Note: ACSS is in the process of forming and is not yet an established trade association. At present ACSS is fully owned and operated by Norbert Zaenglein as a sole proprietorship

Join ACSS Here

One-Year Membership Just $25

Considerations For

The following is in draft stage and is provided only as a preliminary document subject to review, analysis and revision over time by TSCM professionals.

       Revised December 6, 2009

Overview

For Consumers

We live at a time when privacy and proprietary information are coming under increasing attack. Activities once considered private are subject to compromise by individuals with access to covert monitoring instruments. Protecting ones privacy and safeguarding confidential information and intellectual property have become a necessary security consideration not just for the government and military, but also for private business and private citizens.

A substantial civilian demand for covert audio and video monitoring devices have spurred the marketing efforts of covert devices beyond government, military, and law enforcement agencies. Furthermore, the cost of small, sophisticated surveillance devices continues to drop with prices well below $100. The act of electronic eavesdropping has become exceedingly simple and may be accomplished by untrained individuals.

While it is difficult to categorize surveillance threats into clearly delineated categories, consumers of TSCM equipment and services are best served if they possess the ability to:

* a) accurately define the potential threat;

* b) understand countermeasure capabilities and limitations, and;

* c) take reasonable and appropriate actions to identify and mitigate the threat.

The industry responsible for detecting illegally deployed eavesdropping instruments is commonly referred to as

TSCM, an acronym for Technical Surveillance Counter Measures or ECM, an acronym for Electronic Counter

Measures. The TSCM/ECM industry consists of equipment manufacturers, counter-surveillance firms,

technicians and educators; it is an industry that is highly fragmented with some segments of the industry being well-trained, honest and professional, while other industry segments rely on deceptive practices and misleading business and marketing tactics.

The inevitable from analog to digital information processing has created a significant gap in countersurveillance capabilities even for individuals who may have had many years of training and experience. A military-trained countersurveillance technician, for example, who may have retired ten years ago may not be capable of addressing modern digital surveillance threats including VOIP, fiber optic and computer based. A significant portion of today’s countersurveillance firms may not be qualified to adequately detect of advanced digital threats. This raises a number of consumer protection concerns.

Like decision processes made when acquiring common security products or services, deciding how to manage privacy threats should be based on:

     * a) an accurate assessment of the threat;

     * b) a fundamental understanding of the capabilities and limitations of countermeasures;

     * c) establishing reasonable and appropriate actions to mitigate the threat within one’s financial parameters.

Choosing a TSCM company can be a challenging task for civilians. First, many states do not require any licensing to offer TSCM sweeps. Hiring an unqualified sweep team may only give you a false sense of security. Second,

to maintain professional confidentiality, TSCM companies generally do not reveal names of their clients. This makes checking references problematic.

To evaluate a TSCM company, potential clients should ask questions including, certifications of training, equipment capabilities and professional experience. Professional TSCM teams should at minimum possess equipment and expertise specified under Category B threats outlined later in this paper.

Considerations For Assessing Threat Levels

& Choosing A TSCM Company

(Draft: Subject To Review & Modification)

The assessment of threat levels is subject to considerable debate and individual interpretation. It should be noted, however, that the threat levels categorized herein are in no manner correlated to a potential loss, be it of privacy or of intellectual property. A glass held against a wall or a conversation overheard in the hallway can gather as much information as a high-tech laser listening device that cost tens of thousands of dollars.

Threat Category A

Scope: Civilians that are subject primarily to voyeuristic attacks and audio threats posed by common devices that are readily available to civilians through retail and online establishments.

Threats in this category consist of low-cost devices that can be purchased at consumer electronics or mart-type stores. These devices include digital recorders (which can be tucked away in a couch or taped to the bottom of furniture), FRS radios, some of which have transmission ranges exceeding twenty miles. These units can also be easily hidden or taped beneath furniture. Other consumer devices that can be adapted for surveillance include wireless microphones, intercoms, and inexpensive wired or unwired video cameras. We may also include hardware-based keyloggers in this category.

Low cost and ease of availability makes Category ‘A’ devices popular with amateurs, which does not mean that one should underestimate the efficacy of these devices. Consider the threat posed by a twenty-mile range FRS/GMRS radio, which can be purchased at any mart or electronics store for about $50 U.S. With a small extension microphone plugged in, an FRS radio can be hidden in any number of places, leaving just a small microphone clipped somewhere inconspicuous (tucked away between a couch or sandwiched between a mattress). Now consider that many such radios have voice-activated transmission capabilities. All of these add up to a very effective listening device that is inexpensive, has a tremendous transmitting range and can remain active for a week or longer.

