Print Article

COUNTER SURVEILLANCE DETECTION
by Alan L. Susal

A PRIMER

In recent years, it has become increasingly easier to install and use surveillance devices such as covert cameras and transmitting audio “bugs”. Surveillance devices have mushroomed in number in domestic use, businesses and government fields. This proliferation of surveillance apparatus adversely affects the privacy of everyone.

Previous state of the art counter-surveillance equipment could not easily detect the high frequency – low power covert devices that had become increasingly prevalent. State of the art field strength meters universally use diode detectors with their 30 mv – 50 mv detection limitation. Besides having low sensitivity, these field strength meters cannot easily detect the higher gigahertz frequencies of the newer surveillance devices. To use these field strength meters it was necessary to “sweep a room” (i.e., closely scan each portion of the walls, ceiling, and floor of a room from 30 to 70 cm away). They also required optimum adjustment of telescopic antenna for desired operation.

Recent developments in high frequency ICs intended for use in cell phones and wireless data communications devices have enabled the development of a new counter-surveillance instrument, - the Zap Checker Model 180 (ZC 180). This radio frequency field measuring instrument uses multiple stages of radio frequency (RF) amplification with distributed, multistage active detection. This enables the ZC 180 to detect signals weaker than 100 microvolts – 100 times more sensitive than conventional field strength meters using diode detection. This extraordinary sensitivity enables the ZC 180 to measure RF down to baseline levels, the ambient level of RF radiation (usually dominated by FM and TV broadcasts that constantly surround us).

The Zap Checker 180 is sensitive enough to detect “sealed” microwave ovens (operating at 2.4 GHz) from greater than 10 meters away. This sensitivity enables the instrument to measure down to baseline RF radiation level, and to detect extremely weak signals that just exceed that baseline level. (This extraordinary sensitivity allows one to use the Zap Checker to detect the approach to land on an international flight while still 180 km out to sea. At that distance one starts to notice the increase in baseline radiation levels associated with the approach to land).

Zap Checker Model 180 RF Counter-Surveillance Meter

The newer, high frequency IC’s also extends the bandwidth of the ZC 180 from 10 MHz to 4.5 GHz. This broad bandwidth covers HF, VHF, UHF, and microwave frequencies that includes broadcast FM & TV, marine, aircraft and utility bands, 2 meter, 220 MHz, 440 MHz and 1.2 GHz. Ham bands, FRS walkie-talkies, wireless car key and garage door openers, wireless telephones (49 MHz, 900 MHz and 2.4 GHz), cell phones and computer 802.11 b&g (2.4 GHz). Wireless devices, etc. Transmitting covert devices from 0.1, 0.4, 0.9, 1.2 and 2.4 GHZ are detected with ease. Using 2 internal antennas in the ZC 180, one for frequencies below 1 GHz and the other for higher frequencies enhances the broad frequency coverage. These antennas are fixed internally and do not require any adjustments.

How does increased sensitivity and broader frequency range help the counter surveillance professional? With the ZC 180 it is now possible to detect very weak high frequency signals from 7 to 10 meters away. That translates to detecting the presence of a covert transmitter from outside the room – or at least at the door. The time-consuming task of “sweeping” for a bug at 30 to 70 cm is changed by being able to detect the presence of that bug from the door, and then directly homing-in on it.

An important feature of the Model 180 Zap Checker is the ability to detect signals in either Linear or Logarithmic modes. In the linear mode the weakest 6-10 dB of signals are displayed on the meter. That enables the instrument to measure baseline levels of RF radiation and any weak signals that just exceed the baseline by 0.5 to 1 dB. Thus, a weak covert transmitting device can be detected if its signal is just above the ambient RF level.

Once a covert RF signal is detected, the sensitivity control (20dB attenuator) is adjusted as the transmitting device is approached. With this adjustment the transmitted signal displays a relatively constant signal measurement, as the ZC 180 gets closer to the signal source. When the attenuator runs out of adjustment range and the meter is registering its highest reading, the instrument reading is reset to a lower level by switching to the LOG Mode.

