Technical Analysis of the UN Bugging Device

19 December 2004. James Atkinson, a technical surveillance countermeasures (TSCM) professional writes:

There are three specific sections to this UN bugging device.
The first is the "upper" section where line/AC power is supplied to the eavesdropping device, which we will call the "Power Section".
This "Power Section" includes a relatively large shielded, metallic box with a lid that is attached with screws. Inside this box we can clearly see the actual power supply module surrounded by voltage regulators, varistors, diodes, and other components which indicates that this draws power from the AC line (the heavy black wire), and supplies power to the second box just below it. The silk screen markings on the voltage regulator and the markings on the power module indicate that this unit was likely made in France within the past two years. However, several of the components in the power supply are also of Chinese origin, and at east two components of U.S.-origin via Harvey Point.
The next element is a large bank of batteries of either Nickle or Lithium Chemistry, and are likely trickle-charged via a separate power control module. A chemical analysis of the gases being emitted by these cells will reveal the exact chemistry, and will reveal how long the batteries have been in operation.
This second box in the power section appears to be a power control module that take voltages supplied by the actual power supply module, and charges the battery bank on an as-needed basis. Given that there is a control relay in the power supply it is likely that the power control module has the ability to physically disconnect the load created by power supply from the power line to make detection difficult. It is unlikely that the actual eavesdropping device is powered directly from the power line, but is instead powered from the battery bank, and the battery bank is in turn recharged from the power supply which obtains power from a direct connection to the AC mains.
In the "middle" section of this device appear to be two audio microphones installed into acoustic cavities, which in turn likely have a pinhole opening under the microphone into the area being eavesdropped on. This "middle" section also provides a considerable distance between the power section and the RF/audio section. The wiring for the microphones appears to be routed into the RF/audio section of the device, but there does not appear to be a direct connection between these microphones and the power section.
The lower section of this bugging device appears to be a RF, control, and audio section. This section would process and compress the audio, and store it into a memory module where it could be transmitted at an extremely high rate in a burst or packet transmission. In fact there appears to be an RF filter installed between the audio processing and control portions of this circuit which would tend to indicate that there is a flaw in the control section, or that the circuit is designed to have a strong disconnect between the control and RF circuits. The presence of this kind of filtering between the two elements tends to indicate that a moderately low frequency PIC or microprocessor circuit is likely used for the control circuit, which also confirms that this is likely a controller for a store-and-forward or burst transmitter.
Further, these filters between the two components indicate that the controller may completely shut down the RF transmitter portion of the device unless a burst was being made. This would be in line with the power control module where the device could run in a stealth mode and disconnect the transmitter section and the connections to the power line for extended periods. Then, just prior to a burst transmission the power amplifiers of this eavesdropping device would be activated (which would significantly reduce the battery levels), the transmission would be made, the power amplifier turned off, and the batteries recharged. There is likely a remote control element of this circuit so that the collected audio can be downloaded on command. The device was likely operational to no more than 100 feet or so, and it is likely that the listening post was within the same building and quite probably no more that 3-4 rooms or floors away.
The method of concealment, and the efforts that went into the stealth features of this device indicate that the device was targeted against a meeting where the eavesdropper know the area would be subjected to TSCM/bug-sweep activities, but that those people performing the bug sweep in the area would be assumed to be both poorly skilled, and poorly equipped.
A device such as this can be detected by a time domain reflectometry examination of the power lines provided that the proper impedance match is used. It doesn't matter that the power supply contained a relay to provide a physical disconnect as a TDR will see both the pigtail, AND the incoming side of the disconnect relay.
This kind of device can also be found by non-linear junction detection, but only by the use of a broadband swept NLJD. The eavesdropper likely knew the make and model of the NLJD the U.N. sweep teams was using, and knew that the U.N. team lacked the equipment to check outside of a very narrow band of frequencies (usually 850 to 1200 MHz).
A spectrum analyzer in the hands of a skilled engineer would have also detected this device during any TSCM inspection, even if the device was not transmitting at the time as the VLF signals from the oscillator on the control board would have been immediately and easily detected.
X-Ray examination of the concealment area also would have detected this device, but thermal imaging equipment would have been of only minimal value unless the device was connected to the power lines and/or transmitting for extended periods.
As this eavesdropping device was built into the structure of the room itself I would initially suspect that the host government, or the government behind the construction of the room is behind the bugging. Secondary to that I would consider that persons working for the U.N. itself is behind the bugging, and that this person is acting as a spy on behalf of a foreign intelligence angency. I would first suspect France, then the United States or British Government.

News reports of the bug discovery:

UN Bugged at Geneva HQ, December 16, 2004
Video of UN Bug at Geneva HQ, December 16, 2004

19 December 2004

Questions on the UN bugging device: are the four strips of white tape covering identifying data on the original device, or were they added by the UN or other parties to lend verisimilitude to phony plants? Are there public photos without the concealing tape? Has the hidden data been published? Answers to: jya@pipeline.com

Some have suggested the UN bugged itself and forgot to inform successor administrations. Or it was done by the French designers and builders of the Salon Francais. Or that it, like the klutzy Irish and Cuban bugs below, was clumsily installed to be found without too much effort in order to divert attention from more intricately concealed devices.

Dummy and diversionary devices are standard in the surveillance and countersurveillance fields, along with orchestrated discovery and exposes of them. The same disinformative methods are used to expose seemingly covert spies, if expendable, to hide others more valuable.

Discovering bugs in high offices and leaking names of spies, with official and media hootenanies of indignation and sham investigation, are customary operations of the spook (and media) world needing a bit of attention to cloak more egregious failures.

