Electronic Surveillance
BY YVON DESLAURIERS
© 2011 FrontLine Security (Vol 6, No 2)

Technology has made it possible for anybody to buy very sophisticated electronic devices from a local spy shop or simply online. Such low-cost gadgets can cost your company millions of dollars. Industrial Espionage is more common than we tend to believe -- billions of dollars are lost every year. While many things can be done to prevent the theft of information, it is very difficult to guard against listening devices.

Have You Been Bugged?
Here are 10 common signs that you may have been bugged:

  1. Sensitive information, trade secrets and knowledge of ­business activities appear in places that should not have such access.
  2. Maintenance people show up without appointments or without being called. Utility vehicles are parked outside and no work seems to have been done.
  3. Doors or window locks appear to have been tampered with and suddenly start to malfunction or are found unlocked.
  4. Furniture or other items in the room seem to have been moved around just a bit.
  5. You experience a break-in but nothing appears to have been taken.
  6. Your phone starts to act strangely. There is static or scratching on the line. The signal level is different than normal (i.e. like when a third person is on the line). You hear sound coming from your phone when the handset is on its cradle. You experience interference on your television and/or am-fm radio.
  7. You find evidence suggesting that ceiling tiles or access panels have been removed and/or opened. Small debris is found on the floor.
  8. There is a sudden appearance of new objects in the room.
  9. Electrical, telephone and switches plate covers appear to have been removed.
  10. You receive a gift from a vendor in the mail such as a clock, cd player, desk radio, television, etc, and when you call to thank the vendor, they know nothing about it.

If you suspect a bugging, it is prudent to call for a professional TRA (Threat and Risk Assessment). A good TRA should assess two aspects: Threat To (what needs to be protected) and Threat From (who wants to hurt you). It will help you identify the gap between your current level of protection and the required level of protection you should have, based on those aspects. A good TRA will also ­provide you with a list of who would be interested in what you are trying to protect.

One absolutely crucial fact here will be to identify if the threat comes from outside, from within corporate walls, or both. The fact is, most corporate espionage cases include at least one insider as part of the overall team.

After the TRA, if you suspect you have been “bugged”, the best tool for counter-espionage is TSCM or Technical Security Counter Measures. The TSCM team’s initial investigation will consist of an interview with the key stakeholders to determine the possible level of the threat and review the findings of the TRA. The investigator will then focus on the information and/or materiel deemed to be of potential interest, particularly:

  • Where and how this information and/or material is stored and secured?
  • Who has access to the information?
  • What are the general security features of the building and sensitive rooms?
  • And the big question, who would want this information and how would they get access?

This analysis will highlight the areas and systems that could have been compromised and need to be inspected. This tends to boil down to areas where sensitive information and material are discussed and/or stored (e.g., conference rooms, executive and senior management offices, research and development areas and laboratories). From there, the TSCM inspection will usually be broken down into three distinct phases:

  1. The physical search. The TSCM team physically searches the entire room(s). Every wall plate, and all fixtures are removed, and a visual inspection is carried out to search for any item or wire that should not be in there. The ceiling tiles are removed, and junction boxes opened. Any unidentified system or wire is tagged for further inspection. All access points or holes are investigated to identify suspicious objects. All furniture, decorative objects, pictures or other items (water bottles, pens, cell phones, etc.) are inspected to make sure that nothing has been inserted in them that could serve as an eavesdropping device.
  2. The electronic inspection starts only after the physical inspection is completed. The team will use sophisticated equipment to look for the electronic ­signature of listening devices imbedded in furniture, walls, doors or any other objects of interest. If the investigator has a “hit,” he will dismantle or open the offending item in an effort to locate the source of the signal. All telephones sets, intercom equipment, computer equipment and any other electronic devices are opened and checked for added components and circuits. They will also electronically verify any wires in the room for possible illicit signals. Any unidentified signal on these wires will be investigated for its source, and eliminated if required.
  3. The RF (Radio Frequency) search. During this phase, the investigator will analyse the Radio Frequency spectrum for the presence of any signals that can direct him to an eavesdropping device that uses RF to haul back any information from the room. Any signals that cannot be identified or look suspicious will be tracked back to its source to confirm if the signal comes from inside or outside the premises.

If you suspect that you have been bugged:

  1. Don’t try to find it yourself. You don’t have the necessary equipment and knowledge, and may miss a key area or system.
  2. Don’t discuss the matter in the office. If your corporate protocol requires you to report the suspicion to someone, ask that person to go for coffee and leave the building to find a secure place to discuss.
  3. Don’t contact help using your office phone, your cellular phone or your corporate internet.
  4. Always be aware that the threat may have come from inside – so be careful with whom you discuss this issue.

In terms of response, different approaches can be planned depending if the TRA reveals that the possible threat is from inside or outside your company. The type of premises will also determine the type and the approach of the inspection. If the client owns the entire building, the inspection will be easier to do than if the client shares offices on the same floor. Common walls may cause certain hits due to electronic devices on the other side of the wall and access might be difficult to obtain.

====
Yvon (Sparky) Deslauriers is formerly the Head of TSCM for the Canadian Security Intelligence Service (CSIS) and currently in charge of the TSCM program at The Northgate Group Corp.
© FrontLine Security 2011

RELATED LINKS

Comments

CLICK HERE TO COMMENT ON THIS ARTICLE