Counterespionage Solutions
Ensuring the Integrity of your Confidential Information
We're recruiting! Wanted TSCM Specialists - click here for details and to apply
+44 (0) 1483 740423 Contact Us
The News of the World phone hacking scandal demonstrates that the newspaper business, like many other businesses, will go to extraordinary and sometimes illegal lengths, in order to gain an advantage over its rivals or competitors.
Mobile phone voice mail hacking occurs whena hacker dials into retrieve voice mail messages from phones which still have factory set PIN numbers.
A survey in the US showed that less than half of all customers in the survey used keypad locks or passwords to secure their mobile phones.
Have you changed yours? You should ensure that any factory set, default passwords and PINS are changed immediately.
Mobile phones themselves could be used as bugging devices. They can be programmed not to vibrate, ring or show any outward signs that they are being called. They then auto-answer and the caller can listen in to conversation within the room.
This type of attack can either be done on a target phone which the buggist would then leave somewhere in the vicinity of the conversation they are targeting. Or it could be done illicitly by sending someone an email or text with an attachment which, once opened, would download the necessary software onto the target phone. The phone can then be controlled by the hacker who can then remotely switch it on and be listened to from any other mobile phone anywhere in world.
In addition, a report by Computerworld claims that some new Smartphone apps are using your phones microphone and camera to gather creepy data about you! A new class of app has emerged that uses the microphone built into your phone as a covert listening device. The apps try to alleviate privacy concerns by saying they only record sound patterns, not actual sounds or conversations. But in the end, the technology is there, and it’s being used to some extent.
As a precaution you should take care when downloading apps as you could easily download malware and only download from your service providers website. An be cautious of using Wi-Fi connections. Unsecured networks could mean that someone else using that network could see what you’re doing on your phone.
Even when a GSM function is disabled on a Smartphone, the in-built camera can still be used as an eavesdropping device. Smartphones can be used to record videos/photos, stealing product information prototypes etc.
As it is impossible buy a mobile phone device without a camera this is a concern which should not be ignored.
GSB bugs operate in exactly the same way as a mobile phone and a buggist can in effect dial in and listen to a conversation from anywhere in the world.
A GSM bug can be a small black box that can be discreetly hidden in a room or it can be a purpose built device such as a mains adaptor, a power strip adaptor, a PC mouse or a phone charger for example. These are everyday objects that one would expect to find in an office, for example, but which could harbour a dangerous secret!
GSM bugs are readily available to buy online and from some high street shops. Prices start from under £10.
Two terms which are often interchanged but in fact refer to two separate types of attack are Bug and Tap. The differences are:-
This is a device placed on the telephone system and is designed to intercept telephone conversations. I.e. if no call is in place then the tap is inactive.
A bug is used to listen to room conversation but may use the telephone/line as a facilitator of this. This type of attack means that all conversation in the area is susceptible to being overheard by the attacker and not just telephone calls.
Other forms of telephone (landline) attack are:
There can be several unused wires in the telephone cable, (e.g. a typical analogue telephone will use two wires (one pair) and any other conductors in the cable will be unused or spare). These unused wires could be attacked and used for eavesdropping purposes. The simplest form of attack using a spare pair would be to connect a microphone to an unused pair; the wire would then be traced to a convenient listening point where, by the connection of a suitable amplifier, the audio could be picked up. Alternatively a recorder could be connected in place of the amplifier and the recordings could be listened to after the event. Another option would be to use a micro phonic device (microphone or loudspeaker) within the telephone itself and to route this signal via an unused pair in a similar way.
A rather complicated attack, the split/re-split. This exploits the fact that un-screened cables can radiate signals which in turn can be coupled to a second wire.
A signal being transmitted along the grey wire will be fed along the first red link (this is the initial split) and end up on the green wire of the spare pair of wires. This will in turn be inductively coupled onto the yellow wire. At a point further down the cable the green wire is re-split back to the original grey conductor. The result is that at the far end of the blue/grey pair the original signal is present as intended but at the far end of the green/yellow pair, the same signal is also present. The split/re-split distance should be at least 15 20 metres apart in order for sufficient signal to be induced from the original conductor to the spare pair.