This undated photo released by the United Nations, shows the sophisticated bugging device, which has been found in the Salon Francais, in the Palais des Nations, United Nations European headquarters, in Geneva, Switzerland. The United Nations said on Thursday, Dec.16, 2004 that a secret listening device had been found in a posh meeting room of its European headquarters in Geneva. The room was used by ministers from major powers last year during private talks on Iraq following the U.S. invasion and occupation. Marie Heuze, chief U.N. spokeswoman in Geneva, confirmed the report by French-language Swiss Television which said the bugging device had been uncovered in recent months in the Salon Francais of the Palais des Nations, formerly the League of Nations. (AP Photo/Keystone/Swiss TV/TSR)
[Image]
In this undated photo released by the UN, the sophisticated bugging device is shown, which has been found in the Salon Francais, in the Palais des Nations, United Nations European headquarters, in Geneva, Switzerland. The device was in a room adjoining a main conference hall, where it could have been used to eavesdrop on any private conversations, the global body said Friday, Dec. 17, 2004. (AP Photo/Keystone/Swiss TV/TSR) ** BEST QUALITY AVAILABLE ** NO SALES** TV SCREENSHOT **

[Image]
** FILE ** In this undated photo released by the UN the Salon Francais is shown, where a sophisticated bugging device had been uncovered, in the Palais des Nations, United Nations European headquarters, in Geneva, Switzerland. The device could have been used to eavesdrop on any private conversations, the global body said Friday, Dec. 17, 2004. (AP Photo/KEYSTONE/UN) ** B&W IMAGE** **NO SALES**
[Image]
Cuban dissident, Oswaldo Paya, holds a tapping device found in his home telephone, Monday, Dec. 13, 2004 in Havana, Cuba. Paya denounced, to the media, that the Cuban Secret Service bugged his telephone. (AP Photo/Cristobal Herrera)

[Image]
Sinn Fein President Gerry Adams, left, and party colleague Mitchel McLaughlin show the bugging device found at the partys office in Belfast, Northern Ireland, Tuesday, Sept. 14, 2004. The bug, disguised as a floor joist and discovered during renovation work, was hidden under the floor of a first floor office with microphones pointing up into the office and down into a conference room below, said Sinn Fein. (AP Photo/Peter Morrison)
[Image]
Sinn Fein President Gerry Adams holds up an electronic tracking and listening device that was found in a car used by Sinn Fein leaders during a press conference at Stormont, Belfast, Northern Ireland Wednesday, Dec. 8, 1999. Adams suspected people in the British military establishment were responsible for the device. An agreement brokered last month by U.S. diplomat George Mitchell has already put two Sinn Fein politicians into Northern Ireland's new power-sharing government, including former IRA commander Martin McGuinness. In return, the IRA is supposed to begin disarming, preferably in January. But Sinn Fein is now protesting that the British have been caught cheating on the gentleman's terms of those negotiations - and hinting that this might justify IRA stalling. (AP Photo/Peter Morrison)

This undated photo released by the United Nations, shows the sophisticated bugging device, which has been found in the Salon Francais, in the Palais des Nations, United Nations European headquarters, in Geneva, Switzerland. The United Nations said on Thursday, Dec.16, 2004 that a secret listening device had been found in a posh meeting room of its European headquarters in Geneva. The room was used by ministers from major powers last year during private talks on Iraq following the U.S. invasion and occupation. Marie Heuze, chief U.N. spokeswoman in Geneva, confirmed the report by French-language Swiss Television which said the bugging device had been uncovered in recent months in the Salon Francais of the Palais des Nations, formerly the League of Nations. (AP Photo/Keystone/Swiss TV/TSR)	In this undated photo released by the UN, the sophisticated bugging device is shown, which has been found in the Salon Francais, in the Palais des Nations, United Nations European headquarters, in Geneva, Switzerland. The device was in a room adjoining a main conference hall, where it could have been used to eavesdrop on any private conversations, the global body said Friday, Dec. 17, 2004. (AP Photo/Keystone/Swiss TV/TSR) BEST QUALITY AVAILABLE NO SALES TV SCREENSHOT
FILE In this undated photo released by the UN the Salon Francais is shown, where a sophisticated bugging device had been uncovered, in the Palais des Nations, United Nations European headquarters, in Geneva, Switzerland. The device could have been used to eavesdrop on any private conversations, the global body said Friday, Dec. 17, 2004. (AP Photo/KEYSTONE/UN) B&W IMAGE NO SALES	Cuban dissident, Oswaldo Paya, holds a tapping device found in his home telephone, Monday, Dec. 13, 2004 in Havana, Cuba. Paya denounced, to the media, that the Cuban Secret Service bugged his telephone. (AP Photo/Cristobal Herrera)
Sinn Fein President Gerry Adams, left, and party colleague Mitchel McLaughlin show the bugging device found at the partys office in Belfast, Northern Ireland, Tuesday, Sept. 14, 2004. The bug, disguised as a floor joist and discovered during renovation work, was hidden under the floor of a first floor office with microphones pointing up into the office and down into a conference room below, said Sinn Fein. (AP Photo/Peter Morrison)	Sinn Fein President Gerry Adams holds up an electronic tracking and listening device that was found in a car used by Sinn Fein leaders during a press conference at Stormont, Belfast, Northern Ireland Wednesday, Dec. 8, 1999. Adams suspected people in the British military establishment were responsible for the device. An agreement brokered last month by U.S. diplomat George Mitchell has already put two Sinn Fein politicians into Northern Ireland's new power-sharing government, including former IRA commander Martin McGuinness. In return, the IRA is supposed to begin disarming, preferably in January. But Sinn Fein is now protesting that the British have been caught cheating on the gentleman's terms of those negotiations - and hinting that this might justify IRA stalling. (AP Photo/Peter Morrison)