Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Coming to a Desktop near you: Tempest Capabilities

Hemos posted more than 14 years ago | from the fun-with-van-eck-phreaking dept.

Technology 111

AftanGustur writes "New Scientist has an interesting article about a new toy we will all want. It's a card that plugs in one of your PCI slots and allows you to scan the EMF spectrum and read your neighbours terminal. In about 5 years you might be able to get one for just under £1000. (Modern Tempest Hardware costs about £30000) " Excellent. Now I won't have to read over Rob's shoulder all the time.

cancel ×

111 comments

Sorry! There are no comments related to the filter you selected.

Laptops and Tempest (1)

doobie (2546) | more than 14 years ago | (#1553173)

I thought you guys all had those Sony Viao's? The tempest wouldn't be too useful on those things...the LCD's don't give out EMF....

Re:first (0)

BadERA (107121) | more than 14 years ago | (#1553174)

oooops. don't you just hate when you're a little premature in thinking you first posted?

Tempest (0)

Anonymous Coward | more than 14 years ago | (#1553175)

I thought that Tempest was the name given to the computers that were able to resist extreme conditions like put it out of a freezer, roll it in the sand of Sahara, turn it on : it runs !

What's the name for this kind of stuff ?

Another Microsoft conference (3)

blogan (84463) | more than 14 years ago | (#1553176)

"Microsoft announced this morning that it did not design it's keyboards to emit to the EMF spectrum, allowing the NSA a backdoor into your computer. They place the blame on physics."

Re:Tempest (1)

BadERA (107121) | more than 14 years ago | (#1553177)

"ruggedized" or military spec (milspec)

Re:Laptops and Tempest (2)

jd (1658) | more than 14 years ago | (#1553178)

Any unshielded electrical device with a variable current (including LCDs) will give out EMF radiation. It's the nature of the beast.

For that matter, light is EMF radiation, so unless you have your LCD in a coal-mine, it's reflecting EMF all the time it's switched on.

Then, there's the fact that screen monitoring isn't the only monitoring you can do. I used to use a radio, tuned into the bus for the PET, as a sound card. Worked surprisingly well, for all that very clunky metal shielding. What's to stop a much higher-quality receiver from seeing the data, in an unshielded box, being sent TO the LCD, or to any other device on the machine?

It's a mistake to assume that Tempest technology is single-function and that that single-function only works in a single situation.

Re:first (0)

RipRidah (105616) | more than 14 years ago | (#1553179)

damn site loaded too slow i swear!!

Keyboard Eavesdropping... (2)

jarv (22298) | more than 14 years ago | (#1553180)

Pattern of keystrokes? I'd bet it's possible to really confuse the individual spying on you via the typing patterns monitor method...
Use a Dvorak :P

Re:Tempest (1)

Simoriah (23380) | more than 14 years ago | (#1553181)

I believe the term you're looking for is "rugged reliability" ;)

More Information (3)

Plasmic (26063) | more than 14 years ago | (#1553182)

Already, a few people have posted expressing their misconceptions about what TEMPEST is. In a nutshell, it's the process by which radiation given off by electronic devices can be captured and analyzed in order to gather information about what that device is doing.

A good example of how it can be used was given during the October 1996 episode [thecodex.com] of Discovery Channel's "Cyberlife" show.

A couple other decent sites with more information about TEMPEST are:
The Complete, Unofficial TEMPEST Information Page [eskimo.com]
TEMPEST monitoring in the real world [thecodex.com]

5 Years (3)

SamIIs (65268) | more than 14 years ago | (#1553183)

In about 5 years you might be able to get one for just under £1000.

In about 5 years, I expect to have a flat-screen (19"). These don't work on LCD, do they?

Also due in about 5 years...
**A robot that cooks and cleans and has a cute, cartoon personality.**
**Cars that fly**
**One supreme Linux Distro**
**A final end to the DOJ MS trial**

Hat=Old (1)

omarius (52253) | more than 14 years ago | (#1553184)

This technology has been around for a long time -- the issue is really the same old technological same old: miniturization, dropping prices, and better software.

I can see a future where either:

  • Strong encryption is applied to everything, from applianceware to monitors to PDAs
    or
  • Everyone will be paranoid all the time
    or
  • all of the above.

Echelon, hell. Beware thy neighbor. Shame, iddnit?

-Omar

Legal stuff (1)

zero-one (79216) | more than 14 years ago | (#1553185)

What is the legal side of this like?
Is it legal to use this kind of equipment, and if so, what is it legal to read?

Random number generating keyboard warriors (2)

Plasmic (26063) | more than 14 years ago | (#1553186)

I'm concerned with the following paragraph from the article [newscientist.com] :

And keyboards are also troublesome. They rely on a scanning signal, which radiates the pattern of keys being pressed. So the patent suggests using a random number generator to continually distort the scanning signal.

That's one of the the most vague things I've ever read in my life. That's like saying "I didn't want anyone to see me when I robbed the bank, so I used a random number generator to distort the police radio signal." It's apparent that they have some particular application of a random number generator in mind and that it is probably effective, but how on earth it's applied is neither implied nor apparent.

Does any have a clue what they're referring to?

Isn't it a little hypocritical . . . (1)

gnarphlager (62988) | more than 14 years ago | (#1553187)

. . . to go on and on about privacy and security for ourselves, and then start jumping at a chance to spy on everyone else? Not that I don't want one myself, mind you (though the "respectable" reason is to reverse-engineer and protect myself), but it kinda seems silly to think that way.

