Data Encryption – Data Security

DATA ENCRYPTION

DATA SECURITY

DATA

Desktop Workstation & Laptop Forensics

DIGITAL FORENSICS

Desktop / Workstation Forensics

text will come here

Laptop Forensics

Server Forensics

If any of your servers are hacked, then you will surely face serious data contingency issues, maybe even a total infection of your other accounts, password leaks, and a data breach are very likely. These kinds of issues require your instant attention.

server data breach

Even when your company server is hosted in a data center, you will still need to do a regular safety check and security audit.

Especially when you are running an FTP or Web Server to distribute copyrighted material, you might become a target of hackers or APT groups.  A botnet can be running on your servers to perform DDOS attacks on other devices. network flooding users, constant scanning, or hacking other computers can be done from your company server, making it a zombie node in a wider network of command & control centers. Controlled by hackers that is and not by yourself or your IT admins. Point being: don’t ignore the red flags and do hands-on checks.

 

 

Investigate DDoS – Denial Of Service Attacks

What is a DDoS – Denial of Service Attack?

How to mitigate a DDoS attack?

How to detect and prevent a DDoS attack?

DDoS attack

Bug Sweeping – Technical Surveillance Counter Measures – TSCM

[ Bug Sweeping ] [ Spy Bugs ] [ Red Flags ] [ TSCM ] [ Physical Inspection ] [ Office Inspection ] [ Radio Frequency Detection ] [ Audio Recordings ] [ Surveillance Target ] [ Counter Measures ] [ TSCM Equipment ] [ Inspection of Computers & WiFi ] [ Professional Bug Detection ]

Who is watching?

Who is listening?

Who is recording?

What is Bug Sweeping – Technical Surveillance Counter Measures – TSCM?

In today’s day and age, we can’t too careful with our information and who has access to it. Once the information has been exfiltrated or extracted via cyber espionage and other techniques, it can and will be used against your own interest.

The phrase “I have nothing to hide” or “I am not important” might be true in some cases, but it does not address the real problem of eavesdropping or corporate espionage and neither does it acquit or absolve you from your responsibility as a company, government or corporation to protect the data that you have collected and stored.

Hidden surveillance equipment is very easily available at a low cost for anybody. And it can be very small, easy to hide, hence difficult to find or track.



This causes a challenge to maintain the privacy, confidentiality and security of our premises, offices and other places. After all, you don’t want to be spied upon or monitored by adversaries, competitors or corporate spies. Just think about a hidden voice recording device present at your meeting. Including smartphones… The damage it can cause.

TSCM – Technical Surveillance Counter Measures

TSCM is basically the counter-surveillance speciality called Technical Surveillance Countermeasures or TSCM is referring to a set of countermeasures with as purpose the detection and/or defeat of technology, spy bugs, electronic devices which try to obtain intelligence (video, audio, data, etc.. ) of a target (person, location, meeting room).

Also known as eavesdropping by using advanced audio-, video recorders, GPS trackers, logging systems and electronic transmitting devices using different frequencies. To detect or counter these threats you will need to hire a debugging team that will do technical sweeps or bug sweeping.

Spy Bugs come in different sizes & shapes

You might also consider awareness training for your staff, so their relevant person is knowledgeable about electronic devices, such as spy-bug, GPS trackers, data loggers, motion-activated sensors and other methods which adversaries of spies will use to either follow you, record you, track you or listen into your private and confidential meetings. The types of devices are getting smarter:

  • SIMCARD enabled (GSM) in double plug socket transmitter will work for many years (global)
  • unregistered or copied simcard could be used in these type of spy devices
  • hardwired RF devices hidden in an existing and functioning electronic device (could be anything)
  • devices programmed to disable themselves upon scanning
  • devices with masked heat and RF signature
  • nano-technology enabled devices (very small)

Office Inspection

TSCM Physical Inspection of offices or meeting rooms

Seeing what could be hidden where, think like a spy, imagine where to hide the listening device. That is what you need to do in order to find the device. Make a list per room/office of where things could be hidden. This start with an on-site physical and visual assessment followed by a deeper inspection. Don’t avoid a hard search. Don’t think that you are smarter than the spy. The best way to detect bugs is to think like the spy who is placing the eavesdropping devices. Theory alone does not cut it. Hands-on experience is key.

