In 1983, James M. Atkinson developed several FORTRAN programs and databases to facilitate the quantitative analysis of conducted and radiated RF eavesdropping devices.
The goal was to allow computer based control of an HP 8566/8568 spectrum analyser during an instrumented TSCM sweep. Such high performance spectrum analysers had typically been used to examine the entire spectrum using only the wider bandwidths because of serious time constraints involving slow sweep speeds. While usage of narrow bandwidths was desirable (because of the radically increased sensitivity), it also increased the time needed for a simple TSCM sweep from hours to days and was prohibitive to use.
The database overcame this dilemma by presenting a series of modeled parameters to the spectrum analyser which allowed it to target specific known threats in addition to "hunting" for unknown threats during an RF survey. Of course, the entire spectrum was carefully examined, but the database allowed a specific threat signals to be targeted with extreme instrument sensitivity thus radically increasing the detection range. Effectively the database allowed the equipment to "look a lot harder" at specific threats by "statistically weighting" the threat spectrum.
Initially (in 1983) the database contained the basic technical parameters of 250 common eavesdropping devices being openly sold though Spy Shops, Radio Shack, magazines, and various mail order outlets. The initial models permitted all 250 devices to be detected and identified by a computer in under 45 seconds per device for a 3 hour run time (assuming only one spectrum analyser was being used). While the database was first developed to drive a spectrum analyser driver were added to permit search receivers such as the Micro-Tel units to be computer controlled.
In 1985 the main control program was modified to support more than one spectrum analyser which allowed the work load to be split up between multiple instruments. Typically one instrument would focus of specific threats with extreme sensitivity, one on high threat bands, and another on the entire spectrum with normal sensitivity).
Over the next few years, the database was expanded and developed to contain quantitative analysis models of thousands of "publicly available" eavesdropping devices and related parameters from throughout the world. The database also grew to include hundreds of added fields and parameters for each device to be modeled and described in greater detail.
In 1987 the data fields were changed to more closely match the database structures used in SIGINT/COMINT "Electronic Order of Battle" and the KITLING file structure. The database was then updated with thousands of additional records describing sophisticated eavesdropping devices commonly used by professional eavesdroppers in Europe. The main database, drivers, and related programs where also completely rewritten in C to enhance performance.
Drivers for the Rockwell MSS system were added in 1988, along with interfaces to control directional and polarized antenna platforms. Automated antenna switching was also integrated to allow the suspect energy to be collected with up to eight calibrated antenna platforms under computer control. Software changes also allowed the control of several Watkins-Johnson receiver SIGINT/COMINT platforms. A provision for a noise source was also added, as well as various computer controlled YIG filters, preselectors, and discrete filters.
The database was updated in 1990 to contain over 50,000 confirmed threats, and was modified to support the Tek 494 A/P, 2782, 2750, 2710 and HP 8590A family of spectrum analysers.
Drivers for the Hewlett Packard 712210 and MMS family were added in 1991 along with thousands of additional records and profiles of technical eavesdropping devices including those used by both law enforcement and intelligence agencies.
In the following years as various signals intelligence equipment or spectrum analysers suitable for TSCM became available, the database was modified to support each.
With the breakup of the Soviet Union, and the reunification of Germany; thousands of hostile intelligence (and previously classified) devices and tradecraft used by Soviet and German intelligence agencies were added to the database.
As of the Fall of 2002 the Raphael database contained over 251,700 devices and the applicable countermeasures to find such devices from a considerable distance. It is expected that by the end of the year 2004 the database will exceed over 300,000 device records, and millions of distinct channels records.
The database allows RF devices used for eavesdropping to be mathematically modeled, and parameters to be developed for the statistical or quantitative analysis of sophisticated RF eavesdropping devices.
The database also contains notes regarding the design flaws, weaknesses, and electronic vulnerabilities which may be exploited to permit a hostile device to be found during a TSCM survey. Schematics, diagrams, photographs, parts lists, and related records have also been added to the database.
The database structure and the data contained within the database are a proprietary trade secret, and are not available to anyone outside Granite Island Group.
However, periodically statistics are made available to clients, and to the entire TSCM industry at no charge to help present the realistic technical eavesdropping threat. In early 2002 Granite Island Group started publishing on its web site; limited but very specific profiles on many of the more common eavesdropping devices available. While the information is abbreviated, it does contain adequate details to allow most low level eavesdropping devices to be detected.
The database is updated regularly, and is maintained on a multi-giga byte hard drive array, and is currently written in C++ with graphical user interfaces. The software can drive a single spectrum analyser to examine and hardcopy the RF spectrum between 1 kHz and 3 GHz in just under 12 hours (at extreme instrument sensitivity). If more than one instrument is used, then the time drops considerably to just a fraction. Frequency analysis over 3 GHz requires only 4 hours per 15 GHz of additional spectrum coverage. By using multiple instruments, the entire RF spectrum from 30 Hz to 40 GHz can be examined in considerable detail in just 6-8 hours... not days.
This increase in instrument sensitivity also allows extremely low powered covert eavesdropping devices to be detected from considerable distances; often from well outside the building, several blocks, or even several thousand feet away. In turn this allows a more effective bug sweep as a full electronics lab, built into a van or truck can be positioned several blocks away, and part of the sweep performed at a distance. Hence, the on-site part of the sweep takes less time, and is less intrusive as much of the RF work can be quietly performed off-site. While the suspect area still needs to be carefully examined only a small amount of equipment needs to be set up in the area being checked.
Granite Island Group offers forensic identification of a suspected eavesdropping device via the Raphael database for a flat fee of $5,000 (but only for a successful match). A hard copy report is also available but for an additional hourly fee. To facilitate such an identification simply send us. an Email describing what was found (please attach a photo of the device, if available). Please include metric dimensions of the device, including the wire lengths, battery type and so on.
|
To be contacted for a confidential consultation please E-mail: jmatk@tscm.com
or send a letter via US Mail to:
or call:
URL: http://www.tscm.com/ |