Article Name

Read Me First System Security ***PC Security ***Watchdog/Paranoia ***Active Response ***Insecure Education ***Designing Weapons Security ***Terrorist Article Intelligence ***Public Secrets ***Relating Trivia Tech Transfer ***Mining Technology ***Tech Links The Future of Aggression Community Archeology Resume/Experiences Clients ***Part D Slides Thoughts

Active Response

ACTIVE RESPONSE

Hackers, among themselves, openly discuss how to disrupt and destroy information
systems.  Public domain operating system utility software and simple explanations of O/S
internals to assist hackers rival any technical encyclopedia.  Sobczak designed and
implemented an all encompassing security product, V-PHAGE.  V-PHAGE is a seamless
integration of selectable security options encrypted within an previously encrypted O/S
shell (double protection)  to neutralize aggression.  V-PHAGE operates from the basic
premise, i.e., "no user may have unmonitored or open access to any operating system
resource".  A security manager decides the degree of user privilege essential to a user's
enterprise level functioning.

Sobczak is a recognized security researcher.  ISPNews published an overview of
Sobczak's hacker studies.  Federal Computer Week told their readers about how Sobczak
intelligent open source research ferreted out spies and data thieves.  Electronic Combat
Report and Inside Defense Electronics reported upon software weapons Sobczak located
or created to test active response viability to neutralize intrusion attempts.  Business Week
editorialized that the dirty tricks Sobczak created should be outlawed.  Information Week
addressed V-PHAGE in a feature about LAN security.  Newsweek referenced Sobczak in
a story about technology losses to open source intelligence hobbyists who pirate
knowledge.  Active-response security was conceived to warn potential aggressors and to
ultimately deal with an attacker at a level he will comprehend and respect.

Hacker code is re-engineered or neutralized prior to an attack.  Sobczak techniques
include: software that causes eye strain)and RF Signals transmitted affect human cognition
processes.  Some projected responses follow Dr. Tesla"s experiments adjusted to affect
computers (a Tesla coil can destroy an electronic switch). 

Most wireless networks are unprotected from hacker manipulation, for example, Hacker
code strings transmitted as signal can cause a perpetual wait state in mini-computer
systems.  Code injection methods are beyond security auditing techniques.  Hackers have
created dangerous RF signal transmitted code that they make available via public domain
BBS .

Active-response, a conservative and well thought out positive security system, is available
today.  Sobczak"s active-response components are tested software mechanisms
customized to meet corporate security goals.  Implementation requires detailed analysis
to define the graduated response corporate management might choose as appropriate to
deter a persistent attacker. 

Hacker experiments implemented directly or misused even by novice copyists, damage or
destroy computer components and negatively affect unsuspecting users.  Sobczak is
dedicated to understanding and neutralizing hacker corruptive capabilities.  Sobczak
documents hacker methods; defines trends for future aggression which we see emerging,
and creates logical mechanisms to neutralize the aggression and the tangent troubles that
lie hidden below the surface in an attack.  Sobczak professional research and development
actively safeguards computing.  Our skills are available on a consulting basis.

PUNISH THOSE WHO WOULD DESTROY YOUR LIVELIHOOD

Current computer security technology passively attempts to shield data resources.
Persistent computer hackers eat away at corporate and national security because current
security systems do not impose any penalty upon repetitive attacks.  Sobczak has
remedied this omission.  Sobczak has combined 280 man years of scientific research in
understanding operating system internals with hacker produced and tested hostile code
to create extensions of the most successful and most used interdiction methodologies
found in a hacker tool kit.  Sobczak has surpassed hacker tools with designs that punish
maliciousness and aggression.

Hackers, almost effortlessly, happen upon corporate computer connectivity.  They
exchange or trade purloined telephone numbers.  Sophisticated hackers create software
to identify a targeted device and its attributes.  Hacker techniques locate ID and password
combinations that allow easy access into passively secured devices.  Hacker research
embrace methods to manipulate even the most complex call back scheme.  If caught, the
"average" penalty is community service.  The failure of the judiciary and elected officials
to address and penalize white collar crime places Corporate America at risk from repetitive
attacks.

