- ONE GLOBAL ONE -
- AMERI-ADVOCATE -
- Amsterdam - New York - Santa Cruz - New Zealand - Montreal -
News, Views and Actions
Visit us at http://members.tripod.com/~ellis_smith/ameri-advocate.html
* ICQ# 22499125 * AOL-IM - SMITHORG *
Espionage Operations - Page 3
Front Page or Contents
Techno Warfare/ MACRO-USGOV Espionage Operations - Page 1
Techno Warfare/MACRO-USGOV Espionage Operations - Page 2
Techno Warfare/MACRO-USGOV Espionage Operations - Page 3
Techno Warfare/MACRO-USGOV Espionage Operations - Historicals
INTERCEPTION 2000 - ECHELON/ILETS
December 23, 1999
Y2K BUG STRIKES AOL OR COLLOSAL SCREW UP
AOL's news ticker this morning is displaying news from days to a week
ago. Either they're experiencing a Y2K glitch in advance, they've been
hit by hackers, some really bad coding has come up or one of their
operations people has screwed up big time. According to the AOL
news ticker, 500 people are feared dead in venezuela, Portugal is
handing over Macau and the Sri Lankan President has just been
hurt in a blast. Obviously they've loaded an old database.
The timing of this is not unexpected though. Our New Zealand office
;and New York office has been getting hammered with interference
and interception from wayward sources. One theory is being
considered from an event from France yesterday. Emails to
this this address were being bounced back as "user unknown".
However, I was in fact recieving them. The NSA sniffers could
possibly be experiencing a technical glitch in which they're
passing on the email but instead of forwarding a copy to
the respective desks of theirs, fail and thus send the failure
msg. to the orginating party. If this is the case then the NSA
has either fallen asleep at the wheel or has a very serious
security problem in house.
Another interesting item is onelist.com suddenly refusing
to accept a post by reason of being unavailable. The post
was the Presidential message regarding Kawanza. Every
other post went thru just fine. As you know we've certain
contacts and friends within this community so I find it rather
suspect that this particular message would be interfered with.
Yet another disturbing item has come up also. There is
a push on by local law enforcement agencies to start checking
juveniles for their draft cards. Now one would think, especially
in light of LIttleton Colo. that say drugs, guns or pregnancies
might be their priority when dealing with youth but the sudden
interest in insuring that they either possess a draft card or
warning them to obtain their draft cards is disconcerting to
say the least.
ALSO: Surveillance Society II
By Erin Zimmerman and Dale Hurd
December 14, 1999
-- A Russian spy made headlines last week after he was found listening in
on conversations through a bug planted at the U.S. State Department, and there are
renewed concerns about Chinese spying.
But the government is using methods that are far more
sophisticated -- and far more secret -- to capture everything from phone calls to e-mails to
faxes. And there's growing evidence that they may be using it, not just on
terrorists, but on you.
"I think that people need to understand that we're entering an age of a new America,
and we're not going to like it," says privacy expert Lisa Dean of the Free Congress
Foundation. "This is not a society where what we say, or what we do, or what we tell
people is kept a secret."
"And people's conversations are being eavesdropped on in violation of the 4th
amendment," says Greg Nojeim of the American Civil Liberties Union. "If Americans
don't wake up to their diminishing window of privacy, as it were, pretty soon, there's not
going to be any left."
In a high-tech world that now contains 40 million cell phones, 14 million fax machines,
and 180 million computers, just how private is your communication? The answer may
"I don't think we have a whole lot of privacy left in America," says Dean. "We think we
do, but we really don't."
Big Brother may not be watching yet ... but he may be listening to your phone calls and
reading your e-mail, all in the name of national security.
"Secretary of Defense William Cohen has said publicly, the American people need to
decide how much privacy they're willing to give up in favor of more security," says
Dean. "Well, the answer to that should be none."
And as Americans move further into the information age, Big Brother is rapidly
becoming public enemy number one.
"The Wall Street Journal conducted a poll about a month ago and asked Americans
what do you fear most in the next century. Terrorism? No. Crime? No. The thing that
concerned most Americans was the loss of personal privacy."
At the center of the firestorm over electronic privacy is the National Security Agency,
headquartered in Fort Meade, Maryland. With a global staff of around 38,000 the NSA
is larger than the FBI and the CIA combined.
"The NSA has two missions: one is foreign intelligence gathering, and the other one is
creation of codes to protect U.S. diplomatic and military secrets," says former NSA
analyst Wayne Madsen. "Historically, that's been NSA's two major functions.
Unfortunately, with the end of the Cold War, they're now looking into other areas."
These other areas may include your own home, through a global eavesdropping system
known as ECHELON.
"What ECHELON basically is is a system that, based on key words in a conversation or
key words in an e-mail -- it takes those key words of interest, which are basically
pre-programmed in something called a dictionary."
According to Madsen, this dictionary may be searching your phone calls, faxes, and
e-mails to sniff out terrorists, hackers, and other potential threats. Privacy experts
charge that even accidental use of these so-called key words could put you under the
sharp ears of the NSA.
"I think the NSA would say, 'I wonder what they're up to,' and I think there might be
increased monitoring of their communications."
Most of the public information about ECHELON is based on a report commissioned by
the European parliament.
Published last April, the report charges that the NSA's global spy bases, like the one at
Menwith Hill in England, routinely intercept around two-million communications every
"So basically, you can think of it as a giant drift net that captures everything," says
The countries casting this global drift net are members of what's known as the UKUSA
alliance: the United States, Canada, Australia, New Zealand, and the United Kingdom.
According to the EU report, this five-pronged partnership also forms the legal loophole
that allows the NSA to spy on its own citizens.
"The NSA has no jurisdiction here in this country," says Dean. "So it can't legally listen
in on Americans' phone conversations or electronic communications. However,
according to the European parliament, what it's doing is getting its British counterparts,
or Australian counterparts, and so on, to do their dirty work."
For example, if you send an e-mail message from New York to Los Angeles, it may be
routed through Canada or the UK before reaching its destination. And once a message
travels outside U.S. borders, it's fair game for ECHELON's web.
Most Americans got their first glimpse of the super-secret agency in the 1998 action
film Enemy of the State. Former attorney and journalist James Bamford wrote The
Puzzle Palace, considered to be the definitive work on the NSA. And although film
producers relied heavily on his best-selling book to make Enemy of the State, Bamford
says they used more than a little creative license.
"The NSA doesn't possibly have the ability to do that," says Bamford. "There are too
many inaccuracies. NSA doesn't control imagery satellites, photo satellites -- you don't
pick up the phone and say, 'I want a satellite on the corner of Wisconsin and M Street,
and they don't go into hotel rooms -- they can't do hotel rooms, so there were a lot of
problems I had with it."
Meanwhile, critics are asking, if the Cold War is over, then why has global intelligence
continued to mushroom?
"Russia's defeated; we are still the superpower, the one and only superpower in the
world," says Dean. "How do we justify all the systems that we have in place; how do
we justify all of the activities of the people we've employed in the intelligence
community to keep going?"
But Bamford, an NSA observer for over 20 years, argues that there are still too many
global hotspots to consider downsizing at Fort Meade. For example, while much of the
NSA's attention was focused on the growing missile threats in North Korea, it
completely missed the budding nuclear rivalry between India and Pakistan in 1998.
"This is an intelligence agency that some critics are giving enormous abilities to listen to
everything everywhere at all times, but this was a major security issue, whether India
and Pakistan were developing nuclear weapons, but they didn't hear it -- they didn't
know about it," he says. "So this is an agency that is given far more credit for being able
to listen to things than they are able to. They can't even listen to things they're supposed
to be listening to, let alone things they're not supposed to be listening to."
Since its creation in 1952, the National Security Agency has remained America's
biggest intelligence secret -- so secret, in fact, that Washington insiders often joke that
the initials "NSA" stand for "No Such Agency." But for the first time in its history, the
agency may be forced to reveal some of those secrets to Congress.
Georgia Republican Bob Barr is leading a congressional movement to force the NSA to
answer for spying on U.S. citizens.
"There seems to be very credible evidence that this operation is taking place, and has
been taking place for quite some time," says Barr. "At this point, all we're asking for is
the basic information telling us what do you at the NSA, the National Security Agency,
believe is the legal basis for you to gather this information? That's the starting point:
What's the basis that you believe you're authorized to do this?"
That question set off a battle royal between the NSA and the House Intelligence
Committee earlier this year. When asked about the legality of their procedures, the
agency refused to provide Congress with any information, citing attorney-client
"It's hard to say it with a straight face," says Barr. "They just make these things up in
order to not disclose something they don't want to disclose."
"Even people on the inside at NSA realize that that was a
terrible mistake they made by trying to invoke
client-attorney privilege to try to avoid providing Congress
answers to questions that Congress asked them," says
In response, Barr proposed a measure that will require the
NSA to report to Congress on the legal standards they use
for spying. The measure was passed by the House and is
now under consideration by the Senate. Congressional hearings on ECHELON are
expected early next year.
Meanwhile the battle against Big Brother has forged some unusual alliances in
Washington. At Barr's side in this investigation is the American Civil Liberties Union,
which is working hard to make ECHELON a household name on Capitol Hill. In
November, the ACLU went online with a watchdog Web site designed to put the
American public on "ECHELON Watch." The Web site can be found at
"The NSA is used to operating in a black box," says Nojeim.
"When it comes to our rights, that box needs to be opened. The only people who can
open that box for the American people are the members of Congress."
NSA officials declined an interview with CBN News, but sent a
written statement saying, "The National Security Agency operates in strict
accordance with U.S. laws in protecting the privacy rights of U.S. persons."
December 16, 1999
Security agency's eavesdropping fuels network paranoia
Posted on 11/24/1999 16:54:27 PST by Antiwar Republican
Published Wednesday, November 24, 1999, in the San Jose Mercury News
The opinion of the Mercury News
Security agency's eavesdropping network fuels paranoia
Take hard look at eye in the sky
FOR decades, Congress has funded a vast secret surveillance system without knowing what it is or
does. Now, at Europe's prodding, Congress is beginning to wake up to the dark implications.
The system, known as ECHELON, may be indiscriminately intercepting much of the
world's telephone, e-mail and fax communications. Reports prepared for the European
Parliament claim it routinely spies on international dissident groups, and commits industrial espionage
against European competitors --
allegations largely based on interviews with sources not publicly identified.
If true, computers routinely may be monitoring millions of phone and electronic conversations daily,
hunting for phrases, perhaps even individual voices, they are programmed to capture. If true,
ECHELON may be circumventing the federal law forbidding eavesdropping on U.S. citizens without
probable cause. If true, ECHELON has made real some of Hollywood's most fantastic scripts.
``Right now Echelon is a black box, and we really don't know what is inside it,'' Barry Steinhardt,
associate director of the American Civil Liberties Union, has said.
The National Security Agency runs ECHELON out of its headquarters in Fort Meade, Md., where it's
reported to have five acres of computers underground. With twice the number of
employees and a far bigger budget than the CIA, the NSA has fed civil libertarians' fears and
European paranoia. It has refused to confirm publicly that ECHELON exists. And last summer, it
stonewalled an inquiry by the House Select Committee on Intelligence.
With suspicions aroused, Congress has demanded answers. It inserted language
in the just-passed federal budget giving the NSA 60 days to spell out the legal standards for
intercepting communications at home and abroad. And Rep. Bob Barr, a Georgia Republican and former CIA employee, has vowed to hold hearings on ECHELON next year.
This much is known: The NSA operates ECHELON in conjunction with counterparts
in Great Britain, New Zealand, Australia and Canada. Through a global network of satellites,
radio antennae and sniffing devices, the system can tap into correspondences and data transmissions of businesses, governments and individuals. High-speed computers using
key word searches and speech recognition technologies allow the agencies to sift through massive amounts of information.
It is questionable whether ECHELON is capable of intercepting all of Europe's phone and fax
lines, as the European Parliament report alleges. The proliferation of cell phones and
the spread of encryption will complicate that ambition, if it exists.
NSA supporters say that the agency is complying with U.S. law and restricting
its role to national security interests. But the reports on ECHELON do raise alarms and may
point to weaknesses in federal laws banning spying, with few exceptions, on Americans.
Those protections, in response to revelations about CIA improprieties in the
'70s, predate the Internet and may not cover electronic communications. They
may also be ineffective in regulating a global communications network. For
example, it's unclear whether the NSA would be precluded from
receiving trans-Atlantic communications that the British download at a
satellite center. There also are questions of what the NSA does with information
it inadvertently gathers on corruption or illegality.
Technology is making private electronic and phone communications vulnerable to
government surveillance. Cracking the NSA's code of silence on ECHELON will help
expose the extent of the threat.
CyberWire Dispatch // (c) Copyright 1999 //
Jacking in from the "Sticks and Stones" Port:
By Suelette Dreyfus
"Semantic Forests" doesn't mean much to the average person. But if you say
it in concert with the words "automatic voice telephone interception" and
"U.S. National Security Agency" to a computational linguist, you might just
witness the physical manifestations of the word "fear."
Words are funny things, often so imprecise. Two people can have a telephone
conversation about sex, without ever mentioning the word. And when the
artist formerly known as Prince sang a song about "cream," he wasn't
talking about a dairy product.
All this linguistic imprecision has largely protected our voice
conversations from the prying ears of governments. Until now.
Or, more particularly, it protected us until 15 April, 1997 - the date the
NSA lodged a secret patent application at the US Patent Office. Of course,
the content of the NSA patent was not made public for two years, since the
Patent Office keeps patent applications secret until they are approved,
which in this case was August 10, 1999.
What is so worrying about patent number 5,937,422? The NSA is believed to
be the largest and by far most well-funded spy agency in the world, a
Microsoft of Spookdom. This document provides the first hard evidence that
the NSA appears to be well on its way to creating eavesdropping software
capable of listening to millions of international telephone calls a day.
Patents are sometimes simply ambit claims, legal handcuffs on what often
amounts to little more than theory. Not in this case. This is real. The U.S.
Department of Defense has developed the NSA's patent ideas into a real
software program, called "Semantic Forests," which it has been lab
testing for at least two years.
Two important reports to the European Parliament, in 1998 and 1999, and
Nicky Hager's 1996 book "Secret Power" reveal that the NSA intercepts
international faxes and emails. At the time, this revelation upset a great
number of people, no doubt including the European companies which lost
competitive tenders to American corporations not long after the NSA found
its post-Cold War "new economy" calling: economic espionage.
Voice telephone calls, however, well, that is another story. Not even the
world's most technically advanced spy agency has the ability to do massive
telephone interception and automatically massage the content looking for
particular words, and presumably topics. Or so said a comprehensive recent
report to the European Parliament.
In April 1999, a report commissioned by the Parliament's Office of
Scientific and Technological Options Assessment (STOA), concluded that
"effective voice 'wordspotting' systems do not exist" and "are not in use".
The tricky bit there is "do not exist". Maybe these systems haven't been
deployed en masse, but it is looking increasingly like they do actually
exist, probably in some form which may be closer to the more powerful topic
Do The Math
There are two new pieces of evidence to support this, and added together,
they raise some fairly explosive questions about exactly what the NSA is
doing with the millions of international phone calls it intercepts every day
in its electronic eavesdropping web commonly known as Echelon.
First. The NSA's shiny new patent describes a method of "automatically
generating a topic description for text and sorting text by topic." Sound
like a sophisticated web search engine? That's because it is.
This is a search engine designed to trawl through "machine transcribed
speech," in the words of the patent application. Think computers
automatically typing up words falling from human lips. Now think of a
powerful search engine trawling through those words.
Maybe the spy agency only wants to transcribe the BBC Radio World News, but
I don't think so. The patent contains a few more linguistic clues about the
NSA's intent - little golden Easter eggs buried in the legal long grass.
The "Background to the Invention" section of every patent application is the
place where the intellectual property lawyers desperately try to waive away
everyone else's right to claim anything even remotely touching on the patent.
In this section, the NSA attorneys observed there has been "growing
Interest" in automatically identifying topics in "unconstrained speech."
Only a lawyer could make talking sound so painful. "Unconstrained speech"
means human conversation. Maybe it's been "unconstrained" by the likelihood
of being automatically transcribed for real time topic searching.
Here's the part where the imprecision of words - particularly spoken words -
comes in. Machine transcribed conversations are raw, and very hard to
analyze automatically with software. Many experts thought the NSA couldn't
go driftnet fishing in the content of everyone's international phone calls
because the technology to transcribe and analyze those calls was too young.
However, if the NSA didn't have the technology to do automatic transcription
of speech, why would it have patented a sifting method which, by its very own
words, is aimed at transcripts of human speech?
As Australian cryptographer Julian Assange, who discovered the DoD and
patent papers while investigating NSA capabilities observed: "Why make tires
if you don't have a car? Maybe we haven't seen the car yet, but we can infer
that it exists by all the tires and roads."
One of the top American cryptographers, Bruce Schneier, also believes the
NSA already has machine transcription capability. "One of the Holy Grails of
the NSA is the ability to automatically search through voice traffic,"
Schneier said. "They would have expended considerable effort on this
capability, and this research indicates at least some of it has been fruitful."
Second, two Department of Defense academic papers show the U.S. developed a
real software program, called "Semantic Forests," to implement the patented
Published as part of the Text REtrieval Conference (TREC) in 1997 and 1998,
the Semantic Forest papers show the program has one main purpose:
"performing retrieval on the output of automatic speech-to-text (speech
recognition) systems." In other words, the U.S. built this software
*specifically* to sift through computer-transcribed human speech.
If that doesn't send a chill down your spine, read on.
The DoD's second prime purpose for Semantic Forests was to "explore rapid
Prototyping" of this information retrieval system. That statement was written in 1997.
There's also an unambiguous link between Semantic Forests and the NSA
patent, it's human and its name is Patrick Schone.
Schone appears on the NSA patent documents, as an inventor, and the Semantic
Forests papers, as an author and he works at Ft. Meade, NSA's headquarters.
