Designing Esoteric Weapons
Presentation to SDI Headquarters at the Pentagon
In 1989, the USAF/ESD decided Sobczak research about Computer Virus as a Weapon
was a potential national resource. At that time Virus weapons were not acceptable within
the Military Culture. Sobczak shared his research with the US Army at Vint Hills
Laboratory. Personnel from Vint Hills leaked his results to Business Week magazine.
Business Week's Technology Editor wrote an editorial decrying the potency of Sobczak
research to devastate Commercial Business Automation beyond its Military purpose.
Viruses created by Sobczak experiments in 1989, made public by trusted government
employees, were mimicked in the Fort Sill virus that affected 5000 PCs allocated to Desert
Sobczak's original research classified mechanisms that cause damage infunctioning
computing architectures. He created enhancements to low-end computer BIOS to prevent
introduction of corruption, i.e., VIRUS and broken code strings. Sobczak examined
hacker/phreaker BBS to determine the extent of the threats posed. He duplicated hacker
achievements to append new software logic beyond safeguards inherent in traditional
government policy. Sobczak performed comparative and relational analyses of user
friendliness versus code structure and procedure; versus complexity of securing algorithm;
versus effect on data transfer and processing speeds within Command and Control
systems; versus the RF frequency levels that might be manipulated. These criteria dictate
security solution standards designed to prevent corruption and dissuade attackers.
Sobczak's team designed an encrypted VIRUS guaranteed to do away with unauthorized
users on a network. Electronic On-Line Integrated Network Security System (EOLINSS)
was an early application where a signed virus is dispatched upon connect to verify the
validity of the receiving station. If the receiving station acknowledges the virus with a
proper signature normal operation happens. Failure to verify causes the receiving device
to be neutralized in various degrees based on security supervisor decisions. When sender
and receiver are validated, the system continues to function as designed. EOLINSS sent
randomly spaced virus code segments during the secure session so as to damage any
interloper who tries to listen. The system works to the point that data collected to a tape
recorder or CD/RW will corrupt a hard drive and memory even when it is read into the
device off line.
Sobczak identified problems that go unnoticed between low end devices and networks.
He created a hardware device, driven by firmware that requires code and data to be
filtered. The program stops execution is security criteria is not met. Sobczak researched
how to excite corrupt code to execute and fail. Execution triggers firmware traps and
purges that prevent virus execution.
RF transmissions extend virus potency to wireless, cellular and satellite. TWA Flight 800
could well have fallen victim to an advanced Aegis Electronic Counter Measures
experiment in progress at the time of the accident.
Functioning within many networks are sniffer code mechanisms that affect security and
operations. The Morris worm proved this point. Nuisance viruses such as the two
hundred seventy eight WORD macro virus variations are tips of a childish mischief.
Sobczak experiments proved corrupting codes need not be written as virus. Random
pieces can be mixed into legacy code common in Code Reuse. A small trigger program
can assemble the segments in a proper order and execute causing damage. Our research
proved that this attack in nearly impossible to locate and/or stop. One cannot performance
test for embedded code sets triggered by combinations of unique conditions. Potentially
dangerous code sets are innocuous until triggered.
In 1990, Sobczak demonstrated to Dr. Albanese (USAF/SAM/RSD) the ease with which
embedded code controlling a VDT snap back (screen refresh) could be overwritten to
manipulate the screen refresh rate. Code modification above 268 cycles causes ocular
Sobczak was able to:
1. Capture and modify the refresh rate (snap back mechanism) of a video tube.
2. Disorientation people using:
3. Stimulate vibrations in a metal tooth filling causing:
b. Apparent voices
4. Trigger involuntary nerve synapse
Sobczak told the CIA about the appearance and interest, by several former Soviet
Republics, Russia, China, Columbia and Israel, in US internetworking and BBS source
lists. We located extensive research in psychological operations originating in Russia
targeting equipment operators. Sobczak identified specific areas of interest and tracked
occurrences. By judicious trading we obtained direct dial telephone numbers of Medical
School and Government data repositories containing psychological studies.
Officers from USAF Phillips Laboratory at Kirkland AFB visited when our small scale PC
experiments paralleled their large scale Electro Magnetic Pulse program.
Using a modified mechanical television tuner, Sobczak learned to copy VDU screens from
distances as far away as a mile to video tape or to another computer screen. Wave guides
were created to focus collecting antenna. Sobczak copied letters of credit from Japanese
Banks received at the Port Authority Teleport (Richmond County, NY), word processing
emissions at UN Headquarters (NYC) and dozens of meaningless home PC screens
located in our test area.