Planned and managed active-response is necessary to discourage those nibbling on
computer access algorithms and connectivity protocols.  Structured, graduated-response
mechanisms force an aggressor to examine his strength of purpose.  A strategic system
with purposeful counter-strike options discourages hacker diddling.  Simple warnings can
escalate, in planned and controlled steps all the way to hardware destruction.  For the first
time, data owners control the momentum previously left to the attacker.

Active-response systems generated by Sobczak security engineers include devices such
as a signature based network access algorithm which responds, with warnings, to
persistent unrecognized access attempts, and, a free roaming worm which protects packet
transmission unencumbered by human operator interference.  Corporate policy concerning
how to handle hacking can range from simple disruption after a suitable warning; to
deletion of known hacker software resident upon the attacking computer system; to
transmission of nuisance virus to the attacking  the computer system; to formatting the
attacker"s hard disk; to for-cause destruction of the aggressor device.  A  security system
can be configured to RESPONSE-IN-KIND to any aggression which touches the active-
response protected computer system.

Sobczak has code to blank a Video Display Unit during periods of inactivity or in the
absence of authorized users.  This mechanism can function after hours, on  weekends and
holidays.  Select terminals can be taken off line should in-house aggression be detected.
Sobczak has augmented our active-response research to affect human involuntary
functions.  Headaches and other forms of neuro-response to hacker ministrations are
available in our repertoire.

To learn more about V-PHAGE passive security and Active-response, call Sobczak at 516-
623-6295 or write to PO Box 0433, Baldwin, NY, 11510-0433.  Management, contingency
and risk analysis consultation and intelligence services are also available to aid
management in the protection of data resources.

V-PHAGE, a seamless integration of 62 passive security options:

V-PHAGE/DOS and /LAN is encrypted software to secure the Disk Operating System of
personal computers, work stations, servers and connected networks.  V-PHAGE shells and
encrypts the platform level taking control of the O/S, BIOS calls, and interrupts upon cold
boot.  V-PHAGE provides redundant Cyclical Redundancy Checking (CRC) and Checksum
change detection, including boot track, FAT and file partition.  V-PHAGE incorporates full
activity audit, special selected file change monitoring to a level acceptable to the corporate
internal audit function.  V-PHAGE includes automatic hard disk drive Boot Track and File
Allocation Table (FAT) backup and recovery.  V-PHAGE ID/Password access control with
corporate security"s choice of password length and specified password validity cycle is
basic to security.  V-PHAGE has three encryption algorithms (which isolate system
controls, application code and sensitive data).  V-PHAGE includes both inactivity screen
blanking and on-demand screen blanking.  Programmable timeout allow corporate
resources to be managed. V-PHAGE includes secure erase to assure items which are
removed cannot be restored. V-PHAGE has 21 User HELP screens and 64 Administrator
HELP screens supplemented by an on-line administrators manual.  Browsers are locked
out by Operating System (O/S) command line prohibition to all but those authorized
combined with unsanctioned application execution prohibition lock-out browsers.  O/S
control mandates utility software prohibition, lock-out and prohibition of unauthorized write-
to-disk, hard disk format prohibition.

SAMPLE WEAPONS THAT WORK

PSYOPS - LOOKING AT A VIDEO DISPLAY CAN BE DANGEROUS
                
COMPUTER SOFTWARE CAN IMPAIR PEOPLE
Sobczak created computer software code (called a program) based upon available public
domain modules to influence a Video Display Unit (VDU) refresh rate to impair users. 

PEOPLE DAMAGING SOFTWARE 
A computer program transmitted by floppy disk and via Local Area Network (LAN) paths
(wired and wireless (915 MHz)) can be placed within MEMORY, programmed to occur at
a most inopportune time. 

EXPOSURE IS WIRELESS 
Sobczak fashioned a technique using transmitted signal to corrupt via RF and microwave.
Frequency splitting provides an unanticipated backlash.

