TEMPEST
An unmarked van slows and stops. The professional inside puts down his coffee and starts in on the day’s work: monitoring John Doe’s computer, 10 blocks away. John is busy working on his computer with the curtains pulled against the morning sunlight. The agent watches with great interest as John reads through the cryptography and privacy newsgroups, then downloads some fiction and does his on-line banking. Everything that flashes by on John’s monitor is videotaped for later review: the balance and payees of John’s checking account, some decrypted e-mail that John imprudently assumed was private.
Is this scenario making you take stock of what appears on your computer screen? We all indulge in vices large and small, mentally shrugging, “Who will ever know?” In everyday life, we usually manage to keep our transgressions secret, but when it comes to information flitting across our computer screens, the answer is that there are no secrets, thanks to a relatively new, obscure form of surveillance that’s a threat to your security. “TEMPEST,” which stands for “Transient Electromagnetic Pulse Emanation Surveillance Technology.” What it does is allow a simple scanning device to read the output from your monitor from up to one kilometer away. No one ever need enter your house to plant a bug or copy your floppies; it’s noninvasive and virtually undetectable. You won’t even know what hit you until all of your secrets are in the hands of your competitor.
How it works – straight forward: There is an electron gun in the back of your monitor which repeatedly fires electrons at your screen, causing different pixels to illuminate and form the text or graphics that you see. The gun sweeps rapidly up and down, sending an electromagnetic signal which constantly refreshes the information displayed on the screen. This signal doesn’t stop at the perimeter of your computer; it continues expanding outwards, seeping through the ether much like a radio wave. Exposed cables act as inadvertent antennas, transmitting the contents of your screen across your neighborhood. Information even travels back along modem lines and power cords, back into the walls and out into the world. These signals can be easily reconstructed. What’s more, a spy can differentiate between many different units operating in the same room. The signals don’t conflict or jam each other as one might suspect. Even identical units send out distinct signals because of slight differences in the manufacturing of various components. You may not think it, but your PC is hardly a self-contained unit storing information privy to you alone. In fact it as a small-scale broadcast station operating off of your desk.
A test was conducted by security professionals who built their own Tempest scanning device and took it for a test drive. We were able to view CRT screens at ATM machines, banks, a neighborhood Circle K, a doctor’s office. A bank itself was a wealth of information for anyone interested. An engineering center with open parking areas nearby with big glass windows was great, we even saw a man writing e-mail to his lover asking his lover to meet him out of town away from his wife. Titillating, but we like the industrial secrets better. While this kind of eavesdropping has been discussed in public, most are unaware of the ease with which others can virtually read their computer screen. The individual at home really doesn’t need to worry. The corporation that has something of value needs to be very worried.
Prevention
U.S.citizens and companies can purchase snoop-proof “Tempest-certified” computers for their own use. However, the high cost of such a secure system may be prohibitive to consumers. Even after doing this, information on how the computer was modified to meet the undisclosed emissions standards is top-secret. An affordable alternative to Tempest products, is called ZONE. “The ZONE alternative is a lighter version of the full Tempest program. The ZONE program is actually an endorsed program under NSA (the National Security Agency).” The cost of ZONE protection is significantly less than Tempest-certified units, but no definitive figures were forth coming. “We try to price our ZONE products at what we consider commercial prices.” ZONE products would be acceptable for the average commercial consumer’s privacy needs, which is good news for those concerned enough with security to purchase a new computer. The bad news is that you won’t have the highest level of security.
In the meantime, keep cables between components as short as possible, to reduce the length of cable that acts as an antenna. Use only shielded cable which is wrapped with metal to keep emissions within the sheath. Make sure that all computers and peripherals that they use meet the Federal Communications Commission’s Class B standard, which permits only one tenth the power of spurious emissions than the Class A standard. It is also recommended that users keep the cover on their computer, mount telephone line filter products at the jack of the modem, and to snap metallic ferrite beads over all cables so that offending electromagnetic emissions are used up in a heat sink instead of being released into the air.
Those who feel the need to protect truly valuable information can take further steps by altering the rooms in which they work. There are non woven composites, similar to wallpaper, that you can use to protect a room: The walls, the ceiling, the floors. Paste the stuff on the walls and then put paneling or regular wallpaper over it, and it pretty much makes the room secure. It blocks the electromagnetic emissions from going out. There also is translucent shielding similar to the sun tinting in an automobile that you can put on the windows.
The least expensive and easiest way to do it is electromagnetic moiré pattern masking. That’s a technique using an inline box that goes between the monitor and the video card on your PC. It creates an electromagnetic moiré pattern that for all intents and purposes would keep out everybody but the absolutely most dedicated and moneyed.
What’s more, the active-matrix screens now built into laptops operate without electron guns, and their emissions are much lower. When such screens are commonly used as desktop monitors the possibility for being spied-on will be lessened.
More information could be found at the time of this writing at
http://www.wired.com/news/print/0,1294,32097,00.html
http://www.newscientist.com/ns/19991106/newsstory6.html
