Information Gatherer Newsletter

Description: 

Information Gatherer Newsletter
Date: Tue, 24 May 1994 15:03:12 -0400 (EDT)
From: Office of Scientific and Academic Publishing <osap@cni.org>
Subject: New Title: Information Gatherer

Date: Mon May 23 10:28:20 1994
Sender: worldwid@uunet.uu.net (David Johnson)
Subject: Submission for Publication Directory Listing

*******************************************************************************
I N F O R M A T I O N G A T H E R E R N E W S L E T T E R

Premier Issue Summer 1994
******************************************************************************
A Quarterly Publication for Information Professionals

COPYRIGHT 1994 WORLDWIDE CONSULTANTS

Permission is hereby granted to make, distribute, and upload electronic copies
of this newsletter (in its entirety), via computer anywhere, provided this
copyright and permission notice are preserved on all copies.

Permission is hereby granted to make, distribute, and reprint the contents of
this newsletter (in part), in printed form, provided the following statement
accompanies the reprinted text:

"Reprinted with permission from Information Gatherer Newsletter. Subscription
costs are $20/year. Sample copy $5. Delivery by Postal or E-mail. Send to:
Worldwide Consultants, 2421 W. Pratt Blvd., Ste. 971, Chicago, IL 60645 USA.
E-mail: worldwid@uunet.uu.net (via Internet)."

Unauthorized duplication (outside of the aforementioned terms in permission
notices) is a violation of Pan-American & International Copyright Conventions.
Any and all parties found guilty of infringement will be fully prosecuted.

[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

PURPOSE & POLICY STATEMENT: Information Gatherer Newsletter is a private
journal devoted exclusively to topics of interest to information professionals
(i.e. investigators, journalists, information brokers, records researchers,
intelligence analysts, librarians, and related fields). It is circulated
throughout the Internet, in addition to various public-sector commercial
networks, including: Compuserve, MCI Mail, America Online, Prodigy, Delphi,
Genie, Bix, AT&T Mail, and Sprint Mail.

MAILING LIST: Subscriptions are available for $20 annually for electronic or
Airmail delivery ($25 foreign Airmail delivery). Sample copies and back
issues cost $5 each ($6 foreign Airmail delivery). To subscribe, send cash,
check or money order payable in U.S. funds along with name, E-mail or Airmail
address to:

Worldwide Consultants
2421 West Pratt Boulevard, Suite 971
Chicago, Illinois 60645
U.S.A.

EDITORIAL SUBMISSIONS in the form of letters, articles, reviews, and news
are welcome. Direct all correspondence to Internet: worldwid@uunet.uu.net

DISCLAIMER: Information Gatherer presents information believed to be current
and reliable, however, it can not be guaranteed. Although every attempt has
been made to ensure accuracy of the data contained herein, the publisher can
not accept liability for misstatements. Further, the views represented
herein do not necessarily reflect those of the editor. CONTRIBUTORS ASSUME
ALL RESPONSIBILITY FOR ENSURING COPYRIGHT PROTECTIONS ARE NOT VIOLATED.

[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

FROM THE EDITOR'S DESK

I would like to take this time to welcome you to the premier edition of our
publication. In this edition and subsequent issues, we will bring you
valuable, hard-to-find, and even bizarre information, rarely found elsewhere.

This first issue (dedicated to information security) is prepared and provided
to serve as an introduction to our publication, as a courtesy to prospective
subscribers (find a copy of a subscription form at the end of this newsletter).

Please keep in mind that there is an open door for you to air your thoughts,
suggestions and grievances (if any) in writing. Enjoy!

-Editor
Internet: worldwid@uunet.uu.net

ABOUT THE EDITOR: David Johnson, president of Worldwide Consultants, is an
international investigator, security consultant, and privacy strategist. He
has worked in and/or traveled to ten Asian countries. He specializes in
locating elusive data, protection matters, and financial & personal privacy.

