CCTV

Organization of search activities.

logo11d 4 1

V. Alekseenko, A. Sarzhin
Corporation «ROSSI»

ORGANIZING SEARCH EVENTS

Manual for security personnel, heads of business and commercial structures

I. Introduction

One of the threats to the activities of state and commercial facilities, such as enterprises, organizations, firms, buildings of ministries, departments, their offices, etc., is the unauthorized removal of information circulating in them — official, commercial, personal, etc.

There is also a simpler name — eavesdropping, however, recently the most modern achievements of science and technology have been used in such activities, using not only methods of auditory control.

Currently, the following possibilities are used to penetrate other people's secrets:

  • eavesdropping on conversations indoors or in a car using pre-installed radio microphones, radio stethoscopes, miniature tape recorders, etc.;
  • monitoring telephone conversations, telex and fax lines, radio telephones and radio stations;
  • remote retrieval of information from various technical means, from computer monitors and printers, etc.

In addition to these most common types of eavesdropping, there are others, such as, for example, laser irradiation of window panes in a room where «interesting» conversations are taking place, or, for example, directed radio radiation, which can make a part of a television, radio receiver, or other equipment «respond and speak.»

But such methods of information extraction require their own specific conditions, are currently quite labor-intensive, quite expensive and therefore are used, as a rule, by well-equipped special services.

The abundance of methods and techniques for information extraction is counteracted by a large number of organizational and technical measures, which we will further call special protection.

One of the main areas of special protection is the search for wiretapping equipment or search activities. In the object protection system, search activities act as a means of detecting and eliminating the threat of information retrieval.

II. The purpose and basis for conducting search activities

A complex task that is solved in the process of search activities is to determine the state of technical security of the object, its premises, preparation and implementation of measures that exclude the possibility of information leakage in the future.

There is no point in wasting time and money if, some time after the search operation, someone can bring in and install a listening device in the premises again. The search operation is effective only if, after it is carried out, the appropriate security regime is maintained at the facility and in its premises and the recommended protection standards are met.

When selecting and preparing technical means for conducting search activities, it is necessary to take into account that the devices are only capable of indicating a suspicious place, the physical characteristics of which are similar to the characteristics of a listening device.

Therefore, the possibilities of using the most advanced devices and systems in a search should not be overestimated.

The necessary basis for effective and efficient search activities are search methods tested in practice in combination with professional techniques for using search equipment.

A pre-prepared and tested plan for conducting a search at a specific facility will allow you to avoid unnecessary openings and seals (and, consequently, large expenditures of time and money), and most importantly — after completing all search operations, give an answer about the state of special protection of the premises and the facility as a whole, its sufficiency to repel the actions of a specific enemy, and directions for improving counteraction to the threat of information retrieval.

An important condition for the effectiveness of search activities is their prompt support — studying the situation around the facility, organizing installations and checks of suspicious persons visiting the facility, verification activities in relation to the facility's personnel, etc.

III. Preparation of the search activity

3.1. Study of the facility

The purpose of studying an object before conducting a search operation is to determine a potential enemy, assess its operational and technical capabilities for penetrating the object for the purpose of collecting information.

The equipment for collecting information cannot appear at the object by itself; someone must bring it to the «interesting» office and install it there correctly.

For these purposes, such employees of the object or persons who periodically visit it are usually used, such as a telephone repairman, electrician, cleaner or furniture maker. People of these specialties periodically work in offices where conversations are held, where various information is stored and processed.

During the periods of stay in the premises of this category of persons, there is, as a rule, sufficient time for a thorough study and selection of locations for installing information collection equipment, checking the efficiency of special equipment, replacing power supply elements and dismantling special equipment after the end of its service life.

Before an important meeting, negotiation or conversation, you can replace any item on your desk with exactly the same one, but with electronic «stuffing», and then return everything to its place. You should take into account situations when special equipment can be hidden in gifts or souvenirs, which are often used to decorate offices and meeting rooms.

The most convenient situation for introducing various eavesdropping equipment is a major or cosmetic renovation of the office and the entire facility.

The telephone is a classic place for eavesdropping equipment. It is very difficult to detect hidden special equipment in modern electronic telephones. Often, the electronic elements of the device themselves can be eavesdropping devices even without preliminary modification.

In this regard, it is recommended to install in offices where important meetings and negotiations are held only those telephones that are recommended by special protection specialists and have been previously checked by them.

When studying an object and premises, it is recommended to imagine and assess the equipment of the enemy whose special equipment is supposed to be detected.

Indeed, it is impossible to approach with the same methods of protection from the CIA or from a commercial structure.

