How Grandma Hears Everything...

 …and why your business should care. 

There is a new eavesdropping spy trick in town. You could get burned unless you know about it.

Let’s start with Grandma. She is hard of hearing. A while back the family gave her money to buy two new hearing aids. Nice. Now she has stopped saying, “WHAT!” all the time. She hears everything clearly. 

There is only one problem. She seems to  hear everyone’s conversations even when she is not in the room. Sometimes she is in her room with the door closed. 

It’s a mystery, but we’ll figure it out soon. more

TSCM Detection Evaluation of the AudioWow Wireless Microphone

AudioWow advertising is enticing, a Wireless Audio Studio Microphone in a Matchbox Size.

Certain features pointed in that direction…

• Nano sized.
• Records directly to a smartphone.
• Up to 50 foot range. Good enough for some operations.
• Bluetooth transmission. Low probability of intercept.
• Professional quality sound.
• Equalization capabilities.
• Noise reduction capabilities.
• Audio to text transcription… in 120 different languages!

Could it be useful as a spy device?
Could a TSCM bug sweep detect it?
We tested and found... more

Courthouse TSCM Surveillance Sweep Yields...

At the Jackson County Commission meeting... Interim Chairman Jason Venable gave an update on the counter-surveillance sweep that was done at the courthouse after allegations of covert surveillance surfaced. 

Venable held a four-page report as he gave the results.
Venable stated, “Based on the examinations, the writer is of the opinion that no video evidence or active covert video/audio/collection evidence was identified in the area examined during the time of these examinations.”

According to Venable, the person who performed the sweep is from a company in Birmingham and is the same person hired for the Bench and Bar, who swept the entire upstairs of the courthouse, such as offices, judge’s chambers, courtrooms, etc., along with the bottom floors. According to EMA Director, Paul Smith, the sweeps lasted until almost midnight. Each department head was present and directed to ensure every possible area was covered. more

Jackson County (AL) Conducts "Professional Search" for Surveillance Cameras

AL - The Jackson County Commissioners Office moved ahead with a professional search of the courthouse, and a number of other county buildings in Scottsboro, after the discovery of a surveillance camera that may have been used to inappropriately watch a female employee. The Alabama Law Enforcement Agency (ALEA) is currently investigating those allegations...

District 3 Commissioner AJ Buckner told News 19 that so far, they have found no evidence that any other cameras are where they should not be, but they would like to go through a security sweep process to be sure.

No word from officials on whether Tuesday’s sweep turned up any inappropriately placed surveillance cameras. The investigation by ALEA is ongoing. more

This is an uncommon case of smart due diligence. Congratulations JCCO. If you would like to learn how to perform your own search, click here.

Another TSCM Fail - Spycam in Girl's Changing Room - No Follow-Up

Here we go again and again. For the third time in two months a spy camera is discovered and the ball is dropped. In the last case—after assuring everyone they searched and the room was now safe—a second spycam was found two weeks later, in the same room!

In this case, the police declared, "There is no current evidence to suggest that other restrooms or private areas in the multi-tenant facility were compromised." 

No mention of a competent Technical Surveillance Countermeasures (TSCM) sweep to back up this lame claim.

TN - An investigation into a camera set up in a girls' changing facility has revealed 60 victims as of Thursday afternoon, police in Tennessee said. 

The GoPro camera — which was found hidden in a girls' changing and restroom at Premier Athletics which offers training in cheerleading, dance and gymnastics — was reviewed by police after it was found last week. Sixty females, mostly minors, were recorded on the camera, police said...

Working with facility management, detectives have identified 47 of the 60 victims and are in the process of notifying their parents. Detectives are working to identify the remaining 13 victims.The girls' changing and restroom at the center of this investigation is located inside the Premier Athletics suite. There is no current evidence to suggest that other restrooms or private areas in the multi-tenant facility were compromised, police said. more

A good investigator will tell you... "If you find one bug or spycam there is a possibility there are others. Keep searching."

A good attorney might tell Premier Athletics... "You now have foreseeability. Conduct and document regular inspections of your expectation-of-privacy areas.

Professional Recommendation — Premier Athletics, and similar businesses, need to create an in-house TSCM inspection program. It's cheap, it's easy, it's great for public relations, and it's especially good for staying out of court. Everything you need to know to get started is here.

Inside Information... When Government and Business Clean House

Cleaning up the White House after Donald Trump and Melania Trump moved out cost taxpayers about $127,000. No, this doesn't include biohazard remediation, or surveillance bug sweeps. more

What security directors need to know about "The Other Covid Deep Clean."

