Continue to Site

Welcome to EDAboard.com

Welcome to our site! EDAboard.com is an international Electronics Discussion Forum focused on EDA software, circuits, schematics, books, theory, papers, asic, pld, 8051, DSP, Network, RF, Analog Design, PCB, Service Manuals... and a whole lot more! To participate you need to register. Registration is free. Click here to register now.

Register Log in

Wiretapping detection and defeater question(s)

Status
Not open for further replies.
N

Nina

Junior Member level 1
Joined
Aug 7, 2005
Messages
17
Helped
0
Reputation
0
Reaction score
0
Trophy points
1,281
Activity points
1,556
After working almost 30 years at telecommunications, this field interests me very much, so, I need some documentation and ... maybe schematics for a wiretap detector and defeater. Not RF. RF detection is not the problem, I have a very sensitive device. There are 2 problems to find and defeat wiretapping:
The main problem is finding a device "downstream", from the house to the exchange. Even having a lot of experience, I don't know any method except a reflectometer, no matter if it is a parallel or series device.
1. Does anyone know another method?
2. Does anyone know how to detect a series device (not just using a voltmeter at
the end side and mesuring less than 48V... I need a device without external
power, line operated )
3. I'd like to find schematics of a wiretap defeater, (I know that I may place a
ultrasonic generator over the line, I need other ideas....)
Here are 2 links for what I'm looking for, maybe anyone has any schematis or may gibe me any direction of ideas....
https://www.pimall.com/nais/protelan.html
**broken link removed** (Tap Buster Plus)

I'll be very thankful for any help :)
TIA
 

These devices only thwart very crude hobby level taps.

Here is an idea for a tap that these will not detect.

Power the device by another line. This defeats any of the DC line parameter detection schemes.

Use a hall effect current detector to determine off hook conditions. Do not record or transmit the audio when on hook.

Use a passive low pass filter on the tap electronics to remove out of voice band signals that would overload the recording device.

Use low capacitance coupling and very high input impedance amplifiers. Unless the line capacitance is measured on a periodic basis, this will not be detected.
 

Thank you for responding flatulent,
I know several devices you've mentioned, and I know that even with a TDR cannot be detected... :)
I even have a device that uses only 1(!!!) leg (1 wire), and cannot be detected.
What I am interested are those "hobby devices" regular wiretaps (series and parallel transmitters or "current - voltage drop" activated devices...

I'll be very thankful for any schematics of simple led devices that for example change color if there is a minor change on the line's 48V or senses such a device and defeats it.

TIA :)
Nina
 

Try some of these ideas

1. For devices that draw power from the line, measure the open circuit voltage and short circuit current to high precision (16 bit converter). These values should vary a little with time, but should take a step when the tap is insalled. This will only work if you start before the tap is installed.

2. The tap probably has some form of protection against the ringing signal. This is a nonlinear network across the line which should change the harmonic content of the ringing signal. Use the 16 bit ADC to measure the ringing signal and do a FFT on it.

3. If you have the cooperation of the central office, measure the current-voltage characteristics of the line with nothing connected at the line at your end and with a short across the line at your end. You should get a nonlinear curve caused by the tap starting to draw power above an open circuit voltage or short circuit current.

4. The above idea could be modified by doing the measurements from you end with both polarities of voltage applied.
 

Thanx very much for replying !!!
For devices that draw power from the line, measure the open circuit voltage and short circuit current to high precision (16 bit converter).
Click to expand...
1. The "16 bit converter is not so clear to me. Does a "Fluke 97 multimeter" do the job too?
2. The tap probably has some form of protection against the ringing signal. This is a nonlinear network across the line which should change the harmonic content of the ringing signal. Use the 16 bit ADC to measure the ringing signal and do a FFT on it.
Click to expand...
2. Most of serial bugs do not use ringing protection (even the "pro" ones), the "automatic recording devices" parallel or serial neither. They both uses diode bridges, the parallel using 2 x 2.2M resistors, the serial without resistors (of course). Even the "infinity transmitter" (parallel) has not any protection.
Can you explain me please what's a FFT ?

If you have the cooperation of the central office....
Click to expand...
Making tests from the central office is the only way I know to find almost any bug, using a "Megger", a "wien bridge" or making a "Varley" or "Murray" measurement. Even a dB meter can be used, comparing 2 lines about loss. The best is of course a TDR...

