Printer Friendly

The ever-elusive eavesdropper.

IN EAVESDROPPING SWEEPS TOday, why is no one finding stateof-the-art bugs - that is, bugs more sophisticated than simple over-thecounter or ra market, mail-order devices? Either such devices aren't being used, or they simply aren't being found.

It has been more than 35 years since bugs have been used with remote control switches. Such switches allow the eavesdropper to turn the bug on and off from a remote point. With the remote control switch, he or she can sit at a listening post and switch the bug off when there is any sign that it may be in jeopardy or when it is not needed.

For example, the eavesdropper can turn the bug on at the beginning of the target's workday, listen and record as he or she wishes, and then turn off the bug and close down the listening post at the end of the workday. If, during the time it is on, he or she hears something suggesting that a sweep is underway, the eavesdropper can go off the air and wait out the sweep.

This capability is real, not hypothetical. During the 35 years following the first discovery of an effective and concealable remote control switch, the state of the art has developed at a rate limited only by the state of the applicable technology. That rate has been as impressive as the change in television receivers from the large and heavy models of early TV to the pocket-size units now available.

A modern remote control switch concealed with a bug is small enough that it does not materially add to the eavesdropper's concealment problems. Such switches can be used in industrial espionage operations. Their use adds a measure of sophistication to any eavesdropping system even if the bug itself is simple. The question is, Why isn't even that modest level of sophistication in an eavesdropping system being found?

The answer may lie in the security industry's ignorance of such a capability. One finds sweeps being performed after normal working hours or on weekends when it is likely that a professional eavesdropper will not have a bug on the air.

During those sweeps, some sweepers do not bother to disguise the sounds of their search activity in the sensitive area and sometimes deliberately generate sounds that are likely to tell an eavesdropper that a sweep is underway. If the eavesdropper has done a good job of hiding or disguising the bug in the target, he or she has a good chance of not losing it during such sweeps.

Perhaps the lack of finds can be explained by that practice-that is, searching for bugs at the wrong time and telling the eavesdropper, whose finger is poised over the off button for the remote control switch, that a search for his or her signal is underway.

However, it is improbable that some eavesdropper would not make a mistake and lose a sophisticated bug at some time or other. But in those cases, which are probably rare, the discoveries may be kept secret. Many finds are. In any case, the complete lack of documented, reported, or rumored finds of state-of-the-art devices is puzzling.

Of course, maybe they simply are not there to find. After all, human sources are available for use in collecting intelligence, and electronic eavesdropping is a federal crime.

WHAT THEN IS THE REASON FOR concern? Should there be any concern at all? There should be, because money is being spent for sweeps and sweep equipment. That says that someone has reason to be concerned about the possible existence of room bugs, whether or not they have been found before at a particular site or in a particular form.

Certainly, sweep equipment is not being bought or sweeps contracted for just so people can claim to have done the job, whether or not it is likely to be effective against real eavesdropping penetrations.

The next question must be, Should a company's defense be designed against the simple things that are being discovered or against the real-world systems that are not being found? The latter alternative seems the logical choice, especially if it would not involve an unacceptably large expenditure of personnel and funds.

Actually, a change in attitude more than anything else is needed to accomplish such a change in defense design. If such a change is made, the devices of low sophistication presently being found will still be found, and the chances of finding the better ones will increase. Let's look at the present situation.

A sweep is contemplated, and a security director asks if it can be done on a certain night. He or she may also ask how long it will take and certainly how much it will cost. The after-hours sweep is the traditional approach to eavesdropping defense. To the best of the security director's knowledge, sweeps have always been done that way.

The sweeper enters the area after working hours and works as long as necessary, or as long as he or she is allowed, to find a bug or evidence of one's existence. Sweepers accept this traditional approach as being practical and convenient for the client.

To some extent they operate in the belief that such a sweep must be effective because it has always been done that way. Certainly they feel they might find a bug using that approach. It is understandable, therefore, that they often agree to such scheduling.

However, that approach ignores the fact that one of the eavesdropper's principal vulnerabilities is the signals that his or her devices radiate and the fact that they will probably not be radiating after working hours.

If the sweeper resists the idea of entering the premises after working hours and suggests some work be done during the workday instead, he or she may be met with skepticism unless his or her credentials to work in the field are goldplated.

The client does not want the sweep work to be apparent to employees and certainly does not want to do anything that disrupts the normal flow of business. Those concerns are understandable, but they create barriers to a logical approach to counter eavesdropping.

If the client instead had the impression that the traditional approach was to perform the sweep in two phases, one of which was during working hours, he or she would make whatever arrangements were necessary to take advantage of the eavesdropper's vulnerabilities. It is as logical to do that as it is to lock the doors when leaving for the day.

In the two-phase approach, the first phase is simply to look for radiated or wire-conducted signals from a point outside the sensitive area at a time when an eavesdropper is likely to be listening to sounds from within the sensitive area.

The second phase is to search the sensitive area as usual for a bug or evidence of one. That may be done after working hours when the eavesdropper is not likely to be listening. The second phase should emphasize a physical search using whatever technical aids are appropriate and downplay attempts to detect radiated signals.

This two-phase approach can be slightly more expensive than the usual approach because it may require the sweeper to work more hours or days on the job. He or she simply cannot work during the day and then a good part of the same night without losing some effectiveness.

On the other hand, if the first phase can be done late in the workday and be followed within a few hours by the second phase, the costs might not be more than with the traditional approach.

This discussion of sweep procedures is obviously simplified. It suggests that all sweeps follow the traditional approach, that all clients of sweepers require that approach, and that the sweepers themselves accept that method.

Certainly there are exceptions to those attitudes and methods. Also, other steps than the two-phase approach can be taken to improve the traditional approach. However, the great majority of sweeps currently follow the traditional approach, and the trend toward a twophase approach or other method to exploit the eavesdropper's signal vulnerabilities is only gradually developing.

The traditional approach may be the reason sophisticated bugs are not being found. As that approach to sweeps is abandoned for more logical methods, real-world bugs may emerge onto the scene. If they do not, then perhaps we can comfort ourselves for a time with the conclusion that they are not out there to find. Certainly it is too soon now to reach that conclusion.
COPYRIGHT 1990 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1990 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Whidden, Glenn
Publication:Security Management
Date:Jul 1, 1990
Previous Article:Don't take the fall.
Next Article:Defending the dock.

Related Articles
A raid on bugs.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters