Are You In Denial? – It’s Very Easy to Plant a “Bug” and Easier to Buy One

Senior executives and the corporations they represent from critical industries such as agribusiness, banking and finance, energy, the legal field, manufacturing, and pharmaceuticals are being targeted across the globe by espionage operatives. Our primary purpose during a technical surveillance countermeasures (TSCM) inspection is to uncover electronic devices used in corporate espionage attacks. However, other aspects of our business include providing an honest assessment of the security of your facility as well as to show executives how easy it is to introduce a “bug” (transmitting or recording device) into their corporate spaces where it is assumed to be safe to conduct sensitive meetings and discussions. Places like office suites, board rooms, conference rooms, private residences, or hotel suites. Incidentally, hotel rooms are one of the easiest spaces to gain access to and there is an expansive array of places where transmitters and cameras can be installed.

Today’s bugging devices are sensitive, versatile, and easy to obtain, frequently at prices far under $100. GSM transmitters, as an example, are essentially remote controlled cell phones. Many are secreted by the manufacturer in common office and household items for easy emplacement. The size of a basic GSM transmitter is so small that they can be easily hidden in a target space with virtually no training required. The device can be configured off site, carried to the target location, and installed by anyone including custodial staff, a member of a tour group, or a person posing as a job applicant. The device can then be turned on and listened to from anywhere in the world where there is cell phone service. No more sitting in the back of a van parked down the street from the target location. Some of the GSM devices are voice/noise activated and alert your smart phone by text message when voices are detected. You don’t even have to know when a meeting is going to take place for monitoring and recording. The difficulty in finding this type of device during a TSCM inspection is they are frequently dormant (non-transmitting) until they are turned on and start transmitting so there is no radio frequency signature that make them easy to find. Therefore, a board room or office suite may test negative during a low tech inspection of the space using “spy shop grade” equipment. The device can then be activated only as necessary, prolonging the life of the battery, and broadcasting every word during the meeting. I’ve got a GSM device laying here next to me, purchased off the internet, which is in a small black plastic box measuring 1 5/8” X 1 ¼” X ½”. Just charge the battery, insert your SIM card, program the device following the simple directions, and you’re ready to go. Very easy to hide under or behind a piece of furniture. Voice activated and sends a text message to your smart phone alerting you that the device has detected voices. Listen to it from half way around the world if you like. All that’s required for installation after set up is completed is a piece of high quality double-sided carpet tape.

GSM transmitters are hidden in functional USB charging cubes that go unnoticed in almost any environment plugged in to a 110-volt AC outlet. There is even a version that is a functional cell phone charger that plugs in to a 12-volt vehicle outlet. That device not only allows for audio monitoring of the vehicle interior but also functions as a GPS tracker with Google Earth interface. Both are available for less than $50.

Similar to the GSM devices are the emerging WiFi devices that function much like the GSM items but transmit using the local WiFi instead of cellular technology. Of course that requires access to the facility WiFi either by hacking in or getting the WiFi login from an employee (can you say “insider threat?”).

Typical commercial security focuses on things like ID badges and access control to create the impression that there is protection against intrusion and technical surveillance device emplacements. Since most commercial security breaches are perpetrated by employees (i.e. the insider threat), those security measures are effectively useless. In reality common access control measures make it easier to gain entry to the building if you’re able to recognize the vulnerability and exploit it. Bottom line: “the appearance of security doesn’t translate to real security.” Typical corporate security measures intended to protect against the constant threat of corporate espionage essentially offer a false sense of security.

Detection of these types of electronic surveillance devices, especially when they are dormant, is extremely difficult without specialized tools and knowledge. You will need a professional TSCM inspection to assure your privacy has not been compromised.

Think of all the conversations that take place in corporate board rooms around the country and world on a daily basis. Subjects like product development, R&D discoveries, technology and software breakthroughs, mergers and acquisitions, potential market expansion, sensitive business negotiations with subcontractors, or sensitive internal employee issues. One bit of information gleaned from one of these meetings through eavesdropping may be worth several million dollars to a competitor not to mention loss of potential patent protection, loss of market share, impact on stock price, and damage to brand name and image. Then if you try to reclaim the information through a law suit the first question that will inevitably be raised by the defense attorney during depositions will center on what measures you took to protect the so called sensitive and valuable information that is now in the possession of their client (your competitor). Your response under oath will be essentially nothing.

What’s the biggest threat to the protection of sensitive corporate information? Quite simply it’s denial. Denial that there is a threat and denial that you could be victimized. You can’t imagine how many times I’ve heard the comments, “We’ve been in business here for X number of years and never had a problem. . .” or “We had a guy in here a few years ago. He walked around with a device with some antennas and flashing lights and didn’t find anything so we thought we were OK.”

Don’t wait until you’ve lost a few million dollars before you take measures to protect yourself from loss. Electronic surveillance threats continue to gain momentum. An underground industry centered on sales, installation, and monitoring of electronic devices generates approximately $2.2 billion each year according to a US Department of State study. If your company operates in a sensitive industry (you know who you are) rooms used for board meetings and sensitive meetings need to be inspected routinely by a TSCM specialist to ensure the rooms are free from transmitters or recorders. If possible those areas should remain locked and used exclusively for sensitive meetings.

If you have questions feel free to reach out to me at info@tscm-solutions.com so we can discuss your concerns or arrange a confidential inspection.   If you prefer you can use the contact/inquiry form on our web site at www.tscm-solutions.com. If you visit the web site you’ll find additional information on typical areas of concern for electronic eavesdropping as well as common indicators that may point to the possibility you or spaces under your control have been compromised.

If you suspect your sensitive business information, trade secrets, or personal information have been compromised, or are at risk, due to eavesdropping please contact us and provide a safe phone number and/or e-mail away from your area(s) of concern and we will contact you as soon as possible.  Do not use your personal cell phone. If you feel communication via encrypted e-mail is required advise us of that and we will quickly arrange for secure communication.