Technical Surveillance Threat Levels
The threat posed by technical surveillance devices may be broken into ten basic levels. As each threat level increases the difficulty of detecting the device increases by an order of magnitude (for levels 1-9).
These threats are clustered into three major groupings, with a fourth major group for emerging technologies or threats based on misunderstandings of technology or (in some cases) pure fantasy.
Each level correlates to specific types of eavesdropper, and equipment being used. In turn each level also correlates to a specific type of TSCM inspection, methods, and procedures. As each level of threat increase the time and efforts required to find the bug also increases.
Level 1 - Common Consumer Products and Toys
This level of threat includes only generally available consumer devices sold at major department stores (Walmart), home improvement stores (Home Depot), national electronics chains (Best Buy), Radio Shack and similar stores. The products are NOT primarily designed for eavesdropping, and operate on a fairly narrow band of RF frequencies.
All products operate at very low power levels and most are considered "Part 15" devices (within the US). To qualify as a level one threat the product must also have an FCC ID number (or foreign equiv.), and be specified (by the FCC) as a consumer product. These products generally do not require any type of special authorization or licensing of the operator of facility.
This includes low power wireless microphones, wireless intercom systems, Wavecom transmitters, baby monitors, and similar products.
TSCM specialists who attend a typical two week civilian TSCM training program will be able to detect and locate about 50% of the threats that exists on this level, but will be weak on dealing with conducted signal threats, and very weak on RF threats.
The equipment is not designed for use as a surveillance device, and will operate on specific consumer band frequencies. Heavy usage of 49 MHz, 88-108, 143, 171, 470, 900-925 MHz bands.Generally limited to frequencies below 1 GHz. Limited usage of the 2.4 GHz band, involving mostly Wavecom video transmitters which are very simple to detect.
Equipment used for taping phone lines typically contain parasitic power draw, and are very simple to detect with a simple volt-ohm meter test.
Since the equipment and training required to perform a TSCM inspection at this level is minimal, the cost for this type of service is very low. Firms offering TSCM services this level typically charge between $150 to $750 for an entire sweep (but remember you get what you pay for). This level of TSCM service usually takes between four and six hours, with a legitimate firm charging around $250 per hour.
Technical Profile
Counter Measures
Credentials
Level 2 - Amateur and Consumer Communications Products
Products only qualify for a level two threat level if it is a quasi-consumer product such as a ham radio, aeronautic, or maritime type of product.
These products are available to consumers, but they really have to "hunt around" to buy them. At this point the products typically are involved in some type of hobby or recreational activity.
A user or facility using this kind of equipment will often require some type of authorization, or special licensing in order to operate this type of equipment. This includes commercial radio, mobile radio, and related equipment.
Products with a threat level of 2 include products not normally available to the public, and may or may not include FCC approved devices. The products are typically not sold retail, but are offered into very specialized vertical markets (such as the broadcast or recording industry.The most popular products are UHF and VHF wireless microphones used (or misused) by the broadcast industry. Also popular are industrial wireless video systems, and spread spectrum products clustered around the 2.4 GHz ISM band.
These products include those used by Private Investigators, security people, and related professional with heavy concentration on video based products (operating on consumer frequencies).
The products are quasi-legal (provided no audio path is involved) and are readily available to professionals via mail order or retail channels (such as spy shops).
Poorly trained law enforcement officers will occasionally (out of ignorance) use products such as these for surveillance, often with terminal results.
The equipment is not designed for use as a surveillance device, and will operate on specific consumer band frequencies. Heavy usage of 49 MHz, 88-108, 143, 171, 470, 900-925 MHz bands.Generally limited to frequencies below 1 GHz. Limited usage of the 2.4 GHz band, involving mostly Wavecom video transmitters which are very simple to detect.
Equipment used for taping phone lines typically contain parasitic power draw, and are very simple to detect with a simple volt-ohm meter test.
Since the equipment and training required to perform a TSCM inspection at this level is minimal, the cost for this type of service is very low. Firms offering TSCM services this level typically charge between $150 to $750 for an entire sweep (but remember you get what you pay for). This level of TSCM service usually takes between four and six hours, with a legitimate firm charging around $250 per hour.
