Advanced Corporate Solutions21st Oct 2020
Specialists in Technical Surveillance Counter Measures (TSCM) services for complete peace of mind.
Advanced Corporate Solutions (ACS), established in 1995, is a global player in Corporate Intelligence and Technical Surveillance Counter Measures (TSCM) “Debugging”.
Our client base covers the full spectrum of Business, Industry and Government including multi-national companies and corporations. Advanced Corporate Solutions (ACS), provides a full spectrum of Technical Surveillance Counter Measures (TSCM) services; alsoreferred to as “debugging and sweeps”.
These involve both technical and physical searches to detect and locate electronic eavesdropping devices. Our personnel have decades of professional experience in both private and governmental sectors pertaining to Technical Surveillance Counter Measures.
AC Solutions offers countermeasures for commercial and residential locations as well as for vehicles and aircraft. On completion of the investigation, we provide our clients with a detailed report of our findings, with recommendations for reducing exposure to eavesdropping and providing them with peace of mind. Corporate Intelligence, as one of the most specialised disciplines of Intelligence, requires specialised skills and equipment and must be instituted as a long-term strategy. The overall objective of Corporate Intelligence is to protect company interest. Advanced Corporate Solutions (ACS) has a proven track record in Corporate Intelligence and can provide many references in this regard.
We pride ourselves on well-established accreditation and association with the following local and international authorities and bodies:
Technical Surveillance Counter Measures (TSCM)
Corporate eavesdropping poses a significant risk to organisations. Global statistics demonstrate that the threat of internal eavesdropping is real, imminent and ongoing. The majority of eavesdropping devices found during “Bug Sweeps” are planted either by current employees, IT personnel and recently terminated employees or associates.
Intellectual Property (IP) and Information Assets, including, but not limited to, trade secrets, product design, development or pricing and other proprietary information, are critical to any business remaining functional and competitive. Yet this data is routinely exposed to the risk of theft and is overlooked in Cyber Security Risk Management, and organisations are increasingly ineffective at safeguarding such information.
As breach notification laws, regulatory requirements, and reputational considerations draw increasing focus to Cyber Security, regarding the personal data of clients, customers or personnel, businesses are risking their most valuable assets, and that risk has a notable price tag.
For many businesses, IP protects more than just an idea or a concept – it protects genuine business assets that may be integral to the core services of its operations and their overall long-term viability.
IP can consist of various aspects, ranging from corporate identity through to products, services and processes that differentiate a business’ offering. When an organisation’s concepts, processes and ideas are used without permission, it is prejudiced.
Almost all businesses have undoubtedly benefited from the Internet, where products, services and marketing communications can reach vast audiences at relatively low cost, but this has also increased the chances and instances of Intellectual Property theft.
Companies, irrespective of size or jurisdiction, are at increasing risk of having their unique ideas, products or services infringed upon, making IP protection more important than ever.
Set out below is an overview of equipment options utilized by ACS during TSCM assessments and inspections.
OSCOR™ Blue Spectrum Analyzer
The OSCOR Blue is a portable spectrum analyser with a rapid sweep speed and functionality suited for detecting unknown, illegal, disruptive, and anomalous rogue transmissions across a wide frequency range.
The OSCOR Blue Spectrum Analyzer is designed to detect illicit eavesdropping signals, perform site surveys for communication systems, conduct radio frequency (RF) emissions analysis,
and investigate misuse of the RF spectrum.
Kestrel TSCM” Professional Software
Kestrel is a highly evolved TSCM specific, operator centric SDR application, with advanced capability to meet TSCM specific and evolving challenges of professional technical operators, working in the private sector, and within the national security apparatus, who are faced with a modern moving target threat model.
The Raptor RXi is an ultra-fast-scanning counter-surveillance receiver, capable of scans from 1 0kHz to 26GHz in under 4 seconds, for quick detection of surveillance transmitters and with the ability to detect even the briefest pulsed transmissions.
