A simple guide to TSCM Sweeps
“Alex Bomberg, CEO of International Intelligence Limited, looks at TSCM sweeps and discusses what you as a potential client or end-user need to know or the questions that you need to be asking”
TSCM sweeps are known by many different names: bug sweeping, TSCM inspections, electronic counter-surveillance etc. They are all one in the same thing; an electronic and physical check or inspection of a room, building, area or vehicle. For ease we will refer to these services as a TSCM sweep.
In this guide we cut though the technical speak and look at some of the latest equipment employed (as of June 2015), state what a TSCM sweep should include, look at present and future threats and dispel some myths surrounding eavesdropping.
Having been involved in counter espionage since 2002, working for clients worldwide, we have seen a total shift in the technology involved in electronic eavesdropping, from very simply FM & UHF devices to GSM, burst transmission and encrypted devices. The constant rise of attacks on IT systems and the use of spyware in both desktop computers and mobile devices, such as smart phones, cannot go unmentioned when talking about the age that we live in and present threats to security.
We should probably start by saying that there are many companies across the world offering TSCM sweep services. Sadly, there are very much two tiers of companies operating in this field: those that can and those that cannot. Shiny websites do not tell the whole story about who can and who cannot provide a TSCM sweep to a high level. Clients should, as always, carry out due diligence when making the choice of what TSCM company to use; once described to us as like choosing the right dentist!
Many companies make the mistake of employing people or firms that have “all the gear and no idea” or worse!
How can you be an expert in counter espionage if you have never placed a bugging device in real world scenarios? This is one question you should be thinking about when looking at a “TSCM Expert” or TSCM service provider; can they offer me the best possible advice and do they know what they are talking about?
You need to employ a company that not only has the correct equipment, but who also have personnel who know what is and what is not possible when it comes to placing eavesdropping devices.
When looking at TSCM companies clients should ask themselves the following questions as a starting point:
- What is the reputation of this company?
- Are they going to sub-contract this service out?
- What equipment does this company use?
- Is this equipment up to date?
- What are the backgrounds of the TSCM team?
- Are they qualified to be looking at our electrical or telephone systems?
- Do I want to be discussing my/our weaknesses with these people?
- What is included in the TSCM sweep?
- Can they offer training and education to our management/key personnel?
The above list is just a few of the questions that a company or individual should be asking to help choose the right company, remembering it's not all about a shiny website. Many good TSCM firms will be quite busy and you will therefore be required to book in advance, this is always a good sign.
Client and Service Provider Relationship
Going back to the analogy of choosing the right dentist, a TSCM sweep is a very intrusive service, or should be if conducted right.
One very dangerous practice that is creeping into the security industry is the sub-contracting of TSCM services. This is very dangerous as all continuity and privacy is lost. If your close protection provider or favoured risk management company cannot provide an in-house service, then you need go to a specialist TSCM sweep firm.
Remember that you need to be able to discuss your security concerns with your TSCM sweep company. You need to be able to have honest and open discussions with these professionals about what you feel is the threat level and the direction of the threat. To just get a company in for a TSCM sweep and not talk to them is an opportunity missed.
If you have chosen the right company in the first place then those TSCM professionals will be a font of knowledge as to the present technologies and threats; your senior management, risk, security or IT professionals should be taking an interest and taking note.
When should a TSCM sweep take place?
Ideally, companies should look at TSCM sweeps as part of their security housekeeping policy; they should have a security and risk policy that includes the budgeting for TSCM. The frequency and the requirements are very much down to the individual company and how they perceive the level of threat against them at that particular time. For instance, a company might be involved in a hostile take-over or substantial litigation and may wish to increase the level of service at that particular time.
If a company feels that it may have an issue of loss of sensitive information then a TSCM sweep is not the only thing that it should be thinking about. This is very much a common mistake and one that is often regretted in hindsight.
Should a company find that it is in the position where it feels it is losing information or data, then really that company should launch a full internal investigation and, where required, call in external counter espionage experts.
In many cases the loss of sensitive company information can be down to a failing in internal policy, such as office refuge or key staff leaving. It is not always about targeted acts of espionage, but if this is the case, it's often worthwhile managing the issue correctly, leaving open options of legal action. Should this be mismanaged at an early stage then it is difficult to regain the situation and opportunities to gather key evidence may be lost.
A little about Eavesdropping Devices
This section will dispel a few myths and misinformation about “bugs”, or covert transmitters, before we go into more detail about countering these threats.
