Review of November Meeting Insider Threats

Duane Reaves gave a presentation on :

Insider Threat: A Review of Electronic Surveillance Threats & Countermeasures

After an initial review of his industry (insider threats around the country). TSCM was discussed which stands for Technical Surveillance Counter Measures. Also referred as “Electronic Surveillance CM” , “Bug Sweep”, or “Sweep”.

Although Cybersecurity is increasingly a threat the physical technologies have also become more sophisticated.

So now multiple examples were given in the news and some of his personal clients without giving away the client (keeping the circumstances generic).

It seems that listening devices are used in hotels frequently to listen in on competitors (including sports teams). An insider was caught with listening devices at Ford HQ.

Cameras are getting smaller and are disguised inside chargers and coat hangers. Then many news stories were discussed of hidden cameras, and why some companies are spying on competitors.

An interesting point was made: Spying revelations are not usually publicized, so the news does not see all the break-ins.

Incidents are increasing !

TSCM should be part of an overall security program and don’t forget telephone security.

Then a review of what is being protected!

Who uses TSCM! And the evolution of surveillance as levels of traditional threats are merging since the devices become smaller, easier to use, and also cheaper.

Several examples of small transmitters that cost less than $30 which are as small as a penny.

One of his roles is to try and find these devices with sophisticated technologies which cost tens of thousands of dollars (RF spectrum analyzer – Advanced Near-Field Detection Receiver) – Even a Non-Linear Junction detection device which finds turned off devices.

A very interesting transmitter uses GSM circuitry (i.e. it is now a phone) so now all it needs is power, and some of these devices plug into USB ports for the power only.

It was good to see the variety of possible devices and their possible uses.

Some of these devices are truly James Bond type things, but since they only cost $25 or so it does not seem implausible for certain criminals to use them.

Finally methodologies and strategies to consistently prevent these attacks from happening were discussed. Including what to do if you are thinking there may be a bugging device (do not make a phone call from near the location of concern).

It was a great reminder that cybersecurity is not the only threat out there.

Here you can download Duane’s power point presentation.

Written by Tony Zafiropoulos