I know the theory, I've practiced a lot with all this gear and I have all those instruments.
The point is that I'm interested to build a simple device that may sense a bug from the house, something like "Go no Go -2 leds, red - tapped - green - clear.
The more important is the defeater circuit. I had such a device, that defeated most of the simple serial and parallel devices, but lost it about 10 years ago.
I'll appreciate any help :)
TIA
 

Well, after trying to find at sollution at many places, I've still remained confused :(
The sollution flatulent gave me is very good, (if I'm understing it right...) but i'm looking for a more "practical" one, for example a comparator (maybe a Schmitt trigger comparator) that may sense a minor drop on the 48V line's voltage, or senses a current change (after mesuring the line end with a short, as flatulent suggested).
I need help designing such a comparator, and be very thankful if anyone may help :)

Tia,
Regards,
Nina
 

Nina said:
Well, after trying to find at sollution at many places, I've still remained confused :(
The sollution flatulent gave me is very good, (if I'm understing it right...) but i'm looking for a more "practical" one, for example a comparator (maybe a Schmitt trigger comparator) that may sense a minor drop on the 48V line's voltage, or senses a current change (after mesuring the line end with a short, as flatulent suggested).
I need help designing such a comparator, and be very thankful if anyone may help :)

Tia,
Regards,
Nina
Click to expand...

You want same as political guy, easy solution on complex problem...

ie.

You want a simple solution to detection complex measure problem in many dimensions.


Also using RS485 circurit and TTL-puls generator to make short pulses (to make TDR-like measure) and floating ground analog oscillocope (or very high resolution and fast digital oscilloscope) to displays, still needs brain and expirences to interpret curve on oscilloscope and use attenuate (gain) and time for find out intrested points and select out know impedance discontinue from connections (RJ 45 connector is easy to detect here), cross coupling board etc. from unwanted suspect discontinue from wire tap or unwanted junction.

if parallell tap using low capacitance (lose coupling) and high resistance very close to wire (no long wire before high resistance) , is impossible to detect with TDR-methode or other methode using reflection on line (S11).
 

You want a simple solution to detection complex measure problem in many dimensions.
Click to expand...
Take a look at the links I've attached. I really don't expect the devices mentioned to do a TDR's job. I'm working as manager of my national telecomm electronics lab and I have also a lab of my own, as electronics was an is one of my hobbies.
I really know how to work, to find any faults on cables, including optical - with TDRS and OTDRS, (my main job is to "fix" broken or faulty devices...). It's really no problem for me to find any line "fault" and know how to interpret what I have on the LCD or CRT. I even own 2 TDRs, an analog one and a digital one.
if parallell tap using low capacitance (lose coupling) and high resistance very close to wire (no long wire before high resistance) , is impossible to detect with TDR-methode or other methode using reflection on line (S11).
Click to expand...
Yes, unfotunately you are perfectly right !!! :( We are using Wheatstone bridge for that sometimes, Varley and/ or Murray measurements too, and sometimes we use dBmeters for findinf such "faults" ... it depends on many factors....
I don't intend to find any "bugs" on lines !!! I'm not a commercial business, and really hate to do any job in electronics (private !!! ) for money.

Surveillance and anti surveillance passionate me very much, and all I want is to know the principle behind the devices I've mentioned on my links, and even want to try to build such a device, again not for selling, just for my interest. I really wish to test such a device, and I could buy one or two, do "reverse engineering" and "copy" the device.... but spending 200 -300$ or more and finding it's a "bluff" is to expensive to me... I'm not even sure I can get them thru the costom...
So, if you have any ideas how those devices work, detecting and defeating bugs, even primitive, I'll be very thankful.
Sorry about my English, it's not my native language...

TIA for help :)
Nina
 

Nina said:
Well, after trying to find at sollution at many places, I've still remained confused :(
The sollution flatulent gave me is very good, (if I'm understing it right...) but i'm looking for a more "practical" one, for example a comparator (maybe a Schmitt trigger comparator) that may sense a minor drop on the 48V line's voltage, or senses a current change (after mesuring the line end with a short, as flatulent suggested).
I need help designing such a comparator, and be very thankful if anyone may help :)

Tia,
Regards,
Nina
Click to expand...

You want same as political guy, easy solution on complex problem...

ie.

You want a simple solution to detection complex measure problem in many dimensions.


Using RS485 circurit as driver and TTL-puls generator or functionsgenerator to make 0.1 -0.01 us short pulses 100 time sec (to make TDR-like measure) and floating ground analog oscillocope (or very high resolution and fast digital oscilloscope) to displays, still needs brain and expirences to interpret curve on oscilloscope and use attenuate (gain) and time for find out intrested points and select out know impedance discontinue from know connections (RJ 45 connector is easy to detect here), cross coupling board etc. from unwanted suspect discontinue from wire tap or unwanted junction.

