Industrial Espionage. These methodologies are being used on a daily basis by competitors maybe even against you. I knew a Private Investigator who used to break into other firm's voicemail boxes. He was suspected of erasing messages and stealing potential clients. I know you may be
thinking that is not right. Maybe so but if a Private Investigator cannot protect him/herself than what use are they to a client.
This happens all the time. If you think it is bad here in the United States try
overseas. It is pretty much
considered fair game and rarely enforced. Even the Concord was remembered for
being heavily bugged.
What you may find surprising is just how easy it is to do. You could even use
off the shelf items, although fully assembled models are readily available and
The best way to learn is to do. A little bit of paranoia and a lot of imagination
goes a long way. Just look around your house and see what can be used. Baby
monitors can be remotely activated and used to listen in on you. Your cell phone
can be hacked through its Bluetooth Feature, so not only can all the data be copied,
but also settings could be changed. Your phone could be called and answered
without you knowing; thereby listening to your conversation. Your
phone can also be used to make a call to someone else without you touching a
button ideal for incrimination purposes. There was a technique originally developed
to remotely view what you watch on your television,
now adapted for computer screens. You can find the plans to build this on the
Internet from many sites. This is used in Europe, particularly the Balkans all the
time against ATMs. There is still the good old
fashion radio scanner to listen to cordless phone calls. Then you can say, "Well I use
a digital, spread spectrum model using 2.4 or 5.8 frequencies."
True that is good protection, but given time the packets of data (digital remember)
can be reassembled and decoded. Thankfully that takes time, but you can buy a
digital scanner to listen to real time conversations. You can also buy software
overseas to work with scanners and laptops for listening to cell phone calls. An
interesting side note: Some of these same companies that provide such
equipment constantly steal from each other.
Outside your house or in the basement of your apartment building are boxes
where your land line phone service comes through. You just need a telephone/
linesman butt set or build one from a phone to listen in.
So you say, "What does this have to do with industrial security?" Well usually
certain people are targeted when looking for a means into an organization. Plus,
they can make a convenient scapegoat and distraction to investigators.
Believe it or not it is often I.T. and security personnel who are targeted.
Although they may be more aware of security they also have higher privileges than
most. Many times they use a popular and recognized remote access program when
telecommuting. If you can capture their username and password that may be all
that you need. Sometimes there may be more advanced authentication
For instance, the server you will log into or firewall you wish to bypass may require
extra authentication. Sometimes it may request a MAC address. This is the
unique serial number burned into network cards. This can be copied and you can
change yours to that one with a software application. If you have the IP Address,
then you can switch your IP Address as well.
When you access the victim's computer and place a remote access program of your own,
don't use one with obvious hacker names like Back Orifice. Using one that they
already have, such as PC Anywhere or Remote Desktop would be ideal. Don't worry
about tackling a wireless computer network. Even with security enabled that could
just be a speed bump to the dedicated. If probing a victim's computer then I
recommend making it appear as spam. If they have a firewall, you can probe it and
see what version they are using. Afterwards look around for data on cracking that
firewall. Any firewall can be cracked and guess what? You can always break into
their home and place whatever it is that needs to be placed.
Alarm systems can be defeated rather easily if you know how. Many times
these burglar alarm systems were installed by poorly trained or overworked
employees who take short cuts to get the job done. Sometimes you will actually see
the keypads mounted outside the door to a home or easily viewable through a
window. What happens if they cut the phone line or cover the siren box? Locks can
also be bypassed by means other than just lock picking. You could install a high
security lock, but if all the hardware around it is weak than what good is it?
Dogs can be tricky and are usually the toughest obstacle to overcome. Believe
it or not, little dogs that are the worst. Big attack dogs can be overcome and
sedated or contained; even the well trained ones. But little dogs that run around
and make a racket are a menace. Once a dog starts barking, the rest
neighborhood's dogs will join in. Even using a high frequency sound device to
annoy the dog on a property you wish to enter can alert other dogs.
If you do break in, check the bedroom and den first. Bedrooms are where the
most important items usually are. You are not there to steal but to place
bugs, software etc. and to copy anything of interest, such as a security card, hard
drive or key. Bring a digital camera and photograph the scene before moving
anything. If there is too much dust then leave it alone. Dust leaves a telltale sign,
which is very noticeable when moved. Most locks used to secure desks are easy to
pick so that's not a big deal.