[][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

NEWS AND RESOURCES FROM AROUND THE WORLD

STREET ADDRESS DIRECTORIES (or Crisscross Directories), are frequently used to
determine who lives at a certain address, to pinpoint the incomes of residents
according to zipcodes, and determine demographics for cities. The directories
are available for any area within the U.S. (including Hawaii & Alaska), and
can be ordered through DonTech at (800) 252-5067.

THE GLOBAL COMPANY HANDBOOK is a two volume book set that provides financial &
historical information on 7500+ foreign companies. The cost of the book is
$395. It is available from: Center for International Financial Analysis and
Research, 211 College Road East, Princeton, New Jersey 08540 USA; Tel: (609)
520-9333; Fax: (609) 520-0905; Telex: 6716479.

U.S. GOVERNMENT REPORTS are made public and available through the General
Accounting Office on the following subjects: Financial Institutions,
Government Operations, Information Management, International Affairs, Justice
and Law Enforcement, National Defense, and many other topics. The first copy
of each report is free. To be placed on the mailing list for updates on newly
available reports, call (301) 258-4097, or write: GAO, Box 6015, Gaithersburg,
Maryland 10884 USA.

ORGANIZATIONS FOR INFORMATION PROFESSIONALS (and their telephone numbers)

Business Research Institute (718) 990-6161, ext. 6768
Council of International Investigators (413) 283-7003
Information Industry Association (202) 639-8260
International Security & Detective Alliance (512) 888-6164
Investigative Reporters & Editors (314) 882-3364
National Association of Certified Fraud Examiners (800) 872-4678
National Association of Investigative Specialists (512) 928-4544
National Association of Legal Investigators (515) 255-0569
National Council of Investigative & Security Services (800) 445-8408
National Information Officers Association (407) 678-1613
The Information Professionals Institute (713) 537-8344
World Association of Detectives (301) 544-0119

WORLDWIDE GOVERNMENT REPORT is a biweekly newsletter which reports on events
affecting government structures and personnel around the world. The annual
subscription cost is $397 ($432 outside the U.S.).

WORLDWIDE GOVERNMENT DIRECTORY is an annual source book containing the names
and addresses of government officials in every country in the world. It also
includes data on International Organizations and foreign embassies abroad.

Both publications are available from: Belmont Publications, 1454 Belmont St.,
NW, Washington, DC 20009 USA; Tel: (202) 232-6334; Fax: (202) 462-5478

LEARNED INFORMATION, INC. publishes books, magazines, papers and other
publications of interest to the information gatherer of every kind. They
also sponser the annual National Online Meeting (of information Pros). For
more details about the products and services of this excellent resource,
contact Learned Information Inc, 143 Old Marlton Pike, Medford, NJ 08055 USA;
Tel: (609) 654-6266; Fax: (609) 654-4309.

DIRECTORIES OF U.S. FEDERAL GOVERNMENT PERSONNEL (including Armed Forces) are
available in the form of books and CD-ROM. For a free catalog, contact:
Staff Directories, Ltd., Mt. Vernon, VA 22121-0062 USA; Tel: (703) 739-0900;
Fax: (703) 739-0234.

THE MARKET FOR ONLINE SERVICES: AN INTRODUCTION is a special report that gives
an overview of the potential of the online services business. For information
on how to obtain the publication, contact: Information & Interactive Services
Report, P.O. Box 675, Cooper Station, New York, NY 10276 USA; (800) 822-6338;
Tel: (202) 842-0520; Fax: (212) 475-1790.

WORLDWIDE LEGAL HELP & INFORMATION may be arranged through the International
Legal Defense Council (ILDC). ILDC is a central data source for civil and
criminal laws around the globe. They also assist in finding attorneys abroad,
and provide speakers and materials for seminars. For more details, contact:
D. Atkins, I.L.D.C., 111 S. 15th St., 24th Floor, Philadelphia, PA 19102 USA.

