welcome to executive investigations

protecting your business

                                             

1.1 Background
It is often thought that only governments are subjected to espionage. The exploits of the CIA, KGB and other intelligence services are well known to readers and movie goers around the world. Who hasn't seen a James Bond movie that portrays the exploits of a spy's life as exciting and full of danger and beautiful women. The armoury of electronic gadgets includes listening devices no larger than a pin head that are capable of transmitting studio quality conversations half way across the world. Fortunately this is not quite the case in real life.

What is not widely publicized, is that commercial espionage is conducted on a much larger scale than strategic espionage. Even government agencies have been increasingly active in this area, since the apparent decrease in the requirement for strategic espionage since the decline of the Cold war. The vast resources of giants like the CIA and KGB have been unleashed upon international commercial interests, where such activity is in the interests of the state. Whilst the cost of wheat may not seem to be a secret that requires the attention of James Bond, when one considers the monies, involved in a world wide contract for the supply of wheat, I am sure that a couple of martinis, stirred not shaken, and a fancy car, would be worth it.

The truth, of course, is not so fascinating. Like most public servants, "secret agents" are subjected to the same frustration. Budgetary restrictions and politics quite often restrict the activities of government agents. On the other hand, commercial spies do not have as many restrictions. When the existence or expansion of a multinational company is threatened by an opponent, all stops will be pulled out to acquire information to remove that threat. Thanks to the movies, a large number of executives really believe in the "gadgets", and do not understand, or appreciate the cost, time, and resources, required to gather the information.

Similarly, because of this belief in gadgets, the executive expects the Countermeasures Officer to be similarly equipped with hi-tech devices that will ferret out any attempt by the opposition to gather intelligence. This equipment should allow for the inspection to be conducted at a time that is convenient for the client rather than at a more effective time. It is rare, that a Countermeasures Officer will be given the mandate to conduct the required level of inspection. Unfortunately this usually results in a poor inspection and a false sense of security. This is just as prevalent in government circles as in the commercial world

1.2 What are they?
Electronic Countermeasures is a vague term and in my opinion an incorrect description of the types of inspection required for a counter espionage operation. However, it is far better than that other more often used term "De-Bugging". I have been mistaken for the "Flick Man" on more than one occasion and the term "Sweeper" seems to conjure up the image of a well dressed cleaner.

Electronic Countermeasures, or ECM for short, are those measures taken by a security officer to detect and locate illicit intelligence gathering devices. Intelligence gathering devices are not confined to listening devices ("bugs") but include video, data, and other esoteric systems. To detect such a wide variety of methods, electronic espionage requires more than a black box with pretty lights and fantastic noises. It requires knowledge, experience and, of course, the right equipment.

Electronic Countermeasures Inspections consist of:-

  • Physical Searches
  • Electronic Scanning of the RF Spectrum
  • Electronic Scanning of Furniture and Fittings
  • X-Ray and Thermal Imaging of Walls etc.
  • Inspection and Testing of Communications Systems
  • Inspection and Testing of Computer Systems

And a range of other specialist test procedures

1.3 Where do we get them?
        1.3.1 Government Agencies
A number of government agencies have their own Countermeasures Teams and some provide services to other departments. Private individuals and companies do not normally have access to these services and there have been occasions where government departments have employed private firms to provide Countermeasure Services.

     1.3.2 In-House Security Services
Some of our larger institutions provide in-house security services and this can work very well compared to out-sourcing. Security officers that are always on site have a more intimate knowledge of the area and the behind the scenes' activities that occur in such establishments. One of the problems that can occur in such instances is that the security officer is not normally chosen for his countermeasures' capabilities. Such appointments are normally made on his ability as a security guard or as a private detective. It is rare that a security guard will jeopardize his career by telling the Managing Director that he has to pull his socks up and stop leaving, sensitive material all over the desk. When this information comes from an outside consultant who has been paid money for his advice, the pill is somewhat sweeter to swallow. It is a lot easier to not re-engage a consultant than it is to sack an employee for doing his job. If the security officer is not given the opportunity to expand his knowledge and purchase the necessary equipment, then the company could suffer from a false sense of security.

