Executive Summary
In doing this paper I have researched what TEMPEST is, How it started as a Top-Secret Government Program to spy on the U.S. enemies abroad, and our own citizens! I also discovered how TEMPEST attacks are made, and what types of equipment are used in an attack. Finally, I will talk about how businesses and families can protect themselves from "Computer Espionage".
Questions for the Final:
TEMPEST
"The Weakest Link in Computer Security"
By
Kris White
Inside the U.S. Government, security officials have a great fear: Is someone with the right surveillance equipment tuning into what we are radiating from our computer screens? Are they in a nearby office, the floor below us, or across the street? This once top-secret program to protect these emanations is called TEMPEST. For several decades the U.S. government has keep a tight lid on what the program includes. Only within the last 4 years have we found out what the government has known for 50 years! The reason they don’t want to spread the word is because they have been looking over your shoulders for years without a search warrant. They have captured what you view off your computer monitors and electronic devices without the need of a password, access badge, or system access. They simply aim a high directional antenna into a room’s window, and off the walls they are able to pick up the reflection of radiation spewing from your computer screen. Now that they have the technology to spy on you and your co-workers, friends, and family, they don’t want you to know how they do it, or how to protect yourself. You see, this type of surveillance is free for them. They are simply tuning in to the radio waves your electronic devices are sending out. Government memos about this were classified for many years. This gave rise to rumors about secret organizations within the government that could detect these signals. It is very simple to do, and most of the time it only costs a few hundred dollars worth of parts. Many local Radio Shack stores carry all the needed parts to put together the right equipment.
During the late 1950’s and early 1960’s, the U.S. government became worried about the "compromising emanations" from computer screens, and how they could easily reproduce what is being viewed and typed onto the screen. This opened a whole new world up to the government now called "Computer Espionage". Compromising Emanations are simply defined as unintentional intelligence-bearing signals, that, if intercepted and analyzed, disclose the classified information transmitted. Research has shown this is possible, and since then the spread of TEMPEST within the government grew to protect itself, yet, try not to make it public to warn its enemies that the capability exists. This is how it all started back in the late 50’s.
Author, and ex-M15 agent, Peter Wright, wrote in his book, "Spycatcher", that during the 1960’s he had spied on messages sent by the French during Britain’s negotiations to join the European Economic Community. In 1960, Britain was negotiating to join the EEC, and the Prime Minister was worried that De Gaulle would block Britain’s entry. He therefore asked the intelligence community to determine the French negotiating position. They tried to break the French diplomatic cipher and failed. However, Wright and his assistant noticed that the enciphered traffic carried a faint secondary signal, and constructed equipment to recover it. It turned out to be plain text, which somehow leaked through the cipher machine.
So, with all that said now we can define TEMPEST. It is the acronym for Telecommunications Electronics Material Protected form Emanating Spurious Transmissions. It is the name given to the technology involving the capture (and thus safeguarding) electronic equipment that radiate electromagnetic radiation (EMR) in such a way that can be used to recreate what is being viewed. The term TEMPEST is believed to have been a code word used by the U.S. government, and later became an acronym for the title of the program.
TEMPEST over the years has evolved into many different names but the principle is stilling the same. EMSEC (Emission Security) is the Air Force version of the TEMPEST program. Also, it can be referred to as ‘Van Eck Phreaking’ after the Dutch Scientist Wim Van Eck who demonstrated to a large crowd of government officials how radiated signals from a CRT screen could be reproduced. His research paper entitled Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk? , describes TEMPEST like this:
"It is well known that electronic equipment produces electromagnetic fields, which may cause interference to radio and television reception. However, interference is not the only problem caused by electromagnetic radiation. It is possible in some cases to obtain information on the signals used inside the equipment when the radiation is picked up and the received signals are decoded. Especially in the case if digital equipment this possibility constitutes a problem, because remote reconstruction of signals inside equipment may enable reconstruction of the data that the equipment is processing."