The truth of the matter is still the information war. We don't object to the act of spying, we just want to make sure WE'RE doing the spying, not the guy next to us.

Predicatable retro-gaming joke... (2)

slim (1652) | more than 14 years ago | (#1553188)

This is old news.

I have an Atari Jaguar with Tempest capabilities...
--

anti-tempest wallpaper (1)

bonbonne (99698) | more than 14 years ago | (#1553189)

I've seen that people invented a coat that will be used in the planes to isolate the cockpit, allowing you to use your notebook during takeoff and landing. Maybe I should put it all around my room. But I don't think my TV will still work after this re-styling.

Arrrrgh! (0)

Anonymous Coward | more than 14 years ago | (#1553190)

it's keyboards
It's is not, it isn't ain't, and it's it's, not its, if you mean it is. If you don't, it's its. Then too, it's hers. It isn't her's. It isn't our's either. It's ours, and likewise yours and theirs.
-- Oxford University Press, Edpress News

Suggestion (1)

Foogle (35117) | more than 14 years ago | (#1553191)

I know, I know, it's not possible...

Even still -- in this light, I'd like to get anti-aliasing integrated into my X server. We've still got some time, anyway.

-----------

"You can't shake the Devil's hand and say you're only kidding."

Tempest shielding (1)

yabHuj (10782) | more than 14 years ago | (#1553192)

While it is not as difficult to scan a computer ("tempest" style), it is not that difficult to shield a computer.

LCDs / laptop displays are a first step to reducing possibly compromising signals. LCDs work with a much lower signal level than CRTs (thus lower emissions) - but while they are harder to scan LCDs it still is possible.

The only way to prevent emissions is to shield the computer. L0pht had pictures of a do-it-yourself shielded computer about a year ago, but I was not able to find it again (shielded too well, eh?). While the CRT is the foremost target for shielding (because its emission levels are the highest), one has to shield all and everything.

Shielding with metal enclosure AND mu-metal (for magnetic shielding): CRT, CPU box, printer, modem.

Shielding with metal enclosure should be enough: keyboard + mouse - a trackball might be better because of heavy/stiff shielded cables,
connecting cables (any - video, printer, serial, network).

A big no-no are radio keyboards or mice - or wireless LAN. The reason should be obvious.

Not that obvious are "leaks". Do not forget to cover floppy + CD-rom doors with a radiation lock (at least a proper door) - and build radiation locks / traps / grids for ventilation in- and outputs.

Practical side-effect of a highly shielded PC: it mutes (compromising) radiation as well as (ventilation/hard disc) noise. A good workstation is quiet - in both, EMF and noise emissions.

Re:Hat=Old ; paranoia=warranted (1)

gnudot (79462) | more than 14 years ago | (#1553193)

Cyber-cops already exist, with the proliferation of inexpensive Van Eck monitoring you will see mercenaries(similar to the information gatherers in Stephenson's Snow Crash) offering their contracted services to law enforcement agencies. This may benefit those of us who do care about privacy by speeding up the development of countermeasures. -Matt

Re:Keyboard Eavesdropping... (1)

Beede (105094) | more than 14 years ago | (#1553194)

Use a Dvorak

That would probably take nearly as long to figure out as the Cryptoquip in the morning paper. If someone is going to the trouble to sniff your keyboard, assuming they can't solve a monoalphabetic substitution is wishful thinking.

Now, if you put a one-time pad in the keyboard driver, you could fool them. Of course, it would slow your typing down a little, but you'd probably get good at it eventually. Might even break 1wpm....

Re:Random number generating keyboard warriors (2)

PD (9577) | more than 14 years ago | (#1553195)

Keyboards scan in the same pattern, all the time. If you know the pattern, then you just get the timing of the keyclicks and from that you can figure out what keys were pressed.

Instead, keyboards should be scanned in a random pattern, and the time of keyboard clicks will not be helpful to determine what key was struck.

Re:Random number generating keyboard warriors (2)

slim (1652) | more than 14 years ago | (#1553196)

Sure. Maybe.

Both keyboard and PC share a (pseudo) random number algorithm. When you power on, they negotiate a seed. At every keypress and/or clock tick, they both move on to the next random number, which will stay in sync. Keypresses are XOR'd with the random number before transmission.

Hence, the snooper needs to work out what the pseudo-random number algorithm is, *and* calculate the seed, in order to glean information from the RF emitted by your keyboard.
--

Oh yeah sure .... (1)

taniwha (70410) | more than 14 years ago | (#1553197)

We're all going to go out and buy one right? The market for eavesdropping equipment that does this sort of thing is so small that there are no economies of scale .... the prices will not come down because the cost of the hardware is probably miniscule compared with the R&D.

Tempest isn't exactly foolproof (2)

scrytch (9198) | more than 14 years ago | (#1553198)

Did you know that you can do tricks with antialiasing in your fonts to change the text on your screen as it appears to a tempest scanner?

tempest isn't there to read text off your screen. it's there to show that your screen is on in the first place and that it's doing something, and that something matches patterns kind of like typing. so if you say "i was in bora bora the day that system was cracked" they can ask you, "then who was typing on your computer?"

Tempest Attacks (2)

Evil Greeb (47931) | more than 14 years ago | (#1553199)

I remember being in a Ross Anderson lecture where he demonstrated how by filtering out the top 30% frequency, you could hide your information from a Tempest scanner. PGP 6.0.2 apparently does this, so if you're worried about the government decrypting your transmissions then maybe you should use that!

