How eavesdropping resistant is your organisation?

May 2015 Security Services & Risk Management

Fortune Magazine reported on 25 July 2014 that Sharon Leach, a mechanical engineer with a doctorate and a loyal employee of the Ford Motor Company, was fired after eight listening devices were found in boardrooms and meeting rooms on the executive floor at Ford HQ. The listening devices were found during a TSCM survey.

Subsequent investigations led the FBI to Leach. The FBI is investigating a case of possible economic espionage. Would you know if covert surveillance devices are installed in your company boardrooms and sensitive areas?

If an organisation could be that vulnerable to covert surveillance in its own offices, then just think how the risk increases when companies conduct sensitive business away from the safety of the office.

Many executives prefer to have their annual strategic planning sessions, team building and other important business meetings away from their offices. These events usually take place at luxury hotels, lodges and resorts. The security perimeter, access control, firewalls and other levels of protection that are in place at the office is usually not in place at these outside venues.

It is sometimes much easier for a would-be spy to place a bug, listening or other type of surveillance device in an outside meeting venue than at the office building where there are many layers of protection and security.

There are many reasons why companies and company executives could have covert surveillance or listening devices in their offices, boardrooms, residences and outside meeting places. If an individual occupies a sensitive position in government or in business, others might be interested in what that individual is doing. A company might be embroiled in a dispute, could be involved with very delicate negotiations, a new business deal, new innovations, research, telephone conversations and meetings with foreign partners and other companies.

South African businesses must accept that as they attempt to be more competitive in the global markets, that their products, processes, information and trade secrets may come under threat from competitors.

Clandestine surveillance is nothing new. During its evolution it has progressed from the simple act of peering through the bushes to the point from where conversations are now monitored and data intercepted from the outside via GSM, Wi-Fi, Bluetooth and other exotic modulation schemes.

Meeting the TSCM challenge

Risk managers, security professionals, information protection officers, facility managers and others responsible for protecting their organisations and facilities need to understand the threat of electronic surveillance. The growth in surveillance enabling technology in recent years has made the technical aspects of electronic surveillance detection far more complex.

The purpose of a technical surveillance countermeasures (TSCM) survey is to identify and to localise possible covert surveillance threats (audio, video, optical and esoteric attacks) as well as any other way in which confidential business or government information could be intercepted, lost or stolen.

Typical projects by a professional TSCM company include debugging and sweeping services, support of personal and VIP protection programmes and the provision of secure environments to ensure privacy so that business can be conducted securely.

Proactive and regular sweep surveys keep a company’s security one step ahead. Organisations and security managers should not wait until they think “they are being bugged”.

Proactive and regular sweeps will also ensure compliance for listed companies with the King III corporate governance requirements regarding information security risk management. King III (section 5) stipulates that “in exercising their duty of care, the board of directors should ensure that prudent and reasonable steps have been taken with respect to information security”.

If companies do not conduct regular TSCM surveys of their sensitive areas it could be argued that they do not take prudent and reasonable steps to safeguard their information against possible technical attacks. The same could be true if a company selects a service provider who does not comply with the minimum accepted requirements regarding training, experience and equipment.

Selecting a service provider

The purpose of a TSCM survey is to detect the presence of technical devices and technical security weaknesses that could aid in the conduct of a technical penetration. The survey has to provide a professional evaluation of a facility’s technical security posture and will consist of a thorough visual, physical, technical and electronic examination of the facility.

A consultant who also claims to be an expert on “firearm training, tracings, security surveys, company checks, fraud claims, undercover agents, matrimonial matters, criminal and civil investigations, locating missing persons and concealed assets, VIP protection” etc., to name but a few services, might not be the correct person when looking for a professional and specialist TSCM service provider.

In recent years the technical aspects of electronic surveillance detection have become much more complex. The growth in surveillance enabling technology and new terminology such as convergence, GSM, GPRS, IP, Bluetooth, VoIP, Wi-Fi, SD memory cards, miniaturisation and wireless communications requires specialised equipment when conducting TSCM surveys.

With the advancements coming out in release 12 and 13 from the 3GPP, the Internet of Things (IoT), expanding Wi-Fi applications (also used for covert surveillance), the advancement in digital audio and video transmitters, the traditional way of conducting debugging and sweeping creates a false sense of security.

There are at the most only three companies in South Africa that can provide a proper professional 21st century cyber technical surveillance countermeasures survey.

The association Business Espionage Countermeasures South Africa (BECSA) caters for counterintelligence and TSCM practitioners and have a list of qualified and professional TSCM practitioners in South Africa. Proof of BECSA membership is a good indication to help prospective clients separate the wheat from the chaff. (See side bar for some other questions to ask when selecting a TSCM service provider.) If the service provider cannot conduct the services or answer the questions or provide a demonstration or an example report of the questions asked then the requester would definitely be wasting money.

The technical inspection

TSCM inspections are conducted after hours or over weekends to minimise disruptions and disturbances to business operations. Depending on the circumstances and the perceived threat some surveys have to be conducted during business hours and during the times when actual meetings and discussions are taking place.

Attacks on information can occur on various levels and the TSCM team will have to do different types of technical, electronic and physical inspections to determine if information is captured in and how it is leaving the area Information can be captured and transmitted via audio, video and optical devices.

