Tyler's Education
Dave Emery
die at dieconsulting.com
Sat Jul 3 21:17:03 PDT 2004
On Sat, Jul 03, 2004 at 09:41:44PM -0500, J.A. Terranson wrote:
> On Sat, 3 Jul 2004, Major Variola (ret) wrote:
>
> > At 07:18 PM 7/3/04 -0400, Tyler Durden wrote:
> > >I dunno...as an ex-optical engineer/physicst, I'm sceptical about this
> > whole
> > >scary "tempest" bullcrap. Even if it can be made to work fairly
> > reliably, I
> > >suspect deploying it is extremely costly.
>
> Scary or not, I can attest from first hand personal knowledge that this
> type of monitoring is in active use by the US, and has been for over 4
> years (although it's only been "mainstream" for ~2).
Would you care to comment on any technical or other details ?
Tempest monitoring of raster scan CRTs has been around for
a long long time... but most current LCD displays are much less vulnerable
as pixels are switched in parallel (and of course not painted at high
speeds allowing optical monitoring). But many video cards generate
the rasterized stuff anyway... and use that interface to talk to
the LCD monitor.
Tempest monitoring of energy on communications lines and power
lines related to internal decrypted traffic has been around since
before the Berlin tunnel... and used effectively. But the heyday
of this was the mechanical crypto and mechanical Teletype era...
where sparking contacts switched substantial inductive loads.
Tempest monitoring of CPU and system behavior is a newer trick
in most cases if it is effective at all in typical situations.
Obviously Tempest monitoring of copper wire ethernet LAN traffic
is possible. Wireless LANs, of course, aren't a Tempest issue.
Perhaps some keyboards radiate detectable keystroke related
energy...
But given the current statist tendencies here and elsewhere, it
would not surprise me at all to hear that any and all techniques for
surveillance anyone has shown to be effective are likely in active
use - there is money, interest, and a great lowering of inhibitions.
And certainly there has been more than enough open discussion of Tempest
type side channel attacks, unlikely the folks behind the curtain have
just ignored all of it...
On the other hand the cost, complexity and sophistication of
the gear required to extract information at useful ranges is still
daunting compared to other methods of obtaining the same information
(such as black bag jobs with disk copiers and use of trojans to capture
passphrases).
--
Dave Emery N1PRE, die at dieconsulting.com DIE Consulting, Weston, Mass 02493
More information about the cypherpunks-legacy
mailing list