Some of his results caused government officials to be very nervous and the business community very scared. Now it was possible to leak sensitive information right out the office windows for spies to receive. A normal TV turner is made suitable for this purpose will in some cases be able to restore the display of the computer screen on its own TV screen. Depending on the make and model of the TV set, the information can be received at distances up to 1 km. Many of the people that witnessed his test results were shocked to find out how easy it was to pick up and recreate the signals. Data safeguarding had took a leapfrog into the age of computer spying.
So now that we know what TEMPEST is, you might be wondering how it works. To answer that question without digging to deep into the technical side of electronics, I will try to make it very basic for you to understand. Every electronic device gives off some sort of electrical signals (even if it was not designed to transmit anything)! Just simply the power running through a wire will give off a signal. The best way to avoid this signal interfering with other signals is through the use of shielding. Most power cables and interconnecting cables have shielding to reduce the emanations. But I said reduce, because it still gets through all the connections from the wall, and also to the electronic device. A simple circuit card inside the device is capable of giving off the same signal, so therefore we need to not only isolate the machines, but also the rooms in which we work. Everything going into the room must be isolated so that the emanations can not go out the same path. For example, phone lines, power cables and poorly grounded electrical signals all can act as a receiver and transmitter of these emanations. These radio waves can be captured with a directional antenna pointed to the source. This signal picked up can then be fed into a monitor and be recreated using the vertical and horizontal sync resolution of the displaying television set. Once the TV is set precisely to the same settings of the captured video screen monitor, then the information can be detected.
What you might not know is that microchips, printers, and PC’s all emit these signals into free space or into some conductor like power lines or communication wires, and even water pipes! The radiated signals that are carried down these types of conductors are susceptible to being picked up by the wrong persons. Tempest monitoring equipment includes different models of receivers, hardware, and software. The receivers are highly sensitive and can pick up multiple frequencies and are tuned to receive very faint signals. The information that is picked up is often corrupted by thing external to the source of the intended signal. This might be a microwave oven, or radio transmitter, or cell phone. But with the right type of software, these signals can be sent through a computer and the noise filtered out, and the captured signal intensified to be displayed correctly. Although the U.S. Government strictly forbids the sale of TEMPEST monitoring equipment to the public, it is possible to buy from non-approved companies and individuals, or from visiting a few online internet sites, you can get instructions for building your own from parts from local electronic hardware manufactures. Here is what one list looks like courtesy of Capt Whos homepage, "
The "Radio Shack" Reader
1. The antenna Radio Shack TV/FM # 15-1611 for 49.95
Now with all the "Radio Shack" equipment, another basic item is the TV set to display the captured video signal. Many older TV sets that are "basic black and white" work well for this. It is mainly because they have tunable receivers in them and have been known to pickup signals in apartment complexes with simply re-tuning the sync signal on the back of the set. Once the TV matches the sync of the computer, the broadcast emanations from the computer can be read. Right now if you have a TV set and an antenna (mounted on your rooftop), then you can pick up these signals. Most TV’s have attached a signal amplifier, to reduce interferrence with the video signal being received. Simply now of days, the guy next door is able to read you computer screen and you won’t even know it. No matter how secure your passwords are to your system and how careful you protect your online presence, people can see everything you do. Now if you think about how many personal computers are being used in the military and corporate world, it doesn’t take much time to figure out the computer technology has become America’s weakest link. No matter how hard we try to safeguard our passwords and systems, if we don’t take the precautions to reduce or eliminate the emanation then it is possible that we are compromising ourselves. If business plans, formulas, and patent-trade information, client lists, or any other sensitive information that could be valuable to others. This information gathering is being more and more common now as the preferred method of obtaining information across the airways. It leaves a persons work open to all that are around to see with the right equipment.
In testing and research, most computer monitors leak strong signals between 9.0 MHz and 9.250 MHz for simple text scrolling by. The best reception of signals was down at the low end of 9MHz. Monitor frequency range from 11 through 19.5-20MHz. Printer frequencies range from 140 to 200MHz. The same equipment at ranges of 88 to 250MHz can detect disk operations. Overall system frequency radiated are as low as 4MHz to a highs of 500MHz. Modem frequencies are radiated at 28-300MHz Radio technology makes it simple to fine tune a receiver to these frequencies and reproduce them.
