|
Cryptome DVDs are offered by Cryptome. Donate $25 for two DVDs of the Cryptome 12-years collection of 46,000 files from June 1996 to June 2008 (~6.7 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of cryptome.org, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org, and 23,000 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost. | |||
Excerpts of pages 138-147 from:
Winn Schwartau
Thunders Mouth Press, New York, 1994.
ISBN 1-56025-080-1.
Any electrical current produces a magnetic field. A television station broadcasts a very small magnetic field from its antenna atop the World Trade Center or in a corn field in Iowa, and a portable TV set in your home can pick up and display Mr. Ed reruns or Murphy Brown in startling clarity. Let's take this thought one step further. Computers, printers, fax machines, and video monitors are also electrical devices that conduct current and they too emit magnetic fields. Guess what? These magnetic fields can be picked up by a special receiver, too, and can be read in startling clarity, invisibly, passively, and with little fear of detection. Sounds like an ideal tool for the Information Warrior.
A computer is actually a miniature transmitter broadcasting all of its information into the air, where it is ripe for the picking. From an electrical standpoint, the CRT or monitor of a computer is the "loudest" component, meaning that the magnetic field it produces is the strongest. Back in the early days of computers, in the days of Radio Shack TRS-80 ("Trash 80s"), Commodore Pets, and VIC-20s, users often experienced severe interference from their computers on their TV sets.
Many of us set up our computers in the living room so we could spend quality time with our families, watch M*A*S*H and play with our latest adult toys. But we also noticed that unless the computers were a safe distance from the TV, the picture was virtually unwatchable. Wavy lines scrolled across and up and down the screen and "noise" filled the picture. If we rotated the computer and sat at a different chair at the dining room table, the interference was less objectionable. If we moved the computer into the bedroom, the interference often went away. To satisfy our desire to watch TV and still peck away at BASIC, we would twiddle for nights on end trying to optimize the picture on the boob tube by minimizing the interference. That might mean finding the only place in the room that would allow us to enjoy both diversions at once, or it might mean using three rolls of properly placed and shaped rolls of Reynolds Wrap around the computer and on the TV aerial. We were trying to shield the television set from the electromagnetic radiation emitted by the computer and its monitor. Little did most of know then that we were experiencing a phenomenon that the National Security Agency had buried deep within their classified Tempest program. The government had known about the national security problems associated with computer-based electromagnetic radiation for years.
Electromagnetic eavesdropping is a formidable weapon to the Information Warrior. Twenty years later the government still shrouds much of the issue in secrecy, and it is only due to the efforts of independent researchers not controlled by the secrecy laws concomitant with government employment that we understand just how much of a risk electromagnetic eavesdropping really is.
Since every computer unintentionally broadcasts information into the air (except those few especially built to tightly-guarded NSA Tempest specifications), the Information Warrior has the means to detect, save, and read every bit of information that passes through a computer and onto a video monitor. And he can do it passively, from some distance, without your ever being the wiser.
Detecting and recovering this data is not possible only for the intelligence community or super-high-tech whiz bangers. The ability to read computer screens from a remote location is available to anyone with a modicum of knowledge of basic electronics. Your television repairman is an ideal candidate for assisting your local Information Warrior. Morgan Death, a former Vice President at Hughes STX, wrote, "Many individuals and corporations have no idea how easy it is to obtain information from electronic radiations. They thought of Tempest protection as a black art that only the intelligence community had to worry about.''[1]
In its simplest form, an electromagnetic eavesdropping device consists of no more than a black and white television set and a handful of parts costing less than $5. The interception we experienced with the Trash 80s was the actual video signal (the characters that cross the computer screen) being picked up by the TV antenna. The computer monitor leaks this information at about the same frequencies used by channels two through seven on the TV. All we need to do is tune them in and voila!, we have an echo of what appears on our computer screen. The reason we couldn't read the Trash 80 characters on our TV set was that the detected signals had lost their "sync," or synchronization. The information was there, but it fell apart. The Information Warrior simply puts it back together again.
A television set modified to pick up computer screen emissions needs to have two signals added to those unintentionally leaked by the monitor under surveillance. The first is the vertical sync which, on a TV set, is called vertical hold. The second signal needed is the horizontal sync. If either of these signals is maladjusted, the TV will endlessly "roll" up and down or left to right, as the case may be. (Readers who owned early generation television sets can easily relate to the frustration.) The radiated signals from a computer combined with these two sync signals will produce a perfectly readable copy of whatever appears on the computer with no wires connecting the two. To add more fuel to the fire, the data displayed on the video screen can be detected even when the video monitor itself is turned off.
