Author Topic: IMPORTANT: Please read about TEMPEST  (Read 6604 times)

0 Members and 1 Guest are viewing this topic.

Offline Satyagraha

  • Global Moderator
  • Member
  • *****
  • Posts: 8,941
IMPORTANT: Please read about TEMPEST
« on: September 30, 2009, 10:35:28 am »
First, if you doubt that we are led by psychopaths, then please listen to this: http://www.thecorbettreport.com/mp3/episode090_our_leaders_are_psychopaths.mp3

Second, if you have not yet listened to AI & LordsSyndicate's recent interview on the Corbett Report, you should listen to it, because you will learn what these psychopaths are doing RIGHT NOW.  Here's the interview: http://www.thecorbettreport.com/index.php?ii=215&i=Documentation

In their interview, they talk about TEMPEST. 
Read on for more information about this program:

http://www.eskimo.com/~joelm/tempestintro.html

What is TEMPEST?

TEMPEST is a U.S. government code word that identifies a classified set of standards for limiting electric or electromagnetic radiation emanations from electronic equipment. Microchips, monitors, printers, and all electronic devices emit radiation through the air or through conductors (such as wiring or water pipes).

An example is using a kitchen appliance while watching television. The static on your TV screen is emanation caused interference. (If you want to learn more about this phenomena, a company called NoRad has an excellent discussion (X) of electromagnetic radiation and computer monitors (and Chomerics has a good electromagnetic interference 101 page), that you don't need to be an electrical engineer to understand. Also, while not TEMPEST-specific, a journal called Compliance Engineering (O), typically has good technical articles relating to electromagnetic interference. There's also the Electromagnetic Compliance FAQ.)  (Note: NONE of these links are working... they don't WANT you to know. Secrecy is important, because if you know about this - you can take actions to interfere with it; which will effectively stall their progress. )

During the 1950's, the government became concerned that emanations could be captured and then reconstructed. Obviously, the emanations from a blender aren't important, but emanations from an electric encryption device would be. If the emanations were recorded, interpreted, and then played back on a similar device, it would be extremely easy to reveal the content of an encrypted message. Research showed it was possible to capture emanations from a distance, and as a response, the TEMPEST program was started. (For some interesting perspectives on the history of TEMPEST, see this timeline and do a text search for TEMPEST at this UK list archive.) This one works: http://cryptome.org/tempest-old.htm

The purpose of the program was to introduce standards that would reduce the chances of "leakage" from devices used to process, transmit, or store sensitive information. TEMPEST computers and peripherals (printers, scanners, tape drives, mice, etc.) are used by government agencies and contractors to protect data from emanations monitoring. This is typically done by shielding the device (or sometimes a room or entire building) with copper or other conductive materials. (There are also active measures for "jamming" electromagnetic signals. Refer to some of the patents listed below.)

Bruce Gabrielson, who has been in the TEMPEST biz for ages, has a nice unclassified general description of TEMPEST that was presented at an Air Force security seminar in 1987.

In the United States, TEMPEST consulting, testing, and manufacturing is a big business, estimated at over one billion dollars a year. (Economics has caught up TEMPEST though. Purchasing TEMPEST standard hardware is not cheap, and because of this, a lesser standard called ZONE (O) has been implemented. This does not offer the level of protection of TEMPEST hardware, but it quite a bit cheaper, and is used in less sensitive applications.)

Emanation standards aren't just confined to the United States. NATO has a similar standard called the AMSG 720B Compromising Emanations Laboratory Test Standard. In Germany, the TEMPEST program is administered by the National Telecom Board. In the UK, Government Communications Headquarters (GCHQ), the equivalent of the NSA, has their own program.


--------------------------------------------------------------------------------

TEMPEST History
The original 1950s emanations standard was called NAG1A. During the 1960s it was revised and reissued as FS222 and later FS222A.

In 1970 the standard was significantly revised and published as National Communications Security Information Memorandum 5100 (Directive on TEMPEST Security), also known as NACSIM 5100. This was again revised in 1974.

Just how prevalent is emanation monitoring?

There are no public records that give an idea of how much emanation monitoring is actually taking place. There are isolated anecdotal accounts of monitoring being used for industrial espionage (see Information Warfare, by Winn Schwartau), but that's about it. (However, see a very interesting paper written by Ian Murphy called Who's Listening that has some Cold War TEMPEST spy stories.) Unfortunately, there's not an emanation monitoring category in the FBI Uniform Crime Reports.  (While not TEMPEST-specific, the San Jose Mercury News printed a November 11, 1998 article(O) on how much money American businesses are losing to economic espionage.  Considering some of the countries involved, hi-tech spying techniques are likely being used in some cases.)

Threat?
There are a few data points that lead one to believe there is a real threat though, at least from foreign intelligence services. First of all, the TEMPEST industry is over a billion dollar a year business. This indicates there's a viable threat to justify all of this protective hardware (or it's one big scam that's making a number of people quite wealthy). 

