        2                        The Survivalist's Second Strike Handbook


                                    Chapter 2
        
                              SECURITY AND SURVEILLANCE
        
        Identifying, Attacking, Defeating,  and Bypassing
        Physical Security and Intrusion Detection Systems
        
             THE PERIMETER
        
             The reasons for writing this article are twofold:
        
             1) To prevent the detection and/or capture of various phreaks, hackers 
               and others, who attempt to gain access to: phone company central 
               offices, phone closets, corporate offices, trash dumpsters, and the 
               like.
        
             2) To create an awareness and prove to various security managers, 
               guards, and consultants how easy it is to defeat their security 
               systems due to their lack of planning, ignorance, and just plain 
               stupidity.
        
             The information contained herein has been obtained from research on the 
        different devices used in physical security and in practical "tests" which 
        have performed on these devices.
        
                  INTRODUCTION:
        
             Physical Security relies on the following ideas to protect a facility: 
        Deterrence, Prevention, Detection, and Response.  
        
             Deterrents are used to 'scare' the intruder out of trying to gain access.
        
             Prevention tries to stop the intruder from gaining access.  
        
             Detection 'sees' the intruder while attempting to gain access.  
        
             Response tries to stop and/or prevent as much damage or access to a 
        facility as possible after detection.  
        
             There are 3 security levels used in this article and in industry to 
        designate a facility's need. They are: Low, Medium, and High. The amount, and 
        types of security devices used by a facility are directly proportional to the 
        level of security the facility 'thinks' it needs. When I use 'facility' I am 
        referring to the people in charge of security, and the actual building and 
        assets they are trying to protect. This article will be primarily concerned 
        with the protection of the perimeter.  











                           An M & M Enterprises Production 
        SECURITY AND SURVEILLANCE                                       3


                  PERIMETER SECURITY:
        
             A facility's first line of defense against intrusion is its' perimeter.  
        The perimeter may have any or all of the following:
        
             * A single fence
             * An interior fence coupled with an exterior fence
             * Regular barbed wire
             * Rolled barbed wire
             * Various fence mounted noise or vibration sensors
             * Security lighting and CCTV
             * Buried seismic sensors and different photoelectric and microwave
               systems
        
                       Fences:
        
             Fences are commonly used to protect the perimeter. The most common fence 
        in use today is the cyclone fence, better known as the chain link fence. 
        Fences are used as a deterrent and to prevent passage through the perimeter. 
        Common ways of defeating fences are by cutting, climbing, and lifting. Cutting 
        is not usually recommended for surreptitious entry, since it is easily notice
        able. In this article, we will be taking the 'Stealth' approach. Climbing is 
        most commonly done, but if the fence is in plain view, it may not be advisable 
        since you can be seen easily. The higher the fence, the longer it takes to 
        climb. The longer it takes to climb, the longer security has to detect and 
        respond to your actions. Lifting is better since you are closer to the ground, 
        and not as easily spotted, but the fence must be very flexible, or the sand 
        very soft so you can get under the fence quickly and easily. Whenever you see 
        a somewhat 'unclimbable' fence (or one that you just don't want to climb) you 
        should check the perimeter for large trees with uncut branches hanging over 
        the fence or other objects which will enable you to bypass the fence without 
        ever touching it. You could use a ladder but you don't want to leave anything 
        behind, especially with your fingerprints on it, not that you plan on doing 
        anything illegal of course.
        
             Electric fences are not used for security purposes as much as they were 
        in the past. Today, its main use is to keep cattle or other animals away from 
        the perimeter (either from the inside or  outside). There are devices which 
        send a low voltage current through a fence and can detect a drop in the volt
        age when someone grabs onto the fence. Again, not too common so I will not go 
        into it.
        
             For high security installations, there may be 2 fences. An outer fence, 
        and an inner fence which are 5-10 yards apart. It isn't often that you see 
        this type of setup, it is mainly  used by government agencies and the mili
        tary. You can be very sure that there are various intrusion detection devices 
        mounted on the fence, buried underground between them, and/or line-of-sight  
        microwave or photoelectric devices used. These will be mentioned later. If you 
        insist on penetrating the perimeter, then you should try to measure how far it 
        is between fences. Now find a 2 foot by X foot board where X is the distance 
        between the 2 fences. Very slowly place the board on top of both fences. If  
        there are no fence vibration sensors you can just climb the fence and step 
        onto the board to walk across the top. If there are  fence sensors, you will 
        need a ladder which cannot touch the fence to get you on top of the board. You 
        can then walk on the board, over the ground in between, and jump down, being 


                                (c) 1990 
        4                        The Survivalist's Second Strike Handbook


        careful not to disturb the fences. This will work if there are no sensors 
        after the 2 fences. Identifying sensors will be mentioned later.  Obviously 
        the method of using a long board to put on top of the two fences will not work 
        if the fences are spaced too far apart. Also, you and the board can be seen 
        very easily.
        
                       Barbed Wire:
        
             There are two common types of barbed wire in use today. The more common 
        and less secure is the type that is strung horizontally across the fence with 
        three or more rows. The 'barbs' are spaced about 6" apart, enough for you to 
        put your hand in between while climbing over. Also, it is thin enough to be 
        cut very easily. If you think you will need to leave in a hurry or plan on 
        problem free surreptitious entry and the only way out will be to climb over 
        the fence again you can cut the wire from one post to another, assuming the 
        wire is tied or soldered to each post, and replace it with a plastic wire 
        which looks like the wire you just cut. Tie it to each post, and come back 
        anytime after that. You can then climb over it without being cut. The other 
        type of wire, which is more secure or harmful, depending on how you look at 
        it, is a rolled, circular wire commonly called Razor Ribbon.  One manufacturer 
        of this is the American Fence Co. which calls it 'the mean  stuff'. And it is. 
        The barbs are as sharp as razors. Of course this can be cut, but you will need 
        very long bolt cutters and once you cut it, jump as far back as you can to 
        avoid the wire from springing into your face. As mentioned earlier,  cutting 
        is irreparable, and obvious.  If the wire is loosely looped, there may be 
        sufficient room in between to get through without getting stitches and losing 
        lots of blood. If the wire is  more tightly looped you may be able to cover 
        the wire with some tough material such as a leather sheet so you can climb 
        over without getting hurt. This method is not easy to accomplish however. You 
        may want to see if you can get under the fence or jump over rather than climb 
        it.
        
                       Fence mounted noise or vibration sensors:
        
             Let's assume you have found a way to get past the fence. Of course you 
        have not tried this yet, since you should always plan before you act.  OK, you 
        have planned how you would theoretically get over or past the fence. You are 
        now past the deterrent and prevention stages. Before you put the plan into 
        action you had better check for the things mentioned earlier. If a fence is 
        the  first step in security defense, then fence mounted sensors are the second 
        step. The types of detection equipment that can be mounted on the fence are:
        
             Fence shock sensors: These mount on fence posts at intervals of 10 to 20 
        feet, or on every post. They are small boxes clamped about 2/3 up from ground 
        level. There is a cable, either twisted  pair or coax running horizontally 
        across the fence connecting these boxes. The cable can be concealed in con
        duits or inside the fence itself, thus, making it hard to visually detect. 
        Each fence  sensor consists of a seismic shock sensor that detects climbing  
        over, lifting up or cutting through the fence. So if the fence is climbable, 
        it would not be wise to do so since you may be detected.  Of course it doesn't 
        matter if your detected if there is no security force to respond and deter 
        you.





                           An M & M Enterprises Production 
        SECURITY AND SURVEILLANCE                                       5


             Another type is called the E-Flex cable. It's simply a coax cable  run
        ning horizontally across the fence. This cable can not only  be used on chain 
        link fences, but can also be used on concrete block, brick, or other solid 
        barriers. It may be on the outside, or mounted inside the fence, thus, making 
        detection of the device  harder. Of course detection of this and other similar 
        devices which cannot be seen, doesn't make it impossible.  A way to detect 
        this, is by simply repeatedly hitting the wall with a blunt object or by 
        throwing rocks at it.  If nothing out of the ordinary happens, then you can be 
        reasonably sure it is not in place. This is basically a vibration sensor.
        
             Low frequency microphones: This is essentially a coax cable that responds 
        to noise transmitted within the fence itself.
        
             Vibration sensors:  These are based on mercury switches, a ring or ball 
        on a pin, or a ball on a rail.  Movement of the fence disturbs the switches 
        and signals alarms.  A hint that this is in use is that it can only be used on 
        a securely constructed and tightly mounted fence, with no play or movement in 
        it. Otherwise, they will be getting false alarms like crazy.
        
             OK, so now that you know all about these types, how do you get around it?  
        Well, don't touch the fence.  But if there is no alternative, and you must 
        climb it, then climb the fence where it makes a 90 degree turn (the corner) or 
        at the gate.  Climb it very slowly and carefully, and you should be able to 
        get over without being detected by these sensors!  Make sure you climb on the 
        largest pipe and don't fall.
        
                       Security lighting and CCTV:
        
             Sometimes, fences may be backed up by Closed Circuit TV (CCTV) systems to 
        make visual monitoring of the perimeter easier and quicker.  By installing an 
        adequate lighting system and conventional CCTV cameras, or by using special 
        low light sensitive  cameras, the perimeter can be monitored from a central 
        point.  Security personnel can then be dispatched when an intruder is detected 
        on the monitors.
        
             Some systems are stationary, and others can be moved to view different 
        areas of the perimeter from within the central station.  It would be in your 
        best interest to determine if the camera is  stationary or not. If so, you may 
        be able to plan a path which will be out of the view range of the camera. If 
        it is movable, you will have to take your chances.
        
             Light control sensor: This utilizes a Passive InfraRed (PIR) sensor to 
        detect the body heat emitted from someone entering the detection area, and can 
        activate a light or other alarm. The sensor has an option called: 'night only 
        mode' in which a light will flash when a person enters the  area, but only 
        during night hours. It can tell if its dark by either a photoelectric sensor, 
        or by a clock. Of course if its daylight savings time, the clock may not be 
        totally accurate, which can be used to your advantage. If it is photoelectric, 
        you can simply place a flashlight pointing directly into the sensor during 
        daylight hours. When it gets  dark, the photoelectric sensor will still 
        'think' its day since there is sufficient light, thus, not activating the unit 
        to detect alarm  conditions. This should enable you to move within the area at 
        will.




