• Sensitive information is vulnerable long before it is computerized.
• Ideas and strategies are discussions, not data.
• To detect unauthorized intelligence gathering before the loss.
• Detection allows time to stop the loss.
• To solve current information loss problems.
• To limit windows-of-vulnerability.
• To help satisfy due diligence requirements.
• To help satisfy legal and regulatory requirements.
• To avoid non-compliance penalties and fines.
• To help establish the legal status for ‘business secrets’ in court.
• To help protect employee privacy and personal safety.
• To identify new information loss vulnerabilities before they are used against you.
1. Contact us from a “safe” area. Tell us about your concerns and security
goals. We will provide suggestions and guidance about the best course
of action to take.
2. Let us know some information about your security concerns, goals, and the areas you consider sensitive. You may also email us a floor map to help explain.
3. We promptly prepare a written Proposal. It contains competitive pricing
(with expenses closely estimated), a suggested inspection strategy, and a
Letter of Engagement.
There are never any cost surprises when working with Murray Associates.
We help you plan your inspection so it stays within your budget.
4. Upon acceptance, we schedule a mutually convenient inspection date.
We are available 24/7, at no additional charge.
5. Our team (2-4 people) will arrive at your location, dressed to blend in,
with a few nondescript equipment cases stacked on a small luggage cart.
6. You are welcome to be with us, and ask questions, throughout the
inspection. We enjoy explaining the methodology and equipment.
7. Upon completion, we conduct a verbal debriefing.
8. A full written report is usually delivered within a week. It includes: an
executive summary, findings, explanation of instrumentation and
methodology, an inventory of areas inspected, serial numbers of security
seals used, information security vulnerabilities discovered, and cost-
effective recommendations for remediation. We are always available to
review your report with you.
With Murray Associates, your due diligence is documented in writing
by an independent and certified, professional security consultant.
9. Once you are a member of our client family, we remain available as your
security resource. Call here first whenever you have a security-related
question, or need to locate a security resource.
It is rarely necessary to inconvenience you – or tip your hand – with a preliminary visit. Just let us know your security concerns and goals. If your assignment is extensive a floor plan is helpful.
After four decades of consulting on eavesdropping and espionage, we have some very impressive references.
• 375+ of the Fortune 1000 companies.
• 800+ others from every imaginable corner of business.
• Located in 38 states, and several foreign countries.
• Many North American government agencies.
Visit our Client Testimonials page for recommendations from our clients. Ask your associates and colleagues about us. Chances are very good we have already helped a security director, or an investigator you know personally. They are our very best references. We can also arrange for you to speak directly with our clients.
RF & WiFi:
Radio Frequency Spectrum Examination
Radio transmitters are the most common eavesdropping devices in use today. Room and telephone bugs transmit audio; spycams may transmit both audio and video. Computer data and keystrokes may also be transmitted out of the area, wirelessly. The Radio Frequency Spectrum Examination is a core component of the eavesdropping detection sweep.
When budgets do not allow full inspections as frequently as you would like, a Radio Emissions exam economically provides an interim level of security.
Wireless LAN Security Audit & Compliance Examination
This exam determines if your system is open and easily available to hackers, intruders and eavesdroppers. It also detects rogue Access Points, innocently placed by employees, or on purpose by an outsider.
Compliance issues under these laws are also discovered:
• Sarbanes-Oxley Act – U.S. Public Companies • EU – CRD (Cad 3) – EU – Capital Requirements Directive
• HIPAA – Health Insurance Portability and Accountability Act • ISO 27001 – Information Security Management
• GLBA – Gramm-Leach-Bliley Financial Services Modernization Act • Basel II Accord – Banking
• PCI-DSS – Payment Card Industry Data Security Standard • FISMA – Federal Information Security Management Act
• DoD 8100.2 – Use of Commercial Wireless Devices, Services, and Technologies in the Dept. of Defense Global Information Grid
Total Information Security:
TSCM is only part of our service to you. We consider all aspects of information security.
