General Debugging

Corporate “Eavesdropping” Today: Physical Devices and Cyber Spyware

In recent years, espionage methods have changed, only to become harder to detect and more effective. Instead of taking out classified information or documents, a corrupt employee can simply place a surveillance device and ensure off-site access to sensitive information. A bug placed in a conference room before an important stakeholders meeting can record or transmit information that may literally change the game on the respective market.

General Keith Alexander, NSA director and commander of US Cyber Command, said[1] that economic espionage represents the greatest transfer of wealth in history (American Enterprise Institute, 2012).

It’s believed that more than $500 billion in raw innovation[2] is stolen from US companies each years. Raw innovation includes trade secrets, research and development, and competitive advantage strategies so it is even harder to assess the potential loss. The estimate is confirmed by other sources and independent research: Intel Security[3] also places the losses between $375-575 bn.

Technical Surveillance

One of the most effective methods of corporate espionage is technical surveillance[4], meaning the capture of information by electronic means. This is an especially sensitive information withdrawal method, since it can provide access to first-hand information in key-moments, such as important meetings and conferences. The information will leave the room even before being put into computers. This is enough reason to extend the espionage prevention program beyond the IT department security. Information is vulnerable and much more valuable before being entered into the network and put to work.

To give an actual example, think of the whole process of acquiring a new supplier. It could be months of discussing, evaluating, negotiating, etc. If competitors would have this information before an actual contract started, they could turn it all to their advantage. A bug in an executive’s office, that could be easily placed by anyone, could send this information in real time. Covert eavesdropping devices are more and more cheap and easy to come by. Even more importantly, they are more easy to operate – the “drop and go”[5] type of device.

General principles of eavesdropping technology

Eavesdrop is originally a noun pointing to the water dripping off the eaves of a building and the space between the wall and the dripping. By the early 1600s, to eavesdrop actually meant to stand in the eavesdrop of a house with the intent to hear conversations within and was criminalised. This is the first time the term “eavesdropping”[34] was legally acknowledged.

However, historical accounts of spies and espionage conspiracies in critical or crisis circumstances appear in some of world’s earliest records, from Egyptian hieroglyphs to ancient Rome and Asian military. Over 2500 years ago, General Sun Tzu of the ancient Chinese army explains the importance of espionage in warfare in his famous work “The Art of War”[35]: espionage should be used to obtain information regarding the strength and location of the enemy’s forces, terrain and the loyalties of local populations and counter espionage should be used to deny this same information to the enemy.

Two and a half millennia later, spies have continued to be key-factors, influencing the outcome of wars[36] and social movements[37]. Eavesdropping has become state of the art surveillance, deploying impressive technology and resources to acquire sensitive information. A well placed microphone bug was much more efficient than a person eavesdropping next door.

Classic eavesdropping systems were generally comprised of three essential elements[38]: a pick-up device, a transmission link and a listening post. A microphone or video-camera picks up a signal and converts it to electric impulses, which are then transmitted off-site by radio frequency or by wire to a processing post. This kind of devices, once suspected, were easily detected and shut down. The devices themselves began being more and more discreet, while losing some of the physical elements: hardwired became wireless and hardware became software.

Software tools are now the most recent link in the evolution of surveillance technology. They are easily deployed, amazingly efficient at acquiring information and require almost no human intervention to operate. Just like hardware devices, software bugs are installed either without your knowledge or by tricking you. This is where espionage starts developing on two different paths.

On one hand, anyone interested can aim at a specific target for acquiring information of interest. This type of targeted espionage and is most similar to conventional technical surveillance, only bugs are software rather than hardware. It represents most of the cases of economic cyber-espionage[39], where competitors are targeted to acquire competitive advantage. This cases are more frequent and more complex by the year, up to government levels.

The second type of cyber espionage aims at mass targets or opportunistic targets, infecting individual devices in order to access valuable information on them. This type of bugs are commonly installed unknowingly[40] by the user himself. This kind of attacks are fast profit and volume oriented. Surveillance cyber bugs[41] are most commonly used to gather information that can be used for identity theft, ever more dangerous with the growing online banking trend.

Software bugs can secretly move huge amounts of information to anywhere in the world. They can even do some of the data analysis tasks, searching for specific words or codes, not to mention overriding other functions of the target devices and transform them in ever more efficient spying tools. Cyber surveillance has come a long way from the eavesdropping in medieval times.

Avoiding Detection

Evading detection has been one of the main concerns in the technical espionage world. Finding methods to conceal the device or make it undetectable by common means has been the main driver for innovation in this field. For hardware devices, eliminating the need for unessential pieces such as a power source or a transmitter lead to passive devices that were harder to detect.

For instance, one of the most efficient passive listening device ever used for spying is a resonant cavity microphone[42] commonly known as The Thing and used by the Soviets to spy on the US Ambassador from 1945 to 1952.

