Technical Information Security Surveys (TSCM) Counterespionage Consulting Services
for business & government, since 1978.
Our most unusual...
Most unusual assignment locations.
The middle of the North Atlantic aboard the Queen Elizabeth II.
Most unusual client.
A secret facility that creates serious spy gadgets for the government.
Most unusual circumstances.
An ousted televangelist is publicly accused by his successors of eavesdropping on them. The truth, they were eavesdropping on him.
Most unusual and successful counterespionage assignments.
We caught a group of foreign nationals actively engaged in a spy mission in our client's headquarters. Our client was a Fortune 100 company. They had been diligent over the years in conducting proactive inspections. This day it paid off.
What else should I know about Murray Associates?
Scary is not professional. We don't have spy vans, mirrored sunglasses or hokey doctor smocks. We arrive at your location as simply ordinary visitors with a few plain cases.
As invited guests to your premises, we always act accordingly. Low key in demeanor, dressed to blend in. We do not disrupt the normal flow of business, or appear out of place after-hours.
We work at your convenience. This means evenings, weekends and even most holidays... at no extra charge.
You can trust our estimates. No nebulous guesses. No surprises.
Our findings can be entered as evidence in legal proceedings. We will also act as your expert witness.
The Secret to Successful Corporate Counterespionage
Look for the major warning sign - electronic surveillance.
Intelligence collection is a leisurely process. Your conversations and information are collected – in many ways – long before they are used against you. Until this intelligence is used, no harm is done.
During the intelligence collection stage you still have time to protect yourself... if, you look for the warning signs:
• GPS tracking,
• micro voice recorders,
• GSM cell phone bugs,
• Wi-Fi network intrusions,
• computer keystroke loggers,
and the traditional espionage techniques.
Do other companies sweep for bugs?
Yes. Most organizations integrate TSCM debugging into their overall security program. They protect themselves because...
1. Information theft is considered acceptable in other parts of the world, and is becoming acceptable here as well.
2. Eavesdropping technology is inexpensive. Anybody can do it, and the chances of getting caught are very slim.
3. Many of our communications technologies contain features which allow eavesdropping.
4. General Counsels are concerned that not addressing this security issue would be viewed as negligence by stockholders.
My company wants me to explore in-house TSCM.
Please visit this page for our best advice.
How often are Eavesdropping Detection & Wireless LAN Audits conducted?
• Quarterly is the generally accepted business practice.
• Semiannual and bimonthly schedules are the next most common.
• Occasionally people have requirements for monthly audits.
Note: TSCM inspections which are not renewed periodically may be interpreted in court as an admission that previously protected information is no longer a business secret.
Will you help us create a counterespionage strategy?
Yes, in three easy steps.
Our initial inspection of your location includes: an interview to learn about your organization's culture and concerns; a technical evaluation to discover illegal electronic surveillance activities; and a pro-active information-security evaluation.
We will make cost-effective recommendations to make your organization a less attractive target.
Periodic re-inspections: assure new attempts at electronic surveillance are caught quickly, before harm is done; new loopholes are discovered before advantage is taken of them; security measures in place are tested to assure continued effectiveness.
In between inspections, we are here as your security counselor.
Can I add TSCM protection without increasing my security budget?
Sure. The money is probably there; it's just mis-allocated.
Many security budgets are lopsided. They morph out of shape over time. Common causes include pressure to protect the easily seen physical assets, and over-spending on IT security.
You want to avoid a situation where 80% of your budget protects only 20% of your assets. Keep in mind, intellectual assets are far more valuable than physical assets. Evaluate what makes your organization valuable. Then adjust.
Should I worry about Laser Beam Eavesdropping?
No. Click here to learn why.
How much business espionage is really going on?
No one really knows. Eavesdropping, wiretapping, snooping, voyeurism, and espionage are covert activities. When done correctly, there is no awareness.
We do know that these activities take place. Stories about spying appear every week in the news media. But, consider this... These stories are actually the spying failures! The successes escape notice.
