How to Commission a TSCM Inspection
DO NOT try to initiate contact using any suspect telephone, and always call from off-site. (Call from a pay phone at an airport or hotel). This is a very important issue in that you can blow a TSCM service by being indiscreet on the telephone.
Be prepared to spend $3,500 to $5,000 for a small one day inspection (plus expenses), and $250 or more per hour for a confidential phone consultation. Additionally, most TSCM firms will expect a retainer to be paid in advance.
It is often possible to have a TSCM specialist perform, a limited bug sweep at a cost of $1,000 to $2,500. Such a survey tends to be limited in scope, but is valuable in very low threat situations, or as a preventive measure between regular TSCM inspections. This is commonly called a "Walk Though Sweep," and typically takes between 4 to 8 hours.
The most sought after TSCM Specialists are electrical engineers, communications engineers, and government trained intelligence personnel.
All legitimate TSCM Counterintelligence Specialists are certified, bonded, and insured.
TSCM Specialists are only licensed or regulated in two states (North Carolina and Nevada) and in those state the industry is very loosely controlled.
North Carolina is the only state to require formal training in TSCM, but virtually anyone can be certified after attending a one week class on basic entry level TSCM (nothing more than basic electronics).
Private Investigators are rarely qualified to perform bug sweeps, their training, background, and equipment are for the installation of surveillance devices, not detection and removal.
Always remember that TSCM is a technical service, and is not something your local police department has even the slightest clue regarding. Law enforcement agencies (including federal agencies) do not perform TSCM services for the public. They simply do not have the equipment, spare time, nor the training.
Do not expect any law enforcement agencies to help you find an eavesdropping device (it's not their job). The only time that a law enforcement agency enters the picture is in the rare event an eavesdropping device is found during a TSCM sweep (and even then most agencies will pretend the incident never happened). You are more likely to get an FBI agent to help you plant tulip bulbs in your garden then get one to perform a bug sweep for you.
An excellent indicator of the legitimacy of a TSCM specialist is a past or present government security clearance. If they don't have a history of such a clearance then politely (but quickly) show them the door.
Always look for those technical credentials!
Avoid any TSCM specialist who has a criminal record. Some "security or privacy consultants" are actually convicted felons or con artists who will defraud you if you give them half a chance (and they really know nothing about TSCM).
Beware of anyone who tries to promote themselves a little too much or who seems to have a PR firm or press agent working for them. Are they trying to impress you by telling you about all the articles that have been written about them?
Additionally, anyone who tries to convince you that they are a present or past corporate spy should be strongly avoided. These people are nothing but trouble, and should never be trusted.
Always inquire if the person who you are talking to will actually be performing the TSCM service. This is important as many firms employ slick salesmen who know nothing about TSCM (but appear knowledgeable) to inflame paranoia and to bring in the business. Their TSCM teams then shows up with poorly equipped technicians who don't have the slightest clue what they are doing (and will often wear lab coats and flash guns in shoulder holsters in an attempt to appear more "spooky"). The equipment may look fancy, and the teams may appear sophisticated... but they really know nothing about finding bugs and wiretaps.
Beware of anyone who indicates that they are some type of franchise, licensee, or related type of subcontractor. Several con artists run expensive glossy ads, and then sell the sales leads to their contacts for a percentage of the fee. The training these people receive in TSCM is minimal (if any) and is generally limited to only 3-5 days of salesmanship. Watch out for the glossy brochures, glitzy ads, and high pressure marketing tactics.
Also beware of a "TSCM Expert" who has only taken government sponsored TSCM training (which he last took ten years ago) and little or no civilian training. TSCM is a field that totally changes every few years, and it is easy for a TSCM'ers abilities to break-down after only two or three years unless they keep current (by frequently taking training).
Specifically ask the TSCM specialist what schools they have attended to learn TSCM, and beware of those who try to play cloak-and-dagger games about answering your question about this. There are quite a few TSCM "Experts" who have never attended either basic electronics or TSCM training, but are able to impress the client by using a few technical phrases. Also watch out for those who claim to have a technical background, but neglect to have formal training in TSCM.
Avoid TSCM specialists with backgrounds as private investigators or law enforcement (FBI agents, DEA, NIS, CID, AFOSI, etc....) as they generally lack extensive formal technical training. Just because somebody worked for the FBI, DEA, Secret Service, LAPD, or NYPD does not qualify them to perform TSCM services. Attending a government sponsored TSCM program is great, but often that is the only technical training a government TSCM'er will have.
Always inquire about how current and up to date their technical training is (when was the last time they attended several weeks of training from AT&T, IBM, Rolm, NTT, Toshiba, HP, Sun, SGI, Apple, or Novell?)
One of the largest problems in the TSCM industry are the operators who initially learned TSCM back in the 60's and 70's (usually while working for the government as a counterintelligence investigator) and never bothered to refresh their initial training.
They tend to be totally clueless about modern digital PBX systems, can't check a LAN for bugging devices, can barely run a digital spectrum analyser., and haven't the slightest ideal how to check a computer for a security vulnerability.
Most of them will not check a Xerox or fax machines for eavesdropping devices.
Don't mention fiber optics around these guys either, it will cause them to go into spasms, and they'll start babbling and telling you how fiber is bug proof.
These are the same people who try to convince the public that surveillance devices never operate on frequencies above 3 GHz.
Most of these operators can be identified by their alleged law enforcement or investigative credentials, but lack any recent technical training.
These "problem children" tend operate private investigator, spy shops or related businesses on the side.
BEWARE, BEWARE, BEWARE... Always look for the technical credentials!!!
One helpful hint is to always look for a TSCM specialist who has formal TSCM training, plus a broad spectrum of technical experience, and associated training. While an academic background is helpful for obtaining technical experience don't make the common mistake of engaging a TSCM specialist who puts too much emphasis on an academic background (what college you went to is really only important when you're under 25 years of age).
"What are we going to do if a bug is found?"
A portion of the TSCM Inspection (25%) should be done during normal working hours as some bugs are only active during that time. The majority of the TSCM Inspection (75%) may be done "after hours" (evening and weekends) depending on the customers requirements. However, as much of the sweep as possible should be completed during normal business hours.
For corporate and government TSCM projects it is wise to schedule the "External RF Surveys" and initial site visit for the day and evening before the actual sweep. The "Internal RF Surveys" is then performed on the actual day of the sweep.
Click here to see the typical sequence of events involved in a TSCM inspection performed by Granite Island Group, a government agency, or any other legitimate private TSCM firm. (Client requirements and operational security may dictate minor variations)
Click here for Background and Qualifications
If your office is at risk, then so is your automobile, and your residence.
Very often an intelligence agent will not bug an executives office, but instead bug the executives home, or their automobile. This is one of the favorite techniques used by Asian and French intelligence agents against U.S. businessmen and corporations.
A proper TSCM inspection will also include the auto, and private residence of the senior executives and staff.
Additionally, this person must be highly skilled when it comes to security, and will normally have training in computers, security systems, access control systems, locksmithing, and intelligence analysis.
There are only a small number of schools recognized as being legitimate by the industry (three of those are government schools).
Your local spy shop, private investigator, or security company have absolutely no business doing "bug sweeps" as they normally lack the formal technical training, and rarely possess the specialized equipment to perform such an inspection.
If you would like a ref feral to a legitimate and competent TSCM firm then please click here:
Recommended U.S. TSCM Firms
Any comments or questions regarding this specific page?
Please feel free to sign our Guest Book
Please feel free to sign our Guest Book
To be contacted for a confidential consultation |
please E-mail: firstname.lastname@example.org
or send a letter via US Mail to: