My Client Wants a TSCM Sweep. What Do I Do?

by Kevin D. Murray, CPP, CISM, CFE, CDPSE

You know almost everything about private investigations, but what about a request from your client to debug the company offices, vehicle, or residence? That can throw even the most seasoned PI professional for a loop.

Solution: Partner with a Technical Surveillance Counter Measures (TSCM) professional. They can help you ensure privacy and security. Remember, your list of contacts and connections is one of the things that makes you valuable and respected. Besides, being able to manage and assist with technical information security inspections is a very important, and interesting part of your job.

A Sweeping Problem
Business espionage is a growing concern, yet it’s mistakenly considered an IT department problem. The information IT protects was vulnerable to theft long before it was put into computers. What people talk about, and with whom, provides the most valuable information.

Electronic eavesdropping has become cheap and easy. Spy gadgets, such as digital bug transmitters, GPS trackers, micro-voice recorders, and covert video cameras, were once expensive and hard to come by. All are now available online for under $100. The better ones use Wi-Fi or cell phone networks as their communications conduits.

Step 1: The Surprise Request
“Get the place swept for bugs.” Your boss wants operational privacy and security. Management knows a technical information security inspection (TSCM bug sweep) is the accepted way to solve electronic eavesdropping and remote surveillance concerns. (Word travels fast in boardroom circles.) They trust you know how to get this done. No problem. You can.

Step 2: Conduct a Due Diligence Search
The Competent TSCM Consultant will help you interview and select a competent TSCM security consultant who will be your adjunct security partner. In short, this person or company will specialize in electronic eavesdropping detection, information security, and nothing else. No gadget sales. No tangential security services or vendor affiliations. Success depends on forming a partnership with a competent specialist. (To access the Competent TSCM Consultant, visit: www.counterespionage.com/competent-tscm-consultant/)

Step 3: Conducting the Inspection
A technical information security survey is usually conducted after normal business hours. This avoids business disruptions and is why most people are unfamiliar with the service. Inspecting after hours also gives the specialist a clear view of other present information security vulnerabilities.

Be aware that it is very rarely necessary to sweep an entire building. Create a priority list of the sensitive locations requiring a detailed inspection. For example, the radio-frequency inspection for covert transmissions and Wi-Fi security gaps may cover the entire building by default. Not every square foot requires a detailed physical inspection. Intelligently narrowing the specialist’s attention to the most sensitive areas provides focus and better results—keeping the project cost-effective.

Also determine the proper frequency for quarterly or biannual follow-up inspections; then, the consultant can prepare a written proposal for the entire protection strategy, with costs for subsequent inspections of the same areas being about 10-25 percent less. Expect the professional service fees to be approximately $2.80 per square foot for a small survey area for the initial inspection to $1.25 per square foot for an extensive area.

(story continues below)

(story continues)

The Inspection Process
In the movies, bugs and wiretaps are quickly located as clever actors seem to know where to reach under the table. The more technically oriented actors are equipped with bug-finding “uber gadgets” fresh from the lab. But your inspection—the real thing—will proceed a little differently. Information (visual, audio, and data) can be transferred from sensitive areas in various ways, so no test or gadget will detect every method.

Specialists may use the following methods during an inspection:

 • Radio-Frequency Spectrum Analysis—A search for surveillance devices that transmit information via radio waves. Cellular, GPS, Wi-Fi, and Bluetooth bugs fall into this category.
• Thermal Emissions Spectrum Analysis—This infrared detection technique reveals the heat emitted by active electronic circuits. Heat signatures can be seen even when devices are hidden behind walls, on top of ceiling tiles, and hidden in furniture or other common items in the area.
• Communications Systems Analysis—This is the umbrella category for a group of inspection tests to identify surveillance transmissions piggy-backed on items like: Wi-Fi, telephones, faxes, computer networks, etc.
• Mapped Physical Inspection—Areas are systematically segmented for physical inspection. Each area is combed with several objectives in mind: locate hidden surveillance devices, find evidence of prior installations, note future surveillance vulnerabilities and report on other security issues observed. Even with all the technology available to the TSCM specialist, this remains the most important part of the inspection process. Nothing beats an educated brain combined with sharp eyes.