Even though no one really knows how much bugging is going on, we can logically say, "What we know is just the tip of the iceberg."
What does a spy look like?
While there is no exact answer, a composite picture was developed by the Business Espionage Controls and Countermeasures Association...
• 21-35 years old. Female as often as male.
• College graduate with a low-value degree.
• Broad, short-term employment background.
• Money problems - low pay, poor self management.
• Military intelligence experience.
• Acquaintances with law enforcement backgrounds.
• Considered an outsider or loner.
• Disability precluding a law enforcement career.
• No police record prohibiting sensitive employment.
• Has driver's license, possibly a poor driving record.
• Romantic hobby / interests ...writer, photographer, sky diver, scuba, etc.
• Collects underground & paramilitary literature.
• An active interest in firearms, often with training.
• Recruited from a want ad for Investigative Trainee.
• Often just a drone of a professional handler.
• Skills associated with code breaking and espionage. (music, chess, math, etc.)
Keep this list in mind, but remember...
Your snoop could be anybody.
What are some of the other odd names for bug sweeps?
Many monikers are used to describe TSCM and the people involved.
• TSCM - Technical Surveillance Countermeasures, Technical Surveillance
Counter-measures, Technical Surveillance Counter Measures.
• EECS - Executive Electronic Countermeasures Services,
Electronic Eavesdropping Countermeasures Services.
• ECM - Electronic Countermeasures, Electronic Counter Measures.
• EDA - Eavesdropping Detection Audit.
• Anti-bugging - Commonly used in advertising by equipment sellers.
• Bugger - Buggist (UK)
• Bug Sweep - Bug Sweeper, Bug Sweeping, Sweep.
• Countermeasures - Espionage / Electronic Countermeasures.
• Detection - Electronic Eavesdropping Detection, Electronic Surveillance
Detection, Bug Detection, Bug Detecting, Wiretap Detection.
• Electronic Exterminator - Exterminator, Extermination.
• Espionage - Counter Espionage, Espionage Countermeasures,
Industrial Espionage, Business Espionage.
• Spy Busting - Spy Busters, Spybusters.
• Surveillance - Counter-Surveillance, Surveillance Countermeasures,
Electronic Surveillance Detection.
• Technician - Technical Investigator, Sweeper, De-bugger,
De-buggist (UK), Exterminator, Electronic Countermeasures
Professional, Counter-surveillance Technician.
Why eavesdropping, espionage and snooping flourish.
• Risk level: Low.
• Reward level: High.
• Eavesdropping Tools:
- Readily available in spy shops and on the Internet.
- Untraceable when purchased from foreign countries.
Other Contributing Factors...
• Eavesdropping and espionage are morally acceptable in some cultures.
• Increased competitive pressures placed on employees, consultants and
businesses force ethics bending.
• Media glorification presents spying as sexy and justifiable.
• Since the 60's, spy toys and games have been actively promoted to
children as being fun and acceptable. Children grow up.
Why will the spying problem worsen?
Because we glorify spying to our children.
"In becoming accustomed to such toys and the pleasures they bring,
the seeds of an amoral and suspicious adulthood
are unwittingly being cultivated." — Gary T. Marx
(From The Los Angeles Times, December 25, 1988. As valid today as it was then.)
Another insightful article...
Our Snoopy Pups — Charles McGrath, The New York Times
"Which comes first, our passion for surveillance or all the spy toys
American kids learn to love? ... Far and away the creepiest new toy
theme, though, is snooping...
I think the government is tapping my phone. What can I do?
and we can't help you.
But you might want to read...
Written in 1993, it is still a good primer.
Why do organizations conduct Business Espionage Security Surveys / TSCM inspections?
• Sensitive information is vulnerable long before it is computerized.
• Ideas and strategies are discussions, not data.
• To detect unauthorized intelligence gathering before the loss.
• Detection allows time to stop the loss.
• To solve current information loss problems.
• To limit windows-of-vulnerability.
• To help satisfy due diligence requirements.
• To help satisfy legal and regulatory requirements.
