1998-07-04 - NSA , FBI, and Sandia labs - and stolen weapons

Header Data

From: bill payne <billp@nmol.com>
To: ukcrypto@maillist.ox.ac.uk
Message Hash: f3c3079dfd8c8252894ce637e6f08cad86cc00035f3cd8c3b9617a4352fe4b46
Message ID: <359E887A.6EDB@nmol.com>
Reply To: N/A
UTC Datetime: 1998-07-04 19:58:21 UTC
Raw Date: Sat, 4 Jul 1998 12:58:21 -0700 (PDT)

Raw message

From: bill payne <billp@nmol.com>
Date: Sat, 4 Jul 1998 12:58:21 -0700 (PDT)
To: ukcrypto@maillist.ox.ac.uk
Subject: NSA , FBI, and Sandia labs - and stolen weapons
Message-ID: <359E887A.6EDB@nmol.com>
MIME-Version: 1.0
Content-Type: text/plain

Saturday 7/4/98 1:20 PM

Laszlo Baranyi

I read http://www.qainfo.se/~lb/crypto_ag.htm

I will look in my files for a paper published in the Association
of Computing Machinery authored by G. J. Simmons on the COVERT CHANNEL.  
Then e-mail you an exact reference.

Information FORCED on me by Sandian James Gosler funded by NSA was about
the COVERT CHANNEL.  Similar to what I read at

Gosler made the point to us that the 'black hats' could spike a device,
either through hardware or software.

A 'white hat' group  could not discover how the covert channel worked
[was spiked].

Gosler later wanted to assign me to an NSA project. I refused. I would
not sign the required papers - which effectively makes the signer give
up their civil rights.

See http://www.qainfo.se/~lb/crypto_ag.htm
 RIGGING THE GAME" Baltimore Sun, December 10, 1995. This article can be
ordered on-line

for details what NSA requires employees to sign.

Sandia reassigned me to break electronic locks for the FBI.
and http://www.fbi.gov/fo/nyfo/nytwa.htm 

I attach results, which the FBI blieves is SECRET/NSI, on how to
counterfeit Wiegand wire access 
credentials funded by the FBI.

Perhaps the following quotation and reference might be valuable to

             Spy agencies are also dabbling in hacker warfare.  The 
             National Security Agency, along with top-secret
             units in the Army,  Air Force, has been researching 
             ways to infect enemy computer systems with particularly 
             virulent strains of software viruses that already plague
             and office computers.  Another type of virus, the logic
             would remain dormant in an enemy system until a
             time, when it would come to life and begin eating data. 
             bombs could attack, for example, a nation's air-defense
             or central bank.  The CIA has a clandestine program that 
             would insert booby-trapped computer chips into weapons
             that a foreign arms manufacturer might ship to a
             hostile country - a technique called "chipping".  In
             program, the agency is looking at how independent
             hired by arms makers to write software for weapons systems 
             could be bribed to slip in viruses. 
             "You get into the arms manufacturer's supply network, 
             take the stuff off-line briefly, insert the bug, the let it
             to the country," explained a CIA source who specializes in 
             information technology.  "When the weapons system goes into
             hostile situation, everything about it seems to work, but
             warhead doesn't explode." 
             weapons may be even more exotic than computer viruses. 
             Los Alamos National Laboratory in New Mexico has developed
             suitcase-sized device that generates a high-powered 
             electromagnetic pulse.  Commandos could sneak into a
             capitol, place the EMP suitcase next to a bank and set it
             The resulting pulse would burn out all electronic
             in the building. ... 
        [TIME, August 21, 1995, by Douglas Waller] 

The US was super-concerned when stinger missiles, AFTER THE US GAVE THEM
TO THE AFGHANIS, that the stingers might be used against the US.  

So the idea is to spike weapons so that the US remains in ELECTRONIC
CONTROL - if physical
control is lost.  

There are, of course, hazards in powering-up a stolen foreign weapon.

My wife Patty [Implementing Basics : How Basics Work William H. and
Patricia Payne / 
Published 1982 http://www.amazon.com]and I were in Zurich in April 

I spoke to Hans Buehler on the phone from the airpont.

Buehler gave me ideas on how to get my case settled TOO.


Best.   And I look forward to reading more about what you discover.



Coauthor Lewis in the above is one of my former MS and PhD students in
computer science.


