Tscm Risk Management Presentation June 2012

TSCM Risk Management
TSCM Risk Management
_________________________________________________________________________

© 2012 info@tscm‐za.com www.tscm‐za.com

Welcome
Welcome
_________________________________________________________________________

Threat of Electronic Eavesdropping
“Focussing on GSM Bugs”

29 June 2012
Radisson Blu Hotel
Port Elizabeth – South Africa

Steve Whitehead
S hi h d
Managing Member
Eavesdropping Detection Solutions®
E d i D i S l i ®

Lets Meet!
Lets Meet!
_________________________________________________________________________

Please feel free to ask
Please feel free to ask
What is your name?
questions and to share
What is your role in
What is your role in y
your experiences!
p
your organisation?
How long have you
H l h
been in this role?


Objective
_________________________________________________________________________

• To
T provide a realistic view of the value and risks associated with
id li i i f h l d ik i d ih
corporate information protection and to determine who is at risk
• Technical vulnerabilities and latest attack methodology
• Indicators that eavesdropping could be taking place
• Countermeasures to protect information
from technical attacks
• To raise awareness of the real
consequences of intellectual property and
information vulnerabilities


Status of Technical Threats
Status of Technical Threats
_________________________________________________________________________

• In recent years the technical aspects of electronic
surveillance detection have become much more complex
• Growth in surveillance enabling technology and new
terminology – convergence, virtualisation, GSM, GPRS, GPS, IP,
Bluetooth, VoIP, Wi‐Fi, SD memory cards, wireless, android,
l h i i d i l d id
embedded web services and more
• Miniaturisation regarding al three phases of eavesdropping
• Convergence
• Technology ‐ empowering people
• Cyber‐espionage

Our Work Terrain – Then & Now
Our Work Terrain Then & Now
_________________________________________________________________________

• Offices and buildings were drab – lifts were manned by building
employees and receptionists formed the 2nd line of defence
•Walls
W ll were painted green or grey, d k chairs and fili cabinets
i t d desks, h i d filing bi t
were wooden, warn and scarred
• Office machines were few, heavy, manual in operation and
frequently old
• Offices are designed for
Offices are designed for
beauty and efficient
functioning
• It has atmosphere with
expensive equipment
p q p
• Blurring boundaries

Convergence
_________________________________________________________________________

Telephone systems have changed from the traditional PBX
and voice to IP based systems and controlled by the IT
Department
Voice,
Voice data and video use shared resources and interact
with each other synergistically
Unified communications deployment!
IP telephony transcends the traditional job boundaries of
data communications and telecommunications


Technology
________________________________________________________________________


“Power To The People”
________________________________________________________________________

Apple sold 15 million iPad’s during
iPad s
2010. The craze for tablet computers
cannot be ignored by organisations and
they will find their way into the office
whether supported by IT or not.
Banning personal de ices is also not an
devices
The question is what do you option!
do from an IT security
perspective to control what
access these devices have to
your corporate networks? Yet another channel via
which corporate data can
be stolen or misused!
b t l i d!

Technology Digital Copiers
Technology – Digital Copiers
________________________________________________________________________


VoIP Eavesdropping Alert
VoIP Eavesdropping Alert
________________________________________________________________________


“Wiretapping” Fibre Optics
etapp g b e Opt cs
________________________________________________________________________

The fibre cable to be tapped is placed into a
micro‐bend clamping d i ( ) The li h
i b d l i device (1). h light
pulses leaking from the cable are detected by
the optical photo detector (2) and sent to an
p p
optical‐electrical converter (3). The converter
changes the light pulses to electrical
information that is placed on an Ethernet
cable attached to an attacker's laptop. The
laptop, running sniffer software, provides the
attacker with a view i
k ih i into the d
h data travelling
lli
through the tapped fibre cable

Optical taps have been found on police networks in the Netherlands and
Germany. The FBI investigated one discovered on Verizon's network in the
U.S.
U S Networks used by U K and French pharmaceutical companies have also
U.K.
been attacked, probably for industrial espionage

“Wi‐Fi Warping Wallpaper
a p g a pape
________________________________________________________________________


Attack Methods
Attack Methods
_________________________________________________________________________

