Monday 12/28/98 9:27 AM John Young BUSINESS OUTLOOK, Albuquerque Journal Monday December 28, 1998 http://www.abqjournal.com/ Consultant feels heat from FBI By Aaron Baca Carolyn Meinel says she just can't win. Three months ago - and many times before and since - the East Mountain author and computer-security consultant was the target of a diatribe left by computer hackers who broke into and vandalized the New York Times' Web page, she says. Now, Meinel says she is suspected by the IBI as being one of the culprits in the New York Times computer hack. She says the FBI told her that she's not a suspect, but asked her to take a lie-detector test, which suggests she is "The last contact I had with them (the FBI) was about a month ago," Meinel said in a telephone interview with the Journal. "I don't think they would want me to take a test if they weren't trying to trip me tip up somehow so they could come back at me later." Meinel says she offered to assist the FBI man investigation of the incident because of her experience with hackers and her experience with those who took credit for that. back - HFG, or Hacking for Girlies. So far the FBI will not say if it suspects Meinel. Doug Beldon, a spokesman for the Albuquerque FBI office, said the FBI is investigating the incident But he said he couldn't comment about the investigation. The New York Times web page was attacked by a group claiming to be HFG in September. The group peppered the site with profanity and pornographic images. They also left hidden messages on the page directed at Meinel and others.. Meinel is known in the hacker community as the Happy Hacker She has written two editions of a book by the same title and helped found an online community about hacking. She has also written numerous articles on computer security, including a recent article for Scientific American. In all of her articles, Meinel is critical of some hackers for the damage they can cause. She says she promotes friendly hacking, which she compares to the tinkering or exploring shade-tree mechanics often engage in on their automobiles. The same group, HAG, is believed to have broken into the computers of Albuquerque Internet service provider Rt66 in August. In that attack, more than 1,400 credit card numbers belonging to subscribers were compromised. Meinel says she has been advised by her own lawyer to stay out of the case now. "There's a lot I Think I could have offered the FBI, Meinel says. “but I think it’s wise not to say anthing now. I could get myself in trouble if I helped with this investigation now.” --- I am reading about html, reading our son’s web site code - which he got from another Moto employee - and experimenting by modifying it. I just downloaded your stats and table code. I studied you index.htm and cryptome pages a bit yesterday. Morales and I talked this morning. As soon as we get something working, then we will try to get others to help. Like Ashok Kaushal aka AK. We plan to give the Great Satan some MORE deservedly [http://www.zolatimes.com/v2.29/bw1.html] REALLY BAD international press. Until, of course, we get the Great Satan to shape-up and get some of his messes SETTLED. ABQ FBI agents Kohl and Schum attempted to intimidate me once. US Marshals too. http://www.jya.com/whpscalia.htm On the second occasion ABQ FBI agents Kohl and Moore delivered US assistant attorney Gorrence’s letter to me. http://www.jya.com/whprjg.htm Moore apologized when Kohl handed me the letter. Nonetheless, this earned the instigators criminal complaint affidavits. http://www.jya.com/whpscalia.htm Kohl had on a black fanny pack. FBI/Engineering Research Facility Special Supervisory Agents [SSA] I worked with carry their guns in fanny packs. Holsters were too obvious the FBI told me. FBI SSAs also carry cell phones. They need to phone in to find out what to do next. Morales and I need picture of the Great Satan. But, of course, being law-abiding citizens, we don’t want to infringe anyone’s registered trademark. Campbell soup did not sue Andy Warhol. Therefore we will give Underwood full credit if we decide to use it registered trademark to depict the Great Satan. Back to .vxd writing. I think I have to get win98 working today so I can run the 98ddk. The vmm.inc macro which provides access to Microsoft’s Windows Virtual Machine Manager does not work the Hazzah or Thielen and Woodruff device driver code. While I modified vmm.inc to expand without error, link 32 is giving an error on some of the segments declarations in the module definition file. Until I get a working example of Device Descriptor Block accessed in the protected mode, I am in a bit of trouble with my current conversion project. Sure wish we could get these UNFORTUNATE matters settled so that Morales and I could spend time on other constructive projects. Later bill Thursday 12/10/98 5:08 PM J Kevin O'Brien, Chief Freedom of Information-Privacy Act Section Office of Public Affairs U.S. Department of Justice Federal Bureau of Investigation Washington D. C. 20535 O'Brien I received your form letter dated DEC 02 1998. YES, I want the information! I return your completed form. Sandia assigned me to break electronic locks for the FBI/ERF. SSA Mike Uttaro was my direct contact. His boss was SSA Mike McDevitt. The FBI is breaking the law under the veil of classification abuse. I may write another article --- False Security William H. Payne Abstract Wiegand wire plastic credit card-sized entry access credentials are the easiest to counterfeit. Yet Access Control & SECURITY SYSTEMS INTEGRATION, September 1998 , www.prox.com http/www.securitysolutions.com ran a full page ad. "Why 130 million Wiegand cards are in use throughout the world . The most secure of all access card technologies. HID Wiegand cards are virtually impossible to counterfeit... any attempt to alter them destroys them! ... Since no direct contact with the card is required, they are totally enclosed, making them absolutely