Many audiences to whom I speak find this simple item alarming and discomforting, thereby leading to a degree of incredulity -- until they see the demonstrations. In September of 1991, on Geraldo Rivera's ill-fated TV show, "Now! It Can Be Told," I demonstrated what I believe was the first national broadcast of electromagnetic eavesdropping.[2] Despite the fact that atomic bombs were going off in the background, the demonstration was real.
The publicity surrounding electromagnetic eavesdropping first reached a furor in 1985 when a Dutch scientist, Professor Wim van Eck, published an unclassified paper on the subject.[3] He stated that, based upon his studies, "it seems justified to estimate the maximum reception distance using only a normal TV receiver at around 1km....''[4] As a result of the publication of this document, electromagnetic eavesdropping was popularly dubbed "van Eck radiation." According to Tempest engineers certified by the National Security Agency, the NSA department responsible for the security of the Tempest program went ballistic. They classified the Van Eck report, which included very exacting details and mathematical analysis that they had considered to be exclusively under their domain. Tempest engineers were forbidden, as part of their security agreement with the Government, from speaking about or acknowledging any details of van Eck's work.
But the cat was already out of the bag. The prestigious and scholarly journal Computers and Security discussed van Eck in its December 1985 issue, to the continued chagrin of the intelligence community, and in 1988, the British Broadcasting Corporation aired a segment on the phenomenon which is similarly classified in England.[5]
This impressive demonstration was conducted in London, with the detection equipment set up in a van that roamed the streets. The technicians in the unassuming van would lock into "interesting" computer signals, emanating from law offices and brokerage firms located in London high rises, from a distance of several hundred feet. They then recorded the impressively clear computer-screen images on a video tape. When company executives were brought into the van, they viewed a playback of the video tape that demonstrated the capability for remote passive eavesdropping of highly sensitive information. The impact of such capability was evident on their shocked faces and in their commentary. According to Tempest technicians, the NSA classified this tape along with van Eck's publicly available papers.
Swedish television broadcast a similar demonstration on a show called "Aktuellt." These demonstrations provided conclusive evidence that the risk to privacy and the sanctity of information was real. Despite our government's efforts at hiding the potential risk to American businesses, van Eck radiation was becoming widely known everywhere and to everyone else but us.
In 1990, Professor Erhard Moller of Aachen University in Germany published a detailed update to van Eck's work with such eavesdropping. To this date, the NSA still classifies these protective measures in their Tempest program. They allegedly went so far as to classify portions of a university text book written by the legendary expert in electromagnetic control, Don White.[6]
On the home front, Hughes STX (a division of Hughes Aircraft) demonstrated van Eck emissions using a circa-1955 Dumont tube television console set and a small portable black and white unit as receptors. Not only are van Eck radiations broadcast into the air, but water pipes, sprinkler systems, and power lines are excellent conduits, offering ideal tap points for interception. Attaching a wire to a hot water pipe and watching computer screen images appear on a television set is a most disquieting experience, but one that cannot be ignored.
Jim Carter, president of Bank Security in Houston, Texas, has also been publicizing the phenomenon at such events as HoHoCon, the annual hacker's conference, and Jim Ross's Surveillance Expo in Washington, D.C. His experiences with Van Eck were highlighted in 1991 when, in cooperation with Benjamin Franklin Savings and Loan, he demonstrated how to successfully attack a Diebold ATM machine. He says that, using Van Eck radiation, "we got all of the information we needed to reconstruct an ATM card." Carter says that he notified Diebold of the vulnerability to their machines and to their customers. They flew a couple of engineers down "but after two years, we're still waiting for them to get back to us. They really don't give a damn if they fix the problem or not."
Today, if you don't have the expertise to build your own, you can actually buy a van Eck unit, priced from $500 to $2,000, from any number of catalogs. The results range from godawful to darn good. One company, Spy Supply in New Hampshire, no longer sells their unit. According to one of the company's principals, Bob Carp, they were approached by the NSA and strongly urged to discontinue sales immediately or risk the wrath of the government.[7]
Another company, Consumertronics in Alamogordo, New Mexico, claims to sell a van Eck detection unit for educational purposes only. However, reading their literature and catalog of product offerings suggests other motives.[8] On the high end, sophisticated and expensive test equipment such as that built by Watkins-Johnson of Gaithersburg, Maryland, and an assortment of other U.S. and foreign companies, provide an excellent means to detect a wide range of signals and reconstruct video signals of good quality.
