A simple guide to TSCM Sweeps
“Alex Bomberg, CEO of International Intelligence Limited looks at TSCM Sweeps and discusses what you as a potential client or end-user need to know or the questions that you need to be asking”
Technical surveillance counter measures or TSCM sweeps are known by many different names, bug sweeping, TSCM Inspections or electronic counter-surveillance etc. really they are all one in the same thing, an electronic and physical check or inspection of a room, building, area or vehicle. For ease we will refer to these services as a TSCM Sweep.
In this guide we cut though the technical speak and look at some of the latest equipment employed (as of June 2015), what a TSCM Sweep should include, look at present and future threats and dispel some myths surrounding eavesdropping.
Having been involved in Counter Espionage for fifteen years, working for clients worldwide, I have seen a total shift in the technology involved in electronic eavesdropping, from very simply FM & UHF devices to GSM and burst transmission encrypted devices. The rise and rise of attacks on IT Systems and the use of spyware in both desktop computers and in mobile devices such as smart phones cannot go unmentioned when talking about the age that we live in and present threats to security.
We should probably start by saying that there are many companies across the world offering TSCM Sweep services. Sadly there are very much two tiers of companies operating in this field; those that can and those that cannot. Sadly shinny websites do not tell the whole story about who can and who cannot provide a TSCM Sweep to a high level. Clients should, as always carry out due diligence when making the choice of what TSCM company to use. Once described to me as like choosing the right Dentist!
Many companies make the mistake of employing people or firms that have “all the gear and no idea” or worse!
How can you be an expert in counter espionage if you have never placed a bugging device in real world scenarios? That is one question you should be thinking about when looking at a “TSCM Expert” or TSCM service provider. Can they offer me the best possible advice and do they know what they are talking about?
You need to employ a company that not only has the correct equipment, but who also have personnel who know what is and what is not possible when it comes to placing eavesdropping devices.
When looking at TSCM companies clients should ask themselves the following questions as a starting point:
- What is the reputation of this company?
- Are they going to sub-contract this service out?
- What equipment does this company use?
- Is this equipment up to date?
- What are the backgrounds of the TSCM team?
- Are they qualified to be looking at our electrical or telephone systems?
- Do I want to be discussing my/our weaknesses with these people?
- What is included in the TSCM Sweep?
- Can they offer training and education to our management/key personnel?
The above list are just a few of the questions that a company or individual should be asking to help choose the right company, remembering it's not all about a shiny website. Many good TSCM firms' will be quite busy and you will have to book, that is always a good sign.
Client service provider relationship
Going back to the analogy of a like choosing the right gynaecologist a TSCM Sweep is a very intrusive service or should be if conducted right.
One very dangerous practice that is creeping into the security industry is the sub-contracting out of TSCM services. This is very dangerous as all continuity and privacy is lost. If your close protection provider or favoured risk management company cannot provide an in-house service, then you need go to a specialist TSCM Sweep firm.
Remember that you need to be able to discuss your security concerns with your TSCM Sweep Company. You need to be able to have honest and open discussions with these professionals about what you feel is the threat level and where the direction of that threat. To just get a company in for a TSCM Sweep and not talk to them is an opportunity missed.
If you have chosen the right company in the first place then those TSCM professionals will be a font of knowledge as to the present technology's and threats; your senior management, Risk, Security or IT professionals should be taking an interest and taking note.
When should a TSCM sweep take place?
Ideally companies should look at TSCM sweeps being part of their security housekeeping policy; they should have a security and risk policy that includes the budgeting for TSCM. The frequency and the requirements are very much down to the individual company and how they perceive the level of threat against them at that particular time. For instance a company might be involved in a hostile take-over or substantial litigation and may wish to increase the level of service at that particular time.
If a company feels that it may have an issue of loss of sensitive information then a TSCM sweep is not the only thing that it should be thinking about. This is very much a common mistake and one that is very much regretted in hindsight.
Should a company find that it is in the position where it feels it is losing information or data then really that company should launch a full internal investigation and where were required call in external counter espionage experts.
In many cases the loss of sensitive company information can be down to failing in internal policy, such as office refuge, key staff leaving. It's is not always about targeted acts of espionage, but if this is the case, it's often worthwhile managing the issue correctly leaving options of legal action. Should this be miss managed at an early stage then it is difficult to regain the situation and opportunities to gather key evidence may be lost.
A little about eavesdropping devices
Just to dispel a few myths and misinformation about “bugs” or covert transmitters for a moment before we go into more detail about countering these threats.
