dec. 23, 2005:
"Hi, I need eBay logins with mail access, please icq 271-365-234."
A few hours later, Shtirlitz replied:
"I know good vendor. ICQ me: 80-911."
Once equipped, someone could log into those eBay accounts and use them to buy goods with the owner's money, while emptying the money out of their PayPal account. "The Web sites are more like a dating service," says Yohai Einav, an analyst at RSA Security Inc. (RSAS ). "Then you can conduct transactions in private chat rooms. I can click on someone's name and start doing business with them."
FALLEN ANGEL
The technical tools to steal credit-card numbers and online bank account log-in data are often just as valuable as the stolen goods themselves. Smash is being investigated by the Postal Inspection Service on suspicion that he helps hackers hack. The picture, or avatar, that accompanies Smash's posts in online chat rooms shows a fallen angel. From 25 to 30 years old and based in Moscow, he is believed to be an expert in building spyware programs, malicious code which can track Web surfers' keystrokes and are often hidden in corrupted Web sites and spam e-mail. U.S. enforcement officials say Smash's Russia-based company, RAT Systems, openly hawks spyware on the Web at www.ratsystems.org. E-mails requesting comment were not returned.
On its home page, RAT Systems denies any malicious intent: "In general, we're against destructive payloads and the spreading of viruses. Coding spyware is not a crime." But the "terms of service" guarantee that its spyware products will be undetectable by the antivirus software made by security companies such as McAfee Inc. (MFE ) and Symantec Corp. (SYMC ). One product, called the TAN Systems Security Leak, created for attacking German companies, sells for $834. "It's like [saying]: 'Yes, I sell guns to someone who sells crack, but I'm not responsible for them,"' says the Postal Service's Crabb.
Postal Inspection Service officials are also investigating Smash's activity as a senior member of the International Association for the Advancement of Criminal Activity, which they describe as a loose-knit network of hackers, identity thieves, and financial fraudsters. Smash and another sought-after hacker named Zo0mer jointly operate IAACA's Web site, www.theftservices.com, one of the most popular and virulent data trading sites, according to U.S. officials. Hosted by a Web service in Malaysia, the theftservices.com home page boasts cartoon ads of fraudsters using credit cards at banks and stores as police cars give chase. Smash, listed as a moderator on the site, did not return e-mails seeking comment.
KING OF SPAM
On May 11, 2005, Massachusetts Attorney General Tom Reilly filed a lawsuit against Leo Kuvayev and six accomplices, accusing them of sending millions of spam e-mails to peddle counterfeit drugs, pirated software, fake watches, and pornography. Kuvayev, a 34-year-old native of Russia who uses the nickname BadCow, is one of the world's top three spammers, according to anti-spam group Spamhaus. State officials allege that Kuvayev and his associates used a number of Web-hosting services from the U.S. and around the world to launch attacks. Kuvayev was charged with violating the federal CAN-SPAM Act of 2003, which requires that unsolicited commercial e-mail be accurate and honest.
Massachusetts was able to go after Kuvayev because he listed a Massachusetts address on his driver's license and conducted business using a Boston Post Office box. On Oct. 11, 2005, after none of the defendants appeared to answer the charges, a Superior Court judge issued a default judgment against them. The judge found the spammers in violation of state and federal consumer protection laws and ordered a permanent shutdown of dozens of illegal Web sites. Kuvayev and his co-defendants were ordered to pay $37 million in civil penalties for sending nearly 150,000 illegal e-mails.
Federal law enforcement officials believe Kuvayev's operation was pulling in more than $30 million a year. State officials suspect Kuvayev fled to Russia before he was sued. "The problem is, Russia does not have any antispamming laws at the moment," says Crabb. "It's hard to catch someone who isn't breaking the law." Kuvayev did not respond to requests for comment e-mailed to Web sites affiliated with him, and phone numbers listed under his address were not working.
