Навеяло предыдущей статьей о прослушке телефонов в Украине в свящи с чем решил найти и выложить. Это конечно немного о другом, но зато куда более квалифицированно. Переводить с английского не буду. Кому надо - так поймет, а дуракам ни к чему.
-------------------------------------------------

Nowhere to run...Nowhere to hide... The vulnerability of CRT's, CPU's
and peripherals to TEMPEST monitoring in the real world.

Copyright 1996, All Rights Reserved

By

Frank Jones
CEO
Technical Assistance Group
286 Spring Street
New York, New York 10013 USA
Tel: 212-989-9898
Fax: 212-337-0934
E-Mail: spyking@mne.net
URL: http://www.thecodex.com

George Orwell wrote the classic "1984" in 1949. He depicted a world in
which the government controlled it's citizens and a world devoid of
privacy. Many of the things Orwell wrote almost fifty years ago have
come to pass.

Surveillance technology has progressed to the point that is possible to
identify individuals walking city streets from satellites in orbit.
Telephone, fax and e-mail communications can routinely be monitored.
Personal information files are kept on citizens from cradle to grave.
There is nowhere to run...nowhere to hide...

The advent of the personal computer has revolutionized the way we do
business, keep records, communicate and entertain ourselves. Computers
have taken the place of typewriters, telephones, fax and telex
machines.

The Internet has opened up a new world of high speed and inexpensive
communications. How secure and private is it? There are many encryption
programs and hardware devices available for security purposes but what
about the computer terminal itself? How safe is it? What are it's
vulnerabilities? Hackers have been known to cause mischief from time
to time...Is it possible for an adversary to snoop on your private
data? Can Big Brother?

Suppose it was possible to aim a device or an antenna at your apartment
or home from across the street or down the block. Suppose you were
working on a confidential business project on your PC. Suppose that
device down the block could read what you were typing and viewing on
the CRT? Feeling uncomfortable? Suppose that device could monitor
everything you do on your computer by collecting electromagnetic
radiation emitted from your computer's CRT, CPU and/or peripheral
equipment, reconstruct those emissions into coherent receivable signals
and store them for later review? Feeling faint? Good. The technology
exists...and it has for some time....

You don't have to worry about a "middle of the night" break-in by some
clandestine government black-bag team to plant a bug. They never have
to enter your home or office. Seedy looking private investigators or
the information warrior won't be found tampering with your telephone
lines in the basement either...it's not necessary...all they have to do
is point an antenna...safely, from a distance away...and collect your
private data...

This surveillance technique has become known as TEMPEST monitoring.
TEMPEST stands for Transient Electromagnetic Pulse Standard. It is the
standard by which the government measures electromagnetic computer
emissions and details what is safe (allowed to leak) from monitoring.
The standards are detailed in NACSIM 5100A, a document which has been
classified by the National Security Agency. Devices which conform to
this standard are called TEMPEST certified.

In 1985, a Dutch scientist Wim van Eck published a paper which was
written about in the prestigious "Computers & Security" journal,
"Electromagnetic Radiation from Video Display Units: An Eavesdropping
Risk?" Vol 4 (4) pp 269-286. The paper caused a panic in certain
government circles and was immediately classified as is just about all
TEMPEST information.

Wim van Eck's work proved that Video Display Units (CRT's) emitted
electromagnetic radiation similar to radio waves and that they could be
intercepted, reconstructed and viewed from a remote location. This of
course compromises security of data being worked on and viewed by the
computer's user. Over the years TEMPEST monitoring has also been called
van Eck monitoring or van Eck eavesdropping.

In 1990, Professor Erhard Moller of Acchen University in Germany
published a paper, "Protective Measures Against Compromising
Electromagnetic Radiation Emitted by Video Display Terminals". Moller's
paper which updated in detail van Ecks's work also caused a furor.

The government's policy of TEMPEST secrecy has created a double edged
sword. By classifying TEMPEST standards, they inhibit private citizens
and industry by failing to provide the means of adequately shielding
PC's and/or computer facilities. There is an old saying, "You can't
drive a nail without the hammer". If concerned personnel don't know the
minimum standards for protection...how can they shield and protect?
Shielding does exist which can prevent individuals and companies from
being victims to TEMPEST monitoring. But without knowing the amount of
shielding necessary...

Perhaps this is the way the government wants it... My work has focused
on constructing a countermeasures device to collect and reconstruct
electromagnetic emissions from CRT's, CPU's and peripherals to diagnose
emission levels and give security personnel a hands-on tool with which
they can safeguard their computer data.

