Cybercrime may be on the rise, but conventional bugs are booming, too. Counter surveillance equipment becomes more important.
Counter surveillance

Toolkit of evil.

Cybercrime may be on the rise, but conventional bugs are booming, too. Some of them are incredibly powerful and sophisticated. To protect its customers, Deutsche Telekom’s BSI-certified countersurveillance team employs the most advanced defense technology available worldwide.
Copy: Thomas van Zütphen
Photos: Dominik Pietsch, Foto Sexauer

Jens Bolte, Leiter Executive, Event & Eavesdropping Protection
“Internet crime is booming. However, traditional economic spycraft is very much alive today, too.”
Jens Bolte, Head of Executive,
Event & Eavesdropping Protection
Sometimes, experts just can’t agree. One example: estimating how much damage industrial espionage inflicts on companies year after year. BDI, the Federation of German Industries, says it’s at least 50 billion euros. VDI, the Association of German Engineers, puts the figure much “closer to 100 billion euros.” There is, however, one thing that nobody disputes: today, here and now, eight percent of all German companies are bugged*. The lenses, microphones, transmitters, SIM or SD memory cards often go undetected for years once they’re installed and hooked up to a reliable power supply.
A BITKOM study claims that one of ten German companies with more than 500 employees is wiretapped. Obviously, the devices aren’t everywhere. The bugs may be concentrated in a single room, where they may be hidden behind 600 square feet of ceiling panels. Or some 30 yards of baseboards. In the conference table. Or behind the whiteboard, floor lamp, monitor, phone conferencing station, WLAN router, smoke detector, power outlet, network cable, USB port or the pinhead-sized dot of an “i” in the logo of the air-conditioning control unit. Just to the right of the door. Did you see it?
Detecting today’s minuscule wiretapping systems requires working with utmost concentration. From the window front along the entire facade down to the hinge of every single blind. That’s because even the smallest space can shelter audio or video devices powerful enough for espionage. The tip of a ballpoint pen cartridge, for example. The uninitiated might think that someone had just forgotten the writing utensil there yesterday.

Electronic trespassing is in season

And yet, these are only the visible “means for information theft” even if you don’t immediately notice them. A much more insidious – and more popular – method among industrial spies is to use laser Doppler vibrometers to capture acoustic vibrations through windowpanes. And then to use an infrared laser to decrypt sound waves across even greater distances.
“That’s quite an achievement,” reported Jens Bolte, Head of Executive, Event & Eavesdropping Protection at Deutsche Telekom. “It’s perfectly justified to condemn what they do, but you can’t help but admire their talent.” And their services aren’t cheap. But if you consider that important strategy meetings may result in investment decisions worth millions or billions of euros, the people hiring these high-tech eavesdroppers will sometimes go to any expense. It doesn’t matter that internet crime is booming like never before, especially since the protection that cybercrime defense providers offer is improving all the time. “It just accelerates the boom in conventional industrial espionage tools,” said Bolte.
The security expert leads Deutsche Telekom’s countersurveillance team. This is a special unit consisting of technicians who, without exception, have passed exhaustive background checks and been with the company for many years. To be part of this unit, you generally need a degree in telecommunications or electrical engineering as well as excellent skills in radio and communications technology. After years in the countersurveillance business, every team member masters the full toolkit of evil better than most of the attackers who use the hardware. And that is only one yardstick. Deutsche Telekom has offered technical surveillance countermeasures as a service to customers for nearly forty years, too. Deutsche Telekom’s countersurveillance teams move out in groups of four or five. One of them, Horst Glaser, is a 62-year-old countersurveillance expert, one of only two “publicly appointed and sworn” specialists of this kind in Germany.

An art all its own

The ability to put together such a highly qualified team is a big reason why Deutsche Telekom is the first – and so far only – IT security service provider to offer “Technical Surveillance Countermeasures for the Private Sector” as certified by the BSI, the German Federal Office for Information Security. To obtain this certification, a service provider must have implemented an audited quality management system (QMS), have a security clearance up to the level of “secret” and, as the government agency puts it in officialese, each team member must “possess demonstrated compliance with the technical requirements.” What exactly that means is clear to anyone – of the few – who actually gets to see the countersurveillance team in action. They expertly ply all the defense and detection technologies available in the market.
Microphones, hidden in plugs and power sockets, are easy for the countersurveillance team to find.
Microphones, hidden in plugs and power sockets, are easy for the countersurveillance team to find. But that doesn’t stop spies from trying anyway.
That includes high-frequency measurements in wireless analyses. That is, the detection and location of wireless eavesdropping devices installed by spies. “It’s an art all its own since many of today’s bugging devices hide their transmissions in frequencies used by cell phones or tablets,” said Andreas Nees, the team’s head of operations. Live in concert, if you will. A spectrum analyzer will register even the smallest aberration in frequency waves and immediately alert the defense experts. The special equipment Nees and his team travel with weighs an impressive 660 to 770 pounds and includes highly sensitive thermal imaging cameras that hunt down wireless transmitters as soon as the heat they radiate exposes them on the cameras’ displays as a dark-red spot. Other tools in the countersurveillance team’s toolkit include semiconductor detectors, video endoscopes and an x-ray camera that can penetrate steel up to 1.6 inches thick.

Full gamut of available defense technology

“In addition to detecting optical systems in visible and invisible areas, our repertoire includes hunting down inactive bugging devices that often send the information they’ve collected to their original, unauthorized ‘installer’ through Wifi at a later time,” Horst Glaser explained. The team also performs non-destructive examinations of items and devices that cannot be opened. Glaser knows, however, “that each room sweep will only last as long as the room remains constantly monitored afterwards.” That’s why all the devices and installations in a room can optionally be sealed once they’ve been checked. Each seal bears a unique identification number and cannot be removed without destroying it. You could call it the artist’s signature for malicious spies.
X-ray cameras scan any and every movable item that belongs to a conference room or the meetings held in it.
X-ray cameras scan any and every movable item that belongs to a conference room or the meetings held in it. This coffee pot, for example, is bug-free.
The sweep team calculates roughly three hours for a standard sweep, i.e. an office measuring up to 30 square meters with two desks. Bolte cautions, though, that “each action’s lasting effect greatly depends on the effectiveness of the customer’s security policy.” One important aspect is physical access control for specific rooms: who is authorized to clean the room or perform planned catering services? What’s the point of sweeping a room if authorized and unauthorized employees can come and go as they please until the scheduled meeting finally takes place? “That’s why part of our security check always includes an assessment of the security policy and our recommendations in an audit report,” said Bolte.

Smart companies take precautions

Working from its base in Darmstadt, the speed at which the countersurveillance team can arrive at a customer’s site depends on its workload at the time of the call. Ideally, it can complete the audit immediately or on the next day depending on how far it has to travel. But the “demand for tickets” is rising. Naturally, Deutsche Telekom will not disclose details on the number of service calls or the clients who use this service. Those facts are covered by a nondisclosure agreement that the team signs before conducting an audit. If requested by the customer, the countersurveillance team may – depending on the “usual traffic” on the company floors – show up in inconspicuous contractor overalls or in fine wool suits of the kind usually worn by boardroom visitors.
Once a room has been secured, the countersurveillance team offers its customers a conference support package to ensure the room will remain secure. First, they run a status scan of the radio frequencies at the start of the meeting, followed by a constant comparison scan in the next room during the entire meeting. This allows them to detect any listening devices that are turned on remotely or are literally served – by listeners both willing and un welcome – after the meeting starts. In a coffee pot, for example.