Also, he demonstrated displaying one thing on your screen, and another thing on the attackers screen, which has the potential to be used two ways: either to foil an attacker, or the possibility of a Tempest virus, which secretly transmits your cryptographic key to the white van waiting outside, while displaying something else altogether on your screen!

Ross Anderson's homepage [cam.ac.uk] has links to his papers on this topic.

Hardware Advanvements (1)

Baccus (101036) | more than 14 years ago | (#1553200)

Yes the fact that we may all have flat screen monitors (40 inches wide) which dont emmit emf does limit this and hell i wonder if it has a sensitve enought microphone for capuring speach recogonition. But there are always going to be scurity issue. The data still has to be transefered via metal cables and these are great from giving out loads of emf. Your picture doesn't magically jump to the screen yet. As for the hardrive issue, arn't we all going to have holographic storage by them? Or will we be waiting for the linux4.2 drivers :o) -my tupence (I'm english I'm afraid)

You are an idiot. (0)

Anonymous Coward | more than 14 years ago | (#1553201)

.

I don't get it. (0)

Anonymous Coward | more than 14 years ago | (#1553202)

..

I use Dvorak, you should too you idiots. (0)

Anonymous Coward | more than 14 years ago | (#1553203)

Die.

Re:5 Years (1)

Florian H. (6933) | more than 14 years ago | (#1553204)

You forgot to mention:
** Another MacWorld keynote by Apple interim CEO Steve Jobs

Re:5 Years (1)

Gid1 (23642) | more than 14 years ago | (#1553205)

Well, for the robots and the flying cars, I swear we were promised them in roughtly one and a bit months.

And where's our bloody moonbase?

Re:Random number generating keyboard warriors (0)

Anonymous Coward | more than 14 years ago | (#1553206)

Naw. The criminal just has to know the algorhythm you use to generate the random numbers, have the sequence it generates available as a reference, and then 'sync up' to it. Remember, your 'seeded' algorhythm is really a completely non-random deterministic pattern generator. That might be a problem for 'real time' capture of your keystrokes, but it's trivial to decode recorded key sequences by such means. Probably all the telemetry data gets qued up and decoded periodically at much faster than real time.

Mate, the .gov will tell you what's legal. (0)

Anonymous Coward | more than 14 years ago | (#1553207)

Is it legal to use this kind of equipment, and if so, what is it legal to read?

Let's see. TEMPEST was a project from the US .gov. So TEMPESTing stuff under certain circumstances must be legal in some way.

About the second question. Well if you can TEMPEST-scan... the current laws might allow you to scan about everything you can figure out.

That's "great". I mean, I'm no paranoid. I just like to sleep with my eyes wide open.

Yet another stupid AnonCow that forgot his/her passwd.

Re:5 Years (1)

GoRK (10018) | more than 14 years ago | (#1553208)

Sorry to say it, but yeah, an LCD can be used to snoop on you too. So can your keyboard. So can your hard drive; processor; printer; scanner; etc. Pretty much any computer part that has electricity running through it is a security hazard when it comes to this kind of stuff.

Read some of the articles on the Complete TEMPEST Information Page [eskimo.com] if you want to really scare yourself. Convieniently, there are also links to companies there who produce TEMPEST-spec computer equipment and peripherals.

~GoRK

Re:Tempest (0)

Anonymous Coward | more than 14 years ago | (#1553209)

I thought Tempest was the actress on the cosby show who played the middle daughter (Vanessa). What does she have to do with technology?

YES :) (0)

Anonymous Coward | more than 14 years ago | (#1553210)

Another great reason why I'm glad I converted a win98 laptop to OpenBSD :D

No tempest, and ultra-security

Re:Laptops and Tempest (1)

doobie (2546) | more than 14 years ago | (#1553211)

I've seen some Tempest technologies in action, I know its more than just a single function. However wouldn't the distance on a laptop lcd is considerably less than a CRT, because of the differences in scales of the energy involved in each of them? If CRT's can be captured at distances of 1000 yards, wouldn't a LCD be more like 10, maybe 100 yards?

I had a friend who used to scan frequencies to hear the noise from various devices. He always had a hard time finding the frequency of a laptops LCD, but he never had a hard time finding frequencies given off by cpu's, crt's, people, and other electrical devices.

Re:5 Years (0)

Anonymous Coward | more than 14 years ago | (#1553212)

Cars that fly? Why call them car then? heh

Re:More Information (1)

GeorgeMcBay (106610) | more than 14 years ago | (#1553213)

Already, a few people have posted expressing their misconceptions about what TEMPEST is. In a nutshell, it's the process by which radiation given off by electronic devices can be captured and analyzed in order to gather information about what that device is doing.

To be completely anal about it, TEMPEST is actually the set of standards and practices to stop people from being able to eavesdrop on you using the technique you mentioned. The actual process of doing it is often refered to as "Van Ecking" or "Van Eck Phreaking" after Wim van Eck, who brought the issue in front of the public (read: non-spook circles) in a paper written in 1985.

Another thing (1)

Snock (6425) | more than 14 years ago | (#1553214)

Don't forget about your printer. Security ratings have been denied because a 'W' sounded different than a 'Y'.




To see some pictures of a real TEMPEST shielded PC take a look at some of the old IBM PC/XTs they have at http://www.meco.org. Last Friday I saw a pretty rare SPARCstation. It was a TEMPEST shielded SPARCstation 2. Really heavy machine and a bit larger than a normal SPARCstation 2 due to the shielding. The floppy and power switch were located behind a 1/4" solid aluminum door on the front panel. It was used by the Navy. Maybe next time I'll pick it up and take some pictures. The thing has got to be a rarity.

