TSCM Questions We Get - "How often do you find bugs and wiretaps?"
A. It depends on the type of sweep. We conduct Technical Surveillance Countermeasures (TSCM) sweeps for business and government, and rarely residential or matrimonial type sweeps. More on them later.
Our regularly scheduled, due diligence, technical information security surveys rarely turn up devices. No surprise. Organizations using our services already have a high overall security profile. They are hardened targets. For them, the bug sweep bonus is... having a known window-of-opportunity when something is found.
What we do find are other information vulnerabilities like: decayed security hardware; security policies no longer being followed; and other unseen security issues.
Discovery statistics on our "emergency sweeps" (sweeps where electronic surveillance is suspected) varies from year to year, about 2%-5%. However, the rate of determining what happened and resolving the client's concerns is extremely high. (Isn't that the real point of the exercise?) More often than not, these info-loss cases can be traced back to the human element, or the poor security practices—which allowed the leak to occur some other way.
The benefits of a TSCM sweep—with either type of sweep—make the task worthwhile.
When it comes to the residential and matrimonial sweeps, The find rate is quite high. This makes sense. The opposition's focus is narrow; they want to intercept communications and/or determine location. Electronic surveillance is the tool of choice. Solving these cases is relatively easy.
With organizations, the opposition's focus is information, in all its forms. Corporate espionage, industrial espionage, call it what you will. There is no one spy tool of choice here. It's electronic surveillance plus hundreds of other tradecraft techniques. Solving organizational emergency cases requires more than a simple TSCM bug sweep. Add-on skills include: corporate investigations, alarm system design, computer forensics, and information management to name a few.
Second to 'getting the goods', the goal of espionage and voyeurism is 'never be discovered'. Obviously, if you don't check, you won't know. The big losers are the folks who don't check.
~Kevin