It uses passive techniques to transmit an audio signal, being energised and activated by electromagnetic energy from an outside source. There were no wires, no batteries, no waves giving up the bug and the device was only accidentally discovered.

Perhaps the most common types of eavesdropping device in use today is the wireless transmitter, which picks up sound via a small hidden microphone and then broadcasts it using radio frequencies. This is used to be easily detected by conducting a radio frequency detector sweep but has become more difficult to pinpoint with the overcrowding of the airwaves. The RF environment is now very complex and at the same time very dynamic and signals emitted by covert surveillance devices can be lost in the noise or get overshadowed by the multitude of other signals. Masking the transmitting signal to blend in in a certain environment can prove to be an efficient way[43] to evade detection and has already arouse the interest of professional TSCM service providers.

However, technological advance has also led to eavesdropping devices that are more and more difficult to detect, for example, devices that do not constantly emit radio waves. One way of avoiding detection but still use radio frequency to send information is the “burst transmission” device. This kind of device digitises the sound and compresses the resulting record. Then it is transmitted at predetermined or random intervals or on command, as a short burst of modulated RF.

This means they could transmit hours of content in seconds and remain virtually passive to the radio waves landscape in your location for the rest of the time. Other devices simply require inside help to manually download and transmit information[44]. Finding these bursts with traditional spectrum analysers can be very challenging.

Some more sophisticated devices used for cover surveillance do not even require being placed in a sensitive location. Shotgun microphones, optical devices or parabolic reflectors can be used to listen to conversations in remote locations. To get an idea of just how broad surveillance technology can be, imagine someone could project a laser beam[45] onto the window of your office to record vibrations caused by sound waves and then use optical devices to convert these light pulses back to audio signals. This kind of systems are very expensive and easily detected if specifically targeted. Nevertheless, this goes a long way from the classic telephone wire tapping.

There is a huge amount of information available to describe surveillance devices[46] and their modus operandi, for the concerned reader. Physical surveillance devices can prove to be very elusive, but are still confined to an actual device that can be pinpointed at one time or another.

Software surveillance tools and technologies are much more flexible as they blend in into the devices they are targeting. Just a few examples of measures used to evade detection of a software surveillance tool:

  • passing as an established well-known trusted program[47] or service is the most common way of disguising spyware. Governments are believed to have used this on large scales, but smaller, more targeted pieces of software can be masked using the same method.
  • as to conservation methods after being installed, a good example is polymorphic spyware that has the ability to constantly change its filename and location to avoid detection by anti-spyware programs
  • sometimes, a spyware can continuously backup itself, by injecting a copy into a process that is running on a device, as a security measure. If the main spyware program is deleted, the active copy spawns another copy of itself
  • other spyware run in the background[48], doing no damage itself, but generating another program that does the actual damage. Anti-spyware detects the active program but not the silent spyware
  • some other pieces of surveillance software try to avoid detection by hiding their real extensions[49] and showing up a seemingly secure .txt or .doc extension

These are just a few examples of how deeply can a spyware disguise itself to look unobtrusive when targeting a device.

This being said, there are many key-areas that a company should be safeguard:

  • Executive and board members – this is where the most sensitive information is exchanged, from strategic development, to mergers, expansion plans and key-partnerships
  • Sales and marketing – sales strategies, distribution plans, product placement and marketing innovations
  • Research and development – new designs, future plans of development, pending patents
  • Manufacturing – manufacturing costs, supply chain, supplier contracts
  • Financial – sensitive financial information and others

The average cost of TSCM

According to an online publication in 2008[66]: TSCM is often priced according to facility size, location, the number of active telephone lines or other transmission lines, and the scope of the matter at issue. Depending on the firm and market, TSCM services are charged on an hourly or daily rate basis, often by retainer agreement. Top industry professionals will receive $3,000 to $5,000 per day. TSCM services may appear to generate windfall profits. In reality, a large investment in time, for in-service training, and money, for equipment, is required to maintain the standard of professionalism necessary to be effective in this arena.

Another competitor, Spy Nexus, provided insight into it’s pricing scheme[67].

The company Counter Espionage charges a minimum assignment charge of $4,600.00 unless they are already in the area on other assignment. Re-inspections are discounted, as are multiple and extensive operations. Economical daily flat-rates are available with a purchase of 10 or more days per year. Read more: http://www.counterespionage.com/services.html

Examples of TSCM services costs

Small office – an example of TSCM services[68] quotation for a small 5-rooms office with 11 phones and 3 speakerphones could add up to almost $3000.

Corporate – Other providers[69] offer corporate surveys, conducted 2-4 times per year on an annual budget of less than $30,000. Some companies charge a minimum assignment[70] rate between $2,500 – $4,600.00. Re-inspections are discounted, as are multiple and extensive operations[71].