Re:Laptops and Tempest (2)

jd (1658) | more than 14 years ago | (#1553215)

The fall-off is proportional to the square of the distance (ahhh! physics! :). I don't know what the threshold for detection is, with a modern Tempest device, but if you know the threshold and the energy output, you should be able to calculate the maximum range.

You're right, of course, a laptop won't be detectable at the same range as a CRT, but the actual range isn't fixed, as the radiation doesn't just stop.

(eg: If you rigged up Jodrel Bank to a Tempest device, you'd probably be able to capture an LCD on the moon, with only minimal distortion. Jodrel Bank's resolving power would be the key factor there, rather than signal strength.)

Using a primitive, unfocused arial, a low-power amplifier, and minimal screening, you're probably right on the estimates - 1000 yards for a CRT and 10 yards for an LCD sound about right. Rig up a squarial or a satellite TV dish, beef up the amplifier, and improve the screening and you can probably add at least one, maybe two, orders of magnitude.

computing in a vault (1)

leonids (102892) | more than 14 years ago | (#1553216)

What now? Everyone builds a lead/iron box in his backyard and stuff all our electronic equipment into it? Might as well enclose our whole house in it. Might help twart off robberies and stuff. Maybe add a couple of turrets and reinforce it.

And viola! We have the ultimate personal fallout,bomb,terrorist,privacy shelter.

Beats the purpose of living.

Space:1979 (1)

Pope (17780) | more than 14 years ago | (#1553217)

And where's our bloody moonbase?

have you looked at the date lately?
It disappeared after a big explosion a couple of months ago.

Come on, lad, get with it! :)

P


Pope

Re:Laptops and Tempest (0)

Anonymous Coward | more than 14 years ago | (#1553218)

The best commercial receivers have a sensitivity of about 1E-8 watts. do the physics and it's easy to foil this category of eavesdropper. If they have a squid you are playing in the major league and all bets are off..

Re:Tempest (1)

visigoth (43030) | more than 14 years ago | (#1553219)

It was mostly about shielding a computer to reduce emissions. All the cases were "ruggedized" (heavier construction, lots of screws) with copper mesh shielding inside the case near seams and openings. The systems were "Tempest certified" to indicate EMR emissions from the cases were reduced below certain thresholds.

Wasn't proof against extreme conditions, though -- I accidentally knocked a cup of coffee into an unpowered keyboard once, was a royal pain to clean up (I counted some 50 screws just for the keyboard case.)

Can you jam Van Eck emissions? (2)

Kaa (21510) | more than 14 years ago | (#1553220)

Shielding one's computer is very cumbersome. Is it not easier, knowing the exact frequencies where your electronic components leak data, to just add a small white-noise transmitter that will jam the needed frequencies? If you want to get sophisticated, it can analyze your emissions in real-time and generate the correct noise to cover/distort them...

But in any case, local jamming should be much simpler/cheaper than shielding. Anybody knows if this is a viable option and if not, why?

Kaa

Re:Random number generating keyboard warriors (0)

Anonymous Coward | more than 14 years ago | (#1553221)

Circuitry clocked by an oscillator (square waves)
will kick out a shed-load of harmonics all the
way up the radio spectrum.

To disguise the signals, the clock oscillator can
be (this is the patented bit, I believe) modulated
to spread the signal out. Feed a white-noise signal
to the modulator and all the unwanted radio radiation
spreads out into seemingly random noise not easily
monitored.

+AndyJ+

Re:5 Years (0)

Anonymous Coward | more than 14 years ago | (#1553222)

"Car" is actually short for carriage.
You're still being carried, even if you're flying.

also :

"Bus" is short for omnibus

"Taxi cab" is short for Taximeter Cabriolet (!)

Different ways of displaying? (1)

mOdQuArK! (87332) | more than 14 years ago | (#1553223)

Hiding the keyboard signals seem to be reasonably easy to solve - I dunno about the signals coming off buses & disk drives (the only practical way to hide these might be to use a shielded case).

As far as the monitor information is concerned, what if the display was generating by modulating a "white noise" signal? In other words, you start out with a white noise signal, & direct it preferentially toward different parts of the screen to vary intensity (I'm assuming you could deal w/color issues in this somehow).

I guess this would be like the old vector-tracing scopes, except the phosphors would probably decay a lot more rapidly, allowing the pictures to be to be changed more quickly. The random nature of the base signal might make the picture a little more "fuzzy" (depending on the precision of the modulation electronics). As a good benefit, you wouldn't have any problems with refresh rates - since a "refresh signal" wouldn't really exist.

Spy equipment should be illegal. (0)

Anonymous Coward | more than 14 years ago | (#1553224)

Tempest equipment should be illegal as it amounts to unreasonable search and seizure; worse because the victim doesn't know he's being violated. Radio scanners that pick up cellular calls are illegal and so should Tempest stuff.

Re:computing in a vault (1)

dingbat_hp (98241) | more than 14 years ago | (#1553225)

I once worked in one of those things for a month. Yes, there were chaps in green outside guarding us with rifles and big dogs too.

Despite the fact that the Tempest shielding manual read awfully like Reich's instructions for building an Orgone Accumulator, I continually felt like crap. I never saw daylight, I breathed more ozone than orgone, and Navy issue coffee is the worst stuff anyone ever fed coders on.

