Articles written by Charles Patterson.
Here is an in depth review of the MESA, the Mobility Enhanced Spectrum Analyzer for TSCM, from Research Electronics International. We put the MESA through its paces and provide the results of our tests as well as our thoughts and experiences using the unit on the job.
Lessons learned. An eavesdropper planted listening devices in a neighbor's home. She finds multiple devices then catches the stalker on video when he comes back to retrieve the devices. Some of the steps she takes provide good lessons and are worth paying attention to.
The REI Talan telephone analyzer is a great tool, with one shortcoming. The included HLP Harmonic Locator Probe does not do a good job of actually tracing cables. Here is an answer to the problem by using a small shortwave receiver tuned to the frequency of the signal that the Talan is emitting.
A civil lawsuit against several large oil companies for allegedly failing to act when a female drill rig engineer discovered a spy cam in her room is one step closer to a jury trial... it is one expensive reason why corporations need to take unauthorized surveillance seriously- and have a professional TSCM sweep team on call.
Both cyber and physical security are important areas. Anyone involved in security should be taking both of them extremely seriously. But there is an important area in between where cyber and physical do not cover. That is where technical surveillance countermeasures, or TSCM, is needed.
The Arlo wireless camera system by Netgear is a relatively inexpensive system that it is adaptable for a portable security application. Originally designed for the home market, the system has a number of limitations, but wireless transmission, motion detection, and long battery life make it useful in portable applications where quick deployment is needed.
Covert cameras come in many shapes and sizes, allowing the recording of many private moments, often inappropriate. This one may not be so bad, though. Ring Cam is a covert camera installed in a box that will also hold an engagement ring.
by Charles Patterson
The introduction of voice recognition to numerous devices and phone apps adds a new security element to consider. Google Now (“OK Google”), Siri, Cortana, and the Amazon Echo are working their way into our lives. Can voice control be surreptitiously used for espionage, eavesdropping, or security attacks? Here I look at two types of research being done. One using distorted audio and the second using radio waves to take control of a phone.
At a recent talk I attended, a few cell phones had gone off during the presentation. The speaker apologized to the crowd, “Sorry for the interruptions…”, as soon as he said the word “sorry”, though, someone’s iPhone woke up and said, “Sorry, I could not understand your request”. The phone had thought the presenter said “Siri” and tried to interpret his sentence as a command.
YouTube videos and TV shows […]
The REI Oscor Green and Oscor Blue have a built-in wire stand that tilts the unit to put the screen at a comfortable viewing angle. This is great and works properly much of the time. The challenge is that when there are ceiling lights directly overhead, the angle will often create glare for the operator. This glare can be very difficult to see through. Presented here is a simple extension stand that will give an extra few inches of tilt and help reduce the glare.
When performing a sweep and searching for hidden or covert cameras, two tools that are frequently used are thermal imaging and radio signal analysis. During a recent inspection we came across a unique wireless camera system. The thing that makes these cameras different from other wireless covert cameras is that these are not detectable by rf inspection, wifi detection, or by thermal imaging.
Protecting trade secrets and confidential information is key to the success of all corporations. Recently a new bill introduced by Sen. Orrin Hatch, R-Utah and Sen. Chris Coons, D-Del., was signed into law by President Obama. This law is aimed at allowing businesses to sue in federal court for trade secret theft. Such lawsuits previously were left to state courts. TSCM inspections and sweeps are an important step for identifying conversations and meetings as confidential, and that the information being discussed is a trade secret.
There are frequent reports of hidden video cameras found in locker rooms, restrooms, and other private locations. This is a serious issue, but there are many ramifications that should also be considered from the corporate viewpoint.
Erin Andrews won a $55 million lawsuit against the Nashville Marriott after a hotel guest took video of her through the hotel door peephole. You can be sure Marriott is reviewing their security policies and procedures after that incident. [more]
The Transocean Deepwater oil rig is in deep water, also facing a law suit, after a cheap covert video device, disguised as a coat hook, was found in a female employee’s sleeping quarters. [more]
The former IT director of the Town of Davie, FL, had a video camera and microphone hidden in a small alarm clock in […]
A number of years ago we began to see corporate AV systems using WiFi control for a number of their components.