US Capitol Needs A TSCM Deep Clean

Multiple electronic items were stolen from senators' offices yesterday, U.S. officials confirmed.

“This is probably going to take several days to flesh out exactly what happened, what was stolen, what wasn't,” he said. The stolen electronics and documents “could have potential national security equities,” he said. 

The exact number of devices is still unknown. Sen. Jeff Merkley (D-Ore.) confirmed yesterday a laptop had been taken from his office. His office did not respond to a request for comment.

House administrators remotely locked laptops and shut down wired network access, Eric Geller reported. IT hasn't identified any breaches so far, a memo sent to members said. more

While the Zombies were sucking up sensitive government electronics, they also opened the congressional doors to foreign entities. Spies couldn't ask for more: ample time to prepare, excellent cover, or easier access. 

A TSCM Deep Clean will be required to detect the electronic surveillance devices and cyber viruses that may have been embedded during the brief apocalypse. ~Kevin

School District Sweeps Schools for Recording Devices ... Using Maintenance & IT Staff

Canada - Anglophone East School District sweeps Riverview schools for recording devices. 

Sweep done after a volunteer basketball coach was charged with 30 child pornography and voyeurism charges. 

Anglophone East Superintendent Gregg Ingeroll sent an e-mail to parents... He says the sweep was done by maintenance and IT staff in all Riverview schools, searching for any electronic or recording devices, as well as any areas where recording devices could potentially be hidden.  

"This sweep of all areas resulted in no recording devices being found," Ingersoll wrote.

No surprise there. This amateur hour bug sweep was an exercise in negligence, or a whitewash. 

Consider these points...

• There is evidence of a crime.
• There is a suspect.
• An independent Technical Surveillance Countermeasures (TSCM) specialist is not called in to investigate.
• A decision is made to use in-house janitors and the IT guy. Persons with no TSCM training or the required detection instrumentation. And, most importantly, no independent objectivity, and possibly a personal relationship with the suspect.

Why Law Firms and Businesses Need TSCM - Reason #243

UK - A former Dechert client told a London judge Tuesday that spying conducted on a BigLaw partner is a common tactic in hard-fought commercial litigation.

A lawyer for the former client, a Kazakh mining company called the Eurasian Natural Resources Corp., is asking the judge to toss claims that spying on Dechert partner Neil Gerrard and his wife constituted illegal harassment, Law360 reports.

The ENRC hired Diligence International to surveil Gerrard in the hopes of gathering information for a lawsuit against Dechert and the United Kingdom’s Serious Fraud Office. Toward that end, Diligence planted hidden cameras in a hedge outside Gerrard’s home, Gerrard has alleged.

Lawyer Tom de la Mare said the cameras weren’t supposed to be found, so their placement couldn’t constitute harassment, according to Law360. And surveillance isn’t illegal unless oppressive or unreasonable, he said.

“Let’s be blunt about it,” de la Mare said. “This type of surveillance used to be common in commercial litigation.” more

Commercial TSCM Inspections
Spy Camera Detection Training

New York Times — Fighting the ‘Bugging Epidemic’

With surveillance gear cheaper and easier to use, security experts say checking your environment for cameras and microphones is not a crazy idea.

People worry that Big Brother and Big Tech are invading their privacy. But a more immediate concern may be the guy next door or a shifty co-worker. 

 A growing array of so-called smart surveillance products have made it easy to secretly live-stream or record what other people are saying or doing. Consumer spending on surveillance cameras in the United States will reach $4 billion in 2023, up from $2.1 billion in 2018, according to the technology market research firm Strategy Analytics. Unit sales of consumer surveillance devices are expected to more than double from last year.

The problem is all that gear is not necessarily being used to fight burglars or keep an eye on the dog while she’s home alone. Tiny cameras have been found in places where they shouldn’t be, like Airbnb rentals, public bathrooms and gym locker rooms. So often, in fact, that security experts warn that we are in the throes of a “bugging epidemic.”

It is not paranoid to take precautions. A lot of spy gear is detectable if you know what to look for, said Charles Patterson, president of Exec Security, a firm in Tarrytown, N.Y... more

If there's something strange In your neighborhood, who you gonna call?

For 18 months, residents of a village in Wales have been mystified as to why their broadband internet crashed every morning... Then local engineer Michael Jones called in assistance...

 (Note: For a faster tracker, call a TSCM'er.)

Engineers used a device called a spectrum analyzer and walked up and down the village "in the torrential rain" at 6 a.m. to see if they could locate an electrical noise, Jones said in a statement. 

