To the list, not to any specific person.
What do you define as a "competent sweep team"?
Not to be the devils advocates or anything, but most sweep teams do
not specialize in performing sweeps and instead perform it as a side
job, with minimal (if any) actual competence. Competence in this
profession requires that TSCM be pursued as a full time vocation,
with a hefty investment in both training and equipment, AND a steady
stream of sweeps to keep in practice. If you have the equipment and
the training, but only do 2-3 sweeps per month, or do ten sweeps per
month (but lack the training and equipment) the results will
eventually be disastrous.
If a TSCM team is permitted by the client to take the appropriate
amount of time to perform a sweep then there is no chance that a bug
is going to be missed, but when the client tells you that they are
only going to pay you for a half day on the site, and expect you to
sweep 2500 feet of office space there is a high probability that you
will miss everything.
If you want some ugly statistics, then lets explore some... and
please try to follow my logic so that you do not thing I am just
pulling these numbers out of the lower end of my digestive tract.
Let us assume for a moment that an executive has a typical office
that is 15 feet by 20 feet (senior executive in a New England
office), that the site of the building in relatively secure, of
recent construction, moderately good facility security, video
security systems, access control, etc. The great unwashed masses can
not access this executives office; however, trusted staff, cleaning
people, service and maintenance people can, etc.
His office contains 300 square feet of institutional grade carpet,
modestly priced free standing furniture, and all furnishings are
light enough so that two people can easily move then by themselves,
or a single person can move them out of the room with a furniture
jack. Wrap around windows (on a 6th floor), solid wood door set in a
steel jamb, sheet rock and steel screw stud walls, suspended ceiling
track and tiles, and a 5 foot plenum cavity between the false ceiling
and the true ceiling. The true floor and true ceiling are poured
concrete over a steel deck, and the steel deck is supported by steel
I-beams which are bolted, bonded, and covered in fire insulation. A
dry pipe sprinkler system is present, a fire annunciator and strobe
is in his office, there are no speakers (other then the annunciator).
The lock on his door is a Medeco M3, there is a properly installed
door latch, the hinged are welded, and a latch plate is present.
A wall mounted thermostat is present in the room, that controls an
HVAC manifold in the hallway to control airflow into two ceiling
mounted vents in the room through a 10" duct, but there is no
independent blower or heat exchanger above the false ceiling of his
office, just flexible duct work that can be removed for inspection.
There are two pieces of framed art on the walls, one analog clock
(battery operated), an iPod and speaker, two digital telephones, two
network connections, one laptop, and the only wiring into the room
are those pairs used for the phone or data, and there are no unused
wires in the room. This business controls both the floor above and
below this office, as well as all physical space in the building and
as the TSCM inspector you have full access to all adjoining spaces,
the PBX, all wiring, etc. You have full access to the entire
building, but have been engaged to only inspect HIS OFFICE.
Within the office is a rolling desk chair (leather), two guest
chairs, a small conference table with four chairs (7 chairs total),
one waste paper basket, one desk, one credenza attached to the desk,
one lateral file cabinet, and all furniture is wood with small
amounts of steel hardware or braces.
There is a duplex power outlet next to the desk that feeds a ten
outlet power strip, and a duplex outlet near the conference table
that is unused. There are six additional, but unused duplex power
outlets in the room. All power for the power outlets comes from a
single feed from the circuit breaker dedicated to this office, and
the power feed does not service any other office. The lighting in the
room is on a second breaker circuit, and consists of partial light
via a non dim-able wall mounted sconces, two Halogen desk lamps, and
six florescent fixtures mounted into the ceiling track. The lighting
is controlled by 4 wall mounted switches. There are no tombstones or
pedestals in either the floor, nor has there been any physical
penetrations in either his true ceiling or true floor from prior
power connections (it is all solid concrete).
So, here are some rough numbers.
300 sq ft of carpet
300 sq ft of true floor (inspected from floor below)
300 sq ft of ceiling tile (removed from grid and inspected)
300 sq ft of true ceiling (inspected from this floor)
300 sq ft of true ceiling (inspected from floor above)
35 linear feet of sheet rock wall, 13 feet high (sheet rock to true ceiling)
35 linear feet of windows, 6 ft opening
Since the windows are 6 feet high, there is 210 square feet of glass,
and 56 linear feet of gasket to inspect. On the window side there is
a 10 inch wooden sill, with sheet rock and masonry below and above
the window. All total there is 700 square feet of sheet-rock to be
inspected including the area above and below the windows. To
complicate matters the window frame of aluminum and uses a four
stage, two part gasket so that you have to remove four pieces of trim
form the inside and one piece of gasket just to get the to edge of
the glass, and then the soft gasket has to be inspected from the
outside of the building once the interior inspection is complete.