Most people's understanding of bugging or eavesdropping devices comes from watching television, films or popular fiction books such as of course the legendary James Bond or The good shepherd, staring Matt Damon. This is not the 1980's and the Cold War, times and technology has moved on leaps and bounds; that is not to say that some espionage technique developed then is still not applicable today.
The Cold War saw the real birth in eavesdropping devices, not only a change in the size of the devices, but the ingenuity of planting and of disguising the devices. Almost 40 years on and times have indeed changed
“99% of the capabilities of bugging devices that are depicted in popular film and television are not technically possible.”
Those that plant covert bugging devices need to look at lots of options before even getting to the stage of entering the building/area and planting any devices.
Considerations could be and are not limited to:
- Cost vs reward
- Level of risk
- Type of building (Steal & concreate or brick)
- Location of target room/area within building
- Timescale monitoring/eavesdropping is required
- Monitoring or receiving location
- Access to room/area and building
The above gives just a small insight into the questions that need to be asked before even selecting what type of device to deploy, UHF, VHF or GSM etc. That is even before you get onto how the device is going to be powered or how and where the signal is going to be received.
It would be very foolish to think that you could just buy a device, plant it and place it within an office; there is much more to it than that, many more things to think about, not to say of course that a person with no prior knowledge or training could not pose a threat.
If a device is not tested once in place, then how will you know that it is going to work as desired? Can it pick up audio ok; is there too much background noise? is it transmitting correctly? These are all further questions. With GSM devices, does the chosen network operate with high signal strength in that building is one big technical consideration and further questions for those carrying out acts of industrial or corporate espionage.
Small eavesdropping devices are great for quick short term task such as those built into pens, computer mice or stuck under desks or chairs etc. But, devices have their drawbacks and devices that are going to be required to be in position long term require more sustainable power supplies and are normally “hard wired” or built in to powered devices; for example plug sockets, extension leads, phones or computer monitors etc.
“Sometimes it really is as simple as placing a Dictaphone on voice activation for later retrieval.”
Since the mid 2000's and the rise of internet usage there has been a large increase in “off the shelf” eavesdropping devices, these range from complex GSM devices to the lower end of the scale FM, UHF devices. But one thing for sure, £100 can buy you a reasonable device capable of causing a company loss of vital commercial information; i.e. Damage and loss of profits.
An individual or organisation carrying out acts of espionage is going to look at the easy options for intelligence gathering first, the easiest with the least risk and the most cost effective. Eavesdropping and monitoring of devices is expensive and full of risks with huge damaging to profits and reputations if caught; not forgetting prison sentences. That said very few corporate espionage cases are ever brought to court, victims instead prefer to settle such matters outside of court to save bad PR and reputational damage.
Present and future espionage threats
The last fifteen years eavesdropping devices have got smaller and smaller as surface mount technology has got cheaper; batteries too have become more stable and of course smaller.
£500 will now by you a GSM double plug socket transmitter; capable of being in situ for many years and monitored anywhere in the world.
The only saving grace with GSM devices is that due to the terror attacks of Al Qaeda and timed or sequenced Improvised Explosive Devices (IED's) SIM Cards that are unregistered have become harder to purchase in many western countries. So at least SIM Cards are becoming more attributable.
Those designing bugging devices have become more intelligent with an emphasis on burying the device within a functioning electronic device, such as a monitor. These devices normally GSM transmitters are hard wired and almost impossible to find.
What is the future of bugging or eavesdropping devices? I think that the high end of the market will see more intelligent devices that will be harder and harder to detect, programmable to sleep with masked heat signature and they will of course keep getting smaller.
The lower end of the market keeps growing with cheaper electronic devices almost a novelty. A quick internet search for “bugging device” will demonstrate the vast variety of website offering cheap yet functioning eavesdropping devices.
“It's not about how expensive the bugging device or how experienced the user, it's about the potential damaged caused”
A professional TSCM service provider should be able to provide you with a full team of operatives each bringing a different skill set or range of qualifications. If your TSCM firm arrives and it's one bloke with a few pieces of equipment; then you have made the wrong choices.
A TSCM team should comprise of a Team Leader from a solid intelligence or military intelligence background with an understanding of present technology and threats. Ideally (dependant on the size of the task) a sweep team should comprise of a qualified electrician (to check electrics, ducting, fitting and sockets) and also a qualified telecommunications engineer to check telephone lines to the point where the lines enter the building.
How should a TSCM sweep take place?
Exactly how a TSCM Sweep takes place is very much dependant on the topography of the building and how it is laid out, how many floors, open office space etc.
