[4541] in WWW Security List Archive
Re: ERM Surveillance Information
daemon@ATHENA.MIT.EDU (Jim Harmon)
Thu Feb 20 19:25:45 1997
Date: Thu, 20 Feb 1997 15:16:56 -0500
From: Jim Harmon <jim@telecnnct.com>
To: Bill Joynt <billj@i2020.net>
Cc: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
Appologies to everyone, as you read through this, you may see the
connection between Electronic Intellignece gathering and WWW Security.
I do, and that's why I'm taking the time to post.
Please forgive me if my association is a stretch...
Bill Joynt wrote:
>
> I've heard some about this. Apparently first developed by the
> military, then copied by a company. Apparently the moniter emmisions
> carry up to a block (one report said picked up by cables/wires). The
> company claimed to have a working model, and were able to eavesdrop on
> computers from financial institutions to government.
>
> Shielded moniters are available, I believe, although expensive.
> Doesn't sound like a practical threat yet, but I have talked to a few
> people who are fairly good authorities that say it definitely exists.
>
> Just my two cents.
> Bill Joynt
>
Having worked in the Military, and as a contractor to the Military for a
major company providing "Tempest safe" systems, I can't give you
specifics, but the generalities are public information.
First of all, any radiating device emits a "signature". That is, two
identical monitors will have two different signatures, due to location,
variation in components, Earth's magnetic fields, different types of
metal in contruction around the monitors, even the magnetic signature of
the person or persons around the monitor.
This signature is the actual pattern, frequency, and power of radiation
being emmitted by the device.
Historically, this has been a problem because the power requirements to
operate large vacuum-tube CRTs was much higher than now, and
consequentially tended to emit far greater amounts of energy.
At one time, a typical B&W television set in a livingroom in a farmhouse
in a fairly flat area could be identified and "tuned" into by someone
with the necessary antennae, amplifiers, wave modifiers, and
oscilloscope from over 5 miles away.
What that means is, that with simple equipment, I could watch your
television on my oscilloscope from the next town or farm, if I was so
inclined, and I would only have to know how far you were and in what
direction to tune into your set.
This naturally concerns governments and corporations, and the TEMPEST
program was the US Government's way to try and control (because you
CAN'T eliminate) the threat.
What the government learned above all else is that emissions in the
radio band of the ElectroMagnetic Spectrum (EMS) --the continuum of all
radiated energy from sound (0-20kHz) to microwave and beyond-- are not
necessarily stoppable in an uncontrolled environment.
Radio is a relatively narrow band of EMS...
You can overpower emissions with noise.
You can block emissions in a given direction with shielding (Radio
energy is directional, does reflect, and theoretically travels
forever--until blocked).
You can minimize emissions by filtering and/or optoisolation.
You can phase-shift a copy and "zero" the noise.
You can basically control the entire environment to the Nth degree.
Few of these is practical in mass-market driven commercial situations,
but be assured that we are both BETTER and WORSE off in regard to the
threat of "remote over-the-shoulder" spying today than 5 or more years
ago.
UP Side:
With so many displays in operation, a theif would have to be
either very lucky to find the signature of a specific device
to get targetted information, or be working inside the
organization to tune his equipment to the desired system.
The shielding of commercial monitors today is thousands of
times more efficient then monitors of 10, 15, and 20 years
ago, AND the technology is far tighter, so power, and
consequentially the volume/amplitude of radiated energy is
far lower.
The abundance of GUI information and graphics makes it harder
to pick meaningful information out of the duplicated screen
information.
The Inverse Squares Law of Radiation basically says that for
every meter of distance from the source, the power of radiated
energy is reduced by the inverse square of it's value.
I'm not real good with my math, but that's saying that
if your radio wave goes 5 meters, and the power was
10 milliamps at source, the power at 5 meters is
1/10*5^2mA or 1/250 milliamp
or- over 5 meters the relative power is
250 microamps (do I have that right?)
That means that the theif must have very sensitive equipment
to capture the weak image data, and very fast equipment to
reassemble a good display from the data.
The DOWN side:
The majority of video technology is more than 5 years old, so
has less efficient and higher power emissions/signatures.
Environmental control is VERY difficult.
Radiation travels though walls, ceilings, floors, people,
furniture, and glass, and for miles. Generally in a straight
(line of sight) path.
The signature of a CLASS is very similar, so if I tune to a
COMPAQ 17" monitor in my office, I can detect ALMOST any COMPAQ
17" monitor for about 1/4 mile by direction and minor tuning.
If I know what the target device is, I can get CLOSE to tuning
it without being near the target.
Just as the efficiency of monitors has improved, so has the
technology to capture the radiated data. On the positive
side, the reliability of capturing a signal diminishes with
distance (Inverse Squares), so a capture must be done fairly
close... within 1/4 - 1/2 mile. UNFORTUNATELY, the commercial
devices to capture the signal can be (and ARE) smaller than a
breifcase.
Just as the technology for capturing radiation is better, the
speed is tremendously improved, so it's easier to duplicate
displayed info, including graphics.
When you think about Electronic Intelligence gathering (spying) methods,
think about Cell, Mobile, and Portable Phones.
Please don't flame on open bandwidth. If you wish to discuss this
further, please contact me directly.
"This message has not been issued by or for my Employer, and is not
representative of the views of my Employer in any way."
--
Jim Harmon The Telephone Connection
jim@telecnnct.com Rockville, Maryland
