Donate for the Cryptome archive of files from June 1996 to the present

7 January 2012

Obama Called a Moron at Phone Security

From TSCM-220 mail list:

Date: Fri, 06 Jan 2012 15:40:24 -0500
To: tscm-l2006[at]
Subject: [TSCM-L] {5984} POTUS telephones

There's a very nice collection of dozens of photos of current POTUS telephones in use on John Young's Cryptome site.  The trained eye will notice some interesting TSCM-related items.

Date: Fri, 06 Jan 2012 17:00:07 -0500
From: "James M. Atkinson" <jmatk[at]>
To: tscm-l2006[at]
Subject: Re: [TSCM-L] {5986} POTUS telephones

Most of these are CISCO IP phones, or Avaya telephone sets.

Amazing complex instrument with some simply lovely security holes that an eavesdropper can exploit.

A lot of these phones are also Lucent MLS of Definite phones (all an eavesdroppers paradise).

I really hate to have to mention this, but in the following image. You will notice the moron who is using a cell phone right next to a STE.


Same here. Moron using cell phone in close proximity to a secure telephone:


When you place a concentrated RF signal transmitter in close proximity to a piece of cryptographic gear (like a STU or STE) the RF signals and strong enough to intermix with the RF or magnetic signals and create a third signal.  This is most valuable with cryptographic equipment that used cables that was not in conduit as the cable (seem in these pictures) provides a high threat access point where all kinds of havoc can be caused if a cell phone is brought within 8-12 feet of a STU, or 16+ feet of a STE. You will notice that the moron holding the phone is well within those distances.

The following image just proved what a utter moron this guy is, and remember who is is:


Notice that he is in a STE, in secure mode, and the STE (unencrypted voice path) is draped over a live RF transmitter.

I apologize Mr. President, but you sir are a fscking moron, just an utter moron.

Observers with sharp eyes will also notice the profoundly sloppy jobs of TSCM that is being done on these phones as well, and how the routing requirements for cables are not beign observered, but then that is the least of their probelms... their boss obviously does not care, so why shoudl they.

Dude, WTF... no seriously, WTF?


James M. Atkinson
President and Sr. Engineer
"Leonardo da Vinci of Bug Sweeps and Spy Hunting"
Granite Island Group
(978) 546-3803

Date: Fri, 06 Jan 2012 17:53:00 -0500
To: tscm-l2006[at]
Subject: Re: [TSCM-L] {5987} POTUS telephones

Are executives at the highest levels expected to be TSCM, COMSEC, and TEMPEST experts who possess detailed technical knowledge and extensive related experience?

If yes, then why would any top executive have any need to hire experts in those fields?  Does JMA call his executive clients (who aren't as well-versed in those fields as he obviously is) "fucking morons?"  That doesn't seem like an effective business practice to me.

Perhaps the executive in the photo wasn't briefed by his experts on the finer points of proper COMSEC--such as not to use a cell phone near a STE.  If he wasn't, then perhaps those experts are to blame, not the executive.  Or maybe there's other protections in place which prevent that from being a COMSEC problem.  There is equipment in those photos that probably none of us know the workings of...

Date: Fri, 06 Jan 2012 18:19:17 -0500
From: "James M. Atkinson" <jmatk[at]>
To: tscm-l2006[at]
Subject: Re: [TSCM-L] {5989} POTUS telephones

Actually yes.

He knows that he can not use a cellphone within X feet of a STU, STE, or security communications media because he can read the white papers on the matter, and has been briefed by the technical advisors until they were blue in the face, but he does not care, he likes his cell phones (because it makes him a more effective leader)

If a customer hires me to tell them about the problem, and I tell them about it, write numerous white papers on the subject for them, demonstrate the risk for them by recovering classified information, and even the CIK form a STU using only a nearby cell phone, and they still refuse to use proper communications security, and abide by stand-off distances (the space between the secure phone and the cell phone), then I will have no problems explain that they are a moron to their face (usually in private, but still).

You need only to watch the video of my testimony before Congress on related matters to see that I tend not to couch my words when it comes to national security matters like this.

The President of the United States is a fucking moron, but given the last pool of candidates he is less of a moron, then the other morons we had running at the time. But still, he is a moron, and an arrogant one at that.


Date: Fri, 06 Jan 2012 18:42:24 -0500
To: tscm-l2006[at]
Subject: Re: [TSCM-L] {5990} POTUS telephones

So you know this for a fact?  I would think POTUS has more important things to do than "read the white papers" about TSCM.  Arrogant?  Relative to whom?

Date: Fri, 06 Jan 2012 19:17:28 -0500
From: "James M. Atkinson" <jmatk[at]>
To: tscm-l2006[at]
Subject: Re: [TSCM-L] {5992} POTUS telephones

I wrote the white paper, and the paper has been repeatedly briefed to him by the DCI in his Daily Presidential Briefing. He has also read the white paper, but it has not dissuaded his cell phone mis-use. Several DCI staffers who prepare the PDB have assured me that the DCI has repeatedly included issue several times in the PDB, and POTUS just does not care.

