.

NSA article on TEMPEST

<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Sun Feb 15, 2009 12:45 am

NSA article on TEMPEST

I've always found TEMPEST related topics to be interesting. Here's a released NSA article from the 70s on the subject. It's a bit heavily redacted yet, but there are still some good bits:

http://www.nsa.gov/public_info/_files/c ... empest.pdf
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sun Feb 15, 2009 1:39 am

Re: NSA article on TEMPEST

For those of you who are new to EH-Net or just missed Chris Gates' article on the topic, it's a fun read:

TEMPEST, Conspiracy Theories and Tinfoil Dreams

Don
CISSP, MCSE, CSTA, Security+ SME
<<

sleepless

Newbie
Newbie

Posts: 3

Joined: Mon Dec 10, 2007 10:17 pm

Post Tue Apr 07, 2009 7:54 pm

Re: NSA article on TEMPEST

You would be surprised at the number of people I come across that think TEMPEST is a myth or purely the realm of TV. I work for a company that does TEMPEST testing and RF security consulting. TEMPEST isn't really an issue for most people or even most companies, but in certain situations is worth being aware of. Carrying out a TEMPEST attack is not as complicated as most people assume. The difficulty is in large measure proportional to the distance from the device you are attacking. Imagine a shared office space where the attackers can rent office space immediatly adjacent to the intended target. That being said I think TEMPEST is still very unlikely to be the first or only avenue of security attack in any situation.
<<

LSOChris

Post Wed Apr 08, 2009 3:41 pm

Re: NSA article on TEMPEST

sleepless wrote: That being said I think TEMPEST is still very unlikely to be the first or only avenue of security attack in any situation.


I agree, its probably far easier to just break into that room and do whatever than actually rent the room next door, set up all the TEMPEST gear, and wait.  Pay the janitor 1000 bucks and its done in a nite.
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Wed Apr 08, 2009 8:45 pm

Re: NSA article on TEMPEST

Depends on the environment I suppose. I've seen some recent work in grabbing signals from wired keyboards with a fairly minimal setup. Sneaking minimal equipment like that into a storage closet for a day or two may be far less risky than bribing a janitor who might get a guilty conscience later on.
<<

sleepless

Newbie
Newbie

Posts: 3

Joined: Mon Dec 10, 2007 10:17 pm

Post Wed Apr 08, 2009 11:51 pm

Re: NSA article on TEMPEST

I agree with Jason. Its partly a matter of how available the technology or know-how is I guess. I have seen some of the stuff that was being done with the remote keyboard logging and detection. The idea and raw technology was not new necessarily. But it is an indicator that some of the ideas and technology may be becoming more widely available. If it were to become sufficiently user friendly there are plenty of situations where it may be a viable line of attack. Trying to make a generic keylogger that operates wirelessly by picking up the emitted RF would be a very interesting project...
<<

LSOChris

Post Thu Apr 09, 2009 11:17 am

Re: NSA article on TEMPEST

jason wrote:Depends on the environment I suppose. I've seen some recent work in grabbing signals from wired keyboards with a fairly minimal setup. Sneaking minimal equipment like that into a storage closet for a day or two may be far less risky than bribing a janitor who might get a guilty conscience later on.


if i'm already close enough to stick equipment in a storage room or in the room why wouldnt you just take the CPU or install a keylogger or boot into linux and take the data?  There are of course reasons why those wouldnt work.  My point is that any kind of sexy tempest way of doing it is probably much more trouble and money than just doing it the "old fashioned way"
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Thu Apr 09, 2009 5:03 pm

Re: NSA article on TEMPEST

I'd say that its really a matter of how stealthy you need to be. Eavesdropping on signals has the potential to leave no trace whatsoever, unless the equipment is found or you get caught taking it in or out. Stealing the machine storing the data, keystroke loggers, etc... don't have this benefit.
<<

former33t

Full Member
Full Member

Posts: 226

Joined: Sat Feb 14, 2009 12:33 am

Post Fri Apr 10, 2009 2:05 pm

Re: NSA article on TEMPEST

Chris-G, I'm with Jason on this one.  If all you need is some data (and you're sure you only need it once) then your approach works.  If you need continued access to an ongoing stream of information, then you should look at making sure the target thinks their security is adequate.

This being the ethical hacker forums, I'm sure someone is asking why not just hack in?  Maybe the box is no-network.  Maybe having the target increase it's security posture is just unacceptable.  Maybe you're a foreign government/competing corporation and your fingerprints just can't be on this one bit.  In that case moving to a completely passive attack such as TEMPEST may be the way to go.  Unless you are caught in the act (but how would this happen if you rent the office next door as in the scenario above), the target will never know it is under attack.  No IDS can protect you from a passive attack.
Certifications: CREA, MCSE: Security, CCNA, Security+, other junk
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Fri Apr 10, 2009 10:14 pm

Re: NSA article on TEMPEST

former33t wrote: No IDS can protect you from a passive attack.


True, but in this case there are countermeasures. You, would have to be in a very hostile environment or incredibly paranoid to implement such a system, but you can get noise generators that broadcast into the proper portions of the spectrum to mask emissions that the bad guys (or good guys) might pick up.
<<

former33t

Full Member
Full Member

Posts: 226

Joined: Sat Feb 14, 2009 12:33 am

Post Sun Apr 12, 2009 5:03 pm

Re: NSA article on TEMPEST

Sure, you could do that, or you could enclose the whole office in a faraday cage.  Neither is particularly cost effective or practical (as you noted) so nobody (short of spy agencies and really paranoid people) take such measures.  This makes a TEMPEST attack particularly effective when all else fails.
Certifications: CREA, MCSE: Security, CCNA, Security+, other junk
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Sun Apr 12, 2009 7:42 pm

Re: NSA article on TEMPEST

former33t wrote:or you could enclose the whole office in a faraday cage


I was shooting for countermeasures that didn't require major construction, but true enough.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Sun Apr 12, 2009 9:45 pm

Re: NSA article on TEMPEST

I believe that intelligence agencies and military routinely surround sensitive areas in faraday type construction. 

On a side, but related note, I remember sitting at a cell forensics course.  We had stuck one of our phones in a faraday bag prior to imaging it.  Lo and behold, the thing actually rang with an incoming call.  FAIL.
~~~~~~~~~~~~~~
Ketchup
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Sun Apr 12, 2009 9:50 pm

Re: NSA article on TEMPEST

There are a bunch of other pieces other than just putting up a faraday cage in/around the area to be shielded:

http://fas.org/nuke/intro/nuke/emp/toc.htm

Its a bit of a task to go the whole way.

Return to Hardware

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software