During our Cyber TSCM wifi inspections we often find unsecured routers appearing in conference room AV racks. These routers are not usually connected to the corporate network. That may be why the installers did not think it was necessary to secure them, even though the routers have encryption capability.
If it’s not on the corporate network, there is no risk of data loss, right?
Wrong, that could be a dangerous assumption.
In fact, in spite of however strict the IT security policies may be, the IT department may not even be aware of their existence.
While a hacker may not gain access to terabytes of corporate data this way, they still could slip in to monitor or disrupt activities in the boardroom and create havoc by shutting down or interfering with presentations.
Barco CSC-1 ClickShare system, […]
Phone system and voicemail hacking have been going on ever since they were invented it seems. Recent attacks, though, show a new level of complexity and severity.
THEN
In the 80’s hackers would get hold of DISA numbers (Direct Inward System Access- numbers that were often used to allow remote workers make long distance calls on a company’s phone account). These numbers allowed the hackers to route their dial-up modems through toll free numbers that passed the call through the company PBX phone system. The hacker could then access long distance electronic bulletin board numbers and not worry about the cost. (Long distance calls were a bit more expensive back then, and no Internet as we know it today.)
In the 90’s, voicemail systems became much more affordable and the varieties of hacks grew. A hacker from the Philippines calling himself “the sniper” became well known in certain telecom circles hacking numerous US based PBXs, forcing the systems […]
Internet connected devices are attracting a lot of attention. Many, though, have potential security vulnerabilities just waiting to be hacked. The following devices may not have been exploited yet… but considering the possibilities, it’s only a matter of time. Some of these just appeared at the CES show in Las Vegas and may not have hit the street yet but many are already at work in homes and offices.
Netatmo Welcome, uses facial recognition to detect and alert you to people in view. “Welcome” sends the names of the people it recognizes to your smartphone. The camera also notifies you when it sees an unknown face. Through the app you can check who is currently home, access live stream and past events.
Netatmo Welcome
Netatmo touts “stunning HD images, extensive 130 degree field of view, and superior night vision”
Petcube brings video and audio monitoring into your living room. […]
Pages leaked from the supposed National Security Agency – Advanced Network Technology (NSA-ANT) catalog reveal eavesdropping and spy technology using advanced wireless communications (revealed in Der Spiegel in 2013 here). Edward Snowden may not be on your Christmas list, and the NSA may or may not be out to get you, but here’s the thing, if the NSA has such devices, surely other nation states and advanced criminal espionage organizations can be expected to have similar items available. In the past, one may have assumed this type of technology existed, but now there is clear description of some of the potential threats.
A number of the NSA-ANT product sheets are displayed on Wikipedia as well as other websites revealing leaked information. Take a look at a few of them listed below.
Detection of such devices goes beyond the normal cyber-crime security efforts. These miniature circuits can appear as standard pieces […]
The Darkhotel cyber threat highlights the need for corporations to take regular TSCM sweeps seriously.
Darkhotel, so named by Kaspersky Labs, is a malware attack that has been operating at least since 2009, focusing on executives visiting hotels especially in Asia.
A key element in these reports, according to Kaspersky’s research, is that the Darkhotel group often knew a target’s room number, full name, and length of stay before they arrived. This indicates that the perpetrators would have done extensive intelligence gathering and surveillance of the intended targets prior to the travel. In this light, TSCM sweeps become much more significant in the fight against cyber attacks and protection of information assets.
Kaspersky explains how the Darkhotel malware works:
[The hackers] wait until, after check-in, the victim connects to the hotel Wi-Fi network, submitting his room number and surname at the log-in. The attackers see him in the compromised network and trick him into downloading and installing […]
A fairly new website has caused a recent stir. Insecam.com provides links to thousands of webcams around the world. It has been mentioned in recent news reports ranging from Lifehacker and CNET, to the UK Daily Mail, PC World, and more. Vulnerable webcams are not something new, though, yet their popularity has certainly grown along with the threat of misuse.
The first well documented webcam was set up to watch a coffee pot at Cambridge University in 1991 [read more]. That camera (and coffee pot) was finally turned off in 2001, but by then, many more webcams had been turned on. (See more about the history of the coffee cam at the end of this article.)
First Webcam, Cambridge University
In early part of this century (2004) while I was searching online for information on webcams I came across […]