These kinds of inspections will have to be done routinely. Especially before and after the meeting you might want to check the room.

Since bugs are physical devices, they will have been brought into the building or office at a given point in time. People who install bugs or planting listening devices will have thought about:

  • ROI – Cost vs reward – which type of technology or electronics
  • how to power the device? hardwired or mobile devices?
  • methods of retrieval?
  • can the device be jammed?
  • can the device be detected?
  • is the security aware of this kind of spy bugs?
  • frequency hopping device or simple technology?
  • level of risk to get cought during installation, activation or operations
  • which type of building is being bugged (steel, concrete or brick)
  • exact location of target room/area within building
  • timescale of the monitoring sequence – when to activate or use the device? what triggers it?
  • monitoring or receiving location (what type of transmission)
  • audio, video, motion sensors, still -images – what type of data collected?
  • how to gain access to room/area and building

Are you the target of Surveillance?

Are you being followed of spied upon? Are you a target? Spot the Red Flags

Typical signs of the presence of hidden surveillance or listening/bugging devices (spy bugs) are:

  • random interference in radio and television or other audio/video devices (radio frequency)
  • uncommon noises, beeps, cracks on fixed (PSTN) phone lines
  • mobile phones and smartphone batteries running out fast, even when not in use.
  • unexplained burglary or signs of burglary without theft. Did somebody put a device in your office?
  • traces of holes drilled in walls.
  • check if certain items that you received are not bugged with something.
  • indication that certain confidential information is leaking out and popping online or in conversations.
  • effective signs that you are losing information or data
  • presence of hidden (undiscovered) eavesdropping and monitoring devices

Risks of Spy Bugs

Risk of spy-bugs doing audio- or video-surveillance in your organization / company.

  • company loss of vital commercial information
  • reputational damage
  • bad public relations if exposed in the press
  • loss of profits
  • leak of intellectual property
  • lack of privacy creates a distinct feeling of insecurity
  • issues of data-leaks
  • unauthorized transmission of confidential info to unknown parties
  • lack of confidentiality, integrity & accessibility of info (CIA)

Inspection of Wi-Fi & Computers

Spying via WiFi devices and computers in your office

It is wise to include a WiFi sweep (hidden and visible WiFi access points) into the TSCM survey. Computers have microphones and are frequently bugged via the operating system or all sorts of apps that might be installed. Most Internet devices are connected online 24 hours per day, 365 days per year. Do you know what is connecting to your network or own device? In many cases even experienced IT admins are aware of this issue of cyber attacks but have not learned in-depth or have not been confronted with the audio-spy-bug technology from hardcore cyber-spies. This is the blind spot, this is the weakness.

It is not enough to just scan for known or current threats. Be aware also of future threats.

Radio Frequency Detection

Detection of Radio Frequency Devices

It cannot be stressed enough that physical security & building security (on-site, in your premises, your offices) is not enough to secure premises from interfering radio frequency devices. You will also need to look at the latest threat intelligence relevant for your organization and company on data breaches, data leaks, cyber attacks, ransomware attacks, whether your company data is being sold on the dark web, if your WiFi routers are bugged, hacked or tapped.

Make a list (enumeration) of all office devices which are connected to the internet and your local area network, maybe they are bugged with spyware or simply hiding in plain sight contain hardware spy bugs. There are many types of covert transmitters.

  • 1st we create an RF spectrum footprint of the area
  • 2nd we examine RF spikes (classification: safe / not safe / not authorized / not recognized)
  • 3d check for  hidden hard-wired microphones and covert video-cameras (phone handsets and sockets)
  • 4th physical and technical inspection of electrical devices
  • 5th check of telecommunications and Computer systems (routers, devices, cables, etc..)
  • 6th inspection & scanning of walls, floors, ceilings, ducts (hidden, redundant items or suspicious wiring)

This will require an integrated approach and this is where TSCM is maybe the start of a much bigger security policy to be put into place…  If you see red flags or symptoms, don’t ignore them.