Counterfeiting Wiegand Wire Access Credentials
                                   Bill Payne
                                 October 16,1996
                  Wiegand wire access credentials are easy and
                  inexpensive to counterfeit.
        Access Control & Security Systems Integration magazine, October
        1996 [http://www/securitysolutions.com] published the article,
             Wiegand technology stands the test of time
             by PAUL J. BODELL, page 12
             Many card and reader manufacturers offer Wiegand (pronounced
             wee-gand) output.  However, only three companies in the
             world make Wiegand readers.  Sensor Engineering of Hamden
             Conn., holds the patent for Wiegand, and Sensor has licensed
             Cardkey of Simi Valley, Calif., and Doduco of Pforzheim,
             Germany, to manufacture Wiegand cards and readers. ...  A
             Wiegand output reader is not the same thing as a Wiegand
             reader,  and it is important to understand the differences.
                In brief, Wiegand reader use the Wiegand effect to
             translate card information around the patented Wiegand
             effect in which a segment of a specially treated wire
             generates an electronic pulse when subjected to a specific
             magnetic field.  If the pulse is generated when the wire is
             near a pick-up coil, the pulse can be detected by a circuit.
             Lining up several rows of wires and passing them by a cold
             would generate a series of pulses.  Lining up two rows of
             wires - calling on row "zero bits" and the other "one bits"
             - and passing them by two different coils would generate two
             series of pulses, or data bits.  These data bits can then be
             interpreted as binary data and used to control other
             devices.  If you seal the coils in a rugged housing with
             properly placed magnets, and LED and some simple circuitry,
             you have a Wiegand reader.  Carefully laminate the special
             wires in vinyl, and artwork, and hot-stamp a number on the
             vinyl, and you have a Wiegand card.
             IN THE BEGINNING
               Wiegand was first to introduce to the access control
             market in the late 1970s.  It was immediately successful
             because it filled the need for durable, secure card and
             reader technology.
               Embedded in the cards, Wiegand wires cannot be altered or
             duplicated. ...
        Bodell's Last statement is incorrect.
        Tasks for EASILY counterfeiting Wiegand wire cards are
        1    Locate the wires inside the card to read the 0s and 1s.
        2    Build an ACCEPTABLE copy of the card.
        Bodell's clear explanation of the working of a Wiegand card can
        be visualized
             zero row    |     |   |
             one row        |          |
             binary      0  1  0   0   1
        Solutions to Task 1
             A    X-ray the card
             B    MAGNI VIEW FILM,  Mylar film reads magnetic fields ...
                  Edmunds Scientific Company, catalog 16N1, page
                  205, C33,447  $11.75
        is placed over the top of the Wiegand card.
        COW MAGNET,  Cow magnetics allow farmers to trap metal in the
        stomachs of their cows.  Edmunds, page 204, C31,101 $10.75
        is placed under the card.
        Location of the wires is easily seen on the green film.
        Mark the position of the wires with a pen.
        Next chop the card vertically using a shear into about 80/1000s
        paper-match-sized strips.
        Don't worry about cutting a wire or two.
        Note that a 0 has the pen mark to the top.  A 1 has the pen mark
        at the bottom.
        Take a business card and layout the "paper match"-like strips to
        counterfeit the card number desired.
        Don't worry about spacing.  Wiegand output is self-clocking!
        Tape the "paper-match - like" strips to the business card.
        Only the FUNCTION of the card needs to be reproduced!
        Breaking electronic locks was done as "work for others" at Sandia
        National Laboratories beginning in 1992 funded by the Federal
        Bureau of Investigation/Engineering Research Facility, Quantico,
        The FBI opined that this work was SECRET/NATIONAL SECURITY
        Details of the consequences of this work are covered in
             Fired Worker File Lawsuit Against Sandia
             Specialist Says He Balked When Lab Sought Electronic
             Picklock Software, Albuquer Journal, Sunday April 25, 1993
             State-sanctioned paranoia,  EE Times, January 22, 1996
             One man's battle,  EE Times, March 22, 1994
             Damn the torpedoes,  EE Times, June 6, 1994
             Protecting properly classified info,  EE Times, April 11,
             DOE to scrutinize fairness in old whistle-blower cases,
             Albuquerque Tribune, Nov 7 1995
             DOE boss accelerates whistle-blower protection,  Albuquerque
             Tribune, March 27, 1996
             DOE doesn't plan to compensate 'old' whistle-blowers with
             money, Albuquerque Tribune September 27, 199