Most people's understanding of bugging or eavesdropping devices comes from watching television, films or popular fiction books such as the legendary James Bond or The Good Shepherd, starring Matt Damon. This is not the 1980's and the Cold War, times and technology has moved on leaps and bounds, although that is not to say that some espionage technique developed then is still not applicable today.
The Cold War saw the real birth of eavesdropping devices, with not only a change in the size of the devices, but also in the ingenuity of planting and of disguising the devices. Almost 40 years on and times have indeed changed.
“99% of the capabilities of bugging devices that are depicted in popular film and television are not technically possible.”
Those that plant covert bugging devices need to look at many options before even getting to the stage of entering the building/area and planting any devices.
Considerations could be and are not limited to:
- Cost vs reward
- Level of risk
- Type of building (steel & concrete or brick)
- Location of target room/area within building
- Timescale monitoring
- Monitoring or receiving location
- Access to room/area and building
The above gives just a small insight into the questions that need to be asked before even selecting what type of device to deploy: UHF, VHF or GSM etc. This is vital before you get onto how the device is going to be powered or how and where the signal is going to be received.
It would be very foolish to think that you could just buy a device, plant it and place it within an office; there is much more to it than that. There are many more things to think about; not to say of course that a person with no prior knowledge or training could not pose a threat.
If a device is not tested once in place, then how will you know that it is going to work as desired? Can it pick up audio ok; is there too much background noise? Is it transmitting correctly? These are all further questions. With GSM devices, one big technical consideration and further question for those carrying out acts of industrial or corporate espionage is whether the chosen network operates with high signal strength in that building.
Small eavesdropping devices are great for quick, short-term tasks, such as those built into pens, computer mice or stuck under desks or chairs etc. However, these devices have their drawbacks and devices that are going to be required to be in position long-term require more sustainable power supplies and are normally “hard wired” or built in to powered devices, for example plug sockets, extension leads, phones or computer monitors etc.
“Sometimes it really is as simple as placing a Dictaphone on voice activation for later retrieval.”
Since the mid 2000's and the rise of internet usage there has been a large increase in “off the shelf” eavesdropping devices, ranging from complex GSM devices to the lower end of the scale FM, UHF devices. One thing is for sure, £100 can buy you a reasonable device capable of causing a company loss of vital commercial information, i.e. reputational damage and loss of profits.
An individual or organisation carrying out acts of espionage is going to look at the easy options for intelligence gathering first, i.e. those with the least risk and that are most cost effective. Eavesdropping and monitoring of devices is expensive and full of risks, with huge damage to profits and reputations if caught, not forgetting prison sentences. That said, very few corporate espionage cases are ever brought to court, victims instead prefer to settle such matters outside of court to save bad PR and reputational damage.
Present and Future Espionage Threats
In the last fifteen years, eavesdropping devices have got smaller and smaller as surface mount technology has become cheaper; batteries too have become more stable and of course smaller.
£500 will now buy you a GSM double plug socket transmitter, capable of being in situ for many years and monitored anywhere in the world.
The only saving grace with GSM devices is that, due to the terror attacks of Al Qaeda and timed or sequenced Improvised Explosive Devices (IED's), SIM Cards that are unregistered have become harder to purchase in many western countries. Due to this, SIM Cards are becoming more attributable.
Those designing bugging devices have become more intelligent, with an emphasis on burying the device within a functioning electronic device, such as a monitor. These devices, normally GSM transmitters, are hard wired and almost impossible to find.
What is the future of bugging or eavesdropping devices?
We think that the high end of the market will see more intelligent devices that will become harder to detect, programmable to sleep, with masked heat signature. They will also inevitably continue getting smaller.
The lower end of the market continues to grow, with cheaper electronic devices almost a novelty. A quick internet search for “bugging device” will demonstrate the vast variety of websites offering cheap, yet functioning, eavesdropping devices.
“It's not about how expensive the bugging device or how experienced the user, it's about the potential damaged caused”
A professional TSCM service provider should be able to provide you with a full team of operatives, each bringing a different skill set or range of qualifications. If your TSCM firm arrives and it's one person with a few pieces of equipment then you have made the wrong choice.
A TSCM team should have a team leader, from a solid intelligence or military intelligence background, with an understanding of present technology and threats. Ideally (dependant on the size of the task) a sweep team should include a qualified electrician (to check electrics, ducting, fitting and sockets) and also a qualified telecommunications engineer to check telephone lines.
How should a TSCM sweep take place?
Exactly how a TSCM Sweep takes place is very much dependant on the topography of the building and how it is laid out; how many floors, how much open office space etc.
