sandman.com : Knowledgebase

Telephone Line Tap/Bug Tech Bulletin

"I think my phone is tapped. What do I do?"

I get that question a lot! Most people are looking for a device they can just put on their phone line to tell them whether it's bugged, or not.

The bottom line is that there's no simple device you can put on your line to tell you it's been bugged. If you think your phone line is bugged, don't say anything on it or in your house that you don't want overheard.

The safest way to make a call that's probably not bugged is outside in the open, on a brand-new digital cell phone with a new number, that you just bought (like a prepaid cell phone). If you make the call in your car there's a possibility that someone has put a microphone in the car attached to an RF transmitter so they could hear at least your side of the conversation.

Some people don't believe me that there's no magic gizmo to detect a bug since they've seen devices advertised at spy shops or in the back of Popular Science magazine. Don't believe everything you read.

If you're interested, I'll tell you exactly why you have no hope of being sure you're not bugged...

You can be bugged in a few ways:

1. Putting a tap on your phone line.

2. Putting microphones in your office, home, or car to pick up audio.

3. Putting a key logger or program on one or more PCs that sends everything you do on your computer out to another site on the Internet.

The person listening to the bug can be connected in a few ways:

1. A hardwired connection to the telephone wiring in the building. A telephone line always has power, so it could work forever.

2. An RF transmitter that broadcasts over the radio from your office, home, or car. A modified cell phone is a wonderful RF transmitter that works almost everywhere and is easily wired to the car's battery so it will run forever. You'll never know it, but your car mechanic might spot it.

3. Also... In a car, your exact GPS location can be broadcast, so they know exactly where your car is (even cheap cell phones contain a GPS).

4. They can be connected to the Internet through your always-on broadband connection which could be digitizing telephone calls, room audio and computer keystrokes and screens, sending them to another site on the Internet.

To detect a hardwired connection to the phone line, you need a Time Domain Reflectometer (TDR) which gives you a graphic display of all the connections on a phone line going towards the Phone Company's Central Office. The TDR will tell you on a screen how many feet it is to each blip, then it's your job to walk out that many feet (including up and down walls) to find what's making the blip. It might be a bug, but more likely it's just a phone, spare jack, answering machine or a splice.

Once you've found the source of that blip, you go on to the next blip, and so on. You can do that for miles outside the building, going towards the phone company. There will be splices on poles and in the green pedestals on the street. Any of those blips can be a bug. The only way to know is to walk it out and physically look at it. Pretty time consuming, and it could require a ladder or bucket truck, as well as a wrench to get into the green pedestals.

An experienced phone man can do some of that by just looking at the wiring and equipment on the line. If it was an amateur trying to bug the line, it's likely that the phone man would spot something that just doesn't belong there. If it was a professional bugging the line, the bug would probably be hidden inside something that would normally be attached to a phone line and even I wouldn't recognize it. Without the TDR, a phone man is just guessing. If you're that concerned about being bugged, you really don't want a false sense of security.

If there is a bug on your phone line, they could be listening to your phone calls, but they could also have microphones hooked up (or they could modify a telephone) to listen to anything in the room(s) - not just phone calls. The bug can be monitored anywhere the phone line can be extended.

The guy listening can be on a pole, in an alley, in a car or van parked next to a pole or pedestal with a wire running into the vehicle, or the line can be extended (spliced like an extension) on a pole or in a pedestal so that it goes to another house or office in the neighborhood using the telephone company's spare wires. The people listening can be in a perfectly nice comfortable place sitting on a couch eating pizza and watching cable TV while they record everything you do, and you'll never know it.

A bug on a phone line might also transmit using RF (radio) and can also be transmitting the audio in the room(s). If that's the case, the person listening can be anywhere within range of the radio. Since bugs can be made from cheap cell phones (powered right from the regular 110AC wiring in the building), it's possible that they could be listening in another country - again sitting on a couch drinking Vodka and speaking to their cronies in Russian. You'll never know it.

The solution? Don't say anything you don't want overheard!

Your cell phone is not safe from bugging!

If your cell phone could have been accessed by anyone when you weren't using it (like when you were in the shower?), or by a salesperson or technician in a cell phone shop, the phone could have been modified to:

1. Send all of your cell phone conversations to whoever is bugging you.

2. Send all of the conversations that are heard in the area of the phone heard (picked up by the microphone on the cell phone)

3. Send an SMS message (text message) to the person bugging the phone every time your phone makes or receives a call, or you send a text message.