THE DIRECTORY OF DIRECTORIES is a huge guidebook which lists and describes
7,820 reference directories of virtually every subject. The book is published
by Gale Research, 645 Griswold, Detroit, MI 48226 USA; (313) 961-2242.

THE CITIZENS GUIDE TO THE FREEDOM OF INFORMATION & PRIVACY ACTS is available
by mail. To order send $5 ($7 outside the U.S.) to: Marinelli Publishing Co.,
8129 N. 35th Avenue, #134, Phoenix, AZ 85051 USA.

THE CONSULAR AFFAIRS BULLETIN BOARD is a public access database of travel
advisories, information on passports & immigration, and international
adoption. To access, call: (202) 647-9225 (BBS). For more details, write:
U.S. Department of State, Bureau of Consular Affairs, Public Affairs Office
Room 5807, Washington, DC 10520 USA.

THE ONLINE/CD-ROM CONFERENCE & EXPO has been called the premier event for
information professionals. For details about the annual gathering, call:
(800) 248-8466, (203) 761-1466, Fax: (203) 761-1444.

THE INFORMATION PROFESSIONALS INSTITUTE offers seminars, publications, and
audio tapes covering the business of selling information. The institute is
run by Sue Rugge and Helen Burwell, two expert information brokers. For more
details about their work, contact: The Information Professionals Institute,
3724 F.M. 1960 West, Suite 214, Houston, TX 77068 USA; Tel: (713) 537-8344;
Fax: (713) 537-8332; Compuserve 75120,50 Internet 75120.50@compuserve.com

[][][][][][][][][]][][][][][][][][][][][][][][][][][][][][][][][][][][][][][]

COMPUTER SECURITY FOR INFORMATION PROFESSIONALS

by Ronald L. Mendell, CLI

INTRODUCTION
Why should information professionals worry about security? The answer lies in
the fact that information has become an extremely marektable commodity. This
commodity can be stolen from you without your knowledge, causing sometimes
devastating harm to your business. Sensitive information need guarding.
This information could come in many different packages. An investigation into
trade secret theft could require you to have proprietary information of a
client on hand. In performing employment background searches, sensitive
medical or personal data on the subject may be stored at your workplace.
Information brokerage and intelligence gathering assignments carry their own
unique load of sensitive information. Your personal databases or client
lists and confidential sources can be some other information gatherer's
choice plum. Much of this information could bring a price on the open market
or be of value to unwanted eyes.

Implementing an computer security program first requires you to determine
what data is truly sensitive. The rule of thumb should be that any data,
improperly released, that could cause a loss equivalent to ten percent of your
annual net profit should be classified as sensitive.

METHODS OF ATTACK
Computer-based systems include all machine-readable files and auxiliary items
such as magnetic backup tapes, floppy disks, printer paper carbons, and printer
ribbons. Common methods of attack include unathorized copying of files,
hacking (unauthorized access to your system), between-the-lines entry (using a
logged in terminal while the user is away), and hard disk surveillance (using
a utility program to search for sensitive files on your HD drive). Wire taps
or other methods used to intrude on your phone lines or view your monitor.

Imagine that you are holding an unlabeled floppy disk in your hand. Can you
tell by eye what the disk contains? No, you need a computer to do that. How
much information can a 720K disk hold? Even a disk of that small capacity
holds more data than a regular size novel. High density disks (1.2 MB) hold
almost twice that amount. When you give the DOS "Del a: *.*" command for this
disk, all of the files are completely erased from the disk right? Wrong! Any
good utility program such as the Norton Utilities or Lotus' Magellan can find
those files and undelete them. Is copying files from a hard disk to a floppy
a time consuming and complex process? No, evn with relatively large files, it
is a fairly simple and quick procedure. Using a program like Magellan, one
would be able to pick, choose, and sort files to copy very easily.

1. Unless they are scanned by a computer, you cannot tell what files are on
them. External labels may be incorrect or misleading. Classification labels
can be removed.

