 I know many of you came here expecting to see the Dr. Phil from Oprah talking about relationships and drug addiction and eating too much. But in fact, this guy is much better. All right. Well, thanks for that intro. It's probably one of the better ones I've gotten. But, you know, someone said to me once, it's like, well, you're not the Dr. Phil. It's like, no, I am. He's the other guy. But anyway. So today I just want to talk a little bit about some cheap to free ways of detecting surveillance. You know, maybe you're a little paranoid and you're thinking, hey, I wonder if someone is spying on me. And we're going to talk about some simple ways that you can determine if that's true or not. And in particular, I'm going to talk a little bit about video surveillance. I'll also talk about tailing, you know, someone following you in your vehicle. Some audio eavesdropping. Some other physical surveillance. Talk a little bit about devices that might be embedded into your technical devices and how you might find those. A little bit, why should you care about this stuff? Our government's assault on the Constitution is pretty well-known. I don't know if you can read that cartoon very well, but, you know, it's hey, what do these people think about us violating their rights? It's like, let's check their emails. Find out. All right? And it's not just the national governments that are spying on you. You've got local governments, competitors, stalkers, like this little lady in the corner here. She looks like a stalker. Some of you might recognize her from some of her YouTube videos. And sometimes there's people that just don't like you. All right? So they're following you waiting for you to do something. All right, so first I want to talk a little bit about video surveillance. Now, when it comes to video surveillance, different kinds of video surveillance, you know, today virtually everyone walks around with a video camera all the time. Most people have them in their smartphones. Even if you have a dumb phone, probably has a video camera in it. So I want to talk a little bit about some of these cameras, such as some of these IP cameras. You could probably see things like this. Foscams are pretty popular, nice consumer product. You just go to Best Buy or some similar store, buy a couple, plug them in, maybe hide them. You get similar technology and nanny cams and such. Now, if you have a night vision camera, there's a simple way to detect this night vision camera because there's a flaw that all of these cameras share. And this kind of demonstrates that flaw. And what you're looking at is I've got a digital camera and I'm directing it at a remote control, right? So you may know this, some of you already, but digital cameras of all forms pick up infrared light. So if I go back here to this slide, you see all those LEDs around these cameras, those are infrared LEDs that are used to illuminate the subject of your camera during darkness, right? So if you have an infrared remote for your TV, whatever, and you're not sure if it's working, you think the batteries are dead, you can just pull out your camera, point it at the remote, push some buttons and you should see light flashing, right? The same thing can be used to detect a night vision camera that might be spying on you. So here, what I've done is I've hidden a camera. Can anyone see the hidden camera? All right. Yeah. So I hid a camera behind some flowers in my workshop. And what you want to do, some of these cameras are motion activated. And so, you know, it's dark, you know, turn off the lights so no one's really going to see, unless of course there's a video camera that's been taping you the whole time. They probably see you do something more embarrassing than, hey, okay, yeah. Okay. So, you know, just grab your video camera. Someone got a picture of that. Thanks. You know, grab your video camera, get away of your arms, you know, move around a little bit. And if you have a video camera that's president, a night vision camera, you'll probably get something as shown up on the screen. All right. It'll be very obvious that you'll see this big bright light. There are some other ways to detect infrared, such as these special little cards that you can get. They probably don't work as well as just using your video camera on your phone. But you could do it this way. And then in general, if you have some of these wireless cameras, they're nice, easy to set up things, which also makes them easy to detect. So I want to talk a little bit about detecting wireless cameras. And first off, the freeway. If you have a wireless camera, now, these are set up different ways. Sometimes they connect to an existing wireless network. Sometimes they set up themselves as an access point or sometimes they're ad hot. In particular, if they're set up as an access point or an ad hot network, a pretty easy way to find them is just to use your Android tablet or smartphone. And you can download a couple of free apps. This one is just called Wi-Fi Analyzer. You download this app and you can look and see, oh, I see some suspicious looking networks. They'll show up and you'll say, hey, what's this spying on Phil network? Or, you know, sometimes it might be an anonymous unnamed network or an ad hoc network. But if there's a network