>Posts like this do far more to persuade me how expensive TSCM work is
>than pages on tscm.com touting price figures ever could...
>
>(more -- lots more -- inline)
>
> > Simple, I use multiple spectrum analyzers. I dedicate each unit to a
> > specific chunk of the spectrum, and then adjust the analyzer setting
> > so that I have the fastest sweep possible to catch anything that
> > appears. Some of these utilize a real time FFT based software defined
> > front end so that even when the SA is not right on the frequency of
> > interest I can still capture things that appear around it. This
> > allows even the most covert of signals to be captured.
> >
> > I also dedicate a series of ultra sensitive receivers which are set
> > up to tune whatever the spectrum analyzers detect, these are called
> > hand-off receivers.
> >
> > On top of this I use additional receivers which I set up to scan high
> > threat bands, and to dump the detected video and receiver settings to
> > a laptop. These are my scanning receivers, and are more sensitive
> > then the SA's. These scan within a give band so that if any thing
> > pops up or drifts around a bit these things lock on to it and follows
> > the signal.
>
>How many (non-hostile) signals does this set up usually pick up? I can't
> claim to have tried using your rig, but spectrum analyzers and even
>scanners always seem to give me thousands (or tens of thousands) of
>signals to examine.
In a small rural area I will detect, identify, log and analyze a
couple of hundred signals, but in a suburban or urban are this will
involved thousands of signals.
>Even assuming you had a truly enormous bank of spectrum analyzers (or a
>really sophisticated, high-bandwidth software defined radio) you still
>have to record the signals and go through them later. (or are you
>looking at them individually? doesn't that miss burst transmissions, or
>does that not apply in the previously-stated threat model?) If you're
>looking for video or digitally encoded audio, you probably need a
>decently high-bandwidth recording system... how do you do it?
I analyze all signals on-site while still on-site, and review the
sweep records at the end of the sweep to ensure that nothing was missed.
My primary "beast" is 4 racks of spectrum analyzers, with 4 spectrum
analyses to each rack so that I have 16 rack mount SA's plus several
portable units running under computer control.
I have a wide-band SIGINT recorder on all spectrum analyzers so that
I can play the signal back at some future time.
>Of those recorded signals, I feel safe in guessing that about half will
>not be immediately intelligible audio or video. This suggests that
>you're doing some kind of additional filtering-- using your knowledge of
>the area (or taking a pre-sweep day to set the rig up far away from the
>target area) to rule out known-legit signals? going by the spectrum
>analyzer printouts to eliminate signals that 'look' legit? more advanced
>computer-based pattern-matching based on a proprietary database?
>
On a full sweep I identify every single signals on the airwaves, and
assume that all signals present are hostile until I can prove otherwise.
> > These are all SDR on the back end so that there is almost
> > zero chance of missing something within a known band.
>
>SDR? Software Defined Radio? Are you actually dumping the full-bandwidth
> incoming signal and then processing it to look for hostile signals
>later, or are you using software to pick out interesting signals more
>quickly than a normal digital tuner could?
Yes, I use a bank of Software Define Radios to grab everything from
30 Hz to 3 GHz at full bandwidth (I use a large number of SDR radios
to do this).
> > To take this one step further I dedicate a specific frequency to a
> > dedicated receiver, with extremely tight filters and ultra-low noise
> > LNA's.
>
>LNA = low noise amplifier?
Yes, LNA's with less then .3 dB of noise.
> > I can (via computer control) park these on a known threat and
> > just sit and listen. This is of greatest value in monitoring known
> > threats used by spies, and for targeting common hose frequencies.
>
>Hose frequencies?
HOUSE frequencies (typo)
> > I
> > have several ODFM receivers, and several receivers dedicated to
> > various types of scrambled "covert" signals, and various types of
> > digital receivers
>
>Okay, so you're using proprietary (or at least
>not-available-to-the-public?) hardware to help with some of the signal
>identification...
>
> > To tie thing up neatly I have also developed a receiver that uses
> > reverse spread spectrum techniques where I assume to know the timing
> > frequencies of a signal, and use the timing to obtain process gain on
> > a signal.