                                (c) 1990 
        6                        The Survivalist's Second Strike Handbook


                       Buried Seismic Sensors:
        
             Seismic detectors are designed to identify an intruder by picking up the 
        sound of your footsteps or other noises related to passing through the pro
        tected area. These sensors have a range of about 20 feet and are buried under
        ground and linked by a cable, which carries their signals to a processor. 
        There, the signals are amplified and equalized to eliminate frequencies that 
        are unrelated to intruder motion. The signals are converted to pulses that are 
        compared with a standard signal threshold. Each pulse  that crosses this 
        threshold is tested on count and frequency. If it meets all the criteria for a 
        footstep, an alarm is triggered. These sensors can even be installed under 
        asphalt or concrete by cutting a trench through the hard surface. It is also 
        immune to weather and can follow any type of terrain. The only restriction is 
        that the area of detection must be free of any type of obstruction such as a 
        tree or a bush.
        
                       Electronic field sensor:
        
             These detect an intruder by measuring a change in an electric field. The 
        field sensors use a set of two cables, one with holes cut into the cable 
        shielding to allow the electromagnetic field to 'leak' into the surrounding 
        area. The other cable is a receiver to detect the field and any changes in it. 
        Objects passing through the field distort it, triggering an alarm.  This 
        sensor can either be buried or free standing, and can follow any type  of 
        terrain. But its very sensitive to animals, birds, or wind blown debris, thus, 
        if it is very windy out,  and you know this is being used, you can get some 
        paper and throw it so the wind takes it and sets off the alarm repeatedly. If 
        it is done enough, they may temporarily turn it off, or ignore it due to 
        excessive false alarms.
        
             It is not hard to tell if these devices are in use. You cannot see them, 
        but you don't have to. Simply get 3-4 medium sized stones. Throw them into the 
        place where you think the protected area is. Repeat this several times. This 
        works on the lesser advanced systems that have trouble distinguishing this 
        type of seismic activity from human walking/running. If nothing happens, you 
        can be reasonably sure this is not in use. 
        
             Now that you can detect it, how do you defeat it? Well as far as the 
        electronic field sensor is concerned, you should wait for a windy night and 
        cause excessive false alarms and hope they will turn it off. As far as the 
        seismic sensors, you can take it one step at a time, very softly, maybe one 
        step every 30-60 seconds. These sensors have a threshold, say, two or more 
        consecutive footsteps in a 30 second time interval will trigger the alarm. 
        Simply take in one step at a time, slowly, and wait, then take another step, 
        wait, until you reach your destination. These detectors work on the assumption 
        that the intruder has no knowledge  of the device, and will walk/run across 
        the protected area normally, thus, causing considerable seismic vibrations. 
        The problem with this method is that it will take you some time to pass 
        through the protected area. This means there is more of a chance that you will 
        be seen. If there are a lot of people going in and out of the facility, you 
        may not want to use this method.  Another way would be to run across the 
        protected area, right next to the door, (assuming  that is where the response 
        team will come out) and drop a large cat or a dog there. When they come out, 
        they will hopefully blame the alarm on the animal. The sensor shouldn't really 
        pick  up a smaller animal, but odds are the security force are contract guards 


                           An M & M Enterprises Production 
        SECURITY AND SURVEILLANCE                                       7


        who wouldn't know the capabilities of the device and the blame would fall on 
        the animal and not you, assuming there were no cameras watching.
        
                       Microwave systems:
        
             In an outdoor microwave system, a beam of microwave energy is sent from a 
        transmitter to a receiver in a conical pattern.  Unlike indoor microwave 
        detectors, which detect an intruders'  movement in the microwave field, the 
        outdoor system reacts to an intruders' presence by detecting the decrease in 
        energy in the beam. The beams can protect an area up to 1500 feet long and 40 
        feet wide. All transmission is line-of-sight and the area between  transmitter 
        and receiver should be kept clear of trees and other objects that can block 
        the beam. Microwave systems can operate in  bad weather, and won't signal an 
        alarm due to birds or flying debris.
        
             These systems work on the Doppler effect, in which they detect motion 
        that changes the energy, and sets off an alarm. These devices will usually be 
        placed inside a fence to avoid false alarms. These devices are very easy to 
        visually detect. They are posts from 1-2 yards high, about 6 inches by 6 
        inches and there are 2 of them, one receiver and one transmitter. In some 
        cases there will be more, which enables them to protect a larger area. 
        
             To defeat this, you can enter the field, very slowly, taking one step at 
        a time but each step should be like you are in slow motion. It doesn't matter 
        how hard you hit the ground, since it  doesn't detect seismic activity, only 
        how fast you approach the field. If you take it very slowly you may be able to 
        get past. Detectors of this type get more and more sensitive as you approach 
        the posts. Ergo, choose a path which will lead you furthest away from the 
        posts.
        
                       Photoelectric systems:
        
             These systems rely on an invisible barrier created by beams of infrared 
        light sent from a light source to a receiver. When the beam is interrupted, 
        the alarm sounds. The beam can have an effective range of up to 500 feet. 
        Multiple beams can be used to increase the effectiveness of the system, making 
        it harder for you to climb over or crawl under the beams. Photoelectric sys
        tems can be prone to false alarms as a result of birds or wind-blown debris 
        passing through the beam. The problem can be corrected  by  the installation 
        of a circuit that requires the beam to be broken for a specified amount of 
        time before an alarm is sounded. Weather conditions like heavy fog, can also 
        interrupt the beam and cause an alarm. This can also be corrected by a circuit 
        that reacts to gradual signal loss. These systems should not face directly 
        into the rising or setting sun since this also cuts off the signal beam.
        
              As you can see this system has many problems which you can take advan
        tage of to bypass this system. As with any system and method, surveillance of 
        the facility should be accomplished in  various weather conditions to help 
        verify the existence of a particular detection device, and to see how they 
        react to false alarms. Many times, you will be able to take advantage of 
        various  conditions to accomplish your mission. If there is only one set of 
        devices (transmitter and receiver), try to estimate the distance of the sen
        sors from the ground. You can then either crawl under or jump over the beam. 
        This also works on the assumption that the intruder will not recognize that 
        the device is in use.


                                (c) 1990 
        8                        The Survivalist's Second Strike Handbook


        
                  MISCELLANEOUS:
        
             Guards: There are two types, in-house or company paid guards and contract 
        guards. Contract guards are less secure since they do not work for the facili
        ty and if they make a mistake they simply get transferred to another facility 
        no big deal. In-house guards know the facility better and have more to lose, 
        thus, they are probably more security conscious. Be aware of any paths around 
        the perimeter in which guards can/will walk/ride to visually inspect the 
        exterior of the facility.
        
             Central monitoring: Monitoring of the devices mentioned in this article 
        is usually accomplished at a 'Central Station' within  the facility. Usually, 
        guards *SHOULD* be monitoring these. If you have planned well enough, you may 
        find that the guard leaves his/her post to do various things at the same time 
        every night. This would be an ideal time to do anything that may be seen by 
        cameras.  Unfortunately, there will probably be more than one guard making 
        this nearly impossible.
        
             Gates: Probably the easiest way to pass through the perimeter is to go 
        through the gate. Whether in a car, or by walking. This may not be too easy if 
        it is guarded, or if there is a card reading device used for entry.
        
             Exterior card readers: If the card used is magnetic (not Weigand) it is 
        quite possible to attack this. If you have an ATM card,  Visa, or other mag
        netic card, slide the card through, jiggle & wiggle it, etc. and quite possi
        bly the gate will open. Reasons for this are that since it is outside, the 
        reader is subjected  to extreme weather conditions day in and day out, thus, 
        the detecting heads may not be in the best of shape, or since it is outside it 
        may be a cheap reader. In either case, it may not work as good as it should 
        and can make 'mistakes' to allow you access.
        
             Combinations: The devices listed in this article do not have to be used 
        alone. They can and are used in conjunction with each other for greater secu
        rity.
        
             Diversions: In some cases, a diversion could better insure your passage 
        through the perimeter. Keep this in mind.
        
             Extreme weather conditions: All devices have an effective operating range 
        of temperatures. On the low end of the scale, most devices will not operate if 
        it is -30  degrees Fahrenheit or lower. Though, quite a few will not operate 
        effectively under the following temperatures: -13 f, -4 f, +10 f, +32 f. On 
        the other side of the scale, they will not operate in excess of: +120 f, +130 
        f and +150 f. It is unlikely that the outside temperature will be above 120 
        degrees, but in many places, it may be below freezing. Take this into consid
        eration if a facility has these devices, and you cannot bypass them any other 
        way.









                           An M & M Enterprises Production 
        SECURITY AND SURVEILLANCE                                       9


                  CONCLUSION:
        
             This article primarily dealt with the identification of various 'tools' 
        used in physical security for the deterrence, prevention, detection, and 
        response to an intruder. There also were some methods which have been used to 
        attack, defeat, and bypass these 'tools'. None of the methods mentioned in 
        this article work 100% of the time in all circumstances, but ALL have worked, 
        some were  under controlled circumstances, some were not. But all have worked. 
        Some methods are somewhat crude, but they get the job done. Some methods were 
        intentionally left out for obvious reasons.  Even though this article was 
        written in a tutorial fashion, in no way am I advising you to go out and break 
        the law. I am merely showing you how to identify devices that you may not have 
        known were in place to keep you from making a stupid mistake and getting 
        caught. The Establishment doesn't always play fair, so why should we?
        
             THE EXTERIOR
        
                  INTRODUCTION:
        
             The 'exterior' refers to the area directly outside of a building and the 
        things within the building which are on the exterior. These obviously are: 
        doors, air conditioning ducts, windows, walls, roofs, garages, etc. I don't 
        believe the word 'exterior' is the exact definition of what this article will 
        encompass, unlike the 'perimeter', but it's the best I could come up with.
        
             This article primarily is of an informative nature, although methods of 
        "attacking, defeating, and bypassing" will be explained. Its purpose is not 
        specifically to encourage you to breach a facility's security, although I 
        acknowledge that it could be used as such. Some of the devices mentioned in 
        the physical security series are used in homes as well as corporate, industri
        al, and military installations, but my aim is specifically towards the commer
        cial aspect of buildings, not homes and apartments. Entering a facility to 
        obtain information such as passwords or manuals is one thing, breaking into 
        someones' home to steal their personal belongings is another.
        