Bring a hard drive cloning devices and a Linux Boot Disk to copy entire hard
drives. This way even if they are password protected and encrypted you can crack
them later at your leisure. You can carry MP3 players and
iPods to act as a second portable hard drive.
That can be particularly handy when in a public environment. Someone thinks you
are fiddling with a MP3 player but you are actually downloading somebody's
hard drive. Carry all the cables you may need since some machines may not have a
particular port like firewire. If they do have a faster transfer rate type port, then by
all means use it. You can do something else while it is busy copying data.
Remember to look under the keyboard for passwords and pay attention to Post-its.
Those little pieces of paper are gold mines. Also, and maybe more importantly,
copy data from cell phones and PDAs, if they are available. This can be done with
cables to your own PDA or laptop. There are portable dedicated units for this
purpose as well. The safe if they have one are usually in the bedroom. Use a metal
detector to find it. Place the metal detector wand on its lowest setting, so only a
significant metal object will trigger it. Sometimes a safe can contain something you
can use as blackmail.
There are devices which mount to a safe's dial which automatically attempt
countless combinations; some are stand-alone, while others are connected via
laptop. You can also try the basic combinations for that make and model. Some
safe technicians use the default combination or may try to use some thing you can
remember like a child's birthday. If all else fails try 36-24-36, it's
very popular with certain bachelors. Placing bugs around the house is usually
useless. Most people have a tendency to put the television set or stereo on when
they are home. The only exception may be over the head of the bed and wait for
pillow talk. You may as well concentrate on telephones lines. They may use a cell
phone in the house but once again you may not be able to hear the conversation.
Even when using a laser mike which focuses a beam against a window and picks up
vibrations in a room may not work, especially if they have plush carpeting or heavy
You can record a conversation on video you can always lip-read if audio is not
available. If you have the time and they have a garage, see if it opens automatically.
Go over to the garage door and make a copy of the remote for yourself. This works
even with the rolling code models. This is just a general outline of what you can do.
Make sure to check the soles of your shoes before and after a break in. I suggest
wearing a popular brand in case the police make a cast of your footprints. You can
also place a pair of hospital booties over your shoes to cover your tracks.
It is not a bad idea to wear a jogging suit as opposed to being dressed as a
ninja. If you have to run, you would not seem too suspicious. It is wise to take as
few chances as possible.
If you have more time, the best way to infiltrate an organization is to join it. If
not directly then as one of it's support people such as food services or building
maintenance. Cleaning crews usually work after hours under little scrutiny. These
companies have such a high turnover that they are always hiring and do no
background checks. If you do show up for an interview or to do some sort of sales
pitch come mentally prepared. Hang around the places where the target
organization's employees are and pretend to be a headhunter. Hand someone your
demo CD. Of course that CD should have more on it than they expect. Anti-virus
protection can be completely by-passed using this method. I will even guess that
you have done this countless times without a second thought.
If the job interview is for a technology-based position, they will tip their hand
by asking you what do you know about such and such. A good skill to pick
up will be the ability to read documents facing away from you on a desk. While you
are at it develop an excellent memory for detail, especially numbers.
Taking a few acting classes could help here, too. What I like about situations
like this is that these are the ideal times to place bugs. If you think it may be
discovered, then just dispose of something in their wastebasket. Blow your nose
while placing a micro-transmitter in it. I doubt any one will inspect the contents of
a used tissue. They will end up getting rid of it for you. There is a chance that
said item could be discovered by personnel who do paper shredding services. Most
companies do not use this service. This could also be a good idea to do some
dumpster diving later and see what they throw
out. You can carry a micro digital camera and record everything you see. Just
pretend to be listening to an iPod or something. Whatever you do, pretend that you
belong. If someone tries to stop you, start grooving to some imaginary tunes and
head for the elevator. Always have an excuse ready. You can also use something
known as video ham radio. This transmits video images via radio signals; more
commonly used by rescue crews. This is different from the more conventional covert
video systems used out there.
Video systems tend to use a lot of battery power so bring spares. Ideally it
would be nice to place cameras in the copy machine but usually a copy machine
technician best accomplishes this. Some operators have
gone as far as replace whole machines. The FAX machine is the best for
tapping. No one seems to ever suspect that is tapped but will scrutinize everything
else. You may think that that is an oversized DSL filter on it but maybe it is not. If
there is a damaged door with a lock still attached try to remove it. A good
locksmith can build master keys by analyzing the pin tumblers. With some practice
you can do this as well. Cut a key for both before and after removing spacers from
pins if they have them. This is what is called a
master keying system. What you would want to make is the grandmaster key. This
will allow you total access.
