GSM audio bug

 

An international client based in Scandinavia was concerned that sensitive matters being discussed in their office area by senior members of the company were being reported a short time later in an online publication.

 

Mercator was tasked with conducting a TSCM survey.  A thorough inspection of a conference room resulted in a ‘quick-plant’ battery powered GSM audio eavesdropping device being discovered concealed inside a hinged ornamental radiator cover. The voice-activated device was held in place with double-sided adhesive foam.  Further adhesive residue around the site suggested that the device had been replaced on a regular basis as its battery became depleted.

 

A forensic investigation of the device revealed that it used an attributable pay-as-you-go SIM card and automatically called another pay-as-you-go phone when speech was detected. The client was advised on how to mitigate against the risk of quick-plant devices being placed in the conference room and a program of ad-hoc TSCM surveys was put in place.

​

 

Wi-Fi-based video and audio bug

 

A high net worth client was concerned that information that had been discussed within the confines of their apartment had been leaked and concluded that illicit eavesdropping was taking place. A discreet TSCM survey of the apartment revealed that a 4-way mains extension block below a TV in the master bedroom had been modified and contained an eavesdropping device which recorded both video and audio onto a memory card. The ‘product’ from this device was retrieved by the eavesdropper via the apartment’s Wi-Fi network and did not need to be monitored in real time.

 

Our forensic investigation of the device and its memory card revealed the time and date when the device was first activated.  This allowed the client to compare this to logs from the building’s access control system and identify the person who let the eavesdropper into the premises to install the device.

​

 

 

Covert video cameras in an open-plan office

 

A client, concerned about the sensitivity of ongoing business discussions commissioned Mercator to conduct a TSCM survey of their executive team’s offices.  A detailed examination of the radio-frequency spectrum in the building revealed the presence of two video signals in the 2.4GHz band. Using other technical equipment, including a hand-held thermal imaging camera, the sources of the signals were identified as a smoke detector and PIR alarm sensor in an open-plan area of the office, both of which contained video cameras transmitting their product on 2.4GHz to anywhere in the local area.

 

Following discussions with the client, it was decided that the devices should be removed as they were mains powered and the eavesdropper would not need to return to change batteries or remove recorded product, which might have presented an opportunity to identify them.  A thorough investigation of the devices identified when they were manufactured and a window for their installation; this corresponded to a specific event which was taking place at that time.  Following the removal of the cameras, Mercator provided advice on improvements to security and access control measures in order to reduce the chances of further fixed eavesdropping devices being installed.