James,
Good job! Is well written with a lot of thought and detail involved
very nice guide.thank you!!
Mike
On Oct 30, 8:28 pm, "James M. Atkinson"wrote:
> The following "Applicant Questionares" is going
> live on my website on Wednesday night, and I
> drastically need a couple of you to read it over
> and see if there is anything that needs to be corrected or explained better.
>
> Many Thanks,
>
> -jma
>
> Recommended Gold List Questions
> Levels of TSCM Legitimacy - The "P-Levels"
>
> The following is a list of private TSCM firms who
> specialize in "bug sweeps" and wiretap detection
> and who have legitimate TSCM training,
> credentials, and equipment (and are very well respected within the industry).
>
> While most TSCM specialists are available for
> travel outside of a specific geographic area they
> tend to avoid such engagements, or will limited
> the services to vulnerability analysis,
> pre-construction assistance, non-instrumented
> inspections, simple RF checks, in-place
> monitoring, or limited TSCM services involving
> only a briefcase sized in-place monitoring system
> (such as a single spectrum analyzer, MSS, Eagle,
> ScanLock OSCOR, SPECTRE, ROSE, RAPHAEL, or similar system).
>
> These private TSCM firms tend to operate in a
> specific geographic area limited to a few hundred
> miles (usually within a eight to twelve hour, one
> day vehicle drive). However, all of the TSCM
> firms listed here are available for travel
> anywhere in the United States or the World on
> short notice, but only provide limited services
> when operating outside of their normal coverage
> area. These coverage area limitations is due to
> the logistics involved in transporting hundreds
> and often thousands of pounds of sophisticated,
> highly sensitive laboratory grade electronic
> instruments, equipment and tools. Bug sweeps and
> wiretap detection involves the use of ladders,
> pole climbing equipment, LAN analyzers, X-ray
> systems, specialized antennas and other
> equipment, which is not easily, transported by
> airplane or by any method other then trucks. In a
> few cases, the TSCM specialist can respond to any
> location within a 2 or 3-day drive with a truck
> which contains an entire mobile electronics laboratory.
>
> TSCM firms also tend to restrict their operations
> to a specific geographic area to facilitate an
> expert level of knowledge regarding the RF
> environment, construction methods used, community
> zoning, population demographics, civil
> engineering, aeronautic or maritime facilities,
> local military bases, and related areas.
> Knowledge of such regional information is
> critical for a successful TSCM project. The TSCM
> specialist must also have an intimate knowledge
> of the telephone systems, engineering methods,
> fiber optics, major cable locations, central
> office switches, test numbers, and related
> communications infrastructure present or being
> used in an area (which tends to be regional).
>
> An understanding of what types of eavesdropping
> devices, methods, and frequencies which are being
> used in an area is also important, as is
> knowledge of what type of surveillance equipment
> is being sold within that region (and other
> areas). The TSCM Procedural and Protocols Guides
> used by a specialist also tend to be based on
> specific issues and variables present in that
> specific geographic area. On a more interesting
> note, many of these firms are located in, or near
> major maritime port cities or population centers.
> The heaviest concentrations are around major
> cities on the East and West coasts with a very
> limited presence in the Mid-West, Great Plains,
> and Rockies. If you were in the Mid-West, Great
> Plains, or Rockies area you would need to engage
> a TSCM firm from one of the major port cities.
> For example, customers in Chicago, St. Louis,
> Memphis, Denver, Salt Lake City, Minneapolis,
> Billings, etc. would need to fly a TSCM
> specialist in from Boston, New York, Washington
> DC, Los Angles, Lexington, or Seattle.
>
> Please be patient when contacting any TSCM firm,
> as if they are out serving a client they may not
> be able to return your call for several hours.
> Rates generally are non-negotiable and reflect
> the cost of the sweep practitioner's time,
> considerable investment in equipment acquisition
> and maintenance, several weeks of in-service
> training a year, travel, administrative and
> communications time and expense to coordinate the
> sweep and written report, and a fair profit for
> their services. It is very unwise to shop for
> sweeps by using price as a criterion as it only
> invites being ripped off. Legitimate TSCM
> professionals are not interested in, nor will
> they engage in negotiating for a lower price.
