[Fwd: Re: [TSCM-L] How to perform a bug sweep]

From: <1a..._at_verizon.net>
Date: Tue, 21 Feb 2006 19:11:32 -0600 (CST)

>>From: "James M. Atkinson" <jm..._at_tscm.com>
>>Date: Tue Feb 21 07:37:45 CST 2006
>>To: TSCM-L <TSCM-..._at_googlegroups.com>
>>Subject: [TSCM-L] How to perform a bug sweep
>
>RE AL BERG
> AL just scratched the surface on how a TSCM sweep maybe conducted.
>
>It does not mention that a physical search needs to take place by using Mirrors, Ladders,DMM,Metal Detectors,Hand Tools,Knowing Building Code Regulations,opening up the dishwasher electrical board,lamps etc.
>
>Al's view point is one sided stating that if a sweeper uses an Oscor,NLJD for example then that sweeper is ligitand should get the big bucks generally.
>
>A NLJD will not find or locate a mic that use's a glass tube to transfer audio from the diaframe to the circuitry inside the bug, the NLJD may not detect the lens on a camera called a snake.
>
>The NLJD and Oscor will not detect a laser beam bouncing off the window at night when the bugger just set's up under the cover of darkness when the sweeper is not present.
>
>The Oscor will not detect a carry to target location a digital recorder about the size of a American quarter.
>
>With that said is the ligit sweeper ligit now after the bugger just got paid for the intelligence he gathered.
>
>Over and Out
>
>Andre Holmes
>Neptune Enterprise Security
>1a..._at_verizon.net
>
>>
>>
>>http://searchsecurity.techtarget.com/tip/1,289483,sid14_gci1115503,00.html?FromTaxonomy=%2Fpr%2F289185
>>
>>How to perform a bug sweep
>>Al Berg, CISSP, CISM
>>08.12.2005
>>Rating: -3.67- (out of 5)
>>
>>The revelation of the identity of Deep Throat, the secret source of
>>the Watergate scandal, reminded me of an old threat we still face
>>today known as "bugging" or, as those in the business call it,
>>"technical surveillance." Receiving information about a victim
>>through audio or video surveillance provides an attacker with a
>>wealth of information. And, as today's electronics become more
>>sophisticated, bugging equipment once available only to spies is now
>>easily obtainable on the Internet. In response to this threat, many
>>corporations have started to perform bug sweeps or Technical Security
>>Counter Measure (TSCM) operations, with the help of outside contractors.
>>
>>TSCM is a specialized area, and performing a sweep requires expensive
>>equipment that needs regular updating. As a result, sweeps can be
>>pricey, although not as pricey as the losses from a bugged office.
>>Many firms charge more than $10,000 for one floor of an office
>>building. Therefore, you may want to limit the scope of the sweep to
>>especially sensitive areas such as corporate management offices,
>>boardrooms, etc. If you take this approach, it is important to
>>remember to limit sensitive discussions to the "cleared" areas.
>>
>>When researching vendors, ask about the equipment and techniques they
>>use. Legitimate TSCM firms are up front about their techniques and
>>technology. To find out if a potential vendor is legitimate, ask for
>>references and seek out recommendations. Your local chapter of the
>>FBI InfraGard or Secret Service Electronics Crimes Task Force may be
>>a good place to start. Industry associations, such as the American
>>Society for Industrial Security (ASIS), may also be of help.
>>
>>To help weed out the wannabes, let's take a closer look at five basic
>>technologies used by genuine TSCM operators:
>>
>>RF detection. Some surveillance devices use radio frequency (RF)
>>transmissions to carry their signals to the listener. To find these,
>>TSCM analysts use an RF analyzer like REI's OSCOR (Omni Spectral
>>Correlator). The OSCOR absorbs the RF transmissions in an area and
>>uses a built-in database to filter out those known to be legitimate,
>>such as TV and radio stations. The remaining transmissions are
>>presented to an operator for analysis to determine if they pose a
>>threat. The OSCOR is also used to store a profile of the radio
>>frequency environment of the location. During later sweeps, comparing
>>the record of the previous environment with a new set of signals can
>>quickly point to potential problems.
>>
>>Detection of electronics. More sophisticated surveillance devices can
>>be turned on and off as needed. When a bug is turned off, it does not
>>transmit any RF signals and is therefore invisible to RF detection
>>devices. In order to find these stealthy devices, the TSCM
>>professional will turn to a Non Linear Junction Detector (NLJD). The
>>NLJD looks a bit like one of those metal detectors they used to sell
>>in the back of comic books. It works by sending out RF signals tuned
>>to cause the semiconductors in electronic devices to resonate, even
>>if they are powered off. During a sweep, the TSCM operator passes the
>>NLJD over every surface in the office, looking for electronics in
>>places where they should not be.
>>
>>Heat can be another telltale sign that electronics are present.
>>Because small heat variations may point to a power supply, a TSCM
>>toolkit should include a thermal imager, which the operator uses to
>>scan the office and objects in it. If hot spots are found in unlikely
>>places, a manual inspection is conducted to determine if they are
>>from suspect devices.
>>
>>Phone and power lines are also popular places for the placement of
>>surveillance devices. Phone lines provide power, access to
>>conversations and other information, and a way for attackers to
>>receive information. Power lines can provide power to devices hidden
>>in electrical outlets and transmit information out of the area under
>>surveillance. The TSCM operator will use equipment to detect
>>anomalous behavior on these lines, such as voltage drops or the
>>presence of sub carriers.
>>
>>Some surveillance devices may use infrared light to transmit their
>>signals back to an attacker. An infrared viewer may reveal the
>>presence of these devices. The TSCM operator scans the area looking
>>for questionable IR sources and then investigates them further manually.
>>
>>Like other forms of security testing, TSCM sweeps provide you with a
>>snapshot of conditions at a particular time. For continued assurance
>>that your offices are "clean" of surveillance devices, you'll need to
>>repeat sweeps periodically. Most vendors provide some sort of "volume
>>discount" for annual or biannual services.
>>
>>TSCM services are not for every company, but if the disclosure of
>>conversations or phone calls in your offices would cause irreparable
>>harm to your business, you should consider checking to see if your
>>walls have ears.
>>
>>About the Author
>>Al Berg, CISSP, CISM is Information Security Director of New York
>>City based Liquidnet (www.liquidnet.com). Liquidnet is the leading
>>electronic venue for institutional block equities trading and the 4th
>>fastest growing privately held financial services company in the US.
>>
>>
>>
>>
>>----------------------------------------------------------------------------------------------------
>>We Expertly Hunt Real Spies, Real Eavesdroppers, and Real Wiretappers.
>>----------------------------------------------------------------------------------------------------
>> James M. Atkinson Phone: (978) 546-3803
>> Granite Island Group Fax: (978) 546-9467
>> 127 Eastern Avenue #291 Web: http://www.tscm.com/
>> Gloucester, MA 01931-8008 Email: mailto:jm..._at_tscm.com
>>----------------------------------------------------------------------------------------------------
>> World Class, Professional, Ethical, and Competent Bug Sweeps, and
>>Wiretap Detection using Sophisticated Laboratory Grade Test Equipment.
>>----------------------------------------------------------------------------------------------------
>>
>>
>>
Received on Sat Mar 02 2024 - 00:57:28 CST