back to table of contents
****************************************************************************** ****************************************************************************** ****************************************************************************** Part 2: On Monitoring and Being Monitored ---- - -- ---------- --- ----- --------- o On Monitoring - Driver's Seat - Five Months Statistics - The FBI Investigations - I Can See What You Are Thinking - Why I Monitor o On Being Monitored If you are an ordinary citizen, you may not notice the INVISIBLE massive spy apparatus until it is too late. As has already happened repeatedly: the government will use this National Spying Apparatus to crush political protests, and monitor the politically incorrect. In the 1960s, 1970s, 1980s... and the 1990s. Question: Why argue against something that would catch crime? Answer: ECHELON is so invasive we lose all privacy. It is infinitely abusable. It has been abused repeatedly. CALEA takes us into the abyss. Would monitoring really turn up that many violations? Meaning: is it really that effective a mechanism? ****************************************************************************** On Monitoring -- ---------- I am a traffic analysis person. Internet email. Company spook. Boo. The bad news: getting people fired. The good news: really great Internet humor is picked up too. From the land of "Put the shrimp on the barby, Marlene:" I was travelling on a tram the other day and in one seat there was an old digger (Australian soldier or ex soldier) reading his newspaper. Across from him was a juvenile with a spikey mohawk haircut coloured pink, green, orange and yellow. The old digger kept looking over his newspaper at him. Finally the young bloke spat the dummy, and yelled at the elderly gent, "What the f......k are you looking at you silly old bastard, haven't you ever done anything outrageous yourself ? As cool as a cucumber the old digger put down his paper and said, "I screwed a parrot once, and I was wondering if you were my son" Actually, I consider the people to have fired themselves. It's weird when you're on the controlling side: I almost started putting skull stickers on my terminal for each 'kill'. Thought it would be funny. (Real Country Song Title:) I'm Just A Bug On The Windshield Of Life ---------------------------------------- Tom and Linda were driving their car behind Lorena Bobbit on the day she cut her husband's penis off. When she threw it out the window, it hit Tom's windshield. Tom turned the windshield wipers on, cleared the mess, turned to Linda and said, "Did you see the dick on that bug?" For the past two years on Wall Street, I have monitored employee Internet email, using homegrown snarf code. Monitored by keyword spotting software with keyword spotting exclusion logic. I call this software: the Internet Risk Management Analytics. The NSA calls theirs DICTIONARY. The results of monitoring were stunning. Absolutely stunning. If you would like a full copy of the tail, email me with Subject line "Request Monitoring Tale". It is in the form of a complaint against Salomon Brothers. I went public with it after the five attempts to handle the problem internal to Salomon failed, and then the SEC failed to even contact me about the complaint. Anyway, I take advantage of the screwed up situation to explain to you what it means to be monitored by powerful keyword monitoring software. All company names are real. All people's names in security incident reports are changed, as are any proprietary data/numbers. Any personal-personal traffic (the person's own words with outside friends) is changed so it is not the actual traffic that went across, but it will have the same visceral-word impact as the original. Picture yourself inside a company. You are an office worker. Like everyone else you have a desktop computer. It is on the company network. The company has an Internet connection. You can send/receive email over the Internet. Ready? Ready to keyword monitor roughly seven thousand people? Driver's Seat -------- ---- Both sites started with a bang. The smaller site had two security incidents within the first three hours. Two different format (Microsoft Access DB, Excel spreadsheet) copies of employee social security numbers and other personal personnel information flew out of the smaller site's Internet connection. Internet firewalls have no protection against file transfer via email. Yet companies often disallow FTP, another command for transferring files. ALL email is transferred as a file. My two managers shook their heads at people being so stupid as to mail company confidential information over the Internet in the clear. Their security rule was "Don't send it out over the Internet unless it's okay to read about in the next day's paper." The transmissions included the managers' social security numbers too. For non-U.S. people: a defacto key for accessing all of ones personal records. And why did I create and turn on email monitoring at that site? Well, those business magazines for the computer industry like to sell big screaming "Internet Security: the Sky is Falling!!!" covers now and then. So, one triggered the Chairman to start making strange noises about shutting down the Internet connection for security reasons. Also said something about having email printed out at the Internet system and hand-delivered. Now THAT scared the hell out of the rest of us, from geeks to managers, so, being the hired gun for doing Internet security, I created some capture code. All email in and out of the firm was now being copied to a 'save' directory. Each night I went over it - all email traffic - with the aid of my analytics: keyword spotting and keyword excluding software. I had never heard of ECHELON or DICTIONARY or anything like it. It was just obvious what to do from trying to check all (each and every one) email personally at first. There was way too much of it for me to do that. All the analytics I set up, including what I call the daily 'radar' file, depended entirely on keyword monitoring. Items selected for review met a series of include/exclude keyword matches. Everything. ********** begin excerpt from 'Corruption at Salomon Brothers' ********** Ope's movie "Apollo 13" starring Tom Hanks had just come out: > Date: Thu, 21 Mar 96 13:03:43 EST > From: guy > To: <someone> > Subject: HOUSTON, WE HAVE A PROBLEM > Cc: <someone> <someone> > > > Out bound from Salomon: From "Howie Windows" <how@sbi89> > In bound to Silicon Graphics: To: > Subject: sar source code > > internet:root 543> wc -l *.[ch] > 129 sa.h > 626 sadc.c > 532 saga.c > 496 sagb.c > 45 saghdr.h > 1463 sar.c > 220 timex.c > 3511 total > > 3500 lines of source, across seven sources, each clearly labelled: > > /* Copyright (c) 1984 AT&T */ > /* All Rights Reserved */ > > /* THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF AT&T */ > /* The copyright notice above does not evidence any */ > /* actual or intended publication of such source code. */ > > ...followed by another email with a subset of the same source, > slightly modified, and the proprietary header stripped out. > > I hope it didn't flow past AT&T's ISP connections... [snip] ********** end excerpt from 'Corruption at Salomon Brothers' ********** This transfer of proprietary source code that USED to be owned by AT&T did not even qualify for action. Salomon legal stated Salomon has a lower obligation for third-party copyrights than they did for software they contracted for themselves, like Sybase. Salomon didn't have a UNIX source license, so obviously the employee had gotten it elsewhere. In the following statistic, it was the only non-Salomon source code. We went from zero monitoring of Internet email traffic to... > On 3/21/96 we had our first security incident report. > > By 3/26/96 we had an astonishing 38,000 lines of proprietary source code > outbound. > > We were mentally unprepared. Figuratively we were pulling our hair out > wondering when the madness would stop. > > It never did. As I said, the results of keyword monitoring were stunning. If you look up computer security literature and read up on security incidents, you'll notice none are more articulate about inside-employee incidents other than to describe the people as "disgruntled employees". Wrong. I'll go over some of the major categories of incidents I encountered. Keyword monitoring is abstract to most people; these results show how powerful the technique is. Here are two from the category: o People innocently trying to get work done. This usually happens between the programmer and a third-party vendor. SISS stands for 'Salomon Information Security Services'. The configurations and passwords to Salomon's network control devices - the heart of the network - flew out of our Internet connection to vendor Cisco in a seemingly unstoppable whirlwind. This was the fourth report in a row. ********** begin excerpt from 'Corruption at Salomon Brothers' ********** ******************************************************************************* ******************************************************************************* ******************************************************************************* SECURITY INCIDENT REPORT, 6/27/96 ROUTER PASSWORDS BRIDGE AND ROUTER CONFIGURATIONS NOC