Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

NSA Releases Historical Documents on TEMPEST

Posted by ScuttleMonkey on Thu May 01, 2008 12:29 AM
from the sekrit-dockumints dept.
Security Technology
sgunhouse writes to mention Wired's Threat Level has a piece on a recently-declassified document detailing the history of TEMPEST. "It was 1943, and an engineer with Bell Telephone was working on one of the U.S. government's most sensitive and important pieces of wartime machinery, a Bell Telephone model 131-B2. It was a top secret encrypted teletype terminal used by the Army and Navy to transmit wartime communications that could defy German and Japanese cryptanalysis. Then he noticed something odd. Far across the lab, a freestanding oscilloscope had developed a habit of spiking every time the teletype encrypted a letter. Upon closer inspection, the spikes could actually be translated into the plain message the machine was processing. Though he likely didn't know it at the time, the engineer had just discovered that all information processing machines send their secrets into the electromagnetic ether."
+ -
story

Related Stories

Submission: NSA releases historical documents on TEMPEST by sgunhouse (1050564)
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

NSA Releases Historical Documents on TEMPEST 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • This is gonna be interesting. (Score:5, Interesting)

    by vought (160908) on Thursday May 01 2008, @12:36AM (#23260228)
    Here's an example of a TEMPEST-sheilded computer - the TEMPEST-shielded Mac SE/30 [digibarn.com].

  • Maybe the silliest consequence? (Score:3, Interesting)

    by gnick (1211984) on Thursday May 01 2008, @12:36AM (#23260230) Homepage
    Now classified fiber had to abide by an 18" standoff from unclassified lines to avoid EMF leakage...

    • Re:Maybe the silliest consequence? (Score:4, Interesting)

      by corsec67 (627446) on Thursday May 01 2008, @12:49AM (#23260294) Homepage Journal
      That does seem quite silly.

      Unless you are using a fiber optic cable with a transparent sheath [flickr.com], there shouldn't be any kind of detectable emissions from a fiber optic cable, especially not EMF, since there shouldn't be any moving electric current, right?

      The line might heat up very slightly from the signal losses, but that wouldn't be rapid enough to reveal anything useful about the signal, especially if manchester encoding [wikipedia.org] is used, where the light would be on 50% of the time.

      • Unless you are using a fiber optic cable with a transparent sheath, there shouldn't be any kind of detectable emissions from a fiber optic cable, especially not EMF, since there shouldn't be any moving electric current, right?

        Well, that's one possibility. What if photons create, instead of an electrical field, some other type (gravitational?) and we just haven't noticed yet because the interaction is so minor and nothing "tuned" to its wavelength has produced an accidental discovery like this one?

        Actually, this effect was exploited in ignition coils before this, so I think that saying that he made the discovery is a bit disingenuous. It's more that he had discovered something new to do with it. If it hadn't happened then, we

      • The reason to seporate fiber cables is not because of EMF. The reason is so that visual inspection can take place. If the cables where layed in the same conduit how could you varify that as some point they were con cross connected. But if they are 18 inches apart over the entire run visual inspection becomes easier and certainly less costly.

        One thing people fail to understand is that the cost of a system includes Design, Contruction and TEST. If the designer is smart he can greatly reduce the cost of the

        • One way I know the both the DoD and CIA are using to try and "reveal" signals through fiber is at the bends, since if the fiber is not *completely* straight, some of the signal is leaked into the cladding and can be captured.

          sniffing fiber by bending to allow leaks has been a commercial possibility for at least the last 10 years, so i doubt very much they are mearly "trying" to reveal signal.

          I recall seeing an all in one fibre/bending/sniffing device for about $500 bucks and that was a few years ago.

          the

          • In this case, I believe that it's just legacy. CRTs were (are) sniffable and the old-school coax lines certainly had EMF concerns. The switch was made from coax to fiber and they kept the proximity rules the same.
    • but once it's transmitted, it's encrypted. They'd have to pick up the EM thingies from a chip inside the computer, right? I mean in modern times, we don't really have to worry about this at all, right? Cuz there's so much else being processed and sent down a bus by the processor that you'd never pick out the data accurately, and probably not from more than a millimeter away.