In addition to the great difference in financial and technical capabilities, they may have completely different interests in the object.

When imagining your potential enemy, you can evaluate not only his technical, but also operational capabilities that he could use at the facility. Thus, in order to permanently install special equipment in enclosing structures (walls, floor and ceiling), you need to have a fairly large (3-5 people) technically trained team and the ability to secretly enter the facility and premises for at least several hours.

Depending on this, the tactics of conducting a search operation can vary significantly — from demonstrative open search work to a whole range of covert activities.

It should be remembered, however, that a fairly simple radio microphone can be installed even by a non-specialist in a few minutes during one short visit to a room or office.

Next, when studying the search object, the closest attention should be paid to the location of the room and the visiting mode of both it and the adjacent offices. For example, if it borders on a bathroom, then the enemy has a real opportunity, without attracting attention, to drill a hole in the ear canal from this side and install special equipment.

The presence of wall cabinets with communications in the adjacent corridor also provides good opportunities for the introduction of special equipment. The situation is especially difficult when the change of furniture and interior items, the laying of communications and other actions in the room are not controlled, which creates real prerequisites for the introduction of listening devices.

In such cases, it is very difficult to localize the information leakage channel, determine who and when installed the listening device and, accordingly, what information got to the enemy.

If data on the presence of a leak channel is obtained promptly, then the analysis of the information will allow us to determine the approximate time of implementation, and comparing it with other events (repairs, change of furniture, etc.) and the location of the equipment installation. You should also pay attention to the behavior of telephone lines — incomprehensible «unaddressed» calls, «dial-up», distortions in the line, etc. You can try to «play out» the event of introducing special equipment, i.e. look at the object through the eyes of the enemy. To do this, you need to «select» the location of information reception points, work out the mode of their maintenance (control of equipment, change of cassettes, ensuring security). Then, from these positions, study the environment of the object again.

Thus, the operational study of the object allows us to assess the most probable search routes and locations, and develop tactics for conducting search activities. It is advisable to draw up a plan-diagram of the premises, communications schemes, and determine the material of the enclosing structures. Based on this, the type of equipment and the features of its use are determined. Naturally, if there are reporting materials from previous search activities, they should be carefully studied and constantly used during the search to compare the results.

The above work on studying the object comes down to the following stages:

  • determining the probable enemy and assessing his operational and technical capabilities for penetrating the premises;
  • study of the location of the premises and its surroundings;
  • study of the mode of visiting the premises, the procedure for installing interior items, furniture, and carrying out repair work;
  • establishing all facts of repair, installation or dismantling of communications, replacement of furniture or interior items;
  • study of the structural features of the building and enclosing structures of the premises;
  • study of all communications entering the premises or passing through it.

3.2. Preparation for the start of search operations

After studying the object, it is necessary to develop a search method for a specific object and make a list of search equipment. First, methods for checking and examining objects at the object and in the premises are identified. Items containing electronics are allocated to a separate group — they require disassembly, visual inspection, comparison with standards and radiography (viewing using X-ray images).

Another group is furniture and interior items; a metal detector, an X-ray machine and a non-linear locator are required for their inspection. The third group is electrical installation products, which are checked using an X-ray machine and a non-linear locator.

To inspect communications, you need a communications detector, a route finder, and a tester. And finally, to inspect enclosing structures, you need a nonlinear locator and a metal detector. This sequence is optimal; it can change depending on various circumstances, for example, if there is a separate room into which you can first take out all the interior items, primarily those that may be sources of interference and false alarms at subsequent stages.

After classifying the inspection methods, the timing and sequence of search activities are determined, which depend on the scope of work for each method, the amount of equipment, and the experience of the searchers.

It is necessary to take into account the electromagnetic compatibility of the equipment, for example, when working with a non-linear locator, it is possible to «detect» other search devices. Particular attention when preparing a search plan should be paid to the suspicious and most vulnerable places of the object and premises noted at the study stage. In these places, it is advisable to conduct research in several ways, for example, non-linear location in combination with fluoroscopy (viewing with an X-ray machine).

For each of the search directions, it is advisable to first develop a model of the technical means of the potential enemy. So, if you plan to search for wire communications laid by professionals from the special services, then the X-ray machine should give a resolution of less than 2 mm, and if the enemy is a commercial structure, then 2-3 mm is enough. Wires of the appropriate diameter should be included in the test, which will be placed during each survey to determine the accuracy of the survey.

Tests for other studies are prepared in a similar manner; it is often sufficient to use samples of special equipment that, in your opinion, correspond to the enemy's level. Thus, to search for products introduced by an enemy whose capabilities do not exceed those of commercial structures, it is sufficient to purchase several samples of domestic and foreign radio microphones on the market. Having prepared models and using them before each test, you can be sure that your search device allows you to detect any devices in a given location that do not exceed the class of your model.

