Note: This is the first installment in the Spy vs. Spy, "Technical Surveillance Threat Series". Stay tuned. JDL
Technical Surveillance Countermeasures, better known as "TSCM", is defined by "Wikipedia" as:
"A service provided by qualified personnel to detect the presence of technical surveillance devices ("bugs") and hazards and to identify technical security weaknesses that could aid in the conduct of a technical penetration of the surveyed facility".
In the civilian world, the above service is also sometimes referred to as a "Electronic Eavesdropping Detection" sweep or survey, or a "Bug Sweep".
Myself and my team have performed hundreds of TSCM Surveys for fortune 500 corporations, celebrities, executives, embassies, government offices, businesses, private individuals, law firms, etc., etc. There is always a common theme after an area has been cleared, "How can we protect ourselves from electronic surveillance threats after you leave?" The answer is usually complex, and almost always highly dependent upon our review (and recommendations) of our clients security posture and protocols in place at the time of the survey, and after we leave.
In this post, we will deal with one of those threats, "cellular devices", cell phones or "smart phones".
During our pre-survey Technical Threat Assessment, we usually find that "cellular devices" are allowed in almost all areas. There may be a cellular policy in place, but... during our verbal debrief after the area has been cleared, is usually when we find out what we have already discovered, that either there is no security protocol or policy in place regarding the allowance of cellular devices in board rooms and high level meetings, or there is a cellular policy in place, but it is not being enforced.
Almost all cellular phones have cameras, and many smart phones have audio recording features that allow conversations in person or over a smart phone to be easily recorded, stored, and even emailed. If you're like most of us, your cell phone is rarely more than 6 feet away from you. Many have "spy software" installed that allows for the smart phone microphone to be activated in secret without the phone ringing or lighting up. While it sits innocently near you, an eavesdropper can monitor every sound in the room.
So, does this potential eavesdropping threat sound like something that you want to allow in your next confidential boardroom meeting? Can your organization really afford to ignore this type of eavesdropping threat? Does your organization have a cellular policy in place? Is it enforced?
Here are a few personal cellular security tips:
Do not let your cell phone or smart phone out of your physical possession. Most cellular monitoring programs or "spyware" has to be installed through physical possession of the target phone. One of the best countermeasures is to keep tabs on yours.
Password protect your phone. I know it's a pain, but a password on your cell phone could save you or your organization a lot of misery.
Consider a review today of your organizations policy regarding cellular devices. Better safe, than sorry. No time? Contact ComSec, we can help. JDL
Stay tuned for the next installment in the Spy vs. Spy, Technical Surveillance Threat series.
ComSec, LLc provides professional Technical Surveillance & Eavesdropping Countermeasures services to Fortune 500 corporations to small businesses, non-profits, celebrities, executives and select individuals. Headquartered in Virginia Beach, VA | Northern VA-DC-MD. Serving the United States, and select International clients abroad.