     1.3.3 Large Security Firms
Most large security firms can supply Countermeasure Services to their clients. In most cases, the Countermeasures Officer is sourced from security consultancy firms specializing in this form of service. Some large companies do have their own capabilities, however, this is normally aimed at the less sophisticated end of the market.

     1.3.4 Security Consultants
Security consultants specializing in Electronic Countermeasures are the main source of Countermeasures Officers. These consultancy firms can be located by perusing the phone book or other business advertising material. It is strongly recommended that before you engage a firm, a cheek should be made to ascertain the credibility of the firm. Most good security consultancy firms advertise by word of mouth and personal recommendation.

      1.3.5 Private Investigators
Private Investigators, like the large security companies, generally out-source their Electronic Countermeasures Services, very few Private Investigators have the expertise to conduct Electronic Countermeasures themselves.

1.4 Why do we need them ?
The main aim, of any security measure, is to protect our assets. Electronic Countermeasures are no different in this respect. Rather than protecting against physical theft, Electronic Countermeasures inspections are designed to detect data theft by covert means. The techniques used to conduct this theft are varied and some will be discussed later. Whilst most companies prefer to keep the fact that they have Electronic Countermeasures inspections conducted on a regular basis, it could be argued, that it should be considered as a deterrent to would-be eavesdroppers. You do not try to hide the fact that you have locks or an alarm system guarding your valuables. In recent months there has been an apparent increase in "bugging" operations being conducted in the country's boardrooms. Whilst this is good for business it should still be seen as an increase in the crime rate and, therefore, abhorred. Whilst you may read about the occasional "bugging" in the papers, these are only the tip of the iceberg. Most companies are reluctant to advertise that they have suffered a data loss, as it may affect their business.

2.1 Identifying Risk
Risk analysis, is arguably one of the most important parts to any Electronic Countermeasures inspections. Without a properly conducted risk analysis, the Electronic Countermeasures Officer is basically flying blind. Many firms engage an Electronic Countermeasures Officer to "sweep" the office, and in many situations, this c 4 office" may include numerous floors within a multi-story building. It is doubtful, that the Managing Director really meant for the "sweep" to include the mail room, stationary closet, etc. Unscrupulous Electronic Countermeasures Officers will, of course, "inspect" these areas, thus either increasing the amount of time taken, and therefore the cost, or providing a less effective coverage of those areas that are at real risk. At the initial interview the firm should discuss their reason for requesting the inspection and attempt to identify particular high areas. This will enable an Electronic Countermeasures Officer to formulate a strategy that will provide the most effective inspection.

Material items are usually the first things that one thinks of when investigating the need for security. A company normally employs the services of a security firm to identify access points and provide security at those points to prevent unauthorized access. Most good security firms accomplish this task effectively and everybody is happy, for a time. Experience shows, that with time, all security systems tend to become less effective due to mismanagement, by both the security firm and the client. A good Countermeasures inspection, should attempt to identify weaknesses in the clients physical security. To place a listening device within the target area, one has to be able to access that area. It is rather pointless to conduct an Electronic Countermeasures inspection of an area, that does not have sufficient physical security.

Company secrets, include any information that may cause loss or embarrassment, should it fall into the wrong hands. Financial records, company strategies, board meeting papers, share restructures, patents, etc. The list goes on and on. All this information is normally available in a number of formats, ranging from conversational to electronic data to paper records, To obtain it the "spy" has a various avenues open to him.

To assist the Countermeasures Officer it would be useful if plans of the premises and other such. relevant information were made available to him, prior to the inspection. Interviews with personnel, that may have useful information regarding the communications and computer systems, should also be arranged at this time.

2.2 Methods of Intelligence Gathering
     2.2.1 Human
There are many ways of gathering intelligence about a target. Not all methods utilize the more shadowy aspects of espionage. It is astounding the amount of data that can be obtained from legal databases such as the Australian Securities Commission, Electoral Rolls, etc.

Non-Invasive techniques of sorting through the paper re-cycling bin or even sitting next to a group of employees at the pub, can gain an alert "spy" a great deal of useful information.

Befriending an employee and "pumping" them for information, is a technique used frequently by unscrupulous "agents". Once an employee has provided sensitive information, blackmail techniques can be applied to gain more information or even physical access to the premises. Of course, we should not forget the oldest method of all, "money".