>
>Based on a quick read of Wikipedia -- isn't that basically what a GPS
>receiver does, only adapted to TSCM?
Yes, but GPS uses a multitude of signals.
>Also, does this apply to audio, video, or both? Your next paragraph
>seems to imply video.
Invaluable when you are looking at a signal that has some component
of fixed or known timing. Or when you can inject your own timing or
metronome signal and use it to trace the transmitter or leak.
> > Since the signals tend to be very wide band (the wider the
> > better), and we have three fixed and known timing signals (be still
> > my heart) I can extract video signals from deep inside the noise
> > floor so that even ultra low level transmitters can be detected at
> > significant distances.
> >
> > This gives me five different overlapping methods and equipment sets
> > that I can use to monitor anything that appears of the spectrum. If I
> > run all of these systems at the same time and anything transmits even
> > the slightest amount of energy I capture the signal.
> >
>
>[...]
>
> >> * By checking them manually with a receiver? (there's a lot of e.g.
> >> digital signals floating around already)
> >
> >
> > I love digital signals, especially "covert" ones.
>
>Because they're easy to detect? How do you differentiate between hostile
>digital signals and legit-but-unfamilar ones? Or do you have enough
>experience that there aren't a lot of legit-but-unfamilar signals out there?
Very hard to detect by conventional means, and everything is suspect
until you can prove it isn't
> >> then I will generate the
> >>> "ALL ON" commands
> >> ALL ON commands? You blanket the room with a strobe light?
> >
> >
> > No, "ALL ON" refers to passing a digital command on well know
> > frequencies to turn on a device that has been remotely turned off.
> > Very often even extraordinarily sophisticated eavesdropping devices
> > can get tickled into revealing tier location because the spy forgot
> > that the remote control was left on the original factory command codes.
>
>Oops...! Does this apply only to off-the-shelf eavesdropping devices or
>are there a lot of 'custom' jobs that use off-the-shelf sub-assemblies
>for this stuff?
You first attack signals sent on standard frequencies, then target
house frequencies of the product, and then the house frequencies of
the modules used, and finally into the bands in which the house
frequencies operate.
> > If you get lucky you can even detect the receiver inside the
> > transmitted listening for the eavesdropper to issue remote commands.
>
>Nice trick.
Works fairly well on GPS devices that are "quiet" and not
transmitting, but with power or batteries present.
> > Yes, in a way.
> >
> > I use several Astro-Med chart recorders with high channel counts to
> > divide up the spectrum into neat blocks. Each channel has a dedicated
> > bad filter,
>
>Is 'bad filter' a typo or a term I'm not familiar with?
Yes, another Typo... my bad.
> > and a diode detector, and a shared antenna (I use
> > multiple antennas do this, but each antenna gets broken out into
> > multiple channels which then get pre-amped, filtered, and detected.
> > The goal being to capture anything this might pop up too fast for
> > other sysems to snag. It provides close, real time supervision of the
> > spectrum and while a precise frequency can not be determine, band
> > activity can be document, and the timing of the emission can be
> > determined as these systems are often left in place for week at a
> > time (prior to a sweep), or used as part of my long term in-place
> > monitoring system.
>
>Wow, that's _really_ clever.
Also creates lots and lot of paper records of the sweep.
>Happy New Year,
>Eric Schmiedl
>
>p.s. something you might be interested in-- secrecy-related propaganda
>posters.
>http://www.cafepress.com/propagandawall
----------------------------------------------------------------------------------------------------
World Class, Professional, Ethical, and Competent Bug Sweeps, and
Wiretap Detection using Sophisticated Laboratory Grade Test Equipment.
----------------------------------------------------------------------------------------------------
James M. Atkinson Phone: (978) 546-3803
Granite Island Group Fax: (978) 546-9467
127 Eastern Avenue #291 Web:
http://www.tscm.com/
Gloucester, MA 01931-8008 E-mail: mailto:jm..._at_tscm.com
----------------------------------------------------------------------------------------------------
We perform bug sweeps like it's a full contact sport, we take no prisoners,
and we give no quarter. Our goal is to simply, and completely stop the spy.
----------------------------------------------------------------------------------------------------
Received on Sat Mar 02 2024 - 00:57:21 CST