Positive uses of corrupt code sets are endless. Anything from a dish antenna driver
through a radar guidance system can be manipulated or destroyed by corrupt code.
Sobczak conceived the concept of VIRUS AS A WEAPON (VAAW) mixing software codes
with RF transmission technology. We were interested in how coded corruption could be
used as a countermeasure.
Our next experiment was born out of a BBS report of a mid-west hacker who studies
microwave. He took control of a transmission tower. ATT and local media validated his
claim. The potential for aggression was enormous. He mimicked the original Cablevision
signal theft accomplished by a Hacker in Columbus, OH.
Sobczak purchased a BEARCAT 16 scanner. He next obtained and modified an AC/DC
converter powered by direct current through an auto cigarette lighter. Radio Shack offers
a wide variety of potentially corruptive signal processors available at low cost. We
obtained a dozen voice and data frequencies from the FAA New York Region. Later we
found a book by Howard Sam's that identified voice frequencies The remainder carried
Sobczak separated data transmissions from receptions. At this point we took no overt
attempt to corrupt. Plans for a microwave transmitter and needed wave guide designs (to
narrow signal) were available from electronics magazines and archived in anarchist BBS.
In a test to determine the extent of hobbyist threat, Sobczak randomly transmitted RF
signals targeting aircraft inbound to John F. Kennedy airport in New York City. The New
York Times reported that collision warnings were triggered when one aircraft affected by
the random signals on the proper frequency issued an automatic warning to all other
aircraft both inbound and outbound. We explained our experiments to the FAA. They
denied the connection between our experiment and the warnings being triggered. We
successfully duplicated this experiment with six repetitions in as many days. The problem
was termed a "programmatic software error" by the FAA NY Region.
Sobczak graded interdiction potential of devices mentioned in our collected data.
Prominent was the A/D converter subsystem. We wondered how easily one might corrupt
an A/D converter. A call to the library at the USAF Wright Aeronautical Laboratory, Ohio
allowed Sobczak to obtain DOD/NASA reports defining A/D uses in current weapon
We chose to study Teledyne. Sobczak wrote code and paper tested a "pause/open/push"
sequence in repetitive mode. The technical manual explained anyone can easily acquire
an access point into the data stack. Code can be entered and directed to a processing
stack without affecting in-use data collecting memories. A transmitter can be constructed
that mixes analog signal being returned from a radar contact to produce a modified signal.
It is possible to disrupt a system using the A/D Converter. Sobczak wrote code to average
input signals. This program nulls the video feed converted data to make the result equal.
Sobczak research determined most sensors are not protected. Corrupt codes can be used
to produce unanticipated effects. The psychological operations (psyops) software Sobczak
developed is an extension of his A/D converter research that affects people.
We determined it feasible to affect brain cells by software produced low frequency waves.
Our goal was to alter psychological states (create mood changes) and possibly to transmit
stimuli that trigger suggestions and/or commands directly into the human brain. Defense
and the CIA had become paranoid about loss of mind manipulation leadership. MKULTRA
(ARTICHOKE), MKDELTA, MKNAOMI, MKRESEARCH, BLUEBIRD (renamed
ARTICHOKE by DCI) and a continuation of the earlier CHATTER Project (1947) were
authorized to regain leadership.. Sobczak gained access to these projects and tangentially
the Philadelphia Experiment, Montauk and Montauk Chair.
Research proved that electromagnetic fields raising body temperature by less than 1
degree Celsius result in somatic change. Chemical, physiological and behavioral changes
occur within "windows" of frequency and energy continua. One window is at the level of
the human electroencephalogram, i.e., in the range of extremely low radio and sound
waves (+/- 20hertz).
Early paper simulations used energy amplification in the order of magnitude of twelve. This
level was not feasible using current technology.
A soliton wave propagates suddenly acquired energy, or energy imparted by a shock,
without dispersing it. Sobczak's initial research found that soliton waves began being
considered relevant in high energy physics and in the fusion program in 1985. Sobczak
began writing software to simulate the soliton wave form in 1991.as a substitute to energy
Solitons occur as electro-solitons and as acoustic solitons. They form only at certain
windows. Solitons are dynamically stable "spikes". Solitons have long lifetimes. Their
vibration has a long persistence. The foregoing characteristics contribute to the formation
of soliton energy without a twelve order of magnitude increase predicted by the original
linear assumption. Software solitons are optical and audio non-linear imploding
Solitons allow extracellular disturbances such as acoustic or electromagnetic bursts to be
propagated across a cell membrane. As a form of corruption or as a anti-corruption tool
one must visualize the human brain and its environment as structures of frequency waves.