Technical Profile
Counter Measures
Credentials
Level 3 - Amateur Eavesdropping Products
At this level of threat some of the products become borderline illegal. This includes many of the transmitter kits, telephone bug kits, and similar devices sold out of the back of electronics magazines and at a few electronics stores. While possession or usage of these products is quite illegal (as per federal law) the manufactures operate in a legal gray area which results in periodic raids by law enforcement.
Within the US these products are typically low power products which operated inside the parameters detailed in 47 CFR, Part 15 for low power non-licensed devices.
There is quite a bit of "Nudge-Nudge, Wink-Wink" that goes on with these products, and it is "understood" that most of the products are actually being used for illegal surveillance.
The equipment will usually operate on specific consumer band frequencies. Heavy usage of 49 MHz, 88-108, 143, 171, 470, 900-925 MHz bands.Generally limited to frequencies below 1 GHz. Limited usage of the 2.4 GHz band, involving mostly Wavecom or Trango video transmitters which are very simple to detect.
Equipment used for taping phone lines typically contain parasitic power draw, and are very simple to detect with a simple volt-ohm meter test. Eavesdropping equipment is typically applied to the telephone service access point inside the target, or at the service box at the side of the building. Actual penetration of the distribution cable is rare.
Since the equipment and training required to perform a TSCM inspection at this level is minimal, the cost for this type of service is very low. Firms offering TSCM services this level typically charge between $150 to $750 for an entire sweep (but remember you get what you pay for). This level of TSCM service usually takes between four and six hours, with a legitimate firm charging around $250 per hour.
Technical Profile
Counter Measures
Credentials
Level 4 - Restricted Professional Products
Products with a threat level of 4 include products not normally available to the public, and may or may not include FCC approved devices. The products are typically not sold retail, but are offered into very specialized vertical markets (such as the broadcast or recording industry.The most popular products are UHF and VHF wireless microphones used (or misused) by the broadcast industry. Also popular are industrial wireless video systems, and spread spectrum products clustered around the 2.4 GHz ISM band.
These products include those used by Private Investigators, Security People, and related professional with heavy concentration on video based products.
The products are quasi-legal (provided it is video only, and no audio path is involved) and are readily available to professionals via mail order, the Internet, or retail channels (such as spy shops).
Poorly trained law enforcement officers will occasionally (out of ignorance) use products such as these for surveillance, often with undesirable results.
This level of threat is typically equipment and devices used by the industrial, scientific, broadcast, and the law enforcement community. The equipment is generally not available to the public and is often too expensive for "spy shops", PI's, and amateur spies.Roughly 60% of these products is higher end equipment used by the broadcast industry (video transmitters, body wires, and wireless audio products). This equipment is commonly re-labeled and sold to law enforcement agencies at highly inflated prices. This type of equipment is quasi-legal for the public to possess, buy, sell, or attempt to buy (but it's a major and dangerous gray area).
Only about 40% of the equipment is purpose built for law enforcement (AID, HDS, etc..) and is really nothing more then copies of broadcast products in a concealment device. This type of equipment is highly illegal for the public to possess, buy, sell, or attempt to buy.
Equipment will typically operate on broadcast support, or law enforcement frequencies which will not be around any of the "consumer bands".
The eavesdropper generally assumes the target is "soft" and not expecting eavesdropping. Target typically will not be performing any type of TSCM inspection, or will be using "spy shop bug detectors" which will provide a serous false sense of security.
Equipment used for taping phone lines will normally contain a sophisticated isolation circuit, and will be very difficult to detect electronically. Such a device is often called a "Slave Device" and is typically only found via a careful physical inspection.
The primary indicator of this level of threat is that it was initially designed, marketed, and sold to a "non-public" customer (such as a TV studio, medical facility, industrial firm, or law enforcement agency).
The equipment and training required to perform a TSCM inspection at this level starts becoming complex. The cost for this type of service starts to increase. Firms offering TSCM services at this level typically charge between $1500 to $3000 for a limited sweep. This type of TSCM service usually takes less than a day (and often less then 2 hours).
Technical Profile
Counter Measures
Credentials
Typical Suppliers
Level 5 - Professional Spy Shop Products
Level five threats are mostly the products sold by spy shops and involve mostly simple audio transmitters, and low quality video transmitters. These products are fairly low quality, but incredibly expensive. The products are quasi-legal in some countries (German, Japan, England, Canada, etc.) but quite illegal in the United States.
This level of threat is commonly found with law enforcement surveillance "groupies and newbies" but a professional spy will avoid using such products as they are very easy to a TSCM'er find during a sweep.
