>Sorry to continually sidetrack discussions with questions about the
>minutiae, but...
>
>James M. Atkinson wrote:
> > If a client tells me that tier neighbor has installed a 2.4 GHz video
> > camera in their bedroom I will hard-copy the entire spectrum from 30 Hz
> > to 26.5 GHz passively from outside the bedroom,
>
>Of the thousands of signals in a residential environment that might hide
>video (or audio), how do you pick out the interesting ones?
Simple, I use multiple spectrum analyzers. I dedicate each unit to a
specific chunk of the spectrum, and then adjust the analyzer setting
so that I have the fastest sweep possible to catch anything that
appears. Some of these utilize a real time FFT based software defined
front end so that even when the SA is not right on the frequency of
interest I can still capture things that appear around it. This
allows even the most covert of signals to be captured.
I also dedicate a series of ultra sensitive receivers which are set
up to tune whatever the spectrum analyzers detect, these are called
hand-off receivers.
On top of this I use additional receivers which I set up to scan high
threat bands, and to dump the detected video and receiver settings to
a laptop. These are my scanning receivers, and are more sensitive
then the SA's. These scan within a give band so that if any thing
pops up or drifts around a bit these things lock on to it and follows
the signal. These are all SDR on the back end so that there is almost
zero chance of missing something within a known band.
To take this one step further I dedicate a specific frequency to a
dedicated receiver, with extremely tight filters and ultra-low noise
LNA's. I can (via computer control) park these on a known threat and
just sit and listen. This is of greatest value in monitoring known
threats used by spies, and for targeting common hose frequencies. I
have several ODFM receivers, and several receivers dedicated to
various types of scrambled "covert" signals, and various types of
digital receivers
To tie thing up neatly I have also developed a receiver that uses
reverse spread spectrum techniques where I assume to know the timing
frequencies of a signal, and use the timing to obtain process gain on
a signal. Since the signals tend to be very wide band (the wider the
better), and we have three fixed and known timing signals (be still
my heart) I can extract video signals from deep inside the noise
floor so that even ultra low level transmitters can be detected at
significant distances.
This gives me five different overlapping methods and equipment sets
that I can use to monitor anything that appears of the spectrum. If I
run all of these systems at the same time and anything transmits even
the slightest amount of energy I capture the signal.
>* By peak shape on the SA? (doesn't this miss things that try to hide
>themselves?)
I use three different peak detectors to create peak traces, then the
live trace, and three different negative peak detectors. The reason
for usign multiple peak detectors is so that I can use one for a live
peak, a second for a 3 peak average, and a third for a 100 (or X)
trace average.
The shape of a trace is helpful in figuring out what a signal is, but
for actually detecting energy you want to use the negative peak
sensors, but you want to get them as close to the noise floor as possible.
I go to the -174 dBm noise floor and start most of my equipment
there, anything, and I do mean ANYTHING about this point gets my
interest.. Most of my gear can go down to -154 dBm with no problem
without using external pre-amps. With some of my 50 dB LNA's I can
get this equipment to -174 dBm with no problem (note: -174 is a holy grail)
I do have some equipment that can measure and detect signals well
below -174 dBm, but the equipment is for a very narrow range of
threats mostly data signals or signals of a digital nature.
>* By checking them manually with a receiver? (there's a lot of e.g.
>digital signals floating around already)
I love digital signals, especially "covert" ones.
>* By checking them with a directional antenna to see if they might be
>coming from the target environment, and then some combination of the above?
Yep, I use both directional and omni directional antenna. The use of
a directional antenna helps to resolve the signal origination in the
"space domain"
> then I will generate the
> > "ALL ON" commands
>
>ALL ON commands? You blanket the room with a strobe light?
No, "ALL ON" refers to passing a digital command on well know
frequencies to turn on a device that has been remotely turned off.
Very often even extraordinarily sophisticated eavesdropping devices
can get tickled into revealing tier location because the spy forgot
that the remote control was left on the original factory command codes.
If you get lucky you can even detect the receiver inside the
transmitted listening for the eavesdropper to issue remote commands.
> > Not only will I have hundreds of pages of spectrum analyzer printouts,
> > but I will have several rolls of large chart recorder outputs from the
> > diode detectors (to catch 100% of anything that bursts or is digital),
>
>Diode detector? Sounds like an untuned crystal radio hooked to an amp.
> >
>
Yes, in a way.
I use several Astro-Med chart recorders with high channel counts to
divide up the spectrum into neat blocks. Each channel has a dedicated
bad filter, and a diode detector, and a shared antenna (I use
multiple antennas do this, but each antenna gets broken out into
multiple channels which then get pre-amped, filtered, and detected.
The goal being to capture anything this might pop up too fast for
other sysems to snag. It provides close, real time supervision of the
spectrum and while a precise frequency can not be determine, band
activity can be document, and the timing of the emission can be
determined as these systems are often left in place for week at a
time (prior to a sweep), or used as part of my long term in-place
monitoring system.
I really love some of the newer units as I can get not only real-time
charts is a wide format, but I can also remotely access the stored
data to see if there is any anomalous activity that warrants firing
up a spectrum analyzer that is in the same rack.
-jma
----------------------------------------------------------------------------------------------------
World Class, Professional, Ethical, and Competent Bug Sweeps, and
Wiretap Detection using Sophisticated Laboratory Grade Test Equipment.
----------------------------------------------------------------------------------------------------
James M. Atkinson Phone: (978) 546-3803
Granite Island Group Fax: (978) 546-9467
127 Eastern Avenue #291 Web:
http://www.tscm.com/
Gloucester, MA 01931-8008 E-mail: mailto:jm..._at_tscm.com
----------------------------------------------------------------------------------------------------
We perform bug sweeps like it's a full contact sport, we take no prisoners,
and we give no quarter. Our goal is to simply, and completely stop the spy.
----------------------------------------------------------------------------------------------------
Received on Sat Mar 02 2024 - 00:57:21 CST