I’ll point out that a common method of detecting bugs at the time was to set up a radio receiver with a speaker and then sweep the frequency, if you managed to hit you would get a feedback sound between the speaker and bug. These oddball modulation schemes would prevent that from working.
I like it a lot that many of techniques have a hybrid analog/digital structure that would involve sample-and-hold, sweeps and comparators like the Triple Pulse scheme.
Today I can’t believe you wouldn’t use some digital solution but at that point in time you’d be lucky to be able to use a small IC.
Audio ADCs are incredibly small and the digital functionality needed isn't much for this. One can fit everything in a sub mm2 IC I think. Minus the antenna.
They were doing all that in the 1970s. There was a sense of panic about electronic eavesdropping around the Watergate period, where it wasn't just Nixon, but really every private eye knew some kid who knew how to make bugs with a few transistors. It got talked about in a lot of books from this time period such as
which was a scandal with many dimensions including the author of that book getting busted for insider trading, there was an incident where the management of that company set up bugs in a room where auditors were working so they had some idea of what the auditors were looking at so they possibly trick them.
That web site has some articles where they talk about fabrication techniques the CIA was using for bugs and it seemed they weren't using ICs but rather trying to miniaturize discrete component designs as much they could just as IBM was doing for the digital electronics for the System 360.
I'd assume if you were doing it now you'd use some kind of pure digital scheme with an ADC, encryption and spread-spectrum modulation of some kind. I still have a sweet spot for things like sample-and-hold, PLLs, and such though.
What I like about this specific video is that the guy actually builds one. And there is a world of difference between a popular article on how the thing worked. and the subtle genius engineering required to get it to actually work.
> As a countermeasure against an NLJD, professional covert listening devices (bugs) of the Central Intelligence Agency were equipped from 1968 onwards with a so-called isolator. An isolator is a 3-port circulator of which the return port is terminated with a resistor. Any energy injected into the bug by an NLJD will be absorbed by the resistor, resulting in no (or very little) reflected energy. An example of such a bug is the CIA's SRT-107.
(or my favorite:)
> A means to hinder isolating a non linear junction is to add inexpensive diodes to places where the NLJD is expected to sweep. This masks the true listening device against a field of false alerts when the many diodes are detected. Such a technique was used in the 1980s construction of the U.S. embassy in Moscow. Thousands of diodes were mixed by the Soviets into the building's structural concrete, making detection and removal of the true listening devices by its American occupants nearly impossible.
Are there any bugs that masquerade as normal devices such as phones in a time-frequency sense, such that they blend in the environment as phones. Polymorphic bugs? Bugs that change their signature.
One more question: are there any bugs that shut down if there is no chatter in the spectrum... Say, if it's a noisy environment (frequency wise) with many phones and devices, the bug blends in and transmits. If it gets quiet, such as when phones are being turned off or distant, then there's something fishy and the bug suspends its operation?
They aren't usually off-the-shelf. They're custom, and can be as smart as the builder wants to make them. (working within constraints like size and power supply)
ah. The only documented instances of bugs I know of are in the spy museum in DC, which btw is a fantastic place to visit. The rest, AFAIK, are held close to the vest. I bet there's an amazing museum somewhere inside of the CIA though.
it would be interesting to see what the waterfall charts of these looked like, and I can't tell if there is enough info in the article to produce a gnuradio flowgraph for any of them. it could be a fun retro spy tech project.
In practice most audio channels are low-pass filtered and bandwidth limited, so I'm guessing that these modulation techniques are not going to work. Also, we have digital methods now.
Oh crap... the Scanlock Mark VB receiver shown on that picture is really similar to the Autolock 7 receiver I snatched at a flea market for a song many years ago, and after finding absolutely nothing about it online sold it on Ebay for like 3 songs. Had I known it was a bug finding device I could have donated it to the Cryptomuseum.
I like it a lot that many of techniques have a hybrid analog/digital structure that would involve sample-and-hold, sweeps and comparators like the Triple Pulse scheme.
Today I can’t believe you wouldn’t use some digital solution but at that point in time you’d be lucky to be able to use a small IC.
reply