TSCM - 101
The acronym TSCM represents Technical Surveillance Counter Measures.
Many folks refer to this as "debugging". Simply put TSCM is the
science of employing various methodologies to detect and
counter technical surveillance activities. The term eavesdropping
dates back to a time when busybodies and snoopers would stoop
below a window eve and listen to conversations.
Over the years the technique has evolved along with technology.
A simple search on the internet will reveal numerous "spy shops"
which offer various types of devices designed to covertly intercept
telephone calls, room conversations, faxes, internet transmissions and
This is a Constant Carrier Transmitter operating in the UHF range.
This means that when switched on, room conversations are constantly
transmitted on average 150 feet away. Note: Range depends on
power, antenna design and the quality of the surveillance
receiver. ( $125.)
Transmitters can be hidden inside of devices that you would not
normally suspect. Calculators, pens, staplers etc. The operating time is
usually limited by the battery. ($65.)
To overcome this limitation some devices are concealed in a lamp
or outlet strip which provides a constant power source. The unit
pictured above is called a Carrier Current Transmitter. This device
is attached to the building electrical wiring and not only draws
power from this source, but also transmits the radio signal across
The electrical wiring. ($500.)
Telephone taps can be concealed in the telephone itself or anywhere
along the telephone line. The device pictured above is a "cube tap"
adapter allowing more than one phone to be plugged into a telephone
jack. Unfortunately it also conceals a wireless telephone tap. ($125.)
The video camera pictured above is slightly larger than a sugar
cube and is capable of transmitting pictures over 100 hundred
feet away. ($75.)
Detecting the Threat
A number of TSCM providers will tell you that you do not need any
special equipment to find surveillance devices. The problem with this
philosophy is that if you limit your search technique to a ladder and
flashlight, you may find a large percentage of amateur devices. However
many devices will never be discovered during a physical inspection.
As they become smaller, they are easily concealable in objects you
would never suspect.
The device pictured above is advertised on eBay. ($50). The device
detects radio signals and provides an indication of the rf signal
strength. If you live in Timbuktu, where the only radio
signals you might encounter, would be the surveillance transmitter,
this would be great. The problem is most of us live and work in areas
that are flooded with hundreds of radio signals.
This "bug detector" kit is popular with hundreds of private detectives
who offer bug sweeps. The kit includes a rf frequency counter and broad
band rf detector. These devices receives "ALL" radio signals at the same
time and display the strongest signal. The theory is that as you approach
a "bug" the signal will become the strongest radio signal. Unfortunately
covert transmitters usually operate at lower power levels to reduce battery.
drain and defeat this type of detection equipment. In an urban environment
commercial rf signals can easily conceal low power devices. ($500.)
There are a number of devices available which claim the ability to
detect wiretaps. The vast majority simply detect a change in voltage,
such as an extension phone being taken off hook or the presence of a
very crude telephone tap. From this perspective they offer a level of
protection. It should be noted that a number of telephone "attacks"
will not be detected by voltage sensing devices.
This device uses an optical principle to identify covert
cameras. A laser diode projects coherent light on a suspect surface.
The refraction reveals a covert lens. One caveat, may
manufacturers of "nanny cams" are aware of this technique and
now place a plexi-glass plane over the lens, which defeats this
BAM ! Kicking it up a notch.
Professional TSCM gear was manufactured in the 70s & 80s
by companies such as Dektor, Mason, ISA & Microlabs, to
counter the threats of that era. We used many of these devices
back then, to perform TSCM sweeps.
Some are on display in the museum at Langley.
The Broad Band Receiver pictured above is an example of TSCM gear
built for the professional. It offered both a visual indication of signal
strength and the ability to listen to the rf signal. However these detectors
are impacted by strong radio signals in the area. It should be noted that
many surveillance devices used today are digital. This means that
instead of plain analog audio, signals are converted to zeroes and ones.
The signal sounds similar to static and is easily overlooked. ( $3,500.)
This telephone analyzer is typical of several built in the 70's.
They were very effective in detecting a number of threats against
analog telephone systems. Unfortunately a number of
modern attacks will not be detected by analyzers from
this era. Digital telephone systems, such as those used by most
businesses today can not be demodulated with these older
telephone analyzers. ( $4,000.)
This is the Super Scout, a non-linear junction detector that
revolutionized TSCM sweeps back in the 70's. Although the
manufacturer discontinued the product years ago, this was
state of the art, in its day. The device radiates a radio signal
into objects, then measured the reflected signal to identify
electronic semiconductors. Over the years a number of TSCM
manufacturers have improved upon this classic technique.
The Time Domain Reflectometer was an essential piece of
sweep gear. The 1503 can best be described as cable radar. It
sent a rf pulse down a pair of metallic conductors (wire) then
provided a visual display of the reflection. As a result, splits and
taps were visible. As signal analysis was a bit complicated, many
sweep techs did not utilize this valuable tool. Depending on the
length of cable being examined, inherent "dead spots"
and resolution issues resulted in the switch to more sophisticated
Frequency Domain Reflectometers. ($7.000.)
The Spectrum Analyzer is an essential piece of TSCM gear.