• To avoid non-compliance penalties and fines.
• To help establish the legal status for 'business secrets' in court.
• To help protect employee privacy and personal safety.
• To identify new information loss vulnerabilities before they are used against you.
How do we go about using your services?
1. Contact us from a “safe” area. Tell us about your concerns and security
goals. We will provide suggestions and guidance about the best course
of action to take.
2. Let us know some information about your security concerns, goals, and the areas you consider sensitive. You may also email us a floor map to help explain.
3. We promptly prepare a written Proposal. It contains competitive pricing
(with expenses closely estimated), a suggested inspection strategy, and a
Letter of Engagement.
There are never any cost surprises when working with Murray Associates.
We help you plan your inspection so it stays within your budget.
4. Upon acceptance, we schedule a mutually convenient inspection date.
We are available 24/7, at no additional charge.
5. Our team (2-4 people) will arrive at your location, dressed to blend in,
with a few nondescript equipment cases stacked on a small luggage cart.
6. You are welcome to be with us, and ask questions, throughout the
inspection. We enjoy explaining the methodology and equipment.
7. Upon completion, we conduct a verbal debriefing.
8. A full written report is usually delivered within a week. It includes: an
executive summary, findings, explanation of instrumentation and
methodology, an inventory of areas inspected, serial numbers of security
seals used, information security vulnerabilities discovered, and cost-
effective recommendations for remediation. We are always available to
review your report with you.
With Murray Associates, your due diligence is documented in writing
by an independent and certified, professional security consultant.
9. Once you are a member of our client family, we remain available as your
security resource. Call here first whenever you have a security-related
question, or need to locate a security resource.
Do you need to see our location before you give us an estimate?
It is rarely necessary to inconvenience you – or tip your hand – with a preliminary visit. Just let us know your security concerns and goals. If your assignment is extensive a floor plan is helpful.
Do you have references?
After four decades of consulting on eavesdropping and espionage, we have some very impressive references.
• 375+ of the Fortune 1000 companies.
• 800+ others from every imaginable corner of business.
• Located in 38 states, and several foreign countries.
• Many North American government agencies.
Visit our Services page for recommendations from our clients. Ask your associates and colleagues about us. Chances are very good we have already helped a security director, or an investigator you know personally. They are our very best references. We can also arrange for you to speak directly with our clients.
What is included in an inspection?
Radio Frequency Spectrum Examination
Radio transmitters are the most common eavesdropping devices in use today. Room and telephone bugs transmit audio; spycams may transmit both audio and video. Computer data and keystrokes may also be transmitted out of the area, wirelessly. The Radio Frequency Spectrum Examination is a core component of the eavesdropping detection sweep.
When budgets do not allow full inspections as frequently as you would like, a Radio Emissions exam economically provides an interim level of security.
Wireless LAN Security Audit & Compliance Examination
This exam determines if your system is open and easily available to hackers, intruders and eavesdroppers. It also detects rogue Access Points, innocently placed by employees, or on purpose by an outsider.
Compliance issues under these laws are also discovered:
• Sarbanes-Oxley Act – U.S. Public Companies • EU - CRD (Cad 3) – EU - Capital Requirements Directive
• HIPAA – Health Insurance Portability and Accountability Act • ISO 27001 – Information Security Management
• GLBA – Gramm-Leach-Bliley Financial Services Modernization Act • Basel II Accord – Banking
• PCI-DSS – Payment Card Industry Data Security Standard • FISMA – Federal Information Security Management Act
• DoD 8100.2 – Use of Commercial Wireless Devices, Services, and Technologies in the Dept. of Defense Global Information Grid
TSCM is only part of our service to you.
We consider all aspects
of information security.
Full Area Inspection
Key areas, such as the Board Room, executive offices, and conference rooms, receive a full physical and electronic inspection.
Non-transmitting attacks such as: miniature voice recorders; sound extraction via wire, carrier current, infrared, ultrasonic or laser microphones; covert video (spycams); and keystroke loggers are found this way. These devices may be secreted in hollow walls, false ceilings, furniture, fixtures and other common items which have a legitimate place in the room, such as power strips, radios and clocks.
