Bulletin Board # 64

Some of the following is a repeat of posted articles relating to each other.

Tim

From Tom Jones of REI
OSCOR 5000 and 2.4 GHz video

The following was taken from some of my previous E-mails to other clients:
Whenever there is a video transmitted signal that is NTSC format but uses FM modulation (instead of the normal AM modulation) there is difficulty in getting a good picture. The method to viewing the image is below:

  1. First, you must have a good strong signal.
  2. Tune to the side of the signal (not the peak).
  3. Attempt to lock on the video signal by adjusting the the tuning (using the rotary knob) along either side of the signal. I suggest a very narrow frequency window in the Analyze mode. You may have to play with this and you may tune all the way off of the signal to actually acquire the video image.
You are actually attempting to capture an Amplitude Modulated component of the FM modulated signal. If the FM modulated signal is exceptionally clean, you may not be able to intercept this AM content and actually get the picture. This AM component may be strong or weak depending on the quality of the video transmitter. However, most FM video transmitters are not the purest signals, and therefore, you can usually get enough AM video information to get the signal.

It is important to note that signals above 1 GHz are highly directional. If you are standing between the Discone antenna and the Video transmitter, you may be able to see the video signal but will probabily not be able to pick up the video image.

It is also important to note that even if you cannot view the video image because of variations in modulation methodology, you can still listen to the vibrating audio sound of the video signal. You can use this to identify the signal as a video signal. I have included a portion of an E-mail that I sent to Glenn Whidden on this issue.

Here are comments on the 2.4 GHz transmitters and the OSCOR from REI:

  1. The OSCOR uses a Discone omni-directional antenna up to
  2. GHz. If there is a 2.4 GHz transmitter using a high gain directional antenna and the antenna is pointing away from the OSCOR, the signal that the OSCOR receives will be very weak because of directivity in the 2.4GHz transmitter antenna. This will create difficulty not only for the OSCOR, but any Spectrum analyzer or receiver that may be used for countersurveillance. I personally believe that anyone with a concern about 2.4 GHz transmitters should move the OSCOR to different locations in a room (and out side of the room) and manually inspect the 1.5 to 3.0 GHz frequency range to look for any suspicious signals.
  3. Deleted at the request of REI
  4. OSCOR demodulation of 2.4 GHz signals: The OSCOR video demodulation capability was designed prior to the massive influx of 2.4 GHz video and as such, the OSCOR demodulates standard NTSC, PAL, and SECAM video formats. Standard NTSC uses AM video modulation, but most of the 2.4 GHz video signal are using FM modluation. When you detect a signal at 2.4 GHz, if the signal is video and the signal is strong enough, you can usually demodulate the video signal by tuning to the slope of the signal and slope detecting the AM content of the video signal. Some people have commented that the OSCOR bandwidth is a problem with the modulation. This is not the case; the video demodulator receives a very wideband signal at the 70MHz IF prior to the standard 250KHz IF bandwidth in the receiver chain. The only problems that are affecting the 2.4 GHz transmitter detection performance are the gain issues associated with using high frequency directional antennas and demodulation of an FM signal using AM slope detection. Many people have claimed that because the OSCOR currently does not readily demodulate the FM video signal that the OSCOR does not detect the 2.4 GHz video transmitter. It is important to note that failure to demodulate clearly and in color does not mean failure to detect the signal.
  5. Our production manager Kenny Pecor recently came up with an excellent method of locating video signals that are not easily demodulated. This method assumes that you have detected the signal and can "hear" the video synch pulse, but you are having difficulty demodulating the video image. Here is the approach: Tune to the signal and select the demodualtion method that provides the best audio of the video synch pulse. (You should clearly hear a vibrating sound). Turn off the lights in the Room on concern. Take flash light with a focused beam and scan the room with the flashlight. When the flashlight shines directly on the camera, you should hear a distinctive change in the sound of the video signal. This change is sound is due to the camera changing from viewing a dark room to an intense light. The method seems to work very well especially for very weak video signals.
  6. Everyone is looking for a magic black box that all you have to do is open it and press one button and magically the box tells you where to find all bugs. Some people don't seem to realize that this magic black box does not exist. In our game of surveillance versus countersurveillance (or as some people like to say "spy vs spy"), the battle is never ending. As soon as we develop a good countersurveillance product, someone will develop a surveillance technique that proves to be a challenge. Since the inception of the OSCOR, REI has strived to continuously upgrade and evolve the unit to meet the new challenges. We do not always announce our new product improvements with a great deal of advance because of business and patent reasons. However, REI is currently working on improved methods to detect and demodulate 2.4 GHz signals. We are also already working on designs to meet the threat of the 5.8 GHz video surveillance threat that is starting to appear, and we will development the capability to significantly increase the professional sweep persons detectable frequency range. These new developments will take some time to complete because all engineers are heavily involved in the final development of our Non-Linear Junction Detector. We have always worked dilligently to respond to customer suggested improvements when it was feasible, and we are continuing to do so. Nonetheless, some people have adopted the attitude that if they own an OSCOR, they are absolved from any responsibility of doing the job of a professional sweep. For a professional in this field of countersurveillance, it is imperative that the professional sweep person stay on top of all of the latest surveillance developments and to know their equipment capabilities and limitations. Furthermore, a sweep without a physical inspection is not a complete sweep. It may be that REI automated so many functions that people feel they no longer have to conduct a responsible sweep. REI may be an equipment developer and manufacturer, but we certainly cannot replace the brain, eyes, ears, and hands as the best sweep equipment that God gave us.