Full Area Inspection
Key areas, such as the Board Room, executive offices, and conference rooms, receive a full physical and electronic inspection.
Non-transmitting attacks such as: miniature voice recorders; sound extraction via wire, carrier current, infrared, ultrasonic or laser microphones; covert video (spycams); and keystroke loggers are found this way. These devices may be secreted in hollow walls, false ceilings, furniture, fixtures and other common items which have a legitimate place in the room, such as power strips, radios and clocks.
This part of the inspection is conducted with the aid of Non-Linear Junction detection, Thermal Emissions Spectrum Analysis, additional tools, and manual inspection techniques.
Every communications device is a potential eavesdropping tool. We fully inspect each one. This includes: phones, speakerphones, fax machines, print centers, video-teleconferencing equipment, and their associated wiring / equipment racks.
Our communications examination is a battery of tests, including: electrical measurements; radio-frequency emissions and audio leakage detection; an equipment room security check; inspection of wiring; non-linear junction and frequency domain reflectometry; inspection of feature settings; and an internal physical inspection to locate foreign devices and circuit modifications.
Upon completion of our exams, instruments are sealed with serial numbered government-level security tape. You may periodically inspect these seals yourself to detect tampering, or an unauthorized swap of equipment.
Until we arrive…
• Conduct your affairs normally.
• Do not reveal your suspicions to others.
• Limit confidential conversations.
• Keep detailed notes on anything you feel is suspicious.
• Plan a logical next step if an eavesdropping device is found.
Emergencies for client family members are handled immediately.
How do you accomplish this?
Companies who have an ongoing relationship with us unofficially agree to be flexible with their regular scheduling when a fellow family member has an emergency. They know that they will receive the same courtesy in return.
Regular inspections can be scheduled promptly as well.
- We conduct your TSCM inspection, not some subcontractor.
- Our technical specialists have verifiable credentials.
- Experience. Four decades, one specialty, same company name.
- Your confidentiality is assured.
- We provide written estimates with competitive pricing. No surprises.
- We are licensed and fully insured.
- All our technical investigators have 13 or more years tenure.
- Our personnel have recognizable, professional certifications: CPP, CISM, CFE.
- Government-level TSCM instrumentation.
- We don’t borrow instrumentation “from the day job,” or rent it each time.
- We purchase newest and best instrumentation. (Not old eBay surplus gear.)
- Our detection without destruction methodology.
- Independent. No secret affiliations with products or manufacturers.
- Honest advice. We do not sell the security solutions we recommend.
- We do not accept commissions, or any consideration from security suppliers.
- Our recommendations are made in your best interest.
- We have international TSCM inspection experience.
- 97% U.S.A. made instrumentation and technology.
- We are a full-time corporate counterespionage TSCM team.
Murray Associates travels internationally for their clients on a regular basis. Headquartered in the New York City metropolitan area, travel is quick and easy for us.
Do you have associates in other locations?
Yes. Being in the security industry for four decades, we have trusted colleagues in several countries. Bonus… These colleagues are not plucked from a directory. In almost every case, we know these people on a personal basis and have visited their offices.
We often manage assignments for our clients with multinational locations, supervising our local contacts during inspections. By doing so, we solve many logistics and availability problems – especially true when several locations worldwide require a unified electronic eavesdropping audit program, or simultaneous inspections
Have us manage your multinational electronic eavesdropping audit program. Our experience and contacts will save you time, effort, money and frustration.
No, our practice is limited to pro-privacy services.
We stick to our specialty; securing our clients’ information and privacy.
We do not sell equipment, endorse products, accept secret commissions, gifts or favors from recommended companies or products. Our income comes from clients who pay us for our experience and unbiased knowledge.
We do not publicly offer a school or seminars for training technical investigators.
We do provide training to our clients who require a secondary, in-house TSCM capability.
Mr. Murray and his staff’s training experience includes an introductory seminar entitled Electronic Eavesdropping & Industrial Espionage at the John Jay School of Criminal Justice in New York City.
