>>I know many of you came here
expecting to see the Dr. Phil
from the Oprah Show. Talking about relationships, drug
addiction, and eating too much.
But, in fact, this guys much better. >> Alright, thanks for
that intro, well, it's probably
one of the better ones I've gotten. But ah, someone said to
me once, you're not THE Dr.
Phil. It's like, no, he's like the other guy. But anyway... So,
today, just want to talk a bit
about some cheap to free ways of detecting surveillance. So maybe
you are a little paranoid and
thinking, I wonder if someone is spying on me? We're going to
talk about some simple ways you
can find out if that's true or not. In particular we are going
talk a little about video
surveillance and also we are going to talk about tailing,
someone following you in your
vehicle. Also, some eavesdropping, also some other
physical surveillance. Also,
some other surveillance that could be embedded into your
technical devices and how you
might find those. Little bit about why should you care about
this stuff? Our government's
assault on our constitution is pretty much known. I don't know
if you can read this cartoon
very well, but it's like hey, I wonder what people think about
us violating their rights....
Why don't we check their emails and see. [Audience Laughter].
And it's not just the national
governments, it's the national governments, competitors, it's
stalkers. Like this little lady
in the corner here, she looks like a stalker. Some of you
might remember her from some of
her youtube videos. And sometimes there are people that
just don't like you. So they are
following you, waiting for you to do something. Okay, so first
I want to talk about video
surveillance. Now, when it comes to video surveillance, there are
different kinds of surveillance
today. Virtually everyone walks around with a video camera all
the time. Most people have them
in their smart phones. Even if you have a dumb phone, it
probably has a video camera in
it. So, I want to talk about some of these phones, such as an
IP cameras. You've probably seen
things like this. Foscams are pretty popular, you just go to
Best Buy or some similar store,
buy a couple and plug them in. Maybe hide them, you get similar
technology, a nanny cam and
such. Now, if you have a night vision camera, there's a simple
way to detect this night vision
because there's a flaw that all these cameras share, and this
kind of demonstrates this flaw.
Which you are looking at, I have a digital camera and I'm
directing it at a remote
control. So you may know some of this already. But digital
cameras of all forms, pick up
infrared light. So, if I go back here to this slide, you see all
those LEDs around these cameras.
Those are infrared LEDs that are used to illuminate the subject
of your camera during darkness.
So, if you have an infrared remote, for your tv, whatever
and you're not sure if it's
working or if your battery is working, batteries dead, you can
just pull out your camera and
point it at the remote, push some buttons and you should see
lights flashing. The same thing
can be done to detect a night vision camera that might be
spying on you. So, here's what
I've done, I've hidden a camera, can anyone see the camera? Yeah,
so I hid a camera behind flowers
in my workshop, and what you want to do, some of these
cameras are motion activated,
and so it's dark. Turn off the light, and so nobody's really
going to see – unless they have
a video camera and have been taping it the whole time.
They've probably seen you do
something more embarrassing than (speaker waving his arms) than
this anyway. So, just grab your
video camera, (someone got a picture of that), move around,
wave your arms. And if you have
a video camera that is presently a video camera, you will
probably get something as
showing up on this screen. Alright, it'll be very obvious,
these lights showing up on the
screen. Alright, there are some other ways to detect infrared,
such as these little cards that
you can get. They probably don't work as well as just using your
video camera on your phone. But
you could do it this way. But, in general, if you have some of
these wireless cameras, they are
nice, easy to set up things, which makes them easy to detect.
Okay, so I want to talk a little
about detecting wireless cameras. And first off, the free
way. If you have a wireless
camera, these are set up different ways. Sometimes they
are set up to existing wireless
networks, sometimes themselves as an access point, sometimes
adhoc. In particular, if they
are set up as an access point or adhoc network a pretty easy way
to find them is just to use your
Android tablet or smartphone and download a couple of free apps.
This one is just called WiFi
Analyzer. You download this app and you can look and see, oh, I
see some suspicious networks.
And you will say, hey what's this spying on Phil network?