The threat is known, the threat has been demonstrated, the threat has been replicated by others, it is a known and confirmed weakness, but he does not care, not even slightly.

Some Presidents like to ride around Dallas in open top limos, other are addicted to their cell phones... neither tend to remain in office too long.

He needs to smarten up, as he is risking national security and sabotaging international diplomacy (easily screwed up when secure communications are intercepted).


Date: Sat, 07 Jan 2012 11:44:11 -0500
From: "James M. Atkinson" <jmatk[at]>
Subject: Re: Your Comments on Prez Phones
To: Cryptome

You have my permission to publish anything that you see on the TSCM-L list so long as I am the originator of the post.

You have my permission to publish the information that I published about the Presidents phone, and the comments I made in regards to his being warned not to do it.

Here is something about STU/STE and cell phones

TEMPEST, HIJACK, NONSTOP, and TEAPOT Vulnerabilities A STU-III is a highly sophisticated digital device; however, they suffer from a particular nasty vulnerability to strong RF signals that if not properly addressed can cause the accidental disclosure of classified information, and recovery of the keys by an eavesdropper. While the unit itself is well shielded, the power line feeding the unit may not have a clean ground (thus negating the shielding).

If the encryption equipment is located within six to ten wavelengths of a radio transmitter (such as a cellular telephone, beeper, or two way radio) the RF signal can mix with the signals inside the STU and carry information to an eavesdropper. This six to ten wavelengths is referred to as the "near field" or the wave front where the magnetic field of the signal is stronger then the electrical field.

As a rule all COMSEC equipment should be kept out the "near field" by a factor of at least 2.5 to 3 times to get it outside of the field transition point. Simply put, there needs to be a "danger zone" or exclusion zone around any and all COMSEC gear 2.5 to 3 times the near field distance, or 16 to 30 times the longest signal wavelength (the lower the frequency the longer the wavelength).

A "wavelength" is inversely proportional to frequency being used which means that an 800 MHz cellular phone (near a STU) presents a greater direct threat that a higher frequency PCS phone operating in the 1.7 GHz region. On the other hand a PCS or CDMA telephone creates a greater spectral density and far more transitions which allows an eavesdropper to corelate on the signal with more precision.

We also have to consider the amplitude of the signals as well as the "danger zone" created by the transition point or radius of the near field (times 2.5 to 3). When any RF signals inside the "danger zone" exceed -50 dBm (or -77 dBm in some cases) there is still a problem even though the cryptographic equipment is some distance from the actual transmitter, cellular phone, pager, etc. These relatively high signal levels (above -50 dBm or -77 dBm) are actually strong enough that they create secondary fields or signals when they encounter the outside of the equipment case or any other conductive or non-linear element. This is called the "saturation effect", and if it is not properly addressed can result in the cryptographic equipment put at risk of disclosing secrets. Typically the ambient RF environment near any cryptographic equipment should be well below -80 dBm and in some cases well below -110 dBm. Fields of this strength are common near broadcast facilities such as FM or television transmission towers or cellular/PCS towers. If you have a concern of this nature then you should contact a TSCM professional and schedule an evaluation of the RF in the vicinity of where you will be using your encryption equipment.

The critical thing to remember in all of this is that the ciphering key is where all the magic is at, and that the eavesdropper will typically target the ciphering circuit (or "Scrambler") to obtain the secret key. Sure they are interested in the material being scrambled by the cryptographic system, and they will also be interested in the inner workings of the phone, but it is obtaining the secret ciphering key that is most important to the spy. An encryption box or cryptographic device may only be classified secret, and yet the keying material is top secret, and the keying material is far more sensitive then the box itself, and must be protected with much greater care.

On a related note, it should be mentioned that the ciphering key is actually of a fairly small length, and that is even if a very small segment of it is compromised the eavesdropper's may be able to reconstruct it in whole (depending on what segment they get). In some cases even a 200 bit ciphering key can be broken by obtaining a small fragment the cipher which can be "snatched from the airwaves in less a ten millionth of a second" (if the cryptographic ignition key is loaded when in the presence of a cellular phone or strong RF field). Once the key is loaded into the cryptographic device the amount of time required to reconstruct the key is significantly larger, but not at all prohibitive. Remember, the eavesdropper is only looking for a few bits of data (the payload of the key), and that this small number of bits can be "hijacked" by an external RF source like a cellular phone as a highjack requires an absolute minimum of bandwidth.

