Over the weekend, we had a short-notice task where the client purchased a property in central London. Our client, who did some due diligence on the seller, identified that he was under investigation and was worried that he would ‘inherit’ the issues the seller was facing. We did a security review, including a TSCM inspection, to ensure nothing was left behind. While conducting the review, we noticed several potential ‘Indicators of Compromise (IoC); this term generally refers to signs that malicious actors may have breached or compromised a computer system/network. However, the term is equally relevant regarding the physical security of a property.
The IoCs we identified included a room where a smoke alarm and several motion sensors had been removed or modified; the paintwork touched up around them. We also looked at the CCTV, which had a built-in network video recorder (NVR) on-premises. When we reviewed the logs, it appeared that multiple devices had credentials to access the system; therefore, this was reset, and we advised the client to get a new company/engineer in to maintain this system.
So, what are some of the IoCs that you should look out for:
- Anything that appears unusual, out of place, missing or unnecessarily modified, e.g. paintwork being touched up, motion sensors out of place, damaged locks/doors
- Evidence of trespass, vandalism, sabotage or disruption to the property
- Strange network activity – if you have smart devices/home automation system, monitor for unusual network activity, such as devices connecting/disconnecting without your knowledge
- If you have CCTV and notice it being tampered with or disabled, it indicates that someone might be trying to compromise your security.
- Disconnect the CCTV system from previous tenants/owners
- If you see unfamiliar/suspicious individuals around your property
- Unnecessary number of smoke alarms or other devices within the property
- Check network points
- WIFI access points – are they all legitimate?
- if you notice unexpected changes in your utility bills, it could be a sign that someone has gained access without your knowledge
- If you receive mail/packages addressed to you but didn’t order, it could be a sign of identity theft or compromise.
If you suspect any compromise or unauthorised access to your house, it’s essential to prioritise your safety and the security of your property. Sometimes the indicators maybe legitimate; however, it is always best to remain vigilant. We see many residential and commercial properties changing hands, and most of our clients are increasingly asking for a security review during or after the process to ensure that nothing compromises them and lowers the risk of a security incident.
Have a great week, all!