A mid-sized U.S. technology company scheduled a due diligence TSCM inspection prior to a confidential strategic planning meeting involving senior leadership and outside legal counsel.
There was no specific allegation of surveillance. The sweep was ordered as a preventative measure after the company experienced unexplained leaks of internal strategy discussions over several months.
- The inspection focused on:
- Executive offices
- A primary boardroom
- Adjacent IT and facilities spaces
Initial Risk Indicators
Before the inspection:
- Confidential planning details were appearing in competitor behavior
- Information was leaking that only existed verbally
- No email or network breach had been identified
- Internal access logs showed nothing abnormal
This strongly suggested environmental compromise, not cyber intrusion.
Inspection Findings
During the physical and technical inspection of the boardroom, examiners identified a modified consumer device concealed inside a wall-mounted power adapter behind a conference room credenza.
Key characteristics:
- The device contained a covert camera and microphone
- It was hardwired to power (not battery operated)
- It recorded locally and transmitted intermittently over Wi-Fi
- The device did not transmit continuously, making it invisible to casual scans
- The camera field of view covered the entire conference table
This device would not have been detected by phone apps or basic RF detectors.
How the Device Avoided Detection
The device remained undetected because:
- It did not transmit constantly
- It blended into existing electrical infrastructure
- It appeared visually identical to standard office hardware
- IT security scans showed no persistent network anomaly
- Facilities staff had no reason to inspect it
The device exploited the assumption that “if IT is secure, the room is secure.”
That assumption was wrong.
Source of the Device
Further investigation determined:
- The device was installed during a previous office renovation
- The installer was a third-party contractor
- No background checks or post-renovation inspections were conducted
- The device had likely been active for over a year
There was no evidence of foreign intelligence involvement. This was a corporate espionage and competitive intelligence issue, not a spy movie scenario.
Impact and Outcome
Immediate actions taken:
- The room was taken out of service
- Legal counsel was notified
- Executive meeting locations were rotated
- Additional spaces were inspected
- Security policies were updated
Long-term changes:
- Regular TSCM inspections were added to governance procedures
- Post-renovation sweeps became mandatory
- Executive meeting protocols were revised
- Facilities and security teams were cross-trained
The company did not pursue public disclosure, which is common in these cases.
Why This Case Matters
This case highlights several realities businesses often miss:
- Surveillance devices are often simple, not sophisticated
- The threat frequently comes from access, not hacking
- Renovations and contractors are high-risk windows
- Most compromises are discovered accidentally or late
- TSCM is a due diligence function, not a reactionary one
No one suspected a hidden camera. That’s exactly why it worked.
Key Takeaway for Businesses
The question is rarely:
“Is someone spying on us?”
The real question is:
“Would we know if they were?”