     2.2.2 Electronic
Electronic eavesdropping is usually tried as a last resort by professional agencies. The amount of time and resources required to stage even a modest eavesdropping attack is considerable. Electronic. eavesdropping is favoured by those agencies who do not have the resources, or the experience, to apply those human techniques mentioned earlier.

These agencies are usually not very experienced in the advanced electronic eavesdropping techniques either.

Electronic eavesdropping methods can be divided into a number of sub-categories:

  • Audio
  • Radio Frequency
  • Carrier
  • Optical Non-Access

          2.2.2.1 Audio
Audio techniques are, by my definition, those techniques that use dedicated wires and microphones to carry the data away from the target area. They can also be comprised of a hidden tape recorder within the target area. Physical searching is, in my opinion, the only method that will provide a reasonable chance of success against this form of attack.

          2.2.2.2 Radio Frequency
This method is used extensively and in many different forms. The only common attribute is that the devices all transmit a radio frequency signal of some type. If, active at the time of inspection, and if, the Countermeasures Officer is using the appropriate equipment, and if, he has the necessary level of expertise, then he may detect these devices. 1 know that there seems to be an awfully large number of "ifs", but nobody said that this job was easy.

          2.2.2.3 Carrier
Carrier devices are a form of radio frequency transmitter but are usually of such a low frequency that they require a more substantial transmission medium than thin air. They commonly make use of power lines, telephone lines, and network cables, but they have been known to also utilize water, gas, and sewerage pipes. Try wrapping a sewer pipe around the antenna of your scanning receiver. Commonly available devices in this category are the "Baby Minders", available from most electronic suppliers.

          2.2.2.4 Optical
I use this term to describe the myriad of techniques that have evolved over recent years. In the old days, it was possible to read a document or a computer screen from an adjacent building with some degree of difficulty. With the advent of miniature video cameras, you can now install the "eye" built into a roof tile. This does not mean that you should discard the precaution of keeping your sensitive information away from external prying eyes. Computers and telephones can be "listened" to by the use of built in infrared transmitters that are extremely difficult to detect.

          2.2.2.5 Non-Access
This describes all those methods, that can be applied against a target that cannot be physically accessed. They include, laser microphones, shotgun microphones, and tempest techniques. 1 do not propose to discuss these techniques in any great detail, other than to say that they do work, are very resource intensive, expensive to buy and operate, and extremely difficult to detect. For these reasons, techniques of this type would normally only be used in espionage operations, where the target is difficult and the possible gains are high.

          2.2.2.6 Other techniques
There are other techniques that can be used and really the "spy" is only limited by his or her imagination. The Countermeasures Officer has to continually upgrade his knowledge base if he serious about protecting his client. I have seen too many examples of "security experts" that either continue to base their inspection techniques on old technology or, even worse, waste the client's time and money by conducting inspections looking for impractical attacks.

2.3 The Inspection
     2.3.1 Preparing for the Inspection
The target area should not be prepared or altered from its normal condition. No conversations concerning the inspection should take place in target offices, or on target telephones. In the case of a real-time monitoring inspection, the occupants of the target areas should not necessarily be aware of it taking place. It is imperative, that no warning be given to eavesdroppers, which may enable them time to remove or switch off listening devices. If possible, the Countermeasures Officer should be given a briefing as to the reason for the inspection ( routine or special ), and any other relevant information, which may allow him to tailor the inspection to suit the particular circumstances.

     2.3.2 When should the inspection take place?
The inspection should take place at a time, when it would be expected that a listening device was going to be active. In the case of remotely activated devices, this would occur during business hours and preferably during a meeting. It is not always convenient, or practical, to conduct full inspections at these times and, if possible, the inspections should be split so as to provide a satisfactory coverage.

     2.3.3 Who Should Know?
Preferably, the least number of people that know, the better the chance of catching the eavesdropper off guard. It is not inferred, that staff members may actually warn the eavesdropper. The possibility of someone discussing the intended inspection in a target area is obviously increased as the number of people "in the' know" increases. Certainly, it is normally a good practice for a prominent person within the organization, to introduce the Countermeasures Officer to the target area, and personnel, so as to demonstrate that the Countermeasures officer has the backing of management for his inspection. His cover may take the form of an office management consultant, communications consultant, building inspector, etc. Anything that may detract from his real purpose and yet allow him to conduct the inspection without hindrance.

