Property Factors

Central Heating for Property factors.

Eavesdropping and Counter-Measures: Technology and Techniques

You need to know how to protect yourself, since your security department or

any consultant may not be truly aware of these threats and therefore not

dependable. Since September 11th, a number of businesses entered the security field with little to no knowledge of the trade itself; only of its profit potential. Even outfits that have been around for some time and well-established have not been able to stay current with the latest innovations.

Realistically, viewing your threat level has to be considered since everyone

should expect some sort of impending privacy issue no matter how small. Thanks

largely to the Internet you can arm yourself with much of the knowledge and

equipment that the so-called experts use. If a respected agent of computer crimes

for the Secret Service in NYC had his T-Mobile Sidekick hacked, who knows what else

happens out there to others in any business.

We’ll start acoustic ducting evaluation is the inspection of air ducts, baseboard

heaters, coffee rooms, lounges, bathrooms or any way the architecture of a building

can transfer sound. A simple example is to put your ear to a wall and listen.

Basically anything that requires the use of the naked ear is called an acoustic

bug. Softer surfaces can help muffle sounds but there are more efficient means out

there. So be aware that the way an office site is designed can act as a conduit for

conversations. Also, be aware of any changes can have adverse affects. Simply

playing music can do wonders for masking conversations.

Inspection of telephone equipment and wiring is called line analysis. This is

trickier than it seems since sometimes a possible weakness has an actual purpose to

the telecommunication system. Especially if it requires constant maintenance and

software upgrades.

All instruments should be opened and inspected. Ideally they should be

compared with a known safe phone or device. If you’re not sure, just remove that

piece of loose components and wiring and see if the phone still works. The wiring

can be modified in a switch within the handset that essentially turns it into a

microphone. If you bypass this hook switch, you can listen in from anywhere on the

landline. Technical

equipment won’t be able to detect this. Time Domain Reflectometry is the sending

of a pulse down a telephone line. If there is some sort of disruption; a wall outlet or

wiretap; a portion of the pulse will be

sent back to the device called a Time Domain Reflectometer (TDR). Then the time

difference between the reflection and the continuous run is measured. This helps in

determining the distance to the anomaly.

These devices can perform all sorts of diagnostics including mapping a wire

network. That can be useful in locating a hidden phone. Hidden phones have several

obvious uses such as making long distance phone calls to being placed in an office

across the street to receive betting requests by bookies; a practice called back

strapping. If you open up the modular jacks where you connect your phone, you’ll

usually see four wires. In most cases only two wires are connected; commonly

known as ring and tip. If you see all four connected, be aware that is not usually

consistent for most wiring situations, especially in homes. The other two wires

could be used for a bugging device.

For instance, the microphone you use in a voice recorder can be cut in half.

Connect the mike head to one set of unused wires anywhere on the phone wire.

Then, so long as there are no breaks in the wire, connect the other end to the jack

that connects to your recorder. Now place your recorder to be VOX (voice) activated

and now you have an extremely reliable bug. By the way, this should be manually

inspected for since using a specialized bug detector may see nothing wrong or

inconsistent. A bug such as this that connects to a wire is called a direct tap.

The other general type is called an inductive tap. This is when an instrument is

outside a wire but can still distinguish what’s transacting over a wire. They are

harder to detect since they don’t draw power from the line such a standard

telephone would. These are referred to as snuffle bugs. A simple probe used in

hunting wire signals has a speaker, which can display sounds. By

accident one day I was working on an apartment intercom system while using a

. I could hear conversations throughout the building quite clearly just

through the intercom boxes mounted on walls from the master unit in the


If you’re using wireless headsets or cordless phones, the radio signals can be

intercepted. A cordless phone acts like a radio, but depending on the frequency and

a few other factors, can make interception extremely difficult. With some

manufacturers, you can buy the same model as your neighbors or the office and

have it join their phone system. Double check Caller ID boxes to see if they also

record numbers dialed besides obviously those being received. If you’re using VOIP

(Voice Over IP), remember that calls can be recorded in a fashion identical to

intercepting data between two computers.