Sometimes it will be anonymous,
unnamed network or an adhoc network. But if there's another
network that's pretty strong,
that's another clue. You have a pretty strong network in your
house, and you're not expecting
to have that and it's not your home network, it's suspicious.
By the way, thinking about being
suspicious, I just bought a new laptop recently, and I was
running Windows 8.1 and I was
noticing, hey, don't hate me it came with it. I don't normally
run windows and I'm not running
now. So, I thought it was running kind of slow, and I look
at the task manager, and there's
this video camera app, consuming 100% of my disc IO? And I'm not
running my video camera app?
Little suspicious. Okay, some other ways you might detect
video cameras etc., you can use
something inexpensive, something you know. I like the
BeagleBones, done a lot of work
with the BeagleBones. Developed my own linux, the deck on the
BeagleBones. So, in this picture
I have a couple systems. Up in the upper left, it's my picture
of my famous Buzz Lightyear Hack
you to infinity and beyond lunchbox computer. And down in
the lower left corner, it is the
same thing, a BeagleBone running the deck with a 7 inch
touchscreen. By the way, that
touchscreen is from a company called 4D Systems and they just
started making some stuff for
the Beagles. Seems to have some good stuff and it's a little
cheaper than some of the other
stuff out there, just a little tip. And then on the right, I
have a couple BeagleBone systems
with touchscreens and a wireless antenna, simple wifi, alpha
adapter you've probably seen
before, little keyboard. And in the lower right hand corner, I
didn't do it, because it would
make the picture less clear but you can do it, take all that
stuff and tape it onto the
wireless antenna and have a nice little bug detector. Kind of on
the go. So, if you're feeling
lazy, you can take that set up and you can run your standard
Airodump and the Airodump at the
bottom will show you the clients and also shows you the power. So
you notice the top one shows
powers was minus 28 and now it's gone to 30. Smaller negative
numbers are better when it comes
to power. You can use that and you can pan around your office,
your house, wherever you are and
look for wireless signals. Alright, now with just a little
bit more work, you can make this
better. And everything's better with Python, right. So, just a
little Python script that I
wrote, yeah, I realize you probably aren't going to be able
to read that and or copy it
during this but the slides will be available later, so, feel
free to get it later. But, I
just wrote a simple Python script and what it was is scapy,
some of you are probably
familiar with that. And it uses the radio tap headers which
include the power or the signal
strength. So what I do is capture for about 2 seconds and
I record the different devices
that I have found and which were their strongest signals I
displayed on the screen, wait a
second, blank the screen, repeat. And basically if you do
that and you run it, you get
something kind of like this. You will see the strongest signals
at the top and now it's a minus
5 so that's a good strong signal so that means I just went past
something emitting a bunch of
wireless traffic. In a little bit here you will see I swept
back and pinpointed exactly
where that device is. You don't see it in the screen capture but
what I essentially did was, I
had my foscam and my big old yagi antenna and I just swept
the room and got that minus 5,
kept going – came back and was able to say, that's where the
bug is. That's where that video
camera is. That's pretty cheap. The BeagleBones, $45,maybe a
little less if you get a deal.
If you want to spend a little bit more money. This talk is
about how you can do this free
or for very little money. Obviously, if you like to spend
money, you can go buy the
commercial detectors. If you've got thousands of dollars to
spend, go for it. Ah, but
another fairly cheap way you can detect these sorts of things is
to use this little board from
Linear Technologies, RF meter chip, called LTC5582 and you can
use this to detect a signal. Any
kind of RF signal. And if you're only interested in frequencies,
like say wireless frequencies or
some other frequencies that you suspect some bugs might be
working on. When we're talking
about video cameras, we are talking mostly wireless ones. So
probably the standard 2.4 ghz
frequency would be fine. You can detect them with a very simple
circuit. Alright, they make the
raw chips, but they also make this little demonstration
circuit. This board is about
$100 so, it's not free but not terribly expensive. To the right
is an example of a band pass
filter, basically you just screw it onto the adapter. It will go
between this board and your
antenna. And your circuit's going to look kind of like this.
