Client’s Challenge: Concerns About Electronic Eavesdropping
Every board and executive team exchanges private and highly sensitive information that – if stolen, leaked or compromised in other ways – could result in costly, operationally distracting or financially catastrophic business impacts. Not all, however, adequately protect it.
“We know our security at headquarters is solid,” said the insurer’s Chief Security Officer. “Physical security. Access control. Mailroom processes. You name it. But none of these capabilities address the risks of electronic eavesdropping.” Turning to Hillard Heintze, its strategic security advisor, the insurer asked for a technical surveillance counter measures (TSCM) sweep of the executive suite and boardroom at its headquarters.
Our Solution: Technical Surveillance Countermeasures (TSCM)
Hillard Heintze TSCM sweeps are designed to detect the presence of audio surveillance devices and identify security weaknesses that could allow a technical penetration or eavesdropping. Our assessors used laboratory-grade technical equipment to assist in the discovery of powered devices, locate transmitters and identify resident RF signals to determine if sensitive information had been compromised. The team also examined the suites’ walls, floors, ceilings and vents. Then it tested the phone systems for wiretaps, bridge taps, series taps and tape recorder starters and conducted analysis of tone generation signals in both directions.
Impact on the Client: Vulnerabilities Identified – and Fixed
While the sweep uncovered no active compromise or component, it did identify three critical vulnerabilities: (1) two unused phone ports that would allow an unauthorized device to transmit audio over a phone line via a jumper connection, (2) a wireless microphone system transmitting in the 490.000 GHz RF range whose transmission, we confirmed, could be monitored in the adjacent hallway, and (3) a nest of wires above the audio-visual system that could permit the placement of a device capable of recording internally or transmitting audio signals outside the building.
Unplugged: The Project Manager's Post-Engagement Perspective
“The thought of an electronic eavesdropping device syphoning away corporate secrets doesn’t keep a lot of senior executives awake at night.
I see three reasons for this. First, the threat can be technically quite sophisticated – as is the solution. Second, there’s virtually no industry feedback loop on this: when companies suffer a loss event, nobody calls the media, competitors or shareholders. Third, it’s not the board’s job or the senior management team’s; it’s the CSO’s.
So, does electronic eavesdropping keep CSOs awake at night? I doubt it. A TSCM sweep doesn’t take long. And it’s not expensive. I think of it as an ounce of prevention, protecting against millions in potential losses.”