A.N.D.R.E Deluxe (Advanced Near-Field Detection Receiver)
The Advanced Near-field Detection Receiver (A.N.D.R.E) is a broadband receiver that detects nearby ambient Radio Frequency (RF) energy. It provides an economical tool for detecting known, unknown, illegal or disruptive, or interfering RF transmissions across a 1 0 kHz to 6 GHz frequency range.
The CPM-700 is a broadband receiver designed to detect and locate all major types of electronic surveillance devices, including (but not limited to) room, phone, body bugs, video transmitters, and tape recorders.
Voice-over Internet Protocol (VoIP) phone systems present a new form of security risk to an organisation’s communications. With new enhancements built into the TALAN software interface, users can now test Internet protocol (IP) packet traffic on VoIP phones and systems.
Locates the presence of electronic components in devices, regardless of whether they are switched on or off. The HAWK XTS-2500 is a portable, simple to use advanced Electronic Device Detector, also known as a Non-Linear Junction Detector (NLJD). The HAWK XTS-2500 is capable of locating and confirming the presence of electronic components found in devices, regardless whether they are switched on or off.
Bloodhound is an acoustically stimulated microphone detector (ASMD), which is an electronic system for use by Technical Security Inspection Teams for detecting audio eavesdropping devices.
Video Pole Camera
The Video Pole Camera provides white LED illumination for colour inspection in dark areas, i.e. drop ceilings, behind immovable objects, around corners, and other difficult to reach areas and in dark situations.
CAT/ FLIR Camera and FLIR One
Powered by FLIR’s Lepton® camera and using FLIR’s exclusive MSX® technology. This rugged device uses FLIR (Forward Looking Infrared) to capture clear thermal imagery, video and even time-lapse footage.
Seek ShotPRO Thermal Imaging Camera
The Seek ShotPRO is the most advanced thermal imaging camera for professionals. Photos and videos are analysed immediately with new on-board thermography tools. Spot measurements and temperature boxes are created for time-saving reports. Problems are precisely diagnosed with 16x higher resolution.
As smartphones and tablets become constant companions, hackers are seeking every avenue available to break into them.
Many people expect that iPhone or Android devices are secure by default, when in reality, it is up to the user to make enhanced security configuration changes. With the right (inexpensive) equipment, hackers can gain access to a nearby mobile device in less than 30 seconds and either mirror the device and see everything on it or install malware that will enable them to siphon data from it at their leisure.
The nature and types of cyber-attacks are evolving rapidly and, with good reason, mobile devices have become a critical part of enterprise Cyber Security efforts. Research firm, Gartner, predicts that by 2021, 27% of corporate data traffic will bypass perimeter security and flow directly from mobile and portable devices to the cloud.
Mobile malware threats are typically socially engineered and focus on tricking the user into accepting what the hacker is selling. The most prolific include spam, weaponized links on social networking sites and rogue applications. While mobile users are not yet subject to the same “Drive-By” downloads that PC users face, mobile advertisements are increasingly being used as part of many attacks, a concept known as “malvertising”.
Android devices are the biggest targets, as they are widely used and easy to develop software for. Mobile malware Trojans designed to steal data can operate over either the mobile phone network or any connected Wi-Fi network. They are often sent via SMS (text message); once the user clicks on a link in the message, the Trojan is delivered by way of an application, where it is then free to spread to other devices. When these applications transmit their information over mobile phone networks, they present a large information gap that is difficult to overcome in a corporate environment.
Cellebrite is a world leader in the development of advance mobile forensic hardware and software products. The Universal Forensic Extraction Device (UFED) Touch Ultimate from Cellebrite is an example of hardware used by mobile device investigators to gather information from mobile devices that may contain infected and malicious data.