GOT YOUR NUMBER
Bank robbers rob banks because that's where the money is. For hackers, the best loot is often found inside the networks of credit-card processors, the middlemen that handle card transactions for merchants and banks.
Postal Inspection Service officials say they are investigating Roman Khoda, aka My0, on suspicion he could be connected to the theft of a million credit card numbers in recent years.
A 26-year-old Russian with a university degree in physics, Khoda once worked with the leading members of carderplanet, according to Schambura. U.S. officials describe carderplanet as one of the largest online marketplaces used to buy and sell pilfered bank-account and card data, until it was broken up by U.S. and foreign officials in August, 2004. But Khoda is unlike some cocky hackers who often write their own digital signatures into malicious code, says Crabb; he operates with stealth. At carderplanet and successor Web sites, he has not left a detailed trail connecting him directly to stolen data. Crabb says Khoda and two accomplices conducted extensive due diligence on the computer networks of targets, even setting up fake companies with accounts at credit-card processors to test for holes in the system. Then they lugged PCs to a rented apartment on the Mediterranean island of Malta, according to Crabb. Using proxy servers in the U.S., China, and Ukraine to hide their Internet connection, Khoda & Co. unleashed their attacks.
Investigators say Khoda even keeps a low profile in the often-gabby cybercommunity. A search of popular underground trading sites turns up little evidence of My0. A woman who answered a Russian phone number for Khoda provided by U.S. law enforcement said it is no longer registered to him. E-mails and instant messages sent to Khoda's ICQ instant messaging number were not returned.
But in instant messages viewed by officials at the National Cyber-Forensics and Training Alliance, a cybercrime intelligence unit jointly operated by the FBI and Postal Inspection Service, in partnership with universities, Khoda complains how his life would be upended if his real identity were exposed. The reason? U.S. officials say he worries that information about his online activities could hurt his offline businesses in Russia.
source:http://www.businessweek.com/magazine/content/06_22/b3986093.htm?campaign_id=bier_tcm
Sun Announces $100k Contest for Grid App Developers
source:http://developers.slashdot.org/developers/06/05/19/0046206.shtml
Japanese lab creates 'Da Vinci' voices
Cracking "The Da Vinci Code" could have been easier -- well, maybe -- if the characters had enlisted the Japanese lab which has "recreated" the voices of Leonardo and Mona Lisa.Using methods employed in criminal investigations, the Japan Acoustic Lab says it has analyzed the skeletal structures of the historical figures' faces to replicate how their voices would have sounded.
The voices are part of the intense promotion of the Hollywood film on Microsoft's Japanese site at http://promotion.msn.co.jp/davinci/voice.htm.
"We believe we were able to create the voices that are very close to the real voices. Perhaps it was really how they really sounded," the lab's chief Matsumi Suzuki says on the website.
A former police engineer who specializes in audio analysis, Suzuki says he assumed the woman in the legendary famed Leonardo painting was 168 centimeters (5 foot, 6 inches) tall, giving her a relatively low tone for a woman.
"We cannot tell exactly how tall she was. So we analyzed the length of her right middle finger" and looked at the average height of Italian women, he said.
Suzuki says he gave Mona Lisa a slightly nasal tone because of her relatively large nose.
For Leonardo, Suzuki made his voice around the time when he was 60 years old to match his bearded face in the famous sketched portrait.
"Because the beard covers his jaws in his portrait, we could not tell his exact skeletal features. We assumed that he had a heavy-jowled face, giving him a nice, bass tone," Suzuki says.
Suzuki, who frequently appears in popular media, has used his skills in a variety of fields, such as analyzing voices in purported recordings of Osama bin Laden.
He also collaborated with Japanese toy maker Takara Co. to create the smash-hit Bowlingual, which is said to interpret dog language.