that's pretty strong, that's the other clue. You have a pretty strong network in your house. And you're not expecting to have that. And it's not your home network. Be suspicious. By the way, speaking about being suspicious, I just bought a new laptop recently. And I was noticing, I was running Windows 8.1, which, hey, don't hate me, it came with it. I don't normally run Windows. In fact, I'm not running Windows now. So I thought, wow, it's running kind of slow. And I looked in the task manager and I'm like, why is there this video camera app consuming 100% of my disk I.O. And I'm not running a video camera app. Little suspicious. All right. Some other ways that you might detect video cameras, et cetera. You can use something inexpensive. Some of you know that I like the Beagle Bones. I've done a lot of work with the Beagle Bones. Developed my own Linux, the deck on the Beagle Bones. So in this picture, I just have a couple of Beagle Bones systems up in the upper left. It's the picture of my famous Buzz Lightyear hack you to infinity and beyond lunchbox computer. And down in the lower left, that's the same thing. It's a Beagle Bones running the deck with a 7-inch touchscreen. By the way, that touchscreen is from a company called 4D Systems. And they just started making some stuff for the Beagles. Seemed to have some good stuff. And it's a little cheaper than some of the other stuff out there. So a little tip. And then on the right, I have a couple of Beagle Bones systems with small touch screens and a wireless antenna from simple Wi-Fi. Alpha adapter you've probably seen before. Little keyboard. And in the lower right-hand corner, I didn't do it because it would make the picture less clear. But you can take all that stuff and kind of tape it onto that wireless antenna and have a nice little bug detector kind of on the go. All right. So if you're feeling lazy, you can take that setup and you can run your standard arrow dump. And the arrow dump at the bottom, it will show you the clients. And it also shows you the power. So you notice that it says, you know, the top one right now is power is minus, was minus 28. Now it's gone to minus 30. You know, smaller negative numbers are better when it comes to power. And you can use that. And you can pan around your office or your house wherever you are and look for wireless signals. All right. With just a little bit more work, you can make this better. And everything's better with Python, right? So just a simple little Python script that I wrote, I realized, yeah, you're probably not going to be able to read that or copy it during this. But the slides will be available later. So feel free to get it then. But I just wrote a simple Python script. And what it does, it uses Scapey. Some of you are probably familiar with that. And it uses the radio tap headers which include the power or the signal strength. And so what I do is I capture for about two seconds. And I record the different devices that I found. And what was their strongest signal strength? I displayed on the screen. Wait a second. Blank the screen. Repeat. And basically, if you do that and you run it, you get something kind of like this. And you'll see the strongest signal is at the top. And now it's minus five. So that's a good strong signal, which means I just went past something emitting a bunch of wireless traffic. And then a little bit here, you'll see that I've swept back and pinpointed exactly where that device is. And you don't see it in the screen capture. But essentially what I did here is I had my FOSCAM and my big old Yaggy antenna. And I just kind of swept the room, got that minus five, kept going, came back, and was able to say that's where the bug is. That's where that video camera is. All right. So that's pretty cheap. The Beagle bones, 45 bucks, maybe a little less if you get a deal. If you want to spend a little bit more money, and by the way, you know, this whole talk is about how can you do this stuff for very little or free, right? Obviously if you like to spend money, just go buy commercial detectors. If you've got thousands of dollars to spend, go for it. But another fairly cheap way that you can detect these sorts of things is to use a little board from linear technologies. And they have a RF meter chip. It's called an LTC 5582. And you can use this to detect a signal, right? Any kind of RF signal. And if you're only interested in certain frequencies like maybe wireless frequencies or some other frequencies that you suspect some bugs might be working on, when we're talking about video cameras, most of them are going to be wireless. So probably just the standard 2.4 gigahertz frequency would be fine. You can detect them with a very simple circuit. All right. Now they make the raw chips, but they also make this little demonstration circuit. This board is about $100, so it's not free, but it's not terribly expensive. To the right is an example of a band pass filter. Basically you just screw it on to the adapter and it goes between this board and your antenna, right? And your circuit is going to look kind of like this. Oh, by the way, I forgot to warn you guys. There's a guy that's going to have a really good talk after me. So if my talk starts to suck, you know, if you hang around you'll get a good seat for the next