Ideally going into the target building at night when there are no workers in the building, normally the TSCM Team would set up in a central location on each individual floor that requires sweeping (in the case of a rural residence, one location is suffice).
A TSCM Team should employ different TSCM equipment, each piece of equipment carrying out a specific role. As standard you would expect any TSCM firm worth its salt to be using a spectrum analyser such as the OSCOR Green, a state of the art electronic counter measures receiver sweeping from 10 kHz to 24GHz in seconds. The purpose of the OSCOR Green is to survey the given area and produce a spectrogram of receiver traces; i.e. it maps all the frequencies transmitting (between 10 kHz to 24GHz) in that given area. Based on this survey an operative can then go about analysing the results looking for possible suspicious transmissions, ruling out “normal” background traffic.
Over and above a spectrum analyser survey a team should also be looking for redundant, hardwired devices, covertly placed recording devices (such as Dictaphones) or devices that are piggybacking on or off the back of genuine electronic devices (such as telephone lines or computers). To look for these devices both a physical and technical inspection is required; often employing equipment such as a Non Linear Junction Detector. This looks for and detects circuitry used within circuit boards or microphones that are or are not powered at that time, i.e. “Passive devices”.
There are many, many other types of equipment that can and should be deployed on a TSCM Sweep; from Thermal imaging cameras to look for hear signatures of devices buried within walls or soft furnishings to GSM specific devices such as SEARCHLIGHT. This is a dedicated GSM/UMTS detection and location system, designed to identify the IMEI of the SIM card and can quickly distinguish between legitimate or authorised mobile phones and GSM bugging devices transmitting within the given target area.
“It would not be an underestimate to expect a firm offering TSCM Sweeps to have invested well in excess of £500,000”
What should be inspected?
One basic school boy error by large companies is forgetting common areas, toilets, lifts and refreshment areas. Often these areas are where sensitive conversations take place and these areas should not be ignored.
Meeting rooms and offices of Directors or senior partners should be at the very top of the list, not forgetting of course offices of related Personal Assistants. Open areas are in many ways harder to sweep with a number of sockets and work stations. These areas take time and particular attention should be paid to allotting the correct amount of time to the task.
A physical inspection of all sockets, ducting, lighting and electronic devices should be conducted by a qualified electrician, someone who is of course knowledgeable and well versed when it comes to eavesdropping devices.
Great care and attention should be paid to the telephone system within the building. This should be inspected by a qualified telecommunications engineer, again with knowledge of eavesdropping devices. Telephones systems are an easy option when it comes to espionage, and a conferencing system or desk telephone can be so easily turned into a listening device, quickly, just by tampering with the device and wiring. It is very, very simple and almost impossible to detect unless you have specialist and up to date knowledge of telephone systems.
Vehicles are often inspected, not just cars, but also private yachts and aircraft as subject to being swept. Each of these vehicles poses a different set of problems and approaches and requires expert knowledge not only of eavesdropping devices and capability, but of the wiring and workings of those vehicles. A TSCM sweep on a car takes a great deal of time and involves endoscopes and thermal imaging devices and of course a knowledge of what is and what is not possible when it comes to deploying eavesdropping devices.
Are Computers normally covered as part of a TSCM inspection?
Not normally covered on TSCM sweeps computers can also be turned into eavesdropping devices just with the edition of spyware, not a real worry for large companies with IT Security managers and teams, but totally forgotten and overlooked when it comes to Company Directors working remotely from home. Computers should be physically inspected by a qualified IT Expert. Very few TSCM firms cover computers during TSCM Sweeps, even though computer cases are the ideal place to conceal a hard wired device.
The lack of technical knowledge being one issue; a member of a TSCM team might not know what he/she is looking at/for within the circuits of a computer. Another reason is because most senior management would expect the IT department to know what is inside each workstation computer and that it is their responsibility. I very much doubt that an average IT Expert would notice another small circuit or card or more wiring within a PC.
A TSCM Sweep should be part of your ongoing security and counter espionage policy, employed alone in isolation they are a token gesture.
Should you require more information about Technical Surveillance Counter Measures or counter espionage services, please do get in contact with us. All enquiries are treated with the utmost confidentiality and of course we would encourage the signing of a confidentiality or non-disclosure agreement when discussing issues or problems that you might be facing.
International Intelligence Limited TSCM Sweep service information page can be found here: Technical Surveillance (TSCM)
A latest equipment list that our TSCM teams use can be found here: TSCM Equipment