We know that electrical and electronic equipment may have intentionally or unintentionally electromagnetic energy radiation to their surroundings. Wireless transmitters, mobile phones, radars, detectors, wireless data transmission systems do voluntarily emit this energy. But it is not desirable for a computer, copier or projection device to emit electromagnetic energy around. As I mentioned in my previous article, TEMPEST is a term that refers to unintentional electromagnetic energy emissions caused from electrical and electronic equipment that process confidential information, and also a code name by U.S. to investigate, examine, and control such emissions.

Although it seems utopian, TEMPEST is quite an old method of intelligence. Once energy emitted from the electrical device is picked up by an antenna and receiver, it can be amplified and reprocessed, and sometimes image refined thus information leakage can be obtained. This method was brought to Turkey by a team that I myself was a member of, in 1990’s, a laboratory and technical infrastructure that can create, solve and test the TEMPEST Problem with completely national abilities was established and personnel were trained. The most striking point of the problem is that leakage from any information processing device can be obtained … information displayed on the computer screen, information read on the CD drive, information replicated on the copier, transmitted by fax, scanned on the scanner, printed on the printer … all the information processing equipment that can come into your mind, is a potential TEMPEST leak source.

Are you sure that your PC is safe with the precautions you had taken???

The simplest TEMPEST scenario is that; while you are writing a CONFIDENTIAL article in your computer, the exploiter is collecting the signals electromagnetically spreading from your screen and reconstructing it… just like collecting aerial broadcast information sent over kilometers and watching a TV programme in our living room… This process can be done surreptitiously upstairs, in the next building or in a panelvan with darkened glass parking in front of your office…just like you do not know who is watching your television broadcasts! This kind of leak is known as “radiated emissions leakage”. Another way of collecting information leaks beyond using an antenna is to penetrate the network which the information processing device is connected and reach to the information … Going through the same example, CONFIDENTIAL information in your computer can also be obtained by penetrating to the power network or internet network it is connected to, collecting the data by a monitoring probe, even from hundreds of meters away..! This method is known as “conducted emissions leakage”. Neither the update of the antivirus on your system, nor the power of your firewall means anything against TEMPEST, because if the information is open on your screen, the same information exists in the air and on your network, and therefore on the exploiters antenna and probe…

So, how can we become safe against TEMPEST Leaks??

Actually the risk is big, but some measures are quite easy. First, I must say that the only and safest measure of the leakage through the conducted emissions is the TEMPEST filtering to be done on the signal lines or the power lines. Filters are devices that prevent leaks out without affecting the operation of the device. Leaks caused by radiated emissions can be prevented by the use of special designed equipment. During my years at TÜBİTAK – UEKAE, I have directed National TEMPEST Filters, National TEMPEST Proof IT Equipment development projects. Today, thousands of devices we have developed are used in many critical govermental institutions and military areas. If you do not have a chance to use these special devices of high cost, you should pay attention to work in the special chambers with TEMPEST proof or having a large controlled zone by taking advantage of the principle that leakage signals decrease inversely with distance.

 

This article was published in periodical “Science and Technology to Everybody (Herkese Bilim Teknoloji)”, March 10th, 2017.