Untitled Document

About the op911 news. We review technology that deals with emergency operations. Our readers include law enforcement, intelligence, information technologists, op-sec, fire response, bomb squads, swat, and other first responders. Op911 and www.op911.net is published by Hitech LLC., an independent media company that specializes in print and web based readership. Op911describes emerging technologies, new tools and analyzes their commercial, economic, social, and political impact. All contents copyright 2006, Hitech LLC. Email suggestions or comments to ops@op911.net

February 25-28, 2007
The Intelligence Support Systems for Lawful Interception, Cyber Investigations and Intelligence Conference and Expo is the world’s largest gathering of telecommunications service providers, government intercept policy makers, law enforcement agents, investigative analysts, prosecutors and vendors addressing lawful interception issues and solutions. Now that most nations of the world require lawful interception support of VoIP and other IP-based services, ISS World Dubai is a must attend event.

March 20-22, 2007
Attend the only government centric event where cutting-edge technology products, services and solutions are presented to the government community together with engaging education sessions.

August 19-23, 2006
The academic program covers all aspects of cryptology. The science of cryptography.

Op911.Net Staff
Concept and idea
Rod Deluhery

Executive producer
Betty Jimenez

Editors
Susan Fitzgerald
Bob Hogue
Gary Helbrink “the radio man”

Printing and design by
West Koast Graphics

Publication and distribution services by
Hitech LLC.

Training as we all know is something that can’t be overlooked but sometimes is. How do you get your people trained in the most cost effective manner?

An effective technique to stretch your training dollars is to “train a trainer” in your organization. This person would be a subject matter expert (SME, or sometimes also called Smart Mouth Engineer!). The SME would have the knowledge of the subject and understanding of your organizations needs.

How does this work out? Most of the time, it works surprisingly well. What are some of the downsides? There really are none. Some staff may scoff at the fact that there is no “real training” given by the company that makes the product or service. But in the end, training is training. Train the trainer scenarios can save on travel costs as well, which is sometimes more expensive than the “free training” given in the remote town of Minnesota.

From an operational point of view, “train the trainer” scenarios make business sense. As a manager or department head, you must clearly understand the implications of any decision to “train or not to train”.
Without training, there is the downside of higher operational costs in operations. Less effective operations is usually the result. The peacekeepers, commanders, warfighters, and contractors all need training. Why? Operational effectiveness, increased information sharing, assured metrics, and achieved interoperability. Train the trainer is one way to create the knowledge needed with less costs.

Perishable knowledge
The trend to simplify complex technology is going to continue. Just because it seems simple, doesn’t mean people don’t need at least an introduction to the operation or new procedure. Also don’t forget re-training. Especially critical systems or procedures that are not used often are candidates for training. All knowledge is perishable, and must be refreshed and restocked now and then.

Easy to learn!
Many things are advertised or discussed as “no brainer” or just “play with it” procedures. In my humble opinion, such simplification does not mean you can skimp on training. So called “simple procedures” that are not used on a daily basis are often difficult to remember under stress. In the emergency where you really need to use it, you may not be able to let it be taken for granted that someone will remember the “simple procedure”.

Training costs are sometimes capital expenses, especially if they involve creating a training center or training room. Basically it’s understood that one way or the other, you can’t skimp on training. You pay either in capex or opex. Operational expenditures (opex) will climb if your staff does not understand how to most effectively work.

How do you cut steel in an emergency? You can cut it, or burn through it. Those are your options. Well sometimes you can bend it, crush it or smash it. The tools of choice are the “Jaws of life” for most emergency operations. This tool can separate and cut through steel to free trapped motorists, airliner, or any other machine likely to trap a person. Hydraulic cutters or jacks can’t do everything. To get through large sheets of metal, giant structural steel, or other giant metal objects you need a torch. What is a emergency tech supposed to do? Enter the world of thermic lances! These specialized thermal cutters blast through steel like butter. They use oxygen and a fuel to burn through steel quickly.

The Airegroup makes this “gasoline” cutter. It is a viable option for anyone needed a portable tool that can cut through almost any metal structure or vehicle. It is powered by unleaded fuel! Yes, normal motor gas is combined with oxygen ( provided in a tank) to cut through steel. And it’s all contained in a backpack that can be carried easily. How awesome is that?

The liquid gasoline is delivered to the torch and supposedly safer than an oxyacetylene torch. The liquid also cools the torch and prevents possible backfires.