Threat Category A Countermeasures

Surveillance threats in Category A may be successfully identified and neutralized by civilians using a basic broadband detector, an optical camera locator and following manufacturer instructions on how to conduct a safe, physical search for covert devices. Category A specifically excludes the search of any wires or cables that could be energized by electrical voltage and that includes telephone lines. The ability to visually identify hardware-based keyloggers may also be included in this category

Minimum equipment requirements to identify Category A devices include:

* A Sensitive Broadband Receiver with Adjustable RF Gain Control Capable of Detecting Analog and Digital    Signals of up to 5.8 GHz.

* An Optical-Based Camera Locator Capable of Identifying Pinhole Camera Lenses.

* An understanding of how to conduct a cursory physical search of the location that excludes any energized    cables.

* Equipment to Detect GPS & Cell Phone Compromises

Threat Category B - (Residential and Small Business Sweeps)

Scope: Civilians and government employees in positions of having access to information of moderate economic or social value. This category also includes individuals that are undergoing significant life-changing events such as a divorce, child custody issues, matters involving attorneys, difficulties in a business partnership, difficulties with a coworker, individuals that are in a dispute with others.

Individuals that are engaged in the private detective field, have prior law-enforcement or related military experience may pose threats in Category B. Also included in this category are private citizens who have researched available resources and are capable of acquiring Category B devices. Surveillance instruments in Category B are generally more expensive and may operate at greater distances, at higher frequency ranges and their method of concealment or transmission is more sophisticated.

Category B devices include high-powered FM radio transmitters, scanners modified to receive analog cellular telephone traffic and low-powered wireless microphones modified to transmit over greater distances. Category B includes devices that: transmit using microwave, infrared, ultrasonic, and carrier current; remotely-activated instruments; video devices that store information on memory media, as well as land-line telephone compromises; and; live, Internet-based surveillance.

Threat Category B also includes the use of repeaters (which amplify weak signals so they can be sent to distant listening posts). A system of repeaters can amplify low-power signals and transmit them over greater distances.

Due to the capabilities of repeaters, security sweeps should include checking the perimeter of the premises. Finally, advanced vehicle trackers, frequency hopping, burst transmitters; digital and spread spectrum devices may also fall within this category, as do infinity devices. This category also includes hardwired telephone threats and compromises such as series and parallel taps and hookswitch bypasses. Category B is generally limited to the discovery of active audio transmitters as well as wired and unwired video instruments. Category B also includes the examination of energized wiring, which requires specific safety precautions.

We may also include software-based keyloggers and the ability to detect common spyware including that which can be remotely installed. In addition, the technician should be able to advise the client on wireless computer threats and have an understanding of packet sniffers, basic VOIP vulnerabilities and the security of wireless access points. .

Detecting devices that fall within Category ‘B’ is within the realm of TSCM technicians who have met the following factors:

     *a) The technician must have completed a formal two- to four-week training program in countersurveillance            instrumentation and methodology;

     *b) Technician must have access to a sweep kit capable of identifying all Category B devices, and;

     *c) Technician must be proficient in conducting a competent physical sweep including the ability to safely test            energized wiring for compromises.

     *c) This threat category requires a fundamental understanding of personal computer operations, spyware and            digital signal processing.

     *d)  Ability to detect cellular phone spyware and GPS trackers Including real-time and passive logging.

Minimum Equipment Inventory To Conduct Category B Sweeps

* A sensitive broadband receiver system with adjustable RF gain control and sensitivity at the microwatt level.    preferably with AM/FM demodulation capabilities.

* Multimeter (VOM)

* Cable Tone and Tracer Kit

* Carrier-Current Analysis

* Countermeasures Amplifier

* Telephone Line Analyzer capable of identifying series, parallel, infinity and hookswitch bypasses

* Frequency Counter

* Radio Scanner

* Optical Pinhole Camera Detector

Minimum equipment capabilities to identify Category B devices.

* RF spectrum detection from 10 KHz to - 2400 MHz.

* Infrared & laser detection capabilities.

* Microwave detection up to 5.8 GHz.

