Reliance on manual bug sweeping strategies can miss advanced radio surveillance devices. A continuous real-time In-Place Monitoring System (IPMS) enables true round-the-clock vigilance in secure facilities.
Cyber security is continually in the news these days as the focus of significant efforts and resources of governments and the corporate world. You may be forgiven for believing traditional radio bugging devices to be a thing of the past. Unfortunately, as TSCM (Technical Surveillance Countermeasures) professionals are all too aware, these devices continue to pose a serious security threat.
By subverting expectations of advanced hacking attempts, some corporate and state entities have removed highly sensitive data using these radio bugging devices. Some reports indicate they are on the rise amongst private individuals as well. Indeed, low cost GSM-based bugging devices can be readily purchased on the internet, and non-commercial devices have become ever more sophisticated and difficult to detect. Hiding the signal in the noise floor, using short-burst transmissions, and snuggling small, covert signals next to large, legitimate ones are just a few examples.
The good news is that, just as threats grow increasingly sophisticated, so too do available countermeasures.
Corporate boardrooms and secure government facilities are still vulnerable to RF bugs
Periodic sweeps vs. continuous monitoring
First, let’s talk about the limitations of traditional TSCM measures.
Traditional “debugging” involves sweeping handheld detection devices over an area at intervals (once a week, once a month, etc.). To aid such handheld bug sweepers (which often have poor RF performance), all known RF-transmitting devices like WiFi routers are usually switched off. This means unwanted transmissions are easier to distinguish from “friendly” signals meant to be there. Bugging devices can escape detection fairly easily in this scenario. The device may not be switched on at the time. It may have been deactivated in anticipation of the sweep, or it may only transmit in short, infrequent bursts to defeat detection equipment.
Because it appears to do the job, this approach often gives users a false sense of security. However, we can see that the probability of detecting all transmissions with this approach is immediately limited by the temporal constraints of the detection activity.
The better approach is a 24/7 In-Place Monitoring System (IPMS), which is now an affordable alternative.
Let’s compare a handheld detector with a continuous 24/7 RF monitoring system. For simplicity, we’ll assume that they are otherwise identical in performance. We’ll also assume you have the manpower and appetite to conduct handheld sweeps for 10 minutes a day, every day, compared with 1440 minutes a day for continuous monitoring. This means that the probability of detection of a sweep team strategy is 144 times lower than for a continuous monitoring strategy. In other words, you’re over 100 times less likely to detect a bug using a handheld detector, and that’s before we even consider performance limitations of the handheld device.
An IPMS continuously monitors spectrum in real time, giving organisations true peace of mind – with the added bonus that staff don’t have to disrupt the workplace to manually turn off equipment and sweep a building.
Typical ceiling installation of networked receivers for continuous real-time monitoring
Once we start looking at RF specifications, the advantages of an IPMS become clearer still. Sweep speed and noise figure are generally poor in handheld detectors. High sweep speed is essential for maximizing POI (Probability of Intercept) for short-burst transmissions typical of covert signals. A low noise figure enables detection of low-power bugging devices from farther away. Handheld detectors have high noise figures, generally over 10 dB (or one order or magnitude) worse than the RFeye Guard sensor we deploy as part of our IPMS. This means sweep teams have to scrutinize every inch of office space to ensure they find just the less sophisticated devices.
The benefits of an IPMS such as RFeye Guard go further. Guard’s accurately time-synchronized RF sensor network uses POA (Power On Arrival) geolocation to find and track transmissions of interest.
Our software is also much more advanced than the limited user interface on a handheld detector. In the case of RFeye Guard software, third-party CCTV and alarm systems can be integrated and triggered in real time when anomalous signals are detected. Anomalous data can also be recorded and saved for later analysis.
And more capability doesn’t mean more complexity for the user. All of these features can be automated to ensure robust 24/7 security; requiring human intervention is only required when a security guard receives an alert and geolocation to investigate. Fortunately, for users who want a more detailed and complex engineering view, including frequency spectra and waterfalls, this is available too.
Tracking a signal with POA in an office environment
Typical ceiling-mounted installation of an RFeye Guard sensor
So, what’s the catch?
Of course, you might assume that for all the added convenience, functionality and performance of an IPMS, you will have to pay a high price. However, a full cost-of-ownership analysis – factoring in the extra labor cost of manual sweeps, lost working time due to systems shut-downs, and financial and other losses related to undetected surveillance activity – shows that a continuous monitoring system is a cost-effective choice.
An automated IPMS is essential for true peace of mind when it comes to in-building security, but don’t throw out your handheld detectors yet. These detectors can serve a complementary role alongside continuous monitoring. Once a bug has been detected and located, a handheld detector can then help with the final step of pinpointing a device with centimeter precision. For example, if the IPMS puts the location in a particular area of a room, then a handheld detector can be used to find the exact position where a device has been hidden. This is especially helpful when devices are concealed in ordinary devices, behind walls or sockets, etc.
When we’ve met with TSCM professionals, we’ve found them to be well aware of the limitations of handheld detection, but often reluctant to consider an IPMS for continuous real-time RF monitoring. They usually expect it to be expensive and difficult to use. A live demonstration and comparison of the costs is a pleasant surprise, especially when they discover some of the additional capabilities they hadn’t been expecting.