Why bother going to the trouble of hacking a computer, when you can reconstitute the same data remotely by tuning into the electromagnetic emanations. There has been a lot of speculation regarding the TEMPEST phenomenon of late, either scare-mongering by TEMPEST consultants or dangerous comments about there being no risk from well meaning but inexperienced individuals. I hope to provide realistic guidance on how to assess and counter the risk, the information provided is by no means extensive and has been severely edited.
TEMPEST is not an acronym, though words have been used to fit TEMPEST that sound almost plausible
Data passing through circuitry and mechanical devices produce electromagnetic emanations, by tuning into these emanations the data can be reconstituted. Traditionally TEMPEST only applied to emanations where the reconstituted the data could be classed as compromising over a certain level of CLASSIFICATION. These days the term TEMPEST seems to apply to any data that can be reconstituted using the electromagnetic output. That's all I'm prepared to say, others have put some comprehensive explanations on the Net, a search will find them.
TEMPEST attacks don't come cheap, consider the following and then ask yourself whether someone would find your data that valuable.
Equipment, TEMPEST testing equipment doesn't come cheap, myths about using Radio Shack receivers are unfounded. Furthermore, TEMPEST equipment vendors are restricted in whom they can sell their products to.
Training, TEMPEST training takes many weeks and believe me, each week feels like an eternity, in addition to the training you need experience and lots of it. Training isn't given to just anyone, TEMPEST testers are usually "checked out" to ensure that they are unlikely to be subverted to the "dark side" prior to starting training. Therefore your tester won't come cheap.
Opportunity, The attacker must be in range to carry out the spatial or line attack, therefore there must be an adjacent room, building or parking lot that you cannot check on a regular basis
Time, An attack can take a long time So is your data that valuable that anyone would carry out the above in order to attack you?
Separation, Put as much distance between the target and the possible attack locations as possible, this applies to both spatial and line borne attacks How can I best achieve separation?
- Identify data that is under sufficient threat of attack, identify equipment that is used to process this data include lines, mains, VDUs, printers hubs etc.
- Identify possible attack locations
- Reduce attack locations, carry out routine checks of empty offices, restrict parking in the vicinity of the building especially for vans etc
- Where possible group your target equipment together in a location as far from the attack locations as possible
Shielding, You can shield individual equipment or entire rooms/buildings, shielding is very expensive and beyond the scope of this document Filtering, Any lines attached to the equipment could be at risk therefore identify any signal/control or mains lines and filter them. Low/no cost solutions include fibre optics and UPS, there are other examples but I'll leave that to your common sense.
VDU's repeat the same information at around 85 times per second (depending on the refresh rate)
Yes and no ;o) LCD screens themselves in theory emit less than a VDU however recent EMC controls have greatly reduced emanations from VDUs, the result is that often the graphics card will be the greatest source of compromise.
Use a screensaver to frustrate attacks, use monitors from reputable vendors that meet EMC standards. If you are very paranoid use soft fonts that are harder to reconstitute.
No, I'm merely trying to help you assess the risk and put in place some interim countermeasures. If you are a Government or Military agency seek advice from your TEMPEST authority.