In testing my countermeasures device I concentrated on interception and
reconstruction of the three types of emitted electromagnetic radiation
written about in van Eck and Moller's work.

1. Electromagnetic radiation emitted from CRT's - similar to radio waves
2. Shell waves on the surface of connections and cables
3. Compromising radiation conducted through the power line

I found my greatest success (distance & quality) was in the collection
of emitted radiation from the CRT although we were equally successful
in our other experiments. In our opinion the greatest danger of TEMPEST
monitoring comes from off premises and we decided early on to
concentrate in this area. A workable countermeasures tool would give
security personnel a handle on distance from which compromising
electromagnetic radiation could be collected. Hopefully full
countermeasures would then be implemented.

This also is a double edged sword. The device I built albeit a
countermeasures tool...can be used as an offensive TEMPEST monitoring
device. My concerns however are that if such a device is not made
available to the private sector...then the private sector is at the
mercy of the information warrior using TEMPEST technology to gain an
unfair advantage.

TEMPEST MONITORING...HOW IT WORKS

TEMPEST monitoring is passive. It cannot be detected. The computer
emits compromising radiation which can be reconstructed from a remote
location. There is no need to ever come near the target. No reason
ever to go back to change a faulty bug like the Watergate burglars...It
can be performed from an office or a vehicle with no chance of
discovery. The premise is very simple.

All electronic devices emit some low level electromagnetic radiation.
Whenever an electric current changes in voltage level it generates
electromagnetic pulses that radiate invisible radio waves. Similar to
the ripples caused by dropping a small rock into a quite pool of water.
These electromagnetic radio waves can carry a great distance.

Computer monitors like televisions contain an electron gun in the back
of the picture tube which transmits a beam of electrons (electric
current). When the electrons strike the screen they cause the pixels
to fluoresce. This beam scans across the screen from top to bottom
very rapidly in a repetitive manner, line by line, flashing on and off,
making the screen light and dark, creating the viewed image. These
changes in the high voltage system of the monitor, generate the
incoherent signal that TEMPEST monitoring equipment receive,
reconstruct and view.

We have found that most monitors emit signals in the 20 to 250 Mhz
range although harmonics are fairly strong and can be intercepted.
Radiated harmonics of the video signal bear a remarkable resemblance to
broadcast TV signals although various forms of sync must be restored.

Associated unshielded cabling can act as an antenna and increase
interception range. Emissions can be conducted down power cables and
supplies. Computers attached to unshielded telephone lines are easy
prey as the telephone line acts as an excellent antenna. Printers and
their cables are not immune either. The average computer setup in the
home or office could be compared to a base station transmitting it's
signals all over the neighborhood.

Put quite simply, it is easy for someone with basic electronics
knowledge to eavesdrop on you, while you are using a computer. They
might not be able to steal everything from the hard disk but they can
view anything you do....see anything you see...

HOW IT'S DONE...THE COMPONENTS

A good commercial wide band radio receiver preferably designed for
surveillance (requires a little modification) with spectrum display.
Sensitivity and selectivity are paramount. Not all receivers will do
the job adequately

Horizontal and vertical sync generator. Commercially available and will
require some modification.

Video Monitor with Shielded cables

Active Directional Antenna (phased antenna array) with shielded
cables. Think radio telescope.

Video tape recording equipment. For capture and later review.

WHAT WE WERE ABLE TO CAPTURE...

Bench testing of the unit was quite successful in and around the
office. Several computers were targeted and interception of the data
was simple after injecting and restoring vertical and horizontal sync.
We had no problem viewing computer screens on adjacent floors in the
building (we were sometimes hindered by noise) and were able to
differentiate (to my surprise) between different computers in a large
office. We aimed our device out the window across the street at an
adjacent office building and were able to view CRT screens without too
much difficulty.

I should mention here that during the field tests NO DATA WAS STORED
FROM TARGET COMPUTERS. We were not on an eavesdropping mission. We
simply were interested in testing OUR equipment not spying on others.

Field testing of the unit was quite different and required continuing
manipulation of the equipment. From a vehicle in a suburban area we
were able to view active televisions inside homes ( the
cable/pay-per-view people could have a field day) and what programs
residents were watching. When we came across homes with active
computers we were able to view CRTs. Average range was approximately
300 yards.

We continued to test the device in a suburb of New York City with
startling results. We were able to view CRT screens at ATM machines,
banks, the local state lottery machine in a neighborhood candy store, a
doctor's office, the local high school, the fire department, the local
police department doing a DMV license plate check, a branch office of a
securities trader making a stock trade and the local gas station
tallying up his days receipts. We didn't expect that any of our
"targets" would be TEMPEST certified and we were correct.