Specifically, he works in the DoD's "Speech Research Branch" which just
happens to be located at, you guessed it, Ft. Meade.
Very Clever Fish
The NSA and the DoD refused to comment on the patent or Semantic Forests
respectively. Not surprising really but no matter, since the Semantic Forest
papers speak for themselves. The papers reveal a software program which,
while somewhat raw a year ago, was advancing quickly in its ability to fish
relevant data out of various document pools, including those based on speech.
For example, in one set of tests, the scientists increased the average
precision rate for finding relevant documents per query from 19% to 27% in
just one year, from 1997 to 1998. Tests in 1998 on another set of documents,
in the "Spoken Document Retrieval" pool were turning up similar stats
around 20-23 per cent. The team also discovered that a little hand-fiddling
in the software reaped large rewards.
According to the 1998 TREC paper: "When we supplemented the topic lists for
all the queries (by hand) to contain additional words from the relevant
documents, our average precision at the number of relevant documents went
from 28% to 50%."
The truth is that Schone and his colleagues have created a truly clever
invention. They have done some impressive research. What a shame all this
creativity and laborious testing is going to be used for such dark, Orwellian purposes.
Let's work on the mental image of that dark landscape. The NSA sucks down
phone calls, emails - all sorts of communications to its satellite bases.
Its computers sift through the data looking for information which might
interest the U.S. or, if the Americans happen to be feeling generous that
day, their allies.
Now, whenever NSA agents want to find out about you, they pull up a slew of
details about you on their database. And not just the run-of-the-mill
gumshoe detective stuff like your social security number, address, but the
telephone number of every person you call regularly, and everything you have
said when making those calls to 1-900-Lick-Me from your hotel room on those
stop overs in Cleveland.
And here's the real scary stuff:
The NSA likely already has a file on many of us. It's not a traditional
manilla file with your name typed neatly on the front. It's the ability to
reference you, or anyone who matches your patterns of behavior and contacts,
in the NSA's databases. Now, or in the near future, this file may not just include who
you are, but what you *say*.
British Member of the European Parliament Glyn Ford is one of the few
politicians around who is truly concerned with the individual's right to
privacy. A driving force behind the European Parliament's STOA panel's two
year investigation into electronic communications, Ford is worried that the
NSA possesses technologies that are "potentially very dangerous" to privacy
and yet have no controls over their activities.
The Australian aboriginal activist and lawyer Noel Pearson once said that
that the British gave three great things to the world: tea, cricket and
common law. If unchecked, the NSA and its sister spy agencies in the UK/USA
agreement may use this technology to lead an assault on the most important of
those gifts and the common law tenet "innocent until proven guilty" may be the
How ironic: one Blair wrote '1984' as fiction, and another is helping to
make it fact.
= = = = = = = = = = = = = = = =
An Australian-American writer, Suelette Dreyfus was educated in the UK
and US, studied at Oxford University and Columbia University in New York,
where she won the prestigious Teichmann Prize for excellence and originality
in writing. She is the author of Underground, the first book about Australian
computer hacking, available at
= = = = = = = = = = = = = = = = =
EDITOR'S NOTE: CyberWire Dispatch, with an Internet circulation
estimated at more than 600,000 is now developing plans for a
once-a-week e-mail publication. Every week, one of five well-known
investigative reporters will file for CWD. If you think your company
or organization would be interested in more information about
establishing an sponsorship relationship with CyberWire Dispatch,
please contact Lewis Z. Koch at firstname.lastname@example.org.
sets up Big Brother data store
By IAN GRAYSON
A GIANT data warehouse containing the personal and financial details of almost every Australian is being constructed by a United States company and will be operational by Christmas.
The warehouse will contain information from a diverse range of sources, including credit companies, retailers, electoral rolls, post office lists, car sales records and housing purchase records.
The power of the warehouse comes from its ability to cross-reference information from many different sources.
Detailed personal records therefore can be built up on anyone in the country.
Its existence has prompted expressions of concern from the Australian Consumers' Association.
ACA senior policy officer Charles Britton said it was "very scary" to think so much information would be stored in a single place.
"Most people would be unaware that all this data about them is being held by a single company," he said.
The warehouse has been constructed by Acxiom, a joint venture between the US company of the same name and the Packer family's Publishing and Broadcasting Limited (PBL).
It also will be fed information from a range of PBL sources including Channel Nine, ninemsn, Crown Casino and Ticketek.
Access to the warehouse, called InfoBase, will be offered to companies seeking to focus their marketing activities or learn more about their customers.
Acxiom Australia chief executive Andrew Robb said the massive database was being populated and would be put to work from the end of the year.
He said Acxiom was in negotiation with a range of information suppliers.
"A bank could have very rich data but it has a very narrow focus," Mr Robb said.
"If you can combine it with, say, lifestyle data, it becomes much more valuable.
" Running on a series of Compaq Alpha servers, the data warehouse uses Oracle software. Initially containing more than 15 million records, the database will constantly grow in size and complexity.
In the US, Acxiom has established what it claims is the world's largest database, which holds personal details on 95 per cent of all US households, or some 330 million people.
Acxiom international division head Jerry Ellis said the company's clients could access this vast information reserve and pull out records in seconds.
For example, if a customer called an insurance company, the company's computer system would recognize the incoming telephone number, query InfoBase, and provide a full profile on the customer before the call was answered.
"This is powerful stuff," Mr. Ellis said.
"The company can know a caller's income, credit rating, number of children and how many cars they own before they pick up the phone."
Mr. Ellis said the company strictly adhered to privacy legislation in every country where it operated.
"We also have what I call the shaving-mirror test," he said.
"If a staff member cannot look at themselves in a mirror and feel comfortable with the information we are collecting and using, they are encouraged to escalate it and it will be checked by management."
Mr. Robb said data warehousing technology enabled companies to change the way they interacted with customers.
"The move is very much from being product-focused to being customer-focused," he said.
"This has only been possible with the development of this kind of resource."
Mr. Britton said an individual's right to privacy should be protected at all times, but this was becoming increasingly difficult to ensure.
"There are also concerns as to just how accurate the data being held actually is," Mr. Britton said.
"People should have the opportunity to check their records and ensure they are accurate."
Although relatively unknown in Australia, Acxiom is a $US2.5 billion company with more than 450 corporate clients, including IBM, American Express, Wal-Mart and AT&T.
Earlier this year Acxiom announced it would be entering the Australian market through a joint venture with the Packers' PBL.
Lobby for Investigation of ECHILON/ILETS
November 30, 1999
If these links do not work then click over to http://www.aclu.org/echelonwatch/index.html and
fill it out from there. This is perhaps the most crucial piece of lobbying we can do as this
particular group of agencies presents the most serious threat to civil liberties to our society
to date. With the advent of technology and the relative ease for abuse this call to action
is probably the most important thing anyone can do for not only their own right to privacy
but the protection of civil rights for generations to come.
In just 2 clicks, you can fax or e-mail a prepared letter on a current civil liberties issue.
Or you can print out and mail the letter to be sure your representatives give it the same weight as traditional missives.
You can also e-mail your members of congress on any topic of your choice using our congressional lookup feature, check your representative's voting records, or sign up to be notified of future ACLU Action Alerts.
Please complete the fields below so that we can attach the appropriate header to your e-mail message.
Tuesday, November 30, 1999
Is Big Brother spying on you?
The eavesdropping stations are controlled by the National Security
Agency in Maryland, which is bigger than the FBI and CIA combined.
Is Big Brother spying on you?
Imagine your government being able to listen in on every call you
make, check every fax you send and find out about your ATM and credit
card transactions. Stop imagining. It is not a movie...it's real. Big
Brother- the U.S. government- may be secretly spying on you.
It may sound far-fetched, but it is true. A super-secret hi-tech
surveillance system has been in place for years to monitor
communications world wide. It is operated by five countries- the U.S.,
England, Canada, Australia and New Zealand.
Watch Ike Seaman's
Now former spies and others are coming forward to warn that this
system may be being used to listen to you. From thousands of miles in
space, satellites are monitoring every form of communication in the
world. They are zeroing in on your phone calls, e-mails, faxes, etc.
So who is controlling this super secret surveillance system?...
Government spy agencies. "This is a giant vacuum cleaner that's
capable of sweeping up essentially all telecommunications," said Barry
Steinhardt of theAmerican Civil Liberties Union. "It's worse than
that. It's also capable of intercepting all your ATM charges, credit
card transactions, anything that is communicated electronically,"
added former spy Mike Frost.
Twenty satellites circle the globe transmitting communications from
businesses, government, and people like you. The messages are
intercepted by a system that sounds like something from a spy novel.
It is called ECHELON- a vast worldwide network of eavesdropping
stations such as the one in Sabena Seca, Puerto Rico, which was
originally built to spy on Cold War enemies. It is controlled by
theNational Security Agency in Fort Meade, Maryland and is bigger than
the FBI and CIA combined.
Many Americans first heard about the NSA'S
awesome eavesdropping capability in the movie
"Enemy of the State." In it Gene Hackman warns Will
Smith: "The National Security Agency conducts
worldwide surveillance: Fax, phones, satellite
A growing number of critics charge this potential to invade your
privacy is targeting Americans. "To say that Big Brother is listening
is somewhat of an understatement given the magnitude of what appears
to be going on here," said Rep. Bob Barr, a Republican from Georgia.
NSA computers scan millions of messages listening for keywords trying
to find terrorists, drug dealers and threats to national security.
Experts estimate ECHELON also spies on as much as 90 percent of
Internet communications. Privacy experts such as Wayne Madsen, a
former NSA analyst, say if information gathered by high-tech computers
such as these are mis-used, innocent people can easily get caught in
ECHELON's web. "If you were to say I'm reading a book about the
Kennedy assassination right now, the assassination is a key word. It
would trigger the ECHELON database," Madsen, a former NSA analyst,
said. "These are innocent conversations that are being analyzed by
intelligence operatives." According to Frost, one man was a suspect
because an analyst said he repeatedly talked about "bombing." "He
wasn't saying "bombing." It was an undertaker talking about embalming
and this poor guy, we had him listed as a possible terrorist," said
Frost, who was a spy for 19 years. He was trained to use ECHELON for
Canada's secret spy agency, a NSA partner. "They can invade your
privacy and mine at will," Frost continued. Frost is the first
insider to ever talk about the secret eavesdropping system and NBC 6
is the first American television station or network to tell his story.
He showed NBC 6 Senior Correspondent Ike Seamans an ECHELON base in
Ottawa, Canada which he says can violate anyone's privacy. "It's being
geared toward individuals rather than the enemy. We are now looking at
citizens of our own country." Before Congress passed a law to stop it
20 years ago, the NSA routinely spied on Americans, sometimes on
orders from presidents. An official familiar with intelligence told
NBC 6: "The NSA still targets Americans if national security is
threatened. But abuses don't happen today." Abdeen Jabara says he was
not a threat when he led protests against U.S. Middle East policy. But
when he sued the government for invasion of privacy- and won- in 1994,
he learned the NSA spied on him. "For all I know, the NSA still has
this material. They have an enormous amount of material that they
maintain in computers as a result of this surveillance that has gone
on against Americans for many years and I'm just one of them," said
civil rights activist Abdeen Jabara.
The NSA spy base in Menwith Hill, England is the largest in the world.
Outside the spy base, using a home satdish aimed at a communications
satellite, protesters discovered how easy it is to eavesdrop... on
you. Congressman Barr, a former CIA analyst, wants a law to force the
agency to come clean about spying on Americans. "When the intelligence
community won't even come forward and provide us a basic understanding
of what they are doing, it certainly makes us suspicious," Barr said.
The NSA refuses to confirm or deny anything. James Bamford first
revealed the extent of NSA's spying in the book "The Puzzle Palace."
"The NSA is like a black hole. Everything goes in but nothing comes
out," Bamford said. "Yes, they eavesdrop on foreign countries but that
is what their job is. The question is- Will the system be turned on
the U.S. population? And that's the big danger." "Big Brother can
invade your privacy at will anytime he wants to and you will never
know it. And it's really scary," Frost warned, "If this isn't checked
in the near future, it's going to to become a very serious problem."
Awareness and now protests are growing. On Tuesday, the American Civil
Liberties Union put up a Website called ECHELON Watch to keep it in
the public eye. The European Parliament is also charging its citizens
are spied upon and wants it stopped. At a high-level briefing in
Washington, Seamans offered the NSA an opportunity to talk about
ECHELON. He was told, "There are so many allegations about NSA, we
can't confirm or deny the charges."
ILETS/ECHELON-MONSANTO IN BED?
November 26, 1999
In regards to the ILETS/ECHELON assault on the internet
this past week I've been pondering what it is exactly that has
initiated such a global takedown of internet connectivity and
activist's systems being blown and knocked out of the water.
I believe I've narrowed it down to one of two items if not both.
990 and Monsanto. Egypt Air 990 is practically obvious
but since so little has progressed on this story I tend to
lean to the Bio-Gen Modified food issue.
In Monsanto's case here's how I figure it. I caught on CNN
a blurb that American farmers were now backing off bio/gen
mod. foods because legislation went through that allowed growers of
non-modified crops to sue those that do for damage to
their crops because of sterilization by cross pollination.
This is a MAJOR development and I meant to shoot it
through but suddenly BellAtlantic's password servers
were knocked offline for 6 hours or more. The third time
this year and it took out NJ, NY and PA, the largest Hub
in BA's network. International routers were knocked offline
as well including New Zealand's Long Distance lines among
others. By the time it came back and I got around to trying to
track down the transcript; the story had magically disappeared.
In light of the Italian incident with police attacking anti-
BIO/GEN demonstrators and the huge internet and
public print PR campaign in support of Monsanto and
others activities it strikes me that this is an attempt to
squelch the momentum of a fast growing international
uprising to the plans of controlling the global food supply
at the source. As this has been a primary issue of us
here at AA for years now and have been very successful
in propagating this story and its progress its no surprise
that we've been targeted along with others. I noted that
almost everyone knocked out of the water has this particular
issue as one they've tracked.
AMERI-ADVOCATE / ONE GLOBAL ONE
Amsterdam - New York - Montreal
Santa Cruz - New Zealand
Internet spies' new tactics
Friday, 26 November, 1999,
Computer users are being warned by industry experts to beware of secret codes which could
be used to record their conversations.
Emails, screensavers, and electronic greeting cards can carry a secret code which is able to
switch on the computer's microphone, make a recording, and forward it to someone else
without the user's knowledge.
In fact any attachments sent to a computer, be it a game of Space Invaders, or a moving image,
can potentially be used to spy.
Experts say people should always think twice about opening attachments because - although
rare - bugging by computer can, and has been done.
Bill Lyons, head of the internet security company Finjan, said: "Military people in the United States
have tested this and you can be sure, if people in general are aware of it, then computer hackers are
aware of it.
"The frightening thing is, there are tools on the internet which people, using a simple search engine,
can find which will enable them to bind this malicious code to simple attachments."
Experts have also confirmed that what can be done with a computer's microphone could also be done
with a webcam - allowing pictures to be taken of people near a computer terminal.
Carl Saran, from Computer Weekly magazine, said: "I don't think this is scaremongering - it is
"I'm sure there are clever people who are thinking about how they can use this feature to look at
what people are doing on their computers."
*** NOTICE: In accordance with Title 17 U.S.C. Section 107, this material is distributed
without profit to SPYNEWS eGroup members who have expressed a prior interest in receiving
the included information for research and educational purposes only. For more information
go to: http://www.law.cornell.edu/uscode/17/107.shtml
November 24, 1999
Complete guide to ECHELON and ILETS
(NOTE- The info was too large to send thru the mail so please click on the link and trust me on this,
a very informative and necessary read)
This is a complete resend of the complete guide to ECHELON and ILETS when first identified. We at AA,
our favorite contributor and a host of others who like me were unwilling target test subjects of their development
process rallied and traced these folks and uncovered their test procedures, capablities, test targets and
then of course this gem that surfaced that provided a detailed history of these folks. It was a simple slip
in one technical document amoung thousands that inadvertantly named ILETS in a technical spec that
opened the whole thing up and a serious major applause should be given to the EU watchdogs from
numerous countries who caught it and allowed the rest of us to uncover it.
an excerpt, "
This report identifies a previously unknown international organisation - "ILETS" - which has, without parliamentary or public discussion or awareness, put in place contentious plans to require manufacturers and operators of new communications systems to build in monitoring capacity for use by national security or law enforcement organisations (section 5). "
November 18, 1999
The Complete Guide to Project TEMPEST
For complete documentation on this see
The Complete, Unofficial
TEMPEST Information Page
Celebrating almost three years of public disclosure, and one-stop shopping for TEMPEST info...
Across the darkened street, a windowless van is parked. Inside, an antenna is pointed out through a fiberglass panel. It's aimed at an office window on the third floor. As the CEO works on a word processing document, outlining his strategy for a hostile take-over of a competitor, he never knows what appears on his monitor is being captured, displayed, and recorded in the van below.
Breaking News - November 15, 1999 - I just received an e-mail from a Terrance L. Kawles, Esq. who is representing Frank Jones of Codex fame. Mr. Kawles takes exception to a note I recently added to this page that states some people question Mr. Jones' credibility. Mr. Kawles feels there is some type of smear campaign going on against his client by persons unknown, and is in the process of filing an action against various parties. In the note I suggested that interested readers check USENET archives and decide for themselves about Mr. Jones (over the years there has been a lively discussion on Mr. Jones, both pro and con). Mr. Kawles feels this note is defamatory, and offers me two options: "...either remove the Note, or remove your references and links to the Mr. Jones and Codex."
I'm going to indulge Mr. Kawles and remove all links and information regarding Mr. Jones and his TEMPEST products. Not because I'm caving in to the demands of some lawyer (my legal counsel states I have not published any defamatory statements regarding Mr. Jones). But mostly because anyone that resorts to these kinds of tactics on the Net, really doesn't deserve to be mentioned in this site, which is devoted to public disclosure.