These packets of data can reassemble an audio file. Obviously electronic

devices possess semiconductor components such as diodes, resistors and such. The

method to hunt for these components is called Non-Linear Junction Detection

(NLJD). The NLJD unit emits a radio signal while listening for the return signal from

an electronic device. This becomes very useful when a bug is embedded in a picture

frame or wall. The eavesdropping device doesn’t have to be active for it to be

discovered. If a device is active and transmitting wirelessly (or even on a wire), you

can detect it with a Radio Frequency Spectrum Analyzer. Depending on the detection

device used, you can determine whether voice, data or video is being sent, and

possibly listen to the data. Try to use different size antennas or buy one that

collapses. Different frequencies can be detected more efficiently by using various

sizes. The use of filters with antennas can also help pinpoint devices on specific


Electronics such as computers, FAX machines and especially CRT monitors can

radiate electromagnetic signals or pulses that can be received by other equipment.

This is known TEMPEST. One way to complicate the surveillance of this is to use

certain fonts and line walls or equipment with different gauges of copper mesh wire.

You can further enhance this posture by using special paints, which block radio


Radio waves will look for a leak or break, so be careful of defensive

applications. One-way window tints can help in blocking signals. Since an

electronic device could generate some heat they can be detected in another way.

The use of a thermal imagery device can detect and actually see minute amounts of

heat radiated for your viewing. You can hide the heat signatures by using creams or

neoprene. Technology exists to collect information from blinking LEDs of modems,

routers, print servers and similar devices. You can only see some general blinking

but with the use of properly tuned optics, filters, oscilloscopes and good timing you

can discern much more. One of the LEDs on your keyboard can be altered to blink

while you are typing in a fashion similar to Morse Code. You can also use a tap in

the keyboard that sends out radio waves again similar to Morse Code and no anti-

virus software will ever be able to find it. Even when a CRT computer monitor is

facing a wall the light can be in a sense read by its flickering emanations from some

distance. A good defensive measure is to buy new LCD flat panel types.

Another approach to attacking FAX machines is to simply record the noises it

makes and play it back to another machine. I used to do this for a client so they

could keep a record of all the faxes they made and received. There are creative and

potentially illegal defenses against wiretappers and Peeping Toms. One is to

transmit an extremely high pitch down the wire, thereby rupturing the listener’s

eardrums. I knew someone who once sent a powerful electrical spike down his

phone wire thereby destroying his divorced wife’s recorder.

By the way, this leads to another topic-expect the device to be discovered

someday. Don’t leave your fingerprints on it. He found it and had it dusted, thereby

producing some prints. My friend used this as leverage against the Private

Investigator that planted it. Advice to Private Investigators, a word to the wise: if you

do this part-time, hire someone who does this full-time. This P.I. lost his license

and almost went to jail. The lawyer who recommended him got into a lot of trouble

as well. He received some unwanted attention from the Feds because of his

telephone dealings went across state lines and also happened to involve the Post


There is another budding field related to this topic called Protective

Intelligence. Currently there are only a few experts who do this kind of work.

A laser or an infrared beam can be used at a considerable distance from a

target building. Conversational sounds can vibrate unto solid objects such as

windows. The beam’s reflection varies in relation to the movement to the window,

which is received and converted back into something audible. To mask the sounds,

you could attach a vibrating device (basically an altered electric razor) to the


Of course if the window is open, then a laser can target another object instead

of the window. A beam of light or laser can be directed to go through a window

onto a solid object thereby nullifying such defensive measures again. Generally you

really can’t detect such attacks unless the laser, infrared or light beam is being used

that moment. Certain materials can be used to detect IR emissions, as well as the

use of passive night vision gear. Certain fabrics or even a curtain may actually show

the spot where a beam of light or laser is being focused. Unless the room is dusty or

you have an artificial can smoke, you can follow the beam up to a point and

guesstimate it’s location. One type of optical bug is an infrared transmitter. When

placed in the area of interest for transmission of the conversation to an infrared

receiver which will then translate the conversation into an audible format.

Many of these same procedures used can be applied to locating hidden

cameras. A relatively new device uses a series of lasers to seek out optics. This was

originally intended to locate snipers by bodyguards.

I have listed the techniques, counter-measures and then the counter to the

counter-measures to prevent any false sense of security. Usually constant vigilance

is your best weapon besides knowing what to look for. Even if you find a “bug

sweeper” with good credentials, certifications and experience, ask them detailed

questions. Not just to test them but also for your own peace-of-mind. This makes

our job easier and we appreciate greatly when dealing with knowledgeable