tempest

Do You Know That The Information In Your PC Is Spreading Around??

We know that electrical and electronic equipment may have intentionally or unintentionally electromagnetic energy radiation to their surroundings. Wireless transmitters, mobile phones, radars, detectors, wireless data transmission systems do voluntarily emit this energy. But it is not desirable for a computer, copier or projection device to emit electromagnetic energy around. As I mentioned in my previous article, TEMPEST is a term that refers to unintentional electromagnetic energy emissions caused from electrical and electronic equipment that process confidential information, and also a code name by U.S. to investigate, examine, and control such emissions.

Although it seems utopian, TEMPEST is quite an old method of intelligence. Once energy emitted from the electrical device is picked up by an antenna and receiver, it can be amplified and reprocessed, and sometimes image refined thus information leakage can be obtained. This method was brought to Turkey by a team that I myself was a member of, in 1990’s, a laboratory and technical infrastructure that can create, solve and test the TEMPEST Problem with completely national abilities was established and personnel were trained. The most striking point of the problem is that leakage from any information processing device can be obtained … information displayed on the computer screen, information read on the CD drive, information replicated on the copier, transmitted by fax, scanned on the scanner, printed on the printer … all the information processing equipment that can come into your mind, is a potential TEMPEST leak source.

Are you sure that your PC is safe with the precautions you had taken???

The simplest TEMPEST scenario is that; while you are writing a CONFIDENTIAL article in your computer, the exploiter is collecting the signals electromagnetically spreading from your screen and reconstructing it… just like collecting aerial broadcast information sent over kilometers and watching a TV programme in our living room… This process can be done surreptitiously upstairs, in the next building or in a panelvan with darkened glass parking in front of your office…just like you do not know who is watching your television broadcasts! This kind of leak is known as “radiated emissions leakage”. Another way of collecting information leaks beyond using an antenna is to penetrate the network which the information processing device is connected and reach to the information … Going through the same example, CONFIDENTIAL information in your computer can also be obtained by penetrating to the power network or internet network it is connected to, collecting the data by a monitoring probe, even from hundreds of meters away..! This method is known as “conducted emissions leakage”. Neither the update of the antivirus on your system, nor the power of your firewall means anything against TEMPEST, because if the information is open on your screen, the same information exists in the air and on your network, and therefore on the exploiters antenna and probe…

So, how can we become safe against TEMPEST Leaks??

Actually the risk is big, but some measures are quite easy. First, I must say that the only and safest measure of the leakage through the conducted emissions is the TEMPEST filtering to be done on the signal lines or the power lines. Filters are devices that prevent leaks out without affecting the operation of the device. Leaks caused by radiated emissions can be prevented by the use of special designed equipment. During my years at TÜBİTAK – UEKAE, I have directed National TEMPEST Filters, National TEMPEST Proof IT Equipment development projects. Today, thousands of devices we have developed are used in many critical govermental institutions and military areas. If you do not have a chance to use these special devices of high cost, you should pay attention to work in the special chambers with TEMPEST proof or having a large controlled zone by taking advantage of the principle that leakage signals decrease inversely with distance.

 

This article was published in periodical “Science and Technology to Everybody (Herkese Bilim Teknoloji)”, March 10th, 2017.

Electromagnetic Information Leaks: TEMPEST

The facilities we provide for living in the age of information technology are making information being processed with technological improvements more and more common every day. We are now able to carry information in discs about the size of a finger where not so much, back to 20 years ago, the same information was only be reached through hundreds of books on the shelves. All the libraries in the world are as close as our smartphone in our pocket …

A common feature of information-processing technologies is being under usage of electrical and electronic systems. This is, for sure, also the open door firstly applied by unauthorized persons who wish to access information. We know that electrical and electronic equipment voluntarily or unintentionally radiate some electromagnetic energy to their surroundings. The effect of this energy on the performance of the devices is observed under Electromagnetic Compatibility (EMC) subject. In terms of information security, there is a very serious threat in this case. TEMPEST is a code name that describes the work carried out to collect, examine, and reconstruct the information contained in electromagnetic energy emitted from electrical and electronic equipment. Although it seems like an abbreviation, TEMPEST is a name given by U.S. to the works in this subject. Yes, it may seem quite utopian at first sight, but TEMPEST has been used since the 1950s. The information is reconstructed by processing the electromagnetic leaks that propagate from the body of the information processing device to the air or to power network to which it is connected through its conductors. If this information is classified (confidential) information, of course the value is very high.

The first use of TEMPEST for intelligence purposes is that the British MI5 organization in the 1960s obtained information from France’s cryptographic communication in this way. However, during the Second World War, America had worked on this method and obtained a variety of information with similar principles, it can be understood from the documents that lost confidentiality today.

The first scientific and completely open work on TEMPEST was in 1985, an experiment and the paper explaining it by Wim Van Eck, a Dutch telecom researcher. The experiment  showed that a computer’s screen can be reconstructed from the electromagnetic emissions, meters away from the source.

So, what is the situation in Turkey ???

TEMPEST technology was brought to our country in the 1990s by a team that I was also a memeber of. In TÜBİTAK National Cryptology Institute, a TEMPEST laboratory was established and put in service for Turkish Armed Force and govermental bodies, by a protocol signed with the General Staff. So, although a little bit late compared to some leading states, the technology can still be pursued with national possibilities. The question that needs to be emphasized here is, what technologies do these advanced nations develop in our country’s today?

This article was published in periodical “Science and Technology to Everybody (Herkese Bilim Teknoloji)”, February 10, 2017.

EM_BilgiKacaklari

Information Security and Threats

The myriad measures we have taken for the security of our personal data may be making our daily life a bit more difficult. However, it should not be forgotten that everyday a new information stealing and intelligence method is being developed against every measure taken.

While we are spending so much time and effort in the simplest terms on our personal data, what can be the level  for institutions, communities and moreover for countries to ensure information security?

Protecting the information and against it, the intelligence activities carried out in order to acquire information bring to mind military and political issues firstly. When we have a look to NATO’s security structure for the sake of generalization, Information Security is at the top level under Basic Security heading, along with Physical Security, