| Related sites for http://www.eskimo.com/~joelm/tempest.html |
| PeakStars A high speed, easy to use thumbnail explorer to organize, maintain, play and edit media files. [Windows 95/98/2000/NT] | | WebSpy Understand Internet usage from within your network. Increase productivity and reduce inappropriate web browsing. | | GTK-Wimp "Windows impersonator" is a GTK theme that blends well into the Windows desktop environment. | | Purple_Sun Manufactures the ISP-I customer experience monitoring system. Offering real-time ISP performance benchmarking from the end-user's perspective. | | RFC_0546 TENEX Load Averages for July 1973. R. Thomas. August 1973. | | KDE_Worldwide News of latest developments in international settings, and case studies of how it is used therein. | | Highway_Software Offers time management software. Includes online demo, screenshots and product manuals. | | Chilli_Source Developer of Database Design Studio, a tool for the design of a database using an Entity Relationship Diagram, and SQL Console, an interactive SQL console that connects to any database, using an ODBC | | Accountis Offers an online invoicing service that integrates with accounting software to allow clients to send out branded invoices. | | cpPARMS_com_-_Defined_Contribution_Compliance Provides 401(k) compliance testing software and services. | | Ray_Tracing_Introduction_from_SIGGRAPH A basic introduction to building a ray tracer, with some pointers to more advanced subjects at the end. | | Google_public_support_general_FAQ Answers to questions that appear especially frequently in this newsgroup. | | F_L__Kleinberg_&Co_ A source for StorageTek, other tape subsystems, also printbands, Streamstor and other peripheral spares. | | Turandot Simple score entry, professional printing, access to score library. Supports orchestral and guitar notation. | | Linux,_Without_Unix Brief article, long forum discussion of FullPliant operating system. [Slashdot] | | Quanta_Plus An HTML editor and a web development for the K Desktop Environment. | | Jimmy_Joe\'s_Joint Photographer, charactor actor, background artist, and graphic designer; located in Panorama City, California. | | The_EC_Erlang_Compiler_ Maurice Castro. Proceedings from EUC 2001, Stockholm. (ps) (September 28, 2001) | | Noteworthy_Web_Design Offers design, promotion, and graphics services. Based in Forest Lake, Minnesota, United States. | | searchASP_com Portal site with links, advice and a search engine designed specifically to search for application service providers. |
|
The Complete, Unofficial TEMPEST Information PageThe Complete, UnofficialTEMPEST Information Page Over seven years of public disclosure, and one-stopshopping for TEMPEST info... Across the darkened street, a windowless van is parked.Inside, an antenna is pointed out through a fiberglass panel.It's aimed at an office window on the third floor. As the CEOworks on a word processing document, outlining his strategy for ahostile take-over of a competitor, he never knows what appears onhis monitor is being captured, displayed, and recorded in the vanbelow. This page is about surveillance technology. If a search engine mistakenly led you here, try Shakespeare, Pontiacs, or Arcade Games. (Thegraphic on the right is the logo for the US Army Blacktail Canyon TEMPEST Test Facility.)THIS PAGE IS NO LONGER BEING UPDATED AND IS LEFT UP FORARCHIVAL PURPOSES. News & Updates skip the news and go to the introductionMarch 29, 2004 - Markus Kuhn has released what is thedefinitive (non-classified, available to the general public) research documenton TEMPEST and emanation monitoring: Compromisingemanations: eavesdropping risks of computer displays. This is Kuhn'sdoctoral thesis and is a must read for anyone who has a serious interest in thistopic.September 10, 2003 - There always seems to be some argument over whether TEMPEST is an acronym with deeper meaning, or simply a random codeword that doesn’t relate to anything. A reader who wishes to remain anonymous,with a lengthy career doing TEMPEST testing for the Air Force and later in the private sector, sent in this story on the"real" PG-13 origins of term:“One day when I was stationed at Lackland AFB (before we moved to Brooks), I answered the phone anda man on the other end told me that his major was looking through the phone book, and wanted to know what TEMPEST stood for. Being the wet behind the ears two striper that I was, I asked my NCOIC what I should tell thecaller. He took the phone, puffed out his chest and told the man that TEMPEST stood for "Tremendously Endowed Men Performing Exciting Sexual Techniques" and hung up. Needless to say, our major got a call from his major very shortly afterwards.”April 15, 2003 - Many thanks to "AgentHammer" and DanRobey for their independent English translations of Robin Lobel's FrenchTEMPEST research mentioned a few days ago (click on the above links to get thetranslations). The U.S. Air Force produced