1. Hard wired attacks

2. Telephone attacks

3. Radio Frequency (RF) transmitter attacks

4. Esoteric attacks


GSM
________________________________________________________________________

GSM (Global System for Mobile Communications) is a communication
standard to describe technologies for second generation (2G) digital
cellular telephones

The GSM standard has improved with the development of third
p p
generation (3G) standard and GSM networks will evolve further with
the incorporation of the fourth generation (4G) standard


How Does GSM Work
How Does GSM Work
________________________________________________________________________

The
Th GSM network consists of cells. E h cell i a cell site that
k i f ll Each ll is ll i h
consists of an elevated tower that contains transceivers
(transmitters and receivers) signal processors a timing receiver
receivers), processors,
and electrical power sources. The GSM network refers to these
towers as base stations or Base Transceiver Stations (BTS)


How Does GSM Work (2)
________________________________________________________________________

The Subscriber Identity Module
Th S b ib Id i M d l (SIM) i a smart card which
is d hi h
securely stores the key identifying information of a mobile phone
service subscriber as well as subscription information
subscriber, information,
preferences and text messages. The SIM card is used to
authenticate you to your GSM carrier!

The SIM stores network state information such as its current
location area identity (LAI). If the handset is turned off and back
on again it will take data off the SIM and search for the LAI it was
in before it was turned off!

________________________________________________________________________

A GSM phone must
p
connect to a base station
via a signal. When a
phone is turned on, the
phone searches for a
signal to connect with!
Behind the scenes, a cell
phone i i
h is in constant
t t
contact with the available
base station making
handshakes every few
minutes and sending
data!

Evolution of GSM Instruments
Evolution of GSM Instruments
________________________________________________________________________


GSM Exploitation
GSM Exploitation
_________________________________________________________________________

The BBC reported on 2 March 2004 that
“Nokia mobile phones that doubles as
listening devices can be bought on the
Internet”

In spy mode the phone
• will not ring
• will not vibrate
• will not show anything on the screen
• phone will auto answer calls
• microphone sensitivity is increased


GSM Exploitation
GSM Exploitation
_________________________________________________________________________

C|net reported on 1 December 2006 that the FBI has
remotely activated a criminal’s cell phone microphone to
listen to the surrounding conversations The eavesdropping
conversations.
technique functioned whether the phone was on or off!


GSM Based Bugs
GSM Based Bugs
_________________________________________________________________________


3G Engine Based Video Devices
3G Engine Based Video Devices
_________________________________________________________________________

• Concealed in everyday items

• Higher bandwidth enables
video product
• Much improved sound quality
and better compression


Detecting GSM Based Bugs
Detecting GSM Based Bugs
_________________________________________________________________________


Technology Cell Spying
Technology – Cell Spying
________________________________________________________________________


Millionaire Investigated!
Millionaire Investigated!
________________________________________________________________________

The Sunday Times reported on 27 November 2011 that that a
Pretoria businessman is at the centre of a criminal
investigation over the alleged illegal interception of his
g g g p
estranged wife's private e‐mails, SMS’es and BlackBerry
messages, or BBMs


Detecting Spyware
Detecting Spyware
_________________________________________________________________________


Phone Hacking
Phone “Hacking”
_________________________________________________________________________


Not in the Boardroom
Not in the Boardroom
_________________________________________________________________________


GSM Safe
GSM Safe
_________________________________________________________________________


“Spycam” Information
Spycam Information
_________________________________________________________________________

Type the word “SpyCam” in Google search and you will get 2 020 000
hits. Not bad for a word that is not even in dictionary.com
Whole websites are devoted to selling them such as spycam.com, my‐
spycam.com and spycamwarehouse.com
“Spycams” are selling big time!
Many eb
Man web sites offer ho to instr ctions
how instructions
Some “spycam” videos get posted on the Internet
Occasionally someone gets caught


Hidden Spycams
Hidden Spycams
_________________________________________________________________________


Hidden Video Camera Found
Hidden Video Camera Found
________________________________________________________________________


Africa Examples
Africa Examples
_________________________________________________________________________

Sudan’s opposition leader Hassan al‐Turabi bugged
February 2012

Bugging devices were found in the hotel rooms of
Dr. Willibrod Slaa and another opposition
member of Parliament at the Hotel 56 in the
capital city of Dodoma Dar Es Salaam ‐ February
Dodoma,
2009

