S.I.P has been engaged in Counter Electronic Surveillance Sweeps (De-bugging) for over 30 years. It is one of our main specialist areas and we have undertaken such service for the UK and overseas Government Departments, Embassies, Major Financial Institutions, Corporations etc.

Due to the calibre of service we provide, it is important that we keep up to date on technology, insofar as ‘attack and defence’. It is extremely important that you ensure that any company quoting to carry out a debugging survey for you, have the ‘equipment’ and the ‘ability’ to do the job correctly otherwise you could result in sensitive issues being discussed under a ‘false sense of security.’ We say this as we know for a matter of fact that some agencies and in-house security with limited budgets:-

• Use radio receivers that DO NOT have ‘sufficient frequency coverage, they should go up to at least 15GHz. Although there are some receivers that go up to 20Ghz this is not necessary as the transmitters being used between 15Ghz and 20Ghz would be to large to conceal therefore that frequency range is more applicable to military applications.
• Use radio receivers that DO NOT enable them to ‘eliminate digital transmissions’ being received within the survey area.
• DO NOT know how to detect and/or eliminate illicit transmitting devices using a ‘mobile sim card’. They may identify a transmission on known mobile phone network provider frequency but they are unable to identify who or where the transmission is coming from therefore take no further action.
• DO NOT know how to analyse DIGITAL and/or VOIP telephone lines. Therefore they bypass any analysis on them or rely on a physical only. Which due to concealed wiring is not always possible? Or advise the client that digital and VOIP are secure, so do not need checking. This is NOT correct.

Radio Sweeps

S.I.P conducts a comprehensive radio sweep using the Winkelmann Model MS300 for the purpose of locating illicit transmitting devices. In brief, the Winkelmann Model MS300 is mainly used by Government Agencies; it has a frequency range of 15GHz.

S.I.P covers the radio sweep in two stages, firstly covering Analogue Transmissions. During this stage identifiable tone sources are deployed throughout the survey area, this will also activate any sound activated transmitting devices that may be installed. The MS300 system is a computerized counter surveillance radio receiver, which then scans the frequencies. In the event of the system locating one of the identifiable tone sources during an analogue sweep, as secondary attachment is used that will confirm the exact location of the transmitter within the survey area.

In respect stage two Digital Transmissions, Up to one and half hours prior to carrying out the sweep within the survey area itself, externally at a location approximately 500m away from your building, using the Winkelmann Model MS300, we carry out a continuous radio sweep covering the frequency range of 10KHz to 15GHz enabling us to capture and store all identified digital transmissions in the local area. This data will then be compared with the subsequent data collated during the radio sweep within the survey area. Any duplicated transmissions will then be cross referenced by signal strength those with reduced signal strength will be eliminated. Those with higher signal strengths as well as any new frequencies identified during the sweep within the survey area will be analyzed. The frequencies which do not have identifiable audio, will be eliminated one at a time, by using a sensitive probe which is tuned into each suspect frequency and monitors the signal strength within the survey area itself. If there is an illicit device present then it will locate the exact location of the device.

For reference there are some receivers that go to a higher frequency but this would not be relevant as any transmission device over 15GHz would be too large to covertly conceal.

Mains Carriers

The MS300 receiver will also be connected to the 240 volts main supply, in order to detect any mains carrier current eavesdropping devices.

Telecommunications

Telecommunications Security - many people are of the opinion that they have a Digital or VOIP Telephone System, conversation cannot be listened into. This is NOT correct. For example, although it is acknowledged that from the Ethernet to Fibre cable side of system, it is extremely difficult to intercept using a hardwire device. The weakness and most likely interception would be from the internal cabling and or the telephone instrument itself.

The term ‘digital’ system in respect of telephones can be misleading. Some systems use a line pair for analogue speech and other for the digital operation of the system. Also even in cases where the spoken word is converted into digital along the lines themselves. In a majority of cases the systems can be intercepted and with the right equipment that is easily available on the market place ‘demodulated’ so that the conversation can be listened into.

In respect of VOIP it is important to understand that a VOIP telephone system has many of same vulnerabilities as a conventional digital or analogue telephone system and therefore the same testing parameters apply. For example, it is possible to pass analogue audio down a digital line pair, the same applies to VOIP.