The only conductors in the walls are the single run of BX for the
power, all of this is run in vertical segments and is inspectable,
and the 8 foot conduit stubs for the communications cables. There is
no insulation in the walls. There is a total of 14 segments of BX
wire in the room (250 feet total), and then a 85 ft segment to the
breaker panels so we have 325 feet of 120 VAC 15 amp wire (all BX),
less then 20 actual outlets for power. The ceiling and wall mounting
lighting fixtures and controls involves 145 feet of BX, and 90 feet
of BX back to the breaker panel. Total amount of BX to be inspected
is 570 linear feet (three conductors plus BX jacket).
Since this office shares walls, ceilings, and floors with adjoining
offices we have to inspect any wire segment or outlet/switch in an
adjoining wall so we actually end up with 3 breaker panels to
inspect, 5586 linear feet of BX, 112 duplex outlets, 44 light
switches, 11 power strips, and 58 wall sconces or desk lamps.
The phone is a simple Avaya digital set, the connections in the wall
are Cat 5, 4 pair, Plenum rated cable for both the phone and the
data. The Ethernet jacks and phone jack are TSB-568B, and contain
provisions for PoE (power over Ethernet), and all conductors of both
the phone wiring and the data network are connected to a supervised
port of a hub or switch, even on the unused jacks.
This gives you 561,600 cubic inches of open space to inspect, and
403,200 cubic inches of confined wall cavities to inspect in addition
to thousands of feet of wiring. The big thing that will trip up most
sweep teams is the 403,200 cubic inches, and the thousands of feet of wiring.
The lighting fixtures will be fairly easy to inspect, as you are only
talking about a few cubic feet of space each, the ceiling tiles and
gird are fairly easy to check, and the HVAC duct work easy to isolate
and clear. The furniture is going to really be a hassle, and will
give you 11,520 cubic inches of inspected solid space, and 73,728
cubic inches of furniture cavities (drawers and cushions).
Sweeps are not about square footage, but rather about cubic inches,
or more accurately, in cubic millimeters.
Whew....
So, ***** IF ***** the client gives me the time that I need to
perform a proper sweep on the above described premises (which they
will), AND I am being well paid for my time (which I will be), then I
will methodically, and scientifically ensure that the single office
is certified as actually free of bugs, wiretaps, or other mechanism
of eavesdropping. If however, the client can only get me into the
building for 4 days, then the certainty drops to 98%, and at 2 days
in the building we drop closer to 90%. Now this all assumes that I
have been in the building before, and know this room (almost is the
biblical sense of the word "know"), and was involved in laying out
where the cables all went, how the walls where constructed, and have
set all manner of traps in advance for the eavesdroppers.
The question should be asked is "how long is your sweep taking", what
are you doing, and why?
Who makes the ceiling tiles in your client office? How about the
chairs? The doors? what kind of wire is in the walls Romex, BX,
conduit, what kind of wall jacks are those, is it Cat 5 or Cat 7 wire
in the walls, are the light fixture 120 or 208 volts?
Details, details, details... if you pay attention to the details you
will never miss a bug... ever.
Sadly, most TSCM specialists don't actually know how to perform a
sweep, or their client doesn't actually trust the sweeper enough to
give them the access both in premises, budget, and time to do a
proper job. This is even a serious problem with U.S. government sweep
teams who are supposed to be protecting classified facilities as they
frequently are not given enough time on target to do a proper job, or
their hands are tied in what they they can do, access, or touch (as
they are not actually trusted by their superiors). While some of you
may find this amusing, there are actually quite a few U.S. Government
sweep technicians who are not allowed on ladders, and quite a few
others who are not allowed to use (or know how to use) spectrum
analyzer on-site. How many sweeps per year are these government teams
actually performing (3, maybe 4 sweeps), how long are they allowed to
be on site (3 days, or 3 weeks)? There are other government sweep
teams who are actually forbidden to touch server cabinets or
operational computer or crypto gear (much to the amusement and
delight of the spies in China)
How many so called "TSCM professionals" have a clue what an AED is,
or keep their medical certificates in their wallets (as required by
law)? Next time you shake hands with someone who-claims-to-know-shit
about TSCM ask them to open their wallet and show you their current
AED and medical card. If they can't show you both then demand that
they pay you $100 in cash on the spot as a fine for being
professional purveyor-of-bovine-feces... for that matter, how many
TSCM "professionals" even know what an AED is (or one of it's manual
equivalents) or know how to maintain a log book when away from home
on a sweep (if you are hard-core sweeper you know what I am talking about).
