Are you being watched?

15 July 2019

I grew up watching spy films. “Do all those gadgets really exist?” was the question that occupied most of my time. Little did I know how close fiction was to fact? Hi-tech surveillance equipment not only exists but it is cheaper, easier to use and more readily available than you might imagine. As a consequence, corporate espionage through technical surveillance is on the rise. You may not see yourself as a target, but if you’re perceived as wealthy or a person of interest, someone (competitor, an ambitious employee, etc.) will make you a target.

Surveillance very often amounts to an unauthorised disclosure of, or access to, personal data and should consequently be treated as a data breach for the purposes of the General Data Protection Regulation. An immediate risk assessment is required upon detection. What confidential information has been extracted? What are the consequences for the business, its operations, its ability to function and its reputation? In some situations, personal safety is also at risk. In the majority of cases where a group or individual is orchestrating an attack to an individual or their family, you must anticipate some sort of technical covert surveillance to take place that would include eavesdropping, planting bugging devices, or installing covert CCTV.

In around 60% of the sweeps we have conducted in the last two years, we have found either eavesdropping devices or some other sort of technical or physical vulnerability regarding the security of the premises or the attendant equipment. Set out below are examples of some of the threats that we have uncovered.

  1. Cellular Technology
  2. Hybrid Devices
  3. Covert Cameras

A large number of the devices that have been detected in clients’ premises have been cellular. Some are voice activated and as soon as the device detects a sound, it calls a pre-configured number (which can be abroad) which allows the eavesdropper to listen, in real time. Such devices can be purchased online for just under £20!

Hybrid devices are on the increase. They are designed to look like an everyday device commonly seen in the home or office such as a pen, USB memory stick or computer network cable. The device maintains a superficial functionality such as being able to write with the pen but it will include a built in listening and recording capability. Again these devices are accessible to anyone to purchase online.

As you will be aware from the camera in your smart phone, high resolution cameras can be very small in size and yet still produce exceptional audio and visual footage that is sharp and precise in poor light and sound conditions. Cameras can be controlled and viewed remotely via Wi-Fi.

So how do you know if you are being watched?

The only way to detect such recording devices is to conduct a Technical Surveillance and Counter Measure (TSCM) to identify what devices are connected to the Wi-Fi, in conjunction with a physical inspection of the property. For example, in a business environment, clear desk policies are in place but not being adhered to; therefore, sensitive information being unsecure. People leaving passwords written on post it notes and leaving them underneath the keyboard. These vulnerabilities are just as critical as identifying an eavesdropping device.

What happens if a “bug” is identified?

An investigation needs to take place to identify what data has been obtained by the attacker. Items such as GSM devices, audio/visual recording devices can be forensically examined to identify what has happened. When the forensic investigation is complete, you can use legal tools such as a third party disclosure order to obtain registration information, for example, a SIM card detail registration, which may prove useful. Should the perpetrator get their hands on private or commercially sensitive information and threaten to leak it, you may consider applying for an injunction to try and prevent publication.

You may think that bugging devices are the stuff of television dramas and James Bond films, but the truth of the matter is very different. With the advances in technology and the availability of these devices, it is becoming a harsh reality. So, if you think you are being watched, there is every chance you could be!

This article was first published in the Family Office Magazine Summer Issue 2019 on 8th July.

Receive our monthly newsletter

About the Author

Gurpreet Thathy

Cyber, Associate

Gurpreet has extensive experience in Digital Forensics and Technical Surveillance and Counter Measures (TSCM)

+1 646 934 6219
Our 24 hour number
+1 646 934 6219
Legal information

© 2020 Schillings International LLP. SCHILLINGS is a trading name of Schillings International LLP and Schillings International (USA) LLP.

Schillings International LLP is a limited liability partnership registered in England and Wales with registration number OC398731. A list of members of Schillings International LLP is available for inspection at our registered office 12 Arthur Street, London, EC4R 9AB. Schillings International LLP is an Alternative Business Structure regulated and authorised by the Solicitors Regulation Authority.

Schillings International (USA) LLP is a registered limited liability partnership organised and existing under the laws of the State of Delaware, United States of America, whose principal place of business is at One World Trade Center, Suite 8500, New York, NY 10007. Our New York based attorneys are registered as a foreign legal consultant in the State of New York.