SYSTEMS SECURITY --------------------------------- This is a security incident report regarding the Internet (a public wire) traffic of Salomon Brothers, which is monitored for security/compliance. NOTE: THESE INCIDENTS HAVE NOT STOPPED DESPITE REPEATED SISS REPORTS! This report should be taken as a complaint that insufficient procedures have been put in place to ensure current and new Salomon personnel are made aware of the security issues of Internet transmissions for network device configuration files. Suggest wide-spread distribution of a memo concerning the problem. Perhaps place "no-Internet-transmission" comments in all network config files. Standard warning issued to all new networkers. Three transmissions of live passwords to three different Salomon routers have been sent in cleartext over the Internet by Rock Transves nnn-nnnn of Internet Client Services: SENDER DATE ROUTER LINE PASSWORD Rock Transves 6/27/96 09:37 bc7f7w40 [global] bs345way [and again on] 6/26/96 16:10 con 0 bs345way aux 0 bs345way vty 0 qwerty0 Rock Transves 6/18/96 11:27 ard7w35 [global] z23c4v5b trangobw1 [global] bs345way con 0 bs345way ALL OF THESE ROUTERS *AND* ALL ROUTERS USING THE SAME PASSWORDS MUST HAVE THEIR PASSWORDS CHANGED. [snip] ******************************************************************************* ******************************************************************************* ******************************************************************************* SECURITY INCIDENT REPORT, 7/3/96 OASYS SOURCE CODE: 38,696 PROPRIETARY LINES -------------------------------- This is a security incident report regarding the Internet (a public wire) traffic of Salomon Brothers, which is monitored for security/compliance. On Jul 3 1996, sara xxxxxxxxx of XXX-NJ emailed over the unprotected Internet 38,696 lines of OASYS C++ code to vendor RogueWave for tech support This code was clearly marked: " This SOFTWARE is proprietary and confidential to \n" " SALOMON BROTHERS INC. and may not be duplicated, \n" " disclosed to third parties or used for any purpose \n" " not expressly authorized by Salomon Brothers Inc.. \n" " Any unauthorized use duplication or disclosure is \n" " prohibited by law and will result in prosecution. \n"; SISS sincerely hopes noone was positioned to monitor this Internet traffic, because they would have picked up the full transfer. ******************************************************************************* ******************************************************************************* ******************************************************************************* There are plenty of alternatives to a) sending our proprietary code over the unprotected Internet b) disclosing our code to a third party The answer to a) is: don't do it. Get MD/SOO permission to use a courier. The answer to b) is: o Isolated the bug(s) to the smallest amount necessary to reproduce the error. According to the previous email traffic between these two people, there were two compile-time bugs. The programmer can be faulted for not using two orders of magnitude fewer lines for demonstrating the error. A small fragment of code can be emailed. o If the problem is compile-time, email the relevant C/C++ preprocessor output snippet. The comments by the programmer in the email transfer state THE CODE DOESN'T COMPILE ANYWAY. o Have the vendor deliver a "debug" version of their product. That would be a good use for email. Sun Microsystems does that with a C++ product for us, their customer. Email the results back. o Have the vendor visit to troubleshoot. o Requested a login via SecureID and Salomon's netblazer, supporting 28.8 PPP (TCP/IP for windowing connectivity) for the vendor. Let them transfer in any tools they need to troubleshoot. Short-term access. o If it is truly necessary to transfer a large amount of code, such as Informix working to convert a large Sybase app, then take the time to write a shell script that (using say 'sed') scrambles the names of environment variables, and be sure to hand-ruin any proprietary algorithms. Why is transfer of Salomon proprietary source to a vendor's site the last step to try? Because Salomon loses control over the code. In the Informix /Sybase case, the vendor Informix requested (and received) another copy of the code "because I lost the previous copy". Two emails between the pair are enclosed. [snip] ********************************* :Size: 846077, Dated: Jul 3 17:52 :Sender: sara@sbixxx [sara xxxxxxxxxx XXX-NJ] :Recipient: [Dennis xxxxxxx] :Subject: Re: (Fwd) Re: (Fwd) rw... **** UUencoding, Filename='rw4.tar.Z' Hi Dennis, The last patch didn't help, here's some other code that will also trigger the bug. This code doesn't compile for other reasons but we need to get the Rougeview issue resolved. Could you ask xxxx to look this over? Thanks, sara :begin 600 rw4.tar.Z ********************************* # of lines filename ----- -------- 54 4x.env 139 LocalRules 344 65 LoginDlg.h 221 MacroRules 87 Makefile 619 175 OASYSMain.h 79 51 SubApp.h 54 33 gui_main.h 42 lib_inc 647 113 sbOfLogin.h 0 sun4_4 22 version.txt 0 lib_inc/*.h 128 lib_inc/AccountBalance.h 22 lib_inc/AccountBalanceTest.h 59 lib_inc/AccrlInptTb.h 86 lib_inc/ArrClasT.h [snip of 247 lines] 38696 total ********** end excerpt from 'Corruption at Salomon Brothers' ********** Another major category of security incidents are what I've named: o Dumb-and-Dumber ********** begin excerpt from 'Corruption at Salomon Brothers' ********** > Date: Thu, 23 May 96 11:52:04 EDT > From: guy > To: vivian [Salomon lawyer to whom I reported] > Subject: Snarf: Two Redhots May 21/22 1996 > Cc: mon_c > > Vivian, > > Redhot #1) > > : ********************************* > : Filename: May_21_96/dfAA12846 Size: 59853, Dated: May 21 07:08 > : From: someone@sbixxx (Lara M.) > : Recipient: nnnnnn.nnn@CompuServe.COM > : Subject: Re: Can You? > : ********************************* > > Lara M. sent 1900 lines of C++ source to ex-SBI consultant Roger Rogers, > at his request. (One of numerous instances of SBI people doing such). > > The full transmission is enclosed. > > * Name : > * Name : ReconGen::ReconGen() > * Name : LogError > * Name : processQuery > * Name : writeGenFile > * Name : openGeneratedFile > * Name : StartUp > * Name : > * Name : ReconTool::ReconTool() > * Name : loadConfig > * Name : getData > * Name : getMultiData > * Name : LogError > * Name : readTableNames > * Name : constructSqlStatement > * Name : processQuery > * Name : storeColumnData - gets various column attributes > * Name : lookupInTableB > * Name : printReportRow > * Name : printEndOfReport > * Name : clearDownRows > * Name : openReportFile > * Name : StartUp > > > Redhot #2) > > : ********************************* > : Filename: May_22_96/dfAA16598 Size: 11786, Dated: May 22 16:07 > : Sender: someone@sbixxx (someone someone) > : Recipient: > : Subject: prepay.c > : ********************************* > > > static char *rcsid="$Id: prepay.c,v 1.29 1996/03/26 13:42:30 kautilya"; > /* Copyright M-) 1995 by Salomon Brothers Inc. All rights reserved. > ** Unpublished. > ** This software is proprietary and confidential to Salomon Brothers Inc > ** and may not be duplicated, disclosed to third parties, or used for > ** any purpose not expressly authorized by Salomon Brothers Inc. > ** Any unauthorized use, duplication, or disclosure is prohibited by law > ** and will result in prosecution. */ > > About 500 lines of C source outbound. Full source is enclosed. > > > > Last line in this email is marked as such, there are no attachments. > Thanks, > ---guy > > [snip] > > Roger, > > Let me know if this is what you want, otherwise I'll try again ! > > Lara > > [snip] > Lara, > > I've been hoping for those progs but they hadn't arrived. Can you > check my email address? > > This will be mega brownie points for me to get it working so fast. > > Thanks, > Roger The first one is where an ex-worker ("Dumb") asks a current employee for something proprietary, in this case written by the ex-co-worker, and the current employee ("Dumber") gives it to them. It happened again and again and again at all sites I've monitored. They fired her. One of the more unusual Dumb-and-Dumber incidents was when a new hiree who was quite happy with her new job - told all her friends in email - then sent an email "Subject: For your eyes only" into, with an Excel spreadsheet attached. It contained detailed compensation numbers for an entire trading desk. Technically it wasn't a Dumb-and-Dumber, more like a Dumber-to-Luckless, because the recipient didn't request it. Anyway, they fired her. And Deloitte & Touche fired the recipient!!! I guess they hold their people to very high standards: if you receive something proprietary of another company's, you'd better report it to management yourself. No, Deloitte & Touche didn't spot the transfer. We had to ask for our email "back". ********** end excerpt from 'Corruption at Salomon Brothers' ********** It just never stopped. Here are three examples from category: o Working on another job while within the firm ********** begin excerpt from 'Corruption at Salomon Brothers' ********** ******************************************************************************* ******************************************************************************* ******************************************************************************* This