Domestic – for domestic investigations, the rates[72] start at $0.60 per square feet. Vehicles can be checked for tracking devices starting at $350 and telephones investigations start at $150. Real time monitoring[73], like business meetings are usually charged $150 per hour and other general investigations start at $125 per hour. Other providers[74] charge on hourly basis only, starting $200 per hour (one technician) and $275 per hour (two technicians).

Why McCann’s REI trained technicians and gear is better than competition

REI is a world leading manufacturer of technical surveillance countermeasure equipment. REI customers include Government agencies, Law enforcement organisations, Corporate Security personnel, and TSCM (Technical Surveillance Countermeasure) professionals that have a need or responsibility to protect sensitive information.

Founded in 1983 in Cookeville, Tennessee, REI was one of the first companies to introduce a Non-Linear Junction Detector (NLJD) in the US (http://www.cryptomuseum.com/df/rei/index.htm) and claims to be the largest manufacturer[75] of such equipment in the World. All[76] design and manufacturing work is done on site, in Algood, Tennessee, focusing on quality and complexity instead of production volume.

REI also operates the largest[77], unclassified, commercially available TSCM training centre in the world, using state of the art technical security equipment. They train TSCM professionals in overall surveillance countermeasure practice or certification courses for using their equipment. The REI training centre is clearly following the big trend in the surveillance technology, with more new courses focused on Digital Electronic Surveillance Counter Measures.

In over 3 decades of security technology development, REI has always proved to be a reliable partner for both government and private sector clients as well as one of the leading manufacturers in the industry. Using REI technology and know-how has become a guarantee for quality TSCM services.

 

SOURCES

[1] Source: http://www.buildings.com/buzz/buildings-buzz/entryid/212/how-to-handle-counterespionage.aspx

[2] Source: http://www.theepochtimes.com/n3/326002-the-staggering-cost-of-economic-espionage-against-the-us/

[3] Source: http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdf

[4] Source: http://www.erii.org/blog/191

[5] Source: http://thetally.efinancialnews.com/2014/09/five-top-cyber-espionage-devices/

[34] Source: http://www.wordorigins.org/index.php/eavesdrop/

[35] Source: http://www.ancientmilitary.com/Sun-Tzu-The-Art-of-War.htm

[36] Source: http://www.theguardian.com/culture/gallery/2013/apr/13/10-best-real-life-spies

[37] Source: http://listverse.com/2007/08/24/top-10-famous-spies/

[38] Source: http://www.wright.edu/rsp/Security/V3bugs/Methods.htm

[39] Source: http://www.justice.gov/opa/pr/us-charges-five-chinese-military-hackers-cyber-espionage-against-us-corporations-and-labor

[40] Source: http://www.computerhope.com/issues/ch001045.htm

[41] Source: http://usa.kaspersky.com/internet-security-center/threats/spyware

[42] Source: http://www.academia.edu/7275923/Lev_Termens_Great_Seal_bug_analyzed

[43] Source: http://www.counterespionage.com/assets/tektronix-rsa6114a-case-history.pdf

[44] Source: http://www.wright.edu/rsp/Security/V3bugs/Methods.htm

[45] Source: http://techlinkcenter.org/summaries/high-sensitivity-laser-microphone

[46] Source: http://www.uscrow.org/downloads/Survival%20Public%20Domain/Understanding%20Surveillance%20Technologies%20Spy%20Devices%20Their%20Origins%20and%20Applications.pdf

[47] Source: http://www.infosecurity-magazine.com/news/wikileaks-releases-finfisher/

[48] Source: http://ptgmedia.pearsoncmg.com/images/9780789735539/samplechapter/0789735539_CH03.pdf

[49] Source: http://www.infosecurity-magazine.com/news/mac-spyware-hides-file-extensions-to-evade/

[66] Source: http://www.factfind.com/article1.htm

[67] Source: http://spy-nexus.com/starting-your-counter-surveillance-business/

[68] Source: http://spy-nexus.com/starting-your-counter-surveillance-business/

[69] Source: http://www.counterespionage.com/services.html

[70] Source: http://www.bugsweep.com/pricing.html

[71] Source: http://www.counterespionage.com/services.html

[72] Source: http://www.kimmonsinv.com/houston-investigator-rates/

[73] Source: http://www.spyemporium.com/private-investigations/

[74] Source: http://www.batesinvestigations.com/private_investigator_rates.htm

[75] Source: http://www.prweb.com/releases/2011/04/prweb5237004.htm

[76] Source: http://depreciated.ucbjournal.com/news.php?id=3115

[77] Source: http://www.ntia.doc.gov/files/ntia/comments/100504212-0212-01/attachments/REI.pdf