Technical Surveillance Counter Measures- TSCM


“The amount of effort expended to intercept information is limited to the value of the target data.” – Ryk Edelstein, 1997"

Why do you believe you are a victim of technical surveillance?

To facilitate the process, create a list of events which have led you to conclude you are under surveillance. Itemize events, potential motive and possible suspects. This information will be instrumental in our ability to assess who is conducting the surveillance, the type of information being targeted, and the complexity of intercept methods which may be used.

Possible signs to look out for if you suspect you are under surveillance.

Depending on who is conducting the technical surveillance, the intercept technologies and methods used will vary significantly. Threat actors can be categorized into the following types:

Lawful Intercept

Lawful Intercept occurs when a warrant has been issued authorizing technical surveillance to be conducted with the intent of collecting specific information, during a specified period of time, at a specific location, for the intended interception of a specific party, and possibly with the assistance of specific service providers, or communications carriers.

Where the intercept involves the collection of information from a service provider, the method of intercept will often be undetectable to the target party.

In Canada, at the completion of a lawful intercept mission, the targeted party will receive notification of the surveillance event.

Foreign Government

The technical capabilities of nation state threat actors is limits of technology, budget, and the risk of detection or attribution. Where the target data is strategic, or of high value, the mode of interception can include the use of zero-day technologies incorporating elaborate collection methods, communication channels, or evolved obfuscation technologies, undetectable by common practices or commercial security technology.

5-L’s visibility to emerging and zero-day technical threat relative to both TSCM and network communications environments, affords us the ability to develop and deliver services to detect, defeat and identify most forms of emerging threat across traditional TSCM, Information Technology (IT) and Operational Technology (OT) environments.

Corporate Espionage
“The level of effort expended to gain access to target information is relative to its perceived value.”

The technologies and methods used in corporate espionage can vary greatly depending on the motivation of the client, and the skills of those engaged to execute the mission. Often those engaged in corporate espionage will not have access to law enforcement grade intercept technology, and will be limited to the use of consumer-grade Commercial-Off-The-Shelf (COTS) intercept product.

Depending on the value and type of information to be acquired, as well as the client’s tolerance to risk, acquisition methods can range from lower risk activities such as the illicit access to user accounts, to higher risk activities involving the implementation of hidden surveillance or intercept and exfiltration technologies.

The ability to effectively evaluate what is at risk, and the motivation of external parties to access this information, is critical to understanding how to detect and defeat compromise. 5-L’s skilled specialists possess a broad range of skills necessary to detect the presence of threat across a broad range of technical platforms, as well as indicators of account compromise.

As forensic specialists, 5-L has in-house capabilities to evaluate and identify compromise across a broad range of technologies.

Domestic Surveillance

Domestic surveillance can occur between spouses, parents, employers, or business partners. In the past, access to technical surveillance technologies was in the domain of investigation firms. Today, access to covert surveillance technology, of reasonable quality, can be purchased from a multitude of online suppliers. These devices can be used to intercept a broad range of information and can be procured and implemented by anyone who has the intention of collecting private information without the consent of the target party.

The use of hardware based technical intercept technology often requires access to the targets home vehicle or office, and the time and opportunity to implement the surveillance device without detection. Depending on the mode of operation and the skill of the installer, these types of technology pose a risk of being detected.

In recent years, the popularity of cloud services has facilitated threat actors with the resources to access real time messaging, email, and device activity logs from a distance, all without the risks posed by hardware-based technical surveillance technologies, or device resident spyware.

Regardless of whether the perceived threat is from implemented technology, spyware, or account compromise, even the most creatively integrated recording and transmitting technologies can be detected by 5-L’s team of skilled counter surveillance specialists.

Why are you a target?

A threat actor will decide to use technical intercept methods to access target data based on the following factors:


- Value of the target data
- The existing security methods to protect the target data
- Type of information to be collected
- Budget
- Technical Proficiency of the threat actor

In most incidents where the objective is domestic or industrial espionage, the methods used to intercept the desired information will involve the use of Commercial Off The Shelf (COTS) technology commonly available from online sellers or “spy shops”. Evolved attacks will require a more significant budget, and may involve professional grade intercept practices executed by a professional team.

When it is imperative that your spoken, written, and digital communication are protected against unauthorized access, it is imperative that your work environment and communication technology is certified free from technical compromise. Often in-house technical resources may be skilled at addressing IT related security concerns, but lack the experience and technical resources required to competently detect, identify, and defeat technical surveillance.

5-L’s team of Technical Surveillance Counter Measure (TSCM) professionals possess the necessary tools and training to effectively detect and neutralize technical threats. Our counter surveillance specialists maintain a broad set of skills including experts in:

Nothing replaces skill and experience, and no magic boxes available at any price, from any ‘spy shop’ will reliably locate an intercept device.


Communication Technologies
Information Technology
Radio Frequency (RF) Communications
Optical Communications
Analog and Digital Communication Technologies
Data Network Design
Packet Level Analysis
Zero-Day and Evolving Covert Communication Transmission Technologies
Cellular Networks
Short Range Technologies such as Personal Area Networks (PAN) - including Bluetoot, Zigbee, DECT, Infrared
Medium Range Network - including LORA, etc.

With over 2 decades experience in delivering TSCM services to enterprise and government clients, 5-L has developed an effective ‘silent sweep’ protocol to prevent informing the buggist of our presence. Aided by specialized, and highly sensitive counter surveillance equipment, our specialists are effective in the rapid detection, location, and defeat of embedded, active/inactive, remote controlled or hidden technology, down to the detection of the tiniest of devices, even those embedded within furniture, walls, ceilings, or the least suspected common objects.

Do It Yourself Counter Surveillance

Nothing replaces skill and experience, and there are no magic boxes available from anyone, at any price, which can be counted on to reliably locate an intercept technical threat.

Need assistance? Before you contact us, be certain that you are not calling from a compromised room or device.

Digital Technical Surveillance Counter Measure Services

Traditional approaches to the delivery of TSCM are ineffective, and fail to include the detection and analysis of information exfiltration over present day digital network services. As specialists in TSCM, digital forensics, and packet level network analysis, 5-L is uniquely positioned as the first counter surveillance service provider offering Digital TSCM (dTSCM) services. Our dTSCM service affords a broad visibility to include the detection of illicit data paths leveraging the resources of available digital networks, including internal, proximate, PAN, adjacent wifi, or cellular based channels.


Compromised end point hardware
Illicit use of integrated services
Redirection or mirroring of network conversations
Unauthorized network devices
Interception of end point video or audio / back-channel communication
Use of adjacent available networks for data exfiltration
Detection of rogue intercept technology to secure environments.