    I hope that this helps some.

    Tom

    Reply-To: PPIS@concentric.net
    Subject: Re: OSCOR 5000

    Hi Tim;

    You may recall that I sent you some information about a year ago about the video detection problem of the OSCOR. I have read all the recent items you have sent from REI and such and everyone is slightly off the mark. We have spent a year researching this problem with antennae manufacturers and the wireless video industry.

    Without going into the usual virtual denial from REI the following will check out if you have access to a 2.4 system. Just one of the problems is that the Gold Beam or Wavecom units broadcast a 10mhz wide signal which is way over the head of the OSCOR's comparatively narrow band width. 'IF' you know the signal is present, know the frequency, and change the antennae to a directional high freq antennae, you can tune to the area and get a discernible increase in signal strength to at least exceed the threshold; a lot of 'ifs'. Some techs might dismiss the signal as sprurious or non-threatening since no picture is seen and no audio discernible.

    In the meantime, this requires a second hunt since the optional antennae is not suitable for the other signals. The other problem that REI and everyone missed is that the units DO NOT USE a synch pulse that is detectable with the REI compromise antennae array and the synch is intentionally suppressed so as to not interfere with other household TVs.

    The OSCOR will display a video picture in NTSC with absurdly painstaking micro tuning across the signal if you are using a high gain antennae; 15 db or greater; we use a 24 db custom dish and powered pre-amp to get about 30db. The process can take an hour (per signal) if you have the touch; but again, you must know the signal is present. Forget using OSCORs built in range-finding. More importantly, this is not the only video protocol which OSCOR has a problem with and contrary to Jones' assertion, I have placed the OSCOR in the signal path of several systems above 2ghz and it is still stone deaf; even as close as 5 feet.

    The bottom line is a simple fix; the OSCOR needs better band width and another antennae which can be affixed above 2 gigs or included in their array and an added FM de-modulator. Until someone fabs their own xmitter with splinter freqs, the best practice is to acquire the intended receiver for each of these types and use it as a sweep receiver with the OSCOR monitor for the display or a separate portable TV. Performance is enhanced over distance with the use of a yagi type or dish type antennae. We have had three built of various types and these do defeat the 2.4g sets. There are several high end industrial CCTV wireless sets that OSCOR cannot detect (Premiere) even at multi-watt level outputs and in the signal path. Our soon to be patented high freq antennae, small, engineered specifically for this application, and omni-directional should be available in about 60-90 days for about $150 to $175.00 and it will fit into their case.

