Case Study: Nortel and Technical Surveillance Countermeasures (TSCM) / “Bug Sweeps”
Former Canadian Telecom giant Nortel is back in the news. A Global News report details how a Chinese military attack on the company contributed to its downfall. The article outlines systematic hacking that occurred but also mentions the planting of electronic bugs in the Nortel facility. This is a reminder that while cyber attacks have become a very large part of our security discussion and defences, it is also important to remember that other forms of technical surveillance – what is often referred to as “bugging” – are still being deployed in cases of corporate and industrial espionage.
It happens more than you think
A well placed device in a law office, boardroom, home office or executive vehicle is a low cost, low tech, easy to install and effective way to gain access to privileged information. A “bug” can be just as devastating as a large scale cyberattack resulting in IP theft, considerable advantage in private negotiations, fraud, and loss of commercially sensitive information to a competitor.
Many reported technical surveillance operations have been conducted by state actors and it’s often assumed that this is exclusively a game countries play against each other. For example, in 2002, the Chinese government claimed to have found multiple bugs in the airplane of their President. The Russians have been accused of bugging a room in the US state department.
The Nortel news report is a good reminder that private companies and citizens can also be targeted by state actors. It has long been rumoured that the French Intelligence Service bugged first class passengers aboard Air France flights, including the Concord. In the case of Nortel, the espionage was so pervasive that when the Canadian Department of National Defence looked to take over the vacant campus in Ottawa they worried it was so riddled with technical surveillance devices it was not secure enough to move into the building.
The fact is, low-tech surveillance devices are cheap, easy to find and simple to use which makes them a tool available for private citizens and companies. Those spy devices online aren’t all just being used as “Nanny Cams”. Bugs have been found in rival law offices and private security firms have been caught targeting researchers, lawyers and journalists by covertly recording and filming private conversations.
Consider a sweep in to your office
The risk of technical surveillance is extremely elevated right now because over the past few years businesses, law offices, executive suites and corporate boardrooms have been left vacant. This provided ample opportunity for threat actors to gain covert access to these sensitive areas. Re-occupation planning should therefore include consideration for technical surveillance countermeasures – what we might colloquially say “a sweep for bugs” – to ensure that no intrusive devices have been deployed in areas where sensitive discussions will be occurring once again.
Other times when technical Surveillance Countermeasures should be considered are:
- After an office renovation or relocation
- In advance of a corporate AGM
- In regular course during mergers and acquisitions and when engaged in contentions litigation
The article makes clear that Nortel was aware of the risks but dismissed them as “exaggerated spy novel plots”. Nortel’s market capitalization fell from $398 billion in 2000 to less than C$5 billion in 2002. It actually wasn’t a novel but rather a case study.
Click here To learn more about Kirsch Group TSCM – Bug Sweep Services
If you have any questions and would like to discuss technical surveillance countermeasures are appropriate for you please get in touch.