Do Call our AR INTELL TCSM team and we will start the initial assessment. After our TSCM process is completed a report is made about your security routines, bugs discovered, possible weaknesses in your system and recommendations are formulated. In some cases, we recommend to re-train your security management team & staff.

Unauthorized Audio Recordings

Counter Measures to jam or avoid Audio Recordings

There are devices on the market that will alert you when new RF signals are activated or detected, or audio-jamming systems that make the recorded sound, appear inaudible. A microphone jammer could be a way to protect your privacy and keep private conversations private.

  • Audio Recording Jammers are a type of white noise generators that can keep your conversation from bugging devices. This device will create random sound waves that desensitize nearby audio surveillance devices. Top confidential P&C meetings should NOT be conducted without a professional audio jammer. These type of jamming devices will generate a signal which jams the microphones of recording devices. Recordings will be inaudible. Audio Recording Jammers will shield your conversation from recording apps on Mobile phones, Laptop Computers, digital recording pens, (hidden) recorders and any other device for sound recording or acquisition. An audible white noise on a specific audio frequency will disable the microphone’s recording capabilities (if in range). Audio jammers are not wireless RF frequency jammers. Most of this audio jamming technology will desensitize a near-by microphone or tape recorder. They can ben an effective counter measure against microphone based surveillance devices such as tape recorders, RF transmitters, microphones, microwave or laser reflection listening technology.
  • Ultrasonic Suppressors use ultrasonic emitters. When turned on the microphones of recording devices will not allow interlocutors to record confidential information. This device works silently and is installed under the table.
  • Audio Signal Generators will generate an audio frequency that interferes with the audio-recording device.

TSCM Bug Sweeping

TSCM Bug Sweep:

  • electronic and physical check
  • inspection of a room (+ content)
  • check building security, perimeter area
  • check vehicles in which targets are moving (GPS-trackers, audio-bugs, “forgotten” phones)
  • inspection of common areas, toilets, rest-rooms. lifts and refreshment areas, kitchen
  • FM & UHF devices radio signal
  • GSM, smartphone device usage (3G,4G)
  • differentate legit / authorised mobile phones / smartphones and 2G/3G/4G or GSM bugging devices
  • detection of burst transmission
  • presence of encrypted devices
  • cyber attacks on computer systems
  • presence of spyware, malware in desktop/laptop computers and other mobile devices
  • look at the electrical systems
  • check the telephone systems, communication-systems
  • video & audio-conferencing systems
  • information desk telephones, telephones on reception-desk could be listening devices
  • provide training and education to management team and/or key security personnel
  • check electrical systems, lights
  • check thermostats or aircon-remote controller
  • check how many power sockets, power-plugs, work stations, laptops, computers are in a room
  • check ducting (HVAC systems), fans, air-cons, remote controls,etc.
  • check electrical fittings and sockets
  • check topography, layout of the building & office
  • perimeter & access security
  • devices embedded within walls, behind wallpaper
  • devices embedded in the structural elements of a room
  • bugs embedded in soft furnishings, couches and other furniture
  • inspection of laptops, tablets & smartphones that executives & directors use (including home devices)
    • could be bugged
    • could be tracked
    • could be infected with spyware, malware, ransomware etc.
  • inspection of computer-case, laptop-case (ideal for putting bugs & trackers)
  • check pc motherboards, wiring & electronics of computer-internals (desktop-cases should be locked)

You should also be aware that a TSCM sweep can be a very intrusive service so it needs to be done correctly. One simply cannot trust just any sub-contractor to conduct this kind of service. After all meeting rooms and offices of all employees, executive directors, partners, personal assistants will be swept for bugs. Some preparation is required here.

