Phone Bugging and Modifications
In many cases nothing has to be done to the telephone to turn it into an excellent room bug due to design flaws, but in most cases a simple capacitor (at a cost of three cents) can be installed and a wire snipped to turn your telephone into a very high quality eavesdropping device.
Telephones have microphones, speakers, ringers, microphonic transducers, and power all of which can provide everything an eavesdropper needs to listen in on your business or personal affairs.
What follows are a few of the hundreds of things an eavesdropper can do to very simply turn your normal telephone into an excellent surveillance device.
Many modems, telephones and speaker phones also emit RF energy when in use, this energy may be easily intercepted by an eavesdropper using an inexpensive radio receivers or police scanner.
The speaker phone systems made by Lucent, Panasonic, U.S. Robotics, and others have a history of "compromising emissions". One of these phones ordered right from the factory (with no modifications) will often transmit RF energy which may be easily intercepted several hundred feet away. Depending on the specific model, the speaker phone may transmit room audio while on hook or off hook, or not at all. If you have a speaker phone in your office be sure to always unplug or remove it prior to any sensitive meetings.
Many data and fax modems (Practical Peripheral, Motorola, Rockwell, etc..) also transmit RF energy when in normal use. This allows an eavesdropper to easily intercept and monitor the signal at a considerable distance. Often all that is needed to monitor the signal is a modified twenty dollar FM radio. For example an unmodified Practical Peripheral 28.8 modem transmits a strong RF signal in the 120-130 MHz range which can be picked up remotely, hundreds of feet away.
Fax machines may also do this, when a confidential document is sent to your client you may also be broadcasting it to an eavesdropper. This is a serious problem with Sharp, Canon, HP, and other fax machines.
When you engage a TSCM firm be sure you have them evaluate your speaker phones, modems, and fax machines for any kind of design flaw which could be transmitting your confidential information to anybody who is interested in listening.
RF Transmitter with
This is similar to the above device, but it has its own microphone, and is typically installed inside the telephone. Such a device is normally considered a room bug. This type of device transmits an RF signal over the phone or power lines (9 kHz to 500 kHz is common, but the signal may be as high as 450+ MHz).
Infinity Transmitter or
An older devices, which is attached to a telephone, and when called from an outside telephone would enable the caller to listen in on room audio. Considered obsolete, but still sold in spy shops.
This type of device is popular with private investigators and "Walter Mitty wanna-be spies". The product may be purchased at Radio Shack or other electronics stores for under twenty dollars.
Slave or Bypass Device This type of device provides electrical isolation between a target line and an eavesdropper, which provides a low level of security against detection. This type of device is popular with the law enforcement community (both legally and illegally), but easy for a skilled TSCM specialist to find.
All that is required to do this is access to the ESS translation, and a T-Carrier or OC-xx data line (a normal "loop" line is rarely used). With a 622 mb fiber optic line eavesdropping can easily access, and listen in on over 11,100 lines at a time in a local area. For a small level of eavesdropping a simple leased line and a bridge can be used, but for a full scale eavesdropping project tapping right inside the phone companies building is ideal.
This function of the phone system is very loosely controlled as the maintenance people at the phone company use it for routine maintenance. Any computer hacker or PHreaker can and have easily accessed the system and listened to private calls, or manipulated the line in other ways. Private investigators and insurance companies have also been known to illegally use this system to gather information on targets.
Several telephone systems lack a hookswitch mute circuit (such as the cheaper phones made by Northern Telecom, Toshiba, and several others). This allows an eavesdropper to perform a technical surveillance without actually gaining access to the area (such as a hotel room) or performing any type of modifications to the telephone.
Several types of Common Hookswitch Bypass Methods:
An inspection of this nature should be performed on a quarterly basis and only by a reputable TSCM firm and should include all phones or other electronics used for confidential discussions. Such an inspection should include all areas where sensitive work is done, executive offices, conference rooms, and related support areas.
To be contacted for a confidential consultation |
please E-mail: firstname.lastname@example.org
or send a letter via US Mail to: