Technical Surveillance Counter-Measures
From Wikipedia, the free encyclopedia
TSCM (Technical Surveillance Counter-Measures) is the original Unites States military abbreviation denoting the process of bug-sweeping or electronic countersurveillance. It is related to ELINT, SIGINT and Electronic countermeasures (ECM).
The United States Department of Defense defines a TSCM survey as a service provided by qualified personnel to detect the presence of technical surveillance devices and hazards and to identify technical security weaknesses that could aid in the conduct of a technical penetration of the surveyed facility. A TSCM survey will provide a professional evaluation of the facility's technical security posture and normally will consist of a thorough visual, electronic, and physical examination in and about the surveyed facility.
This definition is however lacking some of the technical scope involved. COMSEC (Communications Security), ITSEC (Information Technology Security) and physical security are also a major part of the work in the modern environment. The advent of multimedia devices and remote control technologies allow huge scope for removal of massive amounts of data in very secure environments by the staff employed within, with or without their knowledge. Even PlayStation Portables (PSPs) have wireless connectivity and optional storage capacity. Therefore connection and forward on receive over 54 Mbit/s wireless for hundreds of meters is achievable.
Contents |
[edit] Methodology
[edit] Radio Frequencies
Most bugs emit some form of electromagnetic radiation, usually radio waves. The standard counter-measure for bugs is therefore to "sweep" for them with a receiver, looking for the radio emissions. Professional sweeping devices are very expensive. Low-tech sweeping devices are available through amateur electrical magazines, or they may be built from circuit designs on the Internet. But sweeping is not foolproof. Advanced bugs can be remotely operated to switch on and off, and some even rapidly switch frequencies according to a predetermined pattern in order to make location with sweepers more difficult. A bug that has run out of power may not show up during a sweep, which means that the sweeper will not be alerted to the surveillance.
[edit] Devices that do not emit radio waves
Instead of transmitting conversations, bugs may record them. Bugs that do not emit radio waves are very difficult to detect, though there are a number of options for detecting such bugs.
Very sensitive equipment could be used to look for magnetic fields, or for the characteristic electrical noise emitted by the computerized technology in digital tape recorders; however, if the place being monitored has many computers, photocopiers, or other pieces of electrical equipment installed, it may become very difficult. Older analog equipment is even more difficult to detect.
Another method is using very sensitive infrared cameras to detect waste heat of a bug, or different thermal conductivity of a place where it is hidden after briefly chilling the surface of the object with, for instance, liquid nitrogen.
[edit] Technology used
Please help improve this section by expanding it. Further information might be found on the talk page or at requests for expansion. |
Technology used for a bug sweep includes but is not limited to:
- Multimeters for general measurements
- Time-domain reflectometer (TDR) for testing integrity of telephone lines and other communication cables
- Frequency scanner with a range of antennas and filters for checking the electromagnetic spectrum for signals that should not be there
- Oscilloscope for visualisation of signals
- Spectrum analyzer and vector signal analyzer for more advanced analysis of signals
- Nonlinear junction detector (NLJD) for detection of hidden electronics
- Portable x-ray machine for checking the inside of objects and walls.
- Computer security devices and tools for computer-related threats
- Tools for manual disassembling of objects and walls in order to visually check their content. This is the most important, most laborious, least glamorous and hence most neglected part of a check.
[edit] Cautions
Please help improve this section by expanding it. Further information might be found on the talk page or at requests for expansion. |
- Due to the esoteric nature of the intelligence field, there are many spy shops offering both low-quality bugs and low-quality bug sweeps. Without at least rudimentary knowledge of the problematics it is easy to become victim of a scam.
- Never order a sweep from a telephone or other comm channel that can be bugged. Some bugs can be switched off remotely, which makes them even more difficult to find.
- There is a continuous spectrum of adversaries and technologies they use; from a repurposed baby monitor that can be found with a $100 scanner to the most sophisticated toys of National Security Agency operating on almost-terahertz frequencies. Every measure has a countermeasure, which usually requires an adequately expensive equipment.
- In some cases a security threat is only in the mind of the victim.
- In some countries it is illegal to tamper with bugs planted by law enforcement agencies.
- Some threats, eg. optical microphones or cavity bugs, are very difficult to find by electronics means.
- Some equipment that is not a threat on itself may exhibit microphonics.
- More sophisticated bugs, including "burst bugs" and "frequency hoppers", can defeat low-quality sweeps by shifting frequencies, storing information, and releasing information in short burts.[1]
[edit] See also
- Telephone tapping
- Bugs
- Espionage
- Privacy
- Military intelligence
- Communications security
- Secure telephone
- Security engineering
[edit] References
- ^ Moore, Denver (2008-04-11). Technical Surveillance Counter Measures. OneSmartPI.com. Denver B. Moore Investigations. Retrieved on 2008-04-13. “...the very latest sophisticated eavesdropping devices including "Frequency Hoppers" and "Burst Bugs" [...] are specifically designed to defeat detection by shifting frequencies, storing information and then releasing it in brief bursts.”
[edit] External links
- TSCM Handbook; A Valuable TSCM Reference
- TSCM Measure Training; Gives a list of trainings and courses you need to break into the TSCM field
- TSCM Products - Ocean Group – Description of TSCM Equipment
- ATSCP – a non-profit association representing professionals in the European TSCM industry