For the toy, Suzuki received the 2002 tongue-in-cheek IgNobel Prize in the field of peace for scientific achievement that "cannot or should not be reproduced."
source:http://www.physorg.com/news67140047.html
Possible Antibiotic for MRSA Superbug
source:http://science.slashdot.org/science/06/05/19/0042238.shtml
Microsoft: Set your systems for Vista
On Thursday, the company kicked off a campaign aimed at helping customers prepare for the new operating system, which is set for a mainstream launch in January.
As expected, Microsoft gave details of two programs. The "Vista-capable" program allows machines that meet a minimum set of requirements to tout themselves as able to run the new Windows.
Computer makers who meet higher requirements will be able to tout their machines as "Premium Ready," indicating the PCs are able to take advantage of higher-end features, such as Vista's Aero graphics.
"There's really no reason to wait until the launch of Windows Vista to start shopping for a PC that can deliver a great Windows Vista experience or to start thinking about upgrading your current PC to windows Vista," product manager Greg Amrofell said in a telephone interview.
Microsoft also launched on Thursday a "Get Ready" Web site, which includes an Upgrade Advisor tool to help people determine just how Vista-ready an existing PC is.
The downloadable program is designed to tell people which features and versions of Vista their PC is able to run, thereby abstracting some of the complex requirements of Vista. For example, Aero graphics require a certain amount of memory bandwidth--a measurement of PC performance that few people are likely to know about in their machine. The advisor tool will simply say whether a PC will work out or not, rather than focus on specific requirements.
That way, customers "don't have to spend time in the footnotes of complex system requirements," said Mike Burk, the PR Manager, Windows Client.
What's needed?
New PCs must meet these requirements to be tagged as able to run Windows Vista at either of two levels.| Vista-capable | Premium Ready | |
|---|---|---|
| Processor | Modern chip (at least 800MHz) | 1GHz 32-bit (x86) or 64-bit (x64) |
| System memory | 512MB | 1GB |
| GPU | DirectX 9 capable (WDDM support recommended) | Runs Windows Aero |
| Graphics memory | (none specified) | 128MB |
| HDD | (none specified) | 40GB |
| HDD free space | (none specified) | 15GB |
| Optical drive | (none specified) | DVD-ROM drive |
Note: Processor speed is the nominal operational chip frequency for the PC. The DVD-ROM for Premium Ready can be external.
Source: Microsoft
That said, Microsoft did publish official minimum requirements for Vista on Thursday, largely matching the Vista-capable specifications. Systems need an 800 MHz processor, 512MB of memory, a 20GB hard drive with 15GB of free space and a CD-ROM drive. That guarantees access to Vista's core features, but not Aero and other premium features.
To be classified as Vista-capable, a computer needs an 800MHz processor, 512MB of memory and a DirectX 9-capable graphics card. Premium Ready machines need a 1GHz processor, 128MB of graphics memory, 1GB of system memory, a 40GB hard drive and an internal or external DVD-ROM drive.
While Microsoft has provided some clarity on checking a PC for Vista, it's not a straightforward process, said Michael Cherry, an analyst at market research firm Directions on Microsoft.
"I don't understand why it has to be this complex," he said. "Why can't this be written up on a one-page piece of paper in a manner that you don't have to be an electrical engineer to understand?"
Most shipping PCs should be Vista-capable, Microsoft said. For example, all systems introduced by Dell this year are Vista-capable. The majority of Dell's Vista-capable machines will support Aero graphics and more than three-fourths of its models can be configured to run the fancier graphics. Dell is also offering 17 custom-configured systems that are designed to support Aero.
"Our sense is that the vast majority of PCs do meet the requirements for the Vista-capable logo," Amrofell said. As for Premium Ready, he said that "a good number of PCs do meet the bar, and that's going to grow over the next few months."
The marketing programs and upgrade tool are designed to ease some of the uncertainty around Vista well ahead of the back-to-school and holiday shopping seasons, the two biggest PC selling times of the year. Vista had long been expected to arrive by the 2006 holidays, but Microsoft said in March that it would not arrive on store shelves until January.