The NSA has gone to extraordinary lengths to maintain the secrecy surrounding van Eck radiation, such as asking Spy Supply to cease and desist and classifying portions of engineering text books that might give too much away. By attempting to bury the issue as completely as possible and allowing discussions of value to occur only under the veil of national security, they have done this country and its industries a great disservice. To the best of my knowledge, they have never openly discussed the realities of van Eck radiation, thus reducing its credibility as a threat in the eyes of corporate America and the protectors of its information. The unfortunate rationale of many security professionals is "if it's not officially acknowledged, then it can't be real."
A few years back, after the initial flare-up of concern about electromagnetic eavesdropping, Chase Manhattan Bank ran some internal test to determine their vulnerability. Based upon their home-brew tests, they determined, "Quite frankly, at the bank, we're not overly concerned about screens being read."[9]
However, in the fall of 1992, Chemical Bank found themselves the apparent target of exactly this type of eavesdropping by unknown Information Warriors. According to Don Delaney of the New York State Police, bank officials were alerted that an antenna was pointed at their midtown New York bank offices, where a large number of ATM machines and credit card processing facilities are located. For reasons that the bank will not discuss, they elected not to pursue the matter although the police offered assistance.[10] From external appearances, it seems that Chemical Bank was the target of what has generically become known as a Tempest attack.
Because van Eck detection is so simple, so insidious, and so passive, the number of reported incidents is bound to be low. In addition, most people aren't even aware of the capability so they wouldn't recognize it if they saw it. A major U.S. chemical company, however, did know that it was the target of industrial espionage using van Eck techniques. The security director of the firm was an ex-CIA employee, well-trained in surveillance techniques. He said that he was alerted by the sight of a Toyota van sitting in the parking lot near one of the company's research and development buildings. What caught his attention was an antenna on the roof of the van, which appeared to be scanning the area and fixing itself on the R&D facility. Although he can't prove his countermeasures solved anything, the van quickly disappeared after he shielded the targeted labs from emitting van Eck radiations. [11]
There are plenty of methods to protect against Information Warriors who want to eavesdrop on screens, keyboards and printers, but a question of legality arises. According to one author, "In the United States, it is illegal for an individual to take effective countermeasures against Tempest surveillance.''[12] This statement is ominous if taken at face value. It implies that electromagnetic eavesdropping is commonly practiced in domestic surveillance activities. Could this be one reason why the NSA has been so rigorous in its efforts at downplaying the matter?
Perhaps. The NSA and other government agencies do use these techniques and do have their own surveillance vans, complete with van Eck detection equipment. A specially- constructed chassis is made by Ford Mother Company, so that the eavesdropping van cannot be eavesdropped upon. The vans are then outfitted with the very best surveillance technology that the Pentagon's billions can buy. Who are they listening to? No one I know will say, but their capabilities are most impressive. The NSA recently developed a custom unintegrated circuit employing specialized Fast Fourier Transforms (FFTs), that will enhance the clarity and range of the van Eck detection equipment substantially, as well as significantly reduce the size of the surveillance equipment.[13]
I assume that by now the problem becomes explicitly clear. The computer screens that we once thought were private are, in fact, veritable radio stations. The keyboard strokes that we enter on our computer are also transmitted into the air and onto conduit pipes and power lines. An A at the keyboard sends out an electromagnetic A into the air or down the sprinkler pipes and any digital oscilloscope, in the hands of a professional, can detect the leaking signals with ease. A keyboard B emits an electromagnetic B, a C at the keyboard sends out its unique signature, and so it goes for the rest of the keyboard. PIN numbers or other potentially sensitive information can be detected, stored, and decoded with the right equipment in the right hands.
Printers, too, betray the privacy of their users; generally unbeknownst to them, but all too well known by the Information Warrior in search of information. The NSA uses a classified technique called digram analysis to assist in eavesdropping on van Eck emanations from printers. Each printer type has its own unique sets of electromagnetic patterns, depending upon how it was designed and built. The NSA will buy one of each, analyze its patterns, and then be more easily able to decode the intercepted information patterns.
As the story goes, during a very intensive security sweep of the American Embassy in Moscow in the early 1980s, a small transmitter was found inside of a classified telex machine. Allegedly, it listened to the electromagnetic patterns generated by the telex machine and retransmitted the raw signals to a secondary listening post where the Soviets performed their own digram analysis to read sensitive U.S. Government messages.