> When you contact persons on this list, you are
> talking with someone in the same league as an
> attorney or surgeon, not a salesman. In fact,
> most of the people listed on this page have more
> time in their specialized training than do most
> attorneys or medical professionals. Anything
> beyond an initial 15-minute phone call usually
> will be billable time. Attorneys and doctors do
> not consult free, and neither do legitimate TSCM
> specialists. If a potential client calls with a
> long list of questions not pertaining directly to
> hiring the practitioner, or wants to know how to
> do his own sweep, or wants to know how to use the
> sweep kit he purchased on his own, expect to pay
> an hourly rate or $250 in advance for consulting
> services. If you are considering engaging (or
> have already engaged) a TSCM firm and they are
> not listed in the following directory you would
> do well to immediately ask some awkward
> questions. It is also important you understand
> that legitimate services by a competent TSCM firm
> rarely start at less then several thousand
> dollars for even a basic sweep, and a proper
> sweep take days, not hours to complete. Keep in
> mind that there only a small number of legitimate
> and competent TSCM counterintelligence
> specialists or "Bug Sweepers" in the U.S. private
> sector. Legitimate TSCM firms are in very high
> demand, hard to find, and expensive; so be
> patient when trying to find one to help you. In
> addition, TSCM firms are not attorneys and cannot
> tell you whether it is legal or illegal for you
> to monitor your own phones. Always call a
> competent licensed attorney for legal advice.
>
> Magic Formula
> Technical Background - Cube this
> Formal Technical Training (1200 hours, every 5 years) - Square This
> Equipment and Tools - Cube This
> Basic Equipment/Tools
> Intermediate Equipment/Tools
> Advanced Equipment/Tools
> Vehicles (halve this)
> Basic Vehicle
> Intermediate Vehicle
> Advanced Equipment - DOT/CDL
> Honesty and Integrity - Divided by all
>
> Square root of
> (Tech3+TechTraining2+Tools+TestEquipment3+.5Vechiles) /Honesty
>
> You use the list like this. You assign each of
> the P-Levels a score between negative numbers and
> positive ten, essentially adding or subtracting
> points up to ten either way depending on how each
> of the attribute apply to the person you are
> talking to. In a few cases, you can subtract more
> then ten points for issues that provide areas of significant concern.
>
> You would hope that the person or company you are
> considering performing a TSCM project would
> attain a perfect score as that means the person
> is very legitimate and professional and that you
> feel that none of the negative attributes or
> levels apply to them, but in reality such, a
> score is impractical. Nobody is perfect, and
> anybody who appears to be perfect should
> certainly be viewed with caution and a healthy dose of skepticism.
>
> Professional - A true blue, died in the wool
> security expert with years of RELEVANT experience
> and background in their specific area of
> expertise. He will "walk the walk and talk the
> talk", and have the scars to prove it. This
> person will own all the necessary equipment,
> hundred of books (some of which he wrote or
> contributed to), a large number of original web
> pages or white papers on the subject. He (or she)
> will seek to illuminate the subject matter, and
> will be able to explain very complex topics in
> terms the non-technical public or layman can
> understand and is comfortable is discussing the
> matter without pushing their services too much
> (they let you come to them, and never gets
> pushy). If they are very professional they get
> +10 points, if they seem a little rough around
> the edges give them +7, but start dropping points
> as you get more uncomfortable with their
> professionalism. If they are rough around the
> edges, or just a little too pushy to get your
> business then award them zero points, and if they
> really get pushy or seem desperate for your
> business then start subtracting points quickly.
>
> Pretender - Similar to the above professional but
> has irrelevant or bogus credentials. They may
> talk the talk, but cannot walk the walk (nor have
> the scars). Will talk a good game, but generally
> lacks legitimate equipment, materials, or
> training. He often has not written a book but
> will often plagiarize others (and claim it as his
> own work). If the "pretender" has an online
> presence or web page, it is full of hype,
> rhetoric, and paranoia (but little science). He
> is quite capable of totally baffling customers,
> but cannot explain things in a non-technical way
> (or without hyping surveillance technology to
> death). In this case you start by awarding them
> -10 points, and as they convince you that they
> are legitimate you slowly start adding points up
> to as much as a +10 points. Very often the
> pretender will be someone who retired from
> government service with honorable service, but
> who lacks the technical background to perform a
> competent sweep, and thus pretend to know what
> they are doing. In many cases, the pretender
> actually has themselves convinced that they can
> do a good job, but sometimes their inabilities
> lead then into the next category.