Is this the best tool for the job?
All emergency tools should have a role. Use a thermic lance or such to cut steel. Use a different tool to cut through rope or seat belts. Large timber to cut and or a tree limb? That should be a no brainer.

On the scene of an emergency there should be little time wasted in choosing what tool to use for common problems. Test scenarios should help your staff know what tool to use for every job.

Check out the airegroups gasoline cutter on the link below.

http://www.airegroup.com/Products.asp?prodtitle=127

WiFi is huge. If you are know anything about wifi, or 802.11 wireless, you that more people are using it everyday. You know that every neighborhood now has wireless. You know that so many people have wifi now, that you could always use your neighbors if you forget to pay your bill. You have probably seen the number of local wifi access points double or triple. The density is so high now that the number of radios and people moving data now causes problems. There can only be a set amount of active access points on the same frequency. Yet there are no restrictions or licensing of this spectrum, and so there is “wifi pollution” in many landscapes.. It is common problem now in suburban environments that 802.11 becomes very slow, even slower than a 56k modem or air-card because of radio congestion. If you didn’t know, 802.11b or 802.11g only has three(3) distinct channels to operate. Only channels 1, 6 and 10 have no overlap. Though they have 10 channels, each channel overlaps. So if you need to put up wireless, say three (3) access points in proximity to each other, they would need to be set to channel 1, 6, and 10 to have no overlap.

Like any technology, wifi will adapt to the times. The problem is that the growth and adoption rate of wireless is so fast. Everyone is putting up mass amounts of wireless with no plans for interoperability or coordination. Cities and counties that began to implement wifi a year ago are finding that those systems are becoming polluted and are becoming less effective. Users may have stopped using them due to reliability or speed issues. Or worse, the systems have ceased to function all together!

City to city roaming. Pronto Networks
Now think about interoperability. Not only is wifi technology struggling to keep up with the times, people need interoperability so that resources are shared. As users of this technology try to adapt, companies of all sorts are bringing new technology and services. One of those companies is Pronto networks. They have a few different service offerings. The most interesting to me is their city worker integration product. What they plan to do is have users, mostly public safety workers, be able to roam from one cities wireless to another. They hope to have many cities use their service so that when a government work travels to say Anaheim, California, they will still be able to use the wireless in that city to connect to the internet.

Pronto – connecting the dots.
As city and local counties begin to install wireless infrastructure, there are requests to allow one city worker to roam into another city and use their wireless data hot spots. The company called Pronto is getting ready to do just that.

What Pronto networks is doing is revolutionary. Allowing resources to be shared saves taxpayers money. City workers share resources all the time in states of emergency. A county helps the other county fight a wildfire. One state sends in rescue workers to the other for assistance. Why not share the communication resources of each city?
Time will tell if Pronto, they as a company survive or perish. One thing is certain. Ultra high speed communications are expensive resources. Even high speed communications are expensive, with cities spending millions on packet radio systems for voice only.

You don’t say? Yes, I did say that. I don’t know. Those are famous words that have been said in the worst and best of times. The classic answer to a question you can't answer.

For fun we will look at some definitions of these, and maybe some other alternatives you can say to your boss or significant other when they ask that tough questions. Everyone at some point doesn’t know, and usually it’s the time when you are SUPPOSED to know! To make mistakes and forget is to be human. To be creative in making excuses for a lack of knowledge is also very human.

Remember just admit it when you don’t know the answer. Why not you say? What often we see is a phenomenon called “knowledge creep”. A knowledge creep is not the weird guy with a encyclopedic knowledge base. Knowledge creep is a perception. This is similar to scope creep (in project management). My definition of knowledge creep is when you slowly extend your scope of knowledge by answering peoples questions with ambiguous answers. Basically trying to impress people and acting like you know more than you do. So the people don’t know what your level of knowledge is. A gray area forms around your supposed knowledge base, and you then have “knowledge creep”. My analogy to knowledge creep is project creep. Project creep is what happens when you try to solve to many problems at once, with too few resources. They are both similar, where as “project creep” is the amount of tasks is added to a project so that the resources to perform them is too low or causes the project efficiency to go down. Knowledge creep is the same, where a fixed number of resources, in this case brain cells, are expected to answer questions on a wide variety of subjects. Knowledge creep is commonly used by managers to rise up through the corporate ladder by impressing people who are easily impressed and uninformed. .

Remember there is no correct way to respond to someone in every situation. Are you trying to impress your boss? Are you interested in making someone smile? There are thousands of ways to tell people you don’t know. Keep some of these in mind when communicating to your peers and loved ones.