a TEMPEST security training videocalled "So You Think You're Secure." The video was declassified in1991 and "Shows measures used to prevent compromising of classifiedinformation during its handling by electronic equipment and explains purpose andapplication of Air Force Security Service's TEMPEST program." The video isavailable in the National Archives (ARC Identifier: 64336).April 8, 2003 - Robin Lobel has been doing some TEMPESTresearch over the past year and has published his results. The TEMPESTdocuments from the TurkishNational Institute of of Electronics and Cryptology mentioned in the lastupdate seem to have a vanished. Thanks to an astute reader who archivedthem, they're both available zipped together here(if you can spare some bandwidth, I'd appreciate someone volunteering amirror). John Young's Cryptome has a couple of TEMPEST-related nuggetsincluding an Air Force document on TEMPESTProtection for Facilities, a TEMPESTglossary, and an extensive collection of backgroundinformation (including court documents) on Frank"Spy King" Jones; who once was hawking "TEMPESTintercept" surveillance gear. I haven't been doing a great jobkeeping up with TEMPEST-related job submissions. Here's a promise toimprove, with a recent"wanted" ad submitted in March finally posted.January 26, 2003 - It's been awhile since I've updated thesite. I've been writing a book called "Secrets of Computer Espionage:Tactics and Countermeasures" which has been seriously consuming a largeamount of my time. The book will be published by Wiley in June, and has asection on TEMPEST along with a number of other interesting tidbits (sketchydetails on it, which will be updated soon, are available here). Look for an update to this site in the coming months when I finish thebook. In the meantime, here's some recent TEMPEST-related links that havecrossed my desk. Two great TEMPEST research papers from the TurkishNational Institute of of Electronics and Cryptology (TÜBİTAK UEKAE),including: InformationExtraction from the Radiation of VDUs by Pattern Recognition Methodsand SignalProcessing Applications for Information Extraction from the Radiation of VDUs. Noted TEMPEST expert Bruce Gabrielson now offers a completely unclassifiedTEMPEST design course and is selling CD-ROM versions of his book, "Hardwire and Cable Design in SecureCommunications." Check his sitefor more info.March 22, 2002 - Slashdot has interestinglinks and commentary on conductive concrete being used as electromagneticshielding for buildings. March 5, 2002 - Joe Loughry has authored and released afascinating paper on what he calls "OpticalTEMPEST." To quote the introduction, "A previously unknown form of compromising emanations has beendiscovered. LED status indicators on data communication equipment, under certain conditions, are shown to carry a modulated opticalsignal that is significantly correlated with information being processed by the device. Physical access is not required; theattacker gains access to all data going through the device, including plaintext in the case of data encryption systems. Experiments showthat it is possible to intercept data under realistic conditions at a considerable distance. Many different sorts of devices, includingmodems and Internet Protocol routers, were found to be vulnerable." At least the black, electrician's tape is a cheap countermeasure. Later inthe day, Markus Kuhn released a paper entitled OpticalTime-Domain Eavesdropping Risks of CRT Displays. To quotefrom the conclusion, "The information displayed on a modern cathode-ray tube computer monitor can be reconstructed by an eavesdropper from its distorted or even diffusely reflected light using easily available components such as aphoto-multiplier tube and a computer with suitably fast analog-to-digital converter." Kudos to you both gentlemen. Excellent research.February 25, 2002 - The Complete, Unofficial TEMPESTInformation Page is back. I took the site down around the first of the yearand had John Young archive it at cryptome.org. However due to popular demand and some time freeing up, I've decided to continuewith updates. - A new Help Wantedsection has been added for companies, agencies, and recruiters looking for folkswith TEMPEST/RFI/EMI experience. If you're trying to find an engineer,send me your requirements and I'll post them. No guarantees on successfulleads, but this site does generate a fair amount of traffic, and for now theservice is free. - A couple of years ago Frank Jones, AKA "SpyKing" was hyping supposed TEMPEST surveillance products. You may beinterested in his conviction andprobation papers. - TinFoil Hat Linux is a single floppy-based distrowith a variety of privacy features, including some unique"anti-Tempest" features. Review here,download Web site here.December 30, 2001 - From an anonymous UK source: "1. GCHQ in the UK is the #1 monitoring place for TEMPEST, they HAVE NOT scaled down any business to do withTEMPEST and now even use their techniques for corporate applications. They are STILL the first port of call ofthe Ministry of Defence for any queries. 