Unlike the broad band receivers previously pictured, the spectrum
analyzer allows the technician to isolate individual rf signals
for close examination. This unit was a great piece of
equipment for finding older style bugs. As radio transmitter
frequencies rose above 1 Giga Hertz , the analyzer became
obsolete. ( $10,000.)
Today's New Threats
As the technology for covert surveillance evolves, so does the means
for detection. Not unlike a chess game, there are moves and
counter-moves. In an effort to avoid detection by the TSCM gear
pictured above, new surveillance devices emerged.
This is a cellular bug, which can be easily concealed in a
room or automobile. The device can lay dormant for weeks, until
being remotely activated. Room audio is then transmitted
over the cellular network to any telephone, anywhere in the world.
This attack offers two challenges. First, unlike previous bugs, the
device is not always transmitting. Sweeping an office with
a rf signal detector may not reveal this device. In addition, as the rf
signal is part of the cellular network, it can be easily overlooked,
even with a spectrum analyzer. ( $200.)
This digital recorder is not much larger than a quarter, yet it can
record hours of conversations in the home, office or automobile.
Tracking devices use GPS technology. Many units, smaller than a pack
of cigarettes, can be contacted via the cellular network and display "real
time" locations. Some units contain microphones which allow the user
to listen to conversations within the car. As the device does not transmit
constantly, detection requires a unique approach.
Today's TSCM Gear
The RF Hawk is a computerized spectrum analyzer that
captures, analyzes and locates rf sources. A revolutionary signal
processing feature allows the TSCM tech to look behind a
strong rf signal to identify signals hidden within another signal.
Threats such as burst transmitters, spread spectrum and
frequency hopping devices are easily identified. In addition
this analyzer, and a proprietary "add on", provides detection
capability of GPS Tracking Devices and Cellular Bugs.
The OSCOR was originally designed to automatically seek analog
devices. As higher operating frequencies and digital devices became a threat
the manufacturer upgraded and enhanced the OSCOR, to keep up with the
threat. Most recently they added a rf mapping feature which
revolutionized the sweep process. ($30,000.)
The original Scanlock has been around for years. The manufacturer
expanded and improved the capabilities with the M-2. It combines
the advantages of a Harmonic Receiver with the laptop, for a powerful
TSCM tool. It quickly sweeps a large portion of the spectrum to identify
unique transmitters, which operate on short rf burst. ($20,000.)
The ORION is one of the most popular Non- Linear Junction Detectors is
use today. Although the principal is based upon the Super Scout,
a number of extraordinary improvements have occurred over the years.
The NLJD is a staple in the TSCM arsenal.
One of the most recent and frankly revolutionary advances in the
TSCM field is the TALAN. This telephone and line analyzer
uses a onboard computer to automatically scan line pairs for audio
paths, electrical and rf anomalies. Features include a broad band rf
receiver, line tracer, audio amplifier and audio/rf scope.
The unit also incorporates a Frequency Domain Reflectometer.
Arguably its most impressive features is the ability to use NLJD over
wire pairs. Simply, it injects NLJD frequencies on a line to detect
electronic devices. In addition it converts digital telephone system
signals to analog audio for analysis. ($20.000)
The use of infrared imaging is used to identify heat signatures from
covert surveillance devices. Even devices hidden with objects are
revealed by the minute energy given off, in the form of IR energy. Even
remote control transmitters are "on" awaiting the signal to turn on the
Selecting a TSCM Provider
I will tread lightly here as there are literally hundreds of folks
who advertise TSCM sweeps.
Having been in the business for over 20 years, I have come to realize
it basically comes down to a consumer decision. That is to say, you
balance the sweep cost against the value of the
information you are protecting and what you can afford.
For simplicity I will break Sweep Providers into three categories:
The first, I will call the eBay and spy shop sweepers. These are the folks
who have no real training in the field and simply purchased low
cost gear off of the internet or a "spy shop". They represent 30% of
(Typical sweep cost $ 500.00)
The second category are investigative types that may have attended
a training seminar or two, and typically have picked up professional
gear designed back in the 70s, for analog threats. They represent
65% of the industry.
(Typical sweep cost $ 1,500.00)
The third category are technical types who have formal training
in communication electronics and attended numerous courses in the
TSCM field. They have easily invested over one hundred thousand
in modern counter measures gear. They represent less than 5% of the
(Sweeps start around $3,000.)
Some TSCM firms will claim that there is only one sweep protocol and
all sweeps must be conducted the same. I submit that their logic is flawed.
In an ideal world every sweep would be conducted as taught at the ITC.
(Little Red School House) But every customer is not faced with
the same threat, nor has the same budget. A sweep for a middle
class client, in the midst of a divorce, differs from a sweep on Capitol Hill.
(Think outside the box)
A word of caution, many vendors will claim technical expertise in the field and
represent their equipment as "the best available".
My best advise is to be very careful
in the selection process.
DISCLAIMER: This web site is offered to present a broad overview
of electronic surveillance threats and countermeasures equipment, and is
the authors opinion. It is not intended to be all inclusive.
In fact some surveillance devices, such as those used by law enforcement
and intelligence agencies, were deliberately omitted, since the criminal element
also has an interest in thwarting surveillance activity. We have also omitted
some of the TSCM equipment we utilize today, because advertising
your full capabilities could be exploited by those wishing to avoid detection.