"What was that, can you repeat that?" Means you don't know, and think you might get some hints if they reword the question. You are too ignorant or proud to admit you don't know shit.

"Could you remind me later, when I have time I will explain it" Means you don't know, you act like you do know and create a plausible excuse to answer later when you can find someone who knows something.

"I really don't know" Same thing as “don’t know”, but I am telling you with some assurance that I don't know, and I could be sympathetic to your condition or request for information. You actually care?

"Are you kidding?" This means you have no clue, and in defense you offend the other person by making them sound like the idiot. That way they don't dare question your vast knowledge, which is really non existent in this subject matter.

"that's a good question" You are saying that you really think the other person should consider or think more before asking it, because you don't have the answer right now.

"I have no clue" Means you really don't know, with some emphasis on your general lack of knowledge in this area so don't ask me again.

"no I don't know that much about it" A longer way of saying you don't know. You are trying to say your knowledge is astronomical in size, but lacking in this critical area.

"ohh I used to know that" You knew, now you don't, and you are willing to discuss you short term memory problems with other people.

"ohh, well I think I know how that works" You know to some degree, but are not competent enough to answer the question. Or you are just too lazy to exercise your brain and recall it.

"no one knows" You are being either dead serious, or you are making fun of the person asking the question. Or trying to show the incompetence of everyone involved that could possibly know the answer.

"I think Dave knows" You may or may not know, but don't want to be bothered. You like passing the buck.

Automated teller machines are convenient ways to move your cash. In our convenience oriented societies, the next door ATM is irresistible. It is so easy to use that people can’t resist the temptation to take some risks. Risks are great, they say you should take at least one risk a day. But do you really want to risk being shot over a $40.00 withdrawal? We have all heard of stories of people being shot as they deposit or withdraw money from these machines.

There have been people trying to create better security at ATM’s. In my opinion, the banks have not done enough to keep you and your money safe. People have tried to put legislation to create safer ways of using ATM’s. Here we see another ATM problem, called the card skimmer.

Card reader or card skimmer?
A card skimmer reminds me spy technology. As a former contractor for an intelligence agency, I have seen my share of spy equipment. This one is an add-on to a device that adds spying functionality to everyday equipment. Examples? A paper shredder comes to mind in east Asia. The hotel offers the paper shredders to the overseas traveler as a convenience. Little do they know it also scans the document BEFORE being shredded and copies the data over the shredders powerline to a nearby computer!
So our modern day criminal takes a spin on the spy tech shredder and puts a reader in front of the ATM reader, similar to the spy shredder that the wonderful hotel offers for FREE.

Card skimmer uses.
As you look at the ATM card skimmer, keep in mind other uses of this technology. Do you have high security gates or locks that use credit cards? Imagine what a smart thieve or terrorist could do with this skimmer placed in front of your high tech lock. With a bit of social engineering thrown in, the “gate technician” comes to your place of work to do maintenance on the gate.
“Hi, I’m Dan.”, says the thief.
I had to replace the card reader, it should work fine now.”, says Dan the criminal.
“Oh great. Have a nice day.”, says you perky staff member. Busy reading the latest updates to myspace.com, she didn’t check his credentials and so it is unknown to her that the criminal has just been given the green light. Now he will be able to read the security cards put into the machine and easily duplicate them. No one notices as the card reader was “repaired” recently. The new card reader looks slightly different.
A few weeks later a robbery takes place and most of your hard earned equipment is stolen. “How did they get through the security gate?” will be the first question.

Keep in mind that just because it is “high tech” does not equal high security. It may not be safer then “low tech” security equipment. Sales people keep this in mind when bragging about your “high tech” systems.

This is what a normal ATM card receiver should look like. Keep in mind this ATM is an older style ATM. The newer ATMs may look different.

Now look at the next page. In this picture you see an altered ATM. This is what the same ATM with the card reader attached over the card receiver looks like. A card SKIMMER is attached to the front of the ATM.
Notice the card reader protrudes out. The normal (older style) ATM receiver is beveled
inwards. The ATM had a card reader attached to the front of the ATM (A card reader or skimmer- used to record the information off of the magnetic strip on the back of your ATM card).

Above is a picture of the attached skimmer. About the only thing noticeable is that the skimmer is nice new shiny plastic, compared to the old and dirty plastic bezel on the original ATM. I was amazed at the graphics and such. Always amazing the lengths criminals will reach to get into your pocket. Makes you wonder if these are mass produced?