This level of threat is usually equipment and devices specifically modified for use in covert surveillance.Generally nothing more than low cost modified consumer electronic devices such as Wavecom video transmitters, or consumer band wireless microphones.
Often level 5 devices are actually level 1, 2, or 3 devices which have been re-tuned, modified, and/or placed into a concealment device (i.e.: fanny pack, eyeglasses case, lamp or clock radio).
The primary indicator of a level 5 device is the smaller size and the method of concealment (usually inside another electronic device).
Equipment will typically operate on well known "spy shop" or "ham" bands of frequencies, and often on consumer band frequencies.
Equipment used for taping phone lines will usually use parasitic power draw, and are very simple to detect. If the line is isolated the isolation circuit will be fairly crude and easily detected.
The equipment and training required to perform a TSCM inspection at this level is minimal, and the cost for this type of service is moderate. Firms offering TSCM services at this level typically charge between $1000 to $1500 for a limited sweep. This type of TSCM service usually takes less than six hours.
Technical Profile
Counter Measures
Credentials
Typical Suppliers
Level 6 - Professional "Title 3" Products
These products are strictly taboo for the public to buy, sell, possess, or attempt to possess. It is actually more illegal to sell a real bug (in the United States) than it is to possess a kilo of cocaine.
This level of threat involves eavesdropping products strictly available only to law enforcement agencies, and then only when acting under an ACTIVE court order.
Most of the products operate on bands allocated for law enforcement activities, or bands specifically allocated for surveillance (and are fairly easy for the TSCM professional to detect).
This type of product (within the United States) is referred to a "T3" or "Tile III" device, and has a very narrow, and specific purpose for which they are used.
Most beeper and cellular intercept or eavesdropping systems fall into this level of threat due to the highly restricted nature of such products.
Threats above this level are strictly those which involve national defense or intelligence interests. In other words, members of law enforcement are not allowed to "play with toys" above this threat level (in almost any country).
The primary indicator of a level 6 device is that it is designed, marketed, and sold as a covert eavesdropping product.The product is designed not to be detected during a typical TSCM sweep and will require a great deal of time to locate and identify. This type of threat always assumes that TSCM activities will be performed at the subject location.
This type of device is usually monitored by full time staff at a fixed command post. The eavesdroppers will typically have the target under intense physical surveillance and will be monitoring "guard-bands" to detect TSCM teams.
This type of threat is that commonly used when businessmen "bug" each other, and when "big dollars" are involved.
The equipment and training required to perform a TSCM inspection at this level is considerable. Firms offering TSCM services at this level typically charge between $3000 to $7500 for a limited sweep. This type of TSCM service typically requires at least a full day (often 2-3 days).
Technical Profile
Counter Measures
Credentials
Level 7 - Signals Intelligence Products
Level 7 threats include those products used by the Signals Intelligence community, and may include radar analysis systems and communications intercept systems.
This equipment is typically used only by major defense or intelligence agencies and generally is not available to law enforcement.
While it is possible for the public to obtain "bits and pieces" of these products it will be impossible for them to assemble a fully operation system.
The "bits and pieces" of these are not normally classified, by instead the capabilities of the entire system is classified, or instead everything except a few specific "black boxes" are classified.
A good example are the thousands of Lockheed, Watkins-Johnson, TRW, and CSF "black boxes" sucked up by the Department of Defense each year.
The equipment may include special classified or unclassified battlefield communications systems, SATCOM systems, GPS systems, Avionics Systems, and so on. In the event that the minimal level of security around these products was compromised only minor damage or embarrassment could result.
In the rare event that this type of threat is classified it is only a lower level type of classification such as FOUO, Confidential, or perhaps borderline Secret.
The product is designed not to be detected during a typical TSCM sweep and will require a great deal of time to locate and identify. This type of threat always assumes that TSCM activities will be performed at the subject location.This type of device is usually monitored by full time staff at a fixed command post. The eavesdroppers will typically have the target under intense physical surveillance and will be monitoring "guard-bands" to detect TSCM teams.
Counter Measures
Credentials
Level 8 - Intelligence Agency Eavesdropping Threats
An example of this level of threat is the eavesdropping devices and methods actively being used by an intelligence agency, State Department, and so on.
This includes both radiated, and conducted signals threats along with various types of intercept systems, alarm bypass systems, covert entry devices, and so on.