"The source of the 'electrical noise' was traced to a property in the village. It turned out that at 7 a.m. every morning the occupant would switch on their old TV which would in-turn knock out broadband for the entire village." more | sing-a-long | TSCM'er

How to Detect Malicious USB Cables

A malicious cable is any cable (electrical or optical) which performs an unexpected, and unwanted function. The most common malicious capabilities are found in USB cables. Data exfiltration, GPS tracking, and audio eavesdropping are the primary malicious functions...

The worst malicious cables take control of a user’s cell phone, laptop, or desktop...

We purchased and tested several malicious USB cables. From what was learned during these tests our technical staff developed several new inspection protocols.

 more

Can’t identify the bugged cable?
No worries. You can’t tell just by looking, even we can’t.
That’s why we put a small black mark on it.
It is Cable 3.

GPS Tracker – World’s Smallest and More

A GPS tracker can be incredibly small. Once the size of bricks some can now fit on your finger.

New features have arrived, too. Some have…

• SOS buttons
• Audio eavesdropping capability
• Integration with Google Maps
• Speed reporting
• Geo-fencing with automatic alerts
• Disable vehicle
• Updates every five seconds
• Wireless recharging
• Worldwide coverage
• Bluetooth – for tracking the last few feet

read more

Sir Frederick Barclay's Nephew 'Caught with Bugging Device' at Ritz Hotel

The footage is at the centre of a bitter legal row between the families of the billionaire Barclay twins.

Sir Frederick, 85, and his daughter Amanda are suing three of Sir David Barclay's sons for invasion of privacy.

They claim the surveillance gave the men commercial advantage and they sold the Ritz for half its market value.

The Barclay brothers' businesses include the Telegraph Media Group, the online retailer Very Group, the delivery business Yodel, and - at the time of the bugging - the Ritz hotel in London.

Sir Frederick, the elder twin by 10 minutes, and his daughter Amanda are suing Sir David Barclay's sons - Alistair, Aidan and Howard, Aidan's son Andrew, and Philip Peters, a board director of the Barclay group for invasion of privacy, breach of confidence and data protection laws.

The claim stems from a falling out between the children of the famously private twins...


The CCTV footage allegedly shows Alistair Barclay handling a bugging device at the Ritz hotel on 13 January this year. The recording shows Mr Barclay inserting a plug adaptor, which is claimed to contain a listening device, into a socket.

In court documents lodged by Sir Frederick and Amanda Barclay, it is claimed the bug - which was placed in the hotel's conservatory where Sir Frederick liked to conduct business meetings and smoke cigars - captured more than 1,000 separate conversations amounting to some 94 hours of recordings.

The pair claim the recordings amount to "commercial espionage on a vast scale"....

Voice Activated Wireless GSM Spy Bug SIM Mains 2 Way Adapter Plug Doubler Surveillance Adaptor

Second bug

It is also claimed a separate Wi-Fi bug was supplied by private investigation firm Quest Global. Its chairman is former Metropolitan Police commissioner Lord Stevens.

The claimants' documents say that Quest invoiced for 405 hours of listening and transcribing.

The recordings, it is alleged, captured "private, confidential, personal and Sir Frederick's privileged conversations with his lawyers, and with his daughter's trustees, bankers and businesspeople".  more

Oddly, there is no mention of the video bug which recorded the incident. It does however make the nephew eligible for our Darwin Award for capturing himself with his own bug. ~Kevin

TSCM Nightmares Today, Reality Tomorrow

These give some technical surveillance countermeasures specialists nightmares.

Emerging technologies like the ones below are interesting. They could be used for illegal eavesdropping in the future. Combining the first two could produce a wireless bug that never has to have its batteries replaced. It could also be incredibly small.

Some people say, "the bad guys are always one step ahead of us."
I say, "do your homework and you will be one step ahead of them."

Ultra-Low-Power WiFi Radio Enables IoT Devices

• Housed in a chip, it lets IoT devices communicate with existing WiFi networks.
• Housed in a chip smaller than a grain of rice.
• The radio could last for years on a single coin cell battery.

It consumes just 28 microwatts of power and does so while transmitting data at a rate of 2 megabits per second (a connection fast enough to stream music and most YouTube videos) over a range of up to 21 meters.



New Green Technology from UMass Amherst Generates Electricity ‘Out of Thin Air’

The laboratories of electrical engineer Jun Yao and microbiologist Derek Lovley at UMass Amherst have created a device they call an “Air-gen.” or air-powered generator, with electrically conductive protein nanowires produced by the microbe Geobacter.

The Air-gen connects electrodes to the protein nanowires in such a way that electrical current is generated from the water vapor naturally present in the atmosphere. “We are literally making electricity out of thin air,” says Yao.