Re:Random number generating keyboard warriors (1)

Signal 11 (7608) | more than 14 years ago | (#1553226)

Maybe they're planning on using spread-spectrum techniques with a "random number" to seed which frequency it uses, or similar.

--

Faraday Cage Time (1)

deranged unix nut (20524) | more than 14 years ago | (#1553227)

I'm glad that I have some old 386 cases that have 20 pounds of steel in them.

Now I just need to slap some ferrite cores on all of my cables, make sure all my power runs through an active UPS, and turn my computer room into a faraday cage. ;)

Unfortunately, this is no laughing matter.

It is actually slightly frightening that the price of this technology is dropping, if anyone can save up and buy this type of device, nothing is safe.

I know that my bank does not use tempest resistant equipment. Here's a scenario: Thief leaves a tempest scanner in a lunchbox computer (mostly shielded of course) in his car that happens to be parked next to the bank or a vulnerable atm machine....a week later he records the acct#s to mag cards and writes a list of pins. Then in person, at an ATM that dosen't have a camera (yes there are a few of those still out here in rural america) and empties the machine.

Another scenario: Snoops watch neighborhood computer use and start extoring money out of people that look at naughty porn.

Another scenario: A small startup firm is cash strapped, but has developed a crucial piece of software for this new technology. Snoops lift the software, business plan, and pricing scheme out of the startup's computers. Well funded snoops beat the startup to the punch and the startup goes out of business.

A scenario that would be very likely: A competing local company pulls a customer list off of your computer, along with your price list, vendor list, and all of your other vital information.


It changes the picture completely. I can secure my computers to a reasonable extent, but can my Bank, ISP, Phone Company, Power Company, Credit Card company, etc.

Then again, we could just drive past microsoft and grab a copy of the source code for windows too!

Who is vulnerable to tempest? (1)

superape23 (56097) | more than 14 years ago | (#1553228)

I mean it's not like packet sniffing. It is too expensive to go around van ecking script kiddies and other kinda low level computer criminals. To me the main application of this is industrial espionage. It's kind of a cool spy type thing and if it makes it into the main stream media we can probably expect a james bond movie mention.

But I have a hard time believing that this is really a threat to my right to privacy at least for the moment. This card certainly would be if someone really wanted to see me entering my pin in an atm, or my credit card number when I was buying at amazon or whatever. But that's not really an issue of rights or whatever, it just means that petty criminals are going to have access to this technology and then the nightly news will have something new to stir up paranoia about and every company will make a tempest shielded laptop for everyone and then nothing will come of it.

I'm afraid that this is not really about rights so much as vulnerabilities to crime and fraud. If you are a terrorist or a revolutionary or you are worried that you will be spied on while you are using your computer to plan or talk about crimes, stop. If you are a known terrorist or revolutionary then do not use computers, meet your cronies in dark back alleys and you are fine.

I think we (I am assuming most of you are not criminals) are only really going to be at risk when the technology comes to the point that the police can troll up and down the streets in vans and then bust in on anyone they can catch doing something wrong. And I bet that violates the watcha-callit... Constitution thingy.

So in the mean time I guess I can just keep an eye out for the flowers by irene vans outside my house and go on with my unshielded self.

Re:Keyboard Eavesdropping... (1)

tooth (111958) | more than 14 years ago | (#1553229)

How about something like the WWII German Enigma encryption machine to rotate the letters? A bit big and clunky for a mechanical version, and an electronic version would probably be "tempestable" as well. Though you could have 100s of "rotors".

But then again, you could always get a manual typewriter.

I wonder what the frame rate for quake would be :)

Re:Faraday Cage Time (1)

superape23 (56097) | more than 14 years ago | (#1553230)

good points, but I disagree with one of them, and it's one I wrote about too:

" know that my bank does not use tempest resistant equipment. Here's a scenario: Thief leaves a tempest scanner in a lunchbox computer (mostly
shielded of course) in his car that happens to be parked next to the bank or a vulnerable atm machine....a week later he records the acct#s to mag cards and writes a list of pins. Then in person, at an ATM that dosen't have a camera (yes there are a few of those still out here in rural america) and empties the machine."

because of this:
Does your atm print your account number on the screen? anywhere?
I guess it could be grabbed off the card reader, but I'm not sure about that. Because the card reader is in the machine and most atms are embeded in concrete and metal at least. Not the ones in delis tho. They are more or less just computers in a shitty metal tool box. And it's the same with the atm keypad, if your pin isn't in clear text on the screen (the biggest target) then there is much less chance it's gonna be grabbed from the keypad. (I am just guessing, so someone tell me I'm wrong and it's just as easy to grab the radiation from anything that gives it off.)

And if you want to defeat the atm cameras wear a hooded sweatshirt and sunglasses and a hankie over your mouth. Bound to work fine.

Re:Spy equipment should be illegal. (0)

Anonymous Coward | more than 14 years ago | (#1553231)

And you REALLY think that you will be more secure ? hahahaha! I hope you're joking!

I don't want to be Big Brother (1)

khaladan (445) | more than 14 years ago | (#1553232)

With all the worry/complaining surrounding government spying (think Echelon) I don't like the idea of my neighbors also spying on me, nor do I want to spy on them.

Re:Suggestion (2)

Tet (2721) | more than 14 years ago | (#1553233)

I know, I know, it's not possible...

Of course it's possible! It'll mean a reworking of X font handling mechanisms, and it'll certainly be a lot of work, but it definitely *is* possible.

Re:I use Dvorak, you should too you idiots. (0)

Anonymous Coward | more than 14 years ago | (#1553234)

It won't make any difference coward.