Kevin Johnson, head of the business unit that includes Windows, said in an interview with CNET News.com this week that Microsoft is likely to have some kind of discount or upgrade program to help those who buy a PC this holiday season upgrade to Vista.
"Yeah, there's likely to be something," Johnson said, without giving specifics.
source:http://news.com.com/Microsoft+Set+your+systems+for+Vista/2100-1016_3-6073779.html?tag=html.alert
Micron to unveil 8-megapixel image chip
Sensor can capture high-quality photos, high definition video
BOISE, Idaho - Chip-maker Micron Technology Inc. will unveil a thumbnail-sized digital sensor that enables pocket-sized cameras and cell phones to capture bursts of 10 high-quality photos in a single second or even high-definition video.
Production of the new 8-megapixel digital image sensor is expected to begin early next year at Micron's fabrication plants in Idaho and Italy, the Boise-based company said Thursday.
Devices using the new chip should reach consumers by late 2007 and will feature high-speed, high-megapixel digital photography capabilities normally found in more expensive, single-lens reflex cameras. Micron did not identify any customers in its announcement.
"We're saying it can go in a point-and-shoot camera selling in the $200 to $300 range," said Suresh Venkatrama, Micron's director of the digital camera segment. "It brings high-quality digital video and photography down to the consumer space."
The new sensor is a type of chip known as a "complementary metal-oxide semiconductor," or CMOS. Analysts say the technology, which is also used in memory chips and microprocessors, will challenge the dominance of traditional light-sensing charge-coupled devices, or CCDs.
"With CMOS' lower power consumption, cost advantages and the ability to integrate more functionality onto the chip set, CCD is under a lot of pressure in this market," said Jeff Hayes, director of consumer imaging for InfoTrends in Weymouth, Mass.
But Chris Chute, research manager for IDC Digital Imaging Solutions in Framingham, Mass. said it may take a while for the new sensor to become commonplace in consumer cameras. Most digital cameras are made in Japan and manufacturers there tend to buy image sensors from Japanese suppliers, who primarily produce CCD chips.
"This will immediately appeal to photography enthusiasts, but the average consumer is really more of a middle- to late-adopter and doesn't pay attention to the specs and features as much," said Chute. "You are probably going to see this in mainstream digital cameras and high-end cell phones in another year or so."
Micron's new sensor includes a faster processor that eliminates usual point-and-shoot delays between taking pictures. That means users can shoot up to 10 images per second at 8-megapixel resolution or 30 frames per second at a resolution of 2-megapixels.
A 2-megapixel digital picture file can be printed in the normal 4-inch-by-6-inch format without noticeable graininess while an 8-megapixel picture can be printed in the larger 8x10 format without a loss of quality.
The sensor's rapid capture rate and high resolution also allows smaller cameras to incorporate features such as image stabilization, faster auto-focus, higher quality digital zoom and recording HD video, said Micron, which also is the largest U.S. manufacturer of computer memory chips.
"There is growing interest in mobile video, especially among younger consumers," Hayes said. "With large memory chips coming out on camera phones, you are talking about capturing 20 to 30 minutes of HD-quality video on a mobile device and that pushes the consumer closer to where they consider using their phone as an everyday camcorder and camera."
source:http://www.msnbc.msn.com/id/12851321
Google Faces Lawsuit Over Search Suggestions
The suit, originally filed in February, was refiled Wednesday by ServersCheck BVBA, a small company that makes network monitoring software, over Google's "Suggest" feature, included in the latest version of its search toolbar for Web browsers. When a user types in keywords for a search, the toolbar shows a drop-down menu of guesses related to those words.
If ServersCheck is entered, Google generates suggested search terms such as "serverscheck crack," "serverscheck pro crack," and "serverscheck keygen," which lead to pirated software, said Maarten Van Laere, chief executive officer of ServersCheck.
