LAS VEGAS — How would you know if someone is spying on you? If you’re at risk and you have some computer savvy, you can figure it out on your own using low-tech spy detection equipment.
Phil “Dr. Phil” Polstra, associate professor at Bloomsburg University of Pennsylvania, gave a talk on the subject to a (perhaps justifiably) paranoid audience at the Defcon hacker conference in Las Vegas this week. This sort of advice fits exactly with the kind of mindset of attendees at Defcon, where the assumption is that hackers are likely to be spied upon for their work.
Polstra, who has a new book available for preorder on penetration testing, said there are ways to detect video and audio surveillance as well as ways to tell whether you’re being physically tailed by someone.
“The government’s assault on the Constitution is well known,” he said, but noted that people may be subject to surveillance by local governments, law enforcement, competitors, stalkers, and “people who just don’t like you.”
For video surveillance, one popular tool is the Foscam Internet protocol camera. These cameras can be big or small. And they can be made small enough so that they’re hard to detect, even in your home. Some are motion-activated.
But one way to pick up the presence of the cameras is through an infrared sensor. The cameras often come with infrared sensors so that they can view images under night vision conditions.
“You can detect a night vision camera which hits you with IR,” Polstra said.
The cameras or other recording devices may also use Wi-Fi networks to wirelessly transmit images to another location. If you turn on your laptop, you can detect the Wi-Fi signals around your house. If there is a wireless network with a strong signal inside your house — and it is not your home network or that of your neighbors — you may have reason to be suspicious, Polstra said.
Polstra built his own video camera detector using a Linux-based do-it-yourself computer dubbed BeagleBone, which costs as little as $45. You can trade the source of Wi-Fi signals using software such as Airodump. You can also use Linear Technology’s LTC5582 RMS RF power detector or bandpass filters to scan your environment to find Wi-Fi networks or cameras.
You can also discover audio bugs in your home. They’re inexpensive and readily available on the Internet. Some of them use GSM cellular phone networks to transfer recorded audio to another location.
A USB TV Tuner software defined radio device will detect active bugs that operate in the 50 megahertz to 2 gigahertz spectrum. You can also use an AM/FM radio to detect some bugs. The radio has to be analog, not digital. As you tune the radio, if you hear yourself on it, then that means you’re being bugged, as your own sounds are being retransmitted on that radio.
Audio bugs may also be embedded inside devices, using their power to operate. Bugs needs power to run. If you’ve turned off a device, and it is still drawing power, that may be a reason to be suspicious.
Bugs can be installed in a variety of ways. Someone could intercept a shipment of a package for you and install a bug into whatever is in the package. They may be implanted by service professionals, spies on your local information technology team, or just someone pissed off in your office.
As for being followed physically, or tailed, Polstra also had some detection advice. First, you should pay attention to your surroundings. You’re not likely to be tailed by someone in a red Ferrari. But if you see the same van or black sports utility vehicle all of the time, that’s a clue. Government agents often have to make do with their own government-issued vehicles. You may also be tailed by more than one car, if you’re an important target.
“With a single car, they will have to follow you closer than with multiple cars,” Polstra said. “If you see vehicles that appear to go off in one direction and then come back, they’re either lost or following you.”
You can check the bottom of your car for tracking devices. You can also scan the AM radio bands for the tones issued by listening devices. And you can use traffic lights to discern if you’re being followed: Drive across an intersection just as a light turns yellow. If a car runs the red light, then that’s a strong tip that you’re being followed.
To avoid surveillance, you can also take a different route or drive a longer distance through a residential neighborhood. And when you’re home, scan for vehicles such as plumber or electrical repair vehicles. Polstra’s slides are embedded below.
You can't solo security COVID-19 game security report: Learn the latest attack trends in gaming. Access here