This part of the inspection is conducted with the aid of Non-Linear Junction detection, Thermal Emissions Spectrum Analysis, additional tools, and manual inspection techniques.
Every communications device is a potential eavesdropping tool. We fully inspect each one. This includes: phones, speakerphones, fax machines, print centers, video-teleconferencing equipment, and their associated wiring / equipment racks.
Our communications examination is a battery of tests, including: electrical measurements; radio-frequency emissions and audio leakage detection; an equipment room security check; inspection of wiring; non-linear junction and frequency domain reflectometry; inspection of feature settings; and an internal physical inspection to locate foreign devices and circuit modifications.
Upon completion of our exams, instruments are sealed with serial numbered government-level security tape. You may periodically inspect these seals yourself to detect tampering, or an unauthorized swap of equipment.
We think there is a problem. What should we do until you get here?
Until we arrive...
• Conduct your affairs normally.
• Do not reveal your suspicions to others.
• Limit confidential conversations.
• Keep detailed notes on anything you feel is suspicious.
• Plan a logical next step if an eavesdropping device is found.
How quickly can you respond?
Emergencies for client family members are handled immediately.
How do you accomplish this?
Companies who have an ongoing relationship with us unofficially agree to be flexible with their regular scheduling when a fellow family member has an emergency. They know that they will receive the same courtesy in return.
Regular inspections can be scheduled promptly as well.
Why trust Murray Associates?
We conduct your TSCM inspection, not some subcontractor.
Our technical specialists have verifiable credentials.
Experience. Four decades, one specialty, same company name.
Your confidentiality is assured.
We provide meaningful references.
We provide written estimates with competitive pricing. No surprises.
We are licensed and fully insured.
All our technical investigators have 13 or more years tenure.
All our technical investigators have 13 or more years tenure.
Our personnel have recognizable, professional certifications: CPP, CISM, CFE.
Government-level TSCM instrumentation.
We don't borrow instrumentation “from the day job,” or rent it each time.
We purchase newest and best instrumentation. (Not old eBay surplus gear.)
Our "detection without destruction" methodology.
Independent. No secret affiliations with products or manufacturers.
Honest advice. We do not sell the security solutions we recommend.
We do not accept commissions, or any consideration from security suppliers.
Our recommendations are made in your best interest.
We have international TSCM inspection experience.
We have multi-national TSCM program management experience.
In-house development of unique TSCM instrumentation.
In-house development of unique TSCM methodologies.
We try harder than anyone to solve your concerns.
Our knowledge. Authored counter-surveillance chapters for 8 textbooks.
Authored book – "Is My Cell Phone Bugged?"
Invented Android cell phone security app - SpyWarn
University teaching experience; multiple TSCM seminars.
Verification of our 'finds' via polygraph testing upon request.
Court testimony and deposition experience.
Created TSCM innovations which are now industry standard practices.
Over 375 Fortune 1000 companies, and 800+ others, have used our services.
Over 3960 TSCM inspections successfully completed.
A majority of our client relationships span 5-35 years.
Top news organizations and book authors seek our advice and opinions.
97% U.S.A. made instrumentation and technology.
Our client’s love us. Be sure to read their unsolicited testimonials.
We are a full-time corporate counterespionage TSCM team.
Our 100% satisfaction guarantee.
We are qualified to consult with you on general security matters.
What areas of the world do you cover?
Murray Associates travels internationally for their clients on a regular basis. Headquartered in the New York City metropolitan area, travel is quick and easy for us.
Do you have associates in other locations?
Yes. Being in the security industry for four decades, we have trusted colleagues in several countries. Bonus... These colleagues are not plucked from a directory. In almost every case, we know these people on a personal basis and have visited their offices.
We often manage assignments for our clients with multinational locations, supervising our local contacts during inspections. By doing so, we solve many logistics and availability problems - especially true when several locations worldwide require a unified electronic eavesdropping audit program, or simultaneous inspections. More details here.
