>From - Sat Mar 02 00:57:26 2024
Received: by 10.91.154.18 with SMTP id g18mr914701ago.7.1254435760936;
Thu, 01 Oct 2009 15:22:40 -0700 (PDT)
Received: by 10.91.154.18 with SMTP id g18mr914699ago.7.1254435760877;
Thu, 01 Oct 2009 15:22:40 -0700 (PDT)
Return-Path: <jm..._at_tscm.com>
Received: from smtpauth03.csee.onr.siteprotect.com (smtpauth03.csee.onr.siteprotect.com [64.26.60.137])
by gmr-mx.google.com with ESMTP id 19si45423yxe.14.2009.10.01.15.22.40;
Thu, 01 Oct 2009 15:22:40 -0700 (PDT)
Received-SPF: neutral (google.com: 64.26.60.137 is neither permitted nor denied by best guess record for domain of jm..._at_tscm.com) client-ipd.26.60.137;
Authentication-Results: gmr-mx.google.com; spf=neutral (google.com: 64.26.60.137 is neither permitted nor denied by best guess record for domain of jm..._at_tscm.com) smtp.mail=jm..._at_tscm.com
Received: from Raphael.tscm.com (unknown [71.174.25.103])
(Authenticated sender: jm..._at_tscm.com)
by smtpauth03.csee.onr.siteprotect.com (Postfix) with ESMTP id 0B6601038004
for <tscm-..._at_googlegroups.com>; Thu, 1 Oct 2009 17:22:38 -0500 (CDT)
Message-Id: <7.0.1.0.2.20091001181005.1c0bfcd0_at_tscm.com>
X-Mailer: QUALCOMM Windows Eudora Version 7.0.1.0
Date: Thu, 01 Oct 2009 18:20:30 -0400
To: tscm-l2006_at_googlegroups.com
From: "James M. Atkinson" <jm..._at_tscm.com>
Subject: Re: [TSCM-L] {4284} TSCM stats for Presentation
In-Reply-To: <c254a0cf-6a13-4534-a26f-f1f0334181c7_at_m11g2000yqf.googlegro
ups.com>
References: <c254a0cf-6a13-4534-a26f-f1f0334181c7_at_m11g2000yqf.googlegroups.com>
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="===========_1372075812=.ALT"
--===========_1372075812=.ALT
Content-Type: text/plain
Analysis of the RF Airwaves, Conductor Audit/Analysis, and a Physical
Inspection will result in more bug discoveries then any other method.
The Spectrum Analyzer, Oscilloscope, Flash Light, and Ladder
Combination has historically been the most beneficial tools to date,
and easily results in 90 times the devices begin found then all
other methods/equipment combined.
Be careful in using the "What Percentage of the Time" statistics
because it varies widely from target to target, and the more valuable
the target/information the less likely it is that anything short of
an extremely granular physical search will find it.
Very often an illicit device is not installed, but rather a very
clever eavesdropper exploits something that it already present, or
the spy has identified and isolated a vulnerability and is exploiting
the weakness instead of installing a hostile device.
A better statistic is that a good TSCM person can find a hostile
devices, or a gaping hole or vulnerability in almost every sweep they
do. Mind you they may not find a bug, but more often then note they
can find some gaping holes that need to be patched.
The more secure the premises, the easier it is to find gaping
holes... or bugs.
-jma
At 02:49 PM 10/1/2009, cptkaos wrote:
>All:
>
>I'm putting together a talk on the illicit eavesdropping threat to
>corporate America for a group of executives. Basically it will cover
>the value of TSCM woven into the overall security fabric of a
>corporation (if one even exists in some cases). I'd like to
>incorporate some real world stats from practicing TSCM professionals.
>If you would like to share your experiences, I am looking for:
>
>Percentage of times an illicit device is discovered during a TSCM.
>Type of device(s) and general sophistication
>Where located
>How discovered (physical search, broadband, spectrum analyzer, TALAN,
>NLJD, etc.)
>
>
>Any input you would like to provide will be greatly appreciated. If
>there is anything else you would like to include, please feel free.
