Data leakage occurs when devices in a home or business are swapped or modified to exfiltrate data (audio, video, or TCP/IP traffic). These types of attacks range from modifying telephones to pass room conversations, to installing transmitters in severs to stream out data, to utilizing smart TVs and other devices to exfiltrate data to a distant receiver. Data leakage is insidious since it is not well understood by most security professionals, yet this technique is commonly used by technologically proficient adversaries, including state actors and well-funded private entities.
GPS Vehicle Tracking
GPS tracking devices are commonly installed on employer-provided and leased vehicles. However, these devices may also be installed on vehicles by private investigators, stalkers, and other adversaries. GPS tracking devices are used to locate an individual, correlate his/her activities with third parties, and develop a "pattern of life" to target a person legally or physically.There are two basic types of GPS trackers: units that use cellular networks to transmit the vehicle's location in real time and units that do not transmit and therefore must be physically retrieved to download and view that data.
Bugs are small radio frequency (RF) transmitters used by insider threats, competitors, private investigators, and spouses to eavesdrop on room conversations. A bug requires three components: 1) a microphone, 2) a power source, and 3) an antenna/transmitter. Although bugs can be concealed in practically anything, the RF energy they produce cannot be hidden. Professional eavesdroppers use various techniques to disguise RF energy (i.e., using 2.4 GHz Wi-Fi energy to mask a 2.4 GHz camera signal), which is why it is prudent to hire an experienced professional. Although generally illegal, bugs can be readily acquired cheaply in stores and online.
Business is mostly conducted on cell phones nowadays, but VoIp, digital, and even analog telephones can still be found in most work spaces. With varying degrees of ease, all of these systems can be compromised, either at the telephone unit itself or further down the line. These compromises do not just apply to businesses; home and hotel telephones can be similarly compromised. These attacks are beyond the scope of IT or cyber security professionals are require specialized knowledge in telephony and eavesdropping methods to reliably detect.
Covert cameras are sometimes installed by employers to monitor insider threat activity, shop owners to monitor customer behavior, spouses seeking proof of infidelity, and landlords to secretly (and illegally) monitor tenants. Spy cameras can also be installed to capture key strokes, monitor activity, and presentation slides. Covert cameras are available cheaply online and are often built into innocuous hosts, such as docking stations or speakers. These devices can be reliably detected with a variety of frequency analysis and optical countermeasures methods.
Light Transmission & Analysis
Optical attacks utilize laser microphones, infrared transmitters, visible light modulation, LED analysis, and other means to discretely capture room conversations and device data. Light-based attacks operate at a higher range of the electromagnetic spectrum than conventional radio frequency room bugs, which give them unique operating characteristics and place them out of range of radio frequency analysis equipment. These types of attacks are typically utilized by more advanced adversaries seeking to operate at a level beyond the detection level of most countermeasres equipment.
Most cases of eavesdropping are attributable to insider threats. Can access control systems be easily compromised? Are executive spaces sufficiently segregated? Do shared data systems in leased spaces represent a risk to your information? Physical security is the key to electronic eavesdropping prevention. Please contact us to learn more about our Threat & Vulnerability Assessment service.
Consultations are free.
We take your privacy seriously and will never share or sell your information.
Call us: 1.206.480.1155
Contact us: firstname.lastname@example.org