Have us manage your multinational electronic eavesdropping audit program. Our experience and contacts will save you time, effort, money and frustration.
Local: Connecticut: CT, Delaware: DE, Maine: ME, Maryland: MD, Massachusetts: MA, New Hampshire: NH, New Jersey: NJ, New York: NY, Vermont: VT, District of Columbia: DC, Virginia: VA National: Alabama: AL, Alaska: AK, Arizona: AZ, Arkansas: AR, California: CA, Colorado: CO, Florida: FL, Georgia: GA, Idaho: ID, Illinois: IL, Indiana: IN, Iowa: IA, Kansas: KS, Kentucky: KY, Louisiana: LA, Michigan: MI, Minnesota: MN, Mississippi: MS, Missouri: MO, Montana: MT, Nebraska: NE, Nevada: NV, New Mexico: NM, North Carolina: NC, Ohio: OH, Oklahoma: OK, Oregon: OR, Pennsylvania: PA, Rhode Island: RI, South Carolina: SC, South Dakota: SD, Tennessee: TN, Texas: TX, Utah: UT, Washington: WA, West Virginia: WV, Wisconsin: WI, Wyoming: WY, Puerto Rico: PR, Virgin Islands: VI
International: Bermuda: BM, Brazil, BR; Mexico: MX, Bahamas: BS, Canada: CA, United Kingdom: UK, Portugal: PT, France: FR, Netherlands: NL, Switzerland: CH, Monaco: MC, Germany: DE, Turkey: TR, Uruguay: UY, Singapore: SG, People's Republic of China: CN
Do you install eavesdropping equipment?
No, our practice is limited to pro-privacy services.
Do you sell any equipment, eavesdropping or otherwise?
We stick to our specialty; securing our clients' information and privacy.
We do not sell equipment, endorse products, accept secret commissions, gifts or favors from recommended companies or products. Our income comes from clients who pay us for our experience and unbiased knowledge.
Do you offer eavesdropping detection training?
We do not publicly offer a school or seminars for training technical investigators.
We do provide training to our clients who require a secondary, in-house TSCM capability.
Mr. Murray and his staff's training experience includes an introductory seminar entitled Electronic Eavesdropping & Industrial Espionage at the John Jay School of Criminal Justice in New York City.
Can you help me with other security matters?
Our background in general corporate security is extensive. We understand the issues, and we are very good at devising solutions.
Working closely with many forensic specialists, professional investigators and security agencies lets us know "who’s good."
We maintain extensive files on security products. We buy and test many products (with our own money). We know who makes what well, what it does and doesn’t do, and where to buy it at a fair price.
You will appreciate the all the free extras we provide, like our "call-here-first" policy. We save our clients from expensive mistakes, wasted effort, and most importantly - time.
If you want one point of contact for your tough security questions, you will love us.
Book: Is My Cell Phone Bugged? by Kevin D. Murray
Concerned about smartphone eavesdropping, hacking, and spyware?
You've come to the right place. Our clients receive this book (complimentary) as part of our services.
Is My Cell Phone Bugged? Everything you need to know to keep your mobile conversations private — is a new book which explains, in clear language:
• How to tell if your phone has been hacked or bugged.
• How to prevent spyware from infecting your
• What to do if your mobile phone is bugged.
(And, what not to do.)
• How to catch your spy, and much more.
This is a do-it-yourself smartphone security handbook for the average person.
How often are TSCM re-inspections conducted?
• Quarterly is the generally accepted business practice.
• Semiannual and bimonthly schedules are the next most common.
• Occasionally people have requirements for monthly audits.
* Eavesdropping Detection and Wireless LAN Security Audits which are not
renewed periodically may be interpreted in court as an admission that
previously protected information is no longer important.
What should be inspected?
Any place where sensitive information can be heard, seen, or intercepted.