Re:5 Years (1)

Ed Avis (5917) | more than 14 years ago | (#1553235)

And:
** Netscape 5.0 released

Re:Can you jam Van Eck emissions? (1)

Jonathan_S (25407) | more than 14 years ago | (#1553236)

I would tend to think that putting out white noise on the same frequency as the byproducts of your moniter / keyboard / disk drive would be a great way to get video distortions on your screen, random keypresses detected by the computer or possible corrupt data from the HD. You would end up having to shield you computer against the exact same frequencies to prevent errors as you would have had to to beat a TEMPEST scan.

Ha ha, "it is keyboards" (0)

Anonymous Coward | more than 14 years ago | (#1553237)

I KNEW something was up with Microsoft all these years. And now we know. It is keyboards. Microsoft nothing but a bunch of keyboard? That's what they seem to be claiming!

Umm, did anyone read the article? (2)

Otto (17870) | more than 14 years ago | (#1553238)

All this thing is is a tuner card on a pci board.

BFD. Ham radio people have been making stuff like this for years. Maybe not so nice a version, but hey...

Of course, it is a difference when it's a mass-market item, and more people have the ability to hack away at the software.

Anyway, basically the card is a variable tuner to go through the spectrum and see what's out there. Pipe any signals you may find into the system and decode to your hearts content...

It's pretty entertaining what's out there on the airwaves.. Fun with HAM radios.

---

Re:Suggestion (1)

Foogle (35117) | more than 14 years ago | (#1553239)

Well yeah, in that sense, anything is possible. The problem is that it would break all of the current X-apps that need fonts. I guess there could be backwards-compatibility... I don't really know much about it.

-----------

"You can't shake the Devil's hand and say you're only kidding."

Re:Can you jam Van Eck emissions? (1)

wass (72082) | more than 14 years ago | (#1553240)

Everybody keeps mentioning the fact that a Tempest can scan the RF noise for 1000 yards to capture video signals. How does it distinguish between multiple monitors within this range? Ie, can it pick only one of many sync rates? or does some funky DSP filter out the other monitors? Or do other monitors distort the signal enough that it can act like a jammer?

Re:Legal stuff (1)

Cid Highwind (9258) | more than 14 years ago | (#1553241)

IANAL, but I remember hearing about a case involving people modifying satellite TV recievers to pick up the "pay" channels for free. The satellite company lost in court. The ruling said that any radio waves that beam down on your property are your to do with as you will. That seems to say that TEMPEST monitoring is legal as long as you are on your own property (and public property, too, maybe).

Re:Legal stuff (1)

kijiki (16916) | more than 14 years ago | (#1553242)

What about cellular phone radio waves that pass through my property? I can't legally do with those as I will. I suspect something similar will happen to this technology. That way, only the "responsible" feds will be able to use it.

Re:Can you jam Van Eck emissions? (1)

Kaa (21510) | more than 14 years ago | (#1553243)

Just because something is emitting some radio frequencies does not mean it is influenced by it. I am no electrical engineer, but it doesn't seem likely that one can make a simple radio transmitter and go around zapping people's hard disks with it.

Kaa

Ach! Ya canna change the laws of physics! (0)

Anonymous Coward | more than 14 years ago | (#1553244)

Be ye can rate the emission level and slap it on the ootside o the box.

However, there's no way for the consumer to know what EMF a product gives off or what level and type of EMF received will hinder its operation (I've had cheap (landline) phones that pick up buzzing from cheap battery chargers plugged into an outlet nearby. That's why I think we need an EMF standards body to rate products for (1) Type and strength of all EMF emissions emitted, and (2) Suceptibility to EMF emissions received.

Could lead to EMF security... (1)

dmaxwell (43234) | more than 14 years ago | (#1553245)

If these things become common and cheap then I think it would be a Good Thing in a backhanded sort of way. Individuals and businesses will demand security against cheap and prevalent Tempest monitoring. In other words, Plug and play EMF protection. If the script kiddie next cubicle over can't monitor your workstation then it will probably be difficult for the spooks as well. This could turn into yet another way to really get the spooks' goats.

Re:5 Years (0)

Anonymous Coward | more than 14 years ago | (#1553246)

And that new Debian release :)

Re:Tempest Attacks (1)

SlydeRule (42852) | more than 14 years ago | (#1553247)

Some good stuff on that site, well worth looking at.

A quick introduction to Soft Tempest (in HTML, Anderson seems to like PDF) can be found here [essential.org] . It's particularly interesting how the project was started:

Microsoft's recent $20 million donation to Cambridge University was accompanied by a request for research into technologies that would prevent users from illegally copying Microsoft's software products. ... this involved the development of a technology that would permit Microsoft or other software vendors to identify unauthorized uses of software simply by driving surveillance vehicles near places where software was used, which could monitor faint radio signals from computers.

Re:Another thing (0)

Anonymous Coward | more than 14 years ago | (#1553248)

Of course, that makes life a little inconvenient... why not create a shielded room, and put the computer in there?
But then the baddies can spy on your power usage, so you'll need an independent generator.
And of course you can't have a net connection, because that is INCREDIBLY easy to tap! Probably by Tempest as well as by standard phone taps

Re:Can you jam Van Eck emissions? (1)

JDisk (82627) | more than 14 years ago | (#1553249)

A viable option? Not really. You simply need too much power to hide the signal.