guy. He won't suck so much. Just let, you know, little FYI there. All right. So it's a pretty simple circuit. You know, you hook this up to your directional antenna. You hook up some power to the two top leads and you get an output voltage and you also have to hook up the ground and you can just hook up a meter to it. You could use a meter, you could use a beagle bone, whatever you want. Basically you just have to measure the voltage coming off of that and that's another way to go. All right. Okay. So other kinds of surveillance. Let's talk a little bit about physical surveillance. All right. Is somebody following you in your car or tailing you? We're going to talk a little bit about some common vehicles that are used in tailing. Some standard techniques. And we'll talk a little bit about stakeouts. Often those are also done from vehicles. And what are some standard techniques that you might find? And then we'll kind of move on from there and we'll talk about what could you possibly do in order to actively thwart people's attempts to surveil you. All right. So tailing. If you have a non-government adversary, they'll tend to choose vehicles that are going to blend in. You know, a Honda sedan, Toyota sedan, things like that. Probably not a red Ferrari. Now if you're in Texas or some other places, the most common vehicle might be a F-150 pickup truck. So if you're smart and you're trying to follow somebody, you're going to pick a vehicle that kind of blends in. Not something that's super bright, really flashy. Something that everyone that you drive by and they're like, I always wanted one of those. Nothing like that. So nice blend colored vehicles. SUVs pretty popular in certain areas. You might expect to see that. You know, government spies, people, they drive stuff, they get issued. Which, you know, traditionally, what's the stereotype? The black SUV, right? Sometimes there's a little truth to things like that. Of course, you know, Crown Victoria is very popular. But that doesn't mean that you should only look for those kinds of vehicles. You know, depending on how interested people are in you, you know, they'll get all kinds of different vehicles. You know, they'll get women and children, old people, you know, all kinds of people you don't suspect are working for the FBI, but they are, you know. All right. So some general techniques. If you're following somebody, the follow distance is going to vary generally from about two cars behind you, you know, typically it's kind of frowned on to be right behind somebody that you're following because they might notice, to a couple of blocks. All right. And a lot of it depends on things such as, you know, is it just one car? You know, is it the stalker that we saw earlier? Or is it a government? All right. So if it's one car, or even if it's multiple cars, they might extend that range using something called a bumper beeper. All right. Now, there are different kinds of bumper beepers. Simple bumper beepers like literally something that just makes a tone on a certain frequency. Two, it's a GPS tracker. All right. Generally speaking, a tail is considered to be blown if you've had three suspicious impressions. Like if you see, if you're following somebody, not that any of you have ever followed anybody because that would be bad. But if you're following somebody and they look right at you three times or do something similar, like act strangely because they think they're being followed, typically most people say, all right, we're done. All right. So single car tailing. Generally speaking, as I said, you're going to be a little bit closer than with multi car tails. You can't afford to lose somebody if it's just you. You're a little bit more likely to follow traffic laws. You know, running a couple of lights, a little bit suspicious. And again, you might use something like a bumper beeper in order to help extend your range. This picture down in the corner is an example of a bumper beeper. So if you look at that long tube, it's got a couple of magnets on it. And there's some electronics you can cram in there with some good batteries. And you just slap it on someone's car. It doesn't have to be the bumper, but some metal parts and track away. All right. Multi car tailing. Typically, if you got multi car tailing, it's probably not stalker. It's probably somebody else. In most cases, everyone's behind you. Again, most cases, not a hard and fast rule. Sometimes you might have cars on parallel streets, not just all behind you in a big caravan. That's more likely if you're in an urban area. You know, if you're out in the country, they're probably just behind you. Also, you might see cars taking relative positions and having that change. So that you're not always seeing the same car behind you. Now, here's a big giveaway. If you see vehicles that appear to go a different direction, you know, they turn off somewhere and then they magically reappear later, either they're lost or they're following you. All right. So decide if you're paranoid or not. Okay. So how can you combat tailing? The number one thing you can do to combat tailing, look. You know, have a little situational awareness. Look around you. You know, when you're going places, don't just look ahead. Look around. When you're getting in your vehicle, check