There is usually no need to "check every last inch.” Although normal and instinctive, "check everything" does not use our talents efficiently, and is not cost-effective. Have us start with the most sensitive areas.
There is a point where you will say, “If they have not attacked these areas, then the rest of the areas are probably safe.” With this approach, you will not overspend, and you can move quickly to address any other possible reasons for your concern.
Include the following locations when constructing your list...
• Sensitive areas.
• Adjacent areas, if sounds from sensitive areas can be heard there too.
• All communications equipment within both types of areas.
(phones, speakerphones, video teleconferencing, faxes, modems, LANs, etc.)
• Devices used for sensitive matters but located elsewhere (mobile teleconferencing, etc.)
• Equipment which handles sensitive printed materials.
(photocopiers, scanners, A/V equipment, etc.)
• Telephone rooms, wire closets, and junction boxes.
• Transportation vehicles. (cars, planes, boats)
• Off-site meeting locations.
• Corporate apartments or suites.
• Executives' home offices.
• Company field locations, subsidiaries, etc.
• Other items or areas unique to your organization.
Rules of thumb...
• In sensitive areas, both the room and all communications equipment
should be inspected.
• In adjacent areas, both the area and all communications equipment
should be inspected if audio from the sensitive area can be heard there.
• Upon rare occasion, communications items may be inspected without
inspecting the areas they are in. The reverse is never true.
The benefits of having an effective counterespionage strategy.
• Increased profitability.
• Intellectual property protection.
• An environment secure from electronic surveillance invasions.
• Advance warning of intelligence collection activities (spying).
• Double check the effectiveness of current security measures and practices.
• Document compliance with many privacy law requirements.
• Discovery of new information loopholes before they can be used.
• Help fulfill legal the requirement for "Business Secret" status in court.
• Enhanced personal privacy and security.
• Improved employee moral.
• Reduction of consequential losses, e.g. information leak sparks a stockholder's lawsuit,
or activist wiretaps damage good will and sales.
I think I found a bug! What should I do?
Recently, one of our clients found a bug. (in-between our regular inspections)
The device was a small digital voice recorder, with voice activation capability, taped to a wastepaper can in the Boardroom. The Board Meeting was scheduled for the following morning. We responded on an emergency basis, but the eavesdropping device was removed upon discovery. Their case was blown.
This brings up an important point. If you find a bug, what should you do?
These are your First Responder obligations...
1. Do not to disturb the device. It's evidence.
2. Do not alert the eavesdropper by talking.
3. Secure the area. It's a crime scene.
(Use a non-alerting excuse.)
4. Call us quickly from a 'safe' area, using a 'safe' phone.
5. Document. Write notes. Take photos. Keep a log of events.
6. Notify only people who have a real 'need to know.'
7. Observe and note unusual behavior by others.
8. Tell all persons involved to keep it confidential.
We will be there to help you as soon as possible to:
• complete the documentation process;
• inspect for additional / supplementary devices;
• evaluate the situation;
• answer questions;
• and recommend how to identify the eavesdropper.
Murray Associates can also be your expert witness should your case go to court.
May I call you with additional questions?
Whatever your security question, our policy is, "Call here first!"
If we can't answer it, chances are excellent we know the best person who can answer it for you, and we will point you in the right direction.
E-mail or phone us +1-908-832-7900
Note: Do not, call from, or discuss your concerns within areas which might be under electronic surveillance.
May I use Murray Associates as a Sub-Contractor?
We prefer the term adjunct technical consultant, but yes,
many people sub-contract our services.
• Private Detectives
• Security Firms
• Business Consultants
• Meeting Planners
We have a three decade track record of making our business colleagues look like heroes to their clients. We will do the same for you.
Just introduce yourself and we will send you our free white paper...
"The Security Provider's Guide to Discussing TSCM with business, government and at-risk individuals" (17 Pages)
It will help you explain our TSCM services to your clients, and details why it is smart and profitable for you to partner with a TSCM specialist...
Whether you are technically inclined or not, after reading this, you will be able to intelligently discuss these important services with anyone who seeks your advice.