TEMPEST Attacks Informative - Electromagnetic Security

Review by 40692 on 2007-09-14
EVERYWHERE -- All your security software and/or hardware will not protect you from TEMPEST Attacks.

TEMPEST Attacks has been used by well-equipped opponents involves the remote detection of the electromagnetic signals from your computer. This expensive and somewhat labor-intensive attack is probably still cheaper than direct cryptanalytic attacks. An appropriately instrumented van can park near your office and remotely pick up all of your keystrokes and messages displayed on your computer video screen.

Here are some important historic events regarding TEMPEST Attacks.

1962 NSA's Project Tempest (defensive methods) begins; During Cuban missile crisis, NSA(aboard Oxford spy ship) attempts to circumvent unbroken Soviet cipher system by capturing radiation emitted from Soviet cipher machines located at Russian communications station in Cuba. Noise spikes are also attempted to be captured, revealing rotor settings on older cipher machines.

1972 Canada's first embassy collection operation (Stephanie) in Russia uses TEMPEST proof safe to hold intercept equipment.

1985 Iverson builds TEMPEST version of IBM PC for Operation TEMPEST; Grid Federal Systems makes only NSA-approved portable TEMPEST computer using a plasma display.

1991 First American broadcast of electromagnetic eavesdropping is shown on Geraldo Rivera's "Now! It can be told" show, performed by Winn Schwartau; Jim Carter, in coordination with Benjamin Franklin Savings and Loan, demonstrates successful attack on Diebold ATM machine using TEMPEST;

2001 In Kyllo v. US, U.S. Supreme Court rules against unwarranted infrared detection by law enforcement against private homes.

Just remember, effective emanation security begins with the physical environment. Unless you can shield the wiring (telephone lines, electrical wiring, network cables, etc.), all of the copper around your PC and in the walls isn't going to stop emanations from leaking to the outside world.
Comments:11 Replies - Latest reply on 2007-09-14
Posted by MRM on 2007-09-14:
Thank you, HappyJoyBear, for an informative article. I have never heard of TEMPEST Attacks, but I know now! I would also suggest using auto form fillings program such as "AI Roboform" to automatically fill forms in websites with personal information, to prevent capturing keystrokes. Please read my great software review on "AI Roboform."
Posted by Anonymous on 2007-09-14:
You are welcome. I will check it out...
Posted by MRM on 2007-09-14:
I would like to mention with AI Roboform, you can also use the program on a USB flash drive, so that when you are using a public computer, such as at the library or at Kinko's, you are not using the keyboard to type in personal information, such credit card numbers or passwords. The program will automatically fill in the forms for you. If your flash drive ever get lost or stolen, dont worry: unauthorized user will need to enter the master password to use AI Roboform and the personal information is AES encrypted. I cannot say this enough but AI Roboform is AWESOME!
Posted by Anonymous on 2007-09-14:
Good feature but I do not shop or access personal information on a public terminal. It is just too risky.
Posted by MRM on 2007-09-14:
I agree, I only check my emails on public computer, but when Im at work, I do enter other personal information, such as credit card number, using AI Roboform.
Posted by Anonymous on 2007-09-14:
Big brothers are watching @ most work places. I do not access public internet via my work PC. I setup a VPN tunnel to my home server and X11 (SSH2) forwarding Remote Desktop service back to my work PC.

The pipe and the data are both encrypted.

Posted by Anonymous on 2007-09-14:
Good review Happy and very informative.
Posted by Anonymous on 2007-09-14:
Good review Bear. The VPN is a very secure way to keep prying eyes off your shoulder.
Posted by Anonymous on 2007-09-14:
Thanks guys...
Posted by Anonymous on 2007-09-14:
Good info HappyJoyBear! Of course I voted your contribution 'Very Helpful'.
Posted by Anonymous on 2007-09-14:
Thanks... Stew.

Your Name:
(displayed with your comment)
Your E-mail:

Your Experience/Advice:
Check spelling

By clicking submit you agree that you have read and accept the Terms of Service & Privacy Policy.

Note: All comments are reviewed by a moderator before being published. Please be sure to read our guidelines before commenting.