2. Their data storage density is such that hundreds of sensitive files could
be walking out your door on a few microfloppies in somone's shirt pocket.

3. Floppies can retain sentitive files even when they look erased.

4. Floppies are easy to copy. It is easy to copy files from hard disks to
floppies. None of this requires any extensive computer knowledge.

Since floppy disks and the new 8mm magnetic tape backups for PC's have
extreme portability, rigid measures have to be taken to protect them and to
prevent unauthorized copying of your hard drive onto these media. The
following would help:

a. While it is fine to keep your programs on hard disk, the sensitive data
files that they generate whould be written to floppy disks. These disks
chould be backed up with another disk. The originals should be locked up
onsite. The backups should be securely stored offsite.

b. Make sure sensitive magnetic media have both an external label and an
internal electronic label designating their classification (the DOS LABEL
command can do this).

c. Use the DOS ATTRIBUTE command on sensitive files to set an electronic
switch so that the files cannot be accidentally erase. Attributing sensitive
files on a disk also acts as a deterrent to someone grabbning a classified
disk, changing the external label, then doing a global DELETE on the disk so
they can remove it from the site under the guise of it being empty. Later
they would UNDELETE the files using a file utility.

d. Employ password security on sensitive files. Wordperfect 5.1 (and higher)
has the ability to place minimal password protection on files. While the
password (lockword) protection for Wordperfect is far from foolproof, it,
combined with the other security measures suggested, provides a fairly decent
perimeter of security. There are software packages available for PC's that
can encrypt entire files.

e. Have a consistent backup procedure for all of your files. Backup sensitive
files onto disks designated and albled for that purpose.

f. Do not leave disks with sensitive files on them unattended or unsecured.
In large offices, require that authorized users of clasified disks sign the
media in and out through a designated librarian.

g. Before sending a magnetic disk to someone, scan it with a file utility
program to ensure it has no deleted, but recoverable, sensitive files. If it
does, reformat the disk, and then write the non-sensitive files to the disk.

h. Before trashing magnetic media, cut them up into little pieces. For
damaged disks containing highly sensitive files, you may wish to use a
degausser on the disk first.

By not keping sensitive files on your hard disk, you go a long way toward
computer security. However, you should also consider the importance of not
leaving computers unattended with sensitive information on them. Before
your employes go to lunch or on break, have them place the computer into a
secure state. This can be as simple as closing any open files and removing
the disks to a secure place (such as a locked drawer in their desk). At the
end of the day, all classified media must be returned to the central library
to be locked up. Also, auxiliary items such as spent carbons, printer
ribbons, printouts, and damaged magnetic media should be securely stored
until disposed of. Sensitive computer printouts should be shredded and
intermixed with non-sensitive shredded documents prior to disposal.

OTHER COMPUTER DEFENSES
You may decide to use integrated software security packages such as Xtree's
Allsafe or Fifth Generation's Disklock. These among other packages, offer
hard disk lockdown, file lockword protection, temporary keyboard lockdown,
and some security audit trails. The best defense though is not to put all
your eggs in one basket. One can install security software on their computer
and still keep sensitive files on securely locked away floppies. In fact, it
might behhove you to place "decoy" sensitive files behind your security
software defense. Decoy files look like they contain valuable, sensitive
information, but in reality, behind their technical appearance, they have no
useful secrets. These types of files can be "trapped" with information which,
if it becomes public, would be harmless, but would tell you of a penetration
or compromise. This method can be called the "False Fortress" defense. A
TSCM (or Technical Surveillance Countermeasures) expert should be consulted if
there is a possibility of some wanting your data so badly that they would
resort to illegal taping or otherwise tampering with your phone lines or
remotely viewing your monitor (yes it can be done).

POINTS TO REMEMBER
1. When the terms "lock" or "locked up" are used for storage areas, we mean
locks or safes that can withstand a physical attack of at least one to two
hours of duration.

