The TSCMi annual conference is a two day event bringing together TSCM consultants and practitioners with representation from across the world from the private and public sectors to share the latest information upon eavesdropping technology and the products and techniques designed to mitigate against the ever more sophisticated threat.
This year’s recent conference covered a wealth of subjects including the challenges of 5G, the view from the opposition and the vulnerabilities of that computer on wheels we all call a car. Most significantly this year a constant and emerging thread running through the event was evidence of an increased awareness by business and government of the threat to corporate and government assets from Technical surveillance and other forms of eavesdropping, and an aligned increase in investment to combat the threat. This is further supported by recent security press articles, particularly from the USA, support this viewpoint
To one who has been actively involved with technical security for many years an understanding of the continued and undiminished eavesdropping threat has been ever present. Conducting TSCM surveys for clients in conference centres and heavily populated business conurbations has frequently resulted in not just evidence of surveillance regarding clients, but also positive identification of active technical eavesdropping attacks upon neighbouring businesses and premises
So why has consideration of the eavesdropping threat been so low in the minds of those concerned with the protection of information assets up to now? And what has triggered this increased awareness amongst the wider business and government community?
John CarterTSCMi Conference 2018 – Technical Eavesdropping “A re-awakening of the threat”
Recently a TSCMi member brought to our attention a YouTube article referring to a hacking vulnerability of Amazon’s Echo, the audio personal assistant, to provide the opportunity for malicious use as an eavesdropping device. In truth this should not be a surprise. On line Hacking communities have recently been full of such vulnerabilities, and these are not just limited to the Echo. There are a number of similar “smart speakers” and apps that provide personal assistant functions on laptops, smartphones and tablets.
And they’re all smarter than you might think.
John CarterSmart Speakers – smarter than you think!
The enthusiast community engaged in the use of Software Defined Radio (SDR) projects is ever finding new functionality with which to experiment. One recent example, particularly relevant to the TSCMi, is development of software capable of utilising SDR to mount a TEMPEST attack upon laptop screens.
TEMPEST attack capabilities have been around for a long time, but such an attack as this has previously required sophisticated and expensive hardware and associated complex software.
John CarterTEMPEST Laptop screen attack – now in domain of radio hobbyists
As stated on the Home page of our institute web site, one of our key objectives within the institute is described thus:
“the institute endeavours to maintain best practices within the industry, improve standards and educate future practitioners to safeguard the industry.”
This web site is one of the routes by which we can promote and guide our membership such that they may adhere to a core set of principles as illustrated in our Code of Practice and based upon the UK National Occupational Standards (NOS).
But how does this help those who seek TSCM services? How does the potential client identify a TSCM service provider who will be able to correctly identify the right service to meet the client’s needs?
John CarterHelping the Client find the right TSCM service