Low-Tech Ways of Detecting High-Tech Surveillance by Dr. Philip Polstra (2014 DEF CON Summary)

DEF CON 22I must confess to whomever it is relevant to do so (only God probably and He is likely bored with confessions by now) that I attended this talk because it sounded interesting and it was in the Penn and Teller room at DEF CON 22 which has comfortable seats, rather than direct value for work. It did not disappoint on either count. As to the latter point, I cite the usual “stimulation of security/paranoid-minded thinking is always good for work” excuse. The speaker, Dr. Phil aka Dr. Philip Polstra (https://twitter.com/ppolstra), detailed techniques for detecting if you are being surveilled via video, tailing, bugging, and/or devices embedded in your computer/smartphone. He talked for a bit on how it is well known how the government is trampling all over the Constitution and civil liberties and about others who might have an agenda prompting them to stalk you. I readily echo these sentiments. There are many ways I am sadder and wiser with regard to such things as litigation and the courts, the true function of the police, and so forth… in contrast to the idealized view of these things proferred by Leave-It-to-Beaveresque propaganda.

IR LEDFirst he talked about video surveillance. Simply, did someone manage to sneak a camera into your bedroom, office, bathroom, whatever. His detection technique relies on the fact that most of these cameras have infrared LED arrays to illuminate the scene in front of the camera with IR. I have some of these cameras and can confirm that they have these LED arrays, they are bloody bright when reflected back into the camera through a window, and do not seem to do much for the camera’s low light efficacy yet they are on most cameras. As pointed out by the speaker, they are easily detected with a digital camera. I have known of this for some time and I use my digital camera to test remotes that do not seem to be working but it never occurred to me to sweep the camera around in a dark room looking for cameras. Good tip for the paranoid. There are also purpose-built IR detectors that can be used. An interesting one he mentioned is detecting wireless cameras with an Android tablet or smartphone. Good idea. I don’t know the specifics of the FCC mandates regarding all these GHz communication devices but just by reading the boxes, the frequency band is pretty narrow, so a signal strength detection device in that band will pick up on about anything using those frequencies. As with the other devices he talks about, he starts out recommending cheap you-probably-already-have-it detection devices and then notes the more expensive options like, in this case, RF power detectors and bandpass filters.

Then he moved on to physical surveillance. Specifically, tailing and stakeout. Mostly common sense stuff here, but to be specific, non-government tailers use bland colored Toyotas, Hondas, or SUV’s and government people use issued fleet-type vehicles like black SUV or Crown Victoria. That latter one is rather interesting. Most non-government Crown Vic drivers are old white guys and you really don’t see too many non-taxi, non-police Crown Vics driving around, thereby making that a rather conspicuous tail car. But I think that is changing. I am somewhat into this stuff and have watched youtube reviews of cars that various police agencies are considering to replace their aging Crown Vic fleets. Anyway, back to the talk, tailers generally follow 2 car links to a block behind (never directly behind) or 0.5 to 10.0 miles if they managed to sneak a bumper transponder onto the target’s car. They abort if the tailed subject shows 3 suspicious impressions that they are being followed (i.e. race through a light, circle round the block, keep checking mirror, etc). Multi-car tails as you would expect have the luxury of more subtlety as they can coordinate their efforts. Some countermeasures have already been mentioned but one can also flip around on the AM dial to search for bumper beepers. They typically broadcast an easily recognizable sine wave at a particular frequency that will be loud and clear if the thing is in/on your car. More exotic RF detectors of course can also be used. Other combating techniques include dragging traffic lights, drive through residential neighborhoods, park a few times, take alleys and side streets. In general, force the tailer to be obvious.

Flowers By Irene

Stakeouts might use the same inconspicuous vehicles used for tailing and in addition: vans, SUVs, pickups with toppers. Look for a van that says “Flowers By Irene” on it, ho ho he he ha ha. That’s me, not the speaker, saying that by the way. I think I saw that in The Simpsons. Seriously, you can look for construction/utility workers who don’t seem to be doing anything for a long time. The speaker did not mention how to distinguish these guys from teamsters. Look for commercial vans parked for extended periods. Countermeasures include spying back… let them see you checking them out with binoculars. Run outside and jump in your car then run back inside and see what they do. Drive around the block and see if anyone follows you.

Software Defined RadioActive bug detection was the next subject. Similar to above, he recommends devices in escalating order of expense. AM/FM radio might detect some bugs. USB TV Tuner SDR (Software Defined Radio) can pick up on 50MHz to 2GHz. Commercial bug detectors go 10MHz to 8GHz.  And finally, you can blow $500 on a commercial bug detector. Passive bugs must be stimulated with RF in the correct, or possibly close-enough, band. Stimulate the bug then scan for it like scanning for an active bug. As usual, there are cheap ways to stimulate a passive bug, like blast it with 2.4GHz or a noisy broadband transmitter (white noise I assume is best) connected to a TV antenna.

Bugs in your computing devices was probably the most disturbing subject to a paranoid like myself. These are bugs that can be installed in computing devices by government, intercepting shipments, service people, etc. They betray their presence by current consumption. Of course charging your tablet/laptop might trickle some current anyway but if you wave your hand in front of the camera and can reliably generate current variations, there is probably a bug in the device. You can also simply look for stuff plugged into USB ports etc. I have seen some cards/motherboards with USB slots on the board, i.e. inside the case when the case is closed. There are also passive bugs, like the “expensive NSA bugs.” Similar to above, you need to activate them then employ the detection techniques. Straying off the talk for a moment, my friend mentioned he read an article that says the NSA has some exotic equipment where they can discern from something like up to 100 meters away what is on your computer, i.e. what you are viewing at any given moment. It takes a while to set up the equipment so they are not going about using this whimsically but it is still pretty unsettling. If you see a “Nick’s Solar and Air Conditioning” van in your neighborhood, turn your computers off or pop up a browser to the USA Today homepage until they go away.

This was one of those cool “make you think” talks. In addition to what I cited in the opening paragraph, I like these sorts of talks as they shake me out of my “Nerd tunnel vision.” Meaning, if I don’t shake myself with one of these every now and then, I tend to fall into this circular trap of thinking about computer security as a means to computer security… i.e. to forget about the physical world where secure thinking in that world keeps one sharp in cyberspace and reaffirming the connections between the two worlds sustains a bigger picture view that enhances my security posture.


About M. J. Power 22 Articles
Connect with Mike on Google+

Be the first to comment

Leave a Reply

Your email address will not be published.