In the LOG Mode, the RF signal strength measurement spans a 1000 to 1 (60db) signal strength range. In the LOG mode, at the lower end of the meter scale, a 1dB change in signal strength can be noted as a small increase in the meter reading. At the high end of the meter scale, that same change in meter needle movement corresponds to a 1000 times stronger changed in signal strength. The LOG mode enables the ZC 180 to measure very weak signals, to very strong signals on the same scale. This allows one to carry the instrument directly to the signal source. The covert device is precisely located by noting the progressive increase in signal strength as the device is approached, even up to 1 or 2 cm away.

The green and red LED displays on the ZC 180 are designed to give an indication of the meter RF signal strength measurement from a far distance or in dimly lit situations. At the zero meters reading the green LED is at it’s brightest and the red LED is not illuminated. As the meter movement goes progressively higher, the green LED gets progressively less bright. Near the center position of the meter scale, the green LED is dimmed almost to extinction while the red LED is just beginning to illuminate. The red LED lights progressively brighter as the signal measurement increases from that level. The highest signal strength measurement is indicated by the red LED being maximally illuminated. Thus, the instrument reading can be “read” from a far distance when the analog meter is too small to view. This is a helpful feature when installing surveillance equipment, wireless computer networks and data transmission equipment. In these instances, it is often desirable to place the ZC 180 at the receiver site – and make adjustments (antenna orientation, power levels, hot or cold spot, etc.) at the transmitting location.

An inside view of the ZC 180

A silent vibrator in the ZC 180 allows the device to be used to check for RF fields (as from hidden cameras or microphone transmitting devices) without viewing the analog or LED displays. The strength of the RF field is indicated by the strength of the vibrations. This allows the operator to discreetly detect the presence of bugs and/or covert transmitting devices. Once the distant RF device is detected by a weak vibration, the client can home in on it by noting the stronger vibrations as the transmitter is approached. This is useful information to have when entering a meeting room, hotel room, restroom, or meeting a contact in an open field.

A number of counter-surveillance experts who have the responsibility to protect clients, have loaned ZC 180s to them, enabling them to be aware of potential covert devices in their environment. In this Silicon Valley region, companies order ZC 180 devices for use by important company officials and others who travel to strategic meetings. Beware of flower arrangements by hosting companies in foreign lands!

We have seen how new RF detection apparatus can be used to detect covert wireless cameras and other bugs from a distance. What are some other applications for the new instrument?

The Zap Checker 180 is a handy device to carry when doing most types of wireless installations. The ZC 180 quickly checks if the transmitter is putting out any signal. When choosing a receiving site, the site can be measured for background radiation levels and compared to nearby regions. RFI levels are identified and the sources of the RFI can be located. The sites are also evaluated as far as “hot” or “cold” spots for the transmitter or receiver.

Rooms become resonant cavities at the higher frequencies due to signals reflected from nearby buildings and bounced from wall to wall. There are “hot” spots (high-signal areas where the signals converge) and “cold” spots where the signals appear to be lost into “dead” signal areas. It is important to locate these regions by a sensitive RF detector (such as the ZC 180) when choosing the transmitting and receiving sites. Also, the transmitting device needs to be located at a good location to allow the signal to get to one or several receiver locations. Thus, in installing computer wireless networks (802.l1 b and g), it is a help to measure which area to use for the receiving devices and where to place the hub for the best coverage of the multiple receiver sites. Computer installation and security specialists use ZC 180s for these installation purposes and then take the Zap Checker outside the company location to detect potential sites that hackers might use to tap into the company wireless network. Hacker sites can be decreased or eliminated by movement of the hub or using various shielding techniques. The ZC 180 enables one to measure the effectiveness of these manoeuvres.

RF sniffing and radio frequency interference (RFI) detection are other uses for the Zap Checker. Being so sensitive, it is helpful to use the ZC 180 for detecting RF signal leakage in cables, connectors and from shielded enclosures. The broad bandwidth and high sensitivity also allows the instrument to detect Radio Frequency Interference (RFI) sources. Several hospital bioengineers use Zap Checkers during open-heart surgeries to detect and located RFI sources that cause problems with the patient monitoring equipment. The LOG mode is particularly helpful in locating the source of the RFI and discovering grounding and shielding problems.