your car. Look for trackers. Look for vehicles that seem to be behind you for long distances. You know, maybe they're just going the same way. Maybe not. And again, watch for those vehicles that go away and then suddenly come back. That's a little bit suspicious. You know, if you see that happen, I would say that's one impression. You know, you have two more things happen. They're probably done. Other things you can do. Detect electronic devices. I'm sure many of you know what this scene is from. Where Heisenberg finds the GPS tracker on his car. How could you detect these electronic devices? Well, you could use the previously described RF detection system. Typically if you're going to use that, don't use any of those band filters. You know, just detect all of the different ranges that it'll work in. That way you'll detect more stuff. Some really simple ways. If someone has a simplistic bumper beeper, you might be able to detect that just by tuning in your AM radio. I know nobody uses the AM radio in their car. You know, nobody uses the radio in their car, right? It's all Bluetooth connection to your iPad or iPod. Things like that. But anyway, some of these homemade and cheaply available trackers operate on the AM band. So if you scan through that band and you hear this nice strong tone and it's always nice and strong and it's just a tone, guess what? It's probably you. It's probably something on your car. Other things you can do, some active techniques. You can drag a traffic light. You probably know what that means. If you don't know what that means, basically you can try to time it so that you're the last person that gets through a traffic light. And if someone tries to run light or whatever, then you can be suspicious. Take unusual routes. Don't take the normal route that somebody would to go to wherever your destination is. Or switch up your route. Don't take the same route every day. You can also try driving through some residential neighborhoods. You might look a little suspicious. I currently, I just moved and I live in a neighborhood. There's only a couple of entrances and they all let out on the exact same street. So if you follow me through my neighborhood, it looks very suspicious. It's like why would anyone drive in there? Because unless you're going there, there would be no reason to be there. Don't be afraid to take a few alleys or some deserted side streets. Occasionally, you might even just park your car. No reason. Sit on the side for a couple of minutes. If you're real paranoid, get out of your car. Only in a good neighborhood, right? Don't let go to a really rough neighborhood and say, Phil told me to get out of my car. I was afraid someone was following me and guess what? I got mugged. All right? I am not responsible for anything you do from what you hear in my talk. All right. Other things. All right. So that's tailing or mobile surveillance. What about stationary surveillance or a stakeout? Again, a lot of this occurs in a vehicle. Not all this, but sometimes. You might expect the same vehicles to be used as in tailing. Additionally, sometimes people like a little bit more room. So they might have an SUV, commercial van, pickup truck with a nice topper on it, things like that. This picture down in the corner is actually from an article I found online and make your own surveillance van. All right. Now, I got a question for you guys. If you make in your own surveillance van, should you put Tony's pizza on the side of it? What's wrong with that? There's no phone number. Okay. What else is wrong with it? Who delivers pizza in a van and when you deliver pizzas, what do you do? You deliver the pizza and you leave. So if you're going to make your own surveillance van, pick a plumber, electrician, you know, sewage guy, septic guy, you know, something like that. Maybe make it a septic service van, put a bunch of mud and stuff on the side of it. People won't go near it, right? But then again, maybe start looking suspicious. All right. So how can you combat stationary surveillance? Again, the best thing you can do, look. You know, look for people in parked cars. That's not terribly normal, is it? I mean, sometimes people stop for a little bit. Maybe they're waiting for somebody. But if you're sitting in someone's in your car for more than five minutes, yeah, I'm suspicious, especially if you're eating donuts and you're wearing a cop out uniform. But other things to look for. Now this one is a little bit rough. Construction utility workers who appear not to be doing anything. Yeah, sometimes they don't ever look like they're doing anything, you know. You know, it's the old joke. Slow men working. Okay. The slow men are working. Or is it slow because the men are working? All right. So I have to get a grammar Nazi on that one. Okay. So yeah. You know, is there a guy, especially, I know this is a stereotype, but if you got some guy up on a pole, you know, if you know anything about people that do like cable and phone work, they don't like to go up instead on that pole all day long. All right. They go up, they do what they got to do and they come down. So if you got somebody that's just parked up there, you know, he's eating a sandwich. It's probably not a cable guy. All right. And again, even if it's not Tony's Pizza, you