report concerns Internet public wire traffic of XXX XXXXXX XXXXXX. Internet traffic is monitored for security and compliance purposes. ---------------------------------- Security Incident Report 10/25/96 Raymond Brock: working on another job while within XXX XXXXXX XXXXXX ---------------------------------- On Fri Oct 25 Raymond Brock sent out an email regarding "a demo" that triggered a secondary search of his traffic. The results show he is working on a project outside XXXXXX, with the aid of XXXXXX systems. This report consists of: #1 - detailed summary of findings #2 - Brock's resume #3 - email between Brock and his partners #4 - sorted-unique list of sites/URLs visited #5 - one full days WWW log Prepared by Guy on 10/28/96. ******************************************************************************* ******************************************************************************* ******************************************************************************* [snip] > Back in April, Raymond Brock mailed out his resume, stating > these accomplishments for XXX XXXXXX XXXXXX: > > o front-end trading system > o portfolio system daily processing > o developed interfaces to monitor and feed trade system > [snip] > Now, according to his email, he is doing a project that includes > features along those lines. The demo is coming up soon: > [snip, next: HTML transferred out did this:] > > PERSONAL BROKER SYSTEM (1=cash, 2=margin, 3=short) > ORDER ENTRY CONTROL (BUY, COVER SHORT, SELL, SELL SHORT) > TRADE HISTORY > : Statistics for your account are > : Liquidity Value > : Equity Percentage > : Balance after Trade > : Market Value > : Equity > : Cash Available > : Margin > : Total > : Short [final snip] ******************************************************************************* ******************************************************************************* ******************************************************************************* This report concerns Internet public wire traffic of XXX XXXXXX XXXXXX. Internet traffic is monitored for security and compliance purposes. ---------------------------------- Security Incident Report 10/29/96 Joseph Busy: working on another job while within XXX XXXXXX XXXXXX ---------------------------------- Aggregate email from Joseph Busy shows he is very involved in running a business on the side. At the least, he is directing the efforts of others who work in his other company via his XXXXXX email. Among the shots he is calling for: o Find out where our money is: report XXX to the BBB and Chamber of Commerce and Dunn and Bradstreet as past due 120 days on $200. o Collect money from the real estate company o Firm up a meeting for the investment bankers o Make sure all bids are out o Make sure distributor list is up to date and credit lines and terms are verified. o Where's the money from the Navy? o Find out costs for health insurance for the company (Ongoing). o Test program and relay any changes to <name> [a company] o Finish systems matrix pricing o Get pricing on ISDN lines for Fishkill and Bayside It seems like this could possibly be distracting him from being "all he could be" at XXX XXXXXX XXXXXX. Mr. Busy requests the others to "check your email every few hours", and "do not leave before you talk to me". The email recipient is a Fred XXXXXXX, who works at PEI, "Tel: (718) nnn-nnnn, Fax: (718) nnn-nnnn". Another referenced person, "Gary", has the skills/job for making brochures. Gary has an email name of "xxxxxxx.xxxxxxxxxxx" at ISP ATT. He receives a copy of Mr. Busy's email via Fred, might work at PEI too. They also have a database programmer, possibly Fred. Enclosed trailing are the actual emails. Prepared by Guy on 10/30/96. ******************************************************************************* ******************************************************************************* ******************************************************************************* [final snip] :Date: Mon, 6 May 96 18:02:24 EDT :From: guy :To: tmig@sbi :Subject: Bob Brain report :Cc: <others> This is a report on the Internet traffic of Bob Brain. The Internet is a public wire, which Salomon is obligated to monitor for security/compliance reasons. Mr. Brain showed up on radar when he transferred out over 12,000 lines of source code which was extensively maintained by more than one Salomon person, to Merrill Lynch. His individual traffic (public Internet) was then pulled from backups. This is the summary report of what has been found. Prepared by Guy, 5/6/96. ##### ####### # # ####### ####### # # ####### ##### # # # # ## # # # ## # # # # # # # # # # # # # # # # # # # # # # # # ##### # # # # ##### # # # # # # # # # # # # # # # # # # ## # # # ## # # # ##### ####### # # # ####### # # # ##### #1 - Executive summary #2 - Brain admits he screws [SBI] around all the time #3 - His internal and external business activities #4 - The SYBASE-MODE source code transfers #5 - Why the source isn't PD even though he's labelled it PD. #6 - InterNic Registry Information for and #7 - One days WWW traffic snapshot from his personal WS poison. #8 - A Day in the Life: a full days traffic, excluding tons of XXX-support email #9 - Misc traffic # # # # # ## ####### # # # # # Executive summary ####### # # # # # # ##### These are the activities of Bob Brain that are forbidden: o Transmitted out a source extensively maintained at SBI expense. It is "productivity enhancing" software "SYBASE-MODE" lisp/emacs for production use by Sybase SAs. o Gave away these enhancements by labelling them Public Domain [PD], and mailing into competitors such as Merrill Lynch. o Has spent a LARGE amount of SBI time (inside SBI) working on his own WWW business. Still actively does this. o Transmitted a copyrighted script. # This script is a commercial product. Giving or selling it to anyone # is not permitted under any circumstances. o Spends time as "helpdesk" for his distribution of SYBASE-MODE. Furthermore, he has stated: o he would like to leave Salomon o would leave for half of his currently salary to work fulltime on his WWW business. His activities are clearly costly and detrimental to Salomon Brothers. # # ##### # # # # ####### # # # ##### Brain himself says Salomon allows him to ####### # spend a lot of time on his business venture. # # # # # ####### date: Wed, 17 Apr 1996 10:52:13 -0400 From: bob@tridenthead2 (Bob Brain nnn-nnnn) To: (Tom Trigger) subject: Re: Kruger? Trigger> If BTO didn't let you spend a lot of time working on your Trigger> own business, I'd have said leave ASAP. What a lousy place. Could I keep getting 30%+ raises at other places? I should really turn consultant. Yeah, I have it real easy now, plenty of time to work on my own business during the day. Great benefits here! [snip] @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Real-time shenanigans between Republic National Bank, Salomon Brothers, and Bob Brain's WWW business site over the Internet! : date: Tue, 30 Apr 1996 11:30:29 -0400 : From: bob@tridenthead2 (Bob Brain nnn-nnnn) : Subject: XXX Graphic Files : To: : : Bruno> I can't believe it: I made illicit entry into Barbara Garden's : Bruno> office (short skirts-high-heels-stockings) and grabbed a floppy : Bruno> with some graphic images we can use. : Bruno> Please install these into our WWW site. : : Made so. : : -Bob ********** end excerpt from 'Corruption at Salomon Brothers' ********** Here's one example of internal operations documentation being sucked out the Internet. And endless amount of this material left the firm. I caught Internal Audit alone transferring proprietary/confidential material three times. ********** begin excerpt from 'Corruption at Salomon Brothers' ********** ***************************************************************************** ***************************************************************************** ***************************************************************************** SECURITY INCIDENT REPORT, 8/25/96 --INTERNAL AUDIT: Fred Hamburger-- HOSTNAMES / USERNAMES / PASSWORDS SALOMON INTERNAL DOCUMENTATION --------------------------------- This is a security incident report regarding the Internet (a public wire) traffic of Salomon Brothers, which is monitored for security/compliance. Internal Audit member Fred Hamburger has repeatedly transferred passwords to Salomon systems over the unprotected Internet, one system is a Yield Book system, and also transferred a highly detailed internal document on 'EMERGING MARKETS DEBT WHOLE LOANS SUPPORT PROCEDURES' to an individual's external ISP (Internet) account. : ********************************* : Filename: Aug_22_96/dfAA09397 Size: 51729, Dated: Aug 22 15:25 : Sender: fhamburger@rocky : Recipient: : Subject: PSOPROC.DOC : **** UUencoding, Filename='PSOPROC.DOC' : : Some of the procedures you wanted information on are documented here. : : Fred. : ********************************* : : Microsoft Word 6.0 Document : Salomon Internal Audit#H:\AUDITOR\AB12345\WORD\PSOPROC.DOC : : EMERGING MARKETS DEBT WHOLE LOANS : SUPPORT PROCEDURES : : Fred Hamburger : : EMERGING MARKETS DEBT LDC LOANS : SUPPORT PROCEDURES : : I. CONFIRMATION : Introduction : : Trades in LDC loans are recorded by Traders on trade logs contemporaneously : with the telephone conversations actually executing the transactions. During : the day, these trade logs are passed to data input personnel, who then enter : the trades into AAAA. (AAAA is designed to support direct on-line entry by : Traders, but is not used in this manner on the Emerging Markets Desk.) : AAAA feeds BBBB at the end of day which in turn feeds relevant downstream : Salomon systems. AAAA also feeds the CCCC system, which is maintained as : a stand-alone second level sub-ledger that provides functionality and : records data not otherwise available. The first level sub-ledger on this : Desk is DDDD. : : PROCESSING : ---------- : : All transactions in AAAA should be confirmed orally with counterparties by : the end of trade date by checking to AAAA. All trades where AAAA and EEEE : require [final snip] It was a LONG "Salomon Internal Audit Division" document, highly detailed, including historical background info. This document could be damaging in the wrong hands. This looked like a Dumb-and-Dumber category transfer. ********** end excerpt from 'Corruption at Salomon Brothers' ********** ****************************************************************************** Five Months Statistics ---- ------ ---------- Okay, I think I've shown you enough security incidents for you to determine that this is a real thing. That I am not "full of hooey". Here is a summary of what I accomplished at Salomon while keyword monitoring. ********** begin excerpt from 'Corruption at Salomon Brothers' ********** Thread: Five Months Statistics ---- ------ ---------- I created and did the traffic analysis for five months before handing it off. The time includes a 2.5 month parallel run with the new person. The new person found only half the security incidents I did, but we handed off anyway. Summarizing my five months: o caught over 400,000 lines of Salomon proprietary source code outbound //////////////////////////////////////////////////////////////////////// // // // Copyright (C) 1994 Salomon Incorporated // // All Rights Reserved. Unpublished. // // // // This software is proprietary and confidential to Salomon Inc. // // and may not be duplicated, disclosed to third parties, or used // // for any purpose not expressly authorized by Salomon Inc. // // // // Any unauthorized use, duplication, or disclosure is prohibited // // by law and will result in prosecution. // // // //////////////////////////////////////////////////////////////////////// o Risk Management reports ("positions") caught outbound, including DRMS (Derivatives) going to someone who started working for Merrill Lynch o Risk Management reports inbound: Phibro positions [Salomon subsidiary] o Internal product documentation and trading desk procedures outbound o Many hostname/username/password transmissions for Salomon's internal systems o Many Sybase database passwords, including SA passwords o People working on their own businesses while within Salomon o Someone soliciting people for porno videos from Salomon o Phibro Chart of Accounts and internal accounting procedures o Year-end summary of lawsuits filed against subsidiary Basis Petroleum o Pirating of third-party copyright programs o Other firms' IUO (Internal Use Only) inbound o Our detailed systems inventory o Determined what PGP (encrypted) traffic was occurring. Among others, we had constant small traffic back-and-forth with Military contractor Rockwell. o Salomon's Official Restricted List being repeatedly transmitted outbound (list of securities Salomon can't purchase without a conflict of interest) o Unreleased Financing Summaries and unreleased IPO's: SEC violations o Internal Use Only documents o Trade confirmations o JobTalk hits concerning internal budget details by an SOO. o JobTalk hit of a resume of a risk management person who wanted to "explain how it works" here o Hundreds of router (security) configurations o 42,000 lines of OASYS data o router and bridge passwords o Hostname/username/password for unmonitored outbound ISDN access from Salomon o RadioMail: spotted that all the big cheeses who use it have all their highly sensitive email going out over the unprotected Internet, because we were too cheap to buy a transmitter, and so are forwarding all the email over the Internet to RadioMail's transmitter!!! o The key to one's financial life: Social Security numbers of Salomon retirees transmitted in/out the Internet. Names, birth dates, sex, life insurance amount, date of spouse's birth... o caught our proprietary infrastructure code running at JP Morgan ********** end excerpt from 'Corruption at Salomon Brothers' ********** have I done, to indicate how powerful keyword monitoring is? NSA employees would go to jail for ten years for describing the effectiveness of DICTIONARY's keyword monitoring. I am not an NSA employee. I wrote it myself. > P48, "Secret Power", by Nicky Hager > The best set of keywords for each subject category is worked out over time, > in part by experimentation. > > The staff sometimes trial a particular set of keywords for a period of time > and, if they find they are getting too much 'junk', they can change some > words to get a different selection of traffic. > > The Dictionary Manager administers the sets of keywords in the Dictionary > computers, adding, amending and deleting as required. > > This is the person who adds the new keyword for the watch list, deletes a > keyword from another because it is not triggering interesting messages, > or adds a 'but not *****' to a category because it has been receiving too > many irrelevant messages and a lot of them contain that word. Wow, people whose only job is to edit the keywords. What a cushy job! What I can imagine accomplishing with billions of dollars of support, instead of just little ol' me doing everything, is a truly nightmarish vision. There's more. ****************************************************************************** The FBI Investigations --- --- -------------- At the same time I was analyzing two Internet email feeds, I started a third. During the five months of monitoring at Salomon, I also ran the previous four months of Internet email (from the backups) through my analytics. I found plenty of stuff there too. Another major category of incidents: people in their last week at work. In most cases from the backups, the person had already left the firm. Even when they were still here: ********** begin excerpt from 'Corruption at Salomon Brothers' ********** ! 18,525 lines of proprietary YieldBook C source. ! The user is still here (voicemail answers). ! Sent to themselves, or a relative, into a college campus. ! This source is very Salomon-specific, and could not be useful ! to transmit offsite for "testing". ! It executes other programs in the YieldBook package tree, and ! needs a full setup of YieldBook to operate. ! ! Shall I do the secondary searches and an incident report? ! ---guy ! ! ********************************* ! Filename: Dec_21_95/dfAA19116 Size: 522186, Dated: Dec 21 1995 ! Sender: blort@bpann ! Recipient: ! ********************************* ********** end excerpt from 'Corruption at Salomon Brothers' ********** Nothing was done: I had completely overwhelmed Salomon Legal with security incidents, and many were ignored. In general, when you catch something in the backups, there are two choices: o Grin and bear it o File criminal or civil charges in court Two of the security incidents found in the backups qualified for criminal prosecution. One was a source for the Finance Desk Trading System [FDTS]. ********** begin excerpt from 'Corruption at Salomon Brothers' ********** >Date: Tue, 7 May 96 23:38:00 EDT >From: guy >To: vivian >Subject: Jan 26 1996 REDHOT >Cc: <others> Vivian, On Jan 26 1996: 18,184 lines of C++ source of something called "basis" for FDTS. Here was the radar hit: ********************************* Filename: Jan_26_96/dfAA05811 Size: 207496, Dated: Jan 26 08:30 Sender: apoo@snowball (Art Poo) Recipient: **** UUencoding, Filename='b.Z' Your Excellency, Make this floopy-bound. Bring it to esi this evening. Thank you. begin 600 b.Z ********************************* Mr. Poo no longer seems to be with us. His id is gone from his system, and someone else has his phone number. It's an api that accesses some sort of indexed info, creates some sort of report, is an X-windows deal. I found the name of the recipient: ********************************************************************** NAME XXXXXXXXXXXXXX Oracle / NewsCorp Online Ventures TITLE XXXXXXXXXXXXXXXXXXXXX AAAAAAAAAAAAAAAAAAAAAAAAAAAAA XXXXXXXXXXXXXXXXXXXXX (212)-nnn-nnnn (nnn)-nnn-nnnn ********************************************************************** ...and the recipient confirmed delivery. That was kind of him. #of lines sourcefile 49 basis/include/AlphaIOField.h 49 basis/include/AlphaNumIOField.h 82 basis/include/AmountFormat.h 47 basis/include/AmtQtyEntryPad.h 38 basis/include/AppSessionMessage.h 292 basis/include/AppUI.h 71 basis/include/Customization.h [large snip here] 131 basis/include/Date.h 77 basis/include/DateEntryPad.h 54 basis/include/DateIOField.h 33 basis/include/DefaultButton.h 63 basis/include/DocLayout.h 1144 basis/lib/base/ 398 basis/lib/base/ 157 basis/lib/base/ 136 basis/lib/base/ 18184 total His last day was XXXXXX 1996. His new job and