Our software created pseudo soliton shock wave. Modern electronics was programmed to
create a range of resonances utilizing the flexibility, speed and accuracy inherent in the
circuitry of a computing device and certain of its peripheral components.
Sobczak attempted to define the frequencies appropriate to repel aggression as well as
the available options for transmission both to the target and across the membrane of brain
cells. Sobczak's research suggests brain cells will be reachable diversely, flexibly and
routinely in the not too distant future? Sobczak showed Dr. Albanese at USAF/SAM/RSD
a way to use software solitons to affect people.
Sobczak located Dr. Albanese during research concerning the effects of radiation
generated by over-the-horizon radar on the unsuspecting general population. Sobczak
used a VAX cluster at SAM that was at risk to hackers to gain SAM attention.
Exploration of the relationship of computing devices to cross-membrane phenomenon is
not readily documented in unclassified publications. Software based psychological
corruption causes high risk but has enormous payback potential to secure systems from
aggression that subverts the ability an operator. Sobczak had determined how a computer
based soliton can be created in software and triggered to produce negative effects on
Sobczak research determined Russian mathematicians have been concerned with solitons
(initially referred to as excitons) long before Americans became interested. If a literature
search is an acceptable means of determining interest, American research scientists are
still disinterested. It is conceivable that researchers Davydov, Drazin and Boris Ponomarev
functioning under the wing of Uri Andropov achieved workable results that warranted
Russian, American, and German scientists successfully entered a membrane
independently. Sobczak research proved that when the time comes for a fundamental
innovation, discovery or invention to occur, it will occur in several different places at
different times involving independent researchers who do not know of the other's efforts
due to political or military security considerations.
Student hackers from the University of Dayton tried to infect the operational software suite
of SOCOM's MC-130H to revenge perceived slights given by SO/LIC Pathfinders. These
hackers unknowingly made practical use of software soliton theory.
Ocular muscles strained in an attempt to adjust to refresh code modifications. The hackers
attacked the MC-130H System Program Office through the data center in Area B at Wright
Patterson AFB. Sobczak experiments used overlays of VDT refresh control software to
misuse the Video Display system. The effect produced by an adjusted refresh rate
connected through a network to the outside world is unique. Sobczak called this software
system "Active Response". It deters aggression. In test, the Active Response code
stopped 99.9% of repeated and/or shared intrusions visited on targeted systems and
applications software by hackers. Active Response properly placed in a computing system
causes a hackers' worse headache.
In 1991 Sobczak showed AIR-055 (Vice Admiral Dunleavy, Admiral of the Lower Half
Hickey and Captain John Paul Jones) how a FLTSATCOM link could be used to port UNIX
"do loops" to Harris hardened but poorly secured Degital Equipment Corporation (DEC)
VAXES on an operational aircraft carrier. The Navy leased SATCOM channels
(frequencies) from private operators. Sobczak traversed channels to capture a Navy
The Vice Admiral recommended my research to the Chief of Naval Research. A female
Commander suggested my research was criminal. The US Navy would arrest and
prosecute me if I continued to find and expand upon my experimental technology.
Sobczak research continues. Navy satellites remain at risk. The UNIX systems on capital
ships has yet to be secured. UNIX has many security features that users fail to implement.
Hackers migrate US Navy UNIX networks without fear. In fact Reserve Naval personnel
at Norfork VA share access and frequency availability with Hackers.
Sobczak research identified software corruption at the mini computer level of operation.
Federal VAXes (now HP) appear to be the easiest devices to target. Security is effective
only when it is properly installed and kept current per HP Instructions. Sobczak knows of
an inquisitive Federal employee who has written code to determine if VAX security is
properly installed. If installation is incomplete the program downloads "/passwd/id/ao" file
to the interrogator.
The VAX does not protect against resource manipulation. A simple shell will lockup HP
equipment. Sobczak showed this weakness to V.ADM. Dunleavy at AIR-055 at the
Pentagon. While Sobczak cannot verify the statistic, it was suggested that ego causes
failure to admit error 8 of 10 times in most every data center.