    Lets remember that the OSCOR was touted for the primary use of internal security personnel and as the suite with which most threats could identified. This self righteous crap that if you don't find it it is your fault or a sweep is not a sweep without a physical is bogus. The instrument was given this Holy Grail status by persons whom had never used it in the real world and offered by REI to detect the presence of any non-friendly signal including video xmitters. The fact that REI still displays a xenophobic atitude toward any critique only slows the instruments modification to the goal of achieving its claimed performance. To leave existing customers to dry out while they all work on the NLJD is exemplary of the same intransigence and elitism that still refuses to re-write the manual while deliberately making untrue assertions that is has been.

    I have been saying that the 2.4 ghz threat is one of the greatest threats to our clients for a year. The audio is superb, the signal is stealthy, special equipment is needed to intercept it, it can be concealed in nearly anything, they are over-the-counter-available (Nanny Cams) and while you are shining your flashlight around to detect the change in signal output, the eavesdropper can shut it down. What happened to non-alerting TSCM? FYI, there are also 3.5ghz systems widely available and in 2 and 3 mile units for under a thousand dollars. If REI or anyone else is going to make an instrument that is intended to automatically locate signals in your abscence, then it must possess the ability to do so; not run over a common threat without slowing down. I still have not used it even once with any confidence as it frequently misses signals my Eagle finds.

    I said it before and I'll say it until REI changes their attitude; compared to the intended purpose and claims made by REI (on several issues) the OSCOR is still the world's most expensive door stop.

    Glen Wilson
    Pike's Peak Investigations

    Subject: OSCOR and our forum

    The last OSCOR discussion on video above 2Ghz was refreshing to consider. An all too common stumbling block to otherwise fine performance is to be too dependent on your equipment... and overlook the compromises in its design. It behoves us all to remember RF characteristics, and remember that bandwidth, sensitivity, Q, demodulation schemes, noise factors, antennas, cabling, and frequency controls are all compromises in a receiver designed to do many things. OSCOR and other units of similar purpose can be designed for about 75% or so of the most likely threat. The other 25% takes applied knowledge and equipment dedicated for those purposes, which inherantly cannot practically be combined in the same circuits of the more general receivers. Wideband, microwave, spread spectrum, hoppers, and other specialized schemes fall in that category. I don't think it will all ever be available in any briefcase for $20K. Those who remember the $55K PR700B will remember a 2Mhz IF - which was awesome at the time, along with an extremely low noise figure and almost no birdies. It was emphasized that you needed to search wide open in AM mode.... but since sensitivity and selectivity drop off dramatically as bandwidth increase, you also have to use much narrower IFs and other demod modes - often FM - in some bands in order to find anything. However to assume that you've searched 300-1Ghz well if you only do it in narrow mode FM is very arrogant, and would allow lots of wider signals to be missed. Also don't forget subcarriers and piggybacking, and the tremendous array of different modulation and multiplexing schemes. Our tools must work together to compliment each other... technical knowledge, humility because none of us knows it all, receivers, spectrum analyzers, gut feelings, sharing on this forum and others without piety or arrogance, and so on. Threat analysis, including reasonable LP locations or transmission paths is often the most important part of the job since it drives your whole approach.

    I encourage everyone to participate openly, technically, and honestly to improve the state of the art and the level of our community, especially now that we are no longer government insiders. Some folks look at TSCMers as quacks. Anyone who says they can do it all in a couple hours with only a briefcase and a magic wand is deserving of that view. Simply exchanging complaints and pointing fingers on this forum would also justify those critics. Sharing truly technical knowledge, tips, questions (even "dumb" ones), could help us to build a truly respected forum that would invite respect and participation. The recent exchanges on OSCOR have been building to more respectable levels. Let's keep it going that direction.
    Michael

    Michael Dye, Manager
    Physical Security
    O/2776 B/141 Ph. 408.742.5986 Fx. 756-9236

    No lesson seems to be so deeply inculcated by the experience of life, as that you should never trust in experts.
    Lord Salisbury