GENERAL SWEEP ASPECTS
1. THE THREAT
A company or organisation can lose valuable information in a number of different ways.
1.1 The most common threat and most difficult to discover is 'by word of mouth' by a disaffected or dishonest employee. This especially by an employee who is about to leave and join a Competitor. Temporary staff may also be suspected.
1.2 By direct over-viewing or overhearing of information by outsiders. Cleaners are the most serious threat, since they usually have unlimited access to all departments while otherwise unattended. They are often issued with master keys, which they use themselves or may lend to others if dishonest. They can thus make copies of confidential data in relative safety. Being relatively low-paid, they are open to bribery. During office hours, technicians and delivery people may be suspected.
1.3 By collecting the contents of wastepaper baskets, possibly from waste bins put out for town cleansing department collection. Simple shredders that cut into strips only (rather than cross-cut into confetti) are a target for information-seekers, since presumably shredded information is likely to be valuable and it is not difficult, with some patience, to reconstitute strip-shredded paper.
1.4 By some means of electronic eavesdropping. The most common ways are discussed below.
Within one's own company, there are some obvious points to watch:
2.1 Try to ensure that staff are trustworthy and not disaffected. This means taking up references of new staff, by trying to ensure their loyalty, and by keeping in touch on a personal level. For employees working in a secure environment, the security creening standard BS 7858 Code of practice applies.
2.2 See that sensitive information, such as salary and bonus information is kept confidential. It is surprising how many times on countersurveillance sweeps one comes across salary lists in unlocked drawers in accounts departments, employment contracts in manager's desk drawers, etc. An employee seeing a colleague at the same level is earning substantially more than he is, is likely to become disaffected and therefore a threat.
2.3 See that confidential information is locked up when offices are left unattended, especially after working hours.
2.4 Ensure there is effective access control to the premises. In a small company, ensure no outsider can get in without being noticed. In a large company, ensure that entrance can only be gained via a receptionist, and augment this where necessary with an appropriate access control system. Protect directors' suites, research departments etc. from penetration by other employees.
2.5 In large organisations, carry out periodical countersurveillance sweeps, especially before board meetings, policy meetings, etc.
2.6 Alternatively (or additionally) have a reputable outside countersurveillance company carry out high level sweeps.
3. COUNTERSURVEILLANCE SWEEPS
3.1 Physical Search
This is by far the most important part of any sweep. Some aspects of physical sweeps are as follows:
Examine all drawers, cupboards, etc. that are not locked. Any keys found in desk drawers should be used to see if they unlock other drawers, safes, or cabinets, and examine these also if so. Note any confidential information found.
Examine walls, floors, ceilings, windows and doors for anything unusual. Look behind pictures, above suspended ceilings and under 'computer-room' suspended floors. Look for small microphones and thin connecting wires especially along skirting boards. Look for small hidden radio transmitters, which may be the size of a sugar cube, especially on the underside of tables and chairs, behind filing cabinets etc. Such transmitting 'bugs' may also be disguised as a pen, ashtray or calculator etc.
Unscrew and look behind all mains outlets and telephone connection outlets, whether wall mounted or under-floor mounted. Dismantle and examine all telephone instruments.
Look behind radiators, especially those recessed in louvered enclosures. Examine heating/air-conditioning ducts.
Examine wall and ceiling lights, especially chandeliers.
Walk round outside of premises and examine for hidden wires, or anything unusual.
3.2 Radio Sweep
Radio transmitting devices are probably the most popular types of eavesdropping device. They are readily available, relatively cheap, and widely advertised.
A radio technician can manufacture a small simple transmitter in about an hour from parts he probably already has in his possession. Such a transmitter may have a range of 50 yards and work for 10 hours from a PP3 battery. The transmitter itself could be half the size of the battery.
While battery operated transmitters may be placed anywhere, it is equally easy to power transmitters from the electric mains or from a telephone line or extension. Such bugs will continue to operate for years. A popular bug of this type is built into a 2- or 3-way mains adaptor, which may be carried round as an innocuous item, and takes only a few seconds to install in any mains outlet. Alternatively, it can be disguised as a telephone 2-way adaptor and plugged into a wall socket, with the telephone reconnected into one of the two sockets.
Mobile phones are becoming popular bugging devices. A couple of simple adjustments can turn many of them into very effective listening devices, on demand.
3.3 Telephone Sweep
Telephone systems are becoming increasingly more complex, with many companies having their own internal electronic exchange. In some ways, this makes the eavesdropper's job more difficult, as it does the job of bug-finding. However, as telephone bugs are likely to use the telephone line to supply the necessary power, it is possible to detect them by measuring telephone line parameters. This checks the line from the telephone itself back to the Main Distribution Frame (MDF) where the telephone cables come in from the street.
3.4 Wireless Network Detection
Wireless LANs are prolific in our cities. Detection and assessment of active wireless network traffic is an important part of a counter-surveillance sweep. From the information obtained from a sweep an IT manager can determine whether or not identified LAN wireless access connections are either valid and known or illicit.
If they are valid access points the ranges need to be determined to ensure the data signals do not go outside the building or into public areas, and the points are set up on time zones.
Although encryption is often enabled on the access points, it should be noted that some encryption can very easily be overcome with a software switch on standard wireless LAN software packages. When within range of an access point, monitoring of LAN traffic can be relatively easy and thus subsequent penetration into the network.
3.5 Cable Examination
All accessible electrical mains cable and outlets should not be forgotten. Until all accessible cables are identified and tested they should be treated with suspicion.
4. GENERAL SWEEP ASPECTS
Before undertaking a sweep, it is desirable to carry out a survey of the premises, although this is not always possible, especially if the location is abroad or at a great distance. Number of rooms/offices, total area in square feet/metres, number of telephones, type of telephone system, number of employees, and plan of the premises all provide helpful information. Heavily cluttered offices with suspended ceilings obviously take longer to sweep than a tidy boardroom with plastered ceiling, little furniture and a single telephone.
Sweeps normally take place outside working hours, at night or at weekends. One operative can carry out physical aspect of a sweep at between 100 and 200 square feet of office per hour, depending on clean or cluttered conditions. It is not normal to sweep the whole of an office area, but to confine the sweep to high risk or high information-value areas such as directors' offices, sales/marketing offices, boardroom, etc.