Ugandan government tapping
private telephone conversations
in Hotels illegally March
i H t l ill ll – M h 2009

Local Examples
Local Examples
_________________________________________________________________________


Ministers Offices Checked
Ministers Offices Checked
_________________________________________________________________________

News 24 reported on 10 May 2012
that the Minister of State Security,
Dr Siyabonga Cwele has
announced in Parliament that
“Cabinet members have asked to
Cabinet
have their offices swept for fear
that they are being tapped”
tapped


Local Examples
Local Examples
_________________________________________________________________________

The Business Day reported on 8
September 2011 that the University’s
Administrator, P f
Ad i i t t Professor Th b
Themba
Mosia, has confirmed that bugging
devices were discovered in the
offices of senior management at the
University and that a senior staff
y
member has been suspended.


Update
_________________________________________________________________________


Who is Breaking the Law?
Who is Breaking the Law?
_________________________________________________________________________

The Witness (KZN newspaper)
reported on 18 March 2011 that a
Pietermaritzburg advocate i under
Pi t it b d t is d
investigation by the South African
Police in connection with a bugging
device that was discovered in the
ceiling of the Bar Administrator’s
g
office. The same advocate is already
under investigation in connection with
the alleged theft of a hard drive from
the CCTV surveillance system at the
Pietermaritzburg advocates’ chambers
Pi t it b d t ’ h b

It Does Not Matter Who You Are?
It Does Not Matter Who You Are?
_________________________________________________________________________

The Sunday Times reported on 22 A
Th S d Ti d August
2010 that former President Nelson
Mandela s
Mandela’s Houghton house was bugged
prior to the ANC’s 2007 national conference
in Polokwane The SAPS VIP Protection Unit
Polokwane.
found the listening device during one of
their regular sweeping exercises


Fairweather Trust vs Investec
Fairweather Trust vs Investec
_________________________________________________________________________

The Sunday Times reported on 01 A
Th S d Ti t d August 2010 th t th Ch it f il
t that the Chait family
of Cape Town is suing Investec for R 170 million. Former Telkom
technician Seun Briel alleged in a Cape Town court that he illegally
tapped telephones at the offices and residences of the Chait family
at the request of Investec
q

Investec spokeswoman Ursula Nobrega
k l b
told the Sunday Times that "is not our
policy to spy on clients (or) violate the
constitutional rights of individuals"


“Bugging” Scandal Rocks SAFA
Bugging Scandal Rocks SAFA
_________________________________________________________________________

City Press reported on 25 J l 2010 that D
Ci P d July h Danny J d
Jordaan, whoh
is the FIFA Local Organising Committee’s CEO; former SA
Football Association (S f ) president M l fi Oli h
F b ll A i i (Safa) id Molefi Oliphant, vice‐
i
president Mandla Mazibuko and CEO Leslie Sedibe
discovered this month that vehicle monitoring d i
di d hi h h hi l i i devices h d had
been secretly fitted to their cars


Internal Problems!
Internal Problems!
_________________________________________________________________________


Recent Discoveries
_________________________________________________________________________


Eavesdropping Question
Eavesdropping Question
_________________________________________________________________________

Assuming you
Assuming you
would not get
caught, what is
caught, what is
the least
payment
you would want
to plant an
eavesdropping
d i
device at work,
just once?
just once?

Source : Kevin Murray
March 2009


What is TSCM?
What is TSCM?
_________________________________________________________________________

TSCM is a counterintelligence activity and refers to a set of
measures employed to identify and to investigate hostile
p y fy g
technical devices planted by an adversary for collection
p p
purposes

TSCM is largely directed at the protection of information
g y
but will often reveal physical and other security problems,
lack of education and can help to assess the vulnerability of
sensitive facilities

What is Our Task?
What is Our Task?
_________________________________________________________________________

To detect and to neutralise hostile penetration technologies that
are used to obtain unauthorised access to information. This
includes the detection of equipment or building components
that have been modified for direct or indirect transmission of
information
Basically we are still looking for a recorder, microphone, a video
camera or a transmission that should not be there!