If you do start opening doors, be aware that there may be door contacts.
These are magnetic switches used in burglar alarm and access control systems. You
can use basic electronic tools to locate the magnet and use your own magnet to fool
There are different devices out there which can record and analyze security/
prox/access control cards Weigand output. The Weigand output is when a card
reader emits a radio wave, which energizes the card. The card then sends
out a unique identifier. This is what you want to catch. With another device you can
replicate this identifier, mostly using a PDA. Laptops are better but conspicuous
compared to a PDA. Smart cards and the magnetic strips from more conventional
credit card types can be duplicated on the spot. Just be aware that with most
modern access control software the face will show up on the computer screen that
accompanies the card being used so enter with a group. If there
is a numeric keypad you can use ultraviolet light to check for smudges and you can
guess from there. If you have access to a thermal imagery device, you can
see the heat signatures. These are so cheap now that they are popping up in the
most unlikely places. Hunters are using them for the slight advantage it
gives them. Usually the stronger trace is the most recent. That will be the last one
pressed. From there you can guess accordingly. Many systems have a
three strikes and you are out policy, so proceed with caution. Otherwise, if you are
in a mantrap the doors will stay locked and you are trapped and security will be
Biometrics is growing in popularity but as you probably guessed by now, can
be defeated. It is rare for somebody to wipe their prints off. A lot of these devices
are fingerprint based so get copies of fingerprints. One way is to get them from the
biometric reader itself. Some crime scene photographers have special software or
film that accentuates photos of fingerprints. Some scanners that check for retinas
and such can occasionally be tricked by trying out a bunch of well-made fake
eyeballs and a flashlight. You can remotely access the security and camera system
either by the Internet or through a phone line (pre-paid cell phone included). You
can give yourself privileges on a blank access card and erase video files of your
Sometimes the video files may be also network storage based. Once again you
should access anything with any trace of your existence. You can also defeat the
cameras individually. Strong light devices can blur an image or anything that emits
strong electrical signals can cause static or snow. If the camera is too far you can
use a HERF (hi-energy radio frequency) gun. This can send a focused burst which
can either be disruptive or destructive. Think of using your cell phone next to a
clock radio for an analogy. These are not as hard to acquire as you might
If you are this close you should monitor the security guards' radio frequency.
You can use a radio that can communicate with theirs try not to talk to them for any
reason. Many sites are now recording radio transmissions for insurance
Voice print recognition has come a long way. Be aware of their call signs and
any related lingo. If you have a crazy notion of knocking out a guard just be aware
that their radios have a tilt feature so if a guard goes down there is an alert. If you
are thinking about doing a late night sneak and peek consider the perimeter
defenses. The use of fiber optics in fencing is common and almost invisible to the
intruder. Break a branch onto it so that part of the fencing system is deactivated or
In and around can also be seismic intrusion detection, which basically is
sensitive to footsteps. This can be tricked with a device called a thumper. It is
basically a box that stamps its foot at whatever pace. Certain cameras may be
programmed to react to the disturbance. If you are looking for infrared sources use
a passive night vision scope/goggle. You are looking for IR emissions; you are trying
not to create your own which an active model could do. There are little badges you
can wear that can alert you if you are under IR observation. Do not wear divers
watches since the tritium will light you up like a ghost to any nocturnal observer
with night vision goggles. If the facility is using thermal imagery, than you will need
to really do your homework; chances are they are serious about protecting
whatever it is they are tasked with. One way to defeat that is by wearing different
types of neoprene suits. Everything must be covered not a very comfortable way to
spend an evening. Otherwise you will have to wait for a storm to hit before you
make a move.
Now you may not approve of the disclosure of such information. The truth is
such knowledge is freely available to anyone. Just buy a video game to get the latest
inventions and their use. Remember this: the most successful operations are the
kind that go undetected. Maybe a little bit of paranoia is
a good thing.
The author of this article is a freelance security consultant contracted by
competitive intelligence firms, such as
BHE Security, and private investigators.
There seems to be a decided lack of knowledge on the techniques and technology of