The art of technically and physically searching for illicit bugs, and/or devices, is generally referred to as a Technical Surveillance Counter Measures (TSCM) inspection. This was agreed by a committee of TSCM specialists who provided Skills for Security their public and private sector knowledge in order to establish the first UK National Occupational Standards (NOS) for TSCM. The NOS are submitted and then approved by UK government regulators, and to this day, still establish a good foundation to build UK governance for TSCM in the security industry.
Unfortunately, the TSCM industry still can’t agree on the correct name for TSCM, nevermind industry licensing! The UK National Authority for Counter Eavesdropping (UK NACE) is managed by FCO Services but still refers to ‘Technical Security Countermeasures’. The stalwarts of the industry still affectionately refer to a ‘Technical Sweep’. In theory, it references two aspects of a TSCM inspection. 1. The ‘sweep’ of a frequency range and 2. The ‘sweeping’ motion when using a particular type of equipment. TSCM is also referred to as a ‘Technical Search’ inspection, or ‘Electronic Counter Measures’ (ECM).
For the purposes of this article, the following definitions are used by the author:
- Eavesdropping. Interception of information transfer, including conversations by bugging, tapping, or other technical and non-technical means without the knowledge of the individuals.
- Tapping. Illicitly connecting to conversations and communications media for the purposes of gathering information.
- Bugging. The planting of suitable transducers in order to gather information.
- Bug. An eavesdropping device.
- Device. A piece of hardware made or adapted for a particular purpose, especially for a piece of mechanical or electronic equipment.
- Information Security (InfoSec). Managing policy and process to protect and prevent information loss to digital and non-digital information (data) and to secure against unauthorised use of this data.
The Bible refers to acts of espionage, but only hints that individuals covertly listened to conversations, evidently without the sophisticated technical equipment that supports a modern-day eavesdropper. Research has not confirmed exactly where or when the word ‘eavesdrop’ was introduced into the English language, but it is believed to have originated in the 17th century.
It won’t surprise the reader that the word eavesdrop derives from two words, eaves and drop. It is believed that eavesdrop originated from when a single storey dwelling had a thatched roof; long before guttering and drainage pipes were designed. The constant dripping of rainwater from the thatched roof produced a noticeable line in the ground called the eavesdrop line. It was then said that if an individual stood inside this line, under the eaves, and stood next to a window opening (shutters), they would, in theory, be able to listen into [eavesdrop] the conversation held within the building, and without the knowledge of the occupants. The phrase ‘the walls have ears’ is recognised to support this theory.
The act of espionage is one of the oldest professions in the world. It is alleged that espionage comes in second only behind the ubiquitous, profession of prostitution! Espionage (and possibly prostitution) continues to dominate the thoughts of leaders, executive boards, and VIPs within all businesses and sectors. Often the risks associated with business espionage and eavesdropping can be mitigated by taking simple preventative action. Business espionage quite rightly remains high on all government and commercial organisational agendas, and the need for effective counter-measures seems endless.
The main InfoSec threat is unequivocally from cyber-related actors; this may include cyber-related eavesdropping which is conceivably an IT Security concern. A conventional TSCM inspection does not cover cyberspace but could detect illicit cyber devices attached to hardware or cabling infrastructure.
Not dissimilar to Personal Protection, a professional TSCM inspection team will consider the threat. The threat of business or corporate espionage is considered to be of particular relevance to sensitive industry conversations where competition is high; in particular, between similar companies providing the same services. This, however, does not suggest that espionage is conducted by these companies, but any sensitive information loss to a rival or the impact caused by any security incident could have serious implications.
Many countries, businesses, and individuals actively seek privileged and proprietary information to advance their own political, economic, technological, and personal aspirations. The need for an action plan to cater to all Information Security (InfoSec) incidents is critical for those who have an interest in protecting some of the most valuable assets, reputation, proprietary information, and personal data.
There is a real and credible eavesdropping threat. London’s premier spy shop sold approximately 1500 covert units (covert video, audio recording, and GSM audio) from their London shop in their last financial year. This figure only includes actual units sold over the counter and does not include online sales, not to mention the number of general enquiries. In theory, if this shop remains open for 6 days a week, this equates to 5 covert sales a day. My assumption, therefore, is these people are purchasing this type of equipment to conduct a form of espionage or eavesdropping into other people’s conversations. Admittedly, a percentage will end up in the domestic world, but I have no doubts that some of this equipment will make its’ way into the corporate world.