2. Do not make it easy for an information thief by placing signs in your
office on where sensitive materials are stored.

3. Keep access to sensitive information by your staff on a need-to-know basis,
and make sure you have a means to track which information each person handles.

SUMMARY
Your computer security wil be good only if you use a comprehensive plan. Each
defense must be adequate. It does little good if the password to a sensitive
file is your first name. Learn to think like an information thief, and you
will have less chance of being victimized by one.

If you think that there is no possibility of anyone attempting to use covert
methods to steal information from you...think again! In today's high-tech
world, secrets are increasingly at a premium.

ABOUT THE AUTHOR: Ron Mendell is Security Consultant and Certified Legal
Investigator based in Austin, Texas, U.S.A..

RESOURCES (compiled by David Johnson, the editor)

Information Systems Security Monitor
U.S. Department of Treasury
Bureau of Public Debt
AIS Security Branch
200 3rd Street
Parkersburg, West Virginia 26101 USA
Tel: (304) 480-6335
BBS: (304) 480-6083
Internet: sbranch@well.sf.ca.us
(free-of-charge subscription newsletter)

The Data Security Letter
3060 Route 97
Glenwood, Maryland 21794 USA
Internet: dsl@tis.com
(free sample issue)

Infosecurity News
498 Concord Street
Framingham, Massachusetts 01701 USA
Tel: (508) 879-9792
Fax: (508) 879-0348
MCI Mail: 243-9796
Internet: 2439796@mcimail.com
(sample copy $8, $16 outside North America)

National Computer Security Association
10 South Courthouse Avenue
Carlisle, Pennsylvania 17013 USA
Tel: (717) 258-1816
Fax: (717) 243-8642
(contact for a free information pack)

Technical Counterespionage Experts

Kevin Murray, Murray & Associates (800) 635-0811 (New Jersey)
Mike Russell, Sherwood Communications (215) 357-9065 (Pennsylvania)
Ray Jarvis, Jarvis International Intelligence (918) 835-3130 (Oklahoma)
James Ross, Ross Engineering, Incorporated (800) US-DEBUG [873-3284] (Virginia)
Mr. Bodo Schonebeck, S.I.D.A., P.O. Box 4757, D-78512 Tuttlingen,(Germany)
Maj. Ponnosamy Kalastree, Mainguard Security (65) 296-5881 (Singapore)
Mr. Anastasios Panos, Panos Detective Agency (301) 1-9231420 (Greece)

*IMPORTANT: Use of a public (or other) telephone is advised when making contact.
Using a suspected line and or room alerts the eavesdropper of your suspicions
and intended course of action.

[][][][][][][][][][][][][][][][][][][][][][]][][][][][][][][][][][][][][][][]

BOOK REVIEW

A Guide to Library Research Methods by Thomas Mann. Oxford University Press,
200 Madison Avenue,New York, NY 10016 USA; (800) 334-4249; (212) 679-7300;
Fax: (212) 725-2972; 199 pages; hardcover; $17.95 plus $3 postage & handling
(If ordering from outside the U.S., contact for international shipping rates)

Reviewed by David Johnson

This book was written by a reference librarian at the Library of Congress.
Although this book deals with manual and computer research in general, the
methods presented are applicable to all information gatherers.

An overview of the thirteen chapters of the book are as follows:

Chapters 1-8 cover the use of general & specialized encyclopedia, the card
catalog, browsing the classification system, journal indexes, key word &
citation searches, reviewing articles, and using published bibliographies.

The second half of the book, which starts a Chapter 9, covers to use of four
different types of computer database searches.

Chapter 10 examines locating materials in other libraries (nationwide and
international).

Cahpter 11 presents methods of obtaining information from human sources.

Chapter 12, titled "Hidden Treasures" takes a look at using microform sets,
government documents, and other sources not accessible through conventional
means.

And, Chapter 13 summarizes the book and points out techniques for locating
reference sources.