This is the back of the card reader. The reader has a FireWire (IEEE 1394) interface that
can be read by most home computers. So the skimmer stores the data in memory, skimming hundreds of credit card and ATM numbers. The skimmer is then removed and the criminal takes it back to his home, where he downloads the information into a computer and can then recreate the cards for his own personal use. That data doesn’t have the PIN of the card. An enterprising thief could work around that, especially if the skimmer records the time and date. The criminal, using a telescope, could watch you type in your pin. Recording the date and time of PIN entry now gets everything he needs to siphon your bank account. Scary? Yes!

The card skimmer here was found and removed by a local police officer. Obviously he had a good eye to notice the difference between the modified ATM and unbugged ATM.

As we all know, times are changing. It’s not surprising today to read about how some of our rights are being taken away due to terrorism concerns. Whatever you want to do, think first. Want to carry a backpack? No, can’t do that here. Want to light a cigarette in public? Can’t do that. So it should be no surprise, or maybe a surprise to some, when evidence came out that good ole AT@T was helping our government spy on our internet messages.

First, some background. For years, the US has had more freedom than most all countries. We still have many freedoms that others could only hope for. Religious freedom, freedom of speech, you name it. Keep in mind people go to jail for life just for practicing a religion. Not here in the USA.

With freedom of speech, there is an irony in that certain communications the government has the freedom to monitor. For instance, telephone calls from the US to other countries has been available to people who work for the government. Telephone intercepts is not new. Think about it, what is the biggest overseas telephone company, it is At&T. It is widely believed that all telephone calls to other countries are recorded and have been since the 1960’s and before. And recently, it is understood that there are computers that can search those conversations for keywords. Say the sentence “My kid really bombed out on the game last night” and you get your whole life put into super recording mode.

Now browse to the internet age. It is December 31, 2004 and a technician for AT@T decides to start the new year with a bang. He decides to talk about his “classified” work with his employer and the government. When the New York times reported on the vast collection program going on, many people knew this was happening, but this technician opened up a can of worms.

The technician talked to lawyers and the press. This is what he said. He talked about a Room 641A at 611 Folsom Street, in San Francisco. There At&T has a large communication hub, actually part of the many backbones of the internet. The technician described how the company worked with the NSA to listen in to every bit of data going through that part of the internet. Since he was now retired he figured “fuck who cares if I can’t get a job with the spy bosses now?” He thought the public should know what was going on.

Basically what is understood is they tap into fiber lines and use special analyzers to capture certain data streams, depending on what keywords are used or if something meets the criteria for interest to the agency. People in the field call this “data mining”.

Why does this matter to law enforcement or emergency operations? What will be the effects if the public knows that all communications, including internet, is regularly monitored? I don’t know the answer to these questions. Obviously many intelligent criminals or terrorists understand secure communications. It is understood that some of the 9/11 hijackers used steganography to encode communications in pictures. Steganography is a science of taking a message and encoding it into a picture, graphic, video, or sound file. It is actually making something that looks like something else, so that you never know to look at that as a communications device.

So we know that some criminals use advanced tools to communicate. Many of those tools will cause problems in solving crimes. The questions is, does the AT&T relationship with the government help solve crime? Or does it stop spies?

People could argue that such spy systems definitely could help our national defense and such. Others could argue that it is a slippery slope, leading to an age where the government can instantly bring up every single record of communications you have ever done over a telephone or internet. Big brother on the horizon. Some people say what’s wrong with that? I suppose it all has to be put into perspective. What freedoms will we give up for some security? What freedom will we give our government in spending our tax dollars on questionable secret programs, when children go to bed hungry and our prisons are full of inmates? What questions can be answered with torture, and will we let our government not only spy on people but torture them? The questions are not easy. Our civilization is a complicated organism with many vulnerabilities to terrorists. We have to keep in mind our security as we continue to grow as a society.

What cost are we willing to bear, what will we give up so that we can sleep safe at night?

Entrances to the “secret room” at AT&T central office, 611 Folsom St., San Francisco

Pipeline breaks and emergencies pose a challenge for the emergency responder. As a emergency responder or public safety worker, you may respond to these situations. How can you tell when these pipelines pose a safety risk to you and the public?

Some common problems with piping is that the labels or colors showing the contents have worn off. That includes flow direction arrows and such. Without markings on pipes, you may be left to wonder what is carried in the pipe and what direction the fluid or gas flows.