responsibilities: > Project management of a new XXXXX project is what I'll be > doing at XXXXX XXXXX (a bank from <country> ranked in the top 20). > I'll start by consulting ($$/hour plus 1.5*OT) for TTTTTTTT. > After that we talk about them invoking their right-to-hire clause. > I might make VP. The project is great inasmuch as I'm starting it > from scratch; it's not only not burdened by legacy code, but I > can even pick the hardware. I'm "up" but also worried about the > responsibility. > > The application is X risk analysis and XX for investors. It connects > to a front end for a trading system. > > I put a lot of working into talking my new boss into me giving the > normal 2 weeks notice at Salomon (they wanted me yesterday), because > my current project is nearing a critical point. But my Salomon boss > said just do a handoff now and leave. > > I am upset. I was trying to be professional. Boy, email is one cheap detective! Anyway, that seems the full scoop. ---guy ********** end excerpt from 'Corruption at Salomon Brothers' ********** Notice my 'Boy, email is one cheap detective!' observation; Legal had talked about hiring a private investigator prior to that. The "perp" not only named his new job, he gave his full job description, pay rates, and his personal thoughts on matters. The case was accepted by NYC Assistant US Prosecutor Jeremy Temkin - the person assigned the Citibank wire-transfer theft. He said they never figured out who the inside person was. The interesting thing was that it turns out the people who investigate for the US attorneys are FBI agents. Every meeting we had included a couple FBI agents taking notes and turns questioning. The nice FBI personnel I dealt with were from the New York Computer Crime Squad. Special Agents Steven N. Garfinkel and David P. Marziliano. This posting isn't about the many good FBI and other law enforcement people. Sorry. The other FBI case involved transfer of Salomon technology to the ISP account of an employee who had accepted another job, but hadn't yet notified Salomon. They mailed home to themselves Salomon's Risk Management financial code. The Salomon Managing Director in charge was not amused. The ex-Salomon person had transferred it to their home ISP account, and started working for Jefferies Securities. I found this transfer to Jefferies Securities in the backups too: ********** begin excerpt from 'Corruption at Salomon Brothers' ********** Dumb-and-Dumber incident: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Sender: date: 28 Feb 96 8:14:56 EDT subject: Greetings! Recipient: Drake. Favor time! I need documentation on application packaging (FOR DUMB PEOPLE). Yeah, I know you taught me it already, but I've forgotten it all. I need to roll out packaging mechanisms here at Jefferies. I really miss all the infrastructure mechanisms I took for granted at Salomon. ********** end excerpt from 'Corruption at Salomon Brothers' ********** That document was labelled as Salomon proprietary on each page. The FBI got search warrants and went into Jefferies and took control of a couple systems, and went home with the Ex-Salomon person and searched there and took his computer systems. [The case is still pending @6/97] The code is simple. It's choosing the keyword filtration sequence that's tricky. I figured out how to determine it in an almost systemic way. Oddly enough, I needed no keywords for specifically seeking out source code. So, keyword monitoring is highly effective, I could even cover three feeds, and, sigh, I should mention that it took well less than 5000 lines of programming source code for me to implement it. And I generated two FBI cases. [ Think of what could happen should the FBI get its implementation of the CALEA bill. They could go nuts, and say "see, that proves we need to monitor thousands of phone calls simultaneously". And into the abyss we go. There would be no place to hide from the government, even for lawful peaceful political protest. Domestic ECHELON must be physically disabled. ] There's more. ****************************************************************************** I Can See What You Are Thinking - --- --- ---- --- --- -------- In the complaint, I breathlessly described being able to see more than just dry security incidents. The point was germane to my analysis that one of the reasons the corrupt member of Salomon's Internal Audit department could seemingly not be punished by anyone was that his job as financial traffic analysis person made him privy to the most damaging unreported SEC violations that anyone at Salomon would know about. If you spot criminal behavior, it is a very personal thing to the employee. ********** begin excerpt from 'Corruption at Salomon Brothers' ********** : I could see not only regular security incidents, but also who was queer, : what your medical ailments are, whether you were looking for another job, : where you lived, who you screwed, what you did on your off hours... ********** end excerpt from 'Corruption at Salomon Brothers' ********** One can see personal things, and the government often acts like a psychological terrorist. It doesn't matter which party has the presidency. What could I see? : from male@company : I am hung like a dragon. Wait, I'll get to that stuff. Here is an example of a "resume hit" report. I had created an analytic to spot (among other things) people leaving the firm... ***************** BEGIN OF JOBTALK EXCERPT ******************************* ****************************************************************************** ****************************************************************************** ****************************************************************************** This report concerns Internet public wire traffic. Internet traffic is monitored for security and compliance purposes. ---------------------- JobTalk Report N/NN/NN ---------------------- Standard description: JobTalk is the miscellaneous feedback report. Usually no direct sender/recipient action is taken. This JobTalk Report is dedicated to "resume hits", or people who in one fashion or another indicate they are or might leave the Firm. The last entry, "Firstname Lastname #13" is a "Security Incident Light" because he is leaving the firm and has started to transmit code he has labelled "Copyright Firstname Lastname #13" out of the Firm. Notify his manager... The people are: Firstname Lastname #1 Firstname Lastname #2 Firstname Lastname #3 Firstname Lastname #4 Firstname Lastname #5 Firstname Lastname #6 Firstname Lastname #7 Firstname Lastname #8 Firstname Lastname #9 Firstname Lastname #10 Firstname Lastname #11 Firstname Lastname #12 Firstname Lastname #13 Prepared by Guy on N/NN/NN. ****************************************************************************** ****************************************************************************** ****************************************************************************** Person #1 : @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ : File: <snip> Size: 1,893 Date: N/NN/NN : from <Mary lastname> : rcpt <Cathy lastname> : Subject: re: fw: humor -forwarded -reply : Hey Cathy- : Okay so far. I'm thinking of changing my job. I'm interviewing with : Morgan Stanley soon. : [snip] : miss you, : Mary : @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ : File: <snip> Size: 1,968 Date: N/NN/NN : from <Mary lastname> : rcpt <Cathy lastname> : Subject: re: ? : You're doing fine I'll bet. Myself: I am going to switch jobs again. : A better offer was given to me by Morgan Stanley, and I'm contemplating : it. Currently, I've been moved in with my boss. It sucks. Person #2 : @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ : File: <snip> Size: 45,214 Date: N/NN/NN : from <Bob@company> : rcpt <> : Subject: Contracts : Hello, : This mail address was given to me by Fred McChat who has started work : at Swift. I'm sending my friend's CV in addition to my own. : Please give me a call to talk about this on 0171 555 1212 or : 0171 555 1213 after work hours. : Thank you, : Bob XXX : the following is an attached file item from cc:mail. it contains : information which had to be encoded to insure successful transmission : through various mail systems. to decode the file use the uudecode : program. : --------------------------------- cut here --------------------------------- : begin 644 resume.doc : @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Person #3 : @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ : File: <snip> Size: 5,159 Date: N/NN/NN : from <female@company> : rcpt <Dick@outside> : Subject: la la la la la : : Update on my job search: I have a second interview with Fidelity on : Thursday, to talk about becoming specialist's assistant on the Boston : Stock Exchange. I have other interviews scheduled next week too. : The Fidelity job allows me to complete my education as a trader. : Being a specialist is actually the ultimate in listed trading. : I feel I am close to something good. : @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ [etc] ***************** END OF JOBTALK EXCERPT ********************************* A lot of people use company systems to hunt for another job; for example, using, emailing their resume, etc. Anyone giving a clear indication they were looking for another job I called in "resume condition". When it is a risk management person saying he "wants to explain how it works here", I write it up as a security incident. It was extremely rare for a company to use a resume report for anything. However, there is no description of what to do for any given variation of this report, so... When a team of people sent their resumes to a business, including that of a Managing Director, some discreet calls were made to see if we were losing a whole department. (No, it was for a joint business deal.) ---- * The Puzzle Palace, Author James Bamford, 1983 revision, p459 * * When searching for derogatory references to President Richard M. Nixon * [ "I had no prior knowledge of the Watergate break-in," said President * Nixon looking straight at the camera on a national television address, * "It's that simple." ], for example, technicians would have to program * a variety of keywords, such as "Tricky Dicky." This, according to the * former NSA G Group chief, would be converted to 'ky----ky." * * Should this selection process still produce a considerable amount of * traffic, the data could then undergo 'secondary testing', such as the * addition of the words "New York," to reduce the number. You may wonder what keywords excel at picking up "resume condition" traffic. You want the truth? YOU CAN'T HANDLE THE TRUTH Just kidding. That was Jack Nickelson speaking for the NSA. Here is how it is done: o Select all traffic. o Exclude commonplace traffic, such as mailing lists. example: FROM <> This is done by selecting keywords that match against the routing information in the email header: who it came from, who it is going to. The phone analogy is recipient and originating phone numbers. This cuts down on "noise". "Secret Power" gave examples of this too. o Search all traffic for a set of keywords that are found (tuned) over time to have the best results. SOME of the ones I used: first day last day resign new job resume interview drug test It's ironic that drug testing of employees is so wide-spread that it can be used to pick out people looking for new jobs. o Further exclusion logic (keywords) to isolate the meaning of the keyword 'resume' to mean job history. Also, UK people say 'CV'. Example: do NOT allow a sentence fragment like 'resume playing' to trigger "resume condition" inclusion. That's how it is done. I then sit at a terminal and page through a summary of the results, looking for 'hits'. That's how DICTIONARY works too. * The Puzzle Palace, Author James Bamford, 1983 revision * * P496-497: You would put in a whole slew of keywords. * You flip through the results. And it's damn effective. I could pick needles out of a haystack. I could find a 16-line Risk Management report in Salomon's daily 150-230 megabytes of Internet email traffic. It took only one word: 'risk', and lots of exclusion logic, because the word is used lots. I had never seen that format of risk report before. It was incoming too. It sure didn't look like much, but... The head of Risk Management at Salomon Brothers (real name) replied: * From bookstaber@sbi Wed Jun 19 03:27:55 1996 * Date: Wed, 19 Jun 96 03:27:40 EDT * To: guy@doppelganger * Subject: Re: Risk Mgmt Report? * From: bookstaber@sbi (Richard Bookstaber) * * This is proprietary risk/position information. * Please let me know the circumstances -- who was sending it to whom. * * Is it intrafirm, or was it going to someone outside of the firm? * * I am in London now, but will check my e-mail. So, that's spotting one email due to one word out of say 200,000,000 characters. Set it up, push a button, check search results. I picked up so many people in 'resume condition' at Salomon, they ended up saying they didn't need that report: "We know current conditions." * "Secret Power", by Nicky Hager * * P125 The main computer systems are UNIX-based. So is my code!!! Runs under SunOS/Solaris UNIX on a Sun Microsystems SPARC 5 or SPARC 10. Small world, in so many ways, ain't it? : ---------:---------:---------:---------:---------:---------:---------:---- : Timothy C. May | Crypto Anarchy: encryption, digital money, : 408-728-0152 | anonymous networks, digital pseudonyms, zero : W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, : Higher Power: 2^1398269 | black markets, collapse of governments. : "National borders aren't even speed bumps on the information superhighway." If you put the same fixed text in your traffic to trigger "noise" pickup: it is put into the exclusion logic. Don't bother. Of course, if you are Cypherpunk Tim May (or his wife), all your traffic --- including phone calls --- gets its own daily summary file regardless of content. That's what I did (for company Internet traffic) when activities made it prudent to put someone on the individual 'watch list'. (For example, "Bob Brain".) ---- Then there was a manager under heavy stress, who was pissed at top management, knew his department had a good chance of getting cut in the next several months, then the talk turned to guns... This was a very long diatribe; only a little is shown here because I got tired re-writing the words so it's not literally their traffic anymore. In email he sounded like a major flake. In person he sounded normal. ***************** BEGIN OF JOBTALK EXCERPT ******************************* An oddity: a Xxxxx Yyyyyyy is getting stressed out by his area's upcoming personnel cuts; he's made a presentation to Mr. Cheese for project ideas that might avoid him being cut. This stress is normal, but suddenly talk about him being a gun-nut came up. It doesn't appear to be a problem, but I thought I'd let y'all decide for yourselves. ---guy > First, I am having a real bad day. I am dealing with it well though. > In fact I admire myself for it. In the past several weeks I've begun > to respect myself highly for putting up with all the obstacles and > bullshit I run into EVERY*FUCKING*DAY. 99% of all other people don't > have my strength and will. Which is why people fear me or find me > threatening. > > I've got an employee who is a totally useless shit, whines, talks > about me when I'm not there, stabs me in the back, etc. I should > have fired him when I had the chance. > [snip] > Upper management is like a den of vipers. > [snip] > Don't bring up guns again at a party. Most people here in NY are > fucking liberals and would throw the rest of us in deep dungeons. > Everytime I've said I'm pro-gun I'm treated like a criminal even > though I LEGALLY own one. ***************** END OF JOBTALK EXCERPT ********************************* There was lots and lots of drinking/sex traffic. : Did I tell you I slept with Fred on Christmas Eve!!! : : After work we had a couple bottles of red wine, and went to the karoke pub!! : Anyway, after spending the evening there, I was hammered. I drank tons. : After the last dance he dragged me outside and was trying to shag me : against a car!!! I wasn't too impressed by that. : : I can't resist him though. We went to his friends house and the next thing : I remember is waking up naked in bed with him!!! : It's okay if your e-mails are shorter than mine. Size is important, : and you TOTALLY pass THAT test, however, size of e-mails does not count. > I can't wait for this evening! I really hope I can lick your pussy > during the commute home. ;-) > I love eating you!!! > I have a hard-on right now! > umm, umm, your breasts and whipped cream... One time I got curious enough to ask someone about them sending sexually explicit traffic in the clear across the Internet. It was someone using a back-and-forth style; one person does a few paragraphs of a hot and heavy scenario between themselves and the other person. The other person then picks up the thread for several more paragraphs... I emailed the person, explained I was Internet security for the firm, and said I should point out that while he was free to send these emails, I wanted to warn him that traffic on the Internet can be scanned by gawd knows who, and it might be possible for him to get embarrassed by it. He emailed back and asked what I thought the chances of that happening were. I said low. Three days later they started their steamy traffic again. Over months of time, one can accumulate an extended amount of information about people by their traffic. Very personal information. In fact, you don't even have to send email to have personal items about you disclosed. Just having an email address on your business card can do it. Like when someone who sounded like a college girl who was a friend of their family wrote to a very senior management person about a condition and whether it was going to require surgery. * P42 "Secret Power" by Nicky Hager * * The strange feeling of reading other people's private communications has * long worn off and the contents are generally routine. True, although some emails are hysterical. [The names are unchanged this time] > This came from a 23-year-old stud in our ABC department. --guy > > I have a great NY story to tell you. This past Thursday "The Associate" > starring Whoopi Goldberg premiered. Afterwards I went to the party where > I met an okay looking girl with a smokin' body. To shorten the story, we > go to her place at 60th St. between Park and Lex. All night she kept > bugging me about not having any idea who she was. So right when we're > getting