(Note: CoIntelPro - this is very real, and this is part of the Total Information Awareness campaign mounted for NWO's OODA loop 'observation' phase to generate plausible scenarios to make DECISIONS about actions they intend to take. In short, this is NOT about defense from foreign surveillance; this is about surveillance on WE the PEOPLE.)

This scope of the threat is backed up with a quote from a Navy manual that discusses "compromising emanations" or CE. "Foreign governments continually engage in attacks against U.S. secure communications and information processing facilities for the sole purpose of exploiting CE." I'm sure those with appropriate security clearances have access to all sorts of interesting cases of covert monitoring.

Or not?
In 1994, the Joint Security Commission issued a report to the Secretary of Defense and the Director of Central Intelligence called "Redefining Security." It's worthwhile to quote the entire section that deals with TEMPEST.

TEMPEST (an acronym for Transient Electromagnetic Pulse Emanation Standard) is both a specification for equipment and a term used to describe the process for preventing compromising emanations. The fact that electronic equipment such as computers, printers, and electronic typewriters give off electromagnetic emanations has long been a concern of the US Government. An attacker using off-the-shelf equipment can monitor and retrieve classified or sensitive information as it is being processed without the user being aware that a loss is occurring. To counter this vulnerability, the US Government has long required that electronic equipment used for classified processing be shielded or designed to reduce or eliminate transient emanations. An alternative is to shield the area in which the information is processed so as to contain electromagnetic emanations or to specify control of certain distances or zones beyond which the emanations cannot be detected. The first solution is extremely expensive, with TEMPEST computers normally costing double the usual price. Protecting and shielding the area can also be expensive. While some agencies have applied TEMPEST standards rigorously, others have sought waivers or have used various levels of interpretation in applying the standard. In some cases, a redundant combination of two or three types of multi-layered protection was installed with no thought given either to cost or actual threat.

A general manager of a major aerospace company reports that, during building renovations, two SAPs required not only complete separation between their program areas but also TEMPEST protection. This pushed renovation costs from $1.5 million to $3 million just to ensure two US programs could not detect each other's TEMPEST emanations.

In 1991, a CIA Inspector General report called for an Intelligence Community review of domestic TEMPEST requirements based on threat. The outcome suggested that hundreds of millions of dollars have been spent on protecting a vulnerability that had a very low probability of exploitation. This report galvanized the Intelligence Community to review and reduce domestic TEMPEST requirements.

Currently, many agencies are waiving TEMPEST countermeasures within the United States. The rationale is that a foreign government would not be likely to risk a TEMPEST collection operation in an environment not under their control. Moreover, such attacks require a high level of expertise, proximity to the target, and considerable collection time. Some agencies are using alternative technical countermeasures that are considerably less costly. Others continue to use TEMPEST domestically, believing that TEMPEST procedures discourage collection attempts. They also contend that technical advances will raise future vulnerabilities. The Commission recognizes the need for an active overseas TEMPEST program but believes the domestic threat is minimal.

Contractors and government security officials interviewed by the Commission commend the easing of TEMPEST standards within the last two years. However, even with the release of a new national TEMPEST policy, implementation procedures may continue to vary. The new policy requires each Certified TEMPEST Technical Authority (CTTA), keep a record of TEMPEST applications but sets no standard against which a facility can be measured. The Commission is concerned that this will lead to inconsistent applications and continued expense.

Given the absence of a domestic threat, any use of TEMPEST countermeasures within the US should require strong justification. Whenever TEMPEST is applied, it should be reported to the security executive committee who would be charged with producing an annual national report to highlight inconsistencies in implementation and identify actual TEMPEST costs.

Domestic implementation of strict TEMPEST countermeasures is a prime example of a security excess because costly countermeasures were implemented independent of documented threat or of a site's total security system. While it is prudent to continue spot checks and consider TEMPEST in the risk management review of any facility storing specially protected information, its implementation within the United States should not normally be required.

The Commission recommends that domestic TEMPEST countermeasures not be employed except in response to specific threat data and then only in cases authorized by the most senior department or agency head.
 
It's also interesting to note that the National Reconnaissance Office (NRO) eliminated the need for domestic TEMPEST requirements in 1992.

BULLSHIT.

-------------------------------------------------------------------

There's a lot more information minus the CoIntelPro at this link: CRYPTOME

And  the King shall answer and say unto them, Verily I say unto you, 
Inasmuch as ye have done it unto one of the least of these my brethren,  ye have done it unto me.

Matthew 25:40

Offline lordssyndicate

  • Moderator
  • Member
  • *****
  • Posts: 1,141
  • Stop The New World Order
    • LinkedIn Profile
Re: IMPORTANT: Please read about TEMPEST
« Reply #1 on: April 17, 2010, 12:59:14 am »
Exactly ................ 'Nough said ...
"Biotechnology it's not so bad. It's just like all technologies it's in the wrong HANDS!"- Sepultura