>The presentation is in two weeks.
>
>Thanks in advance.
>
>Scott
>
>
>
-------------------------------------------------------------------------------------------
James M. Atkinson Phone: (978) 546-3803
Granite Island Group Fax: (978) 546-9467
127 Eastern Avenue #291 Web:
http://www.tscm.com/
Gloucester, MA 01931-8008 E-mail: mailto:jm..._at_tscm.com
http://www.linkedin.com/in/jamesmatkinson
-------------------------------------------------------------------------------------------
No enterprise is more likely to succeed than one concealed from the
enemy until it is ripe for execution. - Machiavelli, The Prince, 1521
--===========_1372075812=.ALT
Content-Type: text/html; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
<html>
<body>
Analysis of the RF Airwaves, Conductor Audit/Analysis, and a Physical
Inspection will result in more bug discoveries then any other method. The
Spectrum Analyzer, Oscilloscope, Flash Light, and Ladder Combination has
historically been the most beneficial tools to date, and easily
results in 90 times the devices begin found then all other
methods/equipment combined.<br><br>
Be careful in using the "What Percentage of the Time"
statistics because it varies widely from target to target, and the more
valuable the target/information the less likely it is that anything short
of an extremely granular physical search will find it. <br><br>
Very often an illicit device is not installed, but rather a very clever
eavesdropper exploits something that it already present, or the spy has
identified and isolated a vulnerability and is exploiting the weakness
instead of installing a hostile device.<br><br>
A better statistic is that a good TSCM person can find a hostile devices,
or a gaping hole or vulnerability in almost every sweep they do. Mind you
they may not find a bug, but more often then note they can find some
gaping holes that need to be patched.<br><br>
The more secure the premises, the easier it is to find gaping holes... or
bugs. <br><br>
-jma<br><br>
<br>
At 02:49 PM 10/1/2009, cptkaos wrote:<br><br>
<blockquote type=cite class=cite cite="">All:<br><br>
I’m putting together a talk on the illicit eavesdropping threat to<br>
corporate America for a group of executives. Basically it will cover<br>
the value of TSCM woven into the overall security fabric of a<br>
corporation (if one even exists in some cases). I’d like to<br>
incorporate some real world stats from practicing TSCM
professionals.<br>
If you would like to share your experiences, I am looking for:<br><br>
Percentage of times an illicit device is discovered during a TSCM.<br>
Type of device(s) and general sophistication<br>
Where located<br>
How discovered (physical search, broadband, spectrum analyzer,
TALAN,<br>
NLJD, etc.)<br><br>
<br>
Any input you would like to provide will be greatly appreciated. If<br>
there is anything else you would like to include, please feel free.<br>
The presentation is in two weeks.<br><br>
Thanks in advance.<br><br>
Scott<br><br>
<br>
<x-sigsep><p></x-sigsep>
<br>
---------------------------------------------------------------------------=
----------------<br>
James M.
Atkinson &=
nbsp; &nbs=
p;
Phone: (978) 546-3803<br>
Granite Island
Group &nbs=
p;
Fax: (978) 546-9467<br>
127 Eastern Avenue
#291  =
;
Web:
<a href="
http://www.tscm.com/" eudora="autourl">
http://www.tscm.com/<br=
>
</a> Gloucester, MA
01931-8008  =
;
E-mail:
<a href="mailto:jm..._at_tscm.com" eudora="autourl">mailto:jm..._at_tscm.com<=
br>
</a> <b>
&nb=
sp;
<a href="
http://www.linkedin.com/in/jamesmatkinson" eudora="autourl">h=
ttp://www.linkedin.com/in/jamesmatkinson<br>
</a></b>
---------------------------------------------------------------------------=
----------------<br>
No enterprise is more likely to succeed than one concealed from the
<br>
enemy until it is ripe for execution. - Machiavelli, The Prince,
1521 </body>
</html>
--===========_1372075812=.ALT--
Received on Sat Mar 02 2024 - 00:57:26 CST