* FM RF detection & demodulation.

* Carrier current detection from 20-400 KHz.

* Ability to locate transmitting and non-transmitting video cameras.

* Ability to detect analog and digital signals

* Ability to detect GPS/GSM devices.

* Ability to detect civilian room and vehicle transmitters

* Ability to locate sound-activated transmitters

* Ability to detect room and vehicle transmitters

Minimum telephone compromise detection capabilities:

* Series RF tap detection.

* Parallel RF Tap detection.

* Parallel Recorder Activator detection.

* Infinity Device Transmission detection.

* Hook Switch Bypasses detection.

* Carrier Current Detection Capabilities

Minimum computer-based capabilities

* Visual identification of hardward-based keyloggers

* Installation and operation of spyware detection software.

* Ability to use a packet sniffer to advise clients of computer security compromises.

Equipment that possesses these minimum capabilities when used in conjunction with a thorough physical inspection can provide reasonable protection against the most prevalent illegal surveillance threats in a home or small-business environment.

Minimum Training/Education To Conduct Category B Sweeps

* Completion of a Formal Two- to Four Week Countersurveillance Training Program

* Completion of a Military or Government TSCM Training Program

* Understanding of POTS Telephone Systems

* Ability to Check Cables For AC/DC Current

* Proficiency In The Safe Operation of a Multimeter

* Proficiency in the Safe Operation of a Cable Tracer and LAN Meter

* Ability to Operate an Optical Pinhole Camera Locator

* Ability to Safely Test Electrical Cables For The Presence of AC/DC Current

* Capability of Conducting A Line Balance Test

* Capability of identifying RF transmissions at telephone junction points located off the client premises.

* Ability to identify hardware and software keyloggers and use a packet sniffer to detect computer and VOIP   vulnerabilities

Threat Category C

Section Under Construction

(Draft: Subject To Review & Modification)

Prospective clients in this category face a professional and well-financed adversary. Devices in Category C may include laser listening devices, passive radiators, deployment of professional spies who may work as teams, compromise of a private branch exchange telephone system. Listening devices planted inside walls, remotely activated devices, ultrasonic devices, and devices that transmit in the higher Gigahertz ranges.

If you determine your threat level to fall within this category, then the services of a professional countersurveillance team must be considered.

Minimum Equipment Requirements

* Broadband Diode Detector System

* Tuned Receiver System

* Spectrum Analyzer

* Non-Linear Junction Detector

* Infrared Detection System

* Thermal Imaging

* Advanced Telephone Analyzer

* Time Domain Reflectometer

* Oscilloscope

* Countermeasures Amplifier

* Radio Direction Finder

* Cable Tracer

* LAN Meter

* X-Ray Machine

* Specialized Antenna Collection

* Advanced Physical Inspection Tools

Note: As with other security considerations there are no perfect solutions. Even professional sweep teams don’t grant ironclad guarantees that all eavesdropping devices have been identified and neutralized. Surveillance threats do not cease after the completion of a sweep. Therefore, a good TSCM team will suggest additional security measures. You must take some responsibility for ongoing countersurveillance.

Threat Level C

(Draft: Subject To Review & Modification)

Section Under Construction

Here you are facing a professional and well-financed adversary. Devices in Category C may include laser listening devices, passive radiators, deployment of professional spies who may work as teams, compromise of a private branch exchange telephone system. Listening devices planted inside walls, remotely activated devices, ultrasonic devices, and devices that transmit in the higher Gigahertz ranges.

If you determine your threat level to fall within this category, then the services of a professional countersurveillance team must be considered.

Minimum Equipment Requirements

* Broadband Diode Detector System

* Tuned Receiver System

* Spectrum Analyzer

* Non-Linear Junction Detector

* Infrared Detection System

* Thermal Imaging

* Advanced Telephone Analyzer

* TDR

* Oscilloscope

* Countermeasures Amplifier

* Radio Direction Finder

* Cable Tracer

* LAN Meter

* X-Ray Machine

* Specialized Antenna Collection

As with other security considerations there are no perfect solutions. Even professional sweep teams don’t grant ironclad guarantees that all eavesdropping devices have been identified and neutralized. Surveillance threats do not cease after the completion of a sweep. Therefore, a good TSCM team will suggest additional security measures. You must take some responsibility for ongoing countersurveillance.

Disclaimer

Thank You For Visiting