4. Send the GPS coordinates of your phone to the person bugging the phone.

The government (FBI, CIA, Police, etc.) can and does do this legally. It's not hard, and there's no way to stop them other than not to say anything that can be used against you. Recent news stories have pointed out that the FBI ignores the law themselves and just asks phone companies for phone records - with no supporting documents or a warrant.

Every computer or telephone you have is already directly connected to the US government. If you're in another country the US government has helped almost every other country setup the same systems which gave them direct access to all the phone calls and Internet traffic in those countries. There aren't enough humans on earth to watch and listen to all that traffic so computers monitor it all and decide what a human should look at or listen to. And some or all of this traffic is archived for some time, or forever?

In the old days (20 years ago?), bugging was much more difficult than today. The amazing modern technologies we're all using make it incredibly easy to bug anybody. Because it's so easy, the police seem to have forgotten the laws that protect all of us, including them, from illegal bugging. When it's this easy and the tools to do it are so easily bought cheaply on the Internet, it's easy for anybody to lose sight of laws that are in place to protect us.

Software to bug a cell phone is cheap and easy to get on the Internet. Just about anybody can bug anybody else's cell phone easily.

There are a few things that will give you a clue that your cell phone has been bugged, but there's no way for you to know for sure:

1. Your battery life is suddenly much shorter. The phone has to use its battery to send voice and data to the person bugging the phone. While the battery could have reached the end of its life, if it does the same thing with a new battery... you're bugged. If you remove the battery entirely, the cell phone can't be used to bug you.

2. The phone is warm between calls. Cell phones range from warm to really hot when they're being used. If you're not talking on the phone, and it's supposed to be idle waiting for a call, if the phone stays warm it's got to be in use by the person bugging you (and battery life will be shorter if it's not plugged into the charger).

3. Your cell phone's available memory keeps getting lower. If you can check the available memory on your cell phone from a setup menu of some sort, and you notice it continually going down but you're not running any programs or receiving lots of emails etc., that could be an indication that the phone is storing up your conversations, emails, and text messages to be transmitted in a batch to the person bugging your phone, later. On the other hand, if you use lots of programs on your smart phone, and receive lots of email and messages, this may not be a reliable indicator. If you don't want to be bugged, or at least you want to know you're being bugged, the simplest cell phone could be the best (not a smart phone).

4. The interference from your phone changes. All cell phones interfere with certain phones, computer monitors, AM or FM radios, TVs or whatever electronic devices they get close to. You've probably noticed that when they're idle you'll get little blips of interference here and there. You can even hear it on TV when the newsman has his cell phone in his suit breast pocket, and he has a little mic on his tie that picks up the noise from the cell phone.

When you're not using the phone, unless it's receiving a large email or you have some kind of program running on the phone, and you hear constant noise instead of little blips here and there, your phone is probably bugging you through the mic - listening to everything you say and broadcasting it to the person bugging your phone.

How can you stop your cell phone from being bugged? You can't.

Your only hope of preventing a cell phone from being bugged is to go the Biggie-Mart store, buy a prepaid cell phone, and use it until you have to leave it out of your sight for a few minutes. If you take it into the bathroom and shower with you, put it under your pillow when you sleep (alone), and never leave it out of your sight, you can probably use it for a few days.

Once the government gets your cell phone number, probably by bugging who you're calling, they'll be able to listen in to everything you say on your phone immediately. They may even be able to go back and listen to the archives once they know the phone number of the cell phone you were using. The government can legally tap any landline or cell phone, and most VoIP conversations. The equipment is already setup at the phone companies so they can do this quickly.

The scary thing is that the same senators and congressmen who approved the government tapping any call are at risk for their conversations being heard through this easy-to-do government system. Politics is a dirty business, and laws aren't all that important (except for the few politicians who are caught).

The solution? Don't say anything you don't want overheard!

It's safe to assume that everything you say or do can be intercepted very easily.

Before the Internet if someone wanted private information they probably broke into your home or office, your doctor's office, or your friend's or business associate's home or office. They made copies of the papers they found, stole the documents entirely, or maybe hooked up a wired bug or two. Even President Nixon used these methods against the Democrats.

With the advent of the Internet, you have to assume there is no privacy. Any emails you send, records that your doctor stores on his office computer network, or anything you look at on your computer or cell phone's browser is recorded somewhere.