immune to the elements and a frustration of vandals. ... The secrets to the security of an HID Wiegand card are those little enclosed wire strips. Once corrupted, they won't work." Purpose of this article is to tell you how to counterfeit Wiegand http://www.securitysolutions.com/ and give you insight into Real Security. Fumble, Bumble and Inept Funds Electronic Lock Breaking at Sandia National Laboratories. http://www.jya.com/fbi-en7898.htm False Security William H. Payne Abstract Wiegand wire plastic credit card-sized entry access credentials are the easiest to counterfeit. Yet Access Control & SECURITY SYSTEMS INTEGRATION, September 1998 , www.prox.com http/www.securitysolutions.com ran a full page ad. "Why 130 million Wiegand cards are in use throughout the world . The most secure of all access card technologies. HID Wiegand cards are virtually impossible to counterfeit... any attempt to alter them destroys them! ... Since no direct contact with the card is required, they are totally enclosed, making them absolutely immune to the elements and a frustration of vandals. ... The secrets to the security of an HID Wiegand card are those little enclosed wire strips. Once corrupted, they won't work." Purpose of this article is to tell you how to counterfeit Wiegand http://www.securitysolutions.com/ and give you insight into Real Security. Fumble, Bumble and Inept Funds Electronic Lock Breaking at Sandia National Laboratories. http://www.jya.com/fbi-en7898.htm --- Counterfeiting Wiegand Wire Access Credentials Bill Payne October 16,1996 Abstract Wiegand wire access credentials are easy and inexpensive to counterfeit. Access Control & Security Systems Integration magazine, October 1996 [http://www/securitysolutions.com] published the article, Wiegand technology stands the test of time by PAUL J. BODELL, page 12 Many card and reader manufacturers offer Wiegand (pronounced wee-gand) output. However, only three companies in the world make Wiegand readers. Sensor Engineering of Hamden Conn., holds the patent for Wiegand, and Sensor has licensed Cardkey of Simi Valley, Calif., and Doduco of Pforzheim, Germany, to manufacture Wiegand cards and readers. ... A Wiegand output reader is not the same thing as a Wiegand reader, and it is important to understand the differences. In brief, Wiegand reader use the Wiegand effect to translate card information around the patented Wiegand effect in which a segment of a specially treated wire generates an electronic pulse when subjected to a specific magnetic field. If the pulse is generated when the wire is near a pick-up coil, the pulse can be detected by a circuit. Lining up several rows of wires and passing them by a cold would generate a series of pulses. Lining up two rows of wires - calling on row "zero bits" and the other "one bits" - and passing them by two different coils would generate two series of pulses, or data bits. These data bits can then be interpreted as binary data and used to control other devices. If you seal the coils in a rugged housing with properly placed magnets, and LED and some simple circuitry, you have a Wiegand reader. Carefully laminate the special wires in vinyl, and artwork, and hot-stamp a number on the vinyl, and you have a Wiegand card. IN THE BEGINNING Wiegand was first to introduce to the access control market in the late 1970s. It was immediately successful because it filled the need for durable, secure card and reader technology. Embedded in the cards, Wiegand wires cannot be altered or duplicated. ... Bodell's Last statement is incorrect. Tasks for EASILY counterfeiting Wiegand wire cards are 1 Locate the wires inside the card to read the 0s and 1s. 2 Build an ACCEPTABLE copy of the card. Bodell's clear explanation of the working of a Wiegand card can be visualized zero row | | | one row | | binary 0 1 0 0 1 representation Solutions to Task 1 A X-ray the card B MAGNI VIEW FILM, Mylar film reads magnetic fields ... Edmunds Scientific Company, catalog 16N1, page 205, C33,447 $11.75 is placed over the top of the Wiegand card. COW MAGNET, Cow magnetics allow farmers to trap metal in the stomachs of their cows. Edmunds, page 204, C31,101 $10.75 is placed under the card. Location of the wires is easily seen on the green film. Mark the position of the wires with a pen. Next chop the card vertically using a shear into about 80/1000s paper-match-sized strips. Don't worry about cutting a wire or two. Note that a 0 has the pen mark to the top. A 1 has the pen mark at the bottom. Take a business card and layout the "paper match"-like strips to counterfeit the card number desired. Don't worry about spacing. Wiegand output is self-clocking! Tape the "paper-match - like" strips to the business card. Only the FUNCTION of the card needs to be reproduced! History Breaking electronic locks was done as "work for others" at Sandia National Laboratories beginning in 1992 funded by the Federal Bureau of Investigation/Engineering Research Facility, Quantico, VA. The FBI opined that this work was SECRET/NATIONAL SECURITY INFORMATION. Details of the consequences of this work are covered in Fired Worker File Lawsuit Against Sandia Specialist Says He Balked When Lab Sought Electronic Picklock Software, Albuquer Journal, Sunday April 25, 1993 State-sanctioned paranoia, EE Times, January 22, 1996 One man's battle, EE Times, March 22, 1994 Damn the torpedoes, EE Times, June 6, 1994 Protecting properly classified info, EE Times, April 11, 1994 DOE to scrutinize fairness in old whistle-blower cases, Albuquerque Tribune, Nov 7 1995 DOE boss accelerates whistle-blower protection, Albuquerque Tribune, March 27, 1996 DOE doesn't plan to compensate 'old' whistle-blowers with money, Albuquerque Tribune September 27, 199 --- Here is one of my previous articles. http://www.zolatimes.com/v2.29/bw1.html http://www.aci.net/kalliste/bw1 We should get this settled before IT GETS WORSE. Black and white is an example of WORSE. bill payne