Sobczak called the central exchange of a military facility involved in weapon systems
development to gain access to its computers. He asked for the telephone number of the
computer center. This was easily obtained. At the data center we told the secretary
answering our call that we needed the direct dial number of the computer room so we
might talk to our SE. In 10 of 10 tries the computer room telephone number was given
automatically without thought as to the consequences of the act. As no one ever calls the
computer room except with problems so the request for a clean line for a system error log
upload produced current data line numbers 8 of 10 times. In fact we became friends with
the night operator, Solomon.
The two hundred fifty odd passwords of Mr. Morris Jr are effective adjuncts to password
hackers(code breaking software) like Deluxe Hack or FH (Fuckin Hacker).
HP's older TI990's, than in use, were the easiest targets. Security of the HP 990 in the F-
16 SPO at WPAFB were nonexistent. Our targeted machine manages life cycle budget
projections. Intelligence gathering mixed with common sense allows a multitude of data
to be identified. The SPO machine was linked the higher commands (AFSC, AFMC),
Logistics Centers (OALC) and Contractor (GD/FW) computers.
Sobczak was able to locate a General Officer (Eagleton?) who as Commander of the F-16
SPO had an ID and Password that he never used. This became backup access into
Sobczak researched protection of the UNIX/Xenix kernel. We believe that a job queue
monitor is a practical answer to security without loss of processing speed. Files and
programs would be validated, verified and pooled in sequence for continued execution.
Sobczak has arrangements with individuals we consider expert in the ability to convert
code from language A to language B within and among OS. We have found that these
experts take corrupted code we obtain and/or generate and convert it to minicomputer and
mainframe code in hours. As Sobczak gained experience he could take a program through
disassembly, execution of the analytical diagnostics, modification of the disassembled
code to optimize function, and, reassembly in a mini or mainframe format in less than one
hour per fifty lines of code.
Our team for anti-corruption research includes hardware specialists. At the minicomputer
level a corrupt code can placed on an machine in a manner that defies human detection.
Further, the VIRUS destroys itself on execution leaving no trace of prior existence. DEC
hardware specialists had repeatedly replaced components and filed quality failure reports
concerning damage that was virus initiated emanating from a PC programmed REXX shell.
In 1993 I reported to the NSA that DOD had a problem. Rumor in the ether said that the
Director of DARPA (Gary Denman) had brought his girl friend (an IBM SE) from his last
post to his new post in Washington, D.C. She received an abnormal amount of research
awards. At the time of our reporting the buzz word for funding at DARPA was MCM
(Multi-chip Module). At a meeting in the Pentagon cafeteria protagonists who wanted to
blackmail DARPA were almost identified. AF Special Investigations using Pentagon Police
raided the cafeteria.
As in most things military, snafu ruled. The Pentagon Police arrested some minor
uninvolved hackers (the wrong criminals) who happened to be having a 2600-type meeting.
The hackers were released with apologies and the attempt to suborn the DARPA Head
continued until someone leaked the story to the Washington Post. The big corporation
continues to receive an inordinate amount of research awards. Sobczak followed
electronic exchanges and made dozens of new information sources at major contractor
During 1994 and 1995 Sobczak concentrated his research into intelligence and technology
collection skewed to corrupting code sets that might be modified into security tools.
Available intelligence about weapons research is everywhere. Sobczak told the Naval
Investigative Service about applications software that produced logistics models for the
F-14 and F-18. Working systems with nomenclature and parts lists were available on
Foreign Bulletin Board Systems. The NIS on Suitland Parkway in a Washington D.C.
suburb said not to worry. Contractors sometime transfer information using the INTERNET.
No one cared that the site Sobczak polled was found in then communist Europe (Warsaw,
Poland). Worse the Polish source offered to teach Sobczak to manipulate the Defense
The SDI was at risk because the SDI Operations Staff did not remove the installing System
Engineers IDs and Passwords. Access codes MGR.SYS opened dozens of HP 3000s to
interrogation. Further, links from the Pentagon to the National Test Bed Facility, SAIC,
Boeing, etc. were available through computers at Huntsville Arsenal. The government
changed all telephone exchanges except those used as data lines for their computers.
During Operation Desert Storm, Sobczak offered an operations officer (Maj. Gus Taylor)
at SO/LIC the opportunity to hack Iraqi C2. Sobczak had access to a Thompson CSF
communications backbone running under COSMOS, the original ATT switching software.
