From: strat@intercon.com (Bob Stratton)
To: Doug.Brightwell@corp.sun.com
Message Hash: cf3602868d9086226749cb08cc919d39b5147ef16f013de69fffe8fb14dd93ee
Message ID: <9212180202.AA21476@intercon.com>
Reply To: <9212180126.AA01855@media.Corp.Sun.COM>
UTC Datetime: 1992-12-18 02:03:16 UTC
Raw Date: Thu, 17 Dec 92 18:03:16 PST
From: strat@intercon.com (Bob Stratton)
Date: Thu, 17 Dec 92 18:03:16 PST
To: Doug.Brightwell@corp.sun.com
Subject: TEMPEST Question
In-Reply-To: <9212180126.AA01855@media.Corp.Sun.COM>
Message-ID: <9212180202.AA21476@intercon.com>
MIME-Version: 1.0
Content-Type: text/plain
>>>>> Doug.Brightwell@corp.sun.com (Doug Brightwell) writes:
Doug> But as a non-technical person, what I'm struggling to
Doug> understand is how a surveillance team could monitor the
Doug> emmisions from such cables and have any clue as to what
Doug> they are. Let's say they zeroed in on my poorly shielded
Doug> modem cable and were able to tune into a stream of 0's
Doug> and 1's. How could they then resolve that digital data
Doug> into anything meaningful? ...
My understanding, being only a moderate RF weenie, is that UARTs, the
devices which, more often than not, are driving your serial ports,
generate an emission very much like good old frequency shift keying.
It makes sense - having listened to computers on radios before. Think
in terms of sound first, as it's easier. A given sound represents a
"1", and another tone is "0". You waver back and forth between the
tones to describe the data you're transmitting.
The idea is that some of the normal emission characteristics from
components in computers (like UARTs) correspond to this sort of
modulation.
With regard to machine types, if it's a serial line, it's fairly easy
to map the communications into a set of probably protocol suites. If
you know *anything* about the use of the machine, it becomes a lot
easier. For instance, given an intercept of TCP/IP traffic over a SLIP
line, I could probably reconstruct a TELNET session log, but it's
nowhere as easy as just reading a terminal session on a link to some
BBS.
Doug> Even if it's just a plain text file how could the
Doug> surveillance team read it? Does each member of the ASCII
Doug> character set have specific and identifiable radiation
Doug> signatures? For example, does the letter "k" as it
Doug> passes through my modem cable have a characteristic EMR
Doug> that is the same for all machines?
You might also think in terms of things other than screens and modem
cables. For instance, many keyboards emit RF as they are used. It's
not irrational to suspect that these emissions might be tied in some
way to the use of the keyboard - I have an old FCC Class A Wyse
terminal that sounds different depending on which keys I hit. Since we
know that every piece of equipment has a uniquely identifiable (even
compared to other units of the same type) emission signature, it's not
too outlandish to expect that different key encodings in a keyboard
might generate different emission patterns.
Doug> Sorry if this query is too basic, but I would appreciate
Doug> any enlightenment...
It's weird stuff, and some people would rather not have the world
learning how to do this. In fact, Van Eck's original article is known
to have some deliberate misinformation in it, as the author didn't
want to make it "too easy" to learn how to do this kind of ELINT.
--Strat
Return to December 1992
Return to “strat@intercon.com (Bob Stratton)”