TSCM - 101

The acronym TSCM represents Technical Surveillance Counter Measures.

Many folks refer to this as "debugging".  Simply put TSCM is the

science of employing various methodologies to detect and

counter technical surveillance activities. The term eavesdropping

dates back to a time when busybodies and snoopers would stoop

 below a window eve and listen to conversations.

Over the years the technique has evolved along with technology. 

A simple search on the internet will reveal numerous "spy shops"

which offer various types of devices designed to covertly intercept

telephone calls, room conversations, faxes, internet transmissions and

 video images.

The Threat

This is a Constant Carrier Transmitter operating in the UHF range.

This means that when switched on, room conversations are constantly

 transmitted on average 150 feet away.  Note:  Range depends on

power,  antenna design and  the quality of the surveillance

 receiver. ( $125.)

Transmitters can be hidden inside of devices that you would not

normally suspect. Calculators, pens, staplers etc.  The operating time is

usually limited by the battery. ($65.)

To overcome this limitation some devices are concealed in a lamp

 or outlet strip which provides a constant power source.  The unit

pictured above is called a Carrier Current Transmitter.    This device

 is attached to the building electrical wiring and not only draws

 power from this source, but also transmits the radio signal across

The electrical wiring. ($500.)

Telephone taps can be concealed in the telephone itself or anywhere

along the telephone line. The device pictured above is a "cube tap"

adapter  allowing more than one phone to be plugged into a telephone

jack.  Unfortunately it also conceals a wireless telephone tap. ($125.)

The video camera pictured above is slightly larger than a sugar

 cube and is capable of transmitting pictures over 100 hundred

feet away. ($75.)

Detecting the Threat

A number of TSCM providers will tell you that you do not need any

special equipment to find surveillance devices.  The problem with this

philosophy  is that if you limit your search  technique  to a ladder and

 flashlight,  you may find a large percentage of amateur devices.  However

 many devices will never be discovered during a physical inspection. 

As they become smaller, they are easily concealable in objects you

 would never suspect.

The device pictured above is advertised on eBay. ($50).  The device

 detects  radio signals and provides an indication of the rf signal

strength.   If you live in Timbuktu, where the only radio

signals you might encounter,  would be the surveillance transmitter,

 this would be great.  The problem is most of us live and work in areas

 that are flooded with hundreds of radio signals.

This "bug detector" kit is popular with hundreds of private detectives

 who offer bug sweeps. The kit includes a rf frequency counter and broad

band rf detector.  These devices  receives "ALL" radio signals at the same

 time and display the strongest signal.  The theory is that as you approach

 a "bug"  the signal will become the strongest radio signal.  Unfortunately

covert transmitters usually operate at lower power levels to reduce battery.

 drain and defeat this type of detection equipment.  In an urban environment

commercial rf signals can easily conceal low power devices.   ($500.)

There are a number of devices available which claim the ability to

detect wiretaps. The vast majority simply detect a change in voltage,

such as an extension phone being taken off hook or the presence of a

 very crude telephone tap.  From this perspective they  offer a level of

protection.  It should be noted that a number of telephone "attacks"

will not be detected by voltage sensing devices.

This device uses an optical principle to identify covert

cameras. A laser diode projects coherent light on a suspect surface.

The refraction reveals a covert lens.   One caveat,  may

manufacturers  of  "nanny cams" are aware of this technique and

now place a  plexi-glass plane over the lens, which defeats this

detection technique.

BAM !   Kicking it up a notch.

Professional TSCM gear was manufactured in the 70s & 80s

by companies such as Dektor, Mason, ISA & Microlabs, to

counter the threats of that era.  We used many of these devices

back then, to perform TSCM sweeps.

Some are on display in the museum at Langley.

The Broad Band Receiver pictured above is an example of  TSCM  gear

built for the professional. It offered both a visual indication of signal

 strength and the ability to listen to the rf signal. However these detectors

are impacted by strong radio signals in the area.  It should be noted that

 many surveillance devices used today are digital.  This means that

instead of plain analog audio, signals  are converted to zeroes and ones. 

The signal sounds similar to static and is easily overlooked.  ( $3,500.)

This telephone analyzer is typical of several built in the 70's. 

They were very effective in detecting a number of threats against

 analog telephone systems.   Unfortunately a number of

 modern attacks will not be detected by analyzers from

this era.  Digital telephone systems, such as those used by most

businesses today can not be demodulated with these older

telephone analyzers. ( $4,000.)

This is the Super Scout, a non-linear junction detector that

revolutionized TSCM sweeps back in the 70's.  Although the

manufacturer discontinued the product years ago, this was

state of the art, in its day.   The device radiates a radio signal

into objects, then measured the reflected signal to identify

electronic semiconductors.  Over the years a number of TSCM

 manufacturers have improved upon this classic technique.

 ($25,000.)

The Time Domain Reflectometer was an essential piece of

sweep gear.  The 1503 can best be described as cable radar.  It

 sent a rf pulse  down a pair of metallic conductors (wire) then 

provided a visual display  of the reflection. As a result, splits and

taps were visible.  As signal analysis was a bit complicated, many

sweep techs did not utilize this valuable tool. Depending on the

length of cable being examined, inherent  "dead spots"

and resolution issues resulted in  the switch to more sophisticated

Frequency Domain Reflectometers. ($7.000.)

The Spectrum Analyzer is an essential piece of TSCM gear.  