Ideally, the team would enter the target building at night when there are no workers in the building. Normally, the TSCM Team would set up in a central location on each individual floor that requires sweeping (in the case of a rural residence, one location will suffice).
A TSCM team should employ different TSCM equipment, with each piece of equipment carrying out a specific role. As standard procedure, you would expect any TSCM firm worth its salt to be using a spectrum analyser such as the OSCOR Green - a state of the art electronic counter measures receiver, sweeping from 10 kHz to 24GHz in seconds. The purpose of the OSCOR Green is to survey the given area and produce a spectrogram of receiver traces, i.e. it maps all the frequencies transmitting (between 10 kHz to 24GHz) in that given area. Based on this survey, an operative can then analyse the results and look for possible suspicious transmissions, ruling out “normal” background traffic.
Over and above a spectrum analyser survey, a team should also be looking for redundant hardwired devices, covertly placed recording devices (such as Dictaphones) or devices that are piggybacking on or off the back of genuine electronic devices (such as telephone lines or computers). To look for these devices both a physical and technical inspection is required, often employing equipment such as a Non-Linear Junction Detector. This looks for, and detects, circuitry used within circuit boards or microphones that are or are not powered at that time, i.e. “passive devices”.
There are many, many other types of equipment that can and should be deployed on a TSCM sweep, from thermal imaging cameras to look for devices buried within walls or soft furnishings, to GSM specific devices such as SEARCHLIGHT. This is a dedicated GSM/UMTS detection and location system designed to identify the IMEI of the SIM card. It can quickly distinguish between legitimate or authorised mobile phones and GSM bugging devices transmitting within the given target area.
“It would not be an underestimate to expect a firm offering TSCM sweeps to have invested well in excess of £500,000”
What should be inspected?
One basic school boy error by large companies is forgetting to inspect common areas, such as toilets, lifts and refreshment areas. Often these areas are where sensitive conversations take place and therefore they should not be ignored.
Meeting rooms and offices of directors or senior partners should be at the very top of the list, not forgetting offices of related personal assistants. Open areas are in many ways harder to sweep, as they have a number of sockets and work stations. These areas take time; particular attention should be paid to allocating the correct amount of time to this task.
A physical inspection of all sockets, ducting, lighting and electronic devices should be conducted by a qualified electrician, someone who is of course knowledgeable and well versed when it comes to eavesdropping devices.
Great care and attention should be paid to the telephone system within the building. This should be inspected by a qualified telecommunications engineer, again with knowledge of eavesdropping devices. Telephone systems are an easy option when it comes to espionage, and a conferencing system or desk telephone can be so easily turned into a listening device quickly, just by tampering with the device and wiring. It is very, very simple and almost impossible to detect unless you have specialist and up to date knowledge of telephone systems.
Vehicles are often inspected; not just cars, but also private yachts and aircraft are subject to being swept. Each of these vehicles poses a different set of problems and approaches and requires expert knowledge not only of eavesdropping devices and capability, but of the wiring and workings of those vehicles. For example, a TSCM sweep on a car takes a great deal of time and involves endoscopes and thermal imaging devices and of course a knowledge of what is and what is not possible when it comes to deploying eavesdropping devices.
Are computers normally covered as part of a TSCM inspection?
Computers are not normally covered on TSCM sweeps but can also easily be turned into eavesdropping devices with just the edition of spyware. This is not a real worry for large companies with IT security managers and teams, but can be totally forgotten and overlooked when it comes to company directors working remotely from home. Computers should be physically inspected by a qualified IT Expert. Very few TSCM firms cover computers during TSCM sweeps, even though computer cases are the ideal place to conceal a hard wired device.
The lack of technical knowledge is one issue here; a member of a TSCM team might not know what he/she is looking at/for within the circuits of a computer. Another reason is that most senior management would expect the IT department to know what is inside each workstation computer and view this as their responsibility. It is doubtful that an average IT expert would notice another small circuit or card, or more wiring, within a PC.
A TSCM sweep should be part of your ongoing security and counter espionage policy; employed alone in isolation they are a token gesture.
Should you require more information about Technical Surveillance Counter Measures or counter espionage services, please do get in contact with us. All enquiries are treated with the utmost confidentiality and of course we would encourage the signing of a confidentiality or non-disclosure agreement when discussing issues or problems that you might be facing.
International Intelligence Limited TSCM sweep service information can be found here: Technical Surveillance (TSCM)
A latest equipment list that our TSCM teams use can be found here: TSCM Equipment