                  EXTERIOR SECURITY:
        
             A facility's second line of defense against intrusion is its' exterior. 
        The exterior may have any or all of the following:
        
             * Window breakage detectors
             * Keypad systems
             * Card access control systems
             * Magnetic locks and contacts
             * Security lighting and CCTV












                                (c) 1990 
        10                        The Survivalist's Second Strike Handbook


                  WINDOWS:
        
             Windows are a large security hole for buildings. You may notice that many 
        phone company buildings and data processing centers have few if any windows. 
        There are two things that can be done to secure windows aside from making sure 
        they are locked. One is to make them very difficult to break, and the other is 
        to detect a break when and if it occurs. Here is a quick breakdown of the 
        common types of glass/windows in use today:
        
             Plate glass: Can be cut with a glass cutter.
        
             Tempered: Normally can't be cut. Breaks up into little pieces when bro
        ken.
        
             Safety: You need a hatchet to break this stuff.
        
             Wire: This has wire criss-crossed inside of the glass, making it very 
        hard to break, and even harder to actually go through the opening it is in 
        place of.
        
             Plexy: Very hard to break, doesn't really shatter, but can be melted with 
        the use of a torch.
        
             Lexan: This is used in bulletproof glass. One of the strongest and most 
        secure types of glass.
        
             Herculite: Similar to Lexan.
        
                       Foil tape:
        
             This is by far the most common, and probably the most improperly in
        stalled form of glass breakage detection, which also makes it the most inse
        cure. This is usually a silver foil tape about 5/16" wide which should be 
        placed on the whole perimeter of a glass window or door. In the case of plexi
        glass or a similar material, the tape should be placed in rows separated by 6-
        12 inches.
        
             The older foil was covered with a coating of eurathane or epoxy which 
        enabled it to stick onto the glass. The newer foil has an adhesive back making 
        installation much easier. There should be two connectors which are located at 
        the upper top part of a window, and the lower part of the window which con
        nects the foil to the processor, thus, completing the circuit. Foil may or may 
        not have a supervised loop. If it is supervised, and you use a key to scratch 
        the foil (when it is turned off) making a complete break in it, an alarm will 
        sound when it is turned on.
        
             Foil is commonly used as a visual deterrent. Many times, it will not even 
        be activated. The easiest way to determine if the facility is trying to 'B.S.' 
        you into thinking they have a security system, is to see if there are any 
        breaks in the foil. If there is a clean break, the 6-12V DC current which is 
        normally making a loop isn't. Thus, breaking the glass will do nothing other 
        than make some noise unless you take steps against that happening.





                           An M & M Enterprises Production 
        SECURITY AND SURVEILLANCE                                       11


             As was stated, foil is the most improperly installed type of glass break
        age detection. When it is installed improperly, it will not cover all the area 
        it should. An easy way to defeat this is by the following diagram:
        
        +-------------+
        ! ........... !  . = foil tape
        ! .         . !  - = top/bottom of door
        ! . put     . !  ! = sides of door
        ! . contact . !  / = dividing line between 2 pieces of contact paper
        ! . paper   . !       
        ! . in      . !  $ = ideal places for initial breakage
        ! . this    +-!  ' = clear area or outline of second piece of contact paper
        ! . area    ! !        
        ! .         +-!  <-- door handle
        ! .         . !
        ! ........... !
        !/////////////!
        !'''''''''''''!
        !'           '!
        !$'''''''''''$!
        +-------------+
        
             As you can see, the installer neglected to place the foil all the way 
        down to the bottom of the glass door. There is enough room for a person to 
        climb through. They may have thought that if someone broke the glass, it would 
        all break, which is normally correct. But if you obtain some strong contact 
        paper, preferably clear, adhere it to the glass as shown, and break the bottom 
        part at the '$' it will break up to the '/' line and that's it. Thus, leaving 
        the foil intact. This will work on tempered glass the best, and will not work 
        on Lexan or Plexiglass. There is a transparent window film with a break 
        strength of up to 100 pounds per square inch which can be obtained from Madi
        co, Inc. It is called, Protekt LCL-400 XSR, and makes glass harder to break 
        and stays essentially in place even when broken. This can be used in place of 
        the contact paper. Obviously, it is also used to protect glass from breakage.
        
                       Audio discriminators:
        
             What these do is to compare the frequency of the sound that glass makes 
        when it breaks, to the actual breakage of glass. This frequency is relatively 
        unique, and can accurately determine when and if glass actually breaks. Your 
        best shot at defeating this, is to do the same thing as mentioned above. Cover 
        the glass with a film which will keep the glass in place after breaking it. If 
        you break it properly, the frequency will not match that of glass breaking 
        when it is not held in place.
        
                       Glass shock sensors:
        
             These devices detect shock disturbances using a gold-plated ring that 
        "bounces" off a pair of normally closed gold-plated electrical contacts. This 
        will send a signal to a Signal Processor (SP) which determines whether an 
        alarm condition exists. There are two settings the SP can be set to which are:
        
             SHOCK-BREAK: This mode requires an initial high energy shock, followed by 
        a very low energy shatter. The shatter must occur within about 1 second before 
        an alarm can occur.


                                (c) 1990 
        12                        The Survivalist's Second Strike Handbook


        
             SHOCK-ONLY: An alarm will occur once the first shock is detected. This 
        may or may not be accompanied by a shatter.
        
             Obviously the more secure setting for a facility would be shock-only. 
        Though, both are equally dangerous for an intruder. The methods mentioned 
        earlier about preventing the glass from shattering will not work when this 
        device is used in the shock-only mode. It may work, depending on the type of 
        glass, if it isn't in the shock-break mode.
        
             These devices are usually found protecting large plate glass and multi-
        pane windows. They are roughly 2 inches by 1 inch and can be mounted on the 
        frame of a window, between two windows, or on the glass itself. These sensors 
        can cover up to 150 square feet of glass.
        
             These are the best of the lot for window breakage detection. Most devices 
        have a constantly supervised loop, and if you cut a wire, that loop will 
        break, and cause an alarm condition. They are typically placed somewhere on 
        the window pane and not on the window, thus, making them harder to visually 
        detect, from the outside that is. Though from close inspection, you may be 
        able to determine if these are in place. Obviously they can easily be seen 
        from the inside.
        
             The sensor is normally placed no more than a couple of inches from the 
        glass. If it is too far away, or if you can move one over 4 inches from the 
        glass, its detection capability is somewhat diminished. It is probably screwed 
        in, and has an adhesive backing, so moving it may not be too easily accom
        plished. False alarms are not common, unless the windows rattle. There are 
        sensors available which are not as sensitive, and will not "overreact" to 
        slight vibration, these are called "damped" sensors.
        
                       MAGNETIC CONTACT SWITCHES:
        
             The word "contact" is somewhat contradictory to how these devices are 
        commonly used. In most cases, the magnet and the switch are not in physical 
        contact of each other, rather, they are in a close proximity of each other, 
        although there are some models which are indeed in contact with each other. 
        There are various types and levels of security that these devices possess.
        
             They can be surface mounted (floor or wall mounted) or concealed (re
        cessed). The most common are surface mounted which are placed on top of the 
        door. When inspecting for these devices, examine the whole perimeter of the 
        door, from top to bottom. Most doors have a +/- 1/4" gap all the way around, 
        in which you should also check for concealed contacts. These are round cylin
        ders that are recessed into the door or wall, which obviously makes them less 
        visible. The other contacts range from miniature, with dimensions as small as 
        1x1/4x1/4" to the larger ones at 5x2x1". They are usually in colors of off-
        white, gray, and brown and are mounted with nails, screws, double sided tape, 
        or are epoxied onto the door or wall surface(s). The switches are hermetically 
        sealed, as are the glass breakage detectors mentioned earlier, can operate in 
        moist or dusty areas, are corrosion resistant and have indoor/ outdoor use. 
        They can also be used on windows, fence gates, truck trailers, boats, heavy 
        equipment, safes, and vaults.




                           An M & M Enterprises Production 
        SECURITY AND SURVEILLANCE                                       13


        The different types of devices in order of least to most secure are:
        
             1) Standard Magnetic Contacts: These consist of one reed switch and one 
               magnet. They may be defeated with the use of a second magnet which 
               would be placed in the vicinity of the switch, while opening the door 
               or window and while closing them also. This way, the switch never de
               tects the absence of the magnet, thus, no alarm occurs.
        
             2) Biased Magnetic Contacts: These consist of one reed switch with a 
               "biasing" magnet that changes the state of the reed switch. The 
               magnet is then placed at the correct distance to offset the bias 
               magnet, creating a "balanced" condition. The switch can be defeated 
               with the use of a single magnet. The trick is to:
        
               A) You must have the correct size magnet, which can be accomplished 
                  by obtaining the same type or model as what is in place.
        
               B) You must determine the correct polarity which may be accomplished 
                  with either a compass, or if the alarm is not activated, (possibly 
                  during normal business hours), by opening the door and placing 
                  your magnet near the device's magnet and determine the polarity. 
                  If you do not have much time, then its a 50-50 shot.
        
               C) The last criteria is to keep the magnet at the same or close to 
                  the same distance from the switch as the original magnet was. In 
                  some cases the device will be placed in such a manner that correct 
                  placement of the second magnet will be difficult if not impossi
                  ble.
        
             3) Balanced Magnetic Contacts: These consist of one biased reed switch 
               and one unbiased reed switch. The second reed will be of the correct 
               sensitivity and position so as to not operate with the actuator 
               magnet. It must also operate with the addition of a second magnet. It 
               could be defeated by a single magnet that is moved into place as the 
               door is opened. This requires coordinated movement of the door and 
               magnet.
        
             4) Preadjusted Balanced Magnetic Contacts: These consist of three biased 
               reed switches and may have an optional fourth tamper reed. Two reeds 
               are polarized in one direction and the third is polarized in the 
               opposite direction. The housing consists of three magnets with the 
               polarity that corresponds to the switches. It is preadjusted to have 
               a fixed space between the magnet and the switch. This is the most 
               secure type of magnetic contact switch. The three-reed type could be 
               defeated by using one of its own magnets, but not a bar magnet. The 
               type with four reeds cannot be defeated with either of the two mag
               nets because the fourth reed will activate when a magnet is brought 
               within actuating distance. If you are able to determine which is the 
               tamper reed, you can try to keep the three magnets in contact with 
               the corresponding reeds. At the same time you must have the correct 
               polarity, and in the process, not activate the tamper reed. If you 
               accomplish those, you may be able to defeat it. This will most likely 
               require two people and a bit of luck.