>
> Putz - This is nothing more then a buffoon.
> Generally he does not know how to do the job, has
> virtually no equipment, training, or resources
> (but tries hard). He may or may not be honest,
> and may actually believe that he is competent. He
> may have a few technical toys, and may have a
> week or two of training in electronics,
> surveillance, and security (all in one). In this
> case, you start by awarding them -10 points, and
> as they convince you that they are not a putz you
> slowly start adding points up to as much as a +10 points.
>
> Parasite - This type leaches off of the
> credibility of others, generally has no
> expertise, knowledge, or training of their own in
> what they are offering. Usually someone like this
> walks and talks like a salesman, and they love to
> run their mouth about all the people they know.
> Name-dropping is an art form to the parasite. The
> parasite may be detected by the way they rattle
> off a list of references, customers, or contacts
> before anybody has really asked for them. He will
> usually be desperate to prove to you how
> legitimate he is right from the very beginning of
> your contact with them. You start them with zero
> points, and gain or loose points as you feel
> appropriate. The parasite is the consummate
> salesmen, but not an actual sweep person. One
> rule of the TSCM profession is that you never
> talk about your customers, so someone who is
> trying to impress you with who they know or is
> name-dropping is a parasite who is trying to
> impress you, and in turn, you should not trust
> them, and score the parasite accordingly. Start
> with awarding zero points, and each time they
> name drop or mention a company name with whom
> they have performed sweep work subtract 3 points,
> up to 30 points. If on the other hand the TSCM
> expert does not mention his customers award 3
> points, then ask for references, and then when he
> declines to provide references award 3 more
> points (or if they give you references subtract 6
> points). Next, you want to aggressively pressure
> them for client names, and for references, and
> then if at this point (under pressure) they keep
> their mouth shut you add 6 points, or if they
> give in and breach their client privacy, you
> subtract 6 points. There is nothing wrong with
> being involved in sales, but in the TSCM
> business, a "sales push" or pushing to close the transaction is a liability.
>
> Predator - This type is pure evil and the only
> reason they are involved in security is to
> victimize the customer. The predator is only
> interested in backstabbing, theft, betrayal, or
> harming the client in a serious way. The only
> reason this type of person is involved in TSCM or
> the security industry is to ferret out their
> customers secrets so they can be exploited for
> scams or for criminal purposes. If this person
> gives you even the slightest hint of being, a
> criminal hit them with -100 points and let them
> work their way out of it. Now, do not confuse
> someone who hunts spies for a living for someone
> who performs eavesdropping for a living, or
> someone who is a professional criminal who preys
> upon his client. A true TSCM expert is hunting
> spies and bugs, and is not preying off their
> client, they do not hunt the spy directly, but
> rather hunt the spies' technical toys (it is a
> subtle, but important difference).
>
> Poison - He has nothing good to say about anybody
> except himself and his associates and tends to be
> bitter against everybody around him. When
> questioned about his own credentials he will lash
> out at his competitors with personal attacks
> (instead of discussing his own credentials). This
> type is easily identified after five minutes of
> talking, and they have not said one thing
> specifically regarding their own merit,
> equipment, or credentials. It is easy to figure
> this one out and to award or subtract points
> either way. If this person only slightly lashes
> out against others it may be that, he has a
> backbone, but is not actually toxic. Be careful
> here and only subtract points if this person is
> hardcore in his angst and bitterness. Hint: Most
> TSCM folks have a strong moral backbone, and have
> a strong sense of fairness and of what are right
> and wrong. Most TSCM professionals will be
> strongly biased against eavesdroppers, felons, or
> wrong doers, and this bias should result in
> points being awarded as you discuss just "how
> white his hat is". On the other hand, if the TSCM
> expert is bitter against others, but cannot
> specifically tell you why, then you should
> subtract points. Also, be wary of any TSCM expert
> who is overly complementary towards other people
> as this may indicate a potential parasite.