      • Re: (Score:3, Insightful)

        by Detritus (11846)
        Famous last words.

        The NSA is the number one employer of mathematicians in the USA. The Russians are also supposed to be very good. If there is a way to extract intelligence from the noise, they probably know about it. If it's electrical, it radiates. If it radiates, someone else can detect it. If the signal is weak, they can build a better antenna, design a more sensitive receiver, and use more sophisticated signal processing.

        Look at your average PC. The keyboard and display are broadcasting tons of inf

      • Hint: Your keyboard isn't encrypted. Your video cable isn't encrypted(yet). Both can be picked up from non-zero distances. I saw a japanese program on it once.
    • You know, that sounds ridiculous to me, as well, but I've known enough people working on various imaging and other classified projects to know that these things aren't done arbitrarily and to know that sometimes requirements are dictated down because the real goal is some secondary effect of the requirement.



  • http://cryptome.org/ [cryptome.org]
    nsa-spectrum.zip + Zipped NSA Cryptologic Spectrum Articles 1969-81 April 24, 2008 (31MB)
    nsa-tempest.pdf + TEMPEST: A Signal Problem (NSA History) April 24, 2008

    No direct link to save JY's bandwidth.

    I love the simple solution
    "Instead of buying this monster, the Signal Corps resorted to the only other solution they could think of. They went out and warned commanders of the problem, advised them to control a zone about 100 feet in diameter around their communications center to prevent covert interception, and let it go at that."

    I am trying to get some time to get into the Spectrum articles.
  • Here I was without knowing all this cool stuff. Got to admit, this is damned cool - even if a bit cloak and dagger eh?
    • I didn't know it went all the way back to WWII. Once again, I am amazed at how much transpired in just that short few years. It's as if 100 years of history and scientific discovery were packed into 10.
      • And by the way, I don't think it was just because there was a huge war going on. The history of mankind is full of wars, and none of them were associated with such leaps forward in math, physics, materials, and communications. Nukes, jet aircraft, RADAR, plastic, computers, rockets, cryptography, all at once almost. I just don't think we could develop, e.g. a new fighter plane in 3 years now regardless of the resources, it's too complex. If there are a million advanced civilizations out there in space,
  • at Teletype Corporation looked like vaults. The engineers, working on secure terminals, took their work very seriously.

    • Re: (Score:3, Interesting)

      by drinkypoo (153816)
      These days you can go into a data center and see small room-buildings built into the data center which are designed to act as a faraday cage, they have copper mesh over the windows etc etc. A data center is already a difficult environment for this type of work because it's so noisy... But it's easy to get equipment into, just rent a rack.
      • My company used to rent a SCF (secure computing facility). It was based on the building-inside-a-building approach. The theme from 'Get Smart' always played in my head whenever I went in to the office... :-)
  • In Soviet America Tempest-Hat secures you.

  • I found a java simulation here [hereinreality.com].

  • I worked in a TEMPEST shielded flight simulator bay in the 80's. The entire place was sealed, shielded. Dual door airlock to enter/exit. Power came in and spun a motor which spun a generator so there were zero wires leaving the room that were attached to any equipment inside the room.

    After it was constructed I remember when it got tested and certified. The main bay was all metal walls and ceiling. If they found a tiny RF leak they'd spot weld over it When done the inside walls looked like a set from a

  • Something you can try at home... (Score:5, Interesting)

    by Gordonjcp (186804) on Thursday May 01 2008, @01:49AM (#23260522) Homepage
    Ideally you need a fairly old computer for this, with a monitor that scans at normal TV frequencies. I've done this with an Amstrad PCW, which is particularly suitable because the plastic case leaks a lot of RF.

    You're also going to need a portable black-and-white TV, a decent aerial, and maybe an aerial booster.

    Testing is simple - put a recognisable image up on the screen. This can be the startup screen of an application, a directory listing, even an ASCII-art goatse if you're so inclined. The key is is *must* be a monochrome screen with pixels that are on or off - it won't work with greyscale. There's a subtle side-effect of this, which I'll come to in a moment.