get commercial vehicles that seem to be parked for a long time. Another big clue. If there's anyone that has a view of all of your exits, all right, someone that has conveniently placed themselves in a spot where they can see every exit to your house or to your office, that's probably not a coincidence. All right. Some active techniques. Get out your binoculars. Spy back. Why not? All right. Do you think that would be an impression? They'd be like, hey, he's spying back at me. I'm pretty sure that this one is blown. All right. So don't be afraid to do that. Do strange things. You know, run outside. Jump in your car. Run back inside the house. See if anybody suddenly started their car. Seemed to notice. Maybe your neighbors are like, Phil's, that's just Phil. He does that stuff all the time. All right. Drive around the block. See if anybody follows you. It might sound stupid, but you know, just simple things like that. You drive around the block and someone thinks you're going to go somewhere. Maybe they're going to move toward your house. Maybe they're going to follow you. All right. Audio bugging. You can get various kinds of audio bugs. You can go on the Internet, buy these things. I really like this one in the upper right-hand corner. Nice little Apple logo on it. Nobody suspects anything with an Apple logo on it. All right. Just slap it on the back of someone's iPhone or iPod and bug away. You do have some different kinds of bugs. Some of them are radio transmitters. Some of them use GSM phone networks. The GSM phone networks, a little bit harder to detect. Not a lot, but a little bit, also a little bit more expensive to use because you got to set up a phone account and all those things. Some free ways that you can do it. You can get your AMF FM radio. You can use a software defined radio, such as the little TV dongle that I have in this picture connected to a Beagle Bone. You could use an SDR, by the way, if you're going to use the cheap little TV dongle, you should know that they work usually 50 to 50 megahertz to 2 gigahertz. And most bugs that are commercially available are in the 10 megahertz to 8 gigahertz range, so they're not necessarily going to detect all of the bugs. But if you got one laying around anyway, you know, it doesn't cost you anything. Moderately expensive way, you can use that circuit I described earlier with the linear technologies RF power meter, or you can drop 500 bucks for this thing down in the corner. If you got the money and you want to buy a new toy, maybe it's for your office. Yes, Mr. President, we need this. It's 500 bucks, but what's our safety work? All right. So how could you use an AM radio, AMF FM radio? Basically, you have to have an analog radio, you can't have a digital radio. You can go buy these probably at the dollar store. Just scan through the AMFM range. If you hear yourself, if you hear the audio you're generating, be it your voice or the radio or whatever, then it's probably you being retransmitted in a bug. So this is only going to work with some of the simplest bugs, but again, it's worth a shot. All right. Now, what about passive bugs? You know, bugs that aren't always on, you could try to excite them. Basically, you can have some passive bugs that get irradiated with certain radio frequencies and that powers them up and they send out signals. All right. Now, you don't have to be exactly on the right frequency for this to work. If you just blast a lot of power at these devices, they will probably generate some sort of signal that you can detect. You know, I remember many years ago I had a friend who was really into CB radios and he also liked to buy illegal amplifiers. So this guy had a thousand watt amp that he bought from some guy hooked up to his CB and he was in the parking lot. We dropped off one of our buddies. He was in the store and he was talking on his CB and guess what was coming over the intercom in the store? It was this guy and he was way off the frequency but the signal was so powerful it was bleeding over. All right. It's kind of a similar thing with exciting these RF bugs where, you know, if you're close to the frequency and you shoot them with enough power, you can probably get them to at least turn on and generate some sort of signal that you can then detect. All right. So what are you going to use? You know, again, the freeway, you probably have an alpha card and a nice directional antenna. Just crank that sucker up. All right. By the way, if you don't know this with those alpha cards, you have to tell it that it's visiting another country. If you want to crank up the power, Bulgaria is nice, by the way. I've never been there. I'm not going to say that my alpha card has been there. It might have been there. I'm not going to commit. Anyway, FCC doesn't like it. No, it's never been there. Scratch that. Mine's never been there. But you can change that and give it a little bit of a signal boost. Other things. There have been some other folks that have talked about these. Some of you might notice these pictures as some of the NSA bugs. Jacob Appelbaum described some of these bugs recently over in Germany. And these bugs can be installed when shipments are intercepted. You buy something from Amazon and it comes with your NSA bugs. But service professionals, your