A separate item in the search plan is monitoring the airwaves at the search location. Here, special attention should be paid to secrecy, so that an outside observer would be unable to link the work of the radio monitoring operator to the search team. Monitoring the airwaves should begin several days before the team arrives and end several days after the work is completed. At the preparation stage, the team's actions in the event of detection of an information leak channel or hidden special equipment should also be planned. This can be either a demonstrative search, when the work is not hidden and the seizure is carried out immediately after detection, or a covert search, when the detected channel is used to transmit disinformation or is «closed». artificially created interference, which must be given the character of natural interference (air conditioning, fan, etc. installed).

A covert search is preferable for many reasons:

  • firstly, it becomes possible to localize the information leak, identify the possible installer and controller of special equipment, and begin preparations for «closing» the channel with disinformation or interference;
  • secondly, based on the analysis of the technical characteristics of the channel, it is possible to try to conduct an operational search in the places where the information reception point is most likely located and reach the «customer»;
  • thirdly, the safety of the searchers is increased, since attempts to obstruct their work are possible (in foreign conditions, this is provocation and expulsion from the country, and in Russian conditions — direct physical impact).

In this regard, the search plan should include:

  • a clearly developed legend for the appearance of searchers at the site being surveyed and in the city in general;
  • the line of conduct of searchers when carrying out work: silence or conversations on topics not related to the search, masking the noise of equipment with household noises, etc.;
  • actions to close the leak channel with some noise source until the work is completely finished. It is necessary that this source naturally fits into the behavior of the owner of the premises or the legend of the team's presence. So if the work is carried out under the legend of repairs, then the presence of «music lovers» in the team, listening to pop music from morning to night will not arouse suspicion. An unusual situation would be when the owner of the office «for no apparent reason» began to listen to such things around the clock.

The legend of search activities and work to prepare for them should be given the most careful attention, since the safety and effectiveness of the event, the reliability of its results largely depend on it. For example, for an operationally unprepared employee of the facility or his entourage, the arrival of, for example, a team from Moscow to Krasnoyarsk to carry out cosmetic repairs of the office of one of the managers may seem strange. Much more convincing may be another reason — installation and adjustment of special communications equipment.

When preparing operational support for the search, it is also necessary to take into account the need to remove all persons from the premises being examined, including those who know the nature and objectives of the work. The fewer people are familiar with the technology and methods of the work, the more likely it is that they will be successful.

The team leader studies the object and develops a plan for the search event, especially its operational part.

He must:

  • establish contact with the person responsible for the safety of the building or the entire object;
  • develop with him a legend for his appearance during the study of the object;
  • obtain from him or through him answers to all questions necessary for studying the object and preparing the event;
  • develop and agree on a plan for operational support of the event;
  • resolve issues of delivery and storage of search equipment at the site, the procedure for bringing it into the premises being surveyed, placement of team members and their access to the building in accordance with the developed legend.

The final documents in preparation for the event are:

1 ) an action plan to cover the work of searchers;

2 ) an action plan to localize the information leak channel if it is detected;

3) a list of persons privy to the nature of the work;

4) a plan for conducting radio monitoring with selected and verified locations for installing radio equipment;

5) a plan of the adjacent area within a radius of up to 1000 m, indicating, if possible, the ownership of buildings, especially those located in direct line of sight of the windows of the premises (preferably with photographs or video recording);

6) floor plans of the building indicating all rooms adjacent to the one being surveyed, characteristics of walls, ceilings, finishing materials and utilities, as well as information about persons occupying adjacent rooms and the mode of their visitation;

7) plan-diagram of utilities of the entire facility indicating all panels and junction boxes;

8) plan of the room being surveyed indicating all interior items, furniture and equipment, electrical installation products and means of communication;

9) plan for the execution of works indicating the deadlines, sequence and performers;

10) list of particularly suspicious places and a separate plan for their survey;

11) model of special equipment expected at the site to check the effectiveness of the search;

12) legend of the search operations;

13) action plan in case of detection of special equipment or information leakage channel; 14) list of search equipment.

IV. Conducting the search operation

4.1. Monitoring the radio airwaves

The search operation begins with studying the operational situation around the facility:

  • determining the probable location of checkpoints (CP) for receiving information from special equipment, possibly installed at the facility; — operational development of the proposed CPs;
  • recording suspicious vehicles that have been parked for a long time with passengers, appearing and disappearing together with the owner of the premises being inspected; conducting covert surveillance of them;
  • organizing the work of the radio air control point (RACP).

