http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1115503,00.html?FromTaxonomy=%2Fpr%2F289185
How to perform a bug sweep
Al Berg, CISSP, CISM
08.12.2005
Rating: -3.67- (out of 5)
The revelation of the identity of Deep Throat, the secret source of
the Watergate scandal, reminded me of an old threat we still face
today known as "bugging" or, as those in the business call it,
"technical surveillance." Receiving information about a victim
through audio or video surveillance provides an attacker with a
wealth of information. And, as today's electronics become more
sophisticated, bugging equipment once available only to spies is now
easily obtainable on the Internet. In response to this threat, many
corporations have started to perform bug sweeps or Technical Security
Counter Measure (TSCM) operations, with the help of outside contractors.
TSCM is a specialized area, and performing a sweep requires expensive
equipment that needs regular updating. As a result, sweeps can be
pricey, although not as pricey as the losses from a bugged office.
Many firms charge more than $10,000 for one floor of an office
building. Therefore, you may want to limit the scope of the sweep to
especially sensitive areas such as corporate management offices,
boardrooms, etc. If you take this approach, it is important to
remember to limit sensitive discussions to the "cleared" areas.
When researching vendors, ask about the equipment and techniques they
use. Legitimate TSCM firms are up front about their techniques and
technology. To find out if a potential vendor is legitimate, ask for
references and seek out recommendations. Your local chapter of the
FBI InfraGard or Secret Service Electronics Crimes Task Force may be
a good place to start. Industry associations, such as the American
Society for Industrial Security (ASIS), may also be of help.
To help weed out the wannabes, let's take a closer look at five basic
technologies used by genuine TSCM operators:
RF detection. Some surveillance devices use radio frequency (RF)
transmissions to carry their signals to the listener. To find these,
TSCM analysts use an RF analyzer like REI's OSCOR (Omni Spectral
Correlator). The OSCOR absorbs the RF transmissions in an area and
uses a built-in database to filter out those known to be legitimate,
such as TV and radio stations. The remaining transmissions are
presented to an operator for analysis to determine if they pose a
threat. The OSCOR is also used to store a profile of the radio
frequency environment of the location. During later sweeps, comparing
the record of the previous environment with a new set of signals can
quickly point to potential problems.
Detection of electronics. More sophisticated surveillance devices can
be turned on and off as needed. When a bug is turned off, it does not
transmit any RF signals and is therefore invisible to RF detection
devices. In order to find these stealthy devices, the TSCM
professional will turn to a Non Linear Junction Detector (NLJD). The
NLJD looks a bit like one of those metal detectors they used to sell
in the back of comic books. It works by sending out RF signals tuned
to cause the semiconductors in electronic devices to resonate, even
if they are powered off. During a sweep, the TSCM operator passes the
NLJD over every surface in the office, looking for electronics in
places where they should not be.
Heat can be another telltale sign that electronics are present.
Because small heat variations may point to a power supply, a TSCM
toolkit should include a thermal imager, which the operator uses to
scan the office and objects in it. If hot spots are found in unlikely
places, a manual inspection is conducted to determine if they are
from suspect devices.
Phone and power lines are also popular places for the placement of
surveillance devices. Phone lines provide power, access to
conversations and other information, and a way for attackers to
receive information. Power lines can provide power to devices hidden
in electrical outlets and transmit information out of the area under
surveillance. The TSCM operator will use equipment to detect
anomalous behavior on these lines, such as voltage drops or the
presence of sub carriers.
Some surveillance devices may use infrared light to transmit their
signals back to an attacker. An infrared viewer may reveal the
presence of these devices. The TSCM operator scans the area looking
for questionable IR sources and then investigates them further manually.
Like other forms of security testing, TSCM sweeps provide you with a
snapshot of conditions at a particular time. For continued assurance
that your offices are "clean" of surveillance devices, you'll need to
repeat sweeps periodically. Most vendors provide some sort of "volume
discount" for annual or biannual services.
TSCM services are not for every company, but if the disclosure of
conversations or phone calls in your offices would cause irreparable
harm to your business, you should consider checking to see if your
walls have ears.
About the Author
Al Berg, CISSP, CISM is Information Security Director of New York
City based Liquidnet (www.liquidnet.com). Liquidnet is the leading
electronic venue for institutional block equities trading and the 4th
fastest growing privately held financial services company in the US.
----------------------------------------------------------------------------------------------------
We Expertly Hunt Real Spies, Real Eavesdroppers, and Real Wiretappers.
----------------------------------------------------------------------------------------------------
James M. Atkinson Phone: (978) 546-3803
Granite Island Group Fax: (978) 546-9467
127 Eastern Avenue #291 Web:
http://www.tscm.com/
Gloucester, MA 01931-8008 Email: mailto:jm..._at_tscm.com
----------------------------------------------------------------------------------------------------
World Class, Professional, Ethical, and Competent Bug Sweeps, and
Wiretap Detection using Sophisticated Laboratory Grade Test Equipment.
----------------------------------------------------------------------------------------------------
Received on Sat Mar 02 2024 - 00:57:19 CST