Anyone can buy eye-catching equipment. Don’t be dazzled by that alone. The most important indicators of a professional inspection are the consultant’s technical security knowledge, experience, intelligence, and reputation. For example, a transparent thread in a drape or carpet may look normal. A good technical investigator, however, will suspect a fiber optic microphone and search further.

• Non-Linear Junction Detection—Areas physically examined are re-examined using a non-destructive radar technique. This is called non-linear junction detection, with the instrument normally referred to as NLJD. This reveals semiconductor electronic components, transistors, diodes, etc., which are the building blocks of electronic surveillance devices. Devices hidden in or built into furniture, ceiling tiles, and other objects can be identified with this technology even if they are not active during the inspection.
• Debriefing and Documentation—You should receive a verbal debriefing upon completion. A detailed written report should arrive within a week. Your written report should include a list of locations inspected, findings, information security observations, recommendations and resources to fix any problems, and an explanation of the inspection methodology and instrumentation used. Most inspection reports will also include illustrative photographs to document any issues discovered.

Your report is proof of your organization’s due diligence. It is also powerful in court to show you have fulfilled the requirements for business secret status, necessary for legal protection.

Last-Minute Sweep Needs
Sometimes, your client will require peace of mind quickly. A check of a hotel room, vehicle, or a last-minute meeting in the company boardroom, for example. A PI professional can handle the request by setting up a hybrid strategy in advance. Here is how it’s done: partner with a TSCM specialist. Have them handle the quarterly deep sweeps. During this time, they can provide you with summary quick-sweep training so you can conduct summary TSCM inspections on-demand. The specialist may also suggest some moderately priced basic tools and instrumentation for last-minute sweep use.

An additional valuable skill for PIs is Spy Camera Detection. It is the easiest TSCM skill PI professionals can obtain, and they can do it independently. This skill does not require extensive training, or costly equipment.

Pros:

• PIs can effectively discover low-level threats like quick-plant bugs, voice recorders and GPS trackers.
• They can conduct quick, last-minute inspections of areas like conference rooms, vehicles, and hotel rooms.
• The simple instrumentation and training required is low-cost.
• Direct access to professional help is available when questions arise, and professional advice, or an independent second opinion, is readily available when something is found.
• Free remedial training for in-house personnel during the outside TSCM specialist’s scheduled inspections.

Cons:
The TSCM hybrid solution works when:

• PIs are capable and enthusiastic about the additional work.
• The simple instrumentation needed is kept current and in good repair.
• Regularly scheduled inspections are handled by a professional TSCM firm.

Benefits:
Today’s TSCM technical information security inspections are more advanced than the old-style TSCM. To be valuable to your client you’ll need to form a partnership with a specialist. In addition to finding proof of intelligence collection activities, technical information security surveys fortify your PI services by:

• Confirming the effectiveness of current security measures and practices.
• Enhancing personal privacy & security.
• Preventing intelligence leaks that could endanger your client.
• Documenting compliance with many privacy law requirements.
• Discovering new information loopholes before they can be used by spies.
• Helping fulfill the legal requirement for “Business Secret” status in court.
• Ensuring Wi-Fi security and compliance with associated privacy laws.
• Reducing consequential losses associated with espionage, such as preventing an information leak that might spark a stockholder’s lawsuit or an activist from releasing wiretaps that could damage goodwill and sales.

Conclusion
“The client wants a TSCM sweep. What do I do?” Now you know—partner with a TSCM specialist to provide periodic professional sweeps and on-demand inspections conducted confidentially.

About the Author
Kevin D. Murray, CPP, CISM, CFE, CDPSE, is an independent security consultant providing eavesdropping detection and counterespionage services to businesses, government and at-risk individuals. His firm, Murray Associates, is headquartered in the New York metropolitan area and assists clients anywhere in the US and internationally.