Van Laere said he was told by Google that Web sites with illegal content would be removed from their index, but that it couldn't tweak the Suggest feature. So Van Laere filed suit, an action he said is an expensive option for a small company against a behemoth such as Google.
He's trying to get Google to change the Suggest results. Van Laere uses Google's tool for analyzing Web traffic and found that about 93 percent of ServerCheck's customers come to their Web site by way of the popular search engine.
"We don't have any problems with the fact that in Google you can find illegal copies of our software," Van Laere said. "There are people who will never buy the product at the end of the day.
"But people that are looking for your company's name in good faith are then being suggested by Google to go and look for a crack. That is a complete different ballgame," Van Laere said.
Censorship Concerns
In response to the suit, a Google attorney told a Belgian newspaper on Wednesday that they could not filter the results of Google Suggest, citing censorship concerns.
Van Laere said the defense isn't accurate, since it appears that Google Suggest will not try to complete tracking numbers for shipping items or offer alternate suggestions for sexually-related terms. In a test, Google Suggest did not offer any related words for the terms "pornography," "naked" and "sex."
An attorney based in Belgium for Google was not immediately available for comment.
The latest problem is not the only run-in ServersCheck has had with Google. In its original lawsuit, ServersCheck complained that Google was allowing a competitor to use its brand name in an advertisement, falsely claiming that ServersCheck's software could be downloaded, Van Laere said.
Google agreed while the suit was making its way through court to halt advertisements on its AdWords service that used ServersCheck's name, Van Laere said.
source:http://news.yahoo.com/s/pcworld/20060518/tc_pcworld/125758
AT&T Whistle-Blower's Evidence
Former AT&T technician Mark Klein is the key witness in the Electronic Frontier Foundation's class-action lawsuit against the company, which alleges that AT&T illegally cooperated in an illegal National Security Agency domestic-surveillance program.
In this recently surfaced statement, Klein details his discovery of an alleged surveillance operation in an AT&T office in San Francisco, and offers his interpretation of company documents that he believes support his case.
For its part, AT&T is asking a federal judge to keep those documents out of court, and to order the EFF to return them to the company. Here Wired News presents Klein's statement in its entirety, along with select pages from the AT&T documents.
AT&T's Implementation of NSA Spying on American Citizens
31 December 2005
I wrote the following document in 2004 when it became clear to me that AT&T, at the behest of the National Security Agency, had illegally installed secret computer gear designed to spy on internet traffic. At the time I thought this was an outgrowth of the notorious Total Information Awareness program which was attacked by defenders of civil liberties. But now it's been revealed by The New York Times that the spying program is vastly bigger and was directly authorized by President Bush, as he himself has now admitted, in flagrant violation of specific statutes and constitutional protections for civil liberties. I am presenting this information to facilitate the dismantling of this dangerous Orwellian project.
AT&T Deploys Government Spy Gear on WorldNet Network
-- 16 January, 2004
In 2003 AT&T built "secret rooms" hidden deep in the bowels of its central offices in various cities, housing computer gear for a government spy operation which taps into the company's popular WorldNet service and the entire internet. These installations enable the government to look at every individual message on the internet and analyze exactly what people are doing. Documents showing the hardwire installation in San Francisco suggest that there are similar locations being installed in numerous other cities.