Seeing Around Corners to Detect Object Shapes
Special light sources and sensors see around corners or through gauzy filters, enabling reconstruction of the shapes of unseen objects.

A technique was developed that enables reconstruction of images in great detail. Researchers computed millimeter- and micrometer-scale shapes of curved objects, providing an important component to a larger suite of non-line-of-sight (NLOS) imaging techniques.

Most of what people see — and what cameras detect — comes from light that reflects off an object and bounces directly to the eye or the lens. But light also reflects off the objects in other directions, bouncing off walls and objects. 

Think Your Smart Speaker is Spying On You... get Paranoid

(Note: As of this date the manufacturer is only accepting pre-orders. Gauging demand before going into production is not uncommon. The following is just an interesting bit of news; not a product endorsement. Also, it might be an April Fool's prank.) 

Their headline reads, "Blocks smart speakers from listening, while keep them voice-activated. Just say "Paranoid" before your usual commands." more

"How?" ...you may ask.

A. In one of three ways.

1. The BUTTON model begins with the mute button pressed.  When it hears you say, "Paranoid" it presses again, thus letting your next command to pass through. After your command is finished it re-mutes with another press.
2. The HOME model (it appears) uses ultrasound to block the speakers microphones. Click here to learn how ultrasound blocking works. The volume needed for this application is very low so it shouldn't be a health risk.
3. The MAX model requires you sending them your smart speaker so they can physically install their solution. People who use this option are not true paranoids. True privacy paranoids would be afraid the unit might come back, bugged!

The Crazy Story of How Soviet Russia Bugged an American Embassy’s Typewriters

Every engineer has stories of bugs that they discovered through clever detective work. But such exploits are seldom of interest to other engineers, let alone the general public.

Nonetheless, a recent book authored by Eric Haseltine, titled The Spy in Moscow Station (Macmillan, 2019), is a true story of bug hunting that should be of interest to all.

It recounts a lengthy struggle by Charles Gandy, an electrical engineer at the United States’ National Security Agency, to uncover an elaborate and ingenious scheme by Soviet engineers to intercept communications in the American embassy in Moscow. more

Business Security Trend: Proactive Information Security... Legislated by law!

via Brian G. Cesaratto, Epstein Becker Green
New York is the latest state to adopt a law that requires businesses that collect private information on its residents to implement reasonable cybersecurity safeguards to protect that information.

New York now joins California, Massachusetts and Colorado in setting these standards. New York’s law mandates the implementation of a data security program, including measures such as risk assessments, workforce training and incident response planning and testing. 

Businesses should immediately begin the process to comply with the Act’s requirements effective March 21, 2020.

Notably, New York’s law covers all employers, individuals or organizations, regardless of size or location, which collect private information on New York State residents.

In order to achieve compliance, an organization must implement a data security program that includes:

• reasonable administrative safeguards that may include designation of one or more employees to coordinate the security program, identification of reasonably foreseeable external and insider risks, assessment of existing safeguards, workforce cybersecurity training, and selection of service providers capable of maintaining appropriate safeguards and requiring those safeguards by contract;
  
• reasonable technical safeguards that may include risk assessments of network, software design and information processing, transmission and storage, implementation of measures to detect, prevent and respond to system failures, and regular testing and monitoring of the effectiveness of key controls; and

• reasonable physical safeguards that may include detection, prevention and response to intrusions, and protections against unauthorized access to or use of private information during or after collection, transportation and destruction or disposal of the information.

 

Book Review Request: Technical Surveillance Counter-Measures a Complete Guide

If any TSCM'er out there buys this book. Please send me a review.

Technical Surveillance Counter-Measures a Complete Guide

Thank you, Kevin

Protecting Trade Secrets in Court Requires Special Security, Like TSCM

Federal prosecutors said a Chinese national employed by an Oklahoma petroleum company has been charged with stealing trade secrets.

Authorities said Hongjin Tan, 35, is accused of stealing trade secrets from his unnamed U.S.-based employer that operates a research facility in the Tulsa area.

An affidavit filed by the FBI alleges that Tan stole trade secrets about an unidentified product worth between $1.4 and $1.8 billion to his employer to benefit a Chinese company where Tan had been offered work. more

Gal Shpantzer, SANS NewsBites news editor notes... "Have you discussed the concept of trade secrets with your legal counsel? Trade secrets are only legally protected if you secure them in a certain manner, above and beyond normal confidential data. www.justice.gov: Reporting Intellectual Property Crime: A Guide for Victims of Copyright Infringement, Trademark Counterfeiting, and Trade Secret Theft (PDF)

Judge: "When did you last check for bugs?"

TSCM - Technical Surveillance Countermeasures