own IT people, people just don't like you. So if you're going to piss somebody off, make sure they have no skills. All right? All right. How do you detect these bugs? Again, the free way, look. If you know what these bugs look like, look for them. If you didn't know what they looked like and you opened up your computer, you probably wouldn't find them. Some of these are pretty clever and they just look like regular stuff. Some of them are attached to debugging ports that Dell made of conveniently left there just for that purpose. I mean for their own internal debugging. Other things you can do, you can look, you might have some drop boxes. I've talked about drop boxes before, a little bit last year at DEF CON. And some of those drop boxes are pretty easily hidden and stuff on your desk. And I'll show you some examples. So really you need to check every device, especially those that are connected to your network or USB. USB is great if you want to hack somebody. I love USB. So here are a couple of hiding places. I stole these from my book so I guess it's okay to steal pictures out of your own book. But in the upper left, it's an access panel in the floor, in a classroom. So I got power, I got networking, and I got enough space to drop a little drop box in there. The lower left is one of my favorites, a Dalek desktop defender from ThinkGeek. Anyone heard of these before? Maybe some of you have them. The nice little toys, you put them on your desk, people come by, they yell at you. It's USB powered, which is awesome. Because I can put a drop box in there, USB power it. I got power forever. I got a hand sanitizer dispenser, it's not completely full, space on the top, again, drop box. And a little TARDIS talking TARDIS toy. And you can see in there I got an alpha adapter and a little beagle bone. So plenty of space for a drop box. So look. Again, look, pictures of NSA stuff have been released. In an expensive way, you can also look for current leaks. Unless a bug is battery powered, it needs some power from you. So it's going to leech some power somehow. Turned off devices, kind of like my video camera app, shouldn't be consuming resources, clean power. So one way that you can detect this is you can use a modified universal laptop power supply. And what you do is you modify it so that you can read out some current that's flowing. And if you have a laptop or a phone and you can remove the battery, just pull the battery, turn it off, and then hook it up. If there's current flowing, something's wrong. Now sometimes there might be a little bit of current, like your laptop, to run some LEDs and things like that. But if there's much current at all, it could be something to investigate. Now if you've got a tablet or you can't remove the battery, it's a little bit harder. You want to fully charge it and then see if there's much current that's flowing when it's turned off. If you have a bad charging circuit, you might have some current flowing. So you have to be careful with this method. If you have another device and you can measure its current flow to get kind of a baseline, it would be the best. So here's the basic idea. You have your laptop adapter, which has a series of plugs and you hack a little cable and you break one of the lines so that you can put an ammeter on it and you can detect how much current is flowing. It looks kind of like this. In the upper left hand corner is my little adapted wire. Basically I had an extension cord for this size burial connector. I just hacked the ends off of it and I soldered it up on a nice little proto board and you can plug it in line to this laptop adapter I got for $13 on Amazon, something like that. All right. And then get the right adapter tip, set the voltage, connect it to your device, measure the current. Desktop computers, same idea. I recommend physical inspection though because it's a little easier. Sometimes the power supplies will leak a little bit of current so if you see just a little current flowing, don't be suspicious. Well, always be suspicious. But other things about desktop bugs, they might only work when the desktop is on so you have to be aware of that. This method might not detect everything. Some passive bugs, same thing. Excited, just like the audio bugs we talked about. Blast it with some power. Use the same kind of techniques in order to try and detect it. Now you're not going to detect everything, you know, like the NSA bugs, probably not. But again, you know, we're talking what can you do for cheap to free. So in summary, I would say choose your level paranoia. You know, even if you're not paranoid though, you can still detect a lot of these spine attempts at no cost or a little cost. And if you're truly paranoid but you're not rich, you can still test some of these things without financial ruin. A couple of references. A little bit more about the Beaglebone stuff you can find in my book. And here's a reference to Jake Applebaum's NSA talk that he gave. And if you have questions, you can talk to me later. Again, don't leave though, because the next guy is really good. He doesn't suck so much. All right? P-Polstra on Twitter or you can go to one of my websites and, you know, again, for the Beaglebone stuff, there's more from my book, websites and all that. So thanks.