Skip to content

Environmental analysis


The work of Environmental Analysis (in jargon electronic remediation), is an activity usually do for institutions, companies and individuals, wherever strategic information is processed, whose compromise, could lead to considerable economic and image damage. The work mainly consists in the search for audio / video capture systems, usually hidden in the environments frequented by the target or object of espionage, therefore this technique comes from the result of years of experience in the field, is to follow this sequence of controls:

Flir C2
  • Locating hot spots, using the thermal imaging camera which allows you to see infrared radiation (ie heat) with a definition that can penetrate objects that usually go disassembled, open, with a significant advantage on the speed of execution. When a thermal anomaly is found, then in that case passes to sight control or in conjunction with the NLJD (see next point) which gives us another confirmation parameter. A good tool is the Flir C2 thermal imager, cheap and powerfull.
  • Identification of non-linear joints, or the search for circuitry electronics, using a NLJD Searcher. This instrument, also called harmonic radar, allows you to hear if in near its antenna there is an electronic micro circuit. This tool also allows you to detect solid-stage recorders or even bugs no longer working, because it detects the circuit, it is obviously used in areas where it is not there are electronic parts, such as furniture, ducts, power boxes, etc. A good tool is the REI ORION 2.4 HX Non-Linear Junction Detector.
  • RF transmission analysis, with a good Real Time Spectrum Analyzer that allows reading in real time, allowing you to see all types of broadcasts, even the most imperceptible such as bursts, hopping, spread spectrum etc. The Modern bugs use digital transmission methods and it is more and more difficult to identify them, the best systems, allows, together to the directional antenna with GPS direction finder, (like the Poynting) to show also on the map the source of the transmission as well as the capabilities to see the below carriers. On the market there is only one tool stands up to or comes close to its characteristics, but not all, given the high price, they can afford it, one is TEKTRONIX H500, another is AARONIA Spectran V6x, or specific TSCM instruments like REI Oscor or the new REI MESA and the Rohde&Schwarz Spectrum Rider FPH.
Yorkie PRO
  • Finally, use a good Mobile Phone Detector, like Yorkie PRO with Directional Antenna, this is the most updated and specific system for modern bugs, operating in the GSM, UMTS, LTE and WiFi frequencies. The other instruments that also go on these frequencies are obsolete, because they do not discriminate the antennas / cell repeaters from real bugs, which this instrument does. Other tools are the Searchlight (new one have the 5G) or the CPD197EU from pdaelectronics with directional antenna kit, also the CAM-GX5 Cellular Activity Monitor (have the 5G) from JJndigital.
Cellebrite UFED 4PC
  • Then we must not forget PCs or mobile phones, unfortunately the easiest way to intercept people is to do it via the network and infect the target’s device. To do these checks, you must use the Cellebrite UFED 4PC which has a search and location function for all existing malware on any platform, Android, iOS, Nokia, RIM etc.
Example of how to look like a bug in the switch
RF OSINT in the report

Then the experience is important, you then have to be able to understand which are the local transmissions from the external ones, to do this you must always do an external reconnaissance and also look for the known frequencies used by radio amateurs or by the institutions of the area, RF Urban OSINT, most informations can be retrieved from the web.

Holographic labels

Use a clear holographic labels, for seal, after checking, all the points most commonly used to conceal microphones, radio transmitters and recorders (such as sockets, power boxes, derivations, electronic devices, mouse, multi-socket extensions, etc.). In this way if a seal is detached, an internal mechanism of the structure itself will highlight the VOID writing and it will no longer be possible to reposition it. Every attempt to open will be evident and in any case it will remain complicated to be able to place a bug, having all the accesses sealed. Passive and active prevention at the same time, with a simple transparent label, the hologram can only be seen against the light.

Then there is the reporting, made with clarity that reports in detail everything detected during the analysis, from frequencies, demodulations, data from the equipment, etc. It is the most work complicated, but it also makes a big difference, in fact the reporting allows you to have the history of the environments analyzed and it is useful to reread it before or during the next check.

FlirTools report example

FLIR give the FlirTools, free utility downloadable from his website, that make wonderful reports, with dual image if you are using the C2 model.

Example of reporting TSCM activity
Example of reporting TSCM activity
Example of reporting TSCM activity

After that collect all data, RF, visual, any information will be good for reporting a TSCM activity, the notable frequencies, always need to be reported, all or the most Spectrum Analyzer have the possibility to record signals, so extract the screen with signal you want to report and add it.

RF Spectrum Analyzer report example

Leave a Reply