-- James Greenwold Bureau Of Techncial Services P.O. Box 191 Chippewa Falls, WI 54729 http://www.tacticalsurveillance.com j..._at_tacticalsurveillance.com voice 715-726-1400 Fax 715-726-2354 > From: <1a..._at_verizon.net> > Reply-To: TSCM-..._at_googlegroups.com > Date: Tue, 21 Feb 2006 18:55:09 -0600 (CST) > To: TSCM-..._at_googlegroups.com > Subject: [TSCM-L] Re: How to perform a bug sweep > > >> From: "James M. Atkinson" <jm..._at_tscm.com> >> Date: Tue Feb 21 07:37:45 CST 2006 >> To: TSCM-L <TSCM-..._at_googlegroups.com> >> Subject: [TSCM-L] How to perform a bug sweep > > RE AL BERG > AL just scratched the surface on how a TSCM sweep maybe conducted. > > It does not mention that a physical search needs to take place by using > Mirrors, Ladders,DMM,Metal Detectors,Hand Tools,Knowing Building Code > Regulations,opening up the dishwasher electrical board,lamps etc. > > Al's view point is one sided stating that if a sweeper uses an Oscor,NLJD for > example then that sweeper is ligitand should get the big bucks generally. > > A NLJD will not find or locate a mic that use's a glass tube to transfer audio > from the diaframe to the circuitry inside the bug, the NLJD may not detect the > lens on a camera called a snake. > > The NLJD and Oscor will not detect a laser beam bouncing off the window at > night when the bugger just set's up under the cover of darkness when the > sweeper is not present. > > The Oscor will not detect a carry to target location a digital recorder about > the size of a American quarter. > > With that said is the ligit sweeper ligit now after the bugger just got paid > for the intelligence he gathered. > > Over and Out > > Andre Holmes > Neptune Enterprise Security > 1a..._at_verizon.net > >> >> >> http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1115503,00.html?Fr >> omTaxonomy=%2Fpr%2F289185 >> >> How to perform a bug sweep >> Al Berg, CISSP, CISM >> 08.12.2005 >> Rating: -3.67- (out of 5) >> >> The revelation of the identity of Deep Throat, the secret source of >> the Watergate scandal, reminded me of an old threat we still face >> today known as "bugging" or, as those in the business call it, >> "technical surveillance." Receiving information about a victim >> through audio or video surveillance provides an attacker with a >> wealth of information. And, as today's electronics become more >> sophisticated, bugging equipment once available only to spies is now >> easily obtainable on the Internet. In response to this threat, many >> corporations have started to perform bug sweeps or Technical Security >> Counter Measure (TSCM) operations, with the help of outside contractors. >> >> TSCM is a specialized area, and performing a sweep requires expensive >> equipment that needs regular updating. As a result, sweeps can be >> pricey, although not as pricey as the losses from a bugged office. >> Many firms charge more than $10,000 for one floor of an office >> building. Therefore, you may want to limit the scope of the sweep to >> especially sensitive areas such as corporate management offices, >> boardrooms, etc. If you take this approach, it is important to >> remember to limit sensitive discussions to the "cleared" areas. >> >> When researching vendors, ask about the equipment and techniques they >> use. Legitimate TSCM firms are up front about their techniques and >> technology. To find out if a potential vendor is legitimate, ask for >> references and seek out recommendations. Your local chapter of the >> FBI InfraGard or Secret Service Electronics Crimes Task Force may be >> a good place to start. Industry associations, such as the American >> Society for Industrial Security (ASIS), may also be of help. >> >> To help weed out the wannabes, let's take a closer look at five basic >> technologies used by genuine TSCM operators: >> >> RF detection. Some surveillance devices use radio frequency (RF) >> transmissions to carry their signals to the listener. To find these, >> TSCM analysts use an RF analyzer like REI's OSCOR (Omni Spectral >> Correlator). The OSCOR absorbs the RF transmissions in an area and >> uses a built-in database to filter out those known to be legitimate, >> such as TV and radio stations. The remaining transmissions are >> presented to an operator for analysis to determine if they pose a >> threat. The OSCOR is also used to store a profile of the radio >> frequency environment of the location. During later sweeps, comparing >> the record of the previous environment with a new set of signals can >> quickly point to potential problems. >> >> Detection of electronics. More sophisticated surveillance devices can >> be turned on and off as needed. When a bug is turned off, it does not >> transmit any RF signals and is therefore invisible to RF detection >> devices. In order to find these stealthy devices, the TSCM >> professional will turn to a Non Linear Junction Detector (NLJD). The >> NLJD looks a bit like one of those metal detectors they used to sell >> in the back of comic books. It works by sending out RF signals tuned >> to cause the semiconductors in electronic devices to resonate, even >> if they are powered off. During a sweep, the TSCM operator passes the >> NLJD over every surface in the office, looking for electronics in >> places where they should not be. >> >> Heat can be another telltale sign that electronics are present. >> Because small heat variations may point to a power supply, a TSCM >> toolkit should include a thermal imager, which the operator uses to >> scan the office and objects in it. If hot spots are found in unlikely >> places, a manual inspection is conducted to determine if they are >> from suspect devices. >> >> Phone and power lines are also popular places for the placement of >> surveillance devices. Phone lines provide power, access to >> conversations and other information, and a way for attackers to >> receive information. Power lines can provide power to devices hidden >> in electrical outlets and transmit information out of the area under >> surveillance. The TSCM operator will use equipment to detect >> anomalous behavior on these lines, such as voltage drops or the >> presence of sub carriers. >> >> Some surveillance devices may use infrared light to transmit their >> signals back to an attacker. An infrared viewer may reveal the >> presence of these devices. The TSCM operator scans the area looking >> for questionable IR sources and then investigates them further manually. >> >> Like other forms of security testing, TSCM sweeps provide you with a >> snapshot of conditions at a particular time. For continued assurance >> that your offices are "clean" of surveillance devices, you'll need to >> repeat sweeps periodically. Most vendors provide some sort of "volume >> discount" for annual or biannual services. >> >> TSCM services are not for every company, but if the disclosure of >> conversations or phone calls in your offices would cause irreparable >> harm to your business, you should consider checking to see if your >> walls have ears. >> >> About the Author >> Al Berg, CISSP, CISM is Information Security Director of New York >> City based Liquidnet (www.liquidnet.com). Liquidnet is the leading >> electronic venue for institutional block equities trading and the 4th >> fastest growing privately held financial services company in the US. >> >> >> >> >> ----------------------------------------------------------------------------- >> ----------------------- >> We Expertly Hunt Real Spies, Real Eavesdroppers, and Real Wiretappers. >> ----------------------------------------------------------------------------- >> ----------------------- >> James M. Atkinson Phone: (978) 546-3803 >> Granite Island Group Fax: (978) 546-9467 >> 127 Eastern Avenue #291 Web: http://www.tscm.com/ >> Gloucester, MA 01931-8008 Email: mailto:jm..._at_tscm.com >> ----------------------------------------------------------------------------- >> ----------------------- >> World Class, Professional, Ethical, and Competent Bug Sweeps, and >> Wiretap Detection using Sophisticated Laboratory Grade Test Equipment. >> ----------------------------------------------------------------------------- >> ----------------------- >> >> >> > >Received on Sat Mar 02 2024 - 00:57:19 CST
This archive was generated by hypermail 2.3.0 : Sat Mar 02 2024 - 01:11:44 CST