Virtually all equipment involved in this level of threat is classified at least Secret. Compromise of this type of information at this level of threat would cause serious injury (but not grave damage) to either national defense or intelligence.
TSCM specialists training by the U.S. Government at Fort Washington or Richland are generally trained to this level, but no higher.
The product is designed not to be detected during a typical TSCM sweep and will require a great deal of time to locate and identify. This type of threat always assumes that TSCM activities will be performed at the subject location.This type of device is usually monitored by full time staff at a fixed command post. The eavesdroppers will typically have the target under intense physical surveillance and will be monitoring "guard-bands" to detect TSCM teams.
Counter Measures
Credentials
Level 9 - National Security Eavesdropping Threats
This is the highest level of threat which is available to government agencies, and includes emerging technologies, and equipment or devices on the cutting edge of science.
Access to even the slightest piece of information regarding this type of system is highly restricted and requires a high level security clearance. Often people (even with a Top Secret security clearance) are only allowed to work on a small part of the system to minimize the risk of any one person crippling national defense.
All information concerning this type of threat is classified as Top Secret, and often involves codeword access such as TK, SCI, Gamma, Byeman, and so on.
The equipment, methods, and activities are all centered around large scale national surveillance, reconnaissance, eavesdropping, and intelligence programs and related activities. A prime example of this is the NRO and their program or overhead imagery, or the NSA/Navy undersea fiber optic tapping ships.
Level X - Hypothetical, Misunderstood, or Delusional Threats
Above level 9 exists a level of threat that is called "X-Level". This include seven (or more) sub-levels of threat.
The only time that a TSCM specialist will encounter this type of threat is from a client who has a limited understanding of technology, has watched too many X-File re-runs, is delusional, or paranoid.
In many cases the client is simply misinformed or has been the victim of an elaborate technology based hoax. In other cases there may be some type of borderline eavesdropping products that was in the media which works well in the lab but is virtually worthless in the field.
Xa) The first of the Level X threats is based on technology which is emerging, but has not quite made it out of the laboratory. Often this technology is snatched up by a government agency and never becomes widely available to the public. In other cases the technology makes it out of the lab, but is virtually impossible to provide to the public. While this technology, threat, or product is possible, it is quite expensive, or not practical for actual use as a surveillance method or device.
Xb) The second level involves simple misunderstanding or misrepresentation of modern technology. This occurs when the public is misinformed or misled by the media, or when too much science fiction gets mixed with modern science. In most cases it is simply a case of a non-technical person reading a technical article and drawing an inappropriate conclusion.
A prime example of this what is commonly called a "TEMPEST or Van Eck Intercept System". While it is possible to obtain a small amount of information via such methods the area of technology is grossly misrepresented by a host of con artists and snake oil salesman in an attempt to deceive the public (and make a quick buck).
Xc) The third type of threat involves technologies that are on the verge of discovery, or technologies that will be generally be available within the next five year period.
For example in 1990 the IRIDIUM satellite system (which can be used for an uplink for an eavesdropping device) would have been considered a level X threat with a subcategory of C. Once the system was partially function it became a level 2 threat. As the system was marketed to the public in later years it became a level one threat.
The next few levels of threat become a bit of a problem as no rational threat exists, but the client has convinced themselves that such a threat has been applied to them by a real or imaginary entity.
Often this delusion (or misunderstanding) has been caused by a victim actually being actively tormented by an eavesdropper using or abusing technology. In an attempt to rationalize how the attack is taking place the victim will often try to research how such a thing is done.
Often the victim turns to various media sources, articles, television shows, and movies and gain only a sensationalized, over hyped, unscientific view of surveillance technologies and methods. (It's amazing how much bad information is out there).
Sadly, due to the inability of the victim to obtain legitimate information regarding surveillance or counter-surveillance their well intentioned research leads to convincing themselves that some type of irrational or improbable surveillance method or technology is being used against them.
Victims of technical surveillance (or technical harassment) usually believe a threat exists at a level quite a bit above the actual level found present. For example a subject who has been the victim of a $20 phone bug, or who has been covertly video taped becomes so terrorized that they start believing the CIA placed an classified eavesdropping or tracking beacon in a molar during their last root canal. In fact the CIA is not involved, but instead it is only a PI who installed a $20 phone bug at the request of an ex-boyfriend or girlfriend (for the purpose of harassment and terrorism).
