risk factory: the state of electronic eavesdropping

27
Just Between Us Just Between Us The Current State of Electronic The Current State of Electronic Eavesdropping Technology Eavesdropping Technology

Upload: risk-factory

Post on 16-Nov-2014

1.340 views

Category:

Technology


0 download

DESCRIPTION

An overview of the look at the current state of electronic eavesdropping.

TRANSCRIPT

Page 1: Risk Factory: The State of Electronic Eavesdropping

Just Between UsJust Between UsThe Current State of Electronic The Current State of Electronic

Eavesdropping TechnologyEavesdropping Technology

Page 2: Risk Factory: The State of Electronic Eavesdropping

Questions

• How many "bugs" are planted per year?

• What percentage is business related?

• What are the most common types of attacks?

• What percentage of electronic sweeps are productive?

• What amount of losses are attributed to electronic attacks?

Page 3: Risk Factory: The State of Electronic Eavesdropping

Answers

• No accurate statistics

• No most common methods

• No typical attacks

• No typical clients

• Successful attacks go unreported

• Majority of unsuccessful attacks go unreported

Page 4: Risk Factory: The State of Electronic Eavesdropping

Sales Statistics

• Over $900 million of illegal eavesdropping equipment is imported into the US each year.

• Over $500 million worth of legal eavesdropping equipment is purchased each year.

• Most targeted data:

Confidential Information Trade Secrets Research and Development

Divorce Domestic Issues Law Offices

Labour Unions Labor Negotiations Financial Information

Contract Bids Litigation Due Diligence

Computer Codes Mergers and Takeovers Marketing Plans

VIP Security Travel Plans Travel Routes and Targets

Page 5: Risk Factory: The State of Electronic Eavesdropping

Safe Bet

• Most used of industrial espionage techniques.

• Low risk

• High reward

Page 6: Risk Factory: The State of Electronic Eavesdropping

Low RiskLow Risk

• Why?

– Electronic eavesdropping is easily committed– Chances are low that victim will find the device– Chances low, if found, can be tied to eavesdropper– Prosecution of eavesdropping cases is rare

= Reward far outweighs the risk

Page 7: Risk Factory: The State of Electronic Eavesdropping

Ease of Concealment

Page 8: Risk Factory: The State of Electronic Eavesdropping

Hard to Detect

Page 9: Risk Factory: The State of Electronic Eavesdropping

Latest Version

• Any thing

• Any place

Page 10: Risk Factory: The State of Electronic Eavesdropping

Tactics & EquipmentTactics & Equipment

• “Wiretapping” - is the interception of communication over a wire w/o participants consent and requires physical entry into the communication circuit

• “Bugging” - interception of communication w/o participants consent by means of electronic devices and w/o penetration of a wire.

Page 11: Risk Factory: The State of Electronic Eavesdropping

Wired MicrophonesWired Microphones

• Carbon microphone: commonly used in a standard telephone handset.

• Crystal microphone: generates a small electrical current when the crystal is vibrated by sound waves.

• Contact (spike) microphone: installed on a common wall with the target area.

• Dynamic microphone: movement of a small wire near a permanent magnet converts sound into electrical energy. Operates as a loudspeaker in reverse.

Page 12: Risk Factory: The State of Electronic Eavesdropping

Wired MicrophonesWired Microphones

• Pneumatic cavity device: has a specially designed small cavity which picks up surface vibrations. (Glass tumbler effect).

• Condenser microphone: high fidelity use. Fragile and sensitive.

• Electret microphone: used primarily in P.A. and audio recording (extremely small).

Page 13: Risk Factory: The State of Electronic Eavesdropping

Wired MicrophonesWired Microphones

• Omnidirectional microphone: used in conferences. Picks up sound from many directions around the room.

• Cardioid microphone: picks up sound from directly in front of microphone.

• Parabolic microphone: gathers audio energy and directs it to a conventional microphone in the center of a dish-type reflector.

Page 14: Risk Factory: The State of Electronic Eavesdropping

Wireless MicrophonesWireless Microphones

• A radio frequency (RF) device consists of:

– A microphone– A transmitter– A power supply– An antenna; and,– A receiver

Page 15: Risk Factory: The State of Electronic Eavesdropping

Telephone EavesdroppingTelephone Eavesdropping

• Digital systems - originally thought to be secure. Digit stream can be recorded and converted to analog and speech.

• Conference call ghost• Handset relay• VoIP server hacking • PABX hacking• Mobile phone interception.• Smart phone hacking

Page 16: Risk Factory: The State of Electronic Eavesdropping

Light TransformationLight Transformation

Infrared light wave transmissions use light waves invisible to the human eye. Sound waves are converted to electronic impulses and the pulses are used to modulate infrared light waves. Think TV remote.

Page 17: Risk Factory: The State of Electronic Eavesdropping

Light TransformationLight Transformation

Laser transmission of sound does not require any equipment in the surveillance area. A laser beam focused on a window pane or a reflective object in the room. The vibrating glass modulates a reflected laser beam.

Page 18: Risk Factory: The State of Electronic Eavesdropping

Light TransformationLight Transformation

Fiber optic laser transmission uses a grade glass fiber, filled with laser light, routed through the surveillance area. Sound waves cause the fiber to vibrate slightly, altering the laser light.

Page 19: Risk Factory: The State of Electronic Eavesdropping

Flooding Flooding

• RF

• Microwave

• Electromagnetic

Needs resonating cavity

Page 20: Risk Factory: The State of Electronic Eavesdropping

Tools of Choice Tools of Choice

• Governments

– Wiretapping (individual)

– RF flooding (locations)

• Private Sector

– Devices (individuals & locations)

Page 21: Risk Factory: The State of Electronic Eavesdropping

Targets of Choice Targets of Choice

Page 22: Risk Factory: The State of Electronic Eavesdropping

26 Options… 26 Options…

Page 23: Risk Factory: The State of Electronic Eavesdropping

.exe.exe

Also Delivered Through Also Delivered Through

.exe.exe.exe.exe.exe.exe

Page 24: Risk Factory: The State of Electronic Eavesdropping

Should I Care?Should I Care?

Depends…

Information security = information security

Verbal data = data

Page 25: Risk Factory: The State of Electronic Eavesdropping

Also Also

Maybe the most sensitive information is the Maybe the most sensitive information is the information we don’t document.information we don’t document.

Page 26: Risk Factory: The State of Electronic Eavesdropping

What Can I Do?What Can I Do?

• First rule: Common sense

• Ensure portable device audio threat effectively communicated

• Identify key individuals (high value targets)

• Identify key target areas (board & conference rooms)

• Include in physical security screening

• Prohibiting phones in sensitive areas

• Policies addressing discussion of sensitive information?

• Include in security awareness messaging

• Conduct technical Security Countermeasures (TSCM) sweep

Page 27: Risk Factory: The State of Electronic Eavesdropping

Just Between UsJust Between UsThe Current State of Electronic The Current State of Electronic

Eavesdropping TechnologyEavesdropping Technology