BIGGER FISH IN A BIGGER POND

We took our DataScan device, as we named it, to New York City. The Big
Apple. We were interested in testing the integrity of various computer
facilities and also wanted to see how our device would operate in an
urban environment.

Let me start off by saying New York is in a lot of trouble. We started
at Battery Park (the southern tip of Manhattan Island) and headed north
to Wall Street. The US Customs building leaks information as well as
the Federal Reserve. Wall Street itself was a wealth of information for
anyone interested. With hundreds of securities and brokerage companies
located within a few blocks of each other, all an information warrior
need do is rent an office with a view and aim his antenna. We were able
to view CRT's in MANY executive offices.

The World Trade Center was fertile. It afforded open parking areas
nearby with millions of glass windows to snoop...we were most
successful snooping the lower floors from the street. We borrowed a
friends office at mid-tower in the south building and were able to view
CRT's in the north building easily.

We headed east towards the New York Post newspaper offices and read the
latest news off their monitors (which was printed the next day). We
headed north towards City Hall and NYPD Police Headquarters. Guess
what? They're not TEMPEST certified either...Neither is the United
Nations, any of the midtown banks, Con Edison (the power company) on
First Avenue, New York Telephone on 42nd Street or Trump Tower!
Citicorp's computer center in the SkyRink building on West 33rd Street
was a wealth of information also...

We found that with the proper frequency tuning, antenna manipulation,
reintroduction of sync and vehicle location , we could monitor just
about anyone, anywhere, anytime. There is no doubt in my mind that
TEMPEST eavesdropping is here to stay and something that must be dealt
with by computer and security professionals.

Passwords, files, proprietary data and records are all vulnerable to
the information warrior using TEMPEST monitoring equipment in a non
TEMPEST certified world.

POTENTIAL USERS OF TEMPEST MONITORING

Big Brother:

Yes, that's right. He does bug businesses. Sometimes with a court order
and sometimes without one. It's unclear under present American law
whether or not a court order would to needed to collect TEMPEST
information. You never know when Big Brother's on a witchhunt. Maybe he
suspects you of being a tax cheat, of insider trading, leftist
sympathies, etc. Remember Watergate? Now, the FBI wants to be able to
tap EVERY telephone, fax and data line in America at the turn of a
switch and they want US to pay for it...Using TEMPEST technology they
need never enter or come near your home or business.

Foreign Intelligence Services:

In the last days of the Bush Administration, the mission of the CIA was
partially changed to spy on foreign businesses and steal trade secrets
in response to the every growing surveillance of American industry by
foreign competitors and foreign intelligence services. The Japanese are
the worst. Most of the Japanese students living and attending school
the USA are economic trade spies. The French intelligence service
regularly bugged ALL the first class seats on AIR FRANCE flights to
eavesdrop on traveling foreign businessmen. EVERY foreign service in
the world is involved in corporate espionage to gain an economic
advantage for their own companies. Do you have a foreign competitor?
Then the chances are good that a foreign intelligence agency will spy
on you. TEMPEST technology is becoming the medium of choice .

The Activist:

Dedicated, yet misguided activists may wish to further their own cause
by releasing your private disclosures to the media. Every company
circulates confidential memos that would be embarrassing if released to
the public. TEMPEST technology makes corporate snooping simple.

The Dissident:

Dissidents want to damage more than your company's reputation. They may
use TEMPEST technology as a means of compromising your internal
security, valuable products and equipment, and even executive travel
plans in order to commit crimes against your person, family or
property!

Financial Operators

Unethical financiers can benefit greatly from prior knowledge of a
company's financial dealings. TEMPEST attacks can be mounted quickly
and from a distance with virtually no chance of discovery.

Competitors:

Competitors may seek to gain information on product development,
marketing strategies or critical vulnerabilities. Imagine the
consequences of a concerted TEMPEST attack on Wall Street. How much are
you going to offer for that stock next week? You need to buy how many
shares for control?

Unions:

Unscrupulous union negotiators may use TEMPEST technology to gain
knowledge of a company's bargaining strategies and vulnerabilities. Is
your company is having labor problems? Is your company is involved in
any type of litigation or lawsuit with a union? Does your company have
layoffs pending?

Employees:

One of your company's employees might use TEMPEST technology on another
to further his own career and to discredit his adversary. It would be a
simple matter for an adversary to plant a mole in your company who
could position TEMPEST monitoring equipment in the right direction even
though they might not be allowed to enter a specific restricted
area...

