Technical Surveillance Countermeasures
(TSCM) is another name for such defensive tactics. There are
a number of methods being used today that can compromise your
information. The theft and protection of secrets is a rapidly
expanding market.
Realistically, viewing your threat level has to be considered
since everyone should expect some sort of impending privacy
issue no matter how small. Thanks largely to the Internet you
can arm yourself with much of the knowledge and equipment that
the so-called experts use. If a respected agent of computer
crimes for the Secret
Service in NYC had his T-Mobile Sidekick hacked, who knows
what else happens out there to others in any business.
Realistically, viewing your threat level has to be considered
since everyone should expect some sort of impending privacy
issue no matter how small. Thanks largely to the Internet you
can arm yourself with much of the knowledge and equipment that
the so-called experts use. If a respected agent of computer
crimes for the Secret
Service in NYC had his T-Mobile Sidekick hacked, who knows
what else happens out there to others in any business.
We'll start acoustic ducting evaluation is the inspection of
air ducts, baseboard heaters, coffee rooms, lounges, bathrooms
or any way the architecture of a building can transfer sound. A
simple example is to put your ear to a wall and listen.
Basically anything that requires the use of the naked ear is
called an acoustic
bug. Softer surfaces can help muffle sounds but there are
more efficient means out there. So be aware that the way an
office site is designed can act as a conduit for conversations.
Also, be aware of any changes can have adverse affects. Simply
playing music can do wonders for masking conversations.
Inspection of telephone equipment and wiring is called line
analysis. This is trickier than it seems since sometimes a
possible weakness has an actual purpose to the telecommunication
system. Especially if it requires constant maintenance and
software upgrades.
All instruments should be opened and inspected. Ideally they
should be compared with a known safe phone or device. If you're
not sure, just remove that piece of loose components and wiring
and see if the phone still works. The wiring can be modified in
a switch within the handset that essentially turns it into a
microphone. If you bypass this hook switch, you can listen in
from anywhere on the landline. Technical equipment won't be able
to detect this. Time Domain Reflectometry is the sending of a
pulse down a telephone line. If there is some sort of
disruption; a wall outlet or wiretap; a portion of the pulse
will be sent back to the device called a Time Domain
Reflectometer (TDR). Then the time difference between the
reflection and the continuous run is measured. This helps in
determining the distance to the anomaly.
For instance, the microphone you use in a voice recorder can be
cut in half. Connect the mike head to one set of unused wires
anywhere on the phone wire. Then, so long as there are no breaks
in the wire, connect the other end to the jack that connects to
your recorder. Now place your recorder to be VOX (voice)
activated and now you have an extremely reliable bug. By the
way, this should be manually inspected for since using a
specialized bug detector may see nothing wrong or inconsistent.
A bug such as this that connects to a wire is called a direct tap.
The other general type is called an inductive tap. This is when
an instrument is outside a wire but can still distinguish what’s
transacting over a wire. They are harder to detect since they
don’t draw power from the line such a standard telephone would.
These are referred to as snuffle bugs. A simple probe used in
hunting wire signals has a speaker, which can display sounds. By
accident one day I was working on an apartment intercom system
while using a probe. I could hear conversations
throughout the building quite clearly just through the intercom
boxes mounted on walls from the master unit in the basement.
If you're using wireless headsets or cordless phones, the radio
signals can be intercepted. A cordless phone acts like a radio,
but depending on the frequency and a few other factors, can make
interception extremely difficult. With some manufacturers, you
can buy the same model as your neighbors or the office and have
it join their phone system. Double check Caller ID boxes to see
if they also record numbers dialed besides obviously those being
received. If you're using
VOIP (Voice Over IP), remember that calls can be recorded in
a fashion identical to intercepting data between two computers.
These packets of data can reassemble an audio file. Obviously
electronic devices possess semiconductor components such as
diodes, resistors and such. The method to hunt for these
components is called Non-Linear Junction Detection (NLJD). The
NLJD unit emits a radio signal while listening for the return
signal from an electronic device. This becomes very useful when
a bug is embedded in a picture frame or wall. The eavesdropping
device doesn't have to be active for it to be discovered. If a
device is active and transmitting wirelessly (or even on a
wire), you can detect it with a Radio Frequency Spectrum Analyzer.
Depending on the detection device used, you can determine
whether voice, data or video is being sent, and possibly listen
to the data. Try to use different size antennas or buy one that
collapses. Different frequencies can be detected more
efficiently by using various sizes. The use of filters with
antennas can also help pinpoint devices on specific frequencies.
There is another budding field related to this topic called
Protective Intelligence. Currently there are only a few
experts who do this kind of work.
A laser or an infrared beam can be used at a considerable
distance from a target building. Conversational sounds can
vibrate unto solid objects such as windows. The beam's
reflection varies in relation to the movement to the window,
which is received and converted back into something audible. To
mask the sounds, you could attach a vibrating device (basically
an altered electric razor) to the window.
Of course if the window is open, then a laser can target
another object instead of the window. A beam of light or laser
can be directed to go through a window onto a solid object
thereby nullifying such defensive measures again. Generally you
really can't detect such attacks unless the laser, infrared or
light beam is being used that moment. Certain materials can be
used to detect IR emissions, as well as
the use of passive night vision gear. Certain fabrics or even a
curtain may actually show the spot where a beam of light or
laser is being focused. Unless the room is dusty or you have an
artificial can smoke, you can follow the beam up to a point and
guesstimate it's location. One type of optical bug is an
infrared transmitter. When placed in the area of interest for
transmission of the conversation to an infrared receiver which
will then translate the conversation into an audible format.
Many of these same procedures used can be applied to locating
hidden cameras. A relatively new device uses a series of lasers
to seek out optics. This was originally intended to locate
snipers by bodyguards.
I have listed the techniques, counter-measures and then the
counter to the counter-measures to prevent any false sense of
security. Usually constant vigilance is your best weapon besides
knowing what to look for. Even if you find a “bug sweeper” with
good credentials, certifications and experience, ask them
detailed questions. Not just to test them but also for your own
peace-of-mind. This makes our job easier and we appreciate
greatly when dealing with knowledgeable customers.
The author Francis Kielb welcomes any input from readers.
Especially any stories you may have. If you have any questions,
ask and he’ll try to respond promptly. He is currently
performing these duties for BHE Security
Clients.
|