And Mr. Kawles, in regard to your statement, "As I understand, Mr. Jones was instrumental in providing information when you began your studies of TEMPEST, yet you reward him with this unnecessary editorial comment." I'd love to see you substantiate that by providing any logs of communications between Mr. Jones and myself.
News - November 13, 1999 - Issue 21 of the hacking magazine SET (think of a Spanish Phrack), has a lengthy text file on TEMPEST with some interesting schematics. Check out the Spanish version here, or cut and paste interesting bits into Babelfish for translation here (any readers more fluent in Spanish than I are encouraged to submit a decent translation).
November 8, 1999 - New Scientist has a short TEMPEST article, where Markus Kuhn predicts intercept devices for under £1000 within the next five years (and although not TEMPEST specific, an interview with Ross Anderson included). Slashdot also has a thread going regarding the article.
October 25, 1999 - John Young filed a Freedom of Information Act request for TEMPEST-related material on May 18, 1998. The US government denied access to 22 of the 24 requested documents on grounds of secrecy. Parts of the two released documents (NSTISSAM TEMPEST/1-92 - Compromising Emanations Laboratory Test Requirements, Electromagnetics - Appendix A , Table of Contents, Sections 1 - 5, and Sections 6 - 12, Appendix A, Appendices B-M, Distribution List and NSA/CSS Regulation 90-5, Technical Security Program) are now available for review. John has filed an appeal in an attempt to get additional material disclosed.
I haven't had a chance to carefully read all of the documents yet, but when I get a chance, will provide a brief analysis. One interesting tidbit is the use of the codeword TEAPOT - "A short name referring to the investigation, study, and control of intentional compromising emanations (i.e., those that are hostilely induced or provoked) from telecommunications and automated information systems equipment." Who says the NSA doesn't have a sense of humor. TEMPEST, TEAPOT, ha, ha...
Note: The release just got mentioned over at Wired News and Slashdot, so be sure to check for insightful (or amusing) comments there. This page has gotten a fair amount of publicity lately, and I've added a Tales of the TEMPEST section that has interesting bits of e-mail I've received.
If you're even vaguely familiar with intelligence, computer security, or privacy issues, you've no doubt heard about TEMPEST. Probably something similar to the above storyline. The general principle is that computer monitors and other devices give off electromagnetic radiation. With the right antenna and receiver, these emanations can be intercepted from a remote location, and then be redisplayed (in the case of a monitor screen) or recorded and replayed (such as with a printer or keyboard).
TEMPEST is a code word that relates to specific standards used to reduce electromagnetic emanations. In the civilian world, you'll often hear about TEMPEST devices (a receiver and antenna used to monitor emanations) or TEMPEST attacks (using an emanation monitor to eavesdrop on someone). While not quite to government naming specs, the concept is still the same.
TEMPEST has been shrouded in secrecy. A lot of the mystery really isn't warranted though. While significant technical details remain classified, there is a large body of open source information, that when put together forms a pretty good idea of what this dark secret is all about. That's the purpose of this page.
The following is a collection of resources for better understanding what TEMPEST is. And no, I seriously don't think national security is being jeopardized because of this information. I feel to a certain extent, the "security through obscurity" that surrounds TEMPEST may actually be increasing the vulnerability of U.S. business interests to economic espionage. Remember, all of this is publicly available. A fair amount has come from unclassified, government sites. Up to this point, no one has spent the time to do the research and put it all together in a single location.
I've just begin to scratch the surface. If you have any additions, corrections, or amplifications, let me know. This is a work in progress, so check back often (updates are listed at the bottom of the page).
References marked with an (X), are good primary sources. If you just read these, you'll end up with an excellent overview on TEMPEST-related topics.
References marked with an (O) are reported dead links. These pages may be temporarily or permanently unavailable. Dead links are left for reference sake (you may want to check the main domain name or do further searching with AltaVista, etc.). It's interesting to note the number of military sites that now report 404 - Not Found or Forbibben Request errors for certain documents.
Note: As you start viewing TEMPEST info, you likely will run into vague or confusing acronyms. A great Net resource is the Acronym Finder site.
Joel McNamara - email@example.com
Original page - December 17, 1996 - updated November 15, 1999
What is TEMPEST?
Just how prevalent is emanation monitoring?
TEMPEST Urban Folklore
General TEMPEST Information
HIJACK and NONSTOP
Do It Yourself Shielding Sources
TEMPEST Hardware & Consulting
US Government Information Sources
Department of Energy
Department of Justice
Department of State
National Security Agency
National Institute of Standards and Technology
US Military Information Sources
U.S. Air Force
U.S. Coast Guard
Department of Defense
Tales of the TEMPEST
Non-TEMPEST computer surveillance
What is TEMPEST?
TEMPEST is a U.S. government code word that identifies a classified set of standards for limiting electric or electromagnetic radiation emanations from electronic equipment. Microchips, monitors, printers, and all electronic devices emit radiation through the air or through conductors (such as wiring or water pipes). An example is using a kitchen appliance while watching television. The static on your TV screen is emanation caused interference. (If you want to learn more about this phenomena, a company called NoRad has an excellent discussion (X) of electromagnetic radiation and computer monitors (and Chomerics has a good electromagnetic interference 101 page), that you don't need to be an electrical engineer to understand. Also, while not TEMPEST-specific, a journal called Compliance Engineering (O), typically has good technical articles relating to electromagnetic interference. There's also the Electromagnetic Compliance FAQ.)
During the 1950's, the government became concerned that emanations could be captured and then reconstructed. Obviously, the emanations from a blender aren't important, but emanations from an electric encryption device would be. If the emanations were recorded, interpreted, and then played back on a similar device, it would be extremely easy to reveal the content of an encrypted message. Research showed it was possible to capture emanations from a distance, and as a response, the TEMPEST program was started.
The purpose of the program was to introduce standards that would reduce the chances of "leakage" from devices used to process, transmit, or store sensitive information. TEMPEST computers and peripherals (printers, scanners, tape drives, mice, etc.) are used by government agencies and contractors to protect data from emanations monitoring. This is typically done by shielding the device (or sometimes a room or entire building) with copper or other conductive materials. (There are also active measures for "jamming" electromagnetic signals. Refer to some of the patents listed below.)
Bruce Gabrielson, who has been in the TEMPEST biz for ages, has a nice unclassified general description of TEMPEST that was presented at an Air Force security seminar in 1987.
In the United States, TEMPEST consulting, testing, and manufacturing is a big business, estimated at over one billion dollars a year. (Economics has caught up TEMPEST though. Purchasing TEMPEST standard hardware is not cheap, and because of this, a lesser standard called ZONE (O) has been implemented. This does not offer the level of protection of TEMPEST hardware, but it quite a bit cheaper, and is used in less sensitive applications.)
Emanation standards aren't just confined to the United States. NATO has a similar standard called the AMSG 720B Compromising Emanations Laboratory Test Standard. In Germany, the TEMPEST program is administered by the National Telecom Board. In the UK, Government Communications Headquarters (GCHQ), the equivalent of the NSA, has their own program.
The original 1950s emanations standard was called NAG1A. During the 1960s it was revised and reissued as FS222 and later FS222A.
In 1970 the standard was significantly revised and published as National Communications Security Information Memorandum 5100 (Directive on TEMPEST Security), also known as NACSIM 5100. This was again revised in 1974.
Current national TEMPEST policy is set in National Communications Security Committee Directive 4, dated January 16, 1981. It instructs federal agencies to protect classified information against compromising emanations. This document is known as NACSIM 5100A and is classified.
The National Communications Security Instruction (NACSI) 5004 (classified Secret), published in January 1984, provides procedures for departments and agencies to use in determining the safeguards needed for equipment and facilities which process national security information in the United States. National Security Decision Directive 145, dated September 17, 1984, designates the National Security Agency (NSA) as the focal point and national manager for the security of government telecommunications and Automated Information Systems (AISs). NSA is authorized to review and approve all standards, techniques, systems and equipment for AIS security, including TEMPEST. In this role, NSA makes recommendations to the National Telecommunications and Information Systems Security Committee for changes in TEMPEST polices and guidance.
Just how prevalent is emanation monitoring?
There are no public records that give an idea of how much emanation monitoring is actually taking place. There are isolated anecdotal accounts of monitoring being used for industrial espionage (see Information Warfare, by Winn Schwartau), but that's about it. (However, see a very interesting paper written by Ian Murphy called Who's Listening that has some Cold War TEMPEST spy stories.) Unfortunately, there's not an emanation monitoring category in the FBI Uniform Crime Reports. (While not TEMPEST-specific, the San Jose Mercury News printed a November 11, 1998 article(O) on how much money American businesses are losing to economic espionage. Considering some of the countries involved, hi-tech spying techniques are likely being used in some cases.)
There are a few data points that lead one to believe there is a real threat though, at least from foreign intelligence services. First of all, the TEMPEST industry is over a billion dollar a year business. This indicates there's a viable threat to justify all of this protective hardware (or it's one big scam that's making a number of people quite wealthy).
This scope of the threat is backed up with a quote from a Navy manual that discusses "compromising emanations" or CE. "Foreign governments continually engage in attacks against U.S. secure communications and information processing facilities for the sole purpose of exploiting CE." I'm sure those with appropriate security clearances have access to all sorts of interesting cases of covert monitoring.
In 1994, the Joint Security Commission issued a report to the Secretary of Defense and the Director of Central Intelligence called "Redefining Security." It's worthwhile to quote the entire section that deals with TEMPEST.
TEMPEST (an acronym for Transient Electromagnetic Pulse Emanation Standard) is both a specification for equipment and a term used to describe the process for preventing compromising emanations. The fact that electronic equipment such as computers, printers, and electronic typewriters give off electromagnetic emanations has long been a concern of the US Government. An attacker using off-the-shelf equipment can monitor and retrieve classified or sensitive information as it is being processed without the user being aware that a loss is occurring. To counter this vulnerability, the US Government has long required that electronic equipment used for classified processing be shielded or designed to reduce or eliminate transient emanations. An alternative is to shield the area in which the information is processed so as to contain electromagnetic emanations or to specify control of certain distances or zones beyond which the emanations cannot be detected. The first solution is extremely expensive, with TEMPEST computers normally costing double the usual price. Protecting and shielding the area can also be expensive. While some agencies have applied TEMPEST standards rigorously, others have sought waivers or have used various levels of interpretation in applying the standard. In some cases, a redundant combination of two or three types of multilayered protection was installed with no thought given either to cost or actual threat.
A general manager of a major aerospace company reports that, during building renovations, two SAPs required not only complete separation between their program areas but also TEMPEST protection. This pushed renovation costs from $1.5 million to $3 million just to ensure two US programs could not detect each other's TEMPEST emanations.
In 1991, a CIA Inspector General report called for an Intelligence Community review of domestic TEMPEST requirements based on threat. The outcome suggested that hundreds of millions of dollars have been spent on protecting a vulnerability that had a very low probability of exploitation. This report galvanized the Intelligence Community to review and reduce domestic TEMPEST requirements.
Currently, many agencies are waiving TEMPEST countermeasures within the United States. The rationale is that a foreign government would not be likely to risk a TEMPEST collection operation in an environment not under their control. Moreover, such attacks require a high level of expertise, proximity to the target, and considerable collection time. Some agencies are using alternative technical countermeasures that are considerably less costly. Others continue to use TEMPEST domestically, believing that TEMPEST procedures discourage collection attempts. They also contend that technical advances will raise future vulnerabilities. The Commission recognizes the need for an active overseas TEMPEST program but believes the domestic threat is minimal.
Contractors and government security officials interviewed by the Commission commend the easing of TEMPEST standards within the last two years. However, even with the release of a new national TEMPEST policy, implementation procedures may continue to vary. The new policy requires each Certified TEMPEST Technical Authority (CTTA), keep a record of TEMPEST applications but sets no standard against which a facility can be measured. The Commission is concerned that this will lead to inconsistent applications and continued expense.
Given the absence of a domestic threat, any use of TEMPEST countermeasures within the US should require strong justification. Whenever TEMPEST is applied, it should be reported to the security executive committee who would be charged with producing an annual national report to highlight inconsistencies in implementation and identify actual TEMPEST costs.
Domestic implementation of strict TEMPEST countermeasures is a prime example of a security excess because costly countermeasures were implemented independent of documented threat or of a site's total security system. While it is prudent to continue spot checks and consider TEMPEST in the risk management review of any facility storing specially protected information, its implementation within the United States should not normally be required.
The Commission recommends that domestic TEMPEST countermeasures not be employed except in response to specific threat data and then only in cases authorized by the most senior department or agency head.
It's also interesting to note that the National Reconnaissance Office (NRO) eliminated the need for domestic TEMPEST requirements in 1992.
The main difficulty in tracking instances of emanation monitoring is because it's passive and conducted at a distance from the target, it's hard to discover unless you catch the perpetrator red-handed (a bad Cold War pun). Even if a spy was caught, more than likely the event would not be publicized, especially if it was corporate espionage. Both government and private industry have a long history of concealing security breaches from the public.
As with any risk, you really need to weigh the costs and benefits. Is it cheaper and more efficient to have a spy pass himself off as a janitor to obtain information, or to launch a fairly technical and sophisticated monitoring attack to get the same data? While some "hard" targets may justify a technical approach, traditional human intelligence (HUMINT) gathering techniques are without a doubt, used much more often than emanation monitoring.
TEMPEST Urban Folklore
Because of the general lack of knowledge regarding TEMPEST topics, there is a fair amount of urban folklore associated with it. Here's some common myths. And if you can provide a primary source to prove me wrong, let me know (no friends of friends please).
It's illegal to shield your PC from emanation monitoring. Seline's paper suggests this, but there are no laws that I've found that even come close to substantiating. Export of TEMPEST-type shielded devices is restricted under ITAR, and most manufacturers will only sell to government authorized users, but there are no laws banning domestic use of shielded PCs.
Emanation monitoring was used to snare CIA spy Aldrich Ames and also during the Waco incident. Winn Schwartau appears to have started the speculation on these two events. While conventional electronic surveillance techniques were used, there's no published evidence to support a "TEMPEST attack."
You can put together a emanation monitoring device for under $100 worth of Radio Shack and surplus parts. Perhaps for a dumb video display terminal (VDT), but certainly not for a VGA or SVGA monitor. And definitely not for doing serious remote monitoring. There have been anecdotal accounts of television sets with rabbit ears displaying fragments of a nearby computer screen. Beyond that, effective, cheap, easy-to-build devices don't seem to exist. If they did, the plans would be available on the Net at just about every hacker site.
LCD displays on laptops eliminate the risks of TEMPEST attacks. Maybe, maybe not. The technology behind LCD monitors versus typical CRT monitors may somewhat reduce the risk, but I wouldn't bet my life on it. There have been anecdotal accounts of noisy laptop screens being partially displayed on TVs. If laptops were emanation proof, I seriously doubt there would be TEMPEST standard portables on the market.
TEMPEST is an acronym. Maybe. There have been a variety of attempts to turn TEMPEST into a meaningful acronym (such as Transient ElectroMagnetic Pulse Emanation STandard) by government and non-government sources. The official government line denies this, and states TEMPEST was a code word originally given to the standards, and didn't have any particular meaning.
There's virtually no information about TEMPEST on the Net because it's so secret. Nonsense. The world does not revolve around AltaVista. You just need to dig a little deeper.
General TEMPEST Information
Ross Anderson and Markus Kuhn (from Cambridge, UK) have written a new paper that I consider one of the most definitive sources of contemporary research on TEMPEST. Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations (X), looks at the software side of the topic, including TEMPEST viruses that can enhance interceptions. The most startling aspect, and the issue that has a lot of spook's knickers in a knot, is the use of special fonts to defeat monitoring. This .PDF file is a must read. You can now also download the anti-TEMPEST fonts.
One of the most distributed sources of TEMPEST information on the Net is a paper by Christopher Seline called "Eavesdropping On the Electromagnetic Emanations of Digital Equipment: The Laws of Canada, England and the United States." It deals with laws relating to eavesdropping on the electromagnetic emanations of digital equipment. Seline postulates that it is illegal for a U.S. citizen to shield their hardware against emanation eavesdropping. There are no laws to support this contention. Other information in the Seline paper has been questioned by informed sources, however, there is good source material contained in it.
The other widely distributed source is Grady Ward's "TEMPEST in a teapot" (X) post to the Cypherpunks list that discusses practical countermeasures based on techniques radio operators use to reduce electromagnetic interference. Good technical source material.
"Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?" (X) by Wim van Eck, Computers & Security, 1985 Vol. 4. This is the paper that brought emanation monitoring to the public's attention. Van Eck was a research engineer at the Dr. Neher Laboratories of The Netherlands' Post, Telegraph, and Telephone (PTT) Service. His paper was purposely incomplete on several points, and modifications were required to actually build a working device based on his plans. (.PDF format)
"Electromagnetic Eavesdropping Machines for Christmas?" (X) Computers & Security, Vol. 7, No. 4  A follow-up article to the van Eck paper. Excellent source material regarding why (and what) certain details weren't included in the original. .PDF and HTML formats.
"The Threat of Information Theft by Reception of Electromagnetic Radiation from RS-232 Cables", Peter Smulders, Dept of Electrical Engineering, Eindhoven University of Technology, 1990. Many people just think their computer monitors are vulnerable to emanation monitoring. This paper clearly shows that cabling is equally at risk. (.PDF format)
"Protective Measures Against Compromising Electromagnetic Radiation Emitted by Video Display Terminals" (X) by Professor Erhart Moller, Aachen University, Germany, 1990. A good introduction. Reprinted in Phrack 44.
"Data Security by Design" was written by George R. Wilson and appeared in Progressive Architecture, March 1995. It offers some interesting facts on shielding structures from emanation leakage.
PC Week, March 10, 1987 v4 p35(2) has an article by Vin McLellan (O) about emanation monitoring and TEMPEST.
