Risk Factory: The State of Electronic Eavesdropping

1,735 views

Published on

An overview of the look at the current state of electronic eavesdropping.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,735
On SlideShare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
68
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • © 2005 Orthus Ltd
  • © 2005 Orthus Ltd
  • © 2005 Orthus Ltd
  • © 2005 Orthus Ltd
  • Risk Factory: The State of Electronic Eavesdropping

    1. 1. Just Between UsThe Current State of Electronic Eavesdropping Technology
    2. 2. Questions• How many "bugs" are planted per year?• What percentage is business related?• What are the most common types of attacks?• What percentage of electronic sweeps are productive?• What amount of losses are attributed to electronic attacks?
    3. 3. Answers• No accurate statistics• No most common methods• No typical attacks• No typical clients• Successful attacks go unreported• Majority of unsuccessful attacks go unreported
    4. 4. Sales Statistics• Over $900 million of illegal eavesdropping equipment is imported into the US each year.• Over $500 million worth of legal eavesdropping equipment is purchased each year.• Most targeted data: Confidential Information Trade Secrets Research and Development Divorce Domestic Issues Law Offices Labour Unions Labor Negotiations Financial Information Contract Bids Litigation Due Diligence Computer Codes Mergers and Takeovers Marketing Plans VIP Security Travel Plans Travel Routes and Targets
    5. 5. Safe Bet• Most used of industrial espionage techniques.• Low risk• High reward
    6. 6. Low Risk• Why? – Electronic eavesdropping is easily committed – Chances are low that victim will find the device – Chances low, if found, can be tied to eavesdropper – Prosecution of eavesdropping cases is rare = Reward far outweighs the risk
    7. 7. Ease of Concealment
    8. 8. Hard to Detect
    9. 9. Latest Version • Any thing • Any place
    10. 10. Tactics & Equipment• “Wiretapping” - is the interception of communication over a wire w/o participants consent and requires physical entry into the communication circuit• “Bugging” - interception of communication w/o participants consent by means of electronic devices and w/o penetration of a wire.
    11. 11. Wired Microphones• Carbon microphone: commonly used in a standard telephone handset.• Crystal microphone: generates a small electrical current when the crystal is vibrated by sound waves.• Contact (spike) microphone: installed on a common wall with the target area.• Dynamic microphone: movement of a small wire near a permanent magnet converts sound into electrical energy. Operates as a loudspeaker in reverse.
    12. 12. Wired Microphones• Pneumatic cavity device: has a specially designed small cavity which picks up surface vibrations. (Glass tumbler effect).• Condenser microphone: high fidelity use. Fragile and sensitive.• Electret microphone: used primarily in P.A. and audio recording (extremely small).
    13. 13. Wired Microphones• Omnidirectional microphone: used in conferences. Picks up sound from many directions around the room.• Cardioid microphone: picks up sound from directly in front of microphone.• Parabolic microphone: gathers audio energy and directs it to a conventional microphone in the center of a dish- type reflector.
    14. 14. Wireless Microphones• A radio frequency (RF) device consists of: – A microphone – A transmitter – A power supply – An antenna; and, – A receiver
    15. 15. Telephone Eavesdropping• Digital systems - originally thought to be secure. Digit stream can be recorded and converted to analog and speech.• Conference call ghost• Handset relay• VoIP server hacking• PABX hacking• Mobile phone interception.• Smart phone hacking
    16. 16. Light TransformationInfrared light wave transmissionsuse light waves invisible to thehuman eye. Sound waves areconverted to electronic impulses andthe pulses are used to modulateinfrared light waves. Think TVremote.
    17. 17. Light Transformation Laser transmission of sound does not require any equipment in the surveillance area. A laser beam focused on a window pane or a reflective object in the room. The vibrating glass modulates a reflected laser beam.
    18. 18. Light TransformationFiber optic lasertransmission uses a gradeglass fiber, filled with laserlight, routed through thesurveillance area. Soundwaves cause the fiber tovibrate slightly, altering thelaser light.
    19. 19. Flooding• RF• Microwave• ElectromagneticNeeds resonating cavity
    20. 20. Tools of Choice• Governments – Wiretapping (individual) – RF flooding (locations)• Private Sector – Devices (individuals & locations)
    21. 21. Targets of Choice
    22. 22. 26 Options…
    23. 23. Also Delivered Through .exe .exe .exe .exe
    24. 24. Should I Care?Depends…Information security = information securityVerbal data = data
    25. 25. Also Maybe the most sensitive information is the information we don’t document.
    26. 26. What Can I Do?• First rule: Common sense• Ensure portable device audio threat effectively communicated• Identify key individuals (high value targets)• Identify key target areas (board & conference rooms)• Include in physical security screening• Prohibiting phones in sensitive areas• Policies addressing discussion of sensitive information?• Include in security awareness messaging• Conduct technical Security Countermeasures (TSCM) sweep
    27. 27. Just Between UsThe Current State of Electronic Eavesdropping Technology

    ×