Oh, I forgot to warn you guys,
there's a guy that's going to have a really good talk after
me... so if my talk starts to
suck, if you hang around you will get a good seat for the
next guy. He won't suck so much
– just letting you know. Little fyi there. So, it's a pretty
simple circuit, you know you
hook this up to your directional antenna you hook up some power
to the 2 top leads. You get an
output voltage and you also have to hook up the ground. You know,
you can just hook up a meter to
it. You can use a meter, you can use a BeagleBone, use whatever
you want. Basically, you just
need to measure the voltage coming off of that and that's
another way to go. Let's talk a
little bit about physical surveillance. All right. Is
somebody following you in your
car or tailing you? We're going to talk a little bit about
common vehicles that are used in
tailing, some standard techniques and we'll talk a
little bit about stake outs.
Often those are also done from vehicles and what are some
standard techniques you might
find and then we'll kind of move on from there and talk about
what could you possibly do in
order to actively thwart attempts. Alright, so tailing. If you have
a non-government adversary
they'll tend to use vehicles that are going to blend in. A Honda
sedan, Toyota sedan. Things
like that. You will probably not use a red
Ferrari. If you're in texts the
most common vehicle might be an F150 pick up truck. If you're
smart and are going to follow
somebody you will pick a vehicle that kind of blends in. Not
something that's super bright,
really flashy, you know. Something that everyone you
drive by and they're like I
always wanted one of those. Nothing like that. So a nice bland
colored vehicles, SUV's are
popular in certain areas and you might expect to see that. You
know, government spies on people.
Traditionally what's the stereotype? Black SUV. Right?
Sometimes there's a little truth
to things like that. Of course Crown Victorias are popular.
That doesn't mean that you
should only look for those kinds of vehicles. Depending on how
interested people are in you,
you know, they'll get all kinds of different vehicles. They'll
get women and children, old
people, you know, all kinds of people you don't suspect are
working for the FBI but they
are. All right. So some general techniques. If you're following
somebody the follow distance is
going to vary. Generally from about 2 cars behind you, you
know, typically it's kind of
frowned on to be right behind somebody that you're following
because they might notice to a
couple of blocks. And a lot depends on things such as, you
know, is it just one car? Is it
the stalker that we saw earlier? Or is it a government? All
right. So if it's one car or
even if it's multiple cars they might extend that range using a
bumper beeper. Now there are
different kinds of bumper beepers. Simple ones like
literally something that just
makes a tone on a certain frequency to its a GPS tracker.
All right. Generally speaking a
tail is considered to be blown if you've had 3 suspicious
impressions. Like if you're
following somebody, not that any of you have ever followed
anybody because that would be
bad but if you're following somebody and they look right at
you 3 times or do something
similar like act strangely because they think they're being
followed, typically most people
say, all right, we're done. All right. So single car tailing
generally speaking as I said you
will be a little closer then with multicar tails. You can't
afford to lose somebody if it's
this. You're more likely to follow traffic laws, running a
couple lights. A little
suspicious. And again you might use something like a bumper
beeper in order to help extend
your range. This picture down in the corner is an example of a
bumper beeper. If you look at
the long tube it has a couple of magnets on it and there's
electronics you can cram in
there with good batteries and you just slap it on someone's
car. It doesn't have to be the
bumper but some metal part. And track away. All right. Multicar
tailing. Typically if you got
multicar tailing it's probably not stalker. It's probably
somebody else. In most cases
everyone is behind you. Again, most cases. Not a hard and fast
rule. Sometimes you might have
cars on parallel streets not just all behind you in a big
caravan. If you're in an urban
area, if you're in the country they're probably just behind
you. Also, you might see cars
taking relative positions and having that change. So that
you're not always seeing the
same car behind you. Now here's a big give away. If you see
vehicles that appear to go a
different direction. They turn off somewhere then they
magically reappear later either
they're lost or they're following you. So decide if
you're paranoid or not. Okay. So
how can you combat tailing? The number one thing you can do to
combat tailing... Look. Have a
little situational awareness. Look around you. You know, when
you're going places don't just
look ahead. Look around. When you're getting in your vehicle
check your car. Look for
trackers. Look for vehicles that seem to be behind you for a long
distance. You know, maybe
they're just going the same way. Maybe not. And again watch for
those vehicle that is go away
then suddenly come back. That's a little bit suspicious. You
know, if you see that happen I
would say that's one impression. You have two more things happen,
they're probably done. Other
things you can do. Detect electronic devices. I'm sure
many of you know what this scene
is from. He finds the GPS tracker on his car. How can you detect
these electronic devices? You
can use the RF detection system previously described. Typically
if you use that don't use the
band filters. Some really simple ways, if someone has a
simplistic bumper beeper you
might be able to detect that just by tuning in your AM radio.