>
> Puffer Fish - Typically, he has little or no
> credentials of his own, but knows all of the
> industry lingo and jargon. He will claim to be
> the president of a huge corporation with scores
> of employees, tens of millions in assets when in
> fact this type is a penniless mooch who is still
> living with their parents. If not living with his
> parents his (or her) spouse will be the primary
> breadwinner in the family, their primary income
> (and references) will be from close friends or
> family. Listen very carefully for any hint as to
> where the seed money came from for them to start
> their business, as you may find that a rich
> family member bought them the equipment and has
> been subsidizing their TSCM activities. Often
> this type is also a pretender and bumbling putz.
> Listen for any hint of grandiosity or of what
> this person is going to do in the future, versus
> what they have actually done in the past. Dream
> and aspirations are important; delusions and
> illusions are not and should be graded accordingly.
>
> Psychiatrist Bait - These people are really
> nothing more then con artists who will ramble on
> for hours with wild tales of how they were a Navy
> SEAL, covert CIA operative, undercover FBI agent,
> won the Congressional Medal of Honor, was a POW,
> won the war, and so on. They could tell you about
> their credentials, but then they would have to
> kill you. Often they will offer credentials,
> which at first appear real, but cannot be
> confirmed, or is suspect in another way. They
> will offer credentials that cannot be verified by
> their own admission. "It's too secret" Ask
> questions, get specific answers, grade as you
> feel is appropriate. However, step carefully, as
> many TSCM people will not discuss a great deal of
> their background initially, so this level should
> be considered in regards to initial contact. If
> the person sounds and talks a little crazy
> initially then subtract points, but if they seem
> sane and coherent then add points. Do not get too
> carried away on this issue though. Always
> remember that the TSCM person is grading you as a
> customer as well, and may not be too keen on
> disclosing too much about their background until
> they get to know you better, so this is a two way street.
>
> Phelons (or Felon) - This group is a real problem
> within the security business. Many con artists,
> felons, and dirt-bags try to capitalize on their
> criminal skills by claiming to be able to catch
> other criminals. Usually their only credential
> (which can be verified) is the criminal
> conviction. Often this type will claim to be a
> convicted hacker and computer expert when in fact
> he was convicted of arson, or of being a drug
> dealer, is a psychiatric patient, and is
> incapable of recovering his own hard drive or of
> performing the most simplistic of technical
> tasks. The few cases where the conviction was
> relevant to their field will not set your mind at
> ease about their now "reformed" status. Now this
> gets a tricky because if you become reasonably
> convinced that you are talking to a felon (or
> they brag of their crimes) you need to subtract
> 50 points, and not consider dealing with them
> unless there is some overwhelming reason to do
> so. If the person was involved in a crime that
> did not involve moral turpitude or violence
> (i.e.: drunk driving, disorderly conduct, etc)
> then perhaps subtract only 15 points. Now, on the
> other hand if the TSCM appears to be a good
> citizen, with no criminal histories then they get only a positive 10 points.
>
> Paranoids - Usually has knowledge of security
> because of an anti-establishment, paranoid or
> criminal mind-set, which compels them to
> constantly look over their shoulder. Of course,
> the government is constantly harassing them, has
> their phones taped, has video cameras in their
> house, and has legions of agents employed just to
> harass them specifically. They will sometimes
> rant on about government mind control, biological
> implants, electronic harassment, and so on. In
> some cases they have written books or articles,
> but the materials is published only in very
> narrow channels, or by paramilitary or fringe
> publishers. Very often, they will hear voices in
> their head, and/or be able to convince other that
> they too are hearing voices or seeing visions. If
> they are hearing voices, seeing visions, or claim
> to have any kind, of "special powers", you should
> subtract 30 or more points. If they seem like a
> normal and rational person they get zero points,
> but if they are "professionally cautious" add a
> few positive points as TSCM experts operate in a
> world where they assume that a place is bugged
> until scientifically proven otherwise, they are
> not paranoid, but more accurately are in touch
> with the eavesdropping threat. To be awarded +10
> point the TSCM expert should be cautious,
> careful, and delicate with the project, but
> should not act "crazy", and should make you feel more secure, and not fearful.
>
> Police - When a TSCM expert enters the
> profession, they hopefully come with a multitude
> of prior experience, some have a technical
> background, and some have little or no technical
> background. Sadly, there are quite a few retired
> or fired members of the law enforcement or
> intelligence community who try their hands at
=== message truncated ===
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Received on Sat Mar 02 2024 - 00:57:26 CST
This archive was generated by hypermail 2.3.0 : Sat Mar 02 2024 - 01:11:46 CST