Fortune Magazine reported on 25 July 2014 that Sharon Leach, a mechanical engineer with a doctorate and a loyal employee of the Ford Motor Company, was fired after eight listening devices were found in boardrooms and meeting rooms on the executive floor at Ford HQ. The listening devices were found during a TSCM survey.
Subsequent investigations led the FBI to Leach. The FBI is investigating a case of possible economic espionage. Would you know if covert surveillance devices are installed in your company boardrooms and sensitive areas?
If an organisation could be that vulnerable to covert surveillance in its own offices, then just think how the risk increases when companies conduct sensitive business away from the safety of the office.
Many executives prefer to have their annual strategic planning sessions, team building and other important business meetings away from their offices. These events usually take place at luxury hotels, lodges and resorts. The security perimeter, access control, firewalls and other levels of protection that are in place at the office is usually not in place at these outside venues.
It is sometimes much easier for a would-be spy to place a bug, listening or other type of surveillance device in an outside meeting venue than at the office building where there are many layers of protection and security.
There are many reasons why companies and company executives could have covert surveillance or listening devices in their offices, boardrooms, residences and outside meeting places. If an individual occupies a sensitive position in government or in business, others might be interested in what that individual is doing. A company might be embroiled in a dispute, could be involved with very delicate negotiations, a new business deal, new innovations, research, telephone conversations and meetings with foreign partners and other companies.
South African businesses must accept that as they attempt to be more competitive in the global markets, that their products, processes, information and trade secrets may come under threat from competitors.
Clandestine surveillance is nothing new. During its evolution it has progressed from the simple act of peering through the bushes to the point from where conversations are now monitored and data intercepted from the outside via GSM, Wi-Fi, Bluetooth and other exotic modulation schemes.
Meeting the TSCM challenge
Risk managers, security professionals, information protection officers, facility managers and others responsible for protecting their organisations and facilities need to understand the threat of electronic surveillance. The growth in surveillance enabling technology in recent years has made the technical aspects of electronic surveillance detection far more complex.
The purpose of a technical surveillance countermeasures (TSCM) survey is to identify and to localise possible covert surveillance threats (audio, video, optical and esoteric attacks) as well as any other way in which confidential business or government information could be intercepted, lost or stolen.
Typical projects by a professional TSCM company include debugging and sweeping services, support of personal and VIP protection programmes and the provision of secure environments to ensure privacy so that business can be conducted securely.
Proactive and regular sweep surveys keep a company’s security one step ahead. Organisations and security managers should not wait until they think “they are being bugged”.
Proactive and regular sweeps will also ensure compliance for listed companies with the King III corporate governance requirements regarding information security risk management. King III (section 5) stipulates that “in exercising their duty of care, the board of directors should ensure that prudent and reasonable steps have been taken with respect to information security”.
If companies do not conduct regular TSCM surveys of their sensitive areas it could be argued that they do not take prudent and reasonable steps to safeguard their information against possible technical attacks. The same could be true if a company selects a service provider who does not comply with the minimum accepted requirements regarding training, experience and equipment.
Selecting a service provider
The purpose of a TSCM survey is to detect the presence of technical devices and technical security weaknesses that could aid in the conduct of a technical penetration. The survey has to provide a professional evaluation of a facility’s technical security posture and will consist of a thorough visual, physical, technical and electronic examination of the facility.
A consultant who also claims to be an expert on “firearm training, tracings, security surveys, company checks, fraud claims, undercover agents, matrimonial matters, criminal and civil investigations, locating missing persons and concealed assets, VIP protection” etc., to name but a few services, might not be the correct person when looking for a professional and specialist TSCM service provider.
In recent years the technical aspects of electronic surveillance detection have become much more complex. The growth in surveillance enabling technology and new terminology such as convergence, GSM, GPRS, IP, Bluetooth, VoIP, Wi-Fi, SD memory cards, miniaturisation and wireless communications requires specialised equipment when conducting TSCM surveys.
With the advancements coming out in release 12 and 13 from the 3GPP, the Internet of Things (IoT), expanding Wi-Fi applications (also used for covert surveillance), the advancement in digital audio and video transmitters, the traditional way of conducting debugging and sweeping creates a false sense of security.