2. The GCHQ standard (BTR) is the bible for the UK Military with regard to installations that may negateTEMPEST emissions, mainly due to good practices and safe areas around antenna andcryptographic equipment, also JSP440 is a watered down version of the standard that also covers computer security which is available to allCIDA's (Installation Design Authorities) within the Ministry. CIDA is one of the main 'businesses'within the MoD. Stories... these I have 'heard' from people in the know and witnessedmyself:Whitehall, LondonA Ford Transit van was converted to carry an entire Tempest test kit including antennas and terminals. Thiswas parked on the road outside the building. The antennas were able to pick up the Telephone emissions fromall areas of the building, including 'Shielded' areas due to the pre-1970 external telephone wiring, and asall conversations are routed to the local telephone exchange before encoding, this posed a major securitythreat. Also, static CRT images were reformed on the terminals within the van.(I have also witnessed this whilst attending a TEMPEST course at GCHQ.)GibraltarAn old 'story'. There is one main transmission site on Gibraltar where all of the signals to the passing allied fleets are sent (also submarine signals). These are coded within the building then transmitted via antenna and satellite. However a number of 'unfriendly' vessels (mainly Russian registered trawlers) werehovering near to the shore by the chain link fence. The comms officer got curios and asked for a TEMPEST checkto see if they were picking up any signals. A test proved that the fence was picking up uncoded signals that were emanatingfrom the large capacitors used in th encoding process. The fence then acted as an antenna and the unfriendlies werereceiving uncoded signals. The station was closed down immediately.Interference and Non-intentionally Interception.Modern digital mobile phones are the current enemy of the UK teams. Mainly as the signal can act as a carrierwave for any radiated signal. Also, it has been noted, that people making Mobile calls at the end of therunway at RNAS Yeovilton can eavesdrop on the tower and pilot conversations. Another 'story' tells how a British Telecom engineer was testing a mast when his laptop screen started to fillup as if the computer was typing. What had actually happened was that the voice recognition software on hislaptop had detected the radiated signal from the mast during decoding and regeneration and displayed it on thescreen as plain text.August 3, 2001 - TEMPEST mentioned in James Bamford's "Bodyof Secrets" book (NSA tell-all, follow-up to The Puzzle Palace).Specifically, ship implemented eavesdropping on Cuba. Ross Anderson also has alengthy section on emissions security in his new book "SecurityEngineering." (I recommend Anderson's work to anyone interested insecurity systems - from ATMs to art galleries to EMSEC to crypto. This book isdestined to become a classic.) NSA's onlineTEMPEST Endorsement Program has recently been updated. SANS Institute (thesecurity folks) have a nice, concise TEMPESTFAQ (my only complaint is the reference to CodexData Systems). Some good info on BEMA'sTEMPEST shielded tents (lots of interest in these at the recent SpecialOperations Command Show and Conference). National Security TelecommunicationsInformation Systems Security Committee Maintenanceand Disposition of TEMPEST Equipment (PDF format dated December 2000). Andfinally the Nicodemo Scarfo trialis underway, and the outcome will definitely have an impact on the future oflegal electronic surveillance. Stay tuned...January 14, 2001 - JohnYoung has released a FOIA version of NACSEM 5112, NONSTOPEvaluation Techniques. This is the first public document tocome to light on NONSTOP surveillance techniques. The documenthas been heavily redacted. We do know NONSTOP testing is verysimilar to TEMPEST testing. In SideChannel Cryptanalysis of Product Ciphers (Postscript format),John Kelsey, Bruce Schneier, David Wagner, and Chris Hallspeculate that NONSTOP and HIJACK refer to the compromise ofcryptographic devices through nearby radio transmitters (such asa cell phone, handheld radio, intercom). One of the moreinteresting things about the document is toward the end. "Itis further noted that UNCLASSIFIED information concerning NONSTOPshould not be discussed or made available to persons without aneed-to-know. No information related to NONSTOP should bereleased for public consumption through the press, advertising,radio-TV or other public media." The original documentcame out in 1975, and has gone through several updates.January 1, 2001 - JohnYoung has received eight more TEMPEST-related documents fromhis October 1999 NSAFOIA appeal. The printing in the documents is in pretty poorshape, so text is being hand-typed. Currently available documentsinclude: NSTISSAMTEMPEST/2-95, 12 December 1995 - "Red/Black InstallationGuidance", SpecificationNSA No. 94-106, 24 October 1994 - Specification for ShieldedEnclosures, NACSIM5000, 1 February 1982 - TEMPEST Fundamentals, and NSTISSI 7000, 29November 1993 - "TEMPEST Countermeasures for Facilities."(This last document is especially interesting in that it revealsthe U.S. Government keeps a list of countries it views as havingthe ability and motivation to conduct TEMPEST attacks on U.S.interests. Censors did a bad job of blacking out the text in this1995 document, and 12 of the 25 countries are identifiable.Including: Singapore, Norway, Hungary, Netherlands, Taiwan andsome big industrial states that are known to dabble in economicespionage.) The remaining documents will be added as John hasthem transcribed.December 10, 2000 - FrenchSCSSI TEMPEST site, TEMPEST history, Ft.Huachuca Blacktail Canyon logo, fixed www.dtic.mil links (anastute reader pointed out that the "dead" DoD dticsites on the TEMPESTSources page could be revived by changing the domain - thanksRob!).December 6, 2000 - Over the past four years atremendous amount of information has come to light on TEMPEST andrelated topics. So much that even though the page had nographics, it was taking a couple of minutes to load on slow, dial-upconnections. To celebrate the site's four year birthday, I'vesplit it into four pages so it will load a bit faster. - CNETNews reports on the Feds using a bugged keyboard to snag aPhiladelphia mobster who was using PGP. I've been telling clientsfor years that this is a significant risk. In most cases it'smuch easier to do a "black bag" job on a target andinstall key monitoring software or hardware (or even hide awireless CCD camera positioned to transmit what's being typed onthe keyboard or appearing on the screen), than deal with strongencryption. Although the risk of discovery is obviously higherthan a TEMPEST intercept, the lower cost and fewer requiredtechnical skills make this a much more likely attack option. Introduction to this SiteIf you're even vaguely familiar with intelligence, computersecurity, or privacy issues, you've no doubt heard about TEMPEST.Probably something similar to the above storyline. The generalprinciple is that computer monitors and other devices give offelectromagnetic radiation. With the right antenna and receiver,these emanations can be intercepted from a remote location, andthen be redisplayed (in the case of a monitor screen) or recordedand replayed (such as with a printer or keyboard). TEMPEST is a code word that relates to specific standards usedto reduce electromagnetic emanations. In the civilian world,you'll often hear about TEMPEST devices (a receiver and antennaused to monitor emanations) or TEMPEST attacks (using anemanation monitor to eavesdrop on someone). While not quite togovernment naming specs, the concept is still the same. TEMPEST has been shrouded in secrecy. A lot of the mysteryreally isn't warranted though. While significant technicaldetails remain classified, there is a large body of open sourceinformation, that when put together forms a pretty good idea ofwhat this dark secret is all about. That's the purpose of thispage. The following is a collection of resources for betterunderstanding what TEMPEST is. And no, I seriously don't thinknational security is being jeopardized because of thisinformation. I feel to a certain extent, the "securitythrough obscurity" that surrounds TEMPEST may actually beincreasing the vulnerability of U.S. business interests toeconomic espionage. Remember, all of this is publicly available.A fair amount has come from unclassified, government sites. Up tothis point, no one has spent the time to do the research and putit all together in a single location. References marked with an (X), are good primary sources. If you just readthese, you'll end up with an excellent overview on TEMPEST-relatedtopics. References marked with an (O) arereported dead links. These pages may be temporarily orpermanently unavailable. Dead links are left for reference sake (youmay want to check the main domain name or do further searchingwith AltaVista, etc.). It's interesting to note the number ofmilitary sites that now report 404 - Not Found or ForbiddenRequest errors for certain documents. The site content is listed below. There are three pages inaddition to this one. Introductionprovides detailed background info on TEMPEST. Sourcesprovides links to hardware manufacturers, software vendors, andspecific government documents. Miscellaneousis comments from readers and other things that don't fit in theother pages.Note: As you start viewing TEMPESTinfo, you likely will run into vague or confusing acronyms. Agreat Net resource is the AcronymFinder site. Happy reading!Joel McNamara - joelm @ eskimo dot com (spam filter)Original page - December 17, 1996 - Last update March, 2004 Site ContentsIntroductionto TEMPEST |
|