Unlike the broad band receivers previously pictured, the spectrum

 analyzer allows the technician to isolate individual rf signals

for close examination.   This unit was a great piece of

equipment for finding older style bugs.  As radio transmitter

frequencies  rose above 1 Giga Hertz , the analyzer became

 obsolete. ( $10,000.)

Today's New Threats

As the technology for covert surveillance evolves, so does the means

 for detection. Not unlike a chess game, there are moves and

counter-moves.  In an effort to avoid detection by the TSCM gear

pictured above,  new surveillance devices emerged.

This is a cellular bug, which can be easily concealed in a

room or automobile. The device can lay dormant for weeks, until

being remotely activated. Room audio is then transmitted

over the cellular  network to any telephone, anywhere in the world.

  This attack offers two challenges.  First, unlike previous bugs, the

 device is not always transmitting.   Sweeping an office with

a rf signal detector may not reveal this device.  In addition, as the rf

signal is part of the cellular network, it can be easily overlooked,

even with a spectrum analyzer.  ( $200.)

This digital recorder is not much larger than a quarter, yet it can

record hours of conversations in the home, office or automobile. 

( $200.)

Tracking devices use GPS technology.  Many units, smaller than a pack

of cigarettes, can be contacted via the cellular network and display "real

 time" locations.  Some units contain microphones which allow the user

 to listen to conversations within the car.   As the device does not transmit

 constantly, detection requires a unique approach.

Today's TSCM Gear

The RF Hawk is a computerized spectrum analyzer that

captures,  analyzes and locates rf sources. A revolutionary signal

processing feature allows the TSCM tech  to look behind a

strong rf signal to identify signals  hidden within another signal. 

Threats such as burst transmitters, spread  spectrum and

frequency hopping devices are easily identified.  In addition

 this analyzer, and a proprietary "add on", provides detection

capability of GPS Tracking Devices and Cellular Bugs.

($40.000)

The OSCOR was originally designed to automatically seek analog

devices. As higher operating frequencies and digital devices became a threat

 the manufacturer upgraded and enhanced the OSCOR, to keep up with the

 threat.  Most recently they added a rf mapping feature which

revolutionized the sweep process.   ($30,000.)

The original Scanlock has been around for years.  The manufacturer

expanded and improved the capabilities with the M-2.  It combines

the advantages of a Harmonic Receiver with the laptop, for a powerful

TSCM tool.   It quickly sweeps a large portion of  the spectrum to identify

 unique transmitters, which operate on short rf burst.  ($20,000.)

The ORION is one of the most popular Non- Linear Junction Detectors is

 use today. Although the principal is based upon the Super Scout,

a number of extraordinary improvements have occurred over the years.

 The NLJD is a staple in the TSCM arsenal.

($18,000)

One of the most recent and frankly revolutionary advances in the

TSCM field is the TALAN. This telephone and line analyzer

uses a onboard computer to  automatically scan line pairs for audio

paths, electrical and rf anomalies.  Features include a broad band rf

 receiver, line tracer, audio amplifier and audio/rf scope. 

The unit also incorporates a Frequency Domain Reflectometer.  

Arguably its most impressive features is the ability to use NLJD over

wire pairs. Simply, it injects NLJD frequencies on a line to detect

electronic devices.  In addition it converts digital telephone system

signals  to analog audio for analysis.  ($20.000)

The use of infrared imaging is used to identify heat signatures from

covert  surveillance devices. Even devices hidden with objects are

 revealed by the minute energy given off, in the form of IR energy. Even

remote control transmitters are "on"   awaiting the signal to turn on the

 transmitter. ($20,000)

Selecting a TSCM Provider

I will tread lightly here as there are literally hundreds of folks

 who advertise TSCM sweeps.

Having been in the business for over 20 years,  I have come to realize

 it basically comes down  to a consumer decision.  That is to say, you

balance the sweep cost against the value of the

information you are protecting and what you can afford.

For simplicity I will break Sweep Providers into three categories:

The first, I will call the eBay and spy shop sweepers.  These are the folks

 who have no real training in the field and simply purchased low

cost gear off  of the internet or a  "spy shop".  They represent 30% of

the industry.

(Typical sweep cost $ 500.00)

The second category are investigative types that may have attended

a  training seminar or two, and typically have picked up professional

gear designed back in the 70s, for analog threats.  They represent

65% of the industry.

(Typical sweep cost $ 1,500.00)

The third category are technical types who have formal training

in communication electronics and attended numerous courses in the

 TSCM field.   They have easily invested over one hundred thousand

in modern counter measures gear.  They represent less than 5% of the

industry.

(Sweeps start around $3,000.)

Some TSCM firms will claim that there is only one sweep protocol and

all sweeps must be conducted the same.  I submit that their logic is flawed. 

In an ideal world every sweep would be conducted as taught at the ITC.

 (Little Red School House)  But every customer is not faced with

the same threat, nor has the same budget.  A sweep for a middle

class client, in the midst of a divorce, differs from a sweep on Capitol Hill.  

(Think outside the box)

A word of caution,  many vendors will claim technical expertise in the field and

represent their equipment as "the best available". 

My best advise is to be very careful

in the selection process. 

Caveat Emptor

Email

tscmsweep@comcast.net

DISCLAIMER:  This web site is offered to present a broad overview

of electronic surveillance threats and countermeasures equipment, and is

the authors opinion. It is not intended to be all inclusive.

In fact some surveillance devices, such as those used by law enforcement

and intelligence agencies, were deliberately omitted, since the criminal element

also has an interest in thwarting surveillance  activity. We have also omitted

some of the TSCM equipment we utilize today, because advertising

your full capabilities could be exploited by those wishing to avoid detection.