But, if tap mounting near know big impedance discontinue point like cross coupling board etc. seems hidden from TDR-measure (simular small submarine close to oil-tanker) and needs visual controll on every impedance discontiune point - you cannot measure on electrical way to find if discontinue is by nature of connectors or have extra small load of 2.2 MOhm from wire tap...

is also possible to listen on unused line in same cable, ie listen on capacitive leaking from intresting line, special if cable is not use twisted pairs.
 

But, if tap mounting near know big impedance discontinue point like cross coupling board etc. seems hidden from TDR-measure (simular small submarine close to oil-tanker) and needs visual controll on every impedance discontiune point - you cannot measure on electrical way to find if discontinue is by nature of connectors or have extra small load of 2.2 MOhm from wire tap...
Click to expand...

Yes, of course you are right !!! And the submarine example is very nice, expaining exactly some of the problems.
This is the reason my staff - if suspects there is a fault on a cable near a telephone, not a tap, as we are not looking for those devices - always disconnect the far end (the phone, fax or whatever) and do tests from both sides of line, including bridge, varley etc.

is also possible to listen on unused line in same cable, ie listen on capacitive leaking from intresting line, special if cable is not use twisted pairs.
Click to expand...

Right again, we have very sensitive dB meters, again doing tests from both sides of the line. We can determine in such a way Loss and capacitance or inductance faults.

But, this still does not even gives me the clue how a device can detect a bug in the way they described, and more of that - to defeat it !!!

If you may think about any way, I'll be very glad to hear (see :) )
Regards,
 

Nina said:
Yes, of course you are right !!! And the submarine example is very nice, expaining exactly some of the problems.
This is the reason my staff - if suspects there is a fault on a cable near a telephone, not a tap, as we are not looking for those devices - always disconnect the far end (the phone, fax or whatever) and do tests from both sides of line, including bridge, varley etc.



But, this still does not even gives me the clue how a device can detect a bug in the way they described, and more of that - to defeat it !!!

If you may think about any way, I'll be very glad to hear (see :) )
Regards,
Click to expand...


hmm.

is possibly using oveload action as high frequency or high pass filtred very strong noise (needs lowpass filter on phone in both end), but need know how this tap are constructed and find out weakness on most common used models of tap.



if you can measure from both end - short other end, rising voltage slowly and measure current to detect non linjarity at diod-bridge from serial tap.

also using TDR-measure with normal line-current and none line current and see difference between measure (diod-brigdge give high impedance with no current) - but good constructed serial tap can using capacitance to bypass high frequency TDR-pulses....

Can also try using two-tone measure (ex. 1000 and 1500 Hz or possibly DTMF) and listing of intermodulation (best listing on other ends) from non linjarity component (diode....) human ear hear weak IM as disharmonic of two tones very well and if disharmonic exist and vary on adjustable line current (0-100 mA and more), you have non linjarity component on wire.

- Or burn out with very high current pulses simular stroke of ligthing (shorted other ends) with risk to break connection (inside serial tap) - but now easy to find with TDR-equipment after this... - but this moment give alway risk for starting fire on unwanted place under process of High-current 'cleaning'... ;-)

use 'megger' do overload and burn paralell-tap with very high voltage - but also possibly to break down insulation on weak spots on phone line or high voltage protector on wire take down voltage....


---

ie. not easy to defeat wire-tap/bugg.


Use voice scrambler (possible passing on computers soundcard ???) or
encrypted Voip-communication (like skype-phone, but using crypted datastream)
for sensitive phone speak.


---

[added couple of days later]


high speed modem-communication (28800 baud and higher) is near impossible to restruct from paralell-tap (voltage tap) or line tap (current tap) separatly, You need both value syncronized and know phase to restruct this (read telephone hybrid (bridge) of very good quality and indivudal tuning to actal line impedance, and more advanced than 99.999% percent of amature-spy can make it) - in first step

next step needs know how modems equlizer and calibrate paramterer to decode modem-modulation - even if listen on calibrate sequence in start, you cannot use this from tap-point view - calibrate parameters describe whole system responce between A-B point, wire tap in middle, seeing totaly different transmissions responce and cannot using calibration parameters directly listen from modem communictation....


if computer in both ends of modems, using compression ala GSM, mp3-code or simular from soundcard (using headset) and using DES-crypto or simular (for fast response) , you need more or less high tech military resources and knowhow to decode this talking, tapped from line...
Click to expand...
 

    N

    Nina

    Points: 2
    Helpful Answer Positive Rating
Status
Not open for further replies.

Similar threads

Part and Inventory Search

Welcome to EDABoard.com

Sponsor

Back
Top