"James M. Atkinson" <jm..._at_tscm.com> wrote:
http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1115503,00.html?FromTaxonomy=%2Fpr%2F289185
How to perform a bug sweep
Al Berg, CISSP, CISM
08.12.2005
Rating: -3.67- (out of 5)
The revelation of the identity of Deep Throat, the secret source of
the Watergate scandal, reminded me of an old threat we still face
today known as "bugging" or, as those in the business call it,
"technical surveillance." Receiving information about a victim
through audio or video surveillance provides an attacker with a
wealth of information. And, as today's electronics become more
sophisticated, bugging equipment once available only to spies is now
easily obtainable on the Internet. In response to this threat, many
corporations have started to perform bug sweeps or Technical Security
Counter Measure (TSCM) operations, with the help of outside contractors.
TSCM is a specialized area, and performing a sweep requires expensive
equipment that needs regular updating. As a result, sweeps can be
pricey, although not as pricey as the losses from a bugged office.
Many firms charge more than $10,000 for one floor of an office
building. Therefore, you may want to limit the scope of the sweep to
especially sensitive areas such as corporate management offices,
boardrooms, etc. If you take this approach, it is important to
remember to limit sensitive discussions to the "cleared" areas.
When researching vendors, ask about the equipment and techniques they
use. Legitimate TSCM firms are up front about their techniques and
technology. To find out if a potential vendor is legitimate, ask for
references and seek out recommendations. Your local chapter of the
FBI InfraGard or Secret Service Electronics Crimes Task Force may be
a good place to start. Industry associations, such as the American
Society for Industrial Security (ASIS), may also be of help.
To help weed out the wannabes, let's take a closer look at five basic
technologies used by genuine TSCM operators:
RF detection. Some surveillance devices use radio frequency (RF)
transmissions to carry their signals to the listener. To find these,
TSCM analysts use an RF analyzer like REI's OSCOR (Omni Spectral
Correlator). The OSCOR absorbs the RF transmissions in an area and
uses a built-in database to filter out those known to be legitimate,
such as TV and radio stations. The remaining transmissions are
presented to an operator for analysis to determine if they pose a
threat. The OSCOR is also used to store a profile of the radio
frequency environment of the location. During later sweeps, comparing
the record of the previous environment with a new set of signals can
quickly point to potential problems.
Detection of electronics. More sophisticated surveillance devices can
be turned on and off as needed. When a bug is turned off, it does not
transmit any RF signals and is therefore invisible to RF detection
devices. In order to find these stealthy devices, the TSCM
professional will turn to a Non Linear Junction Detector (NLJD). The
NLJD looks a bit like one of those metal detectors they used to sell
in the back of comic books. It works by sending out RF signals tuned
to cause the semiconductors in electronic devices to resonate, even
if they are powered off. During a sweep, the TSCM operator passes the
NLJD over every surface in the office, looking for electronics in
places where they should not be.
Heat can be another telltale sign that electronics are present.
Because small heat variations may point to a power supply, a TSCM
toolkit should include a thermal imager, which the operator uses to
scan the office and objects in it. If hot spots are found in unlikely
places, a manual inspection is conducted to determine if they are
from suspect devices.
Phone and power lines are also popular places for the placement of
surveillance devices. Phone lines provide power, access to
conversations and other information, and a way for attackers to
receive information. Power lines can provide power to devices hidden
in electrical outlets and transmit information out of the area under
surveillance. The TSCM operator will use equipment to detect
anomalous behavior on these lines, such as voltage drops or the
presence of sub carriers.
Some surveillance devices may use infrared light to transmit their
signals back to an attacker. An infrared viewer may reveal the
presence of these devices. The TSCM operator scans the area looking
for questionable IR sources and then investigates them further manually.
Like other forms of security testing, TSCM sweeps provide you with a
snapshot of conditions at a particular time. For continued assurance
that your offices are "clean" of surveillance devices, you'll need to
repeat sweeps periodically. Most vendors provide some sort of "volume
discount" for annual or biannual services.
TSCM services are not for every company, but if the disclosure of
conversations or phone calls in your offices would cause irreparable
harm to your business, you should consider checking to see if your
walls have ears.
About the Author
Al Berg, CISSP, CISM is Information Security Director of New York
City based Liquidnet (www.liquidnet.com). Liquidnet is the leading
electronic venue for institutional block equities trading and the 4th
fastest growing privately held financial services company in the US.
----------------------------------------------------------------------------------------------------
We Expertly Hunt Real Spies, Real Eavesdroppers, and Real Wiretappers.
