1998-09-22 - Re: Stego-empty hard drives… (fwd)

Header Data

From: Jim Choate <ravage@einstein.ssz.com>
To: cypherpunks@einstein.ssz.com (Cypherpunks Distributed Remailer)
Message Hash: b83f598745b5f94e67574572d9ef8e1ea402d6cf4b3d00a8317832c281105d4a
Message ID: <199809221948.OAA06096@einstein.ssz.com>
Reply To: N/A
UTC Datetime: 1998-09-22 06:24:12 UTC
Raw Date: Tue, 22 Sep 1998 14:24:12 +0800

Raw message

From: Jim Choate <ravage@einstein.ssz.com>
Date: Tue, 22 Sep 1998 14:24:12 +0800
To: cypherpunks@einstein.ssz.com (Cypherpunks Distributed Remailer)
Subject: Re: Stego-empty hard drives... (fwd)
Message-ID: <199809221948.OAA06096@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text

Forwarded message:

> Date: Tue, 22 Sep 1998 13:04:15 -0500
> From: Petro <petro@playboy.com>
> Subject: Re: Stego-empty hard drives... (fwd)

> 	At a certain threat level or level of "interest" in your affairs,
> whether you can hide the fact that you are using crypto or not is going to
> become irrelevant.

When you're at that level you don't carry the data across the line you 
get some Johnnie Mnemonic to do it for you or put it in a diplomatic pouch...

> 	If your opponent is using tempest, you are operating at that level.
> Tempest is expensive, and I'd imagine would have to be calibrated not only
> for each processor ([3-6]86, with all the variations (sx/dx, celeron, xenon
> etc,) as well as the NEC. AMD. and Cyrix clones thereof, ARM & StrongARM
> processors, PPC 601/3/4/G-3 processors, Motorola 68k processors, sparc
> processors etc) but (if you are looking at what the POST & BIOS actually
> does) for each BIOS AND OS. This is NOT an easy task, nor can it be done by
> a Bozo operating a X-Ray machine at an airport.

Consider that at any given time there are only a few hundred BIOS'es, made
from a few dozen base images, driving all the machines out there. The number
of companies that develop their own BIOS in toto for in-house products is next
to nil (I know of none). What they do is buy a license and then re-write the
sections they need to.

The TEMPEST signal will be effected by speed, I see no reason to suspect
that it's going to be processor dependant. Since the code gets executed
in the same sequence in these shared BIOS there is going to be a shared
footprint, which may get squeezed because of increased clock speed. Measuring
that footprint at ranges of inches is nowhere near as expensive as trying to
catch a monitor image from a block away.

If you store those few thousand footprints and do a compare any bozo can
in fact run the machine. Just sit and watch to see if the red light comes
on and call your supervisor.


                            The seeker is a finder.

                                     Ancient Persian Proverb

       The Armadillo Group       ,::////;::-.          James Choate
       Austin, Tx               /:'///// ``::>/|/      ravage@ssz.com
       www.ssz.com            .',  ||||    `/( e\      512-451-7087
                           -====~~mm-'`-```-mm --'-