                                (c) 1990 
        14                        The Survivalist's Second Strike Handbook


             The most secure devices are made of die cast aluminum instead of plastic, 
        are explosion proof (for vaults and safes), have terminals mounted inside the 
        housing which provides protection from tampering and shorting, and have ar
        mored cabling.
        
             A wider break distance will prevent false alarms due to loose fitting 
        doors, thus, if the door is loose fitting it may have a wide break distance. 
        The wider the break distance, the easier it is to defeat. This will allow you 
        to introduce another magnet in cramped places since the door can be opened a 
        wider distance before an alarm condition occurs.
        
             Some devices allow the installer to adjust the gap with a screwdriver 
        instead of placing the switch a certain distance from the magnet. In some 
        devices, use of any ferrous (Iron) material in the vicinity of the switch can 
        cause a change in gap distance. As a gap is increased, the switch may bias and 
        latch. When latched, the switch will remain closed even when the magnet is 
        removed! This means that when you open the door, it thinks that the door is 
        closed, and you are able to stealthily go through the door. You can test for a 
        latched condition by removing the magnet (opening the door) and using a Volt 
        Ohm Meter, if it reads INFINITY, the switch is OK. If not, it may be latched. 
        If you can adjust the gap to the point of it being latched, without being 
        noticed, you've got it made.
        
                       Wireless Switch Transmitters:
        
             These are essentially the same as the other devices mentioned except that 
        they use an FM digital signal for alarm conditions (a door or window open) and 
        for maintenance conditions (low battery, transmitter malfunction/removal, long 
        term jamming, etc). There should be continuous polling and a maintenance alarm 
        will occur if the signal is missing for a few minutes. The transmitters are 
        usually powered by a couple of AAA 1 1/2V pen cells, which can last a few 
        years. Most devices will send out a signal after a specific interval. Common 
        intervals are about every 30 seconds. You can verify if the device is indeed 
        sending out a signal by placing a milliammeter capable of reading 10 ua in 
        series with the batteries and reading the discharge current. If it occurs 
        every 30 seconds, then it is sending out a signal every 30 seconds. A hint 
        that this type of device is in use, is since range generally decreases as a 
        transmitter gets closer to the floor, the transmitter will be placed as high 
        as possible. The transmitter probably has a range of about 200 feet, although 
        some environments may reduce this range due to construction materials inherent 
        in the building. The frequency should be in the 314 MHz range.
        
             As was mentioned, these are the same as regular magnetic contact switches 
        except that there is a transmitter instead of a wire for transmitting alarm 
        and maintenance conditions, thus, the switch can be defeated in the same 
        manner as has been previously stated. Defeating an X-mitter is much easier 
        than defeating a wire. You can defeat the transmitter if you can sufficiently 
        block or diminish the signal strength so that the receiver is unable to re
        ceive it. Radio waves have a tendency to bounce and reflect off of metallic 
        surfaces, which includes foil, and pipes. If you have located the transmitter, 
        which should be attached to or near the actual contact, you can block or jam 
        the signal as you open the door. Hopefully this will be between the 30 second 
        interval that it sends an "I'm ok" signal to the receiver, but it's not criti
        cal to do so. As was stated, most receivers will not cause an alarm condition 
        if it doesn't receive a signal once or twice, but after a few minutes it will. 


                           An M & M Enterprises Production 
        SECURITY AND SURVEILLANCE                                       15


        So, as you open the door, it tries to send the signal, you block or jam it, 
        and you slip through without detection.
        
             This information can also apply to security relating to the 'interior' of 
        a facility. Many of the techniques for defeating magnetic contact switches are 
        geared toward being inside the facility. Many facilities have switches on 
        doors to monitor movement of personnel within the facility.  But it also is 
        used on the exterior and some methods will work on doors and possibly windows 
        on the exterior. Of course, you have to have a way of opening the door, and 
        that follows.
        
                  DOORS AND LOCKS:
        
             As you know, doors are the primary entrance point into a building. Since 
        they are the primary target for unauthorized entry, they have the most securi
        ty added. I am not going to mention anything about the art of picking locks. 
        Although mechanical locks and keys have been the most common type of security 
        used in the past as well as today, I am going to concentrate on the more 
        advanced security systems in use.
        
                       Pushbutton keypad locks:
        
             There are two types, mechanical and electronic. I will go into detail 
        about each. I will give you a few examples of these devices which comes di
        rectly from brochures which I have been sent. I am merely summing up what they 
        said.
        
        Electronic:
        
             Securitron DK-10:
        
             This is a unit which has dimensions of 3x5x1". It has a stainless steel 
        keypad which is weatherproof, mounts via hidden screws and has no moving 
        parts. The keypad beeps as each button is pressed, and an LED lights when the 
        lock is released. It is slightly different in appearance than most other 
        electronic keypads:
        
        +----+  Each block (1A/B2) is one button. Thus, there are 5
        | 1A |  buttons total on this device. The "/"'s at the bottom of
        | B2 |  the device represents the name of the company and 
        |    |  possibly the model number of the device
        | 3C |  (i.e.. Securitron DK-10). It has 2-5 digit codes. Thus, a 2
        | D4 |  digit code will have a maximum of 5 to the 2nd power (5
        |    |  squared=25) combinations. Of course it increases as the
        | 5E |  number of digits used increase. This unit has an 11 or 16
        | F6 |  incorrect digit threshold. If it is reached a buzzer
        |    |  sounds for 30 seconds during which it will ignore any
        | 7G |  entries. When a valid code is entered, the lock is
        | H8 |  released for a 5, 10, 15, or 20 second interval. 
        |    |
        | 9K |
        | L0 |
        |////|
        |////|
        |----|


                                (c) 1990 
        16                        The Survivalist's Second Strike Handbook


        
             Sentex PRO-Key:
        
             This device has a keypad resembling one of a payphone. It is a sealed, 
        chrome plated metal keypad. It has the standard 10 digits with * and #. It can 
        have up to 2000 individual codes with a length of 4 or 5 digits. It allows 8 
        time zones, "2-strikes- and-out" software which is its invalid code threshold, 
        and anti-passback software.
        
             Obtaining codes
        
             Your aim is to obtain the correct code in order to open the door. Plain 
        and simple. There are various methods in which you can accomplish this. You 
        can try to obtain a telescope or similar device and attempt to get the exact 
        code as it is being entered. This is obviously the quickest method. If you 
        cannot discern the exact code, the next best thing is to determine exactly how 
        many digits were entered, since most devices have variable code lengths. If 
        you can make out even one digit and when it was entered, you will substantial
        ly reduce the possibilities. Another method is to put some substance on the 
        keypad itself, which preferably cannot be noticed by the user. After someone 
        enters a code, you can check the keypad to see where there are smudges or if 
        you use what the police use to find fingerprints, you can see what digits were 
        pushed, although you will have no idea in what order. This will drastically 
        cut down the combos. Say that someone enters a 5 digit code on a 10 digit 
        keypad. You check the keypad and see that, 1,2, 4, 7, and 9 were pushed. If 
        you attempted brute force, you will have 25 combinations to try. If a 4 digit 
        code 'appeared' to be entered, as 0, 2, 4, 8 were 'smudged', it is possible 
        that one of the digits were pushed twice. Keep that in mind. A way to know for 
        sure would be to clean the pad and 'dust' it, most fingerprints will be clear, 
        but one will be less clear than the others. Thus, you can be reasonably sure 
        that the digit which is smudged was pressed twice.
        
             Thresholds
        
             Brute force attempts on electronic keypads is suicide. Once a certain 
        number of invalid attempts has been reached, it will probably be logged and a 
        guard may be dispatched. Your best bet is to try once or twice, wait (leave), 
        try once or twice again, wait, etc. Sooner or later you will get in.
        
             Auditlogs
        
             Many of these devices are run on micro's. The software that runs these 
        devices allows for an increased ability to monitor the status of these de
        vices. They can track a person throughout the facility, record times of entry 
        and exit, and when the maximum invalid code threshold is reached.












                           An M & M Enterprises Production 
        SECURITY AND SURVEILLANCE                                       17


             Anti-passback
        
             This term is commonly used in card access control, but it applies differ
        ently to keypads. This feature prevents the use of two codes being used at the 
        same time. That is, Joe Comosolo uses code #12345 and enters the building. 
        Then, you enter Mr. Comosolo's code, #12345 but the system knows that Joe is 
        already in the building, and has not entered his code before leaving. Thus, 
        you do not gain access, and that action is most likely recorded in the audit 
        log. This option will only be in effect when:
        
             1) Each individual has a different code.
        
             2) There is a keypad used for entry, and a keypad used for exit.
        
             Tailgating
        
             This occurs when more than one person enters through a controlled access 
        point. Joe enters his code, and goes into the building. You follow Joe, and 
        make it in just before the door closes, or in the case of the devices waiting 
        10 or 20 seconds before the door locks again, you let it close, and open it 
        before it locks.
        
             Open access times
        
             During peak morning, noon, and evening hours, a facility may set the 
        system to not require a code during, say, 8:55AM to 9:05AM, thus, enabling 
        most anyone to gain entry during that time.
        
             Hirsch Electronics Digital Scrambler:
        
             This has a 12 button arrangement with the addition of a 'start' key. This 
        is probably the most secure type of keypad security system in use today. It 
        only allows a viewing range of +/- 4 degrees horizontally and +/- 26 degrees 
        vertically. This means that it would be very difficult to watch someone enter 
        their code, thus, eliminating the 'spying' technique mentioned earlier. The 
        buttons on the keypad remain blank until the start button is pressed. Then, 
        instead of the numbers appearing in the usual order, they are positioned at 
        random. A different pattern is generated each time it is used. The numbers are 
        LED's in case you were wondering. This eliminates the 'dusting' technique 
        which can be used on the other types of keypad systems.
        
             The Model 50 allows control of 4 access points and has 6 programmable 
        codes. 
        
             The Model 88 controls 8 doors and has thousands of codes. The features 
        that this device has makes it very difficult to do anything but use brute 
        force to obtain the code, but since it is controlled and monitored by a com
        puter, the audit logs and maximum invalid code threshold can put a stop to 
        that method. The other alternative, which applies to any of these systems, is 
        to socially engineer the code from someone, or if you know someone, they may 
        give you it. Both methods are not ideal. 