I know nobody uses AM radio in
their car. Nobody uses the radio in their car. Right? It's all
Bluetooth connection to iPad or
iPod and things like that. So... Anyway... Some of these
home made and cheaply available
trackers operate on the AM band so if you scan through that band
and you hear this nice strong
tone and it's always nice and strong and it's just a tone
guess what? It's probably you.
All right. It's probably something on your car. Other
things you can do, some active
techniques. You can drag at the traffic light. If you don't know
what that means basically you
can try to time it so you're the last person that gets through a
traffic light and if someone
tries to run the light or whatever then you can be
suspicious. Take unusual routes.
Don't take the normal route that somebody would to go to whenever
your destination is or switch up
your route. Don't take the same route every day. You can also
try driving through some
residential neighborhoods. You might look suspicious. I just
moved and I live in a
neighborhood ‑‑ there's only a couple entrances and they all
let out on the exact same
street. So if you follow me through my neighborhood it looks
very suspicious. Like why would
anyone drive in there? Unless you're going there, there would
be no reason. Don't be afraid to
take a few alleys or deserted side streets. Occasionally you
might even just park your car.
No reason. Sit on the side for a couple minutes. If you're real
paranoid, get out of your car.
Only in a good neighborhood. Right? Phil told me to get out
of my car. I was afraid someone
was following me and guess what? I got mugged. I am not
responsible for anything you do
from what you hear in my talk. All right. Other things, all
right. So that's tailing or
mobile surveillance. What about stationary surveillance or stake
out? Again a lot of this occurs
in a vehicle. Not always. But sometimes. You might expect the
same vehicles to be used as in
tailing. Additionally sometimes people like a little bit more
room so they might have an SUV,
commercial van, pick up truck with a nice Topper, things like
that. This picture down in the
corner is actually from an article I found on‑line and make
your own surveillance van. All
right. Now I got a question for you guys. If you make your own
surveillance van should you put
Tony's pizza on the side of it? What's wrong with that? There's
no phone number. Okay. What else
is wrong with it? >> [Off mic] >> Who delivers pizza in a van
and when you deliver pizza what
do you do? You deliver the pizza and leave. If you make your own
surveillance van pick a plumber,
electrician, sewage guy, septic. Put mud on the side. All right.
How can you combat stationary
surveillance? Again the best thing you can do, look. You
know, look for people. Sometimes
people stop for a little bit. Maybe they're waiting for
somebody. But if you're sitting
in your car for more than 5 minutes, yeah, I'm suspicious.
Especially if you're eating
donuts and wearing a cop uniform. But other things to
look for. Now this one is a
little rough. Construction, utility workers who appear not
to be doing anything.
[Laughing]. Yeah sometimes they don't ever look like they're
doing anything. You know? You
know, it's the old joke. Slow, men working. Okay. The slow men
are working. Or is it slow,
because the men are working? All right. So I have to get a
grammar Nazi on that. So yeah,
especially I know this is a stereotype but if you've got
some guy on a pole if you know
anything about people that do like cable and phone work they
don't like to go up and sit on
that pole all day long. They go up and do what they have to do
and come down. So if you have
somebody parked up there and eating a sandwich it's probably
not a cable guy. Right? And
again even if it's not Tony's pizza you get commercial
vehicles that seem to be parked
for a long time, um... Another big clue. If there's anyone that
has a view of all of your exits.