There are at the most only three companies in South Africa that can provide a proper professional 21st century cyber technical surveillance countermeasures survey.
The association Business Espionage Countermeasures South Africa (BECSA) caters for counterintelligence and TSCM practitioners and have a list of qualified and professional TSCM practitioners in South Africa. Proof of BECSA membership is a good indication to help prospective clients separate the wheat from the chaff. (See side bar for some other questions to ask when selecting a TSCM service provider.) If the service provider cannot conduct the services or answer the questions or provide a demonstration or an example report of the questions asked then the requester would definitely be wasting money.
The technical inspection
TSCM inspections are conducted after hours or over weekends to minimise disruptions and disturbances to business operations. Depending on the circumstances and the perceived threat some surveys have to be conducted during business hours and during the times when actual meetings and discussions are taking place.
Attacks on information can occur on various levels and the TSCM team will have to do different types of technical, electronic and physical inspections to determine if information is captured in and how it is leaving the area Information can be captured and transmitted via audio, video and optical devices.
As a minimum, the TSCM service provider should conduct the following category of tests:
• Radio frequency scan – a search for surveillance devices that transmit information via radio frequencies (RF). The analysis should cover the spectrum up to about 10 GHz. The service provider should create maps and signal lists of all energy captured and investigated. It is important that the scans are done and recorded inside and outside of the facility;
• Telephone and communication tests – various tests are performed to test telephone instruments, telephone lines, telephone and server closets, audio and video conferencing systems and other cables in the survey area(s);
• Physical inspection – physical checks of the ceiling areas, electrical plugs, sockets, light switches, crawl spaces, under-floor cavities and openings with a variety of equipment. TSCM equipment aiding in the physical inspection is a Non-Linear Junction Detector (NLJD), a thermal imaging camera, optical devices and a good quality TSCM inspection tool kit;
• Cyber/IT TSCM tests – Wi-Fi, Bluetooth and GSM networks are scanned for unknown or rogue devices that could utilise these communication mediums as conduits to get information out of sensitive areas. Logical information has to be provided along with technical information, maps, locations and devices connected.
On completion of the survey the TSCM service provider should provide a verbal report of the findings of the survey followed by a detailed written report. The written report should be a clear and concise record of the work that the TSCM service provider performed. Important is the description of the areas investigated, the inspection methodology, the equipment and procedures employed, the findings, observations and recommendations, other information security weaknesses uncovered and observed, recommendations, photographs and other supporting material.
TSCM Questions
If you are serious to get the best TSCM service provider for your organisation then there are a few basic questions to ask before engaging with a service provider:
1. Do they investigate the GSM networks for covert surveillance devices? GSM voice channels support eight calls all hopping around each other and without the ability to provide logical information, the under-equipped service provider is in trouble.
2. Do they investigate the Wi-Fi and Bluetooth networks for covert surveillance devices? Can the service provider identify active Wi-Fi channels, recover MAC addresses from the packets, identify send and receive addresses, identify radio manufacturers, SSID, etc.?
3. Do they conduct a full thermal spectral analysis? Scans should be done with a thermal imager to discover and to locate devices in ceilings, walls, artifacts, etc., without damaging the objects?
4. Do they conduct a full mains sub-carrier scan and provide a list of the signals investigated? Power line and carrier current bugs up to 40 MHz.
5. Do they provide RF maps and a signal list of all RF activity investigated?
6. Do they provide pinpoint direction finding of all localised transmissions?
7. Is frequency domain reflectometry conducted on all cables, IT ancillaries and data networks?
8. Do they provide testing on all type of telephones (including VoIP) and cables with a full technical report?
9. Other questions to ask could be regarding proof of training, industry affiliations, equipment utilised, references, etc.
Steve Whitehead is the Managing Member of Eavesdropping Detection Solutions (EDS) and a board member of the Espionage Research Institute International (ERII) headquartered in Washington D.C., USA. (www.erii.org) ERII is a TSCM, counterespionage and cyber counterintelligence association. For more information, visit www.tscm-za.com
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version