How to order TSCM inspection.

How to order a TSCM inspection.

James M. Atkinson, Granite Island Group

How to order a TSCM inspection.

Remember that there are only six legitimate and competent TSCM specialist firms in the US private sector (twelve worldwide), be patient in finding one that can help you.

TSCM, Bug Clearing, and Counterintelligence specialists are not usually listed in phone directories and rarely advertise their services.

DO NOT attempt to initiate contact using any suspect phone, always call from outside the facility. (Call from a pay phone at an airport or hotel).

Expect to spend $2,500 to $4,000 for a small one-day inspection (plus expenses), and $250 or more for an hour of confidential telephone consultation. Additionally, most TSCM firms prefer to be paid up front, and many will not perform cleanups until an initial vulnerability assessment has been completed.

Many of the TSCM professionals you seek are electrical engineers, communications engineers, and government-trained intelligence personnel.

All legitimate counterintelligence TSCM professionals are certified, contracted, and vetted.

TSCM professionals are only licensed in two states (North Carolina and Nevada), and in those states the industry is heavily regulated.

North Carolina is the only state that requires formal TSCM training, but anyone can be certified by taking one week of classes at the introductory TSCM level (nothing more than basic electronics).

Private investigators are rarely trained to perform wiretapping, and their training, basic education, and equipment are geared toward installing wiretaps, not detecting and removing them.

Always remember that TSCM is a technical service and that your local police department has nothing to do with it. Law enforcement agencies (including federal agencies) do not provide TSCM services to the public. They simply do not have the equipment or training to do so.

Don't expect any law enforcement agency to help you find a bug (that's not their job). The only time a law enforcement agency comes into the picture is on the rare occasion that a bug is found during a TSCM (and even then, most agencies will pretend it never happened). It's easier to get an FBI agent to help you plant tulip bulbs in your garden than to do a bug cleanup for you).

Look for someone with a strong technical background, not a basic law enforcement or investigative background.

A great indicator of a TSCM professional's legitimacy is their past or current TS-SI/TK (with SBI) or SNSI/WNINTEL clearance. If they don't have one on their record, politely (but quickly) show them the door.

Stay away from any TSCM professional with a criminal record. A significant number of “security or privacy consultants” are actually — criminals — repeat offenders who will scam you if you give them the slightest chance (and they have no clue about TSCM).

Beware of anyone who tries to advertise themselves a little too much or who seems to use the services of an advertising firm or press agency. Are they trying to impress you by telling you about all the articles that have been written about them? True TSCM professionals do not seek the limelight or publicity, as their work is most effective if they remain in the shadows.

You should also resolutely avoid anyone who tries to convince you that they are or were corporate spies. These people are nothing but trouble and should not be trusted at all.

Try to find out if the person you are talking to actually provides TSCM services. This is important because many firms use salespeople who know nothing about TSCM (but appear to know). The TSCM teams of these firms are then made up of poorly equipped technicians who have no idea what they are doing (often wearing lab coats with pistols in holsters under their arms to appear more “intimidating”). The equipment they use may look good and the team may look sophisticated… but in reality they know nothing about TSCM.

Try asking a TSCM specialist to show you a real bug, and many will. If they show you one, then show them the door as quickly as possible. Legitimate TSCM specialists cannot have any type of eavesdropping equipment (as this is a serious criminal offense). It is one thing if they show you some slides, photographs, written reports, protocols, or industry catalogs — but they never have real devices! Stay away from anyone who reveals that they have some kind of bug or eavesdropping device.

Beware of those who appear to be privileged, licensed, or some other subcontractor. A few scammers advertise expensively and then resell the orders they receive for a percentage of the work. The training these people receive in TSCM is minimal and usually limited to only 3-5 days. Watch out for glossy brochures, flashy ads and high-pressure marketing tactics.

Avoid TSCM professionals with basic private investigator or law enforcement training (FBI, SEA, NIS, CID, AFOSI, etc.) as they do not have much formal technical training.