naked she finally tells me: she is Kurt Russel's little sister. > Of course I thought she was pulling my leg, but she pulls a photo book > out and sure enough, she is Kurt Russel's little sister! I got her phone > number, but boy she is a big LOSER. This email didn't contain his age, yet I knew it and many other things about him simply from collecting them over time. I had no special need to do so, but found it could add important detail to a security incident report. As previously shown, for an incident report on someone working on their own job within the firm I compared the capabilities of the code he sent out to his own job description which he transmitted in his resume many months prior. Why waste information that's just flying by for the taking? Care for a fun conspiracy theory? If I were pro-ECHELON, I would monitor all the Senators and ALL their staff AND all their families. That's just to start. I would also monitor ALL up-and-coming politicians. You never know when you're going to need to squeeze some support out of them. Has Bill Clinton been compromised by NSA ECHELON monitoring? * "The Secret War Against the Jews", Authors: John Loftus and Mark Aarons * * A large number of American candidates for public office have been placed * under electronic surveillance by British intelligence officers sitting * at their "temporary listening post" at Fort Meade. * * An admittedly secondhand source insists that the British eavesdroppers * were the source of the 1992 campaign stories that presidential candidate * Clinton had expressed pro-Soviet views while a student in London. * * Young Clinton's remarks were nothing more than an ambiguous comparison * of Soviet and American efforts for peace in Vietnam, fairly innocent at * the time. * * Because the wiretap itself could not be disclosed, it set off a scurry * of searching through archives on both sides of the Atlantic for any * incriminating documents. There was none, and in short order the British * smear campaign died of its own weight. * * It is time the Congress and the public realize that in the age of * computers, microwaves, and satellites, we are all Jews. Have all key politicians been compromised, whether they even know it yet? (Suddenly some people are trying to think back to whether they ever said something in private they would greatly regret being made public: that would be 99.9% of all telephone users. Too late.) ECHELON is infinitely abusable, and has been repeatedly abused. Our phone conversations are too personal, too unguarded. About four years ago my phone rang. It wasn't the normal ring, more of a couple dings. I picked up and could hear someone talking in addition to hearing my dial-tone. I pushed a digit now and then to get rid of the dial tone and keep the line open while I listened. It was a daughter relating a story to her mother about how she had managed to let herself have sex with one of her two roommates. With another girl. And that it has caused complications in the living arrangements. It turned out her mother was homosexual too. (technically bi-sexual) It was a fascinating conversation on my phone line. When it was over, I called my own number from another of my lines and told her she'd better contact the phone company! She indicated she lived several blocks away from where I lived: it was a true phone company foobar. Phone conversations reveal our inner selves. ****************************************************************************** Why I Monitor --- - ------- Why do I feel companies should monitor their Internet traffic, but the Government shouldn't monitor me and everyone else? > Salomon is a "computer-based" firm. > > Any connections between Salomon's internal network and the outside world > exposes Salomon to a potential number of problems. > > One of the largest data pipelines in and out of Salomon are its Internet > connections. > > Therefore it is also a large security problem, which must be managed. > [snip] > > The terminology "email monitoring" has a Big-Brother ring to it. > > But monitor it we must - there is no choice. > > It connects all of our inside systems to all of outside. > > And it is the Internet ("public wire") traffic going in/out of Salomon > we are checking - not internal email. > > The security rule for Internet traffic is "don't send anything you > wouldn't want to read about in tomorrow's newspaper". I think it's pretty obvious why company traffic involving company systems is monitored. After all, companies aren't democracies. Finally, I should point out that all the people at both sites were told repeatedly that Internet email was being monitored; this includes all traffic picked up by my JobTalk analytic: > Salomon site. > > All sites start out with the employment contract stating unequivocally > that the systems are the company's and are to be used only for work > purposes. And that they are subject to inspection. You signed it. > > Salomon's goes further by stating the firm's computer systems may be > audited and that they have the right to do so even if you have put > personal information on the system. > > After the first couple of months of security incidents at Salomon, > they began issuing global email broadcasts saying that a new security > package "Internet Risk Management: email facility" had been installed, > and that Internet email traffic was actively being monitored. > > They did so again and again. > > I think they sent out a memo to everyone too. > > Security incidents NEVER stopped. > > Major violations occurred again and again and again and again... > > I have come to realize that the number of security incidents a firm > has is not related to how often they warn their employees not to send > proprietary/confidential information out via email. > > The number of security incidents is a function of the number of employees. > > If you are a big computer-based firm (banks, brokerage, insurance etc), > then you are guaranteed to have a huge amount of proprietary/confidential > files flowing out of your Internet connection via email. > > Even if you tell them again and again that it is monitored and they will > be fired for misuse. > > Even if you fire people. > > Even if you prosecute them. > > It appears to be just like the general population and regular crime. > > All sites' management expressed confidence that repeated warnings and > firings would soon stop the proprietary/confidential transfers. > > It turned out to be like saying if we have a slew of laws against > crime and throw many people in prison, crime will soon stop. > > Well, it sounded reasonable when the managers said it about warning people > email was being monitored and firing people. > > Even I was amazed at how wrong they were. > > That it didn't slack off (for more than two weeks) after warning people > again and again. Remember the Bob Brain report? Here's another slice: > Note that this email occurred days after Brain's area had been > notified that their traffic was being watched. > > date: Wed, 24 Apr 1996 15:55:42 -0400 > From: Bob Brain nnn-nnnn <bob@poison> > To: <Harvard female> > > We were notified today in a firm-wide memo that our email going in/out > the Internet is now being monitored. Big brother has arrived. > > > Sender: bob@tridenthead2 > date: Fri, 26 Apr 1996 18:04:48 -0400 > From: bob@tridenthead2 (Bob Brain nnn-nnnn) > Recipient: > > I've been thinking about it for a while, and I'm pretty sure I'm going > to resign at Salomon shortly. > > A couple more big clients for our WWW site and even though it's less > than half of my current income, I'll finally be able to devote myself > full-time to the business. Yeah! > > F*** that would be awesome (pardon my language). Remember the person the FBI was investigating for theft of Risk Management source code? His manager told him and all the other employees in their group that their email was being monitored. The manager told both me, Salomon Legal, and the U.S. Attorney and the two FBI agents this. Go figure. I call this Internet-is-irresistible siren call: "Internet Fever". When it comes to ECHELON, it was never discussed with the American people. We never had a chance to vote on it. It was done in secret. It is done in secret. When you lift up the phone, you don't hear a message warning you that the NSA is monitoring it. But they are. "Anytime, anywhere" is their motto. ***************************************************************************** On Being Monitored -- ----- --------- On being black. African-Americans are a heavily monitored group. * "Above the Law", by David Burnham, ISBN 0-684-80699-1, 1996 * * Even while Lyndon Johnson fought for far-reaching civil rights * legislation and spoke out against racism and government eavesdropping, * the Johnson White House created a special squad of FBI agents to place * wiretaps and bugs on most of the African Americans who came to Atlantic * City during the 1964 Democratic convention. ---- A while back, I saw a black ex-police officer take a camera with him in a car in LA at night. This was somewhere around the time of the Rodney King beating. I was watching C-SPAN. Some sort of police officers association meeting... It was amazing how often he was pulled over, and the cheesy reasons the officers gave. "Your tail light was broken" He got out with the camera