----------------------------------------------------------------------------------------------------
James M. Atkinson Phone: (978) 546-3803
Granite Island Group Fax: (978) 546-9467
127 Eastern Avenue #291 Web:
http://www.tscm.com/
Gloucester, MA 01931-8008 Email: mailto:jm..._at_tscm.com
----------------------------------------------------------------------------------------------------
World Class, Professional, Ethical, and Competent Bug Sweeps, and
Wiretap Detection using Sophisticated Laboratory Grade Test Equipment.
----------------------------------------------------------------------------------------------------
---------------------------------
What are the most popular cars? Find out at Yahoo! Autos
--0-894702167-1140557752=:93609
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
<div> Dear Mr. Atkinson:</div> <div> </div> <div> What does someone like me do who needs a sweep and is on SSI due to a spine problem and can't pay $10,000?</div> <div> </div> <div> In the crummy places I lived on my way to SSI, I made some enemies w/some crackheads who had prostitutes, etc. Early on in one such place, before she realized I wouldn't go along w/such stuff, the landlady bragged to me about her box of (illegal) tapes of people, reaffrmed seperately by her best friend who said the landlady taped people (with prostitutes, probably) in rooms and showers. Her illegal cable TV to the rooms of a group of crackheads/sellers who were there a while was probably to entertain them with the tapes, from what I can tell. The landlady came to hate me since for being one who'd call the police and tell her friend to stay the hell away from her.</div> <div> </div> <div> In some crummy places I lived since,
someone banged the wall at 3 a.m. or so most nights. At the end of my stay in the last apt., and at the start of my stay in my current apt., it sounded like someone below would know when and in which room to stick a speaker to the ceiling for a moment one or more times to wake me up. I taped some examples, which at least proves to me I haven't started hearing things at nearly 50 yrs. old if they don't prove anything else. Since then, it's even sounded like someone put something in the mattress to do it--again, I taped it, etc., so I don't need to start wearing a tin foil hat. When I moved here from the last place, I probably unwittingly moved some of their electronic junk with me, making it easy to keep doing it here.</div> <div> </div> <div> It's meant I've felt tired about all the time and missed doctor appt.s. And though I was told I had a 139 IQ on a test result and should go to college, which helps handicapped people better
these days. I tried but kept falling asleep in class/missing classes/cut back on the schedule till I had to drop out last year. (Earlier on, when I was still trying to get up early for work and the neighbor would hit the wall about 3 a.m., it also meant I lost work so couldn't keep up payments on storage, so I lost about everything I had of the place I grew up in, musical instruments, etc., and my Dad's cartoons--he was an artist at the Pittsburgh Press for about 50 yrs. till he died in '82.)</div> <div> </div> <div> I'm not a happy tenant here. I can't believe there's a crime in which people can use cheap gimmicks to hurt you, cause so much trouble, and there's nothing you can do unless you have $10,000 to throw around. I don't get that much money in a year and likely won't this way. You're the expert--is there some law enforcement agency that could help, someone who's a trainee who could help me as an apprenticeship
thing--anything? I want to go back to college, etc.</div> <div> </div> <div> Glen T. Winstein</div> <div> </div> <div> P.S.: if you or anyone you know likes the Grand Theft Auto "Vice City" or "San Andreas" PC games, I wrote walk-throughs for them at:</div> <div> <A href="
http://www.freewebs.com/glenster1/index.htm">
http://www.freewebs.com/glenster1/index.htm</A></div> <div> </div> <div> It's something to do while I can't go to college, anyway.</div> <div> </div> <div> </div> <div> <BR><BR><B><I>"James M. Atkinson" <j..._at_tscm.com></I></B> wrote:</div>
<BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid"><BR><BR>
http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1115503,00.html?FromTaxonomy=%2Fpr%2F289185<BR><BR>How to perform a bug sweep<BR>Al Berg, CISSP, CISM<BR>08.12.2005<BR>Rating: -3.67- (out of 5)<BR><BR>The revelation of the identity of Deep Throat, the secret source of <BR>the Watergate scandal, reminded me of an old threat we still face <BR>today known as "bugging" or, as those in the business call it, <BR>"technical surveillance." Receiving information about a victim <BR>through audio or video surveillance provides an attacker with a <BR>wealth of information. And, as today's electronics become more <BR>sophisticated, bugging equipment once available only to spies is now <BR>easily obtainable on the Internet. In response to this threat, many <BR>corporations have started to perform bug sweeps or Technical Security <BR>Counter Measure (TSCM) operations, with the
