Found a bug? Now what should you do?
This week one of our clients frantically called us and said, “I think I found a bug! Now what should I do?”
This happened in between our scheduled inspections for them. The device was a small digital voice recorder, with voice activation capability, taped inside a tall metal wastepaper can in the Board Room. The Board Meeting was scheduled for the following morning. We responded on an emergency basis.
Unfortunately, the eavesdropping device was removed before they called us for help.
This brings up an important point. If you find a bug, what should you do?
The “I think I found a bug” procedural checklist:
- Do not disturb the device. It is evidence.
- Do not alert the eavesdropper by talking.
- Secure the area. It is a crime scene. (Use a non-alerting excuse.)
- Document your evidence. Make notes. Take photos.
- Notify only people who have a real need-to-know.
- Tell all persons involved to keep it confidential.
- Contact an independent information security consultant who specializes in Technical Surveillance Countermeasures (TSCM).
- Make you call from a safe area, using a safe phone, of course.
Your Technical Surveillance Countermeasures specialist will work with you to:
- complete the documentation process;
- inspect for additional, or supplementary devices;
- evaluate the situation; answer your questions;
- make suggestions as to how to identify the eavesdropper;
- and help you develop an information protection strategy for the future.
Our client was lucky. The tape used to attach the voice recorder to the inside of the wastepaper can failed. The a resounding thunk was heard as it hit the bottom of the can. That startled them, so they checked.
Naive organizations who don’t conduct Technical Surveillance Countermeasures, sometimes called TSCM inspections, aren’t so lucky. When they are bugged, they don’t know it, because Spy Rule #1 is “Be covert, don’t get caught.”
As a best practice organizations conduct these inspections quarterly or bi-annually. If you have any questions, or would like to schedule an inspection of your location, please contact me directly.
Kevin D. Murray CPP, CISM, CFE, CDPSE is a business counterespionage consultant and TSCM specialist with over four decades of experience.
Murray Associates is an independent security consulting firm, providing eavesdropping detection and counterespionage services to business, government and at-risk individuals.
Headquartered in the New York metropolitan area, a Murray Associates team can assist you quickly, anywhere in the United States, and internationally.