    Plug the aerial into the black and white TV. If you're more than a few feet away from the target computer, you're going to need the aerial. The signal you're trying to pick up is *tiny*. Tune the TV until you see what looks like a garbled version of the computer screen - an analogue tuner is best for this. The picture will be extremely weak and noisy, and it will also not be synchronised correctly. Now adjust the horizontal and vertical hold on the TV until you get a stable picture. You should at least be able to make out roughly what's on the screen.

    To take it further, you need to break into the TV and add an AM radio. This detects the scanning coils in the monitor, and allows you to generate a sync pulse to lock the TV to the computer. You need to position the TV and AM radio very carefully so the radio isn't picking up the TV scan coils. This is the difficult bit, and in fact I've never got this part to work. I've got readable text off the computer screen before, from about 30 feet. I'd call that working.

    Back to the greyscale thing briefly - antialiased fonts use grey pixels on either side of the black or white pixels to "blur" the edges and make the fonts look smoother. This has the effect of lowering the rise time of the signal, and thus not throwing as many harmonics out. Think about it - a switch from a black background to a white pixel is basically a squarewave, but if you step through a couple of shades of grey there's a much lower amplitude change and so the harmonics will be correspondingly quieter. So, anti-aliased fonts prevent Tempest-style attacks, and in fact about 15 years ago you could get "Tempest Fonts" that were basically very fuzzy antialiased fonts.

    The other thing is that LCDs don't emit RF harmonics to nearly such an extent. The days of Tempest and Van Eck phreaking are pretty much gone.

    • TVs picking up Laptop Signals (Score:4, Interesting)

      by billstewart (78916) on Thursday May 01 2008, @02:33AM (#23260668) Journal
      Back in the mid-90s, I was visiting my parents who had one of those "television" things occupying space in their living room, and I noticed that the display from my laptop computer showed up on the screen. It wasn't really in sync, had about three copies of the text slowly scrolling by, but you could tell it was readable text. I don't remember what year it was, so the laptop may have been a 486 or a Pentium 75, or something around that range, and the screen might have been 800x600 but was probably 640x480 (because our IT bureaucracy was much more impressed with screens that had more colors than more pixels; even today I'm still stuck with 1024x768 :-).


      Since I'd done work with TEMPEST in the 1980s and was hanging out with a bunch of crypto people, and since the open-source discussions were mostly people saying "Laptops should protect you just fine since they're LCD", I obviously had to speculate about how this could be happening. My guess is that it wasn't the LCD itself that was radiating, but instead was the VGA jack on the back for plugging into a desktop monitor. Most laptops still have those today, and while many people use LCDs rather than CRTs as desktop monitors, they're still connecting by VGA signals using not-particularly-shielded cables, so there should still be plenty of signal around to listen for.


      Obviously today's video signals are a lot higher frequency, so you'd need to use some actual computer equipment rather than squinting at a television. I don't know if the digital signal formats are easier or harder to intercept successfully than the VGA analog ones; maybe that'll help.

      • I recall something similar - Nintendo built video outputs onto the Nintendo DS, so that they could be shown on monitors at trade shows etc., and quite a few of the units on shop shelves at launch had some of the the hardware left in. It was possible to tune into the console (one of the screens, anyway, I forget which) on a common-or-garden TV.
      • There's lots of stuff which can be radiating. As you say, the input jack is a potential source of noise (although it's usually inside a metal case.) Various other cables are also there, like the flexible circuits inside the LCD monitor, the output jack on the computer... Even laptops can be read, after all.

    • ... make the fonts look smoother. This has the effect of lowering the rise time of the signal...

      Increasing the rise time, actually.

      The other thing is that LCDs don't emit RF harmonics to nearly such an extent. The days of Tempest and Van Eck phreaking are pretty much gone.

      They're very much alive, actually [cam.ac.uk] (8 MB PDF).

    • >The other thing is that LCDs don't emit RF harmonics to nearly such an extent. The days of Tempest and Van Eck phreaking are pretty much gone.