TEMPEST Industry and People Grapple with Changing Perspectives is a 1991 paper by Dr. Bruce C. Gabrielson (a very respected name in the TEMPEST community) that discusses some of the economic challenges of the industry. Good background. Gabrielson also has a variety of EMC and INFOSEC papers online.
Winn "Mr. Information Warfare" Schwartau gave a presentation at DefCon II (the annual Vegas hacker get together) in 1994. Some decent information. The ~20 minute speech is available as a .WAV file(O) (a little over a meg - right mouse click to download).
TEMPEST MONITORING: A MAJOR THREAT TO SECURITY appears to be a university student paper. Decently written and fairly comprehensive.
Truthnet, Issue 2 (an e-zine) has a short, general layman's article on TEMPEST.
COMPUTERWOCHE, August 8, 1986, #34 Lauschangriff auf unbekannte Schwachstelle is a German article regarding TEMPEST shielded terminals. Thanks to Ulf Möller for the following summary:
The article says that authorities had long known about compromising radiation, but the information had leaked to business only recently. It was usually neglected by commercial computing centers and completely unknown to users. Experts estimate that screen contents can be received over a distance of 1 km, and of 300 m using amateur equipment. SCS GmbH gave recommendations on low-radiation screens determined in experiments. Room protection with Faraday cages is explained. Radiation-free computers, typically implemented by a Faraday cage inside the box, existed but were not available to the market. Beginning March 1 that year, authorities processing sensitive data were required by order of the ministry of interior to use only Tempest-protected devices approved by the ZfCH (= central office for encipherment, the predecessor of the BSI). The producers of those devices are obliged to secrecy and may deliver to authorities only. Ericsson was the market leader for security screens with a special version of the S41 terminal with an annual turnover of 10,000,000 DM. They would have liked to sell more of them, but were not allowed to deliver them to private companies.
Illegal Communications Interception Equipment Was Destined for Vietnam (from iPartnership)
By Bill Pietrucha
Vietnam was the intended final shipping point for restricted U.S. communications intercept
equipment, iPARTNERSHIP has learned. Shalom Shaphyr, arrested earlier this week for
allegedly possessing and selling Tempest computer intercept equipment, planned to first falsify the
nature of the equipment in export papers, ship it to a U.S. NATO ally, then to Israel, and finally to
The Tempest computer intercept equipment, also known as a video intercept receiver, is
considered a defense article under the International Traffic in Arms Regulations (ITAR), and
cannot be shipped to Vietnam without an export license.
In the U.S. District Court in the Eastern District Virginia late yesterday, Shaphyr, an Israeli citizen
living in the U.S. under a business visa, requested his detention hearing be postponed until July 20,
to give his lawyers "time to review the charges against me."
Shaphyr will continue to be held in the City of Alexandria, Va. detention center until the July 20
detention hearing date.
In papers filed with the court, FBI Special Agent Christian Zajac testified Shaphyr was "looking
for a Tempest monitoring system" capable of remotely capturing computer emanations. The
reason for the equipment, Shaphyr had said, was to view what was on a computer monitor from a
distance of "a few tens of feet maybe to a few hundred feet" away.
Zajac, an FBI Special Agent for the past two years, told the court Shaphyr indicated the
equipment would be used by the Vietnamese government "in a joint venture." Along with the
equipment, Zajac told the court, Shaphyr also asked for a syllabus outlining the training that would
be provided on the Tempest equipment, indicating the trainees would be Vietnamese.
Shaphyr, iPARTNERSHIP learned, operates a business with offices in Vietnam and England, and
is an FAA certified pilot, flight engineer and navigator listing his address in Ho Chi Minh City, Viet
Zajac said the joint FBI-U.S. Customs Service investigation, which began in November 1998, led
to Shaphyr's arrest this past Wednesday after Shaphyr paid an FBI undercover agent $2,000 in
U.S. currency to export the Tempest equipment to Israel without a license. The total price
Shaphyr allegedly agreed to pay for the Tempest equipment was $30,000, Zajac testified.
Zajac said the investigation did not end with Shaphyr's arrest, and is continuing.
Slashdot has a short thread on TEMPEST (7/19/99) with some interesting personal accounts of ex-military types.
Berke Durak has some interesting test results as well as source code that demonstrates how easy a CPU can transmit data in the FM band.
Some general notes on a presentation and workshop given by Professor Mueller (Moller?) during the 1997 HIP conference. Some interesting technical notes.
Tempest - een beeldige opsporingsmethode - 1997 Dutch article by Bert-Jaap Koops. Quick summary by an anonymous reader:
In the article Drs. B.J. Koops -- a researcher at the Katholieke Universiteit Brabant and the Technische Universiteit Tilburg (Catholic University Brabant and Technical University Tilburg, both in the Netherlands) gives a short introduction to what TEMPEST is, what it can be used for.
He notes that there are three ways of tapping info: wires (electrical), direct radiation and radiation emitted by screen-to-PC cable.
He continues talking about wether or not it is legal for individuals and the police to use TEMPEST monitoring.
It turns out that it is illegal for individuals (due to some amendments to wiretapping laws), and it is illegal for police (since they need explicit permission to do so, and TEMPEST nor radiation monitoring is mentioned in Dutch law).
He ends the article proposing a discussion in the parliament on wether or not PC-tapping would be allowed in the Netherlands, since that is a political decision.
c't interview (4/94) with surveillance expert Hans-Georg Wolf on industrial espionage. Some interesting TEMPEST tidbits. There's also another general article in the same issue with some eavesdropped monitor photos.
A quick search of IBM's patent server service revealed several interesting patents:
Patent number 4965606 - Antenna shroud tempest armor (1989)
Patent number 5165098 - System for protecting digital equipment against remote access (1992)
Patent number 4932057 - Parallel transmission to mask data radiation (1990)
Patent number 5297201 - System for preventing remote detection of computer data from tempest signal emissions (1994)
Patent number 5341423 - Masked data transmission system (1994)
A note about patent 5297201. It references patent 2476337 that was issued July 1, 1949. Unfortunately, the details aren't available online, but the reference may be telling as to just how long emanation monitoring has been taking place.
"Cabinets for Electromagnetic Interference/Radio-Frequency Interference and TEMPEST Shielding" by Kenneth F. Gazarek, Data Processing & Communications Security, Volume 9, No. 6 .
Information Warfare, Winn Schwartau, Thunder's Moth Press, New York, 1996 (second edition)
Chapter 7, The World of Mr. van Eck, is devoted to TEMPEST-related topics. There's some good information, but it's painted pretty broadly, and really doesn't get into technical details (the second edition does present much more material on HERF guns and other topics, but nothing has been added to the van Eck chapter). Still, a good read, also some additional sources not mentioned on this page in the Footnotes section.
Computer Security Basics, (X) Deborah Russell and G. T. Gangemi Sr., O'Reilly & Associates, Sebastpol, CA, 1991. Chapter 10, TEMPEST, provides an excellent overview of the risks of emanations as well as the government TEMPEST program. This is a must read.
I don't have a citation, but in 1997 the German computer magazine c't apparently published an article that described a home-built TEMPEST monitor. It consisted of an old Russian television (because it wasn't limited to receiving certain channels - stepless frequency tuning) and a piece of copper for the antenna. The testers couldn't target invidual computers though, and received images from a variety of screens when cruising through a neighborhood. Anyone that has access to an original copy of the article, please contact me.
Those in the know no longer generically use the term TEMPEST to refer to emanations secruity. The current buzzword d'jour is EMSEC, or Emissions Security. If you read between the lines, the change to the term EMSEC is interesting. A quote from an Air Force site(O):
"Emission Security (EMSEC) better known as TEMPEST has taken a drastic change over the past few years. These changes have necessitated a complete revision of rules and regulations, causing the need for new publications. While these new publications have been drafted and are in the coordination stages, we must continue to keep informed and up-to-date on EMSEC policy and procedures."
Hmmm. Just what drastic changes are we talking about? Idle speculation might include:
Budget cuts and directives have cut back on TEMPEST use forcing new policies.
Other types of emissions have been discovered that pose a security threat.
From the same site comes this quote:
"WHAT IS COMPROMISING EMISSIONS (sic)? Compromising emissions are unintentional intelligence-bearing signals which, if intercepted and analyzed, disclose the classified information transmitted, received, handled, or otherwise processed by any information processing equipment."
It's curious that the term "electromagnetic radiation" isn't used in the definition. So, there are other monitoring vulnerabilities besides TEMPEST. Which leads us to HIJACK and NONSTOP.
HIJACK and NONSTOP
In my quest for open-source material regarding TEMPEST, I've started to run into two new codewords, HIJACK and NONSTOP. At first there was only some sketchy information:
References to NONSTOP and HIJACK testing is starting to appear in outlines for TEMPEST training courses (with a reference to NACSEM 5112). Secret clearances are required for attending the classes. A Department of Defense course description reads, "The course will train students in the operation of the Honeywell and HLDS test detection systems and in the fundamental requirements of NONSTOP/HIJACK testing."
An Air Force training glossary(O) lists the definitions of HIJACK and NONSTOP as classified.
Countermeasures are apparently being used against NONSTOP, with a reference to NSTISSI 7001.
Then, thanks to publicly available documents I found on the Net, we now know a little bit more. Although the documents had classified information excised, there were still enough tidbits to put together a speculative guess regarding what HIJACK and NONSTOP related to.
NONSTOP is a classified codeword that apparently relates to a form of compromising emanations, but involves the transmital of the signals from radio frequency devices (handheld radio, cell phone, pager, alarm system, cordless phone, wireless network - AM/FM commercial broadcast receivers are excluded) in proximity to a device containing secure information. There are specific guidelines for either turning the RF device off, or keeping it a certain distance away from the secure device (PC, printer, etc.).
HIJACK is a classified codeword that apparently relates to a form of compromising emanations, but involves digital versus electromagnetic signals. An attack is similar in nature to a TEMPEST attack, where the adversary doesn't need to be close to the device that's being compromised. It does require access to communication lines (these can be wire or wireless). The adversary uses antennas, receivers, a display device, a recording device, and one additional piece of equipment (a special detection system that is supposedly very sensitive and very expensive; and there are not very many of them in existence - sorry, I don't have any other details). Also, the technician using this special equipment will supposedly require a great deal of training and experience.
Remember, the above is speculation. And whether the guesses are accurate or not, at this point you'd need to have a security clearance to know for sure.
John Williams (Consumertronics, 2430 Juan Tabo, NE, #259, Albuquerque, NM 87112) sells the Williams Van Eck System, an off the shelf emanation monitoring device. He also has a demonstration video and and a book called "Beyond Van Eck Phreaking." The updated Consumertronics Web site has a variety of interesting products (the $3 paper catalog is a good read too). In past written correspondence with Mr. Williams, he has provided a considerable amount of technical details about his products.
Ian Murphy, CEO of IAM/Secure Data System wrote a very interesting paper on TEMPEST, including a Radio Shack parts list for building a receiver.
I'm currently looking for first hand, real-world accounts of a monitoring device actually being used to gather intelligence (not in a demonstration). PGP-encrypted e-mail through anonymous remailers or nym servers perferred.
Do It Yourself Shielding Sources
After you've read Grady's paper...
If you're handy with a soldering iron, Nelson Publishing produces something called the EMI/RFI Buyers' Guide. This is a comprehensive list of sources for shielding material, ferrites, and other radio frequency interference and electromagnetic interference type products. There's even listings for TEMPEST products and consultants. Unfortunately, most of the sources don't have links. But company names, addresses, and phone/FAX numbers are supplied.
A more general electronics manufacturer data base is electroBase. They have over 7,800 manufacturers of all types listed.
There's an interesting product called Datastop Security Glass, that's advertised as the only clear EMF/RFI protection glass on the market. It's free of metal mesh, so has excellent optical clarity. This is the same stuff the FAA uses in air traffic control towers. Contact TEMPEST SECURITY SYSTEMS INC. for more details.
Just remember, effective emanation security begins with the physical environment. Unless you can shield the wiring (telephone lines, electrical wiring, network cables, etc.), all of the copper around your PC and in the walls isn't going to stop emanations from leaking to the outside world. In shielding, also remember that emanations can pass from one set of wires to another.
TEMPEST Hardware & Consulting
Here's some of the players in the billion dollar plus a year TEMPEST industry (this is by no means a complete list):
ADI Limited(O) is a big Australian defense contractor that does some TEMPEST testing.
AFC (Antennas for Communications) manufacturers TEMPEST sheilding enclosures for antennas.
Advanced Technology System Corporation sells TEMPEST equipment and provides consulting services.
Aerovox manufactures a variety of EMI filters. Nice downloadable catalog (Windows help format) with photos.
Allied Signal Aerospace performs Canadian TEMPEST testing.
Austest Laboratories is a down-under company that provides TEMPEST testing.
DEMCOM provides Soft-TEMPEST fonts in their Steganos II security suite.
Cabrac makes TEMPEST enclosures (nice picture).
Candes Systems Incorporated (X) produces TEMPEST products, including monitors, printers, and laptops. Nice photos and specs.
COS provides TEMPEST design and consulting services.
BEMA Inc. produces shielding products including a slick portable TEMPEST tent.
Braden produces shielded room components.
Computer Security Solutions is a women owned business in Virginia specializing in TEMPEST products.
Compucat (O) is an Australian company that provides a variety of TEMPEST products and services.
Compunetix(O) produces various TEMPEST rated product.
Conductive Coatings, a division of the Chromium Corporation, produces a variety of shielding solutions.
Corcom makes a variety of shielded jacks (RJ type) in its Signal Sentry line.
Corton Inc. manufactures TEMPEST keyboards.
Cryptek(O) sells TEMPEST photocopiers and communication products.
Cycomm sells TEMPEST workstations, terminals, printers, and more to folks like the State Department. Recently merged with Hetra.
D2D/Celestica(O) is a British TEMPEST testing, design, and manufacturing firm.
Dina distibutes Emcon TEMPEST products.
Dynamic Sciences (O) is another TEMPEST-oriented company. Among other things, they produce a piece of hardware called the DSI-110, for surveillance and testing purposes.
Einhorn Yaffee Prescott is an architecture and engineering firm that has built TEMPEST buildings for defense contractors.
Elfinco SA(O) is a British company that produces sheilding products. Most notable is electromagnetic shielded concrete.
Equiptco Electronics (O) sells a variety of general electronic equipment and supplies, some TEMPEST standard (but you need to dig through their catalog to find it).
EMC Technologies is an Australian company that provides TEMPEST testing.
Emcon Emanation Control Limited, in Onatrio, Canada, has been providing TEMPEST equipment to NATO governments for the past 12 years.
EMP-tronic is a Swedish company specializing in shielded rooms.
ERS is a recruiting service that finds jobs for TEMPEST engineers (and others).
Filter Networks produces inline TEMPEST line filters.
Framatome Connectors International manufactures TEMPEST cables and connectors in the UK, especially suited for marine use.
GEC-Marconi Hazeltine(O) produces COMSEC products as well as TEMPEST design and test facilities.
Glenair is a multi-national company that produces some shielding products.
Greco Systems manufactures factory tools and ruggedized TEMPEST computers.
GSCG. Formerly GRiD Government Systems. Tempest laptops, desktops, and printers.
GTE, the phone people, make a TEMPEST version of their Easy Fax (O) product, complete with a STU-III (encrypted phone) gateway.
HAL Communications Corp. provides TEMPEST shielded modems and radio equipment to the government.
Hetra Secure Solutions (X) sells lots of TEMPEST goodies.
Hewitt Refractories Limited produces Manta, a ceramic material that can be used for shielding.
Hyfral is a French company that specializes in room shielding.
IAM Secure Data Systems (O) offers Tempest consulting services.
ILEX Systems sells TEMPEST fax machines and other goodies.
JMK makes a variety of filters (including those of the TEMPEST variety).
Kern Engineering makes TEMPEST backshells for connectors.
Kontron Elektronic is a German company that offers a slick little shielded portable.(O)
LCR Electronics makes Tempest filters.
Lindgren-Rayproof is a British company specializing in shielding.
Logical Solutions builds and sells Tempest cables.
Lynwood is a UK supplier of TEMPEST and ruggedized PCs.
Motorola SSTG EMC/TEMPEST Laboratory(O) - Arizona testing facility.
NAI Technologies (X)(O) produces a variety of TEMPEST standard workstations and peripherals.
Nisshinbo is a Japanese company that provides quite a bit of detail on its TEMPEST shielding products. The DENGY-RITE 20 wideband grid ferrite absorber panels is especially interesting.
P & E Security Analysis - TEMPEST and security consulting. Some good links to government pubs.
Panashield manufactures a variety of shielding enclosures.
Profilon makes a TEMPEST laminate that can be installed over glass.
Pulse Engineering manufactures sheilded COMSEC and INFOSEC hardware.
Racal Communications does TEMPEST evaluations.
Radiation Sciences Inc. is a TEMPEST consulting and training firm in Pennsylvania.
Raytheon Systems Company provides TEMPEST testing services (not much detail).
SCI Consulting has done TEMPEST work for clients like the Department of Energy.
Schaffner EMC supplies EMC filtering and testing devices.
Secure Systems Group (SSG) has been around since 1986, providing a variety of TEMPEST computer products.
Security Engineering Services Inc. is a consulting firm that offers TEMPEST courses and other services. The courses are only offered to students who have a security clearance. The interesting thing is the course books appear to be orderable by any U.S. citizen. TEMPEST Hardware Engineering and Design and TEMPEST Program Management and Systems Engineering, with over 800 pages of total material are available for $200.
Seimens makes TEMPEST versions of HP LaserJets and other product.
Shadow Chaser Investigations is a private investigation firm that supposedly does TEMPEST work.
Solar Electronics sells a variety of EMI filters, including TEMPEST specific.
Southwest Research Institute(O) (SwRI) performs TEMPEST and other testing.
SystemWare Incorporated is another consulting company that offers TEMPEST consulting. Not much information at this site.
TRW Specialized Services offers TEMPEST testing, both in the lab and field. This site has a nice Acrobat brochure that describes their services.