Information and Cyber Security Services
Dynamdre – ACS affiliate Company
Information and Cyber Security consists of the collection of technologies, standards, policies and management practices that are implemented to guarantee that information remains secure. Information Security policies and tools assist an organisation in preventing, detecting and countering any threats to information, whether the information is digital or non-digital. Information is a major asset in any company and as such must be handled with due care.
Why is it important to secure company information?
Information Security prevents company information from making its way into the hands of parties who are not authorized to have access to such information, and who may use the information for malicious purposes.
Ensuring that a company’s information is secure is essential, considering that the leakage of confidential information could potentially be detrimental to the operations of any business.
Corporate Governance, on the other hand, refers to the structures and processes for the direction and control of companies. Corporate Governance also concerns the relationships between management, the Board of Directors, controlling shareholders, minority shareholders and other stakeholders. (Refer to King IV Report: SA)
Effective Corporate Governance help companies operate more efficiently, improves access to capital, assists in mitigating risk, and safeguards against mismanagement. It makes companies more accountable and transparent to investors and gives them the tools to respond to legitimate stakeholder concerns such as sustainability, operational, environmental and social issues. Information Security, though often viewed as a set of technical issues, must be embraced as a Corporate Governance responsibility that involves risk management, reporting controls, testing, training and executive accountability.
Our methodology is built on three important pillars that are vital to the success of these types of projects and your business:
- Confidentiality: Data is only accessed by those with the right to view the data.
- Integrity: Data can be relied upon to be accurate and processed correctly.
- Availability: Data can be accessed when needed. Failure to comply with the requirements of Information Security Guidelines may lead to disciplinary action.
Our assessment methodology consists of the following approaches:
A Security Assessment is conducted to determine the degree to which Information System security controls are correctly implemented; whether they are operating as intended; and whether they are producing the desired level of security;
A Vulnerability Assessment is conducted to determine inherent weaknesses in the Information Systems that could be exploited, leading to Information Systems breaches.
Penetration Testing (Pen-Test) is conducted to evaluate the security of an organisation’s Information Technology (IT) infrastructure by trying to exploit vulnerabilities under controlled conditions, including any that may be present in operating systems, service and application flaws, improper configurations, or risky end-user behaviour.
Why Should You Protect Your Intellectual Property
Intellectual property (IP) normally refers to creations of the mind, inventions, artistic works, symbols, names, designs etc. It is being described as property because it can be owned, sold or transferred. Intellectual property may include the following: patents, trademarks, registered designs, breeder’s rights, copyrights or circuit layout rights.
The International Commercial community regards trade secrets as the intellectual property of a specific business or company. Per definition trade secrets are protected information which is not generally known amongst or readily accessible to persons and has commercial value because it is secret. Trade secrets are normally not protected by law as are patent rights and therefore trade secrets have to be protected by the company/institution/corporation itself.
Intellectual property (IP) rights are valuable assets for your business – possibly among the most important it possesses.
What is Espionage, Eavesdropping and Bugging
Espionage is the obtaining of secret or confidential information without the permission of the holder of the information. The practice is clandestine, as it is by definition unwelcome and in many cases illegal and punishable by law.
Eavesdropping is the unauthorized real-time interception of a private communication, such as a phonecall, instant message, video conference or fax transmission.
Bugging involves a concealed miniature microphone in (a room or telephone) in order to eavesdrop on or record someone’s conversations secretly.
How Can You Safeguard Your Intellectual Property
Governance – Information Classification and Handling
- Restricted/ Classified
- Company Confidential
Physical and Environmental Security
- Clean Desk, Clear Screen
- Disposal and Destruction
- Access Control (Physical and Logical)
- Penetration Testing (Simulated Attacks)
- Vulnerability/ RiskAssessments
- Vulnerability Management Life-Cycles
- Background Checks
- Screening and Vetting
- Security Clearance
- Polygraph/Voice Stress Test Analysis
- Access Control
- Security Guards
- Secure Datacentres
- TSCM – Bug Sweeping