Security during and after lockdown
While on lockdown, businesses and individuals must think about their unoccupied premises and possessions. Now that we are coming out of this lockdown and going back to work, Gurpreet Thathy and Mike Moran give their thoughts and go through a recent case with a client last week.
Unfortunately, with properties being left empty during the pandemic, various Police Services have reported a rising number of commercial break-ins during the lockdown. It is impossible to say if these break-ins are everyday criminality or being used as a cover by Hostile Actors masking a more nefarious reason.
Steps must be taken to protect these often-unguarded properties and their possessions. When returning to empty properties at the end of lockdown, it must be worth considering taking steps to ensure that your property has not been tampered with whilst they have been closed.
At Valkyrie, our technical branch provides either a Technical Surveillance Counter Measure Inspection (TSCMI) or an in-depth Security Review of the IT system (Cyberspace) currently used by the client. Often our inspections include both disciplines as a Holistic Security Review, giving a 360° view of the Security Architecture currently in place.
“Cyberspace” is a term used to describe the electronic medium of digital networks used to store and use every facet of everyday life. A secure online environment is vital to private individuals and businesses.
Over the many years of conducting Technical Inspections, it has become apparent to Valkyrie that Individuals & Companies are increasing their use of Cyberspace. Everyone carries an iPhone or similar, and it is common for staff to always have two ‘smartphones with them. The Covid pandemic has made this use of Cyberspace more widespread, with many teams working remotely. We have noticed that many TSCMI’s now include a mixture of the traditional search for ‘bugs’ and a Cyberspace Review and vice versa.
One of our treasured clients had the same thoughts. Before returning to regular work, practice asked Valkyrie to carry a full TSCMI and Cyber Security Audit (CSA). What we identified was shocking to both the client and us.
As part of our preliminary meeting with the client to discuss the threat, we identified that the CCTV had been installed during the lockdown. Our test showed that the system was openly available to log in from outside the client’s network. Further investigations revealed that the default passwords were left in situ. Either through bad practice or deliberately.
A malicious actor would not need to plant anything within the premises and risk compromise using this information. Still, he could identify the employees’ behavioural patterns and remotely monitor who was visiting the company for strategic meetings.
Mike and his team conducted a ‘sweep’ of the offices in conjunction with a Gurpreet Cyber Audit. We identified a GSM eavesdropping device planted within a boardroom during the critical areas’ in-depth physical and electronic search. This device was cunningly disguised as a 3-way extension adapter which was fully operational.
A closer examination of the adapter revealed a SIM card and a microphone connected. The client was immediately informed, and as per our standard operating procedure (SOPs), the device was isolated from the infrastructure, bagged, tagged, and handed over to our internal forensic team to investigate.
The forensic investigation of the SIM card revealed dialled and received calls. Whilst the dialled calls were dead; the received call was of interest as our analysis revealed that this number belonged to an ex-employee who had left the company just before lockdown. The results of the Inspection were passed onto the client for further action.
It was an excellent result both for the client and us in lowering their risk of a further breach. This action proves that businesses and individuals need to be proactive in their security.
Pictured is a 3-way extension plug modified to transmit voice using a standard SIM card