                                (c) 1990 
        18                        The Survivalist's Second Strike Handbook


        Mechanical Keypad locks:
        
             The best thing about these types of locks, is that they are 100% mechani
        cal. This means that it is not computerized, and there is no monitoring of bad 
        codes or the door staying open for too long, or anything! All you have to 
        worry about is getting a correct code. Probably the largest manufacturer of 
        these devices, is Simplex Security Systems, Inc. The devices are called, 
        Simplex Keyless Locks. Every lock of theirs that I have seen, has 5 buttons. 
        Combinations may use as many of the five buttons the facility cares to use. 
        The biggest problem with this type, is that there is the option of pushing 2 
        buttons at the same time, which would be the same as adding another button to 
        the lock. Thus, button 1 & 5 can be pushed simultaneously, then button 3, then 
        buttons 2 & 4 would be pushed at the same time.
        
             These are supposedly, 'keyless locks' but on many models, a 'management 
        key' can be used to override the security code, so obtaining the key is a way 
        to bypass the code. Both the spying and dusting methods apply to these de
        vices, and the best thing is that you can try all possibilities you want 
        without an alarm signalling.
        
             Magnetic locks:
        
             These are commonly called 'Magnalocks' and use only the force of electro-
        magnetism to keep a door shut. Typically, the magnet is mounted in the door 
        frame and a self aligning strike plate is mounted on the door. These locks 
        provide the capability of up to a few thousand pounds of force for security. 
        They are not only found on doors, but can be put on sliding doors, glass 
        doors, double doors and gates. The magnet and plate is roughly 3 inches by 6-8 
        inches.
        
             There are a few things you should try to find out about these devices 
        before attempting anything:
        
             Is there backup power? (i.e. Usually a 12-24V battery can be used) Obvi
        ously, if there is no backup power and there is a power outage, there will be 
        nothing to stop you from opening up the door.
        
             Most devices have the capability to monitor whether the door is closed, 
        which is what magnetic contact switches do. But there is another option, which 
        will provide a voltage output signal on a third wire, which determines whether 
        the lock is powered and secure. If there is no monitoring of whether the door 
        is secure, then there is no way of knowing it is locked, unless it is physi
        cally checked. There are optional LED's which can be mounted on the lock to 
        indicate its status. For the Securitron Magnalock, an amber LED will indicate 
        that the lock is powered. A green light shows the lock is powered and secure. 
        Red, shows that the lock is unlocked, and no light means there is a violation, 
        i.e.. the power switch is on, but the lock is not reporting secure. You can 
        use these lights to your advantage.
        
             If a magnalock is tied into a fire alarm system, such that it is automat
        ically released in the event of fire, then you or an accomplice can signal a 
        fire alarm and sneak in while the lock releases.





                           An M & M Enterprises Production 
        SECURITY AND SURVEILLANCE                                       19


                       MISCELLANEOUS:
        
             LED's: Some devices or models of devices have LED lights built into/onto 
        the device. They are usually used to indicate a secure or insecure condition.
        
             This applies to magnetic contacts, shock sensors, and other devices. Even 
        when the security system is not in a secure mode, (for example, during regular 
        business hours a system may be off, but after 6pm it is turned on) the LED 
        will light when an alarm condition occurs. For example, you bang on a window 
        that has a shock sensor, and the red LED lights, or blinks for a few seconds. 
        You can use this to your advantage to test theories or methods during a time 
        which a receiver pays no attention to the signals sent to it. Then when it is 
        turned on, you will have more confidence in what you are doing.
        
             Supervised loops: Most if not all devices will have supervised loops for 
        constant monitoring of battery power, electrical shorts, and defective de
        vices. If the security system of the facility is very old, loops may not be 
        supervised, and simply cutting a wire will disable the alarm.
        
             Naming of devices: For large orders, manufactures of security devices may 
        put the facility's name on the product instead of their own. This is probably 
        for esoteric purposes. This hampers your efforts in obtaining the name of the 
        maker of any type of product for purposes of getting additional information 
        and brochures on the device.
        
             Single person entry: These devices include mechanical and optical turn
        stiles which meter people in and out one-by-one. Mantraps, usually found in 
        high security installations are double-doored chambers which allow only one 
        person in at a time, and will not allow the person out until the  system is 
        satisfied he is authorized.
        
             Extreme weather conditions: Unlike perimeter security devices, most 
        exterior security devices are either placed inside the facility, or can with
        stand just about any type of environmental condition, so there is not much 
        that you can take advantage of.
        
             CONCLUSION:
        
             People typically make security a lower priority than less important 
        things. Those who do not upgrade their systems because of spending a few 
        dollars are rewarded by being ripped off for thousands. I have no pity for 
        those who do not believe in security, physical or data.















                                (c) 1990 
        20                        The Survivalist's Second Strike Handbook


        TECHNIQUES FOR PICKING LOCKS
        
             FILE CABINET LOCKS:
        
             It's quite simple to pick open a file cabinet. Most file cabinets nowa
        days have a cheap disk tumbling system. If the disk patterns match the key 
        shape, Presto!  It's open.
         
             Let me briefly explain what disk tumblers are:
         
         
                  I  I  I  I  I             ****
                  I     I  I        ** * ****** *    -----  KEY
                                   ************ *
                  I  I  I  I  I             ****
         
                  ^  ^  ^  ^  ^
                  |--|--|--|--|
        
                  Each one of the things that the (^) arrows are pointing
                  to are disks. 
         
                  If the key inserted through the 5 disks, and the pattern
                  of the disks match, it opens.
         
             So to make a key that works with most (all) cabinet locks, get a wire 
        that is fairly thick, just thin enough to fit through the locks. Bend it in 
        the following fashion.
         
                                  +---- THE DISTANCE   SHOULD EQUAL
        ----------/\/\/\-         v     FROM TOP OF    THE DISTANCE   /\
                                 /      THE HUMP TO    ACROSS TWO
                                ^       THE BOTTOM OF  TOPS OR       ^  ^
                                +----   THE HUMP       BOTTOMS  -----|--|
         
             When you make your key, just insert it all the way in. Jerk it up and 
        down as fast as you can, as you turn the key to the left or right, depending 
        on how the lock opens. If you get the hang of it, you should be able to open 
        any file cabinet lock in a matter of seconds.   


















                           An M & M Enterprises Production 
        SECURITY AND SURVEILLANCE                                       21


             OPENING LOCKED DOORS:
        
             I can write a whole book in teaching how to open locked doors.  I'll tell 
        you the most basic way of doing it.  This technique works on a door with a gap 
        as wide as a width of a butter knife.
         
             If you have a butter knife or a butter fly knife or equivalent handy, you 
        can open these kinds of doors as though you have the key to them.
         
                   DOOR GAP
                     | |
                     | |
                     |-|
                     | |---- THE SO CALLED "BOLT" OF THE DOOR.
                     | |
                     |-|
                     | |
                     | |
                     | |
         
              BIRD'S EYE AND ENLARGED VIEW OF THIS
         
         
                      |----------  THE KNIFE
                      v
                      I            ---- SLIDE THE KNIFE THIS WAY FOR THIS PICTURE
                 ____ I   ______
                     |I _|
                     |I/ |         DOOR
                     |/  |
                     |___|
                 ____|   |_______
                       ^
                       |--------------- THE "BOLT"
         
             If the round part of the "bolt" faces you, then with the knife, push on 
        the bolt with the back of the blade.  As you push, slide the knife towards the 
        side of the door. (See illustration for clarity).  You will slowly move it. 
        And presto!  The door is open.  The trick is to slide the knife and pushing it 
        at the same time, and hold on to the door knob. If it opens inwards, get ready 
        to push it as soon as the knife is through the "bolt".
         
             For the other case ( the round part of the "bolt" facing away from you ), 
        you just pull on the knife and give the same sliding motion.  Be careful not 
        to stab yourself.  The knife's contact point is always the back of the knife.
         
             LOCK-IN-KNOB" TYPE LOCK
        
             First of all, you need a pick set. If you know a locksmith, get him to 
        make you  a set. This will be the best possible set for you to use. If you 
        cannot find a  locksmith willing to supply a set, don't give up hope. It is 
        possible to make  your own, if you have access to a grinder (you can use a 
        file, but it takes  forever.)




                                (c) 1990 
        22                        The Survivalist's Second Strike Handbook


             The thing you need is an Allen wrench set (very small). These should be 
        small enough to fit into the keyhole slot. Now, bend the long end of the Allen 
        wrench at a slight angle..(not 90 deg.) it should look something like this:
         
        #1     
          \\
            \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\     (THIS IS THE HANDLE
                                              \\\        THAT WAS ALREADY   
                                              \\\        (HERE.)
                                              \\\
                                              \\\
                                              \\\       
         
             Now, take your pick to a grinder or a file and smooth the end (#1) until 
        it's rounded so it won't hang inside the lock.  Test your tool out on door
        knobs at your house to see if it will slide in and out smoothly.  Now, this is 
        where the screwdriver comes in. Is it small enough for it and your pick to be 
        used in the same lock at the same time, one above the other ? Lets hope so, 
        because that's the only way your going to open it.
         
             In the coming instructions, please refer to this chart of the interior of 
        a lock:
         
             XXXXXXXXXXXXXXXXXXXXXXX| K       #= Upper Tumbler Pin
              #  #  #  #   #   #    | E       *= Lower Tumbler Pin
                 #     #   #   #    | Y       X= Cylinder Wall
              *     *               | H
              *  *  *  *   *   *    | O    (This is a greatly    
                                    | L     simplified drawing)
                                    | E
             XXXXXXXXXXXXXXXXXXXXXXX|
         
             The object is to press the pin up so that the space between the upper pin 
        and the lower pin is level with the cylinder wall. Now, if you push a pin up, 
        its tendency is to fall back down, right ? That is where the screwdriver comes 
        in. Insert the screwdriver into the slot and turn. This tension will keep the 
        "solved" pins from falling back down. Now, work from the back of the lock to 
        the front, and when you're through.
        
             There will be a click, the screwdriver will turn freely, and the door 
        will open. Don't get discouraged on your first try! It will probably take you 
        about 20-30 minutes your first time. After that you will quickly improve with 
        practice.
        