How many sweepers show up for a sweep sober, and not hung over from
drinking the night before... ask your friendly TSCM expert to take a
simple breathalyzer test the next time you invite them out to do a
sweep for you, the results may amaze you. Or better yet, are they a
little sleepy at 8 AM because the coffee hasn't quite kicked in yet,
or is that a hangover they are nursing because they were out drinking
until 3 AM, or stoned from the roach they were working on out in the
parking lot before the came in to start the sweep (and yes, this
includes government contractors).
I don't mean to rant (too much), but most TSCM professionals really
don't know shit about TSCM, but they don't really care to know...
because for them TSCM is just a hobby or a side-job and not an actual
profession or vocation. If you know how to do the job, but choose not
to do it the right way then your conscience will bother you, but if
you are blissfully ignorant on how to do the job, and you bugger the
job up then you will never know or care about the bugs that got
missed... and neither will your client.
Statistics are actually meaningless, it is either 100% certain, or
not 100% certain... black and white, not shades of gray. If your
client wants to let you do your job (and pay you appropriately) then
you can give them certain assurances and guarantees... if they want
to cheap it out, then you can give them shades of gray. If the client
wants percentages, then compute the non-open-space cubic millimeters
in the area, and subtract the cubic millimeters that you actually
inspected and documented... after you do this a few times you may
have an epiphany. If you inspect every cubic millimeter of the area
you are hired to check then you can issue a 100% clear, if not then
you have to tell the customer what you could not access, could not
see, or could not measure.
Hint, you can make a bloody fortune in this profession if you learn
to do it the right way, but your also going to have to spend a
fortune on equipment and training to provide on honest service to
your customers. After a few years the acquisition of equipment and
training cycle begins to feed on itself so that you are constantly
chasing yet another class or new piece of sweep gear, and 80+% of
every penny you make on a sweep gets plowed right back into equipment
and training (and other direct business expenses).
TSCM is a passion, a vocation, and something that a few of use pursue
with a religious zeal and fervor.
-jma
At 10:01 PM 1/15/2008, Matt wrote:
>Along these lines does anyone have an estimate on how may devices are
>not found by a competent sweep team? I realize this is not easy to
>measure because you don't know what you don't know. But we have many
>experts on that I think could give authoritative opinion. Anyone want
>to take a guess?
>
>Cheers,
>Matt
>
>d..._at_geer.org wrote:
> > "James M. Atkinson" writes:
> > |
> > | OK, so 303 Sweeps in one year, 13 finds = 4.29% find ratio.
> > |
> >
> >
> > Predators home to the singing of the cricket, hence
> > there may be two dozen silent males in the grass near
> > the singer thus avoiding the predator (that would be
> > you) while reaping the rewards of the singer. If the
> > singer is found (eaten), another will self select...
> >
> > In other words, why should I suppose that the detectable
> > one is the only one?
> >
> > --dan
> >
----------------------------------------------------------------------------------------------------
World Class, Professional, Ethical, and Competent Bug Sweeps, and
Wiretap Detection using Sophisticated Laboratory Grade Test Equipment.
----------------------------------------------------------------------------------------------------
James M. Atkinson Phone: (978) 546-3803
Granite Island Group Fax: (978) 546-9467
127 Eastern Avenue #291 Web:
http://www.tscm.com/
Gloucester, MA 01931-8008 E-mail: mailto:jm..._at_tscm.com
----------------------------------------------------------------------------------------------------
We perform bug sweeps like it's a full contact sport, we take no prisoners,
and we give no quarter. Our goal is to simply, and completely stop the spy.
----------------------------------------------------------------------------------------------------
Received on Sat Mar 02 2024 - 00:57:20 CST