Since the signal of interest is of extremely narrow bandwidth, and the "illuminating" signal can be easily correlated to the "signal of interest" the eavesdropper can be a considerable distance away from the encryption device and still perform the highjack (called "correlation gain", which can be well over 40 dB). This assumes that someone using the encryption device has a cell phone or other RF device on their person, that while not on an active call is still checking in with the base station for status updates on a regular basis. Without this "correlation gain" the intercept may only be feasible within a few feet, but with it; the eavesdropper can be 500 and even 1500 feet away.

Remember that the most valuable "item of interest" is not directly the clear text communication itself, but the key used to protect the communication. Once the eavesdropper has the key, then the communication itself would be targeted and exploited. You must protect the key at all times.

NEXTEL or Motorola iDen phones based on a TDMA or "Time Domain" signal presents a really nasty threat as the cell phone is constantly strobing a specific predictable time slice, and basically illuminates the STU and turns it into a strobing lighthouse that will seriously compromise classified information. If a NEXTEL is present within 12-15 feet of a STU-III (when it goes secure or a CIK is loaded) the phone and information passed though it should be considered compromised. The STU should always be located in an area called an exclusion zone, and cellular phones, pagers, beepers, and other RF devices should be kept outside of a stand-off zone of at least 15-20 feet (30 foot is good practice).

Now if this wasn't confusing enough; portable Inmarsat stations also present a similar problem, but only if the STU is located in front of the transmitter antenna or within the side lobes of the signal (about 45 degrees off the center axis of the antenna).

The best way to deal with this is to never have a cellular telephone or pager on your person when using a STU, or within a radius of at least thirty feet (in any direction) from an operational STU (even with a good ground). If the STU is being used in a SCIF or secure facility a cell phone is supposed to be an excluded item, but it is simply amazing how many government people (who know better) forget to turn off their phone before entering controlled areas and thus cause classified materials to be compromised.

Spook Hint: If you have a powered up NEXTEL on your belt and you walk within 12 feet of a STU-III in secure mode you have just compromised the classified key.

In the case where the STU is being used on a cell phone or satellite phone your best option is to keep the phone in analog mode (a STU, not a STE) and locate the STU a good 6-12 feet away from the antenna. In the case of an Inmarsat terminal simply keep the STU BEHIND the antenna by at least 10-15 feet (this is why Inmarsat terminals have long cables for the antenna). If you can obtain a digital Inmarsat connection you can get a very high quality connection, but the equipment is fairly costly, the terminal is quite large, and the digital service quite expensive.

At no time should a STU-III be operated in the presence of an RF field that exceeds -105 dBm for any signal with less then 30 kHz of occupied bandwidth. In the case of a signal which the occupied bandwidth exceeds 30 kHz the RF levels should not exceed -138 dBm.

Convenience and Security are Always Inversely Proportional.

- James M. Atkinson, 1982

Here is some further unclassified background on the matter (the data on the matter was in my written testimony).


Between the TEMPEST and TSCM fields of study there is also an area of our field that deals with unmodified or quasi-modified equipment and signals, which interact with each other. This is the case where in effect a classified signal or classified information is accidentally impressed onto an unclassified signal. Thus, the unclassified signal carrying the classified data with it is accidentally transmitted a considerable distance allowing for eavesdropping by those who should not possess the information. This is usually the result of TEMPEST standards not being rigorously followed during equipment design, installation, and maintenance.

The investigation, study, and control of intentional compromising emanations from telecommunications and automated information systems equipment that was created, provoked, or induced by a spy is known by the code name of “TEAPOT”. An example of this would be the positioning of a rack of two way radios need a secure telephone, or by installing RED cable near to a BLACK cable. This can also involve modifications to software, to slight breaches to the configuration of equipment.

An example of this would be a case where a cable, which contains only unclassified radar, navigation, or communications signals, is placed near a cable, which carries highly classified information. On a maritime vessel an example of an unclassified signal would be the VHF marine radios, the unencrypted HF (shortwave) radio communication systems, and sections of the radar and IFF systems. Should any of these cables or equipment be placed near the classified systems an eavesdropper could intercept the classified information that was riding-on-the-back-of the unclassified signals.

Another example of this would be a warship that downloads classified spy satellite imagery through the onboard satellite communication system.

The problem is that the installer of the classified system has not properly installed the system that creates considerable TEMPEST problems causing these signals to leak off the ship a short distance. This is further complicated by several cables which do not carry classified information but which pass in close proximity to the classified cables.

Due to the unclassified cable, perhaps being a high power antenna link the classified information can now leak out of the ship and be monitored by spies from dozens, if not hundreds of miles distant.

Testimony of James M. Atkinson, President and Sr. Engineer, Granite Island Group 9 of 168
Before the House Committee on Transportation and Infrastructure
U.S. Coast Guard Budget and Oversight Hearing, April 18, 2007

There is other related information in the above PDF file, all of which you have permission to publish on Cryptome as you see fit.

Warmest Regards,