             PIN TUMBLER LOCKS
        
             In order to pick a pin tumbler lock, you will require four items: a lock, 
        you, a pick, and a tension wrench. You can usually get these at a locksmith 
        store, if you can not find one near you there will be an address at the end of 
        the article that you can order them from. Here is an illustration of a pick 
        and a tension wrench:
        
             ________/   |________
              PICK         TENSION WRENCH



                           An M & M Enterprises Production 
        SECURITY AND SURVEILLANCE                                       23


             Most people know of the need for the pick, but have no idea what the 
        wrench is for.  It is very important and with-out it, it would be impossible 
        to pick a lock.
        
             In order to pick a lock, we must count upon the imperfection of the lock. 
        Before we look at how to actually pick the lock, we will look at the parts of 
        it and how the imperfection part fits in.  Here is a disassembled lock:
        
                        /   /   /   /
                        \   \   \   \
             SPRINGS -> /   /   /   /
                        \   \   \   \
                        _   _   _   _
                       | | | | | | | |
                       | | | | | | | |
             DRIVERS ->| | | | | | | |
                       |_| |_| |_| |_|
                        _           _
                       | |  _      | |
         BOTTOM PINS ->| | | |  _  | |
                       | | | | | | | |
                       \_/ \_/ \_/ \_/
                    _____________________
                   |   : : : : : : : :   |
         HOUSING ->|   : : : : : : : :   |
                   |   : : : : : : : :   |
                   |___: :_: :_: :_: :___|   ___
                  |    : : : : : : : :   |  /   \
           PLUG ->|    : : : : : : : :   | !     !__      _   _
                  |______________________| !        \__  / \_/ \__  
                   |                     | !           \/         \
                   |                     |  \__/-------------------  
                   |                     |        KEY         
                   |_____________________|
        
             When you insert a key into a lock, the bottom pins are pushed up, and if 
        it is the proper key, the tops of the bottom pins will match with the spot 
        where the plug and housing meet, thus allowing you to turn the plug, and open 
        the door, etc. When you insert the key, the bottom pins go into the valleys of 
        the key, thus meaning that the key must have the right height valleys to make 
        the lock open. Now we can move on to how to pick a lock.
















                                (c) 1990 
        24                        The Survivalist's Second Strike Handbook


             In order to pick a lock we depend on the inaccuracy of the manufacturing 
        process. The first thing to do is to insert the tension wrench into the lock 
        and apply a slight pressure to the left (or right if you wish) so that if you 
        could look inside the lock at where the plug and the housing would meet, it 
        would look like this:
        
                       | |*| |
             HOUSING   | |*| |
                       | |*| |
             __________| |*| |___________
             __________  |*| ____________
                      |  |*||
             PLUG     |  |_||
                      |   _ |
                      |  |*||
                      |  \_/|
        
             Now a slight pressure is on the pins. Because the pins can not be pro
        duced exactly the same, there is one pin which is the widest and therefore has 
        more tension on it, and one which is the thinnest and has almost no pressure 
        on it. We now use the pick to >gently< push each pin up (and try to feel it 
        when you let it down) until we find which is the tightest on and which is loos
        est. Getting the feel for this is the hardest part of lock picking. Now that 
        you have found the loosest one, gently press it upward until you feel a slight 
        reduction in tension on the tension wrench. This will happen when the top of 
        the bottom pin becomes even with the junction of the plug and the housing. Do 
        not release any tension from the wrench now! The driver will now be trapped in 
        the housing as illustrated here: 
        
                    | |*| |
           HOUSING  | |*| |
                    | |*| |
         ___________| |_| |___________
         _______________     ___________
                       | |*| |
            PLUG       | |*| |
                       | \_/ |
                       |     |
        
             Now you continue this process with each of the pins until you work your 
        way up to the one that is widest. With some practice you can get fairly fast 
        at this. I suggest practicing on a four pin tumbler lock that is bought from a 
        hardware store, the cheaper the better.














                           An M & M Enterprises Production 
        SECURITY AND SURVEILLANCE                                       25


             I would like to discuss a particular configuration of the pins now that 
        may present a particularly hard job to pick. This is graphically shown here by 
        the two middle pins:
        
                |*| |*| |*| |*|
                |*| |*| |_| |*|
                |*| |*|  _  |*|
                |_| |*| |*| |_|
                 _  |*| |*|  _
                |*| |*| |*| |*|
                |*| |_| |*| |*|
                |*|  _  |*| |*|
                |*| |*| |*| |*|
                \_/ \_/ \_/ \_/
        
                     \_______________
        
             When you try to push the 2nd pin from the left up, you will unavoidably 
        be pushing the one in front of it up because of it's long bottom pin. The only 
        solution for this is to get a special pick that looks like this:
        
                 \
                  \   _______________
                   \_/
        
             The major problem with this is that it is hard to initially detect. The 
        reason that it makes it harder if it is not immediately apparent is that you 
        unavoidably push the 3rd pin from the left up into the housing, getting it 
        jammed:
        
                     | |*| |
           HOUSING   | |_| |
                     |  _  |
                     | |*| |
           __________| |*| |________
           ___________ |*| ________
                      ||*||   
             PLUG     ||*||
                      |\_/|
        
        
             I would also like to address a technique called raking. It uses a tool 
        like this:
        
                \/\/\/\___________
        
             Basically you "rake" it back and forth across the pins, hoping that 
        combined with the tension it will give you the right combination. This way has 
        been known: fast sometimes, but is not very reliable, and I would suggest 
        learning to actually "pick" the lock.







                                (c) 1990 
        26                        The Survivalist's Second Strike Handbook


             Earlier I promised an address to order locksmithing materials from, so 
        here it is:
        
         GARRISON PROTECTIVE ELECTRONICS
                    BOX 128
          NEW GARDENS, NEW YORK, 11415
        
        Sources: personal practice and many  excellent books from mentor press, if you 
        would like their catalog, send a SASE to:
        
            THE INTELLIGENCE LIBRARY
               MENTOR PUBLICATIONS
               135-53 NORTHERN BLVD.
               FLUSHING, NY  11354
        
             And ask for any information available on the intelligence library.
        
             MASTER LOCKS
        
             Have you ever tried to impress your friends by picking one of those 
        Master combination locks and failed? Well then read on. The Master lock compa
        ny has made this kind of lock with a protection scheme. If you pull the handle 
        of it hard, the knob won't turn. That was their biggest mistake. Ok, now on to 
        it.
        
            1st number.  Get out any of the Master locks so you know what's going on.
        
               1: The handle part (the part that springs open when you get the 
                  combination), pull on it, but not enough so that the knob won't 
                  move. 
        
               2: While pulling on it turn the knob to the left until it won't move 
                  any more. Then add 5 to this number. Congratulations, you now have 
                  the 1st number.
        
            2nd number. Spin the dial around a couple of times, then go to the 1st 
        number you got, then turn it to the right, bypassing the 1st number once. WHEN 
        you have bypassed it, start pulling the handle and turning it. It will eventu
        ally fall into the groove and lock. While in the groove, pull on it and turn 
        the knob. If it is loose, go to the next groove; if it's stiff you got the 
        second number.
        
            3rd number: After getting the 2nd, spin the dial, then enter the 2 num
        bers. After the 2nd, go to the right and at all the numbers pull on it. The 
        lock will eventually open if you did it right. If you can't do it the first 
        time, be patient, it takes time.
        
        
             COMBINATION LOCKS
        
             Ok, so you say you want to learn how to pick combination locks. First of 
        all, we will discuss the set-up of a lock. When the lock is locked, there is a 
        curved piece of metal wedged inside the little notch on the horseshoe shaped 
        bar that is pushed in to the lock when you lock it.



                           An M & M Enterprises Production 
        SECURITY AND SURVEILLANCE                                       27


             To free this wedge, you must turn the lock to the desired combination and 
        the pressure on the wedge is released therefore letting the lock open.  
        
             I will now tell you how to make a pick so you can open a lock without 
        having to waste all that time turning the combination.
         
             First of all, you need to find a hairpin. Once you have your hair pin 
        (make sure it's metal), take the ridged side and break it off right before it 
        starts to make a U-turn onto the straight side. The curved part can now be 
        used as a handle. Now, using a file, file down the other end until it is 
        fairly thin. You should do this to many hairpins and file them so they are of 
        different thicknesses so you can pick various locks. Some locks are so cheap 
        that you don't even have to file.  
        
             Now if you haven't figured it out, here's how you use it. You look at a 
        lock to see which side the lock opens from. If you can't tell, you will just 
        have to try both sides. When you find out which side it opens from, take the 
        lock pick and stick the filed end into the inside of the horseshoe-shaped bar 
        on whichever side the lock opens from. Now, put pressure on the handle of the 
        lock pick (pushing down, into the crack) and pull the lock up and down. The 
        lock will then open because the pick separated the wedge and the notch.
        
             ADDITIONAL TECHNIQUES FOR PICKING LOCKS
        
             If it becomes necessary to pick a lock, the world's most effective lock
        pick is dynamite, followed by a sledgehammer. There are unfortunately, prob
        lems with noise and excess structural damage with these methods. The next best 
        thing, however, is a set of army issue lockpicks. These, unfortunately, are 
        difficult to acquire. If the door is locked, but the deadbolt is not engaged, 
        then there are other possibilities. The rule here is: if one can see the 
        latch, one can open the door. 
        
             There are several devices which facilitate freeing the latch from its 
        hole in the wall. Dental tools, stiff wire (20 gauge), specially bent aluminum 
        from cans, thin pocket-knives, and credit cards are the tools of the trade. 
        The way that all these tools and devices are uses is similar: pull, push, or 
        otherwise move the latch out of its hole in the wall, and pull the door open. 
        This is done by sliding whatever tool that you are using behind the latch, and 
        pulling the latch out from the wall. To make an aluminum-can lockpick, use an 
        aluminum can and carefully cut off the can top and bottom. Cut off the cans' 
        ragged ends. Then, cut the open-ended cylinder so that it can be flattened out 
        into a single long rectangle. This should then be cut into inch wide strips. 
        Fold the strips in 1/4 inch increments (1). One will have a long quadruple-
        thick 1/4 inch wide strip of aluminum. This should be folded into an L-shape, 
        a J-shape, or a U-shape. This is done by folding. The pieces would look like 
        this:
        
         (1)
              __________________________________________   v
        1/4   |_________________________________________|  |
        1/4   |_________________________________________|  | 1 inch
        1/4   |_________________________________________|  |
        1/4   |_________________________________________|  |
                                                           ^



                                (c) 1990 
        28                        The Survivalist's Second Strike Handbook


             Fold along lines to make a single quadruple-thick piece of aluminum. This 
        should then be folded to produce an L, J, or U shaped device that looks like 
        this:
          ___________________________________
         / __________________________________|
        | |
        | |   L-shaped     ____________________________ 
        | |               / ___________________________| 
        | |              | |                             
        |_|              | |   J-shaped        ____________________                
                         | |                  / ___________________|             
                         | |_______          | |                                 
                          \________|         | |                                 
                                             | |   U-shaped       
                                             | |                    
                                             | |___________________
                                              \____________________|
                      
        
             All of these devices should be used to hook the latch of a door and pull 
        the latch out of its hole.  The folds in the lockpicks will be between the 
        door and the wall, and so the device will not unfold, if it is made properly.
        