It's so easy to put software on a computer in your home or office (or your doctor's office) or on your cell phone to record everything you do, it's now trivial. Even non-techies can find a way to do this by doing a simple google search, anytime. It's cheap and easy. Even though it's illegal for everybody except the government with a search warrant, there is so little enforcement that even the police think nothing of bugging someone without a search warrant (or they can get unbelievably broad warrants to bug anybody at any time). It's just so easy that it's a no-brainer.

The solution? Don't say anything you don't want overheard!

So, what about those devices you see advertised that they'll detect bugs on a phone line?

Most of them are total garbage. Some will tell you that someone has actually gone off-hook on an extension phone, but since the volume drops and you usually hear a click when someone picks up a phone you probably don't need it.

Most professionals will be using a high resistance device that is nearly impossible to detect after it’s been installed.

But wait... it is possible to put a gizmo on a phone line to tell you whether there has been any change in resistance/capacitance on the line, and some devices will even detect a high resistance device quite far from the premise.

Once a gizmo like that gives you an "alert," you'd to use a TDR to verify every little blip on the line to make sure it is / is not a bug.

Before you put that gizmo on the line, you would need to verify that the line has no bugs using a TDR, and then put the bug detecting gizmo on the line. If a bug was on the line before even the most sensitive bug detector was put on the line, the gizmo could never detect it.

While it's possible to make a device like this that would work after a TDR was used, it would probably be pretty expensive and not 100% depending on how far from the premise the bug is placed.

If someone puts a bug at the Phone Company's Central Office, nobody is going to detect that. If someone installs that type of bug, they're either the government or they've paid off a phone man at the CO. Either way, you'll never know.

If the government wants to hear your conversations, all bets are off. They have the capabilities to monitor any phone including your digital cell phone in the comfort of their own office all day and night long and there's no way you'll know, and nothing you can do about it.

Before the Iridium satellite system went bankrupt years ago, calls between two Iridium satellite phones went directly to the other phone through a satellite. There was no way for anybody to monitor that conversation (or data), because it never went through a "central office." Other satellite phone service providers route every call through a ground station, which gives the government a place to monitor the calls. Since the government helped save the Iridium system, I'm betting they can now monitor those calls as well.

You can buy an RF frequency counter/detector with a directional antenna to detect RF bugs and go looking for sources of RF yourself. A problem with doing that is that you need an RF detector that covers essentially the whole radio spectrum - which can be pretty expensive. Cheaper detectors will cover the most commonly used frequency bands, but do you really want the false sense of security thinking that you just checked all of the frequencies possible?

You might see Google ads for bug detectors, but don't believe every ad you read on the Internet!

If you still want to see if there are any bugs, it's time to call a professional. The industry is called Counter Surveillance. Unfortunately, there are professionals - and then there are scam artists that call themselves professionals, and they might even have some fancy looking equipment. They might find a bug (if they trip over it), but they're not really looking for them. All they're going to do is take your money and give you a very false sense of security.

If you're a company who's coming out with some fantastic new gizmo where if the news of it leaked out it would cost you big, or you suspect a leak in your board room (from bugs, not board members), it's time to call for help - knowing that the cost is well worth it.

If you think you're being bugged because your husband or wife thinks you're screwing around, it's probably not worth hiring a professional.

By the way, be very careful using GE or RCA 2+ line phones, since many have crosstalk right from the factory that allows someone to overhear a conversation at a low volume on one line by picking up another line (those junky GE or RCA phones that Jack Welsh had in his mansion cost him $180 million in his divorce battle!).

Here are two Counter Surveillance professionals who from my research are going to do a real sweep for bugs (and who are not cheap). If they can't come to your area, ask them for a recommendation - don't just look for someone on the Internet!

1. James Atkinson
    Granite Island Group
    127 Eastern Avenue #291
    Gloucester, MA 01931-8008
    978-546-3803
    http://www.tscm.com/
    Email: jmatk@tscm.com

2. Rick Udovich
    Communication Security, Inc.
    P.O. Box 1815
    Bay City, TX 77404
    979-244-4920
    http://www.bugsweep.com

You probably should only call them from a pay phone or your new prepaid digital cell phone, outside in the open, since you're already thinking your phone line is bugged. Email may not be safe. If the person who bugged you gets wind that you're going to look for their bugs they may remove them until after you've had the sweep done, and then put them back.