This form of attack is a modification of the analogue telephone unit itself. As previously described, when the telephone line is active, the DC voltage on the line drops and audio is passed along the line. When the receiver is replaced, the hookswitch is opened and the voltage goes high and no audio will pass down the line. In a hookswitch bypass attack, the telephone hookswitch is modified so it appears to be in an off hook (line active) condition, even with the receiver (handset) still on hook. The disadvantage with this is that the telephone, when dialled in to, would appear to be in use. A more advanced attack would be to modify the hookswitch circuitry such that the voltage was dropped sufficiently for the equipment to make the microphone and line active and therefore pass audio. But, at the same time not dropping the voltage low enough for the phone to appear engaged (busy) if anyone were to dial into it.
This is a simple attack whereby a microphone (either the telephone mic or a secondary microphone installed by the attacker) is connected to a pair of wires and the unit thereby used to monitor room audio and pass it to a distant listening post situated somewhere on the line.
Similar to the Passive attack described above but used in a digital telephone. This would require the appropriate audio decoder to be used dependant on the make/model of the telephone being attacked.
A free space transmitter is very similar to that used as a room bug but is concealed within the telephone equipment itself. This type of attack could use its own microphone or it may utilise telephone’s microphone.
Carrier current devices are low frequency RF types of device and would pick up the audio and modulate a low frequency carrier signal which would then be sent along a pair of wires within the telephone. In order to transmit along the wires the signal has to be relatively low frequency. If it is too high, the signal will use the telephone line as an antenna and the signal will be transmitted through free space rather than along the cable.
Not to be confused with mobile telephone type of bugs e.g. GSM bugs, which are often advertised as infinity transmitters. This type of infinity transmitter or harmonica bug as it is also known is a small piece of electronics hidden within the telephone unit and connected to the active telephone pair. The attacker then dials into the telephone and before the phone is answered, would send a specific tone down the line which then activates the bug and all room audio is then able to be listened to until the device is switched off. The name comes from the fact that the attacker can dial into the device from anywhere in the world.
Many modern telephones, particularly digital and VoIP are controlled by software applications and have any features over and above the basic operational ones. These features may be hands free operation, auto answer, call alert etc.
Whilst these are very handy features, anyone with knowledge of the individual software applications and time in the building can use these features to listen in to calls without the user’s knowledge. Access to the building may not be required if the telephone system is on a server with internet connection and remote dial in is active.
It is vitally important that the telephone administrators can be trusted as they are the people that understand the system better than most and could be coerced into mounting an attack for a third party. With their extensive knowledge, staff such as these system administrators could also overwrite the system logs in order to prevent their activities being discovered.
A RF(Radio Frequency) bug involves the placing of a radio transmitter in a room. One of the most infamous examples of the use of a RF bug is the “Great Seal Bug” story, when in 1952 a RF listening device was found in a carved wooden seal that had been presented to the US Embassy in Moscow and had hung in the Embassy since 1946.
RF bugs can be incredibly small and can be concealed in just about anything including skirting boards, picture frames, plugs etc.
Radio frequencies are given off by nearly all spying devices, and these radio frequencies can be detected with the proper equipment. Different types of bugs give off a large range of frequencies and specialist equipment is required to check the entire RF spectrum. Basic RF detectors, that can be purchased relatively cheaply, will only be able to detect limited frequencies and will give you a false sense of security.
Keystroke logging is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored.
Earlier this year, USB flash drive, key logging devices were found attached to computer keyboard sockets at the back of two computers in Cheshire libraries probably intended to capture potentially sensitive material like bank or credit card details.
GPS or Global Positioning System, is a satellite navigation system which can pin-point where a GPS receiver is by ascertaining its latitude and longitude. Satellites around the earth transmit radio signals which can help identify the precise locations of a vehicle equipped with a GPS receiver.
Data pushers are types of GPS systems in which the receiving unit sends data from the device to a central database at regular intervals, updating information on location, direction, speed and distance. Since it is easy to track movements of individuals or vehicles carrying valuable items, GPS data pushers are often used for spying.
Turn of your mobile phone's GPS feature (if it has one) if you don’t want to be tracked1
 |
 |
 |
 |
 |
 |
 |
|---|
|
Site Information: Sitemap | Legal/Privacy Policy and Cookies © Copyright 2012 Esoteric Ltd |
Connect With Us:
|