Sometimes the nature of the environment will require the bug sweep to be done covertly, at night or during off-peak times of office usage. TSCM teams could enter the building at night when there are no or fewer office workers/employees in the building or office.

TSCM Methodology

TSCM Equipment

What type of TSCM Equipment is used? Which TSCM methodology? And for what purpose?

Depending on the assignment and scope of work, different types of sophisticated Radio Frequency enabled scanning/detection equipment and other systems will be used to detect suspicious transmissions. When inspecting a room, office or specific area, devices that scan RF in the NEAR field are required. We are not looking for phantom signals or RF reflections from far away emitting sources. Any signal detected is considered a suspect, until it is identified for what it is (strength of RF, frequency, source, benign or something else). RF Devices-list:

  • Spectrum analyzer
  • Oscilloscope
  • RF device sweepers for RF-range from 10 kHz to 24GHz
  • Handheld close-inspection devices
  • GPS signal scanners
  • Walkie talkies give some idea of certain UHF, VHF chatter nearby
  • Physical and technical inspection devcies and hands-on feeling and looking
  • Non-Linear Junction Detector (scans for passive devices)
  • Thermal imaging cameras
  • Infrared detection devices
  • GSM/UMTS/3G/4G detection and location system to identify the IMEI of the SIM card (IMSI scanner)
  • Detection of active SIM based surveillance devices
  • Endoscopes with cameras
  • Frequency Domain Reflectometer (FDR) to check the integrity of the cables (any splits or wire-taps?)
  • Counter Surveillance Probes
  • Radio Microphone Detector to detect clandestine radio microphones
  • UV-light to detect excessive fingerprints on windows and other smooth surfaces
  • Different equipment to check for tampering with legit installations

Drop devices (drop & retrieve method) or burst devices (gathers intelligence, does audio/video recording + does a scheduled transmission of these data) require a different method of detection (thermal imaging, XRAY-scan) since they are not always transmitting but do have a battery, electronics and an antenna. Burst transmissions are mostly done during off-peak times. Signals can be analogue, digital or burst-signals.

Professional Bug Detection

Cheap Solutions don’t really work…

Take note that a cheaper radio frequency detector (detect RF presence close, but also far and wide..) is not the same as a professional bug detector (detects RF bugs in a specific area).

There are many radio signals and RF-enabled devices surrounding us. Such as FM, AM radio, UHF, VHF walkie talkies, Bluetooth devices, Wi-Fi (routers running on 2.4 GHz, 5.8 GHz), (2G, 3G, 4G, 5G, IoT-frequency, GPS-signals in phones or cars, utility meters, telecom towers, laptops, smartphones, baby-monitors, IoT-devices, Tablets, Bluetooth headset/speakers, smart-watches, electric motors of vacuum cleaners, metal curtain-rods, automatic curtain systems, projectors installed in ceilings, conference systems on tables… Sometimes you will detect these signals and some of them are false positives (phantom signals).

The summary is that there are radio signals everywhere. Detecting a radio frequency is one thing, but in TSCM it is key to know where the emitting signal is coming from. Meaning, you need to locate the source; find the location. Radio signals tend to bounce off surfaces and reflect or simply come from different directions. So with basic RF detectors, it is not easy to know what is what and where the signal is coming from.

Contact us to do a hands-on, eyes-on, comprehensive search.

Digital Forensics Investigation

DIGITAL CRIME SCENE INVESTIGATION

Increasing numbers of more complex cybercrimes have made it more difficult for traditional investigative methods to be effective in solving a crime. Cyber Crime and crimes which use electronic means or digital platforms require new types of crime investigation methods. Digital Forensics is one of these methods.

Especially when we have limited time and resources. This is why when AR INTELL zooms in on cybercrime investigation we zoom in on digital forensics during our digital investigations to get it all done in time.

In our cyber investigations, we go far beyond the capabilities and constraints of the existing traditional forensic tools.

By using artificial intelligence systems, big data and digital forensics intelligence in our digital investigations we are able to better understand and address the huge problems in the very complex domains of cybercrime.