All right. Someone that has conveniently placed themselves
in a spot where they can see
every exit to your house or to your office, that's probably not
a co‑incidence. All right? Some
active techniques. Get out your binoculars. Spy back. Why not?
All right. Do you think that
would be an impression? They would be like hey he's spying
back at me. I'm pretty sure that
this one is blown. All right. So don't be afraid to do that. Do
strange things. You know, run
outside. Jump in your car. Run back inside the house. See if
anybody suddenly started their
car. Maybe your neighbors are like it's just Phil. Drive
around the block. See if anybody
follows you. It might sound stupid but simple things like
that, you know, you drive around
the block and someone thinks you're going to go somewhere.
Maybe they'll move towards your
house, maybe they'll follow you. All right. Audio bugging. You
can get various kinds of audio
bugs. You can go on the internet and buy these things. I really
like this one in it is upper
right hand corner. Nice apple logo on it. Nobody suspects
anything with an apple logo on
it. Right? Slap it on the back of someone's iPhone or iPod and
bug away. You do have some
different kinds of bugs. Some of them are radio transmitters.
Some of them use DSM phone
networks. The GSM phone networks a little bit harder to detect.
Not a lot but a little bit. Also
a little bit more expensive to use because you have to have a
phone account and all these
things. Some freeways you can do it, you can get your AM/FM
radio. You can use the software
defined radio such as the little dongle I have in this picture
connected to a begal bone. You
can use an FDR by the way. If you're going to use the cheap
little TVdongle you should know
they work usually 50 megahertz. They will not necessarily detect
all the bugs but if you have one
laying around anyway it doesn't cost you anything. Moderately
expensive way you can use that
circuit I described earlier with the linear technology RF power
meter or you can drop 500 bucks
for this thing down in the corner. If you got the money and
you want to buy a new toy maybe
it's for your office. Right? Mr. President we need this. 500
bucks. What's our safety worth?
How could you use an AM/FM radio? Basically you have to
have an analogue radio. You can
buy these probably at the dollar store. Scan for the AM/FM range.
If you hear yourself, if you
hear the audio you're generating be it your voice or radio or
whatever then it's probably you
being retransmitted. So... This is only going to work with some
of the simplest bugs but again
it's worth a shot. All right. Now what about passive bugs?
Bugs that aren't always on. You
can try to excite them. Basically you can have some
passive bugs that get
irradiated. You don't have to be on the exact frequency to make
it work. If you blast a lot of
power at these devices they will probably generate some sort of
signal that you can detect. I
remember many years ago I had a friend who was really into CB
radios and he also liked to buy
illegal amplifiers. So this guy had a thousand watt amp he
bought from some guy and hooked
it up to the CB and he was in the parking lot and we dropped
off a buddy and we were in the
store and guess what was coming over the intercom in the store?
This guy. He was way off the
frequency but the signal was so powerful it was bleeding over.
It's kinds of a similar thing
with exciting these RF bugs where, you know, if you're close
to the frequency and you shoot
them with enough power you can probably get them to at least
turn on, generate some sort of
signal you can then detect. All right? So what are you going to
use? You know, again the freeway
you probably have an alpha card and nice directional antenna.
Just crank that sucker up. By
the way if you don't know this with those alpha cards you have
to tell it it's visiting another
country if you want to crank up the power. Bulgaria is nice by
the way. I've never been there.
I'm not going to say my alpha card has been there. It might
have been there. I'm not going
to commit. Anyway FCC doesn't like it. No it's never been
there. Scratch that. Mine has
never been there. But you can change that and give it a little
bit of a signal boost. Other
things. There have been some other folks that have talked
about these. Some of you might
notice these pictures as some of the NSA bugs. Jacob Applebaum
described some of these bugs
recently in Germany and they can be installed when shipments are
intercepted. You buy something
through Amazon and it comes with your NSA bug. Service
professionals, your own IT
people, people just don't like you. If you're going to
piss somebody off make sure they
have no skills. All right. All right. How do you detect these
bugs? Again the free way. Look.