Remember, the signal (from the monitor) is transmitted dozens of times a second. So unless you scroll real fast, the attacker will be able to get hundreds or thousands of readings. This, combined with some suitable filtering, allows you to detect a very small signal in a lot of noise. (Ask you local astronomer for examples.) To beat this, you will need a LOT of noise.

This equates to a lot of radiation. And this has a couple of disadvantages:

1. Radiations seems to be bad for us biological beings. While some of the talk about radiation causing cancer etc. may be overblown, I wouldn't really enjoy sitting next to a nice powerful radio emitter all day.

2. Powerful electromagnetic radiation tends to screw up delicate electronics. Like computers. So you need to shield your computer, anyway. Just what you wanted to avoid.

See another screen--for free (1)

MikeDartt (15021) | more than 14 years ago | (#1553250)

VNC [att.com]

Think "desktop telnet": you can view (and manipulate) another computer's desktop remotely. Yes, you do need a password and the computer's IP, but how many of us here are spies? (You can all put your hands down now.)

You can view a Windows machine from *NIX, a Mac, and vice versa. No need to install expensive, proprietary software to see those X apps run. (Unless you really need a lot of speed.)

Okay, I'm starting to sound like a marketroid. But seriously--this rocks. We're using it at my school, and we love it.

Oh, did I mention it's GPL'd? :-)

Re:Can you jam Van Eck emissions? (1)

Kaa (21510) | more than 14 years ago | (#1553251)

Remember, the signal (from the monitor) is transmitted dozens of times a second. So unless you scroll real fast, the attacker will be able to get hundreds or thousands of readings.

A valid point. So a white-noise generator is not such a hot idea. How about, then, a generator that simulates a hundred computer monitors at the same time, transmitting some (relatively stable) junk dozens of times a second?

Basically, if you have two emission sources that look like monitors, how do you know which one is real? Or if there are two hundred emission sources (logical, not physical) -- how do you know which is real?

Kaa

Cryptonomicon (1)

mattermite (100724) | more than 14 years ago | (#1553252)

Isn't this pretty much the same thing as Van Eck Phreaking as mentioned in Cryptonomicon?

Vertical sync & resolution (1)

Molina the Bofh (99621) | more than 14 years ago | (#1553253)

I guess when you receive such a signal, you have to "syncronize" that to form a picture. That means the equipment would have to be set for, say, 60Khz horizontal signal/100 Hz refresh rate.

Would hard-to-find resolutions/refresh (Eg. 1600x1200/120 Hz) make it harder to intercept ? IMO, the eavesdroper would have to have at least a monitor as good as that one, am I right ?

Re:Spy equipment should be illegal. (1)

Justin Motion (15085) | more than 14 years ago | (#1553254)

All that'll do is put the tools exclusivly in the hands of criminals. It COULD be legislated that all new computer equipment coming into the country was tempest grade, but then we would be resistant to unreasonable search & seizure...can't have that now, can we?

Re:Vertical sync & resolution (1)

Justin Motion (15085) | more than 14 years ago | (#1553255)

It seems to me that the data could be manipulated while still in the computer to reduce it's framerate, and you could just pan around the image on the other monitor.

Re:Spy equipment should be illegal. (1)

William Aoki (392) | more than 14 years ago | (#1553256)

Perhaps, but the victim is broadcasting his signal (which the Tempest equipment or celluar scanner picks up) right through me. Why can't I intercept it?

I'd rather equip computers with Tempest shielding, so they don't broadcast their signals out. Even if Tempest were illegal, there'd be nothing else to stop someone from building a receiver.

Re:Another thing (0)

Anonymous Coward | more than 14 years ago | (#1553257)

Not to mention that the coolant costs for such a room run about 50 cents a gallon, and you have to bribe the delivery girl so she won't give away your address!

HAH! (0)

Anonymous Coward | more than 14 years ago | (#1553258)

Encryption applied to monitors? How will you be able to see anything, it'll be encrypted! and if you encoded the signal between the computer and the monitor, you'd still have a decoder which could emit as much emf as a regular video card, and the cathod ray tube itself, which is where most of the emf comes from anyway. I guess the only way to really reduce emissions is good sheilding and lots of it.

Using SQUID to Tempest a human brain... (0)

Anonymous Coward | more than 14 years ago | (#1553259)

As it is, a scientists can read the EM emissions of a human brain, and learn a lot about the persons thoughts through that... How soon until Tempest is applied to this?

Tempest is a standard and a device (1)

razvedchik (107358) | more than 14 years ago | (#1553260)

Tempest can mean two things. First, as the NSA uses it, it is just a standard for testing emissions of electronic devices.

As the layperson uses it, it is the device that spies on these electronic devices.

Tin Foil (1)

DanCentury (110562) | more than 14 years ago | (#1553261)

I'm wrapping my box in tin foil tonight!

Re:More Information (1)

spicoli (89317) | more than 14 years ago | (#1553262)

G. Gordon Liddey's fictional novel, "The Monkey Handlers", referenced a device to remote view a computer terminal from a distance. I believe the book was printed in 91. Good read. Interesting to see fiction that sounds a little far fetched end up a nearly affordable and otherwise available gadget! I'd like it to be illegal, though I doubt one could have much luck acusing someone of spying on them in this manner. You would likely end up with a prescription for some anti-psycotics or a nice soft room to stay in.

The G-Man's books [rtis.com]

Spicoli

"That was my skull!"

I don't think you get it. (0)

Anonymous Coward | more than 14 years ago | (#1553263)

go on and on about privacy and security for ourselves, and then start jumping at a chance to spy on everyone else?

