RF (Radio Frequency) Searches
An initial RF overview plot will be carried out to ascertain the ambient RF environment of the building.
RF searches of the entire frequency band will be carried out Near & Far Field from 0.10 MHz to 2.6 GHz in the following bands and mediums: 0 – 3 MHz, 0 – 30MHz (Mains and RF), 30 –110 MHz, 110 – 250 MHz, 250 – 550 MHz, 550 – 1500 MHz & 1500 – 2600MHz. Close Field from 0 .10 MHz to 12 GHz. Far Field From 3 GHz to 6 GHz, 6 GHz to 12 GHz, & 12 GHz to 21 GHz using an MDC Down Convertor Time Domain Water Falling Sequence searches for Packet Data Devices.
In the event of a large search area and/or if the search area is over a number of floors, to ensure adequate coverage of the entire building, a number of RF searches will be conducted as may be applicable.
A tone source is deployed during the course of the RF to activate and sound activated transmitting devices.
RF Searches are carried out using Spectrum ECM with NATO WB2000 Equiplanner Antenna and Oscar 5000E.
Search Criteria includes the detection of RF Devices utilizing AM, FM, NFM, SSB, USB, CW, LSB, Sub-Carrier, Spread Spectrum, Frequency Hopping Transmitters, Covert Video Transmitters and devices using the GSM telephone network and Digital Packet Data Burst Units.
All detected signals are analyzed, identified as friendly, and eliminated from the search procedure. Intermittent signals detected above the ambient level will be identified audibly as local two way communications (Taxis, Police, and Royal Parks Security etc. as may be applicable). All readings are stored for future comparison.
Electrical Mains Searches:
It is possible with little effort to transmit the audio of an area via the electrical mains cable. There is equipment available that will cross electrical phases. Checks will be carried out over the frequency band 0–3000 kHz at a gain reduction of –70db below mains ‘hum’ and analysed.
Acoustic Leakage:
Acoustic Leakage through the wall of the building into the adjacent properties will be assessed.
Telecommunications
Telecommunications Security - many people are of the opinion that if they have a Digital or VOIP Telephone System, conversation cannot be listened into. This is NOT correct. For example, although it is acknowledged that from the Ethernet to fibre cable side of the system, it is extremely difficult to intercept using a hardwire device. The weakness and most likely interception would be from the internal cabling and/or the telephone instrument itself.
The term ‘digital system’ in respect of telephones can be misleading. Some systems use a line pair for analogue speech and others for the digital operation of the system as well as cases where the spoken word is converted into digital along the lines themselves. In the majority of cases the systems can be intercepted with the right equipment which is easily available on the market place and ‘demodulated’ so the conversation can be listened into.
In respect of VOIP, it is important to understand that a VOIP telephone system has many of same vulnerabilities as a conventional digital or analogue telephone system and therefore the same testing parameters apply. For example, it is possible to pass analogue audio down a digital line pair, the same applies to VOIP.
SIP use the TALAN telephone analyser to identify the presence of any such devices. The built in NLJD testing will detect unauthorised electronics and the FDR testing will indicate where on the line a suspect connection has been made. In addition, comparisons between VOIP telephones can indicate VOIP traffic when a phone is on-hook by means of the increased RF energy of the packet traffic to support the call. RF energy between VOIP phones should be constant and uniform when on-hook.
In essence, VOIP takes voice information and converts it into data packets which can be transmitted over any data network (LAN or Internet). The telephone instrument itself, however, is analogue as it has speech going into it. It is the instrument itself that is vulnerable to hook by-passes and ‘hot mics’, i.e. turning the phone itself into a microphone to listen in to conversations within the room and other conventional illicit hardwire monitoring and transmitting taps.
Although a professional Radio Sweep would detect any transmitting device on the telephone line, there still remains the possibility of a hardwire digital recording device which is why a survey should also conduct a telephone analysis, using the TALAN, on the telephone system itself.
Mobile Network- SIM Card Devices
As technology changes there are more and more devices available on the market that enable illicit monitoring using a mobile sim card, covering networks using EGSM900, GSM18000, W-CDMA and units 2100. Such devices allow a perpetrator to dial-up from any location in the world and listen into conversations within the room and or telephone conversations. These devices can be activated anytime the perpetrator wishes.
The procedures adopted by SIP will identify the presence of any sim monitoring devices even if it is not activated online and in standby mode. As very few companies are aware of how to detect a device in this situation, we do not publicly release details of the combination of equipment we use in the detection of these devices.
Video Transmissions
SIP identify any Video Transmissions received within the survey area, these are then analysed to establish if they are transmitting video from within the survey area.
Covert Cameras
A camera detector will be used to identify concealed CCTV camera, hardwire or wireless.
Physical Search
SIP conduct a physical search for the purpose of locating and identifying any hardwire or other monitoring devices installed within the survey area.
Trained personnel, who are familiar with the various types of illicit monitoring devices, conduct the physical search. Such searches involve the examination of partitioning and structural walls, furniture, air conditioning/heating, ducting and risers, electric and computer data wiring, plugs, outlet sockets etc., as and where applicable.
The physical search is also supported by several ancillary electronic detection units, etc.
Reporting and References
We provide a verbal report on conclusion of the sweep. Our written reports are comprehensive and will ordinarily be sent within seven working days. All RF readings will be recorded for future comparison and readings will be taken and compared during the survey on different areas of the building as well as externally, as may be applicable.
Additional Options
In addition to the above survey used to identify the illicit monitoring of the spoken word, be it within an office/boardroom and/or telephone within the office, we would also suggest the following is considered and, if required, we can provide a separate quote:
Computer Keystroke Loggers
Primarily, there are two types of keystroke loggers which are either software or hardwire based. Although SIP include the examination of individual keyboards and cabling when conducting an IT Security Audit many companies DO NOT, therefore the latter ‘hardwire’ keystroke logger is very unlikely to be detected in any standard IT Security Audit.
There are two main types of hardwire keystroke loggers. One is a small device usually found on the cable located between the keyboard and the server and/or incorporated within the terminals at one end of the cable. These devices recognise the data of each key touched and store the information. These devices do need to be accessed and downloaded from time to time in order to recover the data held.
The second device is a wireless system and fits into the keyboard itself. The data is transmitted in ‘burst’. Therefore, it is hard to detect during a radio sweep and the perpetrator does not need to have access to download data once it has been installed.
SIP will carry out an inspection to detect any hardwire devices. The cost will vary on the make and number of keyboards to be examined.
In respect of software devices, SIP would be happy to discuss this and undertake an IT Security Audit on your behalf.
Executive - VIP Vehicles
When conducting the Debugging Survey, we would suggest the examination of the vehicles of senior executives, including a radio sweep and GSM/GSP detection, in order to verify no illicit listening device or tracking system has been illicitly installed.
Senior Executives & Key Personnel
In many instances, senior executives and/or key personnel working on a project may work from home and, as a result, discuss sensitive information over the home telephone, especially if they reside in an area where there is poor mobile phone reception. In such instances, a perpetrator, if he is unable to gain access to the main office building, will consider the homes as a softer target and therefore their telephones are vulnerable. SIP recommends a survey is carried out at their residences on the telephones as well as a radio sweep. At the same time, SIP technicians will also note any other apparent security weaknesses and, if possible, recommend ways of securing same.