TSCM Consultant supposedly offers TEMPEST security consulting (page was under construction).
Tecknit is one of the leaders in shielding products. They specialize in architectural shielding (copper coated doors, panels, etc.) and smaller gaskets and screens for electronic devices. A very informative site, with downloadable Acrobat catalogs.
Tempest Inc. has been around for 13 years and produces TEMPEST standard hardware for the government and approved NATO countries. Their catalog isn't online, but as an example they offer an interesting Secure Voice Switching Unit that's used in USG executive aircraft. Not much technical information here.
Turtle Mountain Communications makes a TEMPEST fax device and other communications equipment.
TUV is a British firm that does TEMPEST testing.
Tempest Security Systems - Vendor of Pilkington architectural glass that reduces emmanations.
Wang Federal Systems (O) also sells TEMPEST rated hardware as well as performs testing. This site contains their product and services catalog. Some good information.
Windermere Group performs government TEMPEST testing.
Veda Inc. (O) is a defense contractor who landed a 5.6 million dollar Navy contract for TEMPEST and COMSEC services.
XL Computing is a Florida company with a large catalog of TEMPEST hardware.
ZipperTubing manufactures EMI cable sheilding.
There's an interesting EMC-related site that has lots of job listings, many having to deal with TEMPEST. This is a good intelligence source.
A truth in advertising note: Just because a piece of hardware is advertised as "designed to meet NACSIM 5100A" or "designed to meet TEMPEST standards" doesn't mean the device has gone through the rigorous TEMPEST certification process. "Real" TEMPEST hardware will clearly state it has been certified or endorsed.
US Government Information Sources
"The National TEMPEST School (at Lackland Air Force Base - here's a map(O)) is responsible for providing training on TEMPEST criteria for installing, designing and testing electronic information processing systems for all U.S. Government departments and agencies, selected non-government agencies, and approved personnel from allied nations." Check out their course listings and schedules (archived here(O)). Gee, wonder if I can enroll in a class or two?
Department of Energy (DOE)
The Department of Energy is an extremely security conscious agency. A variety of their documents provide revealing glimpses of TEMPEST procedures.
While not TEMPEST-specific, the DOE's Computer Incident Advisory Capability (CIAC) has an interesting document called CIAC-2304 Vulnerabilities of Facsimilie Machines and Digital Copiers (PDF format). In it, TEMPEST threats to FAX machines and copiers are briefly discussed. There are several papers referenced, including:
DOE 5639.6A, Classified Automated Information System Security Program, July 15, 1994
DOE M 5639.6A-1, Manual of Security Requirements for the ClassifiedAutomated Information System Security Program, July 15, 1994
DOE 5300.2D, Telecommunications: Emission Security (TEMPEST), August 30, 1993(O)
The DOE's Safeguards and Security Central Training Academy also has some relevant classified training courses.
The DOE apparently uses a company called DynCorp(O) to perform internal TEMPEST assessments.
Department of Justice
Ricoh supplies TEMPEST shielded FAX machines to the FBI, DEA, and U.S. Marshals Service.
Geological Survey (USGS)
Even the map making folks get involved with TEMPEST. Check out the National Security Information Automated Information Systems section of their manual.
National Institute of Standards and Technology (NIST)
In the 1989 Annual Report of the National Computer System Security and Privacy Advisory Board(O), NIST stated that "TEMPEST is of lower priority in the private sector than other INFOSEC issues." It's fairly well known that NIST is influenced by the NSA, so this quote needs to be taken with a grain of salt.
NIST has a list of accredited laboratories(O) that perform MIL-STD-462 (electromagnetic interference) testing. Some of these also do TEMPEST testing.
While a bit dated (1986), A GUIDELINE ON OFFICE AUTOMATION SECURITY has a few references to TEMPEST, as well as other computer security nuggets.
Brief mention of the Industrial TEMPEST program as well as contacts (may be dated).
National Security Agency (NSA)
The NSA publishes something called the Information Systems Security Products and Services Catalogue (X). It contains a list of TEMPEST compliant hardware (as well as other approved security products). The cost of the catalog is $15 for a single copy or $34 for a yearly subscription (four issues). Requests for this document should be addressed directly to:
The Superintendent of Documents
U.S. Government Printing Office
Washington, D.C. 20402
Unfortunately, several of the following classified documents can't be ordered:
"Tempest Fundamentals", NSA-82-89, NACSIM 5000, National Security Agency, February 1, 1982 (Classified).
"Guidelines for Facility Design and RED/BLACK Installation, NSA-82-90, NACSIM 5203, National Security Agency, June 30, 1982 (Classified).
"R.F. Shielded Enclosures for Communications Equipment: General Specification", Specification NSA No. 65-6, National Security Agency Specification, October 30, 1964.
"Tempest Countermeasures for Facilities Within the United States", National COMSEC Instruction, NACSI 5004, January 1984 (Secret).
"Tempest Countermeasures for Facilities Outside the United States", National COMSEC Instruction, NACSI 5005, January 1985 (Secret).
National Security Telecommunications and Information Systems Security Advisory Memorandum (NSTISSAM) TEMPEST/2-95, RED/BLACK Installation Guidance; 12 December 1995
NCSC 3 - TEMPEST Glossary (title UNCLASSIFIED; document SECRET)
NACSEM 5009 - Technical Rational: Basis for Electromagnetic Compromising Emanations limits (title UNCLASSIFIED; document CONFIDENTIAL)
NTISSI 4002 - Classification Guide for COMSEC Information (title UNCLASSIFIED; document SECRET)
NACSEM 5904 - Shielded Enclosures (title UNCLASSIFIED; document CONFIDENTIAL)
NSTISSAM TEMPEST/2-91 - Compromising Emanations Analysis Handbook (title UNCLASSIFIED; document CONFIDENTIAL)
NACSEM 5108 - Receiver and Amplifier Characteristics Measurement Procedures (title UNCLASSIFIED; document FOR OFFICIAL USE ONLY)
On May 14, 1998, John Young filed a Freedom of Information Act request with the NSA to provide him with information relating to TEMPEST. The NSA replied that he would have the material by July, 1999. See Breaking News at the top of the page.
While it's not hard to guess, the State Department uses TEMPEST equipment in foreign embassies. There's a position called a Foreign Service Information Management Technical Specialist - Digital(O), that pays between $30,000 to $38,000 a year. The ideal candidate should have a knowledge of TEMPEST standards as well as the ability to repair crypto hardware.
Along with cryptography, the export of TEMPEST standard hardware or devices for suppressing emanations is restricted by the International Traffic in Arms Regulations (ITAR). However, there is an exception in that: "This definition is not intended to include equipment designed to meet Federal Communications Commission (FCC) commercial electro-magnetic interference standards or equipment designed for health and safety."
The Treasury Department's Office of Security is mandated with handling TEMPEST and emissions security.
US Military Information Sources
Part of the government's mandate to reduce costs is to make information available online. While the average user doesn't have access to Milnet or Intelink, there are a variety of unclassified, military sources on the Internet that directly or indirectly relate to TEMPEST standards.
Jargon alert. You'll sometimes see references to RED/BLACK systems. A red system is any device that stores or transfers classified data. Black systems store/transfer unclassified data. Gee, with all of the black projects and helicopters around these days, I would have thought it would be the other way around.
The Navy seems to be a further ahead then the other services in putting content online, including:
Chapter 16 of the Navy's AUTOMATED INFORMATION SYSTEMS SECURITY GUIDELINES manual is devoted to emanations security (X). Probably the most interesting section in this chapter deals with conducting a TEMPEST Vulnerability Assessment Request (TVAR). Completing the TVAR questionnaire provides some common sense clues as to how electronic security could be compromised. (The Navy seems to have pulled this. Try this alternate link.(O))
Chapter 21 of the same manual deals with microcomputer security. Section 21.8 Emanations Security, reads: "TEMPEST accreditation must be granted for all microcomputers which will process classified data, prior to actually processing the data. Your security staff should be aware of this and submit the TEMPEST Vulnerability Assessment Request (TVAR) to COMNISCOM. Microcomputers may be able to comply with TEMPEST requirements as a result of a TEMPEST telephone consultation, as permitted by COMNISCOM. Contact the Naval Electronic Security Engineering Center (NESSEC) for further information to arrange a TEMPEST telephone consultation. Use of a secure phone may be required and your request will be followed with written guidance." This leads one to believe that certain PC systems may not be as susceptible as others to emanations monitoring.
C5293-05 TEMPEST Control Officer Guidebook - "Provides guidance to the individual assigned responsibility for TEMPEST implementation at a major activity." Unfortunately, not online, and likely classified.
NISE East Information Warfare-Protect Systems Engineering Division(Information Warfare-Protect Systems Engineering Division - Code 72) puts on a couple of TEMPEST related training courses, (O) including "Tempest Criteria for System/Facility Installation" and "Tempest Fundamentals." These are targeted toward Department of Defense personnel and civilian contractors who must comply with TEMPEST standards as part of their business.
"The Reduction of Radio Noise Eminating from Personal Computers" (O) is a thesis topic at the Department of Electrical Engineering, Naval Postgraduate School.
Electromagnetic Environmental Effects. While not security-related, some good background information.
Check out Grumman Aerospace's spiffy TEMPEST building, where they do development work for the Navy on the EA-6B aircraft.
The Navy's INFOSEC site has lots of interesting information. There's even a TEMPEST related services link. Information Warfare (IW) Protect Systems Engineering Division (Code 72) appears to be the key TEMPEST players.
U.S. Air Force
The Air Force Emmission Security Program instruction manual (AF Instruction 33-203) has a remarkable amount of information about TEMPEST. My guess is this site won't remain available to the public for very long.
Even though the DoD started shutting down Web sites back in September for security reasons, there is still a tremendous amount of material being made to the general public. Examples that came from Offut Air Force Base these:
AIR FORCE EMISSION SECURITY PROGRAM (AFI 33-203) (X)(O) or here(O) in case it is pulled
EMISSION SECURITY ASSESSMENTS (AFSSI 7010) (X)(O) or here(O) in case it is pulled
EMISSION SECURITY COUNTERMEASURE REVIEWS (AFSSI 7011) (X) or here(O) in case it is pulled
I really doubt these will be available very long. There is a remarkable amount of detail in these documents.
The Air Force's Rome Laboratory has produced a variety of interesting defense related systems. Some developments likely related to TEMPEST include:
In 1961 the Electromagnetic Vulnerability Laboratory was established.
In terms of emanation monitoring, circa 1965 - 70, a Wullenweber antenna(O) (called the "elephant's cage") is reputed to have done an excellent job of retrieving stray signals. While hardly a portable device, it does suggest the military was actively pursuing emanation monitoring during this period.
In 1964, Rome developed the AN/MSM-63 Electromagnetic Measurement Van (no information as to whether it just served a testing function, or could be used for surveillance).
In June of 1965, RADC a lightweight (350-pound) electromagnetic surveillance antenna was developed that was operationally equivalent or better than systems that were up to ten times larger and heavier. During that same year considerable progress was made in the area of reducing vulnerability to electromagnetic interference. Mr Woodrow W. Everett, Jr. was among personnel recognized for technological improvements in wave guides, electronic tube components, and greater electronic compatibility.
The Air Force is currently engaged in research and development for building TEMPEST sheilded vans and command shelters using lightweight composite components.
Other Air Force documents:
"Ground-based Systems EMP Design Handbook", AFWL-NTYCC-TN-82-2, Air Force Weapons Laboratory, February 1982.
"Systems Engineering Specification 77-4, 1842 EEG SES 77-4", Air Force Communications Command, January 1980.
Lately the Air Force has developed a program called SATE (Security Awareness Training & Education) that integrates COMSEC, COMPUSEC and EMSEC disciplines.
The 497th Intelligence Group (497 IG), out of Bolling Air Force Base, Washington DC, manages TEMPEST related issues for the Air Force.
The U.S. Army Information Systems Engineering Command(O) is headquartered at Fort Huachuca, Arizona (here's the new link for ISEC, with access password protected). The Fort engages in a variety of spook-related activities. One of the classified documents that is referenced is:
AR 380-19-1, Control of Compromising Emanations; 4 September 1990
The Army Corps of Engineers released a publication called "Electromagnetic Pulse (EMP) and TEMPEST Protection for Facilities" (X) EP1110-3-2, in December 1990 (unclassified). This is a treasure trove of information related to shielding buildings. (Thanks to John Young for digitizing parts of this massive document. It's also available in sections, PDF format, from an Army site.)
The Army Corps of Engineers, Construction Engineering Research Laboratories, has also been experimenting with low cost TEMPEST shielding technologies. Low Cost EMP EMI Tempest Shielding Technology (O) fact sheet link doesn't work anymore, but you can get a summary here(O).
The Army's White Sands Missle Range has a Test Support Division(O) that does TEMPEST testing as well as other things. An interesting photo of the inside and outside of a test truck is shown.
The Army's Blacktail Canyon (X) EMI/TEMPEST facility at Ft. Huachuca (spook-related location in Arizona), recently put up a Web page, with lots of interesting info. Also check the main Electronic Proving Ground site (why it is a .com instead of .mil or .gov site I have no idea).
The Army's Protective Design Center in Omaha specializes in structure designs to resist blasts as well as TEMPEST attacks.
U.S. Coast Guard
The Coast Guard has a TEMPEST security program(O) in their Security Policy and Management Division (G-WKS-5)
Department of Defense
The Department of Defense's Defense Technical Information Center(O) has information regarding the Collaborative Computing Tools Working Group (O) (representatives from private sector and the intelligence and defense communities). The CWG put together some TEMPEST recommendations for video-conferencing products (O).
From a post to the Cypherpunks list in April of 1994, by Steve Blasingame:
An overview of TEMPEST can be found in DCA (Defense Communications Agency) Circular 300-95-1, available from your nearest Federal Documents Depository / Government Library. The section of interest in is Volume 2, DCS Site and Building Information, sections SB4 & SB5, (Grounding,Shielding,HEMP). SB5 though not directly covering RFI/RF Emanation is devoted to shielding for high altitude electromagnetic pulse radiation (HEMP). The documents discuss Earth Electrode Systems, Fault Protection Systems, Lightning Protection Systems, Signal Reference Systems, and RFI containment, they also briefly discusses radio signal containment (TEMPEST) as well. This is a must-read for anyone wishing to keep their bits to themselves. Discussions of testing and validation methods are not discussed in the unclassified documents. I have included the references to the Secret/Classified documents for the sake of completeness. It is possible that some of them are by now de-classified, or may be requested through FOIA.
DA Pamphlet 73-1, Part One, 16 Oct 1992 (DRAFT) (X)(O) is an obscure document that discusses survivability and mission performance of military systems. The interesting thing in this pamphlet is a fairly detailed description of the military's Blacktail Canyon facility.
Other Defense Department documents:
MIL-STD-188-124, "Grounding, Bonding, and Shielding for Common Long Haul/Tactical Communication Systems", U.S. Dept. of Defense, June 14, 1978.
MIL-HDBK-419, "Grounding, Bonding, and Shielding for Electronic Equipments and Facilities", U.S. Dept. of Defense, July 1, 1981.
"Physical Security Standards for Sensitive Compartmented Information Facilities (SCIF), Manual No. 50-3 Defense Intelligence Agency (For Official Use Only), May 2, 1980.
"Design Practices for High Altitude Electromagnetic Pulse (HEMP) Protection", Defense Communications Agency, June 1981.
"EMP Engineering Practices Handbook", NATO File No. 1460-2, October 1977
Some interesting FOIA Star Wars program computer security requirements, including a TEMPEST separation table.
The US isn't the only one playing the TEMPEST game. Here's some additional sources from various countries.
A brief defense document on emmanation security.
COMMUNICATIONS SECURITY ESTABLISHMENT PUBLICATIONS
COMSEC Installation Planning (TEMPEST Guidance and Criteria) (CID/09/7A), 1983, (English only)(Confidential)
Criteria for the Design, Fabrication, Supply, Installation and Acceptance Testing of Walk- In Radio Frequency Shielded Enclosures (CID/09/12A)(Unclassified)
I love it when governments can't keep their acronyms/codewords straight. There is an official TEMPEST testing lab, but TEMPEST stands for Thermal, Electromagnetic & Physical Equipment Stress Testingand deals with devices used in animal tagging. Sheesh...
The British Central Computer and Telecommunications Agency(O) publishes a variety of computer security titles including:
TEMPEST: The Risk (Restricted) CCTA Library 0 946683 22 0 1989
TEMPEST shielded computer equipment sometimes leaks out into the public in the form of surplus and scrap sales. This section is devoted to descriptions.
One informant used to work at a Defense Reutilization and Marketing Office (DRMOs are the DoD's version of a garage sale). In the past, TEMPEST equipment was demil-ed (crushed), now due to miscoding and classification downgrades, TEMPEST equipment is literally a dime a dozen. Computer surplus goodies go for about 12 cents a pound.
Through a contractural association with a major defense company, Fluid Forming Technologies has been assigned to dispose of a TEMPEST level "secured working environment." Modular construction, 160' x 20' x 10', can probably be segmented into smaller units. Available as of January 1, 1998. E-mail firstname.lastname@example.org for additional details or snail mail:
Fluid Forming Technologies LLC,
9 Brush Hill Rd, Suite 318
New Fairfield, CT 06812
JC describes two shielded IBM PC cases he picked up from a scrap dealer for $35 each (unfortunately they had already sold the printers and monitors). The cases were labeled EMR XT SYSTEM UNIT (on the front), with a model number of 4455 1 (on the back). The cases are similar to a standard IBM XT case, except depper toward the back, so a filter bank and power supply baffle could be installed. The top is bolted down, requiring an allen wrench to remove. The top part of the case has a gasket groove for the brass colored RF gasket, and the mating surface is a finished in anodized aluminum. The top appears to be a cast aluminum plate. Each of the ports in the rear has a filter, unused ports have a metal blocking cover that mates to the case and make a good eletrical contact.