        WIRE TAPPING
        
             FEDERAL LAW:
        
             Section 605 of title 47 of the U.S code, forbids interception of communi
        cation, or divulgence of intercepted communication except by persons outlined 
        in section 119 of title 18 (a portion of the Omnibus crime control and safe 
        streets act of 1968). This act states that "It shall not be unlawful under 
        this act for an operator of a switchboard, or an officer, employee, or agent 
        of any communication common carrier who's switching system is used in the 
        transmission of a wire communication to intercept or disclose intercepted 
        communication."
        
             What this legalese is saying is that if you don't work for a phone compa
        ny, then you can't go around tapping people's lines. If you decide to anyway, 
        and get caught, it could cost you up to 5 years of your life and $10,000. 
        This, you are all assuming, means that if you tap someone else's line, you 
        will be punished - wrong! You can't tap your own line either. The punishment 
        for this is probably no more than a slap on the hand, that is if they actually 
        catch you, but it's a good thing to know.
        
             BUG DETECTION ON HOME PHONES
         
             First of all, to test for bugs, you need a VOM (Multimeter) the higher 
        the impedance the better (a Digital with FET circuitry or a Vacuum Tube Volt 
        Meter is the best).








                           An M & M Enterprises Production 
        SECURITY AND SURVEILLANCE                                       29


             First disconnect the phone line(s) AT BOTH ENDS. Undo the phone instru
        ment and hook it up to the entry point of the phone line from the outside 
        world (Ma Bell does not like you cut her off completely). The scheme is the 
        physically isolate your house, apartment, etc from the outside world. But 
        before you do this measure the line voltage (it should be approximately 48 
        Volts).
         
             Now with the wires disconnected at both set your resistance scale to a 
        high reading and measure the resistance of the phone line, it should be very 
        high on the order of million ohms or more, this is the normal condition, since 
        you are measuring the resistance of an open circuit. If it is much less, say 
        50-100Kohms then you a device on the line that does not belong there, probably 
        a parallel bug.
         
             Now twist the end of the disconnected wire and go to the other end and 
        measure the resistance of this. This resistance should be about one ohm or two 
        at the most in a big house with a lot of phones. If it is more, then you 
        probably have a series bug.
         
             If in the first case, taking parallel measurements using a meter (not 
        LED/LCD) and you notice a "kick" in the needle, you probably have a line tap.
         
             Now if you also make a measurement with the wire end twisted together and 
        you notice the resistance reads about 1-2kohms, then you may have a drop-out 
        relay. A drop-out relay is a relay that senses a phone going off hook, and 
        signals a tape recorder to start recording.
         
             Another test to do with the phones still hooked up to the outside world, 
        on hook voltage is about 48 Volts and off hook is about 6-10 Volts. Any other 
        conditions may mean telephone surveillance.
         
             If you use a Wide Range Audio frequency generator and call your house, 
        apartment, etc. from another phone and sweep up and down the spectrum, and you 
        notice the phone answers itself somewhere in the sweep you probably have an 
        infinity transmitter on your line.
         
             An Infinity transmitter is a neat device It allows you to call the bugged 
        place and it shuts off the ringer and defeats the switchhook, so the mouth
        piece now becomes a room bug.  It was originally sold from the traveling 
        business man to make sure his wife was safe at home not being attacked.

















                                (c) 1990 
        30                        The Survivalist's Second Strike Handbook


             THE BUG DETECTOR
        
             What you will need: (the number in brackets is a reference number which 
        matches the schematic. The number in parentheses is the amount of the part 
        needed.)
        
           [1] (1) 1n34a crystal diode
           [2] (2) 2n107 audio transistors (ge-2 or equivalent)
           [3] (1) 3k ohm variable resistor
           [4] (2) 560 ohm 1/2 watt resistor
           [5] (1) 15k ohm variable resistor
           [6] (1) 500 ohm variable resistor
           [7] (1) .002 Uf capacitor
           [8] (1) 1.5 Volt aa battery
           [9] (1) aa battery holder
          [10] (1) 0-300 microammeter (Lafayette 99-g-5028 or equivalent)
          [11] (1) 10 millihenry choke (ohmite z-50)
          [12] (1) single-pole single-throw (spst) toggle switch
          [13] (1) project box (radio shack)
          [14] (1) antenna (either from an old transistor radio or a stiff
                   piece of wire will also work)
          [15] (1) 2000 ohm headset (or a miniature earphone like most tv
                   and radios use)
        
             The parts can be purchased from Radio Shack for less than $20. This is a 
        very good high-gain meter-type bug detector. It has a crystal diode with 2 
        amplification stages to boost the power of the meter. This produces a broad-
        band, battery-powered, receiver that can sense radio-frequency transmitters up 
        to a mile away. Unfortunately, it will also pick up a commercial am or fm 
        station up to 3 miles away.



























                           An M & M Enterprises Production 
        SECURITY AND SURVEILLANCE                                       31


               Bug detector schematics:
                                       (--)                           
                                      (    )
        [14]       [1]               (  |---)------------+-------+------|
         (*)-----+--|<---+------+---(---|    )           |       |      |
          |      |       |      |    (  |<--)----        \       O--    |
          |      |   [3] \      |     (    )     |   [4] /         |    |
         \-/     (       /  [7] |  [2] (--)      |       \  [12]   |    |
          v      )    -->\     ---               |       /       O |    |
             [11](   |   /     ^^^               |       |       |      |
         [0]     )   |   \      |                |       |       |      |
                 |    ---+      |                |       /       |      |
                 |       |      |                |   [4] \ [8&9] - (-)  | 
                 |       |      |                |       /      ---(+)  |
                 --------+------+----------------        |       |      |
                         |      |                        |       |      |
                         |      |      [2]   (--)        |       |      |
                      (--O      |           (    )       |       |      |
                     /          |          (  |<--)------+-------|      |
                 [15]\           ---------(---|    )                    |
                      (--O                 (  |---)--+----+--\/\/\/-----|
                         |                  (    )   |    |     ^        
                         |                   (--)    |    | [5] |        
                         |   [10]                    |    |     |        
                         |                 [6]       |     -----        
                         |    (-)                    |
                          ---( A )-----+--\/\/\------|   
                              (-)      |    ^
                                       |    |
                                        ---- 
        
        WIRE TAPPING
        
             Everyone has at some time wanted to hear what a friend, the principal, 
        the prom queen, or a neighbor has to say on the phone.  There are several easy 
        ways to tap into a phone line. None of the methods that I present will involve 
        actually entering the house.  You can do everything from the backyard. I will 
        discuss four methods of tapping a line. They go in order of increasing diffi
        culty.
        
             (1) The "beige box": a beige box (or bud box) is actually better known as 
        a "lineman" phone. They are terribly simple to construct, and are basically 
        the easiest method to use. They consist of nothing more than a phone with the 
        modular plug that goes into the wall cut off, and two alligator clips attached 
        to the red and green wires.  
        
             The way to use this box is to venture into the yard of the person you 
        want to tap, and put it onto his line. This is best done at the bell phone box 
        that is usually next to the gas meter.  It should only have one screw holding 
        it shut, and is very easily opened. Once you are in, you should see 4 screws 
        with wires attached to them. If the house has one line, then clip the red lead 
        to the first screw, and the green to the second. You are then on the "tap
        pee's" phone. You will hear any conversation going on. I strongly recommend 
        that you remove the speaker from the phone that you're using so the "tappee" 
        can't hear every sound you make.  


                                (c) 1990 
        32                        The Survivalist's Second Strike Handbook


        
             If the house has two lines, then the second line is on screws three and 
        four. If you connect everything right, but you don't get on the line, then you 
        probably have the wires backward.  Switch the red to the second screw and the 
        green to the first. If no conversation is going on, you may realize that you 
        can't tap the phone very well because you don't want to sit there all night, 
        and if you are on the phone, then the poor tappee can't dial out, and that 
        could be bad, so method two.
        
             (2) The recorder: This method is probably the most widespread, and you 
        still don't have to be a genius to do it. There are LOTS of ways to tape 
        conversations. The two easiest are either to put a "telephone induction pick
        up" (Radio Shack $1.99) on the beige box you were using, then plugging it into 
        the microphone jack of a small tape recorder, and leaving it on record. Or 
        plugging the recorder right into the line. This can be done by taking a walk
        man plug, and cutting off the earphones, then pick one of the two earphone 
        wires, and strip it. There should be another wire inside the one you just 
        stripped. Strip that one too, and attach alligators to them. Then follow the 
        beige box instructions to tape the conversation.  
        
             In order to save tape, you may want to use a voice activated recorder 
        (Radio Shack $59), or if your recorder has a "remote" jack, you can get a 
        "telephone recorder control" at Radio shack for $19 that turns the recorder on 
        when the phone is on, and off when the phone is off. This little box plugs 
        right into the wall (modular of course), so it is best NOT to remove the 
        modular plug for it. Work around it if you can. If not, then just do you best 
        to get a good connection. When recording, it is good to keep your recorder 
        hidden from sight (in the Bell box if possible), but in a place easy enough to 
        change tapes from.
        
             (3) The wireless microphone: this is the BUG. It transmits a signal from 
        the phone to the radio (FM band). You may remember Mr. Microphone (from Kaytel 
        fame); these wireless microphones are available from Radio Shack for $19. They 
        are easy to build and easy to hook up.  
        
             There are so many different models, that it is almost impossible to tell 
        you exactly what to do. The most common thing to do is to cut off the micro
        phone element, and attach these two wires to screws one and two.  The line 
        MIGHT, depending on the brand, be "permanently off hook". There are two draw
        backs to using this method. One, is that the poor person who is getting his 
        phone tapped might hear himself on "FM 88, the principal connection".  The 
        second problem is the range. The store bought transmitters have a VERY short 
        range. 
        