WATCHING COULD HURT USERS
A modified input to the screen refresh process produces a derived pulse imperceptible to
viewer consciousness which causes a subliminal effect.  This disturbs the involuntary
ocular muscle sufficiently to cause a physical effect.

WAS YOUR LAST HEADACHE A SOFTWARE ATTACK
In test Sobczak authenticated pain recognizable as a headache.   Sobczak has formulated
a non-lethal weapon which affects personnel.  And, no one blamed the computer video
display unit.

DEDICATED WORKERS HURT MORE
Software code has been created to affect a change to the screen refresh mechanism
originated in the fly back transformer.  Sobczak explained our early success to USAF SAM,
Brooks AFB, Texas.  They rated Sobczak's concept excellent.

CODE DAMAGES EQUIPMENT
We determined that fluctuations beyond the capacity of screen phosphors to recharge
causes the screen to "burn-out".  Sobczak can produce a second non-lethal effect upon
the victim of aggressive attack.
 
NIGHT LIGHTING AT PUBLIC EVENTS MIGHT BE DANGEROUS
High power arc lighting equipments are susceptible to manipulation and pose a threat to
people exposed to non-ionizing radiation from outdoor lighting. 

IS DOD DOING LIKEWISE
The 1970's Soviet attack upon the American Embassy in Moscow and Projects on-going
in the United States suggest movement in this direction.  


TRAUMA IS UBIQUITOUS !! 
Sobczak suggests that non-ionizing radiation from electrical power distribution might be
manipulated to affect indigenous groups (people).

UNKNOWN INDIVIDUALS ARE CREATING HURT !! 
We have indication that others are achieving incremental successes in their attempts to
generate software code which causes physical damage.  The individuals are advanced
hobbyists (hackers) with access to experimental resources. 

TESTED SOLUTIONS FOR SMALL COMPUTERS !!  

V-PHAGE small computer security system monitors BIOS calls and Operating System
interrupts to assure that an aggressive weapon can not be implemented.   

ARE YOU PLAYING ROULETTE

If your security system is not V-PHAGE you are at risk from a universe of exotic corruption
which might do physical damage to you and your computer.

BAD THINGS HAPPEN  

Visualize the effect of an INTERNET  software attack (500 sites, 6000 machines, 50,000
people) which physically injures unprepared users.  How long could it take before the real
problem and its true cause were detected and cataloged by authorities ?    What affect will
the concept of software based non-lethality have upon sensitive computing ? 


MANIPULATED IMAGE RESPONSE ADJUSTING GENERATED EMISSIONS (MIRAGE)

SEEING IS DECEIVING
It is possible to create signal, match created signal to RF or microwave frequencies, and
then broadcast to perform in the manner suggested.

STEALTH IS IN THE EYES OF THE BEHOLDER
Optical puzzles adjust to focus.  MIRAGE allows a willing user to see what he expects to
see.  MIRAGE uses simple circuits excited by custom software code to produce a slight of
"vision" upon aggressor equipment.
 
GETTING GOOD VIBES
Sobczak experimental equipments have recreated a functioning VDU screen upon a black
and white television screen 60" distant.  We have optimized a VDU generated frequency
and collected it to audio tape.  Sobczak has distributed the signal using a transmitting
antenna to reach receivers functioning on equivalent or near equivalent frequencies. 

HOW SPECIAL ARE OUR TOOLS
Sobczak's expanded non-traditional research uses common electronic supplies in
ingenious designs.   All components parts are available from retail electronic parts
suppliers and hobby stores.  Cost/Success ratios are effectively low.

HOW SOPHISTICATED ARE REQUIRED SOFTWARE AND EQUIPMENT
Sobczak experiments utilize MS/PC-DOS, Apple DOS, and UNIX operating systems to
control code written in Assembler, C, BASIC, and PASCAL.  Common equipments used
include X86, MAC, Apple IIe, Z-80, A/D converters and BW TVs.