Our background in general corporate security is extensive. We understand the issues, and we are very good at devising solutions.
Working closely with many forensic specialists, professional investigators and security agencies lets us know “who’s good.”
We maintain extensive files on security products. We buy and test many products (with our own money). We know who makes what well, what it does and doesn’t do, and where to buy it at a fair price.
You will appreciate the all the free extras we provide, like our “call-here-first” policy. We save our clients from expensive mistakes, wasted effort, and most importantly – time.
If you want one point of contact for your tough security questions, you will love us.
Concerned about smartphone eavesdropping, hacking, and spyware?
You’ve come to the right place. Our clients receive this book (complimentary) as part of our services.
Is My Cell Phone Bugged? Everything you need to know to keep your mobile conversations private — is a new book which explains, in clear language:
• How to tell if your phone has been hacked or bugged.
• How to prevent spyware from infecting your smartphone.
• What to do if your mobile phone is bugged. (And, what not to do.)
• How to catch your spy, and much more.
This is a do-it-yourself smartphone security handbook for the average person.
• Quarterly is the generally accepted business practice.
• Semiannual and bimonthly schedules are the next most common.
• Occasionally people have requirements for monthly audits.
* Eavesdropping Detection and Wireless LAN Security Audits which are not
renewed periodically may be interpreted in court as an admission that
previously protected information is no longer important.
Any place where sensitive information can be heard, seen, or intercepted.
There is usually no need to “check every last inch.” Although normal and instinctive, “check everything” does not use our talents efficiently, and is not cost-effective. Have us start with the most sensitive areas.
There is a point where you will say, “If they have not attacked these areas, then the rest of the areas are probably safe.” With this approach, you will not overspend, and you can move quickly to address any other possible reasons for your concern.
Include the following locations when constructing your list…
• Sensitive areas.
• Adjacent areas, if sounds from sensitive areas can be heard there too.
• All communications equipment within both types of areas (phones, speakerphones, video teleconferencing, faxes, modems, LANs, etc.)
• Devices used for sensitive matters but located elsewhere (mobile teleconferencing, etc.)
• Equipment which handles sensitive printed materials (photocopiers, scanners, A/V equipment, etc.)
• Telephone rooms, wire closets, and junction boxes.
• Transportation vehicles. (cars, planes, boats)
• Off-site meeting locations.
• Corporate apartments or suites.
• Executives’ home offices.
• Company field locations, subsidiaries, etc.
• Other items or areas unique to your organization.
Rules of thumb…
• In sensitive areas, both the room and all communications equipment should be inspected.
• In adjacent areas, both the area and all communications equipment should be inspected if audio from the sensitive area can be heard there.
• Upon rare occasion, communications items may be inspected without inspecting the areas they are in. The reverse is never true.
• Increased profitability.
• Intellectual property protection.
• An environment secure from electronic surveillance invasions.
• Advance warning of intelligence collection activities (spying).
• Double check the effectiveness of current security measures and practices.
• Document compliance with many privacy law requirements.
• Discovery of new information loopholes before they can be used.
• Help fulfill legal the requirement for “Business Secret” status in court.
• Enhanced personal privacy and security.
• Improved employee moral.
• Reduction of consequential losses, e.g. information leak sparks a stockholder’s lawsuit,
or activist wiretaps damage good will and sales.
Recently, one of our clients found a bug (in-between our regular inspections).
The device was a small digital voice recorder, with voice activation capability, taped to a wastepaper can in the Boardroom. The Board Meeting was scheduled for the following morning. We responded on an emergency basis, but the eavesdropping device was removed upon discovery. Their case was blown.
This brings up an important point. If you find a bug, what should you do?
These are your First Responder obligations…
1. Do not to disturb the device. It’s evidence.
2. Do not alert the eavesdropper by talking.
3. Secure the area. It’s a crime scene (Use a non-alerting excuse.)
4. Call us quickly from a ‘safe’ area, using a ‘safe’ phone.
5. Document. Write notes. Take photos. Keep a log of events.
6. Notify only people who have a real ‘need to know.’
7. Observe and note unusual behavior by others.
8. Tell all persons involved to keep it confidential.
We will be there to help you as soon as possible to:
• complete the documentation process;
• inspect for additional / supplementary devices;
• evaluate the situation;
• answer questions;
• recommend how to identify the eavesdropper.
