6.5. Electronic Surveillance
Covert Electronic Monitoring (CEM) is one of the biggest dangers to organizations at risk from commercial espionage. For this reason penetration testing teams are employed to simulate a physical intrusion by an attacker where the goal is to install listening devices in sensitive areas. By listening devices, I mean the following:
Traditional Room 'Bugs' Professional bugs (rather than those cheaply bought at 'spy shops') are capable of extremely long-term autonomous operation. During a fingertip search of a ceiling space in 2002, my team found a bug that had been placed by an unknown attacker, probably several years before, and still very much active. Discrete cameras are sometimes used as well, but in commercial espionage, video is less common than voice recording and data snooping. In general, bugs are designed to transmit voice via a radio signal to a receiver. The range of a signal varies based on the strength of transmission and the nature of the surrounding super-structure. The frequencies that bugs transmit on also varies depending on how much you've paid for such a device but also on locale as governments tend to license different wavelengths. This however will be of minor interest to criminals and corporate spies.
Phone taps These can be placed virtually anywhere in the internal phone system but often specific offices are targeted and devices connected directly to a handset or in line with the phone system. Like room bugs, they are generally ...
Get Unauthorised Access: Physical Penetration Testing For IT Security Teams now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