If you know what the bugs look like, look for them. If you
didn't know what they looked
like and you open up your computer you probably wouldn't
find them. You know, some of
these are pretty clever and they just look like regular stuff.
You know, some of them are
attached to debugging ports that Dell conveniently left there
just for that purpose, for their
own internal debugging. Other things you can do. You can
look ‑‑ you might have some drop
boxes. I've talked about drop boxes before a little bit last
year at DEF CON. And some of
those drop boxes are pretty easily hidden and stuff on your
desk. I'll show you some
examples. So really you need to check every device especially
those that are connected to your
network or USB. USB is great if you want to hack somebody. All
right. I love USB. So here are a
couple hiding places. I stole these from my book so I guess
it's okay to steal pictures out
of your own book. In the upper left it's an access panel in the
floor in a classroom. So I have
power, I have networking and I have enough space for the drop
box. Lower left is one of my
favorites. Desktop defender from Think Gate. Anyone heard of
these before? Maybe some of you
have them. They're nice toys. You put them on your desk.
People come by and tell at you.
It's USB powered which is awesome. Because I can put a
drop box in there. USB power it.
I got power forever. I got a hand sanitizer dispenser not
completely full. Space on the
top. Again drop box. And the little talking Tardis toy. So
plenty of space for a drop box.
So look. Again look. Pictures have been released. You can also
look for current links. Unless a
bug is battery powered it needs power from you. So it will leech
power somehow. Turned off
devices kind of like a video camera shouldn't be consuming
resources. So one way that you
can detect this is you can use a modified universal lap top power
supply and what you do is you
modify it so you can read out some current that's flowing and
if you have a lap top or phone
and you can remove the battery just pull the battery, turn it
off and then hook it up. If
there's current flowing something's wrong. Right? Now
sometimes there might be a
little bit of current like your laptop to run LED's and things
like that but, you know, if
there's much current at all could be something to
investigate. Now if you have a
tablet or can't remove the battery it's harder. You want to
fully charge it then see if
there's much current that's flowing when it's turned off. If
you have a bad charging circuit
you might have some current flowing so you have to be
careful with this method. If you
have another device and you can measure its current flow to get
kind of a base line that would
be the best. Okay. So here's the basic idea. You have your lap
top adapter which has a series
of plugs and you hack a little cable and you break one of the
lines so that you can put a
meter on it and detect how much current is flowing. All right?
It's kind of like this. In the
upper left hand corner is my little adapted wire. Basically
had an extension cord for this
connecter. I just hacked the ends off it and I solderedered
it up on a board and you can
plug it in line to this adapter I got for $13 on Amazon,
something like that. All right?
And then get the right adapter tip, set the voltage, connect it
to your device, measure the
current. Desktop computers same idea. I recommend physical
inspection because it's easier.
Sometimes the power supplies will leak a little bit of
current. So if you see a little
bit of current flowing don't be suspicious. Always be suspicious
but... Other things about
desktop bugs they might only work when the desktop is on. So
you have to be aware of that.
This method might not detect everything. Some passive bugs,
same thing. Excited just like
the audio bugs we talked about. Uses the same kind of techniques
in order to try and detect it.
Now you're not going to detect everything. You know, like the
NSA bugs probably not. But again
what can you do for cheap to free? All right. So in summary I
would say choose your level of
paranoia. You know, even if you're not paranoid though you
can still detect a lot of these
spying attempts at no cost or little cost and if you're truly
paranoid but you're not rich you
can still test some of these things without financial ruin. A
couple of references. A little
bit more about the BeagleBone stuff. You can find that in my
book and here's a reference to
Jake Applebaum's NSA talk that he gave and if you have
questions you can talk to me
later. Again don't leave though because the next guy is really
good. He doesn't suck so much.
All right? @ppolstra on Twitter or you can go to one of my websites
and, you know, again for the
BeagleBone stuff there's more in my book, website, and all that. So
thanks. [Applause].