Murray Associates can also be your expert witness should your case go to court.
Whatever your security question, our policy is, “Call here first!“
If we can’t answer it, chances are excellent we know the best person who can answer it for you, and we will point you in the right direction.
E-mail or phone us +1-908-832-7900
Note: Do not, call from, or discuss your concerns within areas which might be under electronic surveillance.
We prefer the term adjunct technical consultant, but yes, many people sub-contract our services.
• Private Detectives
• Security Firms
• Business Consultants
• Meeting Planners
We have a three decade track record of making our business colleagues look like heroes to their clients. We will do the same for you.
Just introduce yourself and we will send you our free white paper…
“The Security Provider’s Guide to Discussing TSCM with business, government and at-risk individuals” (17 Pages)
It will help you explain our TSCM services to your clients, and details why it is smart and profitable for you to partner with a TSCM specialist…
Whether you are technically inclined or not, after reading this, you will be able to intelligently discuss these important services with anyone who seeks your advice.
Most unusual assignment locations
The middle of the North Atlantic aboard the Queen Elizabeth II.
Most unusual client
A secret facility that creates serious spy gadgets for the government.
Most unusual circumstances
An ousted televangelist is publicly accused by his successors of eavesdropping on them. The truth, they were eavesdropping on him.
Most unusual and successful counterespionage assignments
We caught a group of foreign nationals actively engaged in a spy mission in our client’s headquarters. Our client was a Fortune 100 company. They had been diligent over the years in conducting proactive inspections. This day it paid off.
Scary is not professional. We don’t have spy vans, mirrored sunglasses or hokey doctor smocks. We arrive at your location as simply ordinary visitors with a few plain cases.
As invited guests to your premises, we always act accordingly. Low key in demeanor, dressed to blend in. We do not disrupt the normal flow of business, or appear out of place after-hours.
We work at your convenience. This means evenings, weekends and even most holidays… at no extra charge.
You can trust our estimates. No nebulous guesses. No surprises.
Our findings can be entered as evidence in legal proceedings. We will also act as your expert witness.
Look for the major warning sign – electronic surveillance.
Intelligence collection is a leisurely process. Your conversations and information are collected – in many ways – long before they are used against you. Until this intelligence is used, no harm is done.
During the intelligence collection stage you still have time to protect yourself… if, you look for the warning signs:
• GPS tracking,
• micro voice recorders,
• GSM cell phone bugs,
• Wi-Fi network intrusions,
• computer keystroke loggers and the traditional espionage techniques.
Yes. Most organizations integrate TSCM debugging into their overall security program. They protect themselves because…
1. Information theft is considered acceptable in other parts of the world, and is becoming acceptable here as well.
2. Eavesdropping technology is inexpensive. Anybody can do it, and the chances of getting caught are very slim.
3. Many of our communications technologies contain features which allow eavesdropping.
4. General Counsels are concerned that not addressing this security issue would be viewed as negligence by stockholders.
• Quarterly is the generally accepted business practice.
• Semiannual and bimonthly schedules are the next most common.
• Occasionally people have requirements for monthly audits.
Note: TSCM inspections which are not renewed periodically may be interpreted in court as an admission that previously protected information is no longer a business secret.
Yes, in three easy steps.
Our initial inspection of your location includes: an interview to learn about your organization’s culture and concerns; a technical evaluation to discover illegal electronic surveillance activities; and a pro-active information-security evaluation.
We will make cost-effective recommendations to make your organization a less attractive target.
Periodic re-inspections: assure new attempts at electronic surveillance are caught quickly, before harm is done; new loopholes are discovered before advantage is taken of them; security measures in place are tested to assure continued effectiveness.