Initially, the PCR should be deployed in the building of the facility or near the premises being checked. The main purpose of the PCR is:

  • to create a map of airtime occupancy in the area where the event is taking place;
  • to select and exclude legal (known) radio stations from further analysis;
  • to perform statistical analysis of suspicious stations.

Such radio monitoring can last from 2 to 7 days, then the PKR is transferred to the premises being checked and the signals received there are compared with the statistics obtained earlier.

Special attention is paid to signals whose level increased when the PKR was transferred to the premises being checked. These signals are taken under special control, their development is carried out, and the content of the information is studied in order to find the source of the signal.

If the signal changes abruptly when moving inside or around the premises, then the signal source is in the near zone, inside the building or on the territory, and for its localization it is possible to additionally use field indicators, preferably with a built-in frequency meter, or use a separate portable frequency meter. In this case, it is possible to determine the parameters of the developed signal.

Also, attention should be paid to signals that are «synchronized» with the appearance or departure of the owner of the premises or members of the search team.

The airwaves must be monitored throughout the event and for several days after its completion. It is quite possible that the enemy has deciphered the team's work and turned off the data collection devices for this time, and after the search is complete, he will try to turn them on again.

During the search event, it is necessary to move the anti-ship missile system several times within the premises and building, constantly comparing the results obtained. This increases the likelihood of detecting the signal source at the facility.

4.2 Visual inspection

The search in a specific room begins with its visual inspection. First, a comparison with plans is made, furniture and interior items are identified. If possible, all devices containing electronics should be removed from the room and examined separately.

During the visual inspection, the main attention is paid to discarded (quickly brought in) items, the origin of which is not exactly known.

Also, all cavities and cracks in baseboards, floors and behind heating radiators, hard-to-reach places on cabinets, cornices, etc. are carefully inspected. Furniture is moved aside, drawers and internal cavities are removed and inspected.

Electrical sockets and switches are opened and inspected, electrical installation fittings are disassembled, risers and utility inputs in and around the room are inspected. If possible, all wires and utilities are traced visually and with the help of endoscopes. In this case, it is necessary to strictly adhere to the safety rules for working with the electrical network — turn off the electrical panels, use network indicators, rubber gloves and protective mats.

4.3 Checking electronic devices

Checking devices with electronic components is the most difficult task, since hardware methods are practically inapplicable here. The basis of the work in this case is comparison with the standard. Electronic devices are opened and inspected in order to identify changes in the circuit and the appearance of additional designs that were not made at the factory.

Special attention should be paid to soldering to power supply wires. The fact is that it is possible to fully implement a data collection device into an industrial product only in factory conditions, therefore a faster, relatively simpler and therefore more probable method of implementation is to connect special equipment to the power supply circuit using conductors.

Of course, it is very difficult to determine the purpose of all the elements, for example, in a computer. This work is only possible for specialists, but with careful inspection, traces of elements installed outside the factory cycle can be identified: traces of soldering, changes in the color of the coating in the soldering areas and other marks of intervention.

A great help is the presence of a standard, i.e. a similar sample, in the «purity» of which there is confidence. Therefore, it is necessary to know in advance the brands of all electronic products and select their standards. It is most convenient to take photographs and radiographs from them for subsequent comparison with the sample being tested. Particular attention should be paid to the reinforcement elements of the case of electronic devices. A radio microphone can easily be placed in their thickenings.

In the future, photographs and radiographs of the examined electronic devices can be used for re-testing, already as a standard.

Capacitors are radiographed separately, especially in telephone sets, since radio microphones are often «embedded» in capacitors.

Before disassembling electronic devices, such as modern telephones, they are checked using a field indicator and a frequency meter for the presence of radiation both when switched on (telephones with the handset off) and when switched off (respectively, with the handset on). If there is suspicious radiation that is registered by the indicator at a distance of 60-80 cm from the device, it is necessary to tune the radio monitoring complex to this frequency and, irradiating the device being tested with an acoustic signal, look for signs of modulation in the received radio signal.

It is best to use a generator with a sharply changing level (like a siren) as the irradiating signal, and observe the received signal on a spectrum analyzer or oscilloscope connected to the PKR receiver.

This method of checking radio signals gives a positive effect even in the case when an unusual type of modulation or encryption is used in the radio microphone. In this case, the acoustic modulation signal sort of «overloads» the transmitter and this can be detected in its radio signal.

1 2

    Мы используем cookie-файлы для наилучшего представления нашего сайта. Продолжая использовать этот сайт, вы соглашаетесь с использованием cookie-файлов.
    Принять