             (4) The "easy-talks": This method combines all the best aspects of all 
        the other methods. It only has one drawback: You need a set of "Easy-talk" 
        walkie talkies. They are voice activated, and cost about $59. You can find 
        them at toy stores, and "hi-tech" catalogs. I think that any voice activated 
        walkie talkies will work, but I have only tried the easy-talks.  








                           An M & M Enterprises Production 
        SECURITY AND SURVEILLANCE                                       33


             First, you have to decide on one for the "transmitter" and one for the 
        "receiver". It is best to use the one with the strongest transmission to 
        transmit, even though it may receive better also. De-solder the speaker of the 
        "transmitter", and the microphone of the "receiver". Now, go to the box. Put 
        the walkie talkie on "VOX" and hook the microphone leads (as in method three) 
        to the first and second screws in the box.  
        
             Now go home, and listen on your walkie talkie. If nothing happens, then 
        the phone signal wasn't strong enough to "activate" the transmission.  If this 
        happens, there are two things you can do. One, add some ground lines to the 
        microphone plugs. This is the most inconspicuous, but if it doesn't work then 
        you need an amplifier, like a walkman with two earphone plugs. Put the first 
        plug on the line, and then into one of the jacks. Then turn the volume all the 
        way up (w/out pressing play). Next connect the second earphone plug to the 
        mice wires, and into the second earphone outlet on the walkman.  Now put the 
        whole mess in the box, and lock it up.  This should do the trick. It gives you 
        a private radio station to listen to them on: you can turn it off when some
        thing boring comes on, and you can tape off the walkie talkie speaker that you 
        have!
        
        HELPFUL HINTS
        
             First of all, with method one, the beige box, you may notice that you can 
        also dial out on the phone you use. I don't recommend that you do this. If you 
        decide to anyway, and do something conspicuous like set up a 30 person confer
        ence for three hours, then I suggest that you make sure the people are either 
        out of town or dead. In general, when you tap a line, you must be careful. I 
        test everything I make on my line first, then install it late at night. I 
        would not recommend that you leave a recorder on all day. Put it on when you 
        want it going, and take it off when you're done. As far as recording goes, I 
        think that if there is a recorder on the line it sends a sporadic beep back to 
        the phone co. I know that if you don't record directly off the line (i.e off 
        your radio) then even the most sophisticated equipment can't tell that you're 
        recording. Also, make sure that when you install something, the people are NOT 
        on the line. Installation tends to make lots of scratchy sounds, clicks and 
        static. It is generally a good thing to avoid. It doesn't take too much intel
        ligence to just make a call to the house before you go to install the thing. 
        If it's busy then wait a while.
        
        WIRE TAPPING DEVICES
        
             First I'll discuss taps a little. There are many different types of taps. 
        There are transmitters, wired taps, and induction taps to name a few. Wired 
        and wireless transmitters must be physically connected to the line before 
        they'll do any good.
        
             Once a wireless tap is connected to the line, it can transmit all conver
        sations over a limited range. The phones in the house can even be modified to 
        pick up conversation in the room and transmit them too! These taps are usually 
        powered off the phone line, but can have an external power source.







                                (c) 1990 
        34                        The Survivalist's Second Strike Handbook


             Wired taps, on the other hand, need no power source, but a wire must be 
        run from the line to the listener or to a transmitter. There are obvious 
        advantages of wireless taps over wired ones. There is one type of wireless tap 
        that looks like a normal telephone mike.  All you have to do is replace the 
        original mike with this and it'll transmit all conversations!
        
             There is an exotic type of wired tap known as the 'infinity transmitter' 
        or 'harmonica bug'. In order to hook up one of these, you need access to the 
        target telephone. It has a tone decoder and switch inside. When it is in
        stalled, someone calls the tapped phone and *before* it rings, blows a whistle 
        over the line. The x-mitter receives the tone and picks up the phone via a 
        relay. The mike on the phone is activated so the caller can hear all conversa
        tions in the room.
        
             Induction taps have one big advantage over taps that must be physically 
        wired to the phone. They don't have to be touching the phone in order to pick 
        up the conversation. They work on the same principle as the little suction-cup 
        tape recorder mikes you can get a radio shack. Induction mikes can be hooked 
        up to a transmitter or be wired.
        
             Here is an example of industrial espionage using the phone:
        
             A salesman walks into an office and makes a phone call. He fakes the 
        conversation, but when he hangs up he slips some foam-rubber cubes under the 
        handset, so the phone is still of the hook. The called party can still hear 
        all conversations in the room. When someone picks up the phone, the cubes fall 
        away unnoticed.
        
             Electronic Eavesdropper
        
             Have you ever considered buying one of those hi powered microphones often 
        seen in electronics magazines, but thought it was to much to buy?  The circuit 
        shown below will provide you with the information to build one for a lot less 
        money.
        
             These audio eavesdropping devices are probably one of the hottest items 
        in the underground due to their ability to pick up voices through thick walls. 
        You can also attach the speaker wires to a tape recorder and save all the 
        conversation.
        
        Parts list:
        
        M1    Amplifier Module. (Lafayette 99C9037 or equiv.)
        M2    9-VDC battery.
        M3    Microphone
        R1    20K potentiometer with spst switch.
        S1    Spst switch on R1
        SP1   8-ohm speaker
        T1    Audio transformer (Radio Shack part # 273-1380)








                           An M & M Enterprises Production 
        SECURITY AND SURVEILLANCE                                       35


             Schematics
              ------+--------M1
             |      |        |
             |      |red     |blu
             |      |        |
             |      transformer
             |      |  T1    |
             |      |yel     |grn                 S1 is on the potentiometer
              ------+        |                    M3 can be an earphone earpiece
                    |   -----        -------
                    |  |            |       |
                   b| b| r+M2+b o+S1+o      |
                   l| l| e|  |l r|  |r      |
                   k| u| d|  |k g|  |g      |
                 *********************      |
                *                 yel>*-+   |
                *                     * R   |
                *          M1         * 1-  |
                *                 red>*-+ | |
                *                     *   |<<
                 *********************    |
                  b|   |g     y|          |
                  l|   |r     e|          |
                  k|   |y     l|          |
                   |   |        ---------- 
                   +SP1+
        
        CAR TRACKER
        
             This gadget is what is called a bumpbeeper. It attaches to the under side 
        of a car with magnets and then sends out a signal that can be heard on a 
        radio.
        
        Parts list: () = diagram #
        
        (1) 2n635a transistor                          (2) 4.3K 1/2 watt resistor
        (3) 1 meg potentiometer                        (4) 10k 1/2 watt resistor
        (5) 50pf capacitor                             (6) 365pf variable capacitor
        (7) .005Uf capacitor                           (8) .01Uf capacitor
        (9) ferrite loopstick (from a crystal radio)   (10) coil [see text]    
        (11) single-pole single-throw switch           (12) 9 volt battery
        (opt.) Battery clip & case                     (13) antenna
        
             This device is a constant tone signaling source that can be tuned to any 
        clear spot below 1000 khz. If magnets are attached to the case, it can quickly 
        be installed under the persons car. (9) is a standard ferrite loopstick that 
        can be purchased at Radio Shack. (10) Is simply 12 turns of plastic covered 
        hookup wire wound over (9).









                                (c) 1990 
        36                        The Survivalist's Second Strike Handbook


                           [6]
                      -----|(-------
                     |              |                  
                     |              |           [11]     
         [13]        |     [9]      |                   
          (*)--|(----+---______-----+------+----o| o----------
           |   [5]       ^^^^^^     |      |                  |
           |                |       \      |                  -
           |                |       /      V            [12] ---
           V                |    [4]\     GND                 | 
          GND               |       /      ^                  |
                            |       |      |                  \ 
                             --|(---+      |                  / 
                               [7]  |      U [8]         [2]  \
                                    |      -                  /
                                    |      |                  | 
                                    |       ----------+-------+
                                    |                 |       |
                                    |                 (       |
                                    |                 )       |               
                                    |                 ( [10]  |
                                    |       (--)      )       |
                                    |  [1] (    )     |       V
                                    |     (   |--)----+-----\/\/\--
                                    |----(----|   )          [3]
                                          (   |<-)---->GND
                                           (    )
                                            (--)
        
        To tune the transmitter:
        
        1) Pick an empty spot on the am car radio below 1000 khz.
        2) Switch on the transmitter with the spst switch.
        3) Tune the 365 variable capacitor slowly until a shrill note can be heard 
        from the car radio.
        4) The pitch of the note is adjustable by turning the 1 meg potentiometer





















                           An M & M Enterprises Production 
        SECURITY AND SURVEILLANCE                                       37


        MAKING A SHOCK ROD
        
             This handy little circuit is the key to generating THOUSANDS of volts of 
        electricity for warding off attackers (notice the plural). It generates it all 
        from a hefty 6-volt source and is easily fit into a tubular casing.
        
             To build this, all you need is a GE-3 transistor, a 6.3-volt transformer, 
        and a handful of spare parts from old radios.  The amount of shock you wish to 
        generate is determined by the setting of potentiometer R1, a 15,000 ohm varia
        ble resistor.  Hint:  for maximum shock, set R1 at maximum!
        
        Item #	 *  Description
         C1	 * 500uF, 10-WVDC electrolytic capacitor
         C2	 * 2000uF, 15-WVDC electrolytic capacitor
         M1	 * 6-VDC battery
         M2,M3	 * Leads
         Q1	 * GE-3 transistor (2n555 will also do)
         R1	 * 15K potentiometer
         R2	 * 160-ohm resistor
         S1	 * Spst switch
         T1	 * 6.3-VAC filament transformer (Triad F-14x or equiv.)
         X1	 * 1N540 diode
        
        Schematics:
        
            +---C1---------------
            |                    |  HOT
            |     +-----+        | LEAD
            +---|<Q1    |        )(-->
          R1*     +     |   +--->)(
        +-->*     |     |   |    )(
        |   *  +--+     |   |    )(-->
        |   |  |  |     |   |    | TO
        |   |  |  |     |   |    | GND
        |   *  C2 |     +---|----+
        |  R2  |  |         |    |
        |   *  |  |         | X1 |
        +---+--+--|---------|-->-+
                  | +/-     |    |
                  +*M1*-*S1*+   GND -
        
        















                                (c) 1990 