The Information Warrior:

Brokers may profit from selling your company's secrets to the highest
bidder, or maybe even to anyone who wants to know! Does your company
have stock that is traded publicly? Or will be soon? With TEMPEST
technology there is nowhere to run...nowhere to hide...Keep in mind
that anybody with money, power, influence, or sensitive information is
at serious risk.

FINDINGS AND RECOMMENDATIONS

Using simple off-the-shelf components with minor modifications we were
able to monitor computer CRTs "at-will" in suburban and urban
environments. We did not recreate the wheel. The TEMPEST monitoring
premise is simple and anyone with a basic knowledge of electronics
could construct such a device and use it with impunity.

Our DataScan device differs from earlier models because of the unique signal
amplification and directional antenna array used which we believe enhances
the collection process greatly.

It appears from our research that most individuals and companies do not
use TEMPEST certified equipment and most have never even heard of
TEMPEST.

I believe the media should be made aware of the problem in hope that
publicity about potential TEMPEST attacks will force the government to
release the information necessary to allow private citizens and
industry the means to properly secure their proprietary data.

Check out our WEB SITE - The Codex Privacy Page URL:
http://www.thecodex.com

The Codex Surveillance & Privacy Newsletter
DataScan - Diagnostic TEMPEST Evaluation System
Design and Fabrication of Specialized Systems
Technical Surveillance CounterMeasures (TSCM)
Forensic Audio Restoration & Audio Tape Enhancement

Архив:

Jul2024   Jun2024   May2024   Apr2024   Mar2024   Feb2024   Jan2024   Dec2023   Nov2023   Oct2023   Sep2023   Aug2023   Jul2023   Jun2023   May2023   Apr2023   Mar2023   Feb2023   Jan2023   Dec2022   Nov2022   Oct2022   Sep2022   Aug2022   Jul2022   Jun2022   May2022   Apr2022   Mar2022   Feb2022   Jan2022   Dec2021   Nov2021   Oct2021   Sep2021   Aug2021   Jul2021   Jun2021   May2021   Apr2021   Mar2021   Feb2021   Jan2021   Dec2020   Nov2020   Oct2020   Sep2020   Aug2020   Jul2020   Jun2020   May2020   Apr2020   Mar2020   Feb2020   Jan2020   Dec2019   Nov2019   Oct2019   Sep2019   Aug2019   Jul2019   Jun2019   May2019   Apr2019   Mar2019   Feb2019   Jan2019   Dec2018   Nov2018   Oct2018   Sep2018   Aug2018   Jul2018   Jun2018   May2018   Apr2018   Mar2018   Feb2018   Jan2018   Dec2017   Nov2017   Oct2017   Sep2017   Aug2017   Jul2017   Jun2017   May2017   Apr2017   Mar2017   Feb2017   Jan2017   Dec2016   Nov2016   Oct2016   Sep2016   Aug2016   Jul2016   Jun2016   May2016   Apr2016   Mar2016   Feb2016   Jan2016   Dec2015   Nov2015   Oct2015   Sep2015   Aug2015   Jul2015   Jun2015   May2015   Apr2015   Mar2015   Feb2015   Jan2015   Dec2014   Nov2014   Oct2014   Sep2014   Aug2014   Jul2014   Jun2014   May2014   Apr2014   Mar2014   Feb2014   Jan2014   Dec2013   Nov2013   Oct2013   Sep2013   Aug2013   Jul2013   Jun2013   May2013   Apr2013   Mar2013   Feb2013   Jan2013   Dec2012   Nov2012   Oct2012   Sep2012   Aug2012   Jul2012   Jun2012   May2012   Apr2012   Mar2012   Feb2012   Jan2012   Dec2011   Nov2011   Oct2011   Sep2011   Aug2011   Jul2011   Jun2011   May2011   Apr2011   Mar2011   Feb2011   Jan2011   Dec2010   Nov2010   Oct2010   Sep2010   Aug2010   Jul2010   Jun2010   May2010   Apr2010   Mar2010   Feb2010   Jan2010   Dec2009   Nov2009   Oct2009   Sep2009   Aug2009   Jul2009   Jun2009   May2009   Apr2009   Mar2009   Feb2009   Jan2009   Dec2008   Nov2008   Oct2008   Sep2008   Aug2008   Jul2008   Jun2008   May2008   Apr2008   Mar2008   Feb2008   Jan2008   Dec2007   Nov2007   Oct2007   Sep2007   Aug2007   Jul2007   Jun2007   May2007   Apr2007   Mar2007   Feb2007   Jan2007   Dec2006   Nov2006   Oct2006   Sep2006   Aug2006   Jul2006   Jun2006   May2006