W.J. Ford Surplus Enterprises(O) had the following printer for sale in December 1996:
LASER PRINTER Make:MITEK Model:100T 300 X 300 DPI LASER PRINTER WITH LETTER SIZE PAPER TRAY, 8 PPM, MEETS NACSIM TEMPEST SPECS, C.W. OWNER'S MANUAL (TONER CARTRIDGE NOT INCL.) Dimensions: 19.00"w x 16.00"h x 16.50"d 1.00 on hand, No Graphic on file, Item No.:1208 RAMP Price: $ 250.00
As of February 8, 1997, Dark Tanget (of DEFCON fame) has a whole collection of TEMPEST shielded equipment for sale. Check out his page (X) for complete info and photos. Lots of great details and specs. Also a related Slashdot thread.
As of June 15, 1998, Hugh Sebra had fifty TEMPEST-shielded Fibercom 7197 DPT Dual Path Fiberoptic Transceivers for sale.
While not for sale, H. Layer has a photo of a circa 1986 Tempest Macintosh as his cool Mind Museum page.
Note: I personally don't own or have access to any surplus TEMPEST equipment. However, if you've encountered such hardware, let me know about it.
Tales of the TEMPEST
Recent publicity about this page has resulted in some interesting personal accounts dealing with TEMPEST-related topics. This section lists excerpts from various correspondence. In most cases, the names have been removed to protect the innocent.
Interesting page of TEMPEST-related stuff. One additional information source you may want to include for those attempting to proof themselves against an EME-type attack might be the ARRL (Amateur Radio Relay League) Handbook for the Radio Amateur. It has a very complete chapter on preventing radio interference caused by ham radio gear, much of which
could be adapted for use with a computer. The book is updated yearly, so the information is usually top-notch. Most libraries have it.
BTW, for those on the other side of the question (or who wish to be) there's probably enough info in the book to help them put together a TEMPEST monitoring outfit if they're handy with a soldering iron.
I have an early SVGA 15" Gateway CrystalScan monitor (the ones that are purported to be part of a class-action lawsuit), which, when attached to a Mac, will display *exact* and *readable* text on TVs within a reasonable distance--a measured 60-plus feet for sure, through walls and floors, and quite possibly more, I didn't have the inclination to drag a TV out into the lot on an extension cord to find out how far I could go.
Though it is only readable during the 'dark' between commercials on certain channels, it was a pretty frightening revelation, as I accept and produce some pretty sensitive materials. The scarier part for me was that I had used it for weeks before I finally turned on a TV at the same time that the monitor was not in screen-saver mode (a password-protected mode I generally drop into anytime I leave the desk, alone in the building or not). Anyone in my building, including unassociated neighbors, or anyone within whatever the ultimate range might have been could have seen a bunch of stuff that could have caused serious damage to my firm. If anyone did see anything, they haven't bit me with it--yet.
In addition to displaying readable text, you can also discern images to a limited degree, and I imagine with some simple tweaks of the color guns, some enterprising cracker could get some pretty good imaging.
The monitor has some other more obvious side effects, such as emitting such EMF levels as to *seriously* distort any monitor within about a foot of its left side, and about two feet of its right side. It also gave me frequent eye strain if I used it too long (even though the picture was incredibly sharp for its class).
Since I'm a MacHead and use multiple monitors (three to seven screens, depending on where I am), this situation was unacceptable all by itself, but I was using the monitor ($15 at a local thrift store) as a temporary display while my prime screen was off in warranty land (I never did get that one back).
It will also emit such a frequency as to produce varied-intensity scrolling vertical and horizontal lines on a TV with either rabbit ears or hooked up via 75 Ohm cable to an attic antennae, depending on what channel you are tuned to. I can't recall the exact per-channel results, but (if memory serves) it was minor (but annoying) lines and rolls on the lower VHF, and major interference and ghosting with the readable text on the UHF.
The funny thing is, other people in the building couldn't watch TV without all the serious distortion any time the monitor was not in screen saver mode (just having the monitor powered at all would produce a limited interference), and never noted any readable text, because they avoided the badly affected channels. When they would ask me to look at the TV situation and prescribe a fix (I'm the boss and building owner) , I never saw it, because (of course) I put the monitor to sleep before I would venture out for an inspection. Talk about Keystone Kops! They would joke that the TV was afraid to not be working properly when the boss was
present, and we just wrote it off to rogue cell phone or CB users, because our portable phones and computer speakers would frequently pick up passing car/truck audio signals from such devices.
(Yet another bonus was that the staff wasn't prone to hang out in the break room and watch TV anytime I was working)
I'd've never discovered the source of the whole thing, save for a Sunday when I came into get some computer backups and volume house-cleaning done, and I dragged in a little B&W TV to also "watch" the football game. I was going mad trying to get any decent reception at all that close to the damn thing, not noting for at least a couple of events that it cleared up substantially when the screen went into an idle screen saver mode on its own. I finally gave up and settled for just audio, and only
noted the relation hours later when I powered off the monitor to rearrange my desk. A couple of on-off clicks later, I started laughing, finally finding the source of all the problems for the whole building--that is until a commercial pause came on, and I saw the contents of my open-folder list displayed on the screen.
I goofed around for the next sixty minutes, trying desperately to discern what I could see in that momentary darkness between commercials, and in those brief moments, I found that I could *easily* read my email, word docs, spreadsheets, database, etc., and I could repeat the ability on every TV screen in every room on every floor to which I had access-- Eeek!
Anyway, this note got a lot longer than I wanted, but I still have the monitor, if it holds any interest to you as a "primary source" of the fact that an SVGA can most definitely be a victim of low-cost TEMPEST (albeit an admittedly and likely rare event on only one monitor I can
"LCD displays on laptops eliminate the risks of TEMPEST attack."
No way. I get a few channels in my apartment via rabbit-ear and UHF loop antenna reception - they're pretty weak, but on a good day and in the absence of major interference, I can watch Ally McBeal. I'm also a longtime notebook computer user, mostly Apple Powerbooks. The TFT LCD screen specifically interferes with the lower-numbered VHF channels on my TV,
which also happen to be more poorly propagated at my location. The CPU and motherboard also interfere, but the screen is by far the worst and can't be within twenty feet and/or two interior walls of the antennae without substantial, patterned interference. And this is a low-power laptop with a relatively small 10" screen (800x600, 60Hz refresh), using under seven watts including the 180MHz CPU. Shutting off the screen independently of the rest of the machine greatly reduces the interference.
That doesn't mean that there's intelligible information in all that noise, of course, but given that I can change the appearance of the interference by changing the onscreen display, I'd be willing to bet that there is. It's also worthwhile to note that conventionally (greyscale) antialiased fonts look horrible on crisp LCD screens because there's none of the natural innaccuracy and softening that a CRT produces (in other situations this is a good thing and reduces eyestrain, the main reason I don't use CRTs any
more). This includes the filtered ones your page links to (I'm looking at them now). There is a different mode of antialiasing that makes use of the slight RGB offset on an LCD display (one of the few real innovations to come out of Microsoft, of all places), which might be applied to this purpose. Unfortunately one has to use different fonts depending on whether the screen elements are arranged RGB or BGR (both exist at the moment, in approximately equal proportion).
In a (government) security briefing, I did witness a legitimate Tempest intercept of an IBM Selectric typewriter. However, the typewriter had been modified to produce unusually high levels of signals, the distance over which the intercept occurred was fairly short, and the conductors of the demo insisted all other potential sources of emanations be powered down in the area where the demo was conducted.
While my time with the government (Secret Service and Naval Intelligence) did not deal directly with Tempest intercept or
screening, the general consensus, even in the most sensitive circles, was that there were far easier, effective and more efficient methods of gathering information. At one time the threat was taken seriously, but not anymore.
Just think, in an average office or even modern home environment, how many sources of radiation there are, and how difficult it would be to target one and one only. Remember the strength of a field decreases with the square of the distance. Your wristwatch at close range produces a stronger signal than a large CRT the other side of the room.
In the early days, before every cigarette lighter and toaster over contained a microprocessor, and CRT technology was not refined, there may have been a threat. Anymore, CRTs operate at much lower levels and the RF/EMI environment is much busier. Remember when we were young and televisions came with warnings about sitting too close? Do you see
those anymore, even on large color screens? Far less energy now is needed to excite the extremely efficient phosphors in the CRT. In the early days, it was done with brute force.
It's fun to talk about, but from a practical level I believe there no longer is a threat.
I have never seen a real world demo of a genuine Tempest/Van Eck intercept, and I have been around some. The alleged construction articles leave themselves an out, like saying a lot of experimenting is needed to fine tune or whatever.
Sort of like the chemical formulas with a line buried deep "then a miracle occurs".
Non-TEMPEST computer surveillance
In researching TEMPEST topics, sometimes I run into little-known tidbits that relate to possible computer surveillance techniques.
The Department of Energy Information Systems Security Plan has an interesting section titled, 8.5 Wireless Communications (Infrared Ports). It states:
"The use of wireless communications (infrared) ports found on most PPCs to interface with printers and other peripheral devices is strictly forbidden when processing classified information. These ports must be disabled on all accredited PPCs and peripherals by covering the window with a numbered security seal or physically removing the infrared transmitter."
Disclaimer: I've never been involved with the TEMPEST community, had a security clearance for TEMPEST, or have access to classified material relating to TEMPEST. The information on this page is completely derived from publicly available, unclassified sources.
12/17/96 - original document
12/18/96 - added link to van Eck follow-up article, shielding comments
12/21/96 - reorganization and additional comments about Rome Lab, ZONE, DOE, non-TEMPEST
12/22/96 - added Smulders paper
01/02/97 - added Compliance Engineering, additional NIST, Navy, Canada, Used, and paper sources
01/08/97 - added UK, patents
01/11/97 - added DA Pamphlet 73-1/Blacktail test facility, Army, COMPUTERWOCHE, EMC, HAL, Austest, Racal, Compucat, Nisshinbo
02/02/97 - added Naval Postgraduate School, EMC FAQ, DynCorp, Conductive Coatings, GEC Marconi, CorCom, AFC, Corps of Engineers, Ford Surplus, GTE, ECM job list, White Sands, Cortron, SwRI, Veda, Emcon
02/14/97 - added DEFCON goodies to Used
02/18/97 - added Redefining Security report, Lynwood
03/10/97 - added Datastop glass to shielding section
03/21/97 - added Moller paper (from Phrack 44)
03/26/97 - added Army Corps of Engineers pub, Elfinco, recommended Xs
04/12/97 - added Computerwoche translation
06/09/97 - added Blacktail page, Framatome Connectors International
07/02/97 - added JMK
12/15/97 - added LCR, Logical Solutions, IAM, GSGC, Tempest Mac
02/08/98 - added Anderson & Kuhn paper, FFTLLC, dead link check
03/03/98 - added Army EMP, Compunetix, XL Computing
03/30/98 - added USGS, Motorola, Tempest Security Systems
11/14/98 - added EMP-tronic, SSG, Filter Networks, Australia section, Braden, Hewitt, TUV, Windermere, ERS, ADI, ZipperTubing, Army EPG, Glenair, Allied Signal, D2D, Truthnet, EC, Hyfral, Navy E3 and other, BEMA, Raytheon, Shadow Chaser, Dina, ATSC, Profilon, EYP, CSS, ILEX, DOE 5300, Cycomm, Murphy paper, Cryptek, Greco, Lindgren-Rayproof, Turtle Mt., Kern, Cabrac, Solar Electronics, National TEMPEST school, Air Force 33-203, HIJACK/NONSTOP
11/17/98 - added Gabrielson papers, SJM News article, Pulse Eng, US Coast Guard, DRMO, c't article, Chomerics, JY FOIA
11/19/98 - Air Force van, EMSEC, Air Force sec mems, new HIJACK & NONSTOP info
11/25/98 - anti-TEMPEST fonts link, alt Air Force links, Schwartau .WAV speech
7/3/99 - Computer Security Solutions, TSCM consultant, student paper, Seimens, P&E, SATE, dead links
7/11/99 -iDefense TEMPEST bust, Acronym Finder
7/19/99 - Hetra, updated DefCon page, Slashdot article
8/19/99 - Gabrielson piece, DEMCOM
8/21/99 - Durak CPU, Mueller HIP
10/10/99 - ISEC update, 497 IG, Treasury, NRO, Star Wars, Navy Code 72, COS, Koops, Army PDC, c't articles
10/24/99- John Young FOIA news
10/25/99 - more JYA FOIA, added new NSA docs referenced in FOIA, DOJ, patent, slashdot/wired
11/7/99 - Final JYA, Jones, Koops summary, Tales, Web tracking
11/8/99 - New Scientist
11/13/99 - SET21
11/15/99 - Jones stuff
Special thanks to John Young for his relentless pursuit of information and archival prowess - see his Cryptome site for additional crypto/government/privacy/security/etc. information.
Copyright 1996,1997, 1998, 1999 Joel McNamara
12 Nov 1999
INT 106 summary
INTELLIGENCE ISSN 1245-2122
N. 106, New Series, 8 November 1999
Editor Olivier Schmidt
"BAD PRESS" FOR LIE DETECTORS
USA - BARRY MCCAFFREY
USA - WASHINGTON'S WAVE OF TERRORISM FEAR RECEDES
FRANCE - INTELLIGENCE JOB GUIDE & TRADECRAFT
NETHERLANDS - NEW SURVEILLANCE SERVICE FOR ENVIRONMENTALISTS
- PROBLEMS "ENFORCING" THE INTERNET
EASTERN EUROPE - ANYONE CAN HACK THE PENTAGON
ASIA - Open Source Intelligence.
Intelligence, N. 106, 8 November 1999, p. 3
"BAD PRESS" FOR LIE DETECTORS
Under the section, "If you can't sell it, export it",
discredited US polygraph -- lie detector -- technology has
arrived in Europe, greeted in Paris by Indigo Publication's
"Intelligence Newsletter" with "they [lie detector tests] have
won official recognition in Britain". Someone's not doing their
homework. On 24 July, the "Washington Post" headlined,
"Senators Question Polygraph Use - 'Potential Unreliability' of
Test Spurs Drive for FBI, CIA Analysis of Alternatives". In the
wake of allegations of Chinese nuclear espionage, and to
mollify Congress, the US Department of Energy (DOE) was
preparing to give polygraph tests to thousands of nuclear
scientists, but the Senate intelligence committee stated that:
"Polygraphing has been described as a 'useful, if unreliable'
investigative tool," according to the committee's report on the
fiscal 2000 intelligence spending bill. So, sell it to the Brits ...
On 15 September, the "San Jose Mercury News" headlined,
"Scientists Call Lie Detectors Coercive, Ineffective -
Livermore: At a federal hearing, lab workers call polygraphs a
police-state tool." The scientists compared polygraphs to
fortune-telling, "cold fusion", alien abductions, astrology and
reading tea leaves ... good for export to Great Britain,
perhaps. Pseudoscience, they claimed, a police-state
interrogation technique sure to drive bright young scientists
away from Lawrence Livermore National Laboratory and straight
to higher-paying jobs in Silicon Valley. On 18 October, the
"Christian Science Monitor" headlined, "Agency Shrinks Plan to
Protect US Secrets - Effort to make scientists at nuclear labs
take a polygraph test is scaled back". Energy Secretary, Bill
Richardson, decided to scale back his plan to give polygraph
tests to as many as 12,000 DOE scientists and contractors as of
January, and, under a new plan, the DOE will test only a few
hundred employees from three main labs.
It would appear convicted pedophiles and sex offenders
polygraph tested in Birmingham, England, by former Chicago
police officer, Dan Sosnowski, senior member of the American
Polygraphic Association (APA), didn't have the same resources
as US Senators or DOE scientists to oppose lie detector use.
They probably also didn't have the necessary intelligence
"trade craft" to "screw up the machine": drink lots of strong
coffee and get raging mad at every easy question asked and
remain as calm as possible for the "hard questions". With a
little training, almost anyone can pass a lie detector test.
That's why Europe doesn't use that gimmick ... but that
shouldn't keep Mr. Sosnowski from exporting his wares to
Intelligence, N. 106, 8 November 1999, p. 8
USA - BARRY MCCAFFREY
Late last month, retired US Army general, Barry McCaffrey, 56,
director of the White House Office of National Drug Control
Policy, better known as the US "drug tsar", arrived in Western
Europe to "read the gospel" to the pagans and was met with
equally fervent public opposition. He was the youngest four-
star general in the US Army and a former commander in chief of
the US Armed Forces' Southern Command in charge of all of Latin
America. He saw service in Vietnam, the Dominican Republic and
Iraq where he was a major player in Operation Desert Storm. He
has been decorated by the US government and honored by those of
Colombia, Peru, Argentina, Venezuela and France. He taught
national security studies at West Point US Army military
academy and lectured at the El Salvador institute of higher
defense studies, the Guatemalan senior service school and the
Honduras war college. McCaffrey was appointed by President Bill
Clinton in 1996 and is now in charge of a $17.8 billion federal
drug control budget. He had been an adviser to Pres. Clinton on
Latin American internal security policy.
McCaffrey's somewhat categorical statements concerning drugs
have often been contradicted by US and other national
officials. In 1996, he stated: "There is not a single shred of
evidence that shows that smoked marijuana is useful or needed.
This is not science. This is not medicine. This is a cruel
hoax." Based on empirical research, the US National Institute
of Health claimed that "inhaled marijuana has the potential to
improve chemotherapy-related nausea and vomiting" and could be
of value to cancer sufferers. In 1997, McCaffrey stated that
"marijuana is a gateway drug". US Department of Health and
Human Resources has published findings proving that "for every
104 people who have used marijuana, there is one regular user
of cocaine and less than one heroin addict."
