---

Executive Summary

Who?
Murray Associates is an independent security consulting firm founded in 1978.

What?
We provide eavesdropping detection and counterespionage services to business and government organizations, and high-profile individuals.

When?
Eavesdropping detection audits are an essential element of successful security strategies. Organizations commonly schedule Inspections on a quarterly basis to detect spying while it is still in the – no harm done yet – intelligence collection phase.

Where?
Headquartered in the New York metropolitan area, a Murray Associates team can assist you quickly, anywhere in the United States, and internationally.

Why?
• Business espionage is at record levels.
• It is difficult to conduct business successfully without privacy.
• Intellectual asset losses exceed property losses, yet are less well protected.
• Executives have a fiduciary responsibility to protect stockholder assets.
• Many businesses must prove compliance with privacy laws.

How?
Tell us about your security concerns. Use the Worksheet in this booklet (or on our Web site). We will suggest a counterespionage strategy for you. It includes a custom estimate, including expenses. Upon your approval, we schedule a mutually convenient time for your inspections (nights, weekends and some holidays, no extra charge). From travel plans to our written report, recommendations and counterespionage checklist, we do all the work for you. The process is easy.



Spies target your information, conversations, strategies, thoughts and privacy in many ways.

There are three Phases to a complete
Eavesdropping Detection Inspection.
Plan using our Worksheet.
Call us for advice.

Phase 1 - Radio Emissions Detection
Radio transmitters are the most common eavesdropping devices in use today. Room and telephone bugs transmit audio; spycams may transmit both audio and video. Computer data and keystrokes may also be transmitted out of the area, wirelessly. Wi-Fi networks are also vulnerable to attack.

We detect and track down this large family of bugging devices by conducting a detailed examination of the radio-frequency spectrum. This Radio Emissions Detection exam is the core component of the eavesdropping detection sweep. It is usually conducted every 2-4 months.

Each exam covers large areas economically; about 10,000 square feet per exam. By strategically locating exam points, whole office building floors can be inspected; inconspicuously, and in a short amount of time. Since transmitters may be remotely located from their microphones, this whole-building approach makes sense. Residences, with vehicles, are usually completed with just one exam.

When budgets do not allow Phases 2 and 3 as frequently as you would like, the Radio Emissions Detection exam provides a basic level of security all by itself.

Note: All levels of service include a written report, and valuable information security recommendations based on our on-site observations.

Wireless LAN Security Audit & Compliance Examinations
This exam is part of Phase 1, but it may also be conducted by itself.

The results of this inspection can determine if your system is open and easily available to intruders and eavesdroppers. Will also learn if you have rogue appearance points, which could have been surreptitiously attached to your system. This can innocently occur when employees plug their own Wi-Fi transmitters into your network without mentioning it to anyone, thus leaving your computers and information vulnerable. It is also a business espionage spying technique.

If any of these privacy laws and directives apply to your business, you need to know if you have compliance deficiencies.

• Sarbanes-Oxley Act – U.S. Public Companies
• HIPAA – Health Insurance Portability and Accountability Act
• GLBA – Gramm-Leach-Bliley Financial Services Modernization Act
• PCI-DSS – Payment Card Industry Data Security Standard
• FISMA – Federal Information Security Management Act
• DoD 8100.2 – Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense Global Information Grid
• ISO 27001 – Information Security Management
• Basel II Accord – Banking
• EU - CRD (Cad 3) – EU - Capital Requirements Directive - Banking

Fines for non-compliance are costly.

Phase 2 - Full Area Inspections

Key areas, such as executive offices, conference and boardrooms, require an additional level of attention to detect the next most common class of eavesdropping devices — the ones which do not transmit via radio waves, or may be activated via remote control.

This group includes: miniature voice recorders; sound extraction via hardwired microphones, carrier current, infrared, ultrasonic or laser microphones; covert video (spycams); and keystroke loggers (which record to internal memories). These devices may be secreted in hollow walls, false ceilings, furniture, fixtures, power strips, radios and clocks and other common items which have a legitimate place in the room.

A complete visual examination is conducted with the aid of Non-Linear Junction detection, Thermal Emissions Spectrum Analysis, and additional instrumentation to detection exotic modulation schemes.

Phase 3 - Communications Examination

Telephones (analog, digital, VoIP), speakerphones, fax machines, print centers, video-teleconferencing equipment and their associated wiring / equipment racks, may be commandeered for eavesdropping.

Our communications equipment examination is actually a battery of tests: electrical measurements; radio-frequency emissions detection; audio leakage detection; digital to analog conversion; an equipment room security check; physical inspection of wiring; non-linear junction detection / frequency domain reflectometry of the wiring to locate remote attachments; inspection of set-up menus to discover activation of features which facilitate remote eavesdropping; and an internal physical inspection of communications equipment to locate foreign devices and circuit modifications.

Upon completion of our exams, government-level security tape (serial numbered) is placed over the access screws of your equipment. You may periodically inspect these seals yourself to detect tampering, or an unauthorized swap of equipment.

Written Reports

Written reports document our efforts, and are proof of your due diligence.
Our reports detail: the locations inspected, our findings, non-electronic information security observations, recommendations for remediation, and an explanation of our inspection methodology and instrumentation. On most assignments, photographs and an annual inspection log are also included.

You also receive private access to our 100+ page report supplement: Business Espionage Countermeasures & Checklists: Everything you need to know to counter the most common business espionage techniques. (on-line and continually updated — because it is good to know today what you might be up against tomorrow.)

With Murray Associates, your due diligence is documented in writing by an independent and certified professional security consultant.


Shortcuts to more information:
• FAQ's
• What is the approximate cost of an inspection?
• Murray Associates Brochure (print version)
• Customer Satisfaction Testimonials
• Our History - 30+ years of Innovations
• Advanced TSCM Instrumentation more more
• Wi-Fi Security Audits with Compliance Reporting
• TSCM Comparison Chart for 'shoppers'