With the threat from radio surveillance devices re-emerging, Jon Bradley looks at the problem of reliance on manual bug sweeping strategies and how the alternative of a continuous real-time In-Place Monitoring System (IPMS), such as CRFS’s RFeye Guard system, can enable true 24/7 vigilance in secure buildings and facilities.
Cyber security is continually in the news and is the focus of significant efforts and resources of governments and the corporate world. You might be forgiven for thinking that traditional radio bugging devices are a thing of the past. However, as TSCM (Technical Surveillance Countermeasures) professionals are all too aware, they continue to pose a serious security threat. The content value of the spoken word during secure meetings is extremely high, especially as such conversations often contain information which is too sensitive to put in writing or electronic form.
Indeed, this threat is becoming more severe, as low cost GSM-based bugging devices can be readily purchased on the internet. Meanwhile, non-commercial devices have become ever more sophisticated and difficult to detect. Hiding the signal in the noise, snuggling small covert signals next to large legitimate ones and using bursted transmissions, are just a few examples.
The good news is that, just as the threats are increasingly sophisticated, so too are the available countermeasures. Please read on to learn more about these.
Corporate boardrooms and secure government facilities are still vulnerable to RF bugs
Periodic sweeps vs. continuous monitoring
First let’s talk about the limitations of traditional TSCM measures.
The traditional method of “debugging” uses handheld detection devices that can be swept over an area at intervals e.g. once a week, once a month etc. To aid such handheld bug sweepers (which often have poor RF performance), all known RF transmitting devices, such as WiFi routers are usually switched off. This means unwanted transmissions can more easily be distinguished from those signals which are meant to be there. It is relatively easy for bugging devices to escape detection in this scenario; the device may not be switched on at the time, it may have been deactivated in anticipation of the sweep or it may only transmit in short infrequent bursts with the aim of defeating detection equipment.
This approach often gives users a false sense of security as it seems to do the job. However, we can see that the probability of detecting all transmission with this approach is immediately limited by the temporal constraints of the detection activity.
The better approach is a 24/7 In-Place Monitoring System (IPMS) which is now an affordable alternative.
Let’s compare a handheld detector with a continuous 24/7 RF monitoring system. For simplicity, we’ll assume that they are otherwise identical in performance. We’ll also assume that there’s the manpower and appetite to conduct handheld sweeps for 10 minutes a day every day compared with 1440 minutes a day for continuous monitoring. This means that the probability of detection of a sweep team strategy is 144 times lower than for a continuous monitoring strategy. In other words, you’re over 100 times less likely to detect a bug using a handheld detector, and that’s before we even consider performance limitations of the handheld device.
An IPMS continuously monitors spectrum in real time giving organisations true peace of mind – and with the added bonus of not requiring the disruption of staff manually sweeping a building and turning off equipment.
Typical ceiling installation of networked receivers for continuous real-time monitoring
Once we start looking at RF specifications, the advantages of an IPMS become clearer still. Sweep speed and noise figure are two key specifications where handheld detectors generally perform poorly. High sweep speed is essential for maximizing POI (Probability of Intercept) for short burst transmissions typical of signals trying to go undetected. A low noise figure makes it possible to detect low power bugging devices from further away. Handheld detectors have high noise figures, generally over 10 dB (or one order or magnitude) worse than our RFeye Guard sensor which we deploy as part of our IPMS. This is why sweep teams have to go over every inch of office space carefully and closely to have confidence that they will find even the less sophisticated devices.
The benefits of an IPMS such as RFeye Guard go further. Its accurately time-synchronized RF sensor network allows POA (Power On Arrival) geolocation to be used to geolocate and track transmissions of interest.
The software that comes with these systems is also much more advanced than the limited interface included on a handheld detector. In the case of RFeye Guard software, 3rd party CCTV and alarm systems can be integrated and triggered in real time on detection of anomalous signals. Anomalous data can also be recorded and saved for later analysis. And more capability doesn’t mean more complexity for the user. All of these features can be automated to ensure robust 24/7 security, with human intervention required only when a security guard receives an alert and geolocation for investigation. For users who want a more detailed and complex engineering view, including frequency spectra and waterfalls, this is available too.
Tracking a signal with POA in an office environment
Typical ceiling-mounted installation of an RFeye Guard sensor
So, what’s the catch?
Of course, you might assume that for all the added convenience, functionality and performance of an IPMS, you will have to pay a high price. However, a full cost of ownership analysis, factoring in the extra labor cost of manually conducting sweeps, lost working time if systems have to be shut down, and financial and other losses related to undetected surveillance activity, shows that a continuous monitoring system is a cost-effective choice.
An automated IPMS is essential for true peace of mind when it comes to in-building security, but don’t throw out your handheld detectors yet. These detectors can serve a complementary role alongside continuous monitoring. Once a bug has been detected and located, a handheld detector might then be used for the final step of pinpointing a device with centimeter precision. For example, if the IPMS puts the location in a particular area of a room, then a handheld detector can be used to find the exact position a device has been hidden in.
When we’ve met with TSCM professionals, we’ve found them to be well aware of the limitations of handheld detection, but often reluctant to consider an IPMS for continuous real-time RF monitoring. They usually expect it to be expensive and difficult to use. A live demonstration and comparison of the costs is a pleasant surprise, especially when they discover some of the additional capabilities they hadn’t been expecting.
For more details, check out our continuous TSCM monitoring system, RFeye Guard