With technological advances in recent years, in particular in the GSM industry (mobile phone/SIM card), the most capable commercial or state-sponsored eavesdropper has the capability to operate on a global scale.
Suffice it to say the technology in the eavesdropping industry means that smaller and more sophisticated technical devices are available and are easier to acquire than ever before, in particular, devices using SIM cards. The availability of these eavesdropping devices on the commercial market, and the internet, plus the additional ease of installation to a permanent power source is indicative of a significant eavesdropping threat to businesses and individuals.
The threat from business espionage remains relevant but is on the decrease due to:
• Better awareness of the threat.
• In general, improved layers of security and procedures with the overlapping of technology and human in a corporate building.
• Improvements in employee and sub-contractor vetting.
The threat from individuals, private espionage and voyeurism (covert camera installations) is on the increase due to:
• GSM technology.
• The ease of searching for spy products on the www, the ease of purchase and installation.
• Technology advances – products are easier to use, smaller and available to purchase with no due diligence.
A TSCM inspection may be ‘triggered’ or requested for several reasons. Most requests received are following a confirmed or suspected leak of confidential information. Some requests are as part of good business practice and as a precautionary, proactive measure to ensure the integrity and conversational security in the areas of interest.
No matter what the trigger for the TSCM inspection is, the credible threat should be considered and a task planned accordingly.
Circumstances in which to consider an inspection can be:
• Prior to any confidential meeting/function. For example: an AGM.
• Prior to a temporary move into a location. For example: VIP into hotel room.
• Following a confirmed or suspected physical security breach.
• Following a confirmed or suspected leak of confidential information.
• Supporting an investigation to confirm/deny facts.
• Supporting other search/inspection regimes (i.e. physical, explosive/drug dogs).
• Following the introduction of new equipment/furniture/fittings.
• Following a period where third party sub-contractors have completed construction work, cabling work, or renovation.
• Periodically (as required).
Apart from the NOS and UK NACE, the lack of UK government direction, and private security industry governance or licensing, is commonly flaunted by poorly trained, inefficient, and maverick TSCM teams. Anyone can purchase equipment and purport to deliver TSCM in the commercial sector. This is not uncommon in any other sector or security capability that struggles with regulation and standards. The advocates of the Skills for Security NOS committee formed the concept of a TSCM institute (TSCMi), a trade body established to create an ethical culture, draft legislation, best practice, and guidance for TSCM practitioners. However, the TSCMi remains self-governing and to date, has no formal UK government support.
Health & Safety
A minimum two-person team, working in tandem, is generally accepted. I do not concur with the counter-argument from the solo practitioners. Working with, and close to 240v ac electricity, working at height, plus an inspection is normally conducted in unsociable hours when a building is on minimal manning, not to mention the overlapping, complementing techniques of a two-person team, concludes me to endorse my argument, based on health and safety and procedures, that a minimum of two persons is always recommended.
A TSCM inspection capability should not deliberately interfere with or prevent the operation of third-party communication equipment; specifically, the transmission of, or the receiving of, licensed communications equipment and frequencies. In particular, from the main threat vector, GSM signals and the omnipresent SIM card.
The legal way to conduct a TSCM inspection is by employing SIM card detectors that, without transmitting any interfering signal, provide visible and/or audible warnings if an active or passive device is nearby. The ability to determine if a GSM device is in the area of interest should be ascertained by the powers of deduction, technology, and also the overlapping TSCM search techniques.
TSCM in the Private Security Industry
By Ben Gunn
Ben is a former member of the British Army spending 29 years out of a 33-year military career in UK Special Forces – 19 years in the Regulars and a further 10 years in the Reserve. He had a unique military career; initially expeditionary and latterly, 4 years seconded to Intelligence and a further 4 years in a Counter-Terrorism liaison role. Ben is a businessman, incorporating a UK Special Forces tenet into his business planning; ‘the unrelenting pursuit of excellence’ and as such, has established under his directorship, a truly global company based in London, offering a multi-service approach to the security of
T: +44 (0)203 1903030