The Spectre wrote on 1998-03-18 05:11 UTC:
In almost every writing I've come across regarding Van Eck, I notice the phrase "...simply a modified television" or something along those lines.
Does anyone have a document for actually modifying a television set to do this sort of thing? It doesn't have to be extremely long ranged, and could in fact be very short range.. I am interested in performing my own experiments into defeating this sort of eavesdropping.
Ingredients for a minimum cost quick&dirty TEMPEST experiment: 1 RF tuner of a VCR 1 antenna amplifier 1 antenna 1 multisync PC monitor 1 PC with a video card (or a pair of tuneable sync oscillators) Connect the PC with the video card to the SYNC inputs of the multisync monitor. Program the video card to a video mode with the same deflection frequencies as that used by the target system. Connect the baseband output of your tuner to the VIDEO-IN pins of your monitor. Connect the antenna and amplifier to the RF input of your tuner. Switch on. Fill the screen of the target device with a big symbol consisting of dithered and non-dithered areas for best results in the first trials. Now tune through the VHF bands starting with the dot clock frequency of the target. That's it basically. Such a primitive TEMPEST monitor is of course unsuitable for evaluating the threat from much more sophisticated wide-band DSP eavesdropping receivers that directly attempt OCR-style algorithms on the signal with matched filters. But it is fun to play around with, it is useful for getting a feeling for the effect, and it is suitable for demonstrating most of the Soft Tempest tricks that I described in <http://www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf>.
Also, would it be possible to scramble the signal into an unusable level by simply putting another device emanating RF at the snooping frequencies nearby the machine that you want to protect? Something generating white noise at that frequency, but with a purposely built antenna, say a high gain type turned outward from the monitor, with a significantly higher power output than the monitor?
The FCC and your radiologist advise against this. Shielding is much more elegant than jamming. Remember that CRT content is a periodic signal, thus you can suppress uncorrelated noise by periodic averaging rather easily. Good jamming must produce a correlated output signal. See United States Patents 5165098 and 5297201 for descriptions of correlated jammers. I don't think, these are widely used though, as the TEMPEST standards seem to mandate shielding and not jamming, which I think is very sensible. Markus -- Markus G. Kuhn, Security Group, Computer Lab, Cambridge University, UK email: mkuhn at acm.org, home page: <http://www.cl.cam.ac.uk/~mgk25/>