In between inspections, we are here as your security counselor.
Sure. The money is probably there; it’s just mis-allocated.
Many security budgets are lopsided. They morph out of shape over time. Common causes include pressure to protect the easily seen physical assets, and over-spending on IT security.
You want to avoid a situation where 80% of your budget protects only 20% of your assets. Keep in mind, intellectual assets are far more valuable than physical assets. Evaluate what makes your organization valuable. Then adjust.
No one really knows. Eavesdropping, wiretapping, snooping, voyeurism, and espionage are covert activities. When done correctly, there is no awareness.
We do know that these activities take place. Stories about spying appear every week in the news media. But, consider this… These stories are actually the spying failures! The successes escape notice.
Even though no one really knows how much bugging is going on, we can logically say, “What we know is just the tip of the iceberg.”
While there is no exact answer, a composite picture was developed by the Business Espionage Controls and Countermeasures Association…
• 21-35 years old. Female as often as male.
• College graduate with a low-value degree.
• Broad, short-term employment background.
• Money problems – low pay, poor self management.
• Military intelligence experience.
• Acquaintances with law enforcement backgrounds.
• Considered an outsider or loner.
• Disability precluding a law enforcement career.
• No police record prohibiting sensitive employment.
• Has driver’s license, possibly a poor driving record.
• Romantic hobby / interests …writer, photographer, sky diver, scuba, etc.
• Collects underground & paramilitary literature.
• An active interest in firearms, often with training.
• Recruited from a want ad for Investigative Trainee.
• Often just a drone of a professional handler.
• Skills associated with code breaking and espionage. (music, chess, math, etc.)
Keep this list in mind, but remember…
Your snoop could be anybody.
Many monikers are used to describe TSCM and the people involved.
• TSCM – Technical Surveillance Countermeasures, Technical Surveillance, Counter-measures, Technical Surveillance Counter Measures.
• EECS – Executive Electronic Countermeasures Services, Electronic Eavesdropping Countermeasures Services.
• ECM – Electronic Countermeasures, Electronic Counter Measures.
• EDA – Eavesdropping Detection Audit.
• Anti-bugging – Commonly used in advertising by equipment sellers.
• Bugger – Buggist (UK)
• Bug Sweep – Bug Sweeper, Bug Sweeping, Sweep.
• Countermeasures – Espionage / Electronic Countermeasures.
• Detection – Electronic Eavesdropping Detection, Electronic Surveillance, Detection, Bug Detection, Bug Detecting, Wiretap Detection.
• Electronic Exterminator – Exterminator, Extermination.
• Espionage – Counter Espionage, Espionage Countermeasures, Industrial Espionage, Business Espionage.
• Spy Busting – Spy Busters, Spybusters.
• Surveillance – Counter-Surveillance, Surveillance Countermeasures, Electronic Surveillance Detection.
• Technician – Technical Investigator, Sweeper, De-bugger, De-buggist (UK), Exterminator, Electronic Countermeasures
Professional, Counter-surveillance Technician.
• Risk level: Low.
• Reward level: High.
• Eavesdropping Tools:
– Readily available in spy shops and on the Internet.
– Untraceable when purchased from foreign countries.
Other Contributing Factors…
• Eavesdropping and espionage are morally acceptable in some cultures.
• Increased competitive pressures placed on employees, consultants and
businesses force ethics bending.
• Media glorification presents spying as sexy and justifiable.
• Since the 60’s, spy toys and games have been actively promoted to
children as being fun and acceptable. Children grow up.
Because we glorify spying to our children.
“In becoming accustomed to such toys and the pleasures they bring, the seeds of an amoral and suspicious adulthood
are unwittingly being cultivated.” — Gary T. Marx
(From The Los Angeles Times, December 25, 1988. As valid today as it was then.)
Another insightful article…
Our Snoopy Pups — Charles McGrath, The New York Times
“Which comes first, our passion for surveillance or all the spy toys American kids learn to love? … Far and away the creepiest new toy theme, though, is snooping…”