S.I.P use the TALAN telephone analyser, to identify the presence of any such devices. The built in NLJD testing will detect unauthorised electronics and the FDR testing will indicate where on the line a suspect connection has been made. In addition, comparisons between VOIP telephones can indicate VOIP traffic when a phone is on-hook by means of the increased RF energy of the packet traffic to support the call. RF energy between VOIP phones should be constant and uniform when on-hook.

In essence VOIP takes voice information and converts it into data packets which can be transmitted over any data network (LAN or Internet). The telephone instrument itself however, is analogue, as it is the speech going into it. It is the instrument itself that is vulnerable to hook by passes and ‘hot mics’ i.e. turning the phone itself into a microphone to hear into conversations within the room and other conventional illicit hardwire monitoring and transmitting taps.

Although a professional Radio Sweep would detect any transmitting device on the telephone line. There still remains the possibility of a ‘hardwire digital recording device’ which is why and survey should also conduct a telephone analysis using the Talon, on the telephone system itself.

Mobile Network- SIM Card Devices

As technology changes there are more and more device available on the market that enable illicit monitoring using a mobile sim card, covering networks using EGSM900, GSM18000, W-CDMA and units 2100. Such device would allow a perpetrator to dial up from any location in the world and listen into conversations within the room and or telephone conversations. These devices can be activated at anytime the perpetrator wishes.

The procedures adopted by S.I.P will identify the presence of any ‘sim monitoring device’ even if it is not activated online at the time and in standby mode. As very few companies are aware of how to detect a device in this situation, we do not publicly release details of the combination of equipment we use in the detection of these devices.

Video Transmissions

S.I.P identify any Video Transmission received within the survey area, these are then analyzed to establish if they are transmitting video from within the survey area.

Covert Cameras

A camera detector will be used to identify concealed CCTV camera, hardwire or wireless.

Physical Search

S.I.P conduct a physical search for the purpose of locating and identifying any hardwire or other monitoring devices installed within the survey area.

Trained personnel who are familiar with the various types of illicit monitoring devices conduct the physical search. Such search involves the examination of partitioning and structural walls, furniture, air conditioning/heating ducting risers, electric and computer data wiring, plugs, outlet sockets etc, as and where applicable if there was not a risk of losing data or connections as a result of computers online.

The physical search is also supported by several ancillary electronic detection units, etc.

Reporting

We provide a verbal report on conclusion of the sweep. Our written reports are comprehensive and will ordinarily be sent within seven working days.

Additional Options

In addition to the above survey which purpose is to identify the illicit monitoring of the ‘spoken’ word, be it within an office/boardroom and/or telephone within the office, we would also suggest the following is considered and if required we can quote you separately:-

Computer Keystroke Loggers

Primarily there are two types of keystroke loggers which are either’ software’ based or ‘hardwire’. Although S.I.P include the examination of individual keyboards and cabling when conducting an IT Security Audit many companies DO NOT therefore the latter ‘hardwire’ keystroke logger is very unlikely to be detected in any standard IT Security Audit.

There are two main types of ‘hardwire’ keystroke loggers. One is a small device that is usually found on the cable located between the keyboard and the server and or incorporated within the terminals at one end of the cable. These devices recognise the data of each key touched and store the information. These devices do need to be accessed and downloaded from time to time, in order to recover the data held.

The second device is a ‘wireless’ system and fits into the keyboard itself. The data is then transmitted in ‘burst’. Therefore is hard to detect during a ‘radio sweep’ and the perpetrator does not need to have access to download data once it has been installed.

In respect of ‘hardwire’ devices, S.I.P will carry out an inspection to detect them the cost will vary on the make and number of keyboards to be examined.

In respect of the ‘software’ devices S.I.P would be happy to discuss this and undertake a IT Security Audit in your behalf.

Executive - VIP Vehicles

When conducting the Debugging Survey, we would suggest the examination of the vehicles of senior executives including a radio sweep and GSM/GSP detection. In order to verify that no illicit listening device or tracking system has been illicitly installed.

Senior Executives & Key Personnel

In many instances, Senior Executives and/or Key Personnel working on a project may work from home and as a result discuss sensitive information over the home telephone, especially if they reside in an area where there is poor mobile phone reception. In such instance, a ‘perpetrator’, if he is unable to gain access to the main office building, will consider the homes as a ‘softer’ target and therefore their telephones are vulnerable. S.I.P recommends that a survey is carried out on the telephones as well as a radio sweep at the residences. At the same time, S.I.P technicians will also note any other apparent security weaknesses and if possible recommend ways of securing same.