Exclusive: Finding 'Bugs'/'Listening Devices'
October 20, 2017 | Security
A recent "find" was the result of a physical sweep which we always do in conjunction with and immediately after a technical sweep.
The location was a multi-national hotel suite, which was to be used by a CEO. The electronic sweep showed no obvious and active devices.
During the physical sweep it was noticed that the screws on the back of a new flat screen TV were scratched so were definitely not "factory state". When the back was removed and the inside examined it was discovered a device had been inserted and concealed amongst the circuit boards and electronics. A microphone had been placed into one of the front speakers, a micro video camera lens in the other. Both were then hard wired to their respective electronics in the TV and a hard drive was attached for recording. Power was obtained via the TV power source.
The device would power up when the TV went to standby mode and/or after the room key was put into its slot and the room powered up. As back-up, the device would switch on by sound activation and or motion detection.
In view of the devices location; the electronic sweep showed no anomalies, so the device was not detected during that phase as the device gave off no transmissions and its components were located within other normal NLJs in the TV.
In addition, the room was a suite and the device was in the bedroom TV rather than the living room TV which told us that the likely use was for attempted blackmail rather than business intelligence gathering.
They nature and type of device told us it was not likely to be a government device.
The components could easily be purchased in an electronics shop/mall and would have cost in the region of NZ$450.00.
A subsequent discreet review of the hard drive (suitable for about 100hrs of recording) showed it had been used previously in other hotel installations due to the various different room decors.
After this discovery, the other suites where key senior staff were to be staying were also checked and several other identical devices were found in the living room TVs.
Interestingly those rooms were for the COO and CFO, so internal business discussions or external third party business discussions were likely and would have taken place in those rooms.
MO - The perpetrators had booked the rooms for the clients, and so had access to the rooms. They had also bribed a housekeeping employee to allow them access to retrieve info from the hard drives. They had not used any Wi-Fi device on the installation to allow remote access nor was there any burst transmission capability.
Our operating method meant we advised client they had three options in this instance:
1. Devices found were probably for attempted blackmail purposes, so they were discreetly blocked with nondescript items - so as not to alert perpetrators.
2. Devices found that were probably for business intelligence gathering - left in place for use to sow misinformation / disinformation. Confidential meetings were then conducted in other locations with last minute bookings and an Audiotel Delta V or Signet were used for real time monitoring.
3. Report matter to Hotel Management and/or Police.
This case further reinforced our physical search need and we have modified such to check all screws, bolts etc. We don't just look for scuffs, but the ease of unscrewing the screw or bolt as factory fitting would normally mean a tight fit.
We frequently perform Technical Surveillance Counter Measure (TSCM) sweeps to detect electronic eavesdropping devices, or “bugs” for our clients in New Zealand or around the world.