One of his more controversial claims concerns the Netherlands
and its liberal drug policies of providing needle exchanges for
addicts and sanctioning the sale of cannabis in regulated
cannabis cafes. "The murder rate in Holland is double that in
the United States and the per capita crime rates are much
higher than the United States," he said last year. "That's
drugs." The Dutch ambassador to the US responded that
McCaffrey's claims had "no basis in fact". The figures quoted
by McCaffrey showed that the US had a rate of 8.2 murders per
100,000 population compared with 17.58 in Holland. But he had
included the Dutch "attempted murders" figure when the true
figure was 1.8 per 100,000, less than a quarter of the American
murder rate. McCaffrey didn't mention the fact that the US
heroin addiction rate is about eight times the Dutch rate, thus
disproving that cannabis is a "gateway drug" to heroin
addiction. When he last visited the Netherlands, his figures on
Dutch drug use were publicly corrected in his presence. During
that reception, he mentioned -- off the record -- "Your heroin
addicts sure look in good shape." It could be that the Dutch
are doing something right ... and 60,000 young people aren't
being "warehoused" in prisons for marijuana offenses as in the
US where prisons have now become America's second largest
industry (see the Front Page article above).
Intelligence, N. 106, 8 November 1999, p. 14
WASHINGTON'S WAVE OF TERRORISM FEAR RECEDES
On 20 October, counter-terrorism consultants and US officials
told a House Government Reform subcommittee on national
security that the threat of terrorists using "weapons of mass
destruction" against civilians is real but "overstated" by the
media and in popular culture [and by many Washington
politicians]. All agreed that the threat of a catastrophic
"event" involving weapons of mass destruction was unlikely,
though not impossible. Well-known expert, Rand consultant,
Brian Jenkins, stressed the need for public education about
such potential attacks is crucial, warning that "even if a
terrorist attack, involving biological and chemical weapons,
were to kill only a small number of people ... if we do not
communicate well, it could provoke national hysteria." In
short, it's a "media ops" question ... as it has always been.
Intelligence, N. 106, 8 November 1999, p. 21
INTELLIGENCE JOB GUIDE & TRADECRAFT
When dealing with intelligence, one learns to look for valuable
information in unexpected places. Thus, few specialists will be
surprised that "Intelligence" has discovered two excellent
books on espionage, one by a publishing company for youth and
the other a "hand-to-hand self-defense" publisher. At Jeunes
Editions, in Levallois-Perret near Paris, writer and
journalist, Frederic Melot (see "Agenda" above), has just come
out with "Les Metiers de la Securite et du Renseignement -
Sapeur-Pompier, Gendarme, Douanier, Detective Prive ..."
("Careers in Security and Intelligence - Firemen, Gendarmes,
Customs Agents, Private Detectives ..., 1999, address list,
index, 192 pp., isbn 2 910934 72 1, FF69). This unpretentious
little book furnishes clear and succinct, but detailed,
descriptions of all French intelligence services and law
enforcement agencies. Their functions and the types of jobs
performed are laid out in a manner to allow young students to
decide which could be interesting career possibilities.
Education and other ways to successfully prepare for employment
are also provided, but future James Bonds are clearly
discouraged. Basics, such as types of agents, types of
intelligence and the intelligence cycle, are described.
Once you get a job as an intelligence agent [in France], you'll
need a copy of Gerard Desmaretz's "Grand Livre de l'Espionnage
- Guide Pratique du Renseignement Clandestin" ("Big Book of
Espionage - Practical Guide to Secret Intelligence", 1999,
Editions Chiron, Paris, 253 pp., isbn 2 7027 0620 7). The
author is in charge of the reconversion program for members of
the military to jobs in economic intelligence and is a
consultant to the African Agency for Economic and Diplomatic
Relations in Geneva. The book's 13 chapters cover all aspects
of spy "tradecraft" including target penetration, social
graces, network construction, counterfeit documents, disguises,
lock picking, "flaps and seals", bugs, photo surveillance and
codes. The tetx is clean and non-technical, using correct
"inside" terms and obvious "inside" knowledge. This "inside"
information is interspersed with short sidebars of legal texts
defining the strict limits of "information gathering". For
example, Desmaretz gives the correct "inside" terms but does
not mention the secret code-names for different types of
agents, which would be illegal. This is a good basic book on
espionage which would not usually be expected from a company
that, up until now, has publisher only eight "hand-to-hand combat" books.
Intelligence, N. 106, 8 November 1999, p. 22
NEW SURVEILLANCE SERVICE FOR ENVIRONMENTALISTS
According to press reports, the Dutch police is preparing to
set up a central coordination to collect and analyze
information on activists involved in protests against major
infrastructure projects such as the further development of
Schiphol Amsterdam airport, the HSL-lijn high-speed train track
from Amsterdam to Paris, and the new Betuwelijn train link from
Rotterdam to Germany. The new "coordination point", in which
police intelligence and the BVD internal security service are
to combine forces, is referred to as the "Centraalpunt
Informatie Coordinatie Grote Infrastructurele Projecten"
(CICI). All information on activist preparations for protests
are to be collected and analyzed to thwart sabotage and prevent
delays. The Interior Ministry will finance the initiative.
Intelligence, N. 106, 8 November 1999, p. 23
PROBLEMS "ENFORCING" THE INTERNET
Tapping Internet communications for law enforcement and
security purposes is now getting off the ground in the
Netherlands. Over the past few months, certain pilot projects,
experimenting with monitoring data traffic, were somewhat
successful. The police and BVD internal security are now ready
to include Internet tapping in their regular "tool kit" of
investigative procedures. The government initially opted for a
"black box" solution in which sealed equipment would be
installed on the premises of the Internet provider. The "black
box" equipment would have been "off limits" to anyone but
police and security service personnel. However, in true Dutch
tradition, local Internet providers refused to cooperate,
claiming that such a secret and uncontrollable arrangement made
it possible for the government to extensively eavesdrop without
a court order. Although investigators dislike running the risk
a provider could inform a monitored person or organization of
the government's interest in their communications, in the end
the services had to agree to a more open solution.
Intelligence, N. 106, 8 November 1999, p. 25
ANYONE CAN HACK THE PENTAGON
The US Pentagon would do the world a service by listing the
nationalities of all who have hacked a Pentagon Web site.
Remember that during the Gulf War, some Dutch hackers retrieved
information about redeployment of American troops from a US
Department of Defence Web site and tried to sell it to Iraq.
Perhaps with such a list, a reasonable discussion of whether or
not Russian and Ukrainian, formerly the "Evil Empire",
intelligence are "attacking" the US, or is Pentagon Web
security so bad that anyone "Net-literate" can hack the
Pentagon. For the time being, evidence tends to support the
latter explanation, although the former Soviets have "fessed
up" to contributing to "fun and games" on Pentagon sites.
Intelligence, N. 106, 8 November 1999, p. 31
ASIA - Open Source Intelligence.
AUSTRALIA. Parliament's Treaties Committee recently stated it
cannot obtain enough information about the purpose or operation
of the secret US satellite intelligence base at Pine Gap, in
the Northern Territory. It was denied full access to the Alice
Springs base, which is officially operated by Australian
intelligence and the CIA when it is in reality a NSA base.
Describing the standoff as "untenable", the committee says it
cannot make a positive finding on the treaty to extend the
operation of Pine Gap for a further 10 years. The last time
this happened, the Australian Labour government was simply
dismissed by "friends of the US". This time, Labour is in the
opposition and issued a report saying the treaty should not be
extended until the committee is given the secret 1966 agreement
which established the base.
- On 28 October, the federal government announced the biggest
shake-up in years in the administration of its defence
intelligence apparatus, to meet what it says is the growing and
more complex world of spying. The Defence Minister, Mr. Moore,
said a Defence Intelligence Board would be created to oversee
"the provision of better intelligence" to the government by the
three defence intelligence agencies.
Intelligence, N. 106, 8 November 1999, p. 12
COMING EVENTS THROUGH 31 DECEMBER 1999
In the interest of efficiency, "Intelligence" lists all coming
events in each issue as a single article in the section
"Agenda". Additional information concerning these events,
including contact information, is available at 33 (0)1 40 51 85
19 (tel/fax) or email@example.com (email). Past Agendas are
available free at our web site: <http://www.blythe.org/
Intelligence. Events are listed only once according to date,
and are not repeated in subsequent issues. To post a paid
advertisement describing an event in greater detail, interested
organizers should contact "Intelligence" for additional
information. Such additional material is posted here and also
sent directly to our several hundred Internet subscribers and
members of our free distribution list.
7-12 November, Washington, USA Internet Engineering Task Force (IETF) Meeting.
8-11 November, ID and Authentication 2000 - Smart Card Forum.
8-12 November, Kaual, Hawaii, Converting Test & Evaluation into Training ITEA workshop.
9 November, Paris, Psychological Warfare and the Third Dimension.
9 November, Stanford, California, Government's Role in Computer
Surveillance and the Federal Intrusion Detection Network
(FIDNet) meeting organized by the Association for Computing Machinery.
9-10 November, Baltimore, Maryland, Combat Systems classified
symposium organized by the American Society of Naval Engineers.
15 November, deadline for contributions to the Telecommunications - The Bridge
to Globalization in the Information Society meeting organized by the International
15-17 November, San Jose, California, Advanced Technology Program (ATP) annual conference.
16 November, Paris, Crime and "Dirty Tricks" in Economic Warfare, by Col. Dominique Fonvielle.
17 November, Paris, History of Electromagnetic Intelligence seminar,
organized by the official History of Intelligence Commission.
17-19 November, Washington, Advanced Synthetic Aperture Radar course.
18 November, Bolling Air Fore Base in Washington, National
Military Intelligence Association (NMIA) Potomac Chapter
luncheon, with Dr. Mark Lowenthal presenting his new textbook,
"Intelligence - From Secrets to Policy" (1999, CQ Press).
18-20 November, College Station, Texas, US Intelligence and the
End of the Cold War conference organized by the CIA Center for
the Study of Intelligence.
1 December, Arlington, Virginia, Law Enforcement Intelligence
Analysis IALEIA fall conference.
1-2 December, Fort Meyer, Virginia, Counter-Intelligence and
Intelligence conferences organized by the NMIA.
1-2 December, Redstone Arsenal, Alabama, Foreign Air Defense
Impact on Electronic Warfare classified conference organized by
the Association of Old Crows (AOC).
1-3 December, Paris, Training in Conflict Resolution course.
2-3 December, Arlington, Virginia, "Command, Control,
Coordination, Computers & Intelligence (C4I) conference organized by Shephard.
6-7 December, Johannesburg, South Africa, African Risks & Company Outlook conference.
6-9 December, Las Cruces, New Mexico, Are We Ready for the Next Millennium? ITEA workshop.
6-10 December, Phoenix, Arizona, Practical Solutions to Real
Security Problems, the fifth annual Computer Security Applications Conference.
6 December, Fort Meyer, Virginia, Association of Former Intelligence Officers (AFIO) Winter luncheon.
7 December, Paris, presentation of doctoral research on the US Air Force and Operations Other Than War.
7 December, Washington, conference on returning four-star rank
to Admiral Husband E. Kimmel, the Pacific Fleet commander at
Pearl Harbor on 7 December 1941.
7-9 December, London, London Online Information 23rd annual conference.
8-9 December, Washington, Weapons of Mass Destruction -
Integrating First Response & Medical Management, organized by "Defense Week".
9 December, Bolling Air Fore Base in Washington, National
Military Intelligence Association (NMIA) Potomac Chapter
luncheon, with former CIA imagery expert, Dino Brugioni,
presenting his new book, "Photo Fakery".
10 December, Paris, Economic Espionage - Protect Your Company,
workshop organized by Editions Carnot around journalist and
author Frederic Melor's new book, "Security - First Guide for
Business" (1999, Editions Carnot).
13-14 December, Ottawa, Policy versus Technology - Service
Integration in the New Environments, the 1999 Integrating
Government with New Technologies meeting.
13-15 December, Crystal City, Virginia, near Washington,
Surveillance Expo '99 organized the specialists, Ross Engineering.
14-15 December, Paris, Third Generation Portable Telephones &
Terminals seminar organized by Euroforum.
14-17 December, Paris, Negotiate - A Strategic Art course given by ISM.
15 December, Paris, Guy Perrier will present his book, "Colonel Passy and Free
France's Secret Services" (Hachette) at a meeting of the official History of
20-21 December, Paris, Congestion of the Frequency Spectrum" meeting.
21-22 December, Paris, Internet - Searching for Information course given by ADBS.
31 December, nominations due for the PEN/Newman's Own Eighth Annual First Amendment Award.
E-mail virus named after a``Seinfeld''
November 10, 1999
We've stated over here for quite sometime that this was possible
and the ILEITS/ECHELON folks we're playing with it now for
a couple of years. However, apparently someone and I'd wager
someone who's been hit by these folks enough to replicate the
code has now introduced it publically via Network Associates
to expose it. That or the rift between the DOJ and the Military
has widened enough to start fueding publically and technically.
The last option of course is blackmail, where they publically
release a bit of their stuff with the threat of releasing more
should they experience any more problems. The German
Intelligence agent in South Africa when caught and implicated
in double dipping in the intell pool pull this stunt to insure
his safety when he knew a contract was put out on him for
his discovering certian info.
11/9/99 -- 10:10 PM
E-mail virus named after a ``Seinfeld'' episode can have
SAN FRANCISCO (AP) - A dangerous new type of e-mail virus emerged on
Tuesday, able to destroy information on computers even when users are
careful not to fully open the messages.
The virus, nicknamed ``Bubbleboy'' after an episode of the TV show
``Seinfeld,'' was e-mailed late Monday to researchers at Network
Associates, a computer security company in Santa Clara. The company put a
free software patch capable of blocking the attack on their Web site Tuesday.
``This ushers in the next evolution in viruses. It breaks one of the
long-standing rules that you have to open an e-mail attachment to become
infected,'' said Network Associates spokesman Sal Viveros. ``That's all
The company isn't certain who sent the virus, but researchers believed its
threat is so serious that they notified the FBI on Tuesday, said Vincent
Gullotto, director of the company's virus detection team.
``It could basically disable your PC easily,'' Gullotto said. ``This could
be a watershed.''
The virus sent Monday night was more playful than destructive as it wormed
its way through a computer's hard drive, renaming the computer's registered
owner as ``Bubbleboy'' and making other references to ``Seinfeld.'' It also
takes every address in a computer's e-mail program and passes the virus
The same technology, when paired with previously known malicious commands,
could be used to steal personal information or erase a computer's hard
drive entirely - attacks that, given the history of hacker culture,
Gullotto believes could appear within two to three months.
``This could be the catalyst,'' Gullotto said. ``While the Melissa virus
was 'hell coming to dinner,' we have reassessed that and know that
something bigger, meaner and nastier is on it's way.''
The Melissa computer virus clogged e-mail systems around the world when it
hit in March, but many computer users were able to avoid trouble by
deleting the e-mails without reading them. Like other e-mail viruses,
Melissa wreaked havoc only after users double-clicked an attachment to the
seemingly benign messages.
``Bubbleboy'' only requires that the e-mail be previewed on the Inbox
screen of Microsoft's Outlook Express, a popular e-mail program. As soon
as the e-mail is highlighted, without so much as a click of a mouse, it
infects the computer.
The virus affects computers with Windows 98 and some versions of Windows
95 that also use Microsoft's Internet Explorer 5.0 and Outlook Express Web
browser and e-mail programs. It apparently does not affect Netscape's
e-mail programs, Gullotto said.
Even without Network Associates' software patch, there is an easy fix.
Enabling Microsoft's highest-security filter will block such e-mails and
keep the virus from entering.
Bill Pollak, a spokesman for the Computer Emergency Response Team at
Carnegie Mellon University, said his researchers would be looking out for
the new type of virus.
Researchers believe the virus, which appears as a black screen with the
words ``The Bubbleboy incident, pictures and sounds'' in white letters, was
sent by the same person who created another virus in July - ``Freelink'' -
which forwarded e-mail with links to pornographic Web sites to stolen
A software patch created to protect against the virus is available for free
Reprinted under the Fair Use
http://www4.law.cornell.edu/uscode/17/107.html doctrine of international copyright law.
The Times of London
November 9, 1999
Pentagon gets ready to wage a cyber-war
FROM BEN MACINTYRE IN WASHINGTON
PENTAGON planners are secretly preparing for
cyberwar - a new type of information battle fought at
computer terminals by military hackers attempting to
demolish the enemy's infrastructure with keyboards rather
than bombs or bullets.
During the bombing campaign against Yugoslavia earlier
this year, the United States considered an all-out cyber
attack on Serb military targets and civilian services,
according to United States news reports. But they held
back because of the many practical and ethical questions
surrounding the new, untested battleground.
Military computer scientists say the time is fast
approaching when airstrikes and ground troops will be
accompanied by sophisticated hacking incursions to shut
down electrical and water supplies, derail trains and
disrupt financial operations.
But as the Pentagon considered a cyber-assault on
Yugoslavia last spring, lawyers for the US Defence
Department gave a warning that such an attack might be
considered a violation of war ethics that could leave the
US open to war crimes charges by violating the principles
that only military targets should be hit, while civilian
damage and indiscriminate attacks should be minimised.
The lack of sophistication in the Yugoslav government
computer network, which is largely decentralised and
relatively rudimentary, made it less vulnerable to
cyber-attack, defence experts concluded.
The US military did use electronic jamming aircraft to
target computers controlling the Serbian air defence
system, The Washington Post reported, but held back
from a full assault using computers based on the ground.
An initial 50-page document has been drafted by the
Pentagon laying out legal guidelines for the military use of
computers in conflict.
The confidential document argued that, just as airstrikes
are carefully assessed for civilian impact, so the military
effects of any cyber-attack must be measured against
possible civilian damage. Planners advised against assaults
on private institutions such as banks, stock exchanges and
Russia is pushing for a UN resolution governing the use of
information technology as a weapon. But some American
officials have dismissed this as an attempt to stall
development in an area where the United States enjoys a
As with conventional war, the effectiveness of any
cyber-strike may depend ultimately on the quality of the
intelligence underpinning it.