      Slashdot sez LCD's can be eavesdropped on [slashdot.org] -- it's just more difficult. Still: from three offices away is not bad, given a $2000 instrumentation budget.
  • Are these as accurate as the "historical documents" on Galaxy Quest? Anyone else reminded of that?
  • engineer had just discovered that all information processing machines send their secrets into the electromagnetic ether

    Presumably if he made the same discovery today (regarding the weakness of a secure communication) and told anyone about it, he'd be arrested, rather than have his work recognised as beneficial.

    I guess that's progress for you

    • Didn't Bruce Willis teach you anything? If the same discovery were made by the employee of a security firm, the employee would be hunted down and killed.
  • For an example of TEMPEST exploits being used successfully look up details of Operation GOLD [wikipedia.org], the Berlin tunnel.
  • You're looking to "Wired" as a source of reliable information? Hmmm

    Electromagnetic leakage was well known by 1943. So well known that sinece the mid 1930's the Navy had required all receivers to be specially designed as to not leak out any spurious signals such as the local oscillator, BFO, or IF signals. Plentifully documented in the user and service manuals of said radios.

    The scope "spiked" because the teletype needed a whopping 60 milliamps of signal current from a high-voltage current-limited sou

      • I focused on the teletype signal as it's often the longest and least-shielded path.

        The solution is the same for all the data paths.

        Round off the spikes with a RC Low-Pass filter and/or shield the wires.

        75-baud data does not radiate much with anything less than a quarter-wavelength of signal cable (about 22,00 miles)

  • Electrical leakage was the least of your problems. If one of those spiky ball things came after you, you were doomed.

  • <graybeardmode>

    Back in 1979 (IIRC), a college classmate and I discovered that our TI-55 [datamath.org] calculators would put out a blast of noise on the AM dial whenever something was written to the LED display! We tuned a nearby radio to the most effective frequency and started exploring.

    Imagine our excitement when we discovered there was a different delay between bursts depending on how many LED segments were lit up! (That is, it took longer to display 88888888 than 11111111). Hey! We can make Music!! Fr

  • Though he likely didn't know it at the time, the engineer had just discovered that all information processing machines send their secrets into the electromagnetic ether."

    Does that include my Dick Tracy secret decoder ring?

    We've all heard stories of programming music on a radio from a Commodore PET, or reading the data by converting the flashes from a modem's transmit and receive LEDs, but I'm sure at the start of the electronics era (and especially in a crypto lab during a war) that the concept of being
  • The book Spycatcher details how shortly after WWII the British tapped the powerline feeding the coding machine in the French embassy in London. Electrical noise on the line could be correlated with different keys typed on the machine. When this book came out it was banned in Britain.
  • Its nice to see this stuff starting to get declassified.

    Back in the late 80's I worked on some electronic key management stuff for the DoD. I was told I could put TEMPEST on my resume, but I was not allowed to tell anyone what it was. On can imagine the kind of odd job-interview situations this produces.
  • "all information processing machines send their secrets into the electromagnetic ether."

    An abacus doesn't: http://en.wikipedia.org/wiki/Abacus [wikipedia.org]

    Nor does an old fashioned adding machine:
    http://en.wikipedia.org/wiki/Adding_machine#Burroughs.27s_calculating_machine [wikipedia.org]
    (Be sure to check out the image of the Burroughs adding machine near the bottom of the page.)

    Nor a Manual Typewriter:
    http://en.wikipedia.org/wiki/Typewriter [wikipedia.org]
    (Be sure to check out the Hansen Writing Ball a little down on the left hand side... It will mak
    • It seemed like a peculiar (and slightly crackpot) hobby with no obvious application. Heh.

      Heh indeed. Most applications are indeed illegal, but imagine parking your van outside a bank and tuning in. Account numbers, passwords, all sorts of information.

      On the governmental side, the stakes were much higher and therefore they got much more creative.

      I'm getting a kick out of some of the posts.

    • A modern version could involve embedding a couple of microphones in a table top with associated processing. When someone lays a keyboard down an starts typing, the arrival time of each key click can be used to determine which key was pressed.

      Other possibilities exist.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.