The physical arrangement, the timing of its construction, the government-imposed secrecy surrounding it, and other factors all strongly suggest that its origins are rooted in the Defense Department's Total Information Awareness (TIA) program which brought forth vigorous protests from defenders of constitutionally protected civil liberties last year:
"As the director of the effort, Vice Adm. John M. Poindexter, has described the system in Pentagon documents and in speeches, it will provide intelligence analysts and law enforcement officials with instant access to information from internet mail and calling records to credit card and banking transactions and travel documents, without a search warrant." The New York Times, 9 November 2002
To mollify critics, the Defense Advanced Research Projects Agency (Darpa) spokesmen have repeatedly asserted that they are only conducting "research" using "artificial synthetic data" or information from "normal DOD intelligence channels" and hence there are "no U.S. citizen privacy implications" (Department of Defense, Office of the Inspector General report on TIA, December 12, 2003). They also changed the name of the program to "Terrorism Information Awareness" to make it more politically palatable. But feeling the heat, Congress made a big show of allegedly cutting off funding for TIA in late 2003, and the political fallout resulted in Adm. Poindexter's abrupt resignation last August. However, the fine print reveals that Congress eliminated funding only for "the majority of the TIA components," allowing several "components" to continue (DOD, ibid). The essential hardware elements of a TIA-type spy program are being surreptitiously slipped into "real world" telecommunications offices.
In San Francisco the "secret room" is Room 641A at 611 Folsom Street, the site of a large SBC phone building, three floors of which are occupied by AT&T. High-speed fiber-optic circuits come in on the 8th floor and run down to the 7th floor where they connect to routers for AT&T's WorldNet service, part of the latter's vital "Common Backbone." In order to snoop on these circuits, a special cabinet was installed and cabled to the "secret room" on the 6th floor to monitor the information going through the circuits. (The location code of the cabinet is 070177.04, which denotes the 7th floor, aisle 177 and bay 04.) The "secret room" itself is roughly 24-by-48 feet, containing perhaps a dozen cabinets including such equipment as Sun servers and two Juniper routers, plus an industrial-size air conditioner.
The normal work force of unionized technicians in the office are forbidden to enter the "secret room," which has a special combination lock on the main door. The telltale sign of an illicit government spy operation is the fact that only people with security clearance from the National Security Agency can enter this room. In practice this has meant that only one management-level technician works in there. Ironically, the one who set up the room was laid off in late 2003 in one of the company's endless "downsizings," but he was quickly replaced by another.
Plans for the "secret room" were fully drawn up by December 2002, curiously only four months after Darpa started awarding contracts for TIA. One 60-page document, identified as coming from "AT&T Labs Connectivity & Net Services" and authored by the labs' consultant Mathew F. Casamassima, is titled Study Group 3, LGX/Splitter Wiring, San Francisco and dated 12/10/02. (See sample PDF 1-4.) This document addresses the special problem of trying to spy on fiber-optic circuits. Unlike copper wire circuits which emit electromagnetic fields that can be tapped into without disturbing the circuits, fiber-optic circuits do not "leak" their light signals. In order to monitor such communications, one has to physically cut into the fiber somehow and divert a portion of the light signal to see the information.
This problem is solved with "splitters" which literally split off a percentage of the light signal so it can be examined. This is the purpose of the special cabinet referred to above: Circuits are connected into it, the light signal is split into two signals, one of which is diverted to the "secret room." The cabinet is totally unnecessary for the circuit to perform -- in fact it introduces problems since the signal level is reduced by the splitter -- its only purpose is to enable a third party to examine the data flowing between sender and recipient on the internet.
The above-referenced document includes a diagram (PDF 3) showing the splitting of the light signal, a portion of which is diverted to "SG3 Secure Room," i.e., the so-called "Study Group" spy room. Another page headlined "Cabinet Naming" (PDF 2) lists not only the "splitter" cabinet but also the equipment installed in the "SG3" room, including various Sun devices, and Juniper M40e and M160 "backbone" routers. PDF file 4 shows one of many tables detailing the connections between the "splitter" cabinet on the 7th floor (location 070177.04) and a cabinet in the "secret room" on the 6th floor (location 060903.01). Since the San Francisco "secret room" is numbered 3, the implication is that there are at least several more in other cities (Seattle, San Jose, Los Angeles and San Diego are some of the rumored locations), which likely are spread across the United States.