Acquisition &
Acquisition & Transmission of
Transmission of Processing &
Processing &
Conversion Information Storage
of Information of Information


TSCM Angle
TSCM Angle
_________________________________________________________________________

• Eavesdropping detection (Debugging)

• VIP protection programmes

• Provision of secure environments

• Consulting regarding information protection

• Communications system integrity testing


Countermeasures
_________________________________________________________________________

• Policies and Procedures
– Ensuring Technical Countermeasures Becomes Due Diligence

• Outsourcing and Contracting
– Choosing a Sweep Team
– Verifying Credentials
if i d i l
• In‐house Capability
– Equipment
– Training
– Certification

• Education
– Executive Briefings
Executive Briefings
– Staff Awareness

Guidelines
Choosing a Service Provider
________________________________________________________________________

One of the most difficult
things is to choose the correct
g
service provider

Prospective clients are faced
with a myriad of information
as each service provider
h d
emphasise their experience,
background,
backgro nd opinions and
marketing messages


Things to Consider When
________________________________________________________________________

1 Is the company recognised by the industry or others?
1.
2. Who will conduct the survey(s)
3. Make enquiries about experience and training/refresher
training
4. Make enquiries about equipment
5. On what level will the services be performed
6. Certificate of Quality
7. Report, analysis and recommendations
l d d
8. Do they perform other business services as well such as
electronic surveillance?
9. Are they prepared to have their findings verified?
10. Will they testify in Court on your behalf?
11. Membership of professional institutions

Equipment
_________________________________________________________________________


OSCOR Green
_________________________________________________________________________


TALAN DPA 7000
DPA-7000
_________________________________________________________________________


Reporting
_________________________________________________________________________

The survey consists of a radio frequency spectrum
evaluation on various levels, power line sweeps, physical
search, non‐linear
search non linear junction detection and various telephone
and line tests to detect illicit voice and data taps
All signals and measurements are noted, recorded and
stored for future comparisons
A complete report is submitted detailing the results of the
survey with recommendations where applicable


Reporting
_________________________________________________________________________


Final Thoughts
_________________________________________________________________________

Espionage is one of the oldest professions because as long
a there was one person who had an advantage over
another, one army, or one agricultural or trading
advantage, someone was skulking about trying to get their
hands on that information or technology

“the most valuable thing in the world is not gold or
diamonds, it is information.”


Final Thoughts (2)
Final Thoughts (2)
_________________________________________________________________________

• Serious espionage will include technical surveillance
• The possibility must be resolved before accusing people
• Bugging is the easiest spy technique to discover
• Smart clients don't wait until they "think they are being
bugged"
• Intelligence collection is a leisurely process. Conversations
and information are collected – in many ways – long before
they are used against you. Until this collected intelligence is
used, no harm is done. No losses suffered. Pro‐active sweeps
detect snooping early – thus, drastically reducing the
potential for loss Source : Kevin Murray – Spybusters.com

Your Approach?
Your Approach?
_________________________________________________________________________

Is your approach to information security holding you back?
I h i f i i h ldi b k?

Organisations need a clear
definition of information security
that is consistent throughout the
th t i i t t th h t th
organisation

A weak security culture, training, and attitude can easily open up an
organisation s
organisation's security to attack Executives play a key role in influencing
attack.
employees to pay more attention to awareness training and security. If
employees do not see executives making statements and demonstrating the
importance of security, they are not likely to treat it as a priority either

Phone Hacking Kills Multi
g
Billion Dollar Business
_________________________________________________________________________

News Corp.’s News International unit recently announced that
it will shut down its News of the World tabloid. Why is this
y
important to you...
You are responsible for your employee's
employee s
actions. Ethics, like security is a top‐down
corporate culture. A strong corporate
counterespionage programme sends two
messages: spying is not tolerated (in either
direction), and employees are obligated to
pro‐actively protect corporate intellectual
assets! (Source : Kevin Murray – Scrapbook)

About Us
About Us
_________________________________________________________________________


A Complete Package
_________________________________________________________________________

Awareness
Briefings
Policies
P li i
Procedures
Standards
VIP Protection
Support
Communications
Security
S it
Provision of Secure
Environments


Membership
_________________________________________________________________________


Join Us
_________________________________________________________________________


Questions?
_________________________________________________________________________


Tscm Risk Management Presentation June 2012

More Related Content

What's hot

Viewers also liked

Similar to Tscm Risk Management Presentation June 2012

Tscm Risk Management Presentation June 2012