High sensitivity enables the Zap Checker 180 to detect cell phone transmissions from a distance. A prison guard detects and locates inmates who use illicit cell phones. Theaters and gathering sites are monitored for cell phone activity during performances.

The ZC 180 is particularly good at detecting cell phones, computers, electronic games and other devices that interfere with communication and navigation during commercial airline flights. One pilot experiencing problems with navigational instruments on a flight was able to locate the lap top computer causing the problem using the ZC 180. The unbelieving passenger was convinced to turn off the laptop when he saw its effect on the ZC 180 and was taken to the cockpit where the interference was confirmed on the navigation instruments.

The ZC 180 can detect cell phones, transmitting computers PADS and interfering electronic games from one end of an aircraft cabin to the other. It is curious that airline personnel routinely ask passengers to turn off these devices, yet until now, have had no means for verifying if these devices are actually not transmitting. Since the Zap Checker is solely a receiving instrument, without even a local oscillator, it causes no interference itself on airline flights. It is ideal for monitoring other electronic devices that could be broadcasting interference.

The Zap Checker 180 does not detect the frequency of the transmitting source. This has its good news and bad news features. The bad news is that the frequency of the transmitting device is not verified. Hence, a particular frequency signal cannot be isolated from another signal. When one has control over triggering the transmitting device, it is easy to identify the meter measurement by noting the effect on the ZC 180 by toggling the source off and on. But when the transmitting frequency is not known, it is harder to initially identify the source of the transmissions. One can verify the source by moving closer to the transmitter and noting the increase in signal strength. Other hints are available when one becomes more familiar with the operation of the ZC 180. For example, higher frequencies are more directional and tend to be more focused into hot and cold spots than lower frequencies.

Hence, rapid changes in signal strength with slight movements of the ZC 180 are an indication that one is dealing with these higher frequencies. Also, the higher frequency antenna on ZC 180 is not entirely omni directional and will give some signal strength variation with rotation of the instrument. RF polarization is also more pronounced at the higher frequencies and identified by rotating the instrument from vertical to horizontal and noting the change in signal strength. The good news is that all potentially covert devices are detected, no matter what their frequency. Also, all interfering devices are detected as well. Signals do not go undetected because the RF detector is not tuned to the proper frequency.

The ZC 180 is a small, lightweight, hand-held quality instrument. It is encased in a thick, resilient, polycarbonate case. It operates for 80 hours on 2 AA size alkaline batteries.

Some of the ZC 180 specifications are reviewed below:

Bandwidth from 10MHz to 4.5GHz.
Uniquely high sensitivity – detects 100 microvolt signals
A variable gain 20dB attenuator (sensitivity controller).
Analog meter and LED displays.
LINEAR and LOG gain functions (to detect and then home-in on transmitting devices).
2 internal fixed antennas that do not require adjustments.
A silent vibrator to discreetly alert the user to RF signals.
Less than 150 gm. (5.0 oz.) weight with batteries installed.
Uses 2 AA alkaline batteries – with an operating life of 80 hours.
Ergonomically designed, resilient case, which easily fits into a pocket or purse.

The Zap Checker Model 180 was first introduced in the spring of 2002. It sells in the United States for $89.00, plus $7.00 shipping and handling. In Europe the ZC 180 price is $102.00 U.S. dollars, which includes postage. That is a price of approximately 105 Euros, including shipping and handling.

Alan Broadband Company offers an additional counter surveillance instrument – the Model 270 Zap Checker – which was introduced in the spring, 2003. We are just completing a more sophisticated instrument, the RFD-9, which should be available later in the summer, 2003. These instruments can be viewed on the web site www.zapchecker.com. These instruments will be the basis of future articles.

To view our articles 'Counter Surveillance Detection - A Second Look' please click here and to view 'Surveillance - Straight Talk' please click here.