Just because someone has worked for the FBI or NYPD for twenty years is not enough to be a qualified TSCM professional.

Always find out what current and up-to-date training these individuals have received (when was the last time they attended a multi-week training course at AT@T, IBM, Rolm, NTT, Toshiba, HP, Sun, SGI, Apple, or Novel?)

One of the big problems in the TSCM industry is operators who originally learned TSCM in the 60's and 70's (usually while working for the government as a counterintelligence agent) and have not bothered to refresh their original training.

They are completely ignorant of modern digital PBXs, cannot monitor a LAN for bugs, can barely operate a digital spectrum analyzer, and have no idea how to monitor a computer for security vulnerabilities.

Most of them will not check a copier or fax machine for bugs.

Also, do not mention fiber optics to these guys, they will go into convulsions and start mumbling something and telling you that fiber is protected from bugs.

They will also try to convince the public that monitoring devices never operate at frequencies above 3 GHz.

Most of these operators can be recognized by the fact that they have a background in law enforcement or investigations, but little technical training recently.

These «problem children» aspire to work as private detectives, in spy shops, or in related businesses located somewhere nearby.

BE CAREFUL, CAREFUL, CAREFUL….
Always ask for technical background information from those offering their services.

Information to be provided prior to an inspection

(Usually sent to the TSCM firm via courier prior to scheduling any visit).

1. The most important question (and one that is often not asked in advance) is: “What do we do if a cache is found?”

1. Physical description of the area requiring TSCM services including: area name, number of rooms, number of buildings, address and location.
2. Area in square footage (including room and office sizes).
3. Types and number of telephones and computers in the area.
4. Primary and secondary number identification and telephone numbers.
5. Secure telephone and fax number (including CIK/cipher used, transmitted via courier if STU/STE will be used).
6. TSCM clearance requirements for specialist and support personnel.
7. Date and serial numbers of previous TSCM reports and the status of implementation of previous recommendations.
8. Information that may affect the planning of TSCM services (e.g., start date of construction of the building to be inspected, completion date of the building under construction, etc.)

1. A complete set of drawings of the building to be inspected (preferably 1/8 inch scale)
2. Location of all telephone rooms and wired kiosks (indicate on drawings).
3. Office/home furniture layout plan (usually on drawings).
4. Placement of all electrical outlets and switches
5. Ceiling type (suspended, open, plaster, etc.)
6. Telephone system type (AT@T, NTT, Rolm, Toshiba, etc.)
7. Computer system type (IBM, Apple, Compaq, Sun, HP, Silicon Graphics)
8. Local Area Network (LAN) type (Ethernet, Token Ring, Fiber, ATM)
9. WAN Type (ATM, 56K, ISDN, Frame Relay, ATM, SONET)
10. List of all known phone numbers on the property (from old phone bills
11. Notes regarding recent repairs, new furniture, or equipment deliveries
12. Names of other tenants in the building (two floors up and two floors down)

Actual TSCM inspection

A portion of the TSCM inspection (25%) should be done during business hours, as some sites only operate during these hours).

The main part of TSCM inspection (75%) can be carried out outside working hours (evenings and weekends), according to the customer's requirements.

The most important points

If your office is at risk, then so is your car and your residence. Very often, an intelligence agent will not plant a cache in the executive's office, but will plant it in the executive's home or car. This is a favorite method of action of Asian and French intelligence agents against US businessmen and corporations.

A proper TSCM inspection should include an inspection of the client's car and private residence.

A TSCM specialist — a person with specialized technical expertise who can actually locate any type of bug, wiretap, or embed.

This person must also have a high level of security expertise and typically have training in computers, security systems, access control systems, plumbing, and intelligence analysis.

There are seven schools recognized as legitimate in the industry (three of which are government schools).

Your local spy shop, private investigator, or security company is not in the bug-cleaning business because they have little formal training and rarely have the specialized equipment to perform such inspections.