A subject who claims a threat at this level should be considered very legitimate. The perceived threat should be discussed with them prior to offering a TSCM service to determine if it is simply a case of conducted audio signals, or of them carelessly using a cordless telephone phone. In other cases the victim is suffering from an actual physical ailment which mmics a technical attack (such as an ear infection causing ringing in the ears).
Xd-1) The first type of the X threats involves what is commonly referred to as "Pseudo-technology" and includes Microwave, RF, and Ultrasonic harassment products, anti-gravity products, HERF weapons, TEMPEST, space aliens at Area 51, red headed leprechauns, and other such fanciful tales of technology.
While the threat is technically possible the actual usage is limited to "academic curiosities only". Cute articles are often written about these topics, but for some reason the "demonstrations" never stand up to controlled scientific examination (such as the levitating car hoaxes, HERF guns, pocket sized laser weapons, or the palladium based super conducting reactor).
A subject who claims a threat at this level should be considered legitimate, but the perceived threat should be discussed with them prior to offering a TSCM service. This is done to dispel any myths or misconceptions they may have about technology. It is common for a legitimate threat to exist, but for the subject not to be able to articulate details of the except though media provided examples.
Xd-2) It is not uncommon for a subject to claim to be the victim of some type of government eavesdropping or of some type of technical harassment, but is unable to articulate why it is being done, or is unable (or unwilling) to articulate who is doing it.
The most common complaint is that the subject feels they are being harassed due to some secret knowledge they posses, or because some member of their family possess such knowledge. It is not uncommon for the subject to complain of being implanted during a smallpox vaccination or during some type of medical or dental procedure.
Generally the governments in the free world do not sneak around attempting to covertly "Lo-Jack" people (except in the movies and in spy novels).
While "off-the-books" covert eavesdropping is occasionally done by government agencies such instances are quite rare, and usually involve the subject having (or getting) an active security clearance.
Legitimate court authorized surveillance is another story, but despite what you may read in the newspapers or pulp magazine the U.S. government does not implant tracking devices or eavesdropping devices into people.
A subject who claims a threat at this level should be considered borderline legitimate, as their fears are often based in reality, and on an actual (but exaggerated) threat. Often the offending piece of technology is found to be a cordless telephone, wireless intercom system, or in some cases a covert video camera.
In many cases the victim is actually (but covertly) being actively stalked or is the victim of "video-voyeurism", and is subtlety picking up on warning signs (which they then incorrectly attribute to some covert government agency).
Xd-3) The third type of X level threat is similar to the previous level, but involves (non-existent) civilian based implant systems, or sophisticated methods of technical harassment (such as microwave energy guns).
Usage of such equipment or methods would leave evidence of bodily injury such as bleeding from the ears, damage to the sinus cavities, ultrasonic cell disruption, radiation burns, thermal RF burns, and so on. In reality a physician would be easily able to locate such a device on (or in) a patient during a routine physical. Subjects who claim to have a civilian or government based implant should first be examined by an appropriate medical professional.
Voo-Doo dolls, Gri-Gri's, gypsy curses, evil eyes, black magic, and other supernatural methods not withstanding there is very little one person can do using technology to another to actually cause then harm, pain, or sleeplessness to another without leaving considerable medical evidence of the mischief.
A subject who claims a threat at this level should first be evaluated for injury by a medical professional prior to any TSCM service being offered. It is possible that a leaky microwave oven is the culprit, or that some type of acoustical or ultrasonic harassment device is behind the problem.
Xd-4) Occasionally a subject will become convinced that they are the victim of tracking or eavesdropping by some type of alien implant which was given to them during an alien abduction. The evaluation of such implants (and subjects) should be restricted to appropriate medical professionals.
Xe) The final level of X threat includes hypothetical threats, or threats which could be possible, but no scientific evidence is yet available to confirm or deny that it actually exists.
At this level of threat the subject could be considered (and usually is) quite rational, but the TSCM specialist is unable to find a specific device. This is common in cases where and eavesdropping device has been turned off or has been removed prior to the sweep, but the client has firm (and legitimate) evidence concerning its usage.
This level of threat should be very carefully evaluated, as there may or may not be some type of eavesdropping device or method being used.
To be contacted for a confidential consultation please E-mail: jmatk@tscm.com
or send a letter via US Mail to:
or call: URL: http://www.tscm.com/ |