We don't object to the act of spying, we just want to make sure WE'RE doing the spying, not the guy next to us.

Let me make one thing clear. I want one of these things. However, I don't want one to try to spy on my neigbors. I don't give a damn about what they are seeing on their screens. But I also don't want any one else to know what's on my screen. To that end, I have shielded my computer to prevent it from broadcasting what I'm doing. But how can I know if I have shielded it correctly or adequately? Therein lies the dilemma of setting up privacy and security systems. You never know how effective they are until someone tries to test them.

Now, however, I can go out and buy this "TEMPEST in a box" product and test my shielding myself. I will know if I am secure from these snoopers (at least the off the shelf versions). Moreover, by being able to examine the technology of this device first hand, I will have a pretty good idea of what needs to be done to my computer to shield it from the professional equipment that's being used by professional spies (like the FBI, and CIA, the Bavarian Illuminatti, and the NSA) to peek into my private business.

In other words, I want one of these things not to look into the private lives of others, but so I can know what they are seeing of my private life.

Re:Can you jam Van Eck emissions? (0)

Anonymous Coward | more than 14 years ago | (#1553264)

From what I've heard, You can find specific monitors just from the fact that there is still a tiny amount of inperfection in the making of crts, and those imperfections make the signal produced unique.

That would also imply that you would have to tune a jamming frequency (or set of them anyway) for EACH monitor, for the jamming to work.

This gives me an idea. If jamming works, why not convince some monitor companies to build their monitors with jamming devices? (Ok, so it might not be so profitable if the jamming frequencies change over time, but I would like to see somebody try it anyway: perhaps they could even build a Van Eck or similar device into the monitor to monitor how th jamming frequencies change!)

Hrm. (0)

Anonymous Coward | more than 14 years ago | (#1553265)

Ok, maybe this is bullshit, but shy couldnt you just build an emmitter that at least partially cancels (not hides) the emf? emf is electromagnetic waves, after all.

Re:Tempest isn't exactly foolproof (1)

jafac (1449) | more than 14 years ago | (#1553266)

I can just picture President Buchanan's thugs cruising up and down suburban streets in an unmarked van, looking for pr0n collectors. . .

I wish I had a nickel for every time someone said "Information wants to be free".

Re:Random number generating keyboard warriors (2)

wowbagger (69688) | more than 14 years ago | (#1553267)

I think by they they meant that the microcontroller that is in the keyboard should scan the rows of the keyboard randomly, rather than sequentially.


Howerver, there is a much simpler approach to reading a keyboard in a hard to read fashion: you don't scan! Instead, pressing a key ties the row and column together, and thus pulls the column up and the row down. You read the row and column with comparators, and thus no scanning. We do this on the equipment I help design because since we are measuring radio signals, we cannot be trashing the spectrum up.


IIRC, one time they did a Tempest survey on a computer that passed with flying colors, not because it didn't emit any signals, but rather because it threw out so much hash you couldn't recover any useful information from it.


Sounds like the old TRS-80 Model I: plastic case with no sheilding at all. You could pick one of those babies up on an AM radio for a quarter mile!

Re:Who is vulnerable to tempest? (1)

jafac (1449) | more than 14 years ago | (#1553268)

Hell, if radar guns for catching speeders doesn't violate the Constitution, (and I've heard compelling arguments otherwise), then this sure as hell doesn't.

Passive versus Active information gathering. Hell, you're BROADCASTING your private information. It's like, if a cop walks by your house and hears a woman screaming, he's got probable cause to bust in.

I wish I had a nickel for every time someone said "Information wants to be free".

Re:Laptops and Tempest (1)

Drayke (19544) | more than 14 years ago | (#1553269)

But remember also that law enforcement isn't the only application of this. Imagine your boss sitting two rows over from you in your nice little cubicle hell and being able to tell exactly what porn site you're visiting today, or what manner of disparaging comments you're making about your employer on Slashdot. Even if you're using a flat-panel, you're still within 10m. I know in most tech-support it's already considered kosher to watch an agent's screen for QA purposes (though usually this is done with VNC or the like), what would keep a company from going one step further and making it unnecessary to even have the necessary software on the agent's box? </paranoid> (Yes, BTW, I'm aware that this would require a highly-directional antenna and perhaps even a very good idea of azimuth/elevation for each desk, but the former is available and the latter takes nothing more than first-year trig.)

Reality, though, is that the technology is there, and whether it's legal or not, it's wise to guard against it if you've got something to hide (and yes, there are plenty of legitimate reasons for having something to hide). -Drayke

-Drayke

Re:anti-tempest wallpaper (0)

Anonymous Coward | more than 14 years ago | (#1553270)

Given that no case has ever been found of a laptop or cellphone interfering with aircraft systems, this stuff is probably tissue paper.

However I've seen anti-EM shielding advertised that's about the thickness of wallpaper. Presumably it's used in high-security installations where tin foil is not available.

Earth to Scotty (0)

Anonymous Coward | more than 14 years ago | (#1553271)

That's why I think we need an EMF standards body to rate
products for (1) Type and strength of all EMF emissions emitted, and (2) Suceptibility to EMF emissions received.


There already is. It's called the NSA^H^H^HFCC.

Re:Using SQUID to Tempest a human brain... (0)

Anonymous Coward | more than 14 years ago | (#1553272)

This would have a lot of possibilities in terms of adaptive equipment for people that have lost their natural brain interfaces. I would think people like Dr. Hawking of physics fame would have access to this kind of tech. Oddly in public appearances Hawking uses an unshielded dectalk device?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>