An interesting thought comes up with the use of some HAM transceiver sets. Some can transmit multiple frequencies, and with some easy modifications found online over the Internet, some can become sensitive receiver devices. For example the Kenwood 440 offers 100 watt output and can transmit multiple frequencies. To perform the modification you would simply cut one lead from Diode D 80 and for better frequency readout, you gain an additional readout of 10 Hz by snipping the lead to diode 66.
So now that we know what TEMPEST IS, and how people can tap into our computer radio emanations, you may wonder how do you protect yourself? Right? Well, the answer is not an easy one. If it were easy then there would be no need to have TEMPEST programs in your business places or home security plan. Shielding is the answer, but with all the shielding in the world, unless you do it smartly, it can still be compromised. You can reduce the risk, but not eliminate it entirely without lots of additional costs, and expensive building materials and complex floor plans. The most advanced TEMPEST safe devices use micro-components that have been designed from scratch to minimize the emanations. From a scientific point of view, shielding involves the principle of the ‘Faraday’s Cage’ that does not permit stray emanations, along with special modifications to the power source. Normally, this involves a heavy copper case around the object. TEMPEST shielding also involves the floor plans of the building, room and the location of the equipment. People often go to great lengths and efforts to isolated systems from "spying" but fail to take TEMPEST into account in their security plans. To use secure TEMPEST approved computers is very expensive, and therefore you must decide how much importance is the data to the amount of money it will take to protect it.
Companies and individuals can purchase TEMPEST approved computers, but the high costs of the secure systems may scare away most customers. However, even if you don’t have the money to purchase a TEMPEST safe computer, there are some simple solutions to reduce the radiation that is sent from your computer screen. The first is to always purchase computer screens that meet the industry standard emission laws. Use only shielded cables when connecting systems to other systems and when leaving the building or room’s infrastructure. To prevent emanations along your phone line from your modem, make sure you install a phoneline filter. This will block the emanations leaving your system.
Using software approved for TEMPEST programs means to encrypt the data that you send from your computer so that even if the emanations were captured, they won’t be easily recreated on the other computer. This brings us to the next topic of discussion. We have talked about the hard ware that is used and the type of radiation that is broadcasted, but whatabout the software.
There is a "Soft" TEMPEST program that should also be implemented by your business or home where sensitive information is being transmitted. This has roots as the part of a research project lead by two college professors from the University of Cambridge. Ross Anderson, and Markus Kuhnn published a paper in 1998 describing the techniques they found that software can be used to control the electronic emanations from the computer screens. This type of software is useful for both defenders and attackers. To attack a computer, malicious code can encode stolen information in the computer’s radiated energy, and maximize them for range, receiver cost and secrecy. To defend the systems, at trusted screen driver can display sensitive information using fonts which minimize the energy of these emissions. Using text fonts with softened edges will limit the higher frequency emissions (which is the frequency that is beamed the farthest from the computer).
So is the world today thinking of TEMPEST? Since it’s inception during the 1950’s, it has been to some as the program known as "Big Brother is watching". Still because of it’s classifications, and secrecy, some think of TEMPEST monitoring is somewhat like a hoax. Yes, it is possible under ideal conditions, but in the real world of PDA’s, cell phones, TV, radio, and satellite transmissions, door openers, it is impossible to detect a single signal and isolate all the garbage. Just because the technology is there to suggest capture is possible, many think nowadays the treat is low because of all the "garbage" radiated into freespace. TEMPEST is not "spying technology", some believe the reason for the shielding is due to all the electronic devices interfering with each other’s operation, such as TV and radio signals. While sneaking a peak at another computer screen is possible, it is very complicated in todays world.
In Closing, some still think there is too much publicity by TEMPEST engineers of the potential security problems that exist. The fact more and more monitors today are shielded keeps the risks low. The term itself has fallen out of use, and this type of security is now called EMSEC (Emission Security) and is defined now as protecting all measures taken to deny unauthorized persons information of value which might be derived from intercept and analysis of compromising emanations from cryptographic-equipment, automated information systems (AIS), and telecommunications systems.
BIBLIOGRAPHY