still on, showed the tail light was fine, and asked the officer what he was talking about. "Oh, you're right. Sorry." He was pulled over again and again and again. ---- The New Jersey State Police admitted they were targeting black drivers. Pulling them over, and searching their vehicles inch-by-inch. ---- * The New York Times, December 14, 1995, Philadelphia, Pennsylvania * * Six officers - five whites and one Asian-American - have plead guilty * to corruption charges, including illegal searches, lying under oath * and planting false evidence. * * The guilty pleas have led to a review of more than 1,600 arrests of * mostly black and Hispanic suspects that were made by the officers * from 1987 to 1994. * * Fifty-six convictions have already been overturned. ---- * The New York Times, November 26, 1995 * "Several Blacks Sue Beverly Hills, Asserting Bias by the Police" * by Kenneth B. Noble * * Saying they had been victims of a callous police force, six blacks * filed suit this week against the City of Beverly Hills, including * the Police Chief and the Mayor. * * The plaintiffs include a handyman at a local church and the mother * of two young boys, all of whom say they or their families were * singled out because of their race. * * The handyman who works at an Episcopal church here, said that on * one occasion he pulled into a parking lot and a police officer * stopped him, pointed a gun at his head, called him a derogatory * name and warned, "If you move, I'll shoot you." The handyman * said he had been unlawfully stopped, harassed and interrogated * by the police eight times since he started working there. * * Another plaintiff, the co-captain of the Beverly Hills High School * football team, asserted that he had been pulled over at least 20 * times in the last 18 months. * * The Mayor and Police Chief were named in the suit because they had * ignored numerous written and oral complaints of mistreatment. ---- Think Rodney King was an isolated event? * The New York Times, May 13, 1997, snipped * "Police Chief Says Officers Violated Policy in Beating", by Kevin Sack * * Atlanta's police chief concedes the videotaped beating of an African- * American shows it violated departmental rules. * * Timmie Sinclair, 27, is a black Atlantan. Five officers surrounded him * and one Sergeant "repeatedly bludgeoned with a baton" Mr. Sinclair while * he was being handcuffed, and at least once while the other officers held * him down on the ground. * * Mr. Sinclair was trying to fill a prescription for his sick child, * became confused by all the roadblocks the Atlanta police setup for * the annual "Black College Spring Break" weekend, and was attacked * by the police for trying to get back on the Interstate highway. * * Mr Sinclair's wife and two children were in his car with him. Think that would have happened to a white family during this annual Black College Spring Break 'Freaknick' police coverage? The police also illegally ordered the videotaper to stop taping. ---- Recently on ABC Primetime live, they wired for video and sound a nice car owned by the father of the black son who drove it, with another black friend. BTW, picture yourself being a black citizen to try and appreciate this. Picture yourself as the monitored group. Shortly after starting out, they were pulled over by police for a search. Not one, but two squad cars came to do the search. Because they crossed lanes while going through an intersection. If you are white, when was the last time two squad cars searched your vehicle inch-by-inch because you crossed lanes while passing through an intersection? Never happened to me. The police were recorded saying a container they found "probably had drugs" in it. It was a make-up container. [All you little people are probably guilty] When ABC asked the police chief later why they were pulled over, he said for crossing lanes while going through an intersection. ABC's cameras then showed cars doing that constantly at the same intersection. They said they counted hundreds the same night. The police chief then tacitly admitted they were pulling over black people on purpose. ---- [ Yes, I am aware of the cocaine/crack sentencing discrimination. ] You monitor any group real close, you'll get many arrests. The implications of heavy monitoring are serious. * Jan 30 1997, The New York Times, page A12 * * Blacks make up 51 percent of the 1.1 million inmates in state and * Federal prisons, the Sentencing Project study said, though * blacks are only 14 percent of the nation's population. * * Of a total voting age population of 10.4 million black men nationwide, * an estimated 1.46 million have lost the right to vote [as a result]. Wow. This highly focused monitoring of blacks should be way illegal. Blacks make up 14% of our U.S. population. Blacks make up 51% of our prison population. Never forget what it means to be heavily monitored: there is no place to hide. Noone is an angel. Are you? What's in store next for black Americans? # "This Modern World", by Tom Tomorrow [political cartoon, in NYT] # # Biff: You know why we should eliminate welfare, Wanda? # It's been A COMPLETE FAILURE! # After all -- there ARE STILL POOR PEOPLE! # # Wanda: Hey, good thinking Biff! # And while we're at it, why don't we eliminate the FIRE DEPARTMENT? # After all -- there ARE STILL FIRES! # And talk about FAILURES -- what about the MEDICAL INDUSTRY? # Why, there are still SICK PEOPLE everywhere you look! # # Wanda: And why don't we shut down the POLICE DEPARTMENT as well -- # since there are STILL CRIMINALS! # For that matter, why have any laws at all? # People still BREAK them ALL THE TIME. # # Biff: Look, it made sense when Rush said it. # # Wanda: I'm sure it did, sweetheart. # Say, shouldn't his show be cancelled? # After all -- there are STILL LIBERALS... * "Can Unemployment Fall Further Without Setting Off Inflation?" * By Richard W. Stevenson, The New York Times, September 7, 1996 * * Six percent unemployment of the able-bodied population is the point where * the Federal Reserve Board usually kicks in to raise interest rates. [the * presidential campaigns are in their final stages between Dole and Clinton * at this time] * * The Federal Reserve Board is expected to raise interest rates now that * unemployment has reached 5.1 percent, so that the number of unemployed * people will go up. * * SEVEN MILLION PEOPLE ARE CURRENTLY UNEMPLOYED. # Tom Tomorrow # # Since the time in the 1970s when President Nixon ordered a nationwide # salary freeze to combat inflation, the Federal Reserve Board has # manipulated interest rates so that approximately 5 to 6 million people # are purposely kept unemployed at any given time. What??? You mean the government purposely keeps millions and millions and millions of people unemployed at any given time, yet put time limits on welfare? I don't recall hearing that in the public debate. Question: What will poor people who can't get jobs do when their welfare runs out? Keeping in mind that the government purposely keeps approximately 5 to 6 million people unemployed. Answer: Increasing crime, increasing tension and conflict with police departments, some rioting, and politicians banging the Drum of War to take stronger police and monitoring actions. "Law & Order" Stronger police action mainly against black people. ---- This monitoring discrimination of blacks is demonstratedly nationwide. Therefore, it is also a smoking gun for arguing for retention of affirmative action programs. You don't really think it's just law enforcement, do you? ---- : "Lock 'em Up", The Washington Post, 5/19/96 : : Harvard economist Richard Freeman thinks it's ironic that proportionally : more people are in jail in the Land of the Free than in any other nation : on Earth. The U.S.A. has FIVE TIMES the incarceration rate as the United : Kingdom, Germany or France. : : Freeman says that prison is emerging as America's answer to the "reduced : demand for less-skilled male workers." European countries deal with unem- : ployable guys by putting them on the dole, he says. : : In this country, we throw them in jail after they commit a crime to survive. ---- Factoid: poor black households' telephone usage is dramatically different from other groups and can be picked out statistically using just the time, length, and number of calls per telephone. [ page 61, "The Rise of the Computer State", David Burnham, 1984 ] The Los Angelos Police said they kept beating Rodney King while he was rolling around in pain on the ground was because he wasn't following orders AND they thought he was on PCP. [What???] "The only thing Rodney King was guilty of was resisting slaughter" ---Jimmy Breslin ---- July 1st, 1997, News 4 NBC TV NYC: Police Commissioner Bratton says an officer who shot a black youth dead---in the back---violated no departmental rules because he thought the youth was going to turn and shoot him. A grand jury fails to indict the officer, during a secret presentation by prosecutors. Preventative shootings are now legal. ****************************************************************************** I have tried to show you: o the power of high-traffic computer monitoring o what happens to a group of people who are closely monitored by law enforcement Congress and CALEA are leading us into the 21st Penitentiary.