An inportant aspect of this book is that the author treats each subject as
simply as possible, without introducing unnecessary complications.

This well-written volume is a simple, yet detailed and cost-effective
introduction to the techniques of information gathering, and is, in my
opinion, worthwhile reading for all information professionals.

ABOUT THE AUTHOR: David Johnson is the editor of Information Gatherer.

[][][[][][][][][][][][][][][][][][][][][][][][][][]][][][][][][][]][][][][][]

CLASSIFIEDS
Information Gatherer's classified advertising rate is 50 cents (US$0.50) per
word, per insertion. Telephone numbers and hyphenated words count as two
words. Minimum charge is $10 (20 words). Type or print your ad, and mail it
with payment in U.S. funds to: Worldwide Consultants, 2421 West Pratt Blvd.,
Suite 971, Chicago, IL 60645 U.S.A.. Information Gatherer does not verify the
validity of advertisements published. We reserve to reject advertisements.

NIGHTWAWK INFORMATION SERVICES! Credit, criminal, business, assets, dmv,
vital statistics records and more. When you need information fast use N.I.S..
Make requests and receive reports by fax, phone, e-mail or mail. Contact us
for a free info pakage. 5311 Miller Ave., Klamath Falls, Oregon 97603. Fax
and Phone: (503) 884-7400; Compuserve: 73540,322 Easylink: 62012833

FREE CATALOG FOR INVESTIGATORS. Investigative books and resources for the
professional information gatherer. Call toll-free (800) NEED-A-PI (24 hours)

POSITION WANTED. Young female information gatherer with great potential,
seeks an entry level position conducting investigations and/or research. My
resume is available upon request. Currently in Texas. Contact: Karey White
by e-mail at: Compuserve: 74241,2207 or Internet: 74241.2207@compuserve.com

GLOBAL RESEARCH conducted in any language. We have extensive connections.
Int'l Research (Paris, France), Tel (33) 1-43264396, Fax (33) 1-44070147

INFORMATION ACCESS CO.. Trade & Industry, News & Newletter, and Competitive
Intelligence Online Databases. We offer vast coverage of the world's leading
trade and business sources. For search assistance, free training seminars,
and a complete guide to IAC and Predicasts online sources, contact:

In North America: 362 Lakeside Dr., Foster City, CA 94404 USA; 1-415-358-4643,
1-800-321-6388, Facsimile 1-415-358-4759
Other Locations: Watergate House, 13-15 York Buildings, London WC2N 6JU, U.K.,
+44 (0) 71 930 3933, Facsimile +44 (0) 71 930 9190

INTERNATIONAL TELEPHONE DIRECTORIES. Over 120 countries. Catalog $3. Send
to: Arman Publishing, P.O. Box 785, Ormond Beach, Florida 32074.

FREE MEMBERSHIP! Information Professional's List. For Information Gatherer's
of all disciplines worldwide. For more information and an e-mail application,
contact: James Cook at Compuserve: 76520,2727 or Internet: jcook@netcom.com

------------------------------------------------------------------------------

SUBSCRIBE NOW! 1 YEAR OF INFORMATION GATHERER FOR $20 (by E-mail or Airmail)

Yes! Please start my subscription at the current rate of $20 for four issues.
(US$25 outside the United States for Airmail delivery).

[ ] Cash enclosed [ ] Check enclosed [ ] Money order enclosed

Name:______________________ Institution (if any):____________________________

Address:______________________________________________________________________

______________________________________________________________________________

E-mail address (for electronic delivery):_____________________________________

PLEASE SEND THIS FORM ALONG WITH PAYMENT IN U.S. FUNDS TO:

Worldwide Consultants, 2421 W. Pratt Blvd., Ste. 971, Chicago, IL 60645 U.S.A.

Original posting date: 
Sunday, July 30, 1995
©1995 - 2014 Georgetown University Library
37th & O Streets NW Washington DC 20057-1174   •   202.687.7607