As a minimum, the TSCM service provider should conduct the following category of tests:

• Radio frequency scan – a search for surveillance devices that transmit information via radio frequencies (RF). The analysis should cover the spectrum up to about 10 GHz. The service provider should create maps and signal lists of all energy captured and investigated. It is important that the scans are done and recorded inside and outside of the facility;

• Telephone and communication tests – various tests are performed to test telephone instruments, telephone lines, telephone and server closets, audio and video conferencing systems and other cables in the survey area(s);

• Physical inspection – physical checks of the ceiling areas, electrical plugs, sockets, light switches, crawl spaces, under-floor cavities and openings with a variety of equipment. TSCM equipment aiding in the physical inspection is a Non-Linear Junction Detector (NLJD), a thermal imaging camera, optical devices and a good quality TSCM inspection tool kit;

• Cyber/IT TSCM tests – Wi-Fi, Bluetooth and GSM networks are scanned for unknown or rogue devices that could utilise these communication mediums as conduits to get information out of sensitive areas. Logical information has to be provided along with technical information, maps, locations and devices connected.

On completion of the survey the TSCM service provider should provide a verbal report of the findings of the survey followed by a detailed written report. The written report should be a clear and concise record of the work that the TSCM service provider performed. Important is the description of the areas investigated, the inspection methodology, the equipment and procedures employed, the findings, observations and recommendations, other information security weaknesses uncovered and observed, recommendations, photographs and other supporting material.

TSCM Questions

If you are serious to get the best TSCM service provider for your organisation then there are a few basic questions to ask before engaging with a service provider:

1. Do they investigate the GSM networks for covert surveillance devices? GSM voice channels support eight calls all hopping around each other and without the ability to provide logical information, the under-equipped service provider is in trouble.

2. Do they investigate the Wi-Fi and Bluetooth networks for covert surveillance devices? Can the service provider identify active Wi-Fi channels, recover MAC addresses from the packets, identify send and receive addresses, identify radio manufacturers, SSID, etc.?

3. Do they conduct a full thermal spectral analysis? Scans should be done with a thermal imager to discover and to locate devices in ceilings, walls, artifacts, etc., without damaging the objects?

4. Do they conduct a full mains sub-carrier scan and provide a list of the signals investigated? Power line and carrier current bugs up to 40 MHz.

5. Do they provide RF maps and a signal list of all RF activity investigated?

6. Do they provide pinpoint direction finding of all localised transmissions?

7. Is frequency domain reflectometry conducted on all cables, IT ancillaries and data networks?

8. Do they provide testing on all type of telephones (including VoIP) and cables with a full technical report?

9. Other questions to ask could be regarding proof of training, industry affiliations, equipment utilised, references, etc.

Steve Whitehead is the Managing Member of Eavesdropping Detection Solutions (EDS) and a board member of the Espionage Research Institute International (ERII) headquartered in Washington D.C., USA. (www.erii.org) ERII is a TSCM, counterespionage and cyber counterintelligence association. For more information, visit www.tscm-za.com





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

SAFPS issues SAPS impersonation scam warning
News & Events Security Services & Risk Management
The Southern African Fraud Prevention Service (SAFPS) is warning the public against a scam in which scammers pose as members of the South African Police Service (SAPS) and trick and intimidate individuals into handing over personal and financial information.

Read more...
Rewriting the rules of reputation
Technews Publishing Editor's Choice Security Services & Risk Management
Public Relations is more crucial than ever in the generative AI and LLMs age. AI-driven search engines no longer just scan social media or reviews, they prioritise authoritative, editorial content.

Read more...
How can South African organisations fast-track their AI initiatives?
AI & Data Analytics Security Services & Risk Management
While the AI market in South Africa is anticipated to grow by nearly 30% annually over the next five years, tapping into the promise and potential of AI is not easy.

Read more...
Efficient, future-proof estate security and management
Technews Publishing ElementC Solutions Duxbury Networking Fang Fences & Guards Secutel Technologies OneSpace Technologies DeepAlert SMART Security Solutions Editor's Choice Information Security Security Services & Risk Management Residential Estate (Industry) AI & Data Analytics IoT & Automation
In February this year, SMART Security Solutions travelled to Cape Town to experience the unbelievable experience of a city where potholes are fixed, and traffic lights work; and to host the Cape Town SMART Estate Security Conference 2025.

Read more...
Stallion repositions itself as a services provider
News & Events Security Services & Risk Management
Stallion has rebranded as Stallion Integrated Solutions to reflect its expanded capabilities beyond traditional security services to delivering integrated solutions that enhance safety, asset management, and operational efficiency.

Read more...
Seven tips to help ensure your backup batteries work
Power Management Security Services & Risk Management
Load shedding is back, officially or not. Lance Dickerson offers seven tips to prolong the life of your power backup systems and ensure they perform as intended when needed.

Read more...
Cybersecurity best practice
Information Security Security Services & Risk Management
Breach and attack simulation has become an essential element of cybersecurity strategies in any modern business by allowing companies to actively detect and resolve vulnerabilities through real-world attack simulations.

Read more...
Historic Collaboration cuts ATM Bombings by 30%
Online Intelligence Editor's Choice News & Events Security Services & Risk Management
Project Big-Bang, a collaborative industry-wide task team, has successfully reduced ATM bombings in South Africa by 30,7% during the predetermined measurement period of November, December and January 2024/5.

Read more...
Keeping safety central to enterprise risk management
Zulu Consulting Security Services & Risk Management
[Sponsored] As employee safety becomes an ever-more critical aspect of corporate risk management, Risk-IO assists risk managers in ensuring a safe working environment, whether in an industrial setting, an office, or anywhere.

Read more...
Empower individuals to control their biometric data
Information Security Access Control & Identity Management Security Services & Risk Management
What if your biometrics, now embedded in devices, workplaces, and airports, promising seamless access and enhanced security, was your greatest vulnerability in a cyberattack? Cybercriminals are focusing on knowing where biometric data is stored.

Read more...