Here are some guidelines.
You may notice a particular odor, an unusual puddle or hear a hissing sound.
Since pipelines are buried underground, line markers are used to indicate their approximate location along the route.
The markers can be found where a pipeline intersects a street, highway or railway.
The markers display the material transported in the line, the name of the pipeline operator and a telephone number where the operator can be reached in the event of an emergency.
Pipeline markers indicate the general location of a pipeline and should not be relied upon to indicate the exact position of the pipeline. Also, a pipeline may not follow a straight course between markers so don’t attempt to use these markers to identify the exact location of the pipeline.

WHAT DO PIPELINES TRANSPORT?
Pipelines are used to transport many types of products:
• For our vehicles: Gasoline, Diesel fuel, Kerosene, Aviation Gasoline, Jet fuel
• To heat our homes: Home heating oil, Natural Gas, Propane
• Precursors for Consumer products: Crude oil, Propylene, Ethane, Ethylene, Carbon Dioxide
• For Agriculture: Anhydrous Ammonia (fertilizer)
These products can be very dangerous and personnel should be aware of the following dangers:
• Pipelines carry both gaseous and liquid materials under high pressure.
• Many liquids form gaseous vapor clouds when released into the air.
• Many pipelines contain colorless and odorless products.
• Some gases are lighter than air and will rise.
• Other heavier-than-air gases and liquids will stay near the ground and collect in low spots.
• All petroleum gases and liquids are flammable.
• Any pipeline leak can be potentially dangerous.

Take whatever steps you deem necessary to safeguard the public in the event of a pipeline emergency. The following suggestions are offered as guidelines:

• Secure the area around the leak to a safe distance. This could include the evacuation of people
from homes, businesses, schools, and other locations, as well as the erection of barricades and
similar precautions to control access to the emergency site.
• If the pipeline leak is not burning, take steps to prevent ignition. This includes prohibiting smoking, rerouting traffic and shutting off the electricity in the area.
• If the pipeline leak is burning, try to prevent the spread of fire but do not try to extinguish it. Burning petroleum products will not explode. If the fire is extinguished, gas or vapor will collect and could be reignited by secondary flames.
• Contact the pipeline company as quickly as possible. Pipeline marker signs show the pipeline company’s name, emergency telephone number and pipeline contents.

HOW TO RECOGNIZE A PIPELINE LEAK
Sight: Look for a pool of liquid on the ground, a white cloud or fog, persistent bubbling in standing water, or discolored vegetation. These are signs of a possible leak around the pipeline area.
Sound: Listen for any unusual noise such as a hissing or roaring sound.
Smell: Notice any unusual odor.
WHAT YOU SHOULD DO IF YOU SUSPECT A LEAK?
• Have the workers turn off and abandon equipment.
• Leave the area quickly.
• Contact the local fire department.
• Warn others to stay away.
• Notify the pipeline operator immediately.
WHAT YOU SHOULD NOT DO
• DO NOT use open flames or bring anything into the area that may spark ignition of the leaking
product (telephones, flashlights, radios, motor vehicles, etc)
423

• DO NOT attempt to operate pipeline valves.

Fear of the month. No shelter! . By Bob Hogue

What happens when you panic from fear? Death! I’m not going to teach you how to not panic. I’m for one not very good at it. But I will tell you how to keep a roof over your head. Use an Aireshelta! These shelters offer portability and excellent coverage from the elements.

Airesheltas inflatable buildings offer durability and large sizes. Good for quick headquarters or temporary shelter of any type of operations. The company that makes Airshelta buildings, also makes many emergency supplies and knows the market well. See below link for more information.
http://www.airegroup.com/index.asp

Things that helped make this issue: Maple flavored tea, GIMP for windows, pistachios by the cup, Mysql, vending machine tea, Google Toolbar, Microsoft Word, Ethereal, PDF995 free pdf converter, HP Notebooks (with that kick-ass EtherTronics 802.11 antennas built in), grant money from UASI, taxpayers of Anaheim, rasberry tea from Canada, Textpad, Namo Webeditor, Macromedia DreamWeaver, and an occasional nod from the Bassets.

Ending quotes
"The wireless telegraph is not difficult to understand. The ordinary telegraph is like a very long cat. You pull the tail in New York, and it meows in Los Angeles. The wireless is the same, only without the cat. “-- Albert Einstein

"Life is cheap. It's the accessories that kill you."
Unknown
“If you know the enemy and know yourself, you need not fear the result of a hundred battles.” Sun Tzu, 500 B.C.
234234234234