Sobczak communicated daily with four individuals in Kuwait. The internet allowed access
to CCNY and on to Germany. From Germany the postal system provided access to Kuwait
via Bagdad. The Kuwaiti hackers, members of the Swiss Crackers, provided insight that
was given to SOCOM at McDill AFB, FL.
Sobczak explored intrusion mechanisms created by aggressive personalities. He predicted
that 184,000 intrusions would occur within DOD. In 1995 DOD admitted numbers close
to his forecast. Further, internal DISA memos and e-mail acknowledged that victims had
reported intrusion and data loss only 2% of the time.
Intrusions occur in any system because intruders are using lawful IDs and Passwords The
problem grows out of proportion to reality. Most intrusions go unreported. Those in charge
hide intrusions from Upper Management to protect their jobs. Trusted employees are
frequent culprits. Sobczak created an integrated software security solution (V-PHAGE)
modeled on the NSA compartmentalization model. The USAF at Kelly AFB said that
properly installed the V-PHAGE solution is unbeatable. .
In 1995 while visiting a contractor in Arlington's IDA building Sobczak met an engineer from
Lawrence Livermore National Laboratory (LLNL). Weather trapped him in Arlington, VA
for three days in an ice/snow storm. This engineer was a great source of insight for
security research. He told Sobczak about the Los Alamos National Laboratory (LANL)
Hacker Project. The US Army was spending millions working with the FBI, at that time, to
find and arrest hackers who might prey upon Army secrets.
LLNL and LANL competed for the same security budget lines. LLNL was funded by USAF
Cryptological Support Center at then Kelly AFB, TX . LANL was funded by the Army
Intelligence Agency. LLNL leaked information about the LANL Hacker project to the hacker
community. Hackers went on to mislead LANL computer scientists. The Army spent
millions to collect garbage. Dr. (Col) Alexander, the Army's expert, ignored Sobczak's
It continued to snow. The LLNL Engineer and I spent most of our time trading stories. He
explained the Sniffer attacks on LLNL before LLNL Management could deny their
occurrence. About 30,300 DOD computers were interdicted by hackers using sniffers.
Drug dealers from Columbia paid European hackers and trusted government employees
to locate secrets in the DEA and USCG databases. The American-Jewish hacker
community helped the Israeli government to create a shopping list of secret American
Technologies. The super secret National Reconnaissance Office was not secret to
The experience of knowing about things hidden within security classifications is stressful.
While visiting a Manhattan hotel a Russian National approached me. He gave me a
"CCCP" gold pin. He said was an Olympic lawyer yet he wanted to purchase my
intelligence and security knowledge. His sources claimed Sobczak research results were
focused and relevant to a commercial intelligence requirement. He knew a great deal
about research shared with DOD.
Sobczak called the FBI. An FBI Agent from the Melville N.Y. office was assigned Some
months later while having dinner in a East River, Queens, NY restaurant two men started
a conversation. They happened to be officers from a Russian ship docked in Brooklyn, NY
at the former Navy Yard. They invited me to see their on-board computers. I wondered
how strangers knew about my involvement with computers. The FBI was again involved.
Foreign intelligence appears to equal or exceed that available to US agencies here at
home. Foreigners, particularly those involved with the UN and Trade Missions buy
American technology for scientists at home to duplicate.
The United States does not have legislation that prohibits signal collection. SIGINT for the
masses is practiced by hackers. It can be as simple as listening to CB or SSB channels.
The equipment and tools hackers use are defined somewhere on the Internet. Knowing
the frequencies and bandwidths used by computer equipment and peripheral devices helps
make some hackers, super spies.
A listening device plugged into a wall in a private office exposes information to the listening
world. In a few cost conscious companies they purchase and use these "baby minder"
devices. Managers never dream that anyone would use these cost cutting devices against
them. Transceiver listening is very similar to the art form called "Bugging."
DEA wires drug buyers. Agents use recorders to monitor and then arrest the seller. They
have tapes of the transaction. Anyone with a BEARCAT scanner can listen to the .5 watt
transmissions from DEA wires if they are in range and detect the right frequency.
Computer weapons beyond those that target Information warfare flood the net. Sobczak
located twenty-five electronic weapons with schematics, narrative plans, parts lists and test
plans. The potential for multiple hits in a universe of one hundred million users is great.
Eighteen years ago we began our research by giving the USAF code that created enough
friction (heat) to fry a BIOS chip. The quest for uncontrolled experiments continues today.