Since there is virtually no way to know that a computer or printer is being "van Ecked", there is no reliable method to determine what losses might actually have been incurred due to electromagnetic eavesdropping. The possibilities for speculation are endless. Exploitation of van Eck radiation appears to be responsible, at least in part, for the arrest of senior CIA intelligence officer Aldrich Hazen Ames on charges of being a Soviet/Russian mole. According to the affidavit in support of Arrest Warrant, the FBI used "electronic surveillance of Ames' personal computer and software within his residence," in their search for evidence against him. On October 9, 1993, the FBI "placed an electronic monitor in his (Ames') computer,''[14] suggesting that a van Eck receiver and transmitter was used to gather information on a real-time basis. Obviously, then, this is an ideal tool for criminal investigation -- one that apparently works quiet well.
In 1991, I designed a few scenarios for a defense think tank in order to define the needs of an urban Information Warrior who wants to use this approach. The simplest approach involved a portable van Eck detector with its own transmitter and receiver, so that it could be remotely tuned into the computer, printer, or video monitor of choice. Smaller detectors are more expensive but offer advantages to the Information Warrior, who could easily plant a small receiver in the basement of a building, leave it there unattended, and sit a comfortable distance away, scanning and listening for the information he wanted.
Consider the following. An Information Warrior who has profit as his motive uses van Eck detection equipment to listen in on the computer of a brokerage firm. They are planning to issue either astoundingly good or astoundingly bad news on one of their clients, which will soon have a major impact on its stock price. Now that he knows this "insider information," he makes the appropriate financial decisions and buys or sells or shorts a big block of stock with the intent of making a financial killing. Can the Information Warrior be prosecuted for this? There is no clear answer at this time.
Perhaps the CEO of a major company is worried about the outcome of future litigation, and would give anything to know what the opposing counsel was planning. Electromagnetic eavesdropping could easily provide him with that information -- and there is hardly any chance that he would ever be caught. Invisible, passive, and insidious.
Van Eck detection also lends itself nicely to the exploitation of Binary Schizophrenia or other social malaises we discussed earlier. Imagine that the goal of the Information Warrior is to exacerbate friction among upper management of a company. If certain sensitive and supposedly private information were acquired by our insidiously invisible detection equipment and "accidentally" leaked into the wrong hands, all members of the management team would suspect one another of being likely culprits.
Or if a customer's personal financial data were acquired from a bank's computers and properly leaked to the right people, the bank would be suspected of and possibly legally responsible for fiduciary irresponsibility. That it would lose a customer in the process goes without saying. While the press might not use such techniques itself, sometimes they don't know and don't care where and how information is obtained. Companies are embarrassed enough when stories appear on activities that aren't meant for public disclosure. Electromagnetic eavesdropping only provides one additional means to effect breaches of privacy and confidentiality.
According to Mark Baven, an editor at Government Data Systems, "In today's volatile financial market, where inside information can lead to millions of dollars of profits, a raid on a corporation's vital data . . . could be extremely worthwhile. The cost of implementing Tempest technology would be far offset by the potential savings that such security would provide."
The one thing we can be sure of is that the technology to listen in on computer leakage will only become better and better and cheaper and cheaper, just as all technology does. At one point or another, business is going to have to decide that its only protection against passive information interception is an active defense.
Notes, pp. 415-416:
1. ISP News, October 1992.
2. "Now! It Can Be Told," September 30, 1991.
3. Wim van Eck, "Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?" PTT Dr. Neher Laboratories, Leidschendam, Netherlands, April 16, 1985.
4. Ibid.
5. BBC Television, "High Tech Spies," produced by John Penycate.
6. Author interview with NSA-approved Tempest engineers, June 1991.
7. Author interviews with Bob Carp, November and December 1992.
8. "Beyond van Eck Phreaking," Consumertronics, 1988.
9. "CRT Spying: A Threat to Corporate Security?" PC Week.
10. Author interview with Don Delaney, November and December 1992.
11. Private conversations, May 1991.
12. "Eavesdropping on the Electromagnetic Emanations of Digital Equipment: The Laws of Canada, England and the United States," Christopher Seline, June 7, 1990. Privately distributed document.
13. Private conversations with NSA officials, November 1992, Washington, D.C.
14. David Johnston, "Tailed Cars and Tapped Telephones: How U.S. Drew Net on Spy Suspects," The New York Times, February 24, 1994.
Thanks to Winn Schwartau and Thunder's Mouth Press.
See full TEMPEST information at: http://www.eskimo.com/~joelm/tempest.html