     2.3.4 What form should it take?
          2.3.4.1 Physical Searches
In the past, when eavesdropping equipment was large and bulky, physical searches were a practical method of locating the devices. However, in this age of microelectronics and programmable equipment the chances of finding a device is greatly reduced. The idea of dismantling a telephone handset whilst almost mandatory in days of old, is fast becoming fraught with danger, given the variety of hi-tech telephone systems available today. Power outlets, telephone plugs, desk calendars, pens etc., containing listening devices, are available over the counter in most "spy" shops around the world. Long term installations, utilizing building structure and furniture, are nearly impossible to examine without the use of techniques such as Thermal imagery, X-ray, Non-Linear Junction detection, etc. A physical search, should also encompass the surroundings including floors above, below, and opposite. Most clients would not be in favour of exploratory dismantling of walls and furniture, and would probably baulk at the idea of involving neighbours in the inspection. Thus, the effectiveness of a physical inspection has been dramatically reduced. This does not, however, mean that it should be abandoned.

          2.3.4.2 Electronic Scanning of the Radio Frequency (RF) Spectrum
Electronic scanning of the RF spectrum, is a major part of the inspection. This can be conducted in a number of ways and each Countermeasures Officer has his own favourite method. Some use automatic "black boxes" that rapidly scan the RF looking for the strongest signal, which, it assumed has to be coming from the target area. In the CBD, or other high RF activity areas, these scanners invariably lock onto signals other than those they should be finding. Some automatic scanners utilize a form of acoustic signature, or self generated tones, that are emitted into the target area, whilst the scanner locates and demodulates RF signals. Should the scanner locate a signal modulated by a tone similar to that being generated by itself, it assumes that there is some form of transmission device within the target area. An alarm would be generated and the Countermeasures Officer would then try to locate the transmitter. These types of scanners usually work quite efficiently with minimal false alarms. They will not work on some of the more sophisticated methods of modulation, such as digitization, encryption, frequency hopping, and spread spectrum, etc. To date, most professional Countermeasures Officers use spectrum analysis as a tool, when dealing with high risk targets. Like physical searching, an electronic sweep is only one part of a Countermeasures inspection.

          2.3.4.3 Optical Scanning of the Environment
Where there is a threat of optical attack from either laser, infrared, high power photography, or CCTV then the Countermeasures Officer should scan the suspect area with the necessary detection devices. Laser microphones do work, however, they are usually employed when other avenues of access have been denied. Most commercial companies like to place their most senior people and meeting rooms where there is a good view. Sensitive government meeting rooms are invariably located in the centre of protected premises. It is possible that there may be a good reason for this. Perhaps the government takes spying a little more seriously.

          2.3.4.4 Electronic Scanning of Furniture and Fittings
Inspection of furniture, fittings and structural architecture is difficult if the client objects to destructive se . arch techniques. Managing Directors obviously object to suggestions of cutting their brand new board room tables to little pieces, so that one can be sure that there is not a listening device contained therein. Scanning of these objects can be done electronically and physically, and if conducted correctly, can have a fair chance of success. Obvious information of changes to furniture or renovations to walls, ceilings, etc., will assist the Countermeasures Officer in pinpointing possible areas of interest.

          2.3.4.5 X-Ray and Thermal imaging of Walls, etc.
These techniques are normally used as a last resort where other methods are not practical. Modern day x-ray systems are relatively small, and safe, if used correctly. They can be used to examine objects that have been identified by the electronic scanning techniques, previously mentioned as being suspect. Thermal imagery is not widely used and has limited use in commercial premises.

          2.3.4.6 Inspection and Testing of Communications Systems
With the ever increasing advances in communications technology, the Countermeasures Officer is hard pressed to stay abreast of his client's communications systems. however, whilst the technology changes, the methods available to the eavesdropper do not alter markedly. The object is to gather intelligence from the communications system and transmit it to a remote site. Normally, this can be achieved by accessing the communication carrier (cables) either within the premises, or externally. If the connection is made externally, then the chance of discovering the device is reduced, and, if conducted professionally, nigh on impossible. If the connection is made within the target premises, then there are methods, both electronically and physically, of finding the device. Digital telephone systems, that digitize the audio, from the time it leaves the handset, to the time that it teaches its destination, are becoming the norm in the 'corporate world and are very difficult to compromise. If the system is connected to the telephone exchange via an ISDN network, then the security is about as good as you are going to get commercially. This does not mean that the conversations cannot be intercepted, only that the eavesdropper has to work harder and smarter.