The Times of London
November 9, 1999
Weapons in the US electronic arsenal
THE potential weapons in the United States cyberarsenal
include techniques to project images on to enemy
television screens, "logic bombs" to scramble computer
networks, fast-breeding computer "worm viruses" and the
electronic spreading or combating of propaganda and
Secret military research groups in Russia and the United
States are believed to be racing to produce an effective
"logic bomb", a bug that could be placed in an enemy
computer network and then activated at will, scrambling
The Pentagon is also concerned that Russia, China, Iraq
and Libya may be developing worm viruses, that might
disrupt cash transfers, disable entire computer networks
or even affect weapons systems. For propaganda or
counter-propaganda purposes, American military
technicians are working on a system that could "morph"
video images on to enemy television stations, disrupting
the flow of statecontrolled news or broadcasting footage
that would otherwise be censored by the enemy.
While some Pentagon planners favour cyber-warfare as a
bloodless alternative to conventional methods, others say
that anticipating the after and side-effects of such
techniques requires detailed knowledge of both the
hardware and software used by the target.
As with conventional war, the effectiveness of any
cyber-strike may depend ultimately on the quality of the
intelligence underpinning it.
Nov. 08, 1999
Military Grappling With Rules for CyberWarfare
Amazing how the spin of this not only is so late but so artfully
vague and inaccurate although does provide the slightest of
seeds of truth to provide the "Teflon statements" (meaning
nothing sticks). As we know here and for almost two years
now, they've actively gone through Alpha and Beta testing with
the final releases of these technologies easily three months
prior to the start of the Kosovo War.
We also know, mind you that's not believe but know, that
these technologies and the clandestine group that runs
this operations were authorized by Executive Order
under and by Clinton to be initiated and utilized against
the Serbian Government three days before their surprising
surrender to NATO. After months of carpet bombing
with little effect on the Serbian resolve its no surprise
to us of their surrender as all of their personal and
governmental bank accounts were suddenly made
viable military targets that through ILIETS and Echelon
would now be subject to seizure with no hope of
tracing where the funds went or who received it and
with no audit trail to even begin to ascertain how it
was done. Thus their sudden surrender came as no
surprise to us here as we know here and have
distributed as such that to date there is no defense
to this group and the technologies they've developed.
The Serbain govt., one of our frequent visitors at
the time right there with Mossad, NORAD
and the Hague, home of the world court; had been
intimately following our chase of this black op's testing
cycles and when the announcement of the Executive
Order authorizing its deployment was released made
for a very quick re-evaluation by the Serbian Govt. and
hence their surrender and this in turn tipped the German
Government on the viability and the threat of this new
capability and hence their sudden "bounty" on developing
a defense for it. Not to mention their reluctance to
participate further in this clandestine club.
Now with this public release they release a little
truth and shroud it with a belief its only in the barest
state and not nearly functional. Not unlike the Star Wars
scam and our appearance of abiding by the ABM Treaty
or the ban on Bio-Warfare development. Little truths
packaged by big deceptions meant to placate an uninformed
public of the inert and passive state of the Military Industrial
Complex, which in turn is now in a power struggle itself internally
with the DOJ who's been successful politically in usurping
authority and power over this division.
Military Grappling With Rules for Cyber Warfare
By Bradley Graham
Washington Post Staff Writer
Monday, November 8, 1999; Page A1
During last spring's conflict with Yugoslavia, the Pentagon considered hacking into Serbian computer networks to disrupt military operations and basic civilian services. But it refrained from doing so, according to senior defense officials, because of continuing uncertainties and limitations surrounding the emerging field of cyber warfare.
"We went through the drill of figuring out how we would do some of these cyber things if we were to do them," said a senior military officer. "But we never went ahead with any."
As computers revolutionize many aspects of life, military officials have stepped up development of cyber weapons and spoken ominously of their potential to change the nature of war. Instead of risking planes to bomb power grids, telephone exchanges or rail lines, for example, Pentagon planners envision soldiers at computer terminals silently invading foreign networks to shut down electrical facilities, interrupt phone service, crash trains and disrupt financial systems. But such attacks, officials say, pose nettlesome legal, ethical and practical problems.
Midway through the war with Yugoslavia, the Defense Department's top legal office issued guidelines warning that misuse of cyber attacks could subject U.S. authorities to war crimes charges. It advised commanders to apply the same "law of war" principles to computer attack that they do to the use of bombs and missiles. These call for hitting targets that are of military necessity only, minimizing collateral damage and avoiding indiscriminate attacks.
Defense officials said concern about legalities was only one of the reasons U.S. authorities resisted the temptation to, say, raid the bank accounts of Yugoslav President Slobodan Milosevic. Other reasons included the untested or embryonic state of the U.S. cyber arsenal and the rudimentary or decentralized nature of some Yugoslav systems, which officials said did not lend themselves to computer assault.
U.S. forces did target some computers that controlled the Yugoslav air defense system, the officials said. But the attacks were launched from electronic jamming aircraft rather than over computer networks from ground-based U.S. keyboards.
No plan for a cyber attack on Yugoslav computer networks ever reached the stage of a formal legal assessment, according to several defense officials familiar with the planning. And the 50 pages of guidelines, prepared by the Pentagon general counsel's office, were not drafted with the Yugoslav operation specifically in mind.
But officials said the document, which has received little publicity, reflected the collective thinking of Defense Department lawyers about cyber warfare and marked the U.S. government's first formal attempt to set legal boundaries for the military's involvement in computer attack operations.
It told commanders to remain wary of targeting institutions that are essentially civilian, such as banking systems, stock exchanges and universities, even though cyber weapons now may provide the ability to do so bloodlessly.
In wartime, the document advised, computer attacks and other forms of what the military calls "information operations" should be conducted only by members of the armed forces, not civilian agents. It also stated that before launching any cyber assaults, commanders must carefully gauge potential damage beyond the intended target, much as the Pentagon now estimates the number of likely casualties from bomb attacks.
While computer attacks may appear on the surface as a cleaner means of destroying targets with less prospect for physical destruction or loss of life than dropping bombs Pentagon officials say such views are deceiving. By penetrating computer systems that control the communications, transportation, energy and other basic services in a foreign country, cyber weapons can have serious cascading effects, disrupting not only military operations but civilian life, officials say.
Other U.S. government agencies have sided with the Pentagon view that existing law and international accords are sufficient to govern information warfare. But Russia is challenging this view.
Over the past year, Moscow has tried to gather support for a United Nations resolution calling for new international guidelines and the banning of particularly dangerous information weapons. In comments to the U.N. secretary general published last month, Russia warned that information operations "might lead to an escalation of the arms race." It said "contemporary international law has virtually no means of regulating the development and application of such a weapon."
But the Russian initiative has drawn little backing. U.S. officials regard it as an attempt to forestall development of an area of weaponry in which Russia lags behind the United States.
In a formal response rejecting the Russian proposal, the Clinton administration said any attempt now to draft overarching principles on information warfare would be premature.
"First, you have extraordinary differences in the sophistication of various countries about this type of technology," said a State Department official involved in the issue. "Also, the technology changes so rapidly, which complicates efforts to try to define these things."
Instead of turning cyber assaults into another arms control issue, the administration prefers to treat them internationally as essentially a law enforcement concern. U.S. officials have supported several efforts through the United Nations and other groups to facilitate international cooperation in tracking computer criminals and terrorists.
For all the heightened attention to cyber warfare, defense specialists contend that there are large gaps between what the technology promises and what practitioners can deliver. "We certainly have some capabilities, but they aren't what I would call mature ones yet," a high-ranking U.S. military officer said.
The full extent of the U.S. cyber arsenal is among the most tightly held national security secrets. But reports point to a broad range of weapons under development, including use of computer viruses or "logic bombs" to disrupt enemy networks, the feeding of false information to sow confusion and the morphing of video images onto foreign television stations to deceive. Last month, the Pentagon announced it was consolidating plans for offensive as well as defensive cyber operations under the four-star general who heads the U.S. Space Command in Colorado Springs.
But complicating large-scale computer attacks is the need for an extraordinary amount of detailed intelligence about a target's hardware and software systems. Commanders must know not just where to strike but be able to anticipate all the repercussions of an attack, officials said.
"A recurring theme in our discussions with military operators is, well, if we can drop a bomb on it, why can't we take it out by a computer network attack," said a senior Pentagon lawyer specializing in intelligence. "Well, you may be able to. However, you've got to go through a few hoops and make sure that when you're choosing an alternative method, you're still complying with the law of armed conflict and making sure collateral damage is limited."
In their guidelines document, titled "An Assessment of International Legal Issues in Information Operations," the Pentagon's lawyers warned of such unintended effects of computer attacks as opening the floodgates of a dam, causing an oil refinery in a populated area to explode in flames or triggering the release of radioactivity. They also mentioned the possibility of computer attacks spilling over into neutral or friendly nations and noted the legal limits on deceptive actions.
"It may seem attractive for a combatant vessel or aircraft to avoid being attacked by broadcasting the agreed identification signals for a medical vessel or aircraft, but such actions would be a war crime," said the document, which was first reported last week by defense analyst William M. Arkin in a column on The Washington Post's online service. "Similarly, it might be possible to use computer morphing techniques to create an image of the enemy's chief of state informing his troops that an armistice or cease-fire agreement had been signed. If false, this also would be a war crime."
The document also addressed questions about whether the United States would be any more justified in using cyber weapons if a foreign adversary first hacked into U.S. computer networks. The answer: It depends on the extent of damage. One complicating factor, the defense lawyers wrote, is the difficulty of being certain about the real source and intent of some cyber attacks, whose origin can easily be disguised.
In the case of Yugoslavia, U.S. military authorities were slow to put together a plan for conducting information operations. But one was eventually assembled and approved by the middle of the 78-day war, the high-ranking officer said.
The plan involved many traditional information warfare elements psychological operations, deception actions, electronic jamming of radar and radio signals targeting not just Yugoslav military and police forces but Milosevic and his associates, the officer said. One tactic was to bombard the Yugoslav leadership with faxes and other forms of harassment.
© 1999 The Washington Post Company
blows whistle on Echelon
From BBC report...
November 2, 1999
World Global spy network revealed
Listening in to your phone calls and reading your emails
By Andrew Bomford of BBC Radio 4's PM programme
Imagine a global spying network that can eavesdrop on
every single phone call, fax or e-mail, anywhere on the planet.
It sounds like science fiction, but it's true.
Two of the chief protagonists - Britain and America -
officially deny its existence. But the BBC has
confirmation from the Australian Government that such a
network really does exist and politicians on both sides of
the Atlantic are calling for an inquiry.
On the North Yorkshire moors above Harrogate they can
be seen for miles, but still they are shrouded in secrecy.
Around 30 giant golf balls, known as radomes, rise from
the US military base at Menwith Hill.
Linked to the NSA
Inside is the world's most sophisticated eavesdropping
technology, capable of listening-in to satellites high
above the earth.
The base is linked directly to
the headquarters of the US
National Security Agency
(NSA) at Fort Mead in
Maryland, and it is also
linked to a series of other
listening posts scattered
across the world, like
Britain's own GCHQ.
The power of the network,
codenamed Echelon, is astounding.
Every international telephone call, fax, e-mail, or radio
transmission can be listened to by powerful computers
capable of voice recognition. They home in on a long list
of key words, or patterns of messages. They are looking
for evidence of international crime, like terrorism.
The network is so secret that the British and American
Governments refuse to admit that Echelon even exists.
But another ally, Australia, has decided not to be so coy.
The man who oversees Australia's security services,
Inspector General of Intelligence and Security Bill Blick,
has confirmed to the BBC that their Defence Signals
Directorate (DSD) does form part of the network.
"As you would expect there are a large amount of radio
communications floating around in the atmosphere, and
agencies such as DSD collect those communications in
the interests of their national security", he said.
Asked if they are then passed on to countries like Britain
and America, he said: "They might be in certain circumstances."
But the system is so widespread all sorts of private
communications, often of a sensitive commercial nature,
are hoovered up and analysed.
Journalist Duncan Campbell has spent much of his life
investigating Echelon. In a report commissioned by the
European Parliament he produced evidence that the
NSA snooped on phone calls from a French firm bidding
for a contract in Brazil. They passed the information on
to an American competitor, which won the contract.
"There's no safeguards, no remedies, " he said, "There's
nowhere you can go to say that they've been snooping
on your international communications. Its a totally lawless world."
Breaking the silence
Both Britain and America deny allegations like this,
though they refuse to comment further. But one former
US army intelligence officer has broken the code of silence.
Colonel Dan Smith told the BBC that while this is
feasible, it is not official policy: "Technically they can
scoop all this information up, sort through it, and find
what it is that might be asked for," he said. "But there is
no policy to do this specifically in response to a
particular company's interests."
Legislators on both sides of the Atlantic are beginning to
sit up and take notice. Republican Congressman Bob
Barr has persuaded congress to open hearings into
these and other allegations.
In December he is coming to Britain to raise awareness
of the issue. In an interview with the BBC he accused
the NSA of conducting a broad "dragnet" of
communications, and "invading the privacy of American citizens."
He is joined in his concerns by a small number of
politicians In Britain. Liberal Democrat MP Norman
Baker has tabled a series of questions about Menwith
Hill, but has been met with a wall of silence.
"There's no doubt it's being used as a listening centre,"
he said, "There's no doubt it's being used for US
interests, and I'm not convinced that Britain's interests
are being best served by this."
November 01, 1999
DoD Uses New Information Technology to Battle Y2K
By Paul Stone
American Forces Press Service
ARLINGTON, Va. -- To be a guest in the Arlington Institute's "fusion center"
here feels much like being a guest on the bridge of the Starship Enterprise.
Both are futuristic in substance and style and both offer a glimpse of uncharted
But unlike the Enterprise's make-believe view of the stars and planets, the view
from the fusion center is a map of Earth surrounded by hundreds of key words
that dance about in a verbal minuet.
The center is in the forefront of the information age. It gathers data from
literally thousands of sources throughout the world, synthesizes it and uses it
to predict people's behavior. The ultimate goal is to understand how society
might react to regional or global events, such as terrorism, political
instabilities or even Y2K, director John Petersen said.
Standing in front of a wall-sized computer screen, he explained how the center
combines the best available technologies with some of the brightest minds in the
fields of social and political behavior. By harnessing the power of computers
with the insight of the human mind, the center develops models to help predict
how events might unfold in the future.
The computer screen's display of a map of the world illustrates the global
nature of problems and society's interconnectedness, Petersen said. The words
that move about the map -- oil, Y2K, defense, cyberterrorism and others --
represent just a few of the search words the center uses to gather information
"This is an extraordinary time in history," Petersen said. "Because of the
information and technology available we're now able to look at large, complex
systems of data and discover patterns and shapes we couldn't see before. We can
look deeply into what used to seem like chaotic bits and pieces of information
and, combining it with the technology of computers, make some sense out of it."
The institute is using Y2K as a test case for its recently opened fusion center,
and DoD is right alongside. The Pentagon has teamed up with the institute to
help in its battle against Y2K.
According to Kevin Kirsch, who handles legislative liaison in DoD's Y2K office,
the fusion center data will help fill in a critical information gap.
"We've got a good handle on our own systems, which ones have been fixed and
which ones still need to be tested," he said. "But it would be nice to know how
people might react to Y2K, what they are doing to prepare and how they will
handle any problems that come up."
Kirsch said his office answers questions from the public every day concerning
Y2K. Most questions concern DoD-only Y2K repair efforts, but many cover a wide
spectrum of Y2K concerns.
"We have found it helps if we can just ease people's concerns, no matter what
the Y2K issue is," he said.
The fusion center monitors press reports from almost 200 news media outlets and
gathers information from databases using a program called "Starlight,"
originally developed by Pacific Northwest Laboratories for the intelligence
community. Petersen said Starlight streams information into a database 24 hours
a day and filters it according to key search words. He added that the program
looks for relationships between data and clusters it, providing a more complete
picture of the problem being studied.
"For example, if you wanted to look at the national electrical grid as it
relates to Y2K, Starlight could gather and cluster information and then produce
a three-dimensional representation on a map of the United States showing where
problems might occur," Petersen said.
In addition, the fusion center polls Americans across the country almost daily
to track their fears, preparations and attitudes about Y2K.
"Having this up-to-date latest information helps us alleviate concerns and, in
the long run, will increase awareness and preparedness," Kirsch said. This is
not only important for Jan. 1, when the millennium bug hits, but for many weeks
beyond, he added.
"Many experts believe that only 10 percent to 15 percent of what will actually
go wrong will happen on Jan. 1," Kirsch said. "Some programs will likely start
building up errors that will not be evident until later in the month when the
first payroll of the year is processed or when inventories are performed. Then
we have the leap year transition at the end of February, and in our testing
we've encountered just as many problems for that as we have for Jan. 1."
The leap year problem is that software not programmed to recognize 2000 as a
leap year will read Feb. 29 as March 1. The Y2K problem stems from a past
computer programming shorthand of expressing years in two digits -- 1999 would
be "99." Some computer systems on Jan. 1 might treat "00" as "1900" and
malfunction or shut down. Almost any computer system could be vulnerable, so all
must be checked and fixed or replaced.
Petersen said the Y2K scenario is an excellent example of the type of research
the fusion center makes possible.
"We're particularly interested in big surprises, global surprises that are
potentially disruptive and intrinsically out of control, whether it's an energy
revolution, global epidemic or Y2K," he said. "We know what can happen on the
technical side. What we're examining is the human side -- how people are
reacting. The fusion center is an exciting initiative and we think it's going to
provide valuable information."
Related Sites of Interest:
Confronting Y2K Web site U.S. Senate
Special Committee on the Year 2000 Technology Problem Web siteU.S. Senate Y2K
Front Page or Contents
Techno Warfare/ MACRO-USGOV Espionage Operations - Page 1
Techno Warfare/MACRO-USGOV Espionage Operations - Page 2
Techno Warfare/MACRO-USGOV Espionage Operations - Page 3
Techno Warfare/MACRO-USGOV Espionage Operations - Historicals