One of the devices in the "Cabinet Naming" list is particularly revealing as to the purpose of the "secret room": a Narus STA 6400. Narus is a 7-year-old company which, because of its particular niche, appeals not only to businessmen (it is backed by AT&T, JP Morgan and Intel, among others) but also to police, military and intelligence officials. Last November 13-14, for instance, Narus was the "Lead Sponsor" for a technical conference held in McLean, Virginia, titled "Intelligence Support Systems for Lawful Interception and Internet Surveillance." Police officials, FBI and DEA agents, and major telecommunications companies eager to cash in on the "war on terror" had gathered in the hometown of the CIA to discuss their special problems. Among the attendees were AT&T, BellSouth, MCI, Sprint and Verizon. Narus founder, Dr. Ori Cohen, gave a keynote speech. So what does the Narus STA 6400 do?
"The (Narus) STA Platform consists of stand-alone traffic analyzers that collect network and customer usage information in real time directly from the message.... These analyzers sit on the message pipe into the ISP (internet service provider) cloud rather than tap into each router or ISP device" (Telecommunications magazine, April 2000). A Narus press release (1 Dec., 1999) also boasts that its Semantic Traffic Analysis (STA) technology "captures comprehensive customer usage data ... and transforms it into actionable information.... (It) is the only technology that provides complete visibility for all internet applications."
To implement this scheme, WorldNet's high-speed data circuits already in service had to be rerouted to go through the special "splitter" cabinet. This was addressed in another document of 44 pages from AT&T Labs, titled "SIMS, Splitter Cut-In and Test Procedure," dated 01/13/03 (PDF 5-6). "SIMS" is an unexplained reference to the secret room. Part of this reads as follows:
"A WMS (work) Ticket will be issued by the AT&T Bridgeton Network Operation Center (NOC) to charge time for performing the work described in this procedure document....
"This procedure covers the steps required to insert optical splitters into select live Common Backbone (CBB) OC3, OC12 and OC48 optical circuits."
The NOC referred to is in Bridgeton, Missouri, and controls WorldNet operations. (As a sign that government spying goes hand-in-hand with union-busting, the entire (Communication Workers of America) Local 6377 which had jurisdiction over the Bridgeton NOC was wiped out in early 2002 when AT&T fired the union work force and later rehired them as nonunion "management" employees.) The cut-in work was performed in 2003, and since then new circuits are connected through the "splitter" cabinet.
Another "Cut-In and Test Procedure" document dated January 24, 2003, provides diagrams of how AT&T Core Network circuits were to be run through the "splitter" cabinet (PDF 7). One page lists the circuit IDs of key Peering Links which were "cut-in" in February 2003 (PDF 8), including ConXion, Verio, XO, Genuity, Qwest, PAIX, Allegiance, AboveNet, Global Crossing, C&W, UUNET, Level 3, Sprint, Telia, PSINet and Mae West. By the way, Mae West is one of two key internet nodal points in the United States (the other, Mae East, is in Vienna, Virginia). It's not just WorldNet customers who are being spied on -- it's the entire internet.
The next logical question is, what central command is collecting the data sent by the various "secret rooms"? One can only make educated guesses, but perhaps the answer was inadvertently given in the DOD Inspector General's report (cited above):
"For testing TIA capabilities, Darpa and the U.S. Army Intelligence and Security Command (INSCOM) created an operational research and development environment that uses real-time feedback. The main node of TIA is located at INSCOM (in Fort Belvoir, Virginia)…."
Among the agencies participating or planning to participate in the INSCOM "testing" are the "National Security Agency, the Defense Intelligence Agency, the Central Intelligence Agency, the DOD Counterintelligence Field Activity, the U.S. Strategic Command, the Special Operations Command, the Joint Forces Command and the Joint Warfare Analysis Center." There are also "discussions" going on to bring in "non-DOD federal agencies" such as the FBI.
This is the infrastructure for an Orwellian police state. It must be shut down!
source:http://www.wired.com/news/technology/0,70908-0.html