help of outside contractors.<BR><BR>TSCM is a specialized area, and performing a sweep requires expensive <BR>equipment that needs regular updating. As a result, sweeps can be <BR>pricey, although not as pricey as the losses from a bugged office. <BR>Many firms charge more than $10,000 for one floor of an office <BR>building. Therefore, you may want to limit the scope of the sweep to <BR>especially sensitive areas such as corporate management offices, <BR>boardrooms, etc. If you take this approach, it is important to <BR>remember to limit sensitive discussions to the "cleared" areas.<BR><BR>When researching vendors, ask about the equipment and techniques they <BR>use. Legitimate TSCM firms are up front about their techniques and <BR>technology. To find out if a potential vendor is legitimate, ask for <BR>references and seek out recommendations. Your local chapter of the <BR>FBI InfraGard or Secret Service Electronics Crimes Task Force may be <BR>a good place to start. Industry
associations, such as the American <BR>Society for Industrial Security (ASIS), may also be of help.<BR><BR>To help weed out the wannabes, let's take a closer look at five basic <BR>technologies used by genuine TSCM operators:<BR><BR>RF detection. Some surveillance devices use radio frequency (RF) <BR>transmissions to carry their signals to the listener. To find these, <BR>TSCM analysts use an RF analyzer like REI's OSCOR (Omni Spectral <BR>Correlator). The OSCOR absorbs the RF transmissions in an area and <BR>uses a built-in database to filter out those known to be legitimate, <BR>such as TV and radio stations. The remaining transmissions are <BR>presented to an operator for analysis to determine if they pose a <BR>threat. The OSCOR is also used to store a profile of the radio <BR>frequency environment of the location. During later sweeps, comparing <BR>the record of the previous environment with a new set of signals can <BR>quickly point to potential problems.<BR><BR>Detection of
electronics. More sophisticated surveillance devices can <BR>be turned on and off as needed. When a bug is turned off, it does not <BR>transmit any RF signals and is therefore invisible to RF detection <BR>devices. In order to find these stealthy devices, the TSCM <BR>professional will turn to a Non Linear Junction Detector (NLJD). The <BR>NLJD looks a bit like one of those metal detectors they used to sell <BR>in the back of comic books. It works by sending out RF signals tuned <BR>to cause the semiconductors in electronic devices to resonate, even <BR>if they are powered off. During a sweep, the TSCM operator passes the <BR>NLJD over every surface in the office, looking for electronics in <BR>places where they should not be.<BR><BR>Heat can be another telltale sign that electronics are present. <BR>Because small heat variations may point to a power supply, a TSCM <BR>toolkit should include a thermal imager, which the operator uses to <BR>scan the office and objects in it. If hot
spots are found in unlikely <BR>places, a manual inspection is conducted to determine if they are <BR>from suspect devices.<BR><BR>Phone and power lines are also popular places for the placement of <BR>surveillance devices. Phone lines provide power, access to <BR>conversations and other information, and a way for attackers to <BR>receive information. Power lines can provide power to devices hidden <BR>in electrical outlets and transmit information out of the area under <BR>surveillance. The TSCM operator will use equipment to detect <BR>anomalous behavior on these lines, such as voltage drops or the <BR>presence of sub carriers.<BR><BR>Some surveillance devices may use infrared light to transmit their <BR>signals back to an attacker. An infrared viewer may reveal the <BR>presence of these devices. The TSCM operator scans the area looking <BR>for questionable IR sources and then investigates them further manually.<BR><BR>Like other forms of security testing, TSCM sweeps provide you
with a <BR>snapshot of conditions at a particular time. For continued assurance <BR>that your offices are "clean" of surveillance devices, you'll need to <BR>repeat sweeps periodically. Most vendors provide some sort of "volume <BR>discount" for annual or biannual services.<BR><BR>TSCM services are not for every company, but if the disclosure of <BR>conversations or phone calls in your offices would cause irreparable <BR>harm to your business, you should consider checking to see if your <BR>walls have ears.<BR><BR>About the Author<BR>Al Berg, CISSP, CISM is Information Security Director of New York <BR>City based Liquidnet (www.liquidnet.com). Liquidnet is the leading <BR>electronic venue for institutional block equities trading and the 4th <BR>fastest growing privately held financial services company in the US.<BR><BR><BR><BR><BR>----------------------------------------------------------------------------------------------------<BR>We Expertly Hunt Real Spies, Real Eavesdroppers,
<hr size=1> <BR>
What are the most popular cars? Find out at <a href="
http://us.rd.yahoo.com/evt=38382/_ylc=X3oDMTEzNWFva2Y2BF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDMmF1dG9z/*http://autos.yahoo.com/newcars/popular/thisweek.html
">Yahoo! Autos</a>
--0-894702167-1140557752=:93609--
Received on Sat Mar 02 2024 - 00:57:19 CST