• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Risk Factory: The State of Electronic Eavesdropping
 

Risk Factory: The State of Electronic Eavesdropping

on

  • 936 views

An overview of the look at the current state of electronic eavesdropping.

An overview of the look at the current state of electronic eavesdropping.

Statistics

Views

Total Views
936
Views on SlideShare
929
Embed Views
7

Actions

Likes
0
Downloads
14
Comments
0

1 Embed 7

http://www.linkedin.com 7

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • © 2005 Orthus Ltd
  • © 2005 Orthus Ltd
  • © 2005 Orthus Ltd
  • © 2005 Orthus Ltd

Risk Factory: The State of Electronic Eavesdropping Risk Factory: The State of Electronic Eavesdropping Presentation Transcript

  • Just Between UsThe Current State of Electronic Eavesdropping Technology
  • Questions• How many "bugs" are planted per year?• What percentage is business related?• What are the most common types of attacks?• What percentage of electronic sweeps are productive?• What amount of losses are attributed to electronic attacks?
  • Answers• No accurate statistics• No most common methods• No typical attacks• No typical clients• Successful attacks go unreported• Majority of unsuccessful attacks go unreported
  • Sales Statistics• Over $900 million of illegal eavesdropping equipment is imported into the US each year.• Over $500 million worth of legal eavesdropping equipment is purchased each year.• Most targeted data: Confidential Information Trade Secrets Research and Development Divorce Domestic Issues Law Offices Labour Unions Labor Negotiations Financial Information Contract Bids Litigation Due Diligence Computer Codes Mergers and Takeovers Marketing Plans VIP Security Travel Plans Travel Routes and Targets
  • Safe Bet• Most used of industrial espionage techniques.• Low risk• High reward
  • Low Risk• Why? – Electronic eavesdropping is easily committed – Chances are low that victim will find the device – Chances low, if found, can be tied to eavesdropper – Prosecution of eavesdropping cases is rare = Reward far outweighs the risk
  • Ease of Concealment
  • Hard to Detect
  • Latest Version • Any thing • Any place
  • Tactics & Equipment• “Wiretapping” - is the interception of communication over a wire w/o participants consent and requires physical entry into the communication circuit• “Bugging” - interception of communication w/o participants consent by means of electronic devices and w/o penetration of a wire.
  • Wired Microphones• Carbon microphone: commonly used in a standard telephone handset.• Crystal microphone: generates a small electrical current when the crystal is vibrated by sound waves.• Contact (spike) microphone: installed on a common wall with the target area.• Dynamic microphone: movement of a small wire near a permanent magnet converts sound into electrical energy. Operates as a loudspeaker in reverse.
  • Wired Microphones• Pneumatic cavity device: has a specially designed small cavity which picks up surface vibrations. (Glass tumbler effect).• Condenser microphone: high fidelity use. Fragile and sensitive.• Electret microphone: used primarily in P.A. and audio recording (extremely small).
  • Wired Microphones• Omnidirectional microphone: used in conferences. Picks up sound from many directions around the room.• Cardioid microphone: picks up sound from directly in front of microphone.• Parabolic microphone: gathers audio energy and directs it to a conventional microphone in the center of a dish- type reflector.
  • Wireless Microphones• A radio frequency (RF) device consists of: – A microphone – A transmitter – A power supply – An antenna; and, – A receiver
  • Telephone Eavesdropping• Digital systems - originally thought to be secure. Digit stream can be recorded and converted to analog and speech.• Conference call ghost• Handset relay• VoIP server hacking• PABX hacking• Mobile phone interception.• Smart phone hacking
  • Light TransformationInfrared light wave transmissionsuse light waves invisible to thehuman eye. Sound waves areconverted to electronic impulses andthe pulses are used to modulateinfrared light waves. Think TVremote.
  • Light Transformation Laser transmission of sound does not require any equipment in the surveillance area. A laser beam focused on a window pane or a reflective object in the room. The vibrating glass modulates a reflected laser beam.
  • Light TransformationFiber optic lasertransmission uses a gradeglass fiber, filled with laserlight, routed through thesurveillance area. Soundwaves cause the fiber tovibrate slightly, altering thelaser light.
  • Flooding• RF• Microwave• ElectromagneticNeeds resonating cavity
  • Tools of Choice• Governments – Wiretapping (individual) – RF flooding (locations)• Private Sector – Devices (individuals & locations)
  • Targets of Choice
  • 26 Options…
  • Also Delivered Through .exe .exe .exe .exe
  • Should I Care?Depends…Information security = information securityVerbal data = data
  • Also Maybe the most sensitive information is the information we don’t document.
  • What Can I Do?• First rule: Common sense• Ensure portable device audio threat effectively communicated• Identify key individuals (high value targets)• Identify key target areas (board & conference rooms)• Include in physical security screening• Prohibiting phones in sensitive areas• Policies addressing discussion of sensitive information?• Include in security awareness messaging• Conduct technical Security Countermeasures (TSCM) sweep
  • Just Between UsThe Current State of Electronic Eavesdropping Technology