          2.3.4.7 Inspection and Testing of Computer Systems
There seems to be an attitude that, whilst many corporations worry about "bugs" in the boardroom, they do not appear to have any problems in letting their "secrets" leave the premises in unprotected laptop computers. Numerous companies bemoan the financial loss of company laptops and yet do not seem to be concerned about the loss of the data contained on the hard drive. Most large companies now run computer networks and, of course, all networks are password protected. Sensitive data is always stored on the network drives and never on the individual hard drives. It is human nature to distrust others, and on numerous occasions sensitive data has been found on the hard drives because of mistrust of the IT department. Company information is entered into the computer system in a logical precise fashion, and therefore, is worth more to the "spy", than mountains of audio tapes recovered from listening devices. One unsecured disk could cause the downfall of a company should it fall into wrong hands. Computer terrorism is another facet that companies appear to overlook. This could range from vandalism and deliberate sabotage, to extortion. There have been movies illustrating the use of threatened viral infection, such as aids and anthrax, in the pursuit of financial gain, but little on computer viral infection. I, personally, have not beard of such attacks, however, I would not expect such revelations to be forthcoming. It is common practice to pay up and shut up in these situations. The Countermeasures Officer should conduct an inspection of the computer system and network cabling to a reasonable level. Co-operation and trust between the Countermeasures Officer and the IT manager is almost mandatory, if this style of inspection is likely to succeed.

     2.4 The Follow Up
At the end of the inspection, the Countermeasures Officer should provide a report indicating what was inspected, and what the result was. It is very difficult to prepare a report saying that nothing was found, and you took an hour or more, not to find it. However, Electronic Countermeasures inspections should be seen as any other form of security measures. You can sometimes judge physical security measures based on the lack of thefts given the level of risk. Similarly, if your business is considered to be an attractive target, and you have not be the subject of an eavesdropping attack, then perhaps the Electronic Countermeasures inspections have produced their objective. One-off inspections, are rarely effective, for more than the time taken to do the job. For a company that requires protection on a regular basis, inspections should be scheduled for times of greatest risk. The level of inspection will depend upon the frequency of these inspections. Inspections should occur at least once a month, and especially after renovations, and equipment installation or maintenance. The Countermeasures Officer should establish a communication channel with the client, that is based on cooperation and trust. Understandably, this will take some time to establish, however, it is an integral part of the Countermeasures strategy. The more the Countermeasures Officer is treated as part of the team, the easier it is for him to become aware of trends that may affect the security of the client.

Conclusion
3.1 What can Electronic Countermeasures do for you?
Electronic Countermeasures should provide you with a better appreciation of your security needs. Regular inspections, if conducted properly, and by the same officers, will ensure a level of security adequate to the needs of your company. The inspections will assess' your physical and personnel security measures, and identify chinks in the Armour.

3.2 What can you do for yourself?
Most companies have individuals that are responsible for some aspect of security. Larger companies have Security Managers, Information Technology (IT) Managers and Administration Managers. However, it doesn't require a full time position to provide the level of security, that most companies need. Common sense and a good security awareness program will go a long way to addressing those needs. If the company personnel are encouraged to implement security measures in their own work areas, such as document shredding, a clean desk policy, challenging strangers in the office, etc, the need for additional security measures will be reduced. This does not mean that you should not conduct Electronic Countermeasures inspections, rather it simplifies the work of the Countermeasures Officer, and therefore increases the effectiveness of the inspection. It should be remembered that security measures are most effective, when implemented from the top down. When management is seen to be implementing security measures in their workplace, the rest of the staff will follow.

All companies require some form of protection against the theft of assets, including data, both verbal and materialistic. The question, of whether Electronic Countermeasures is to be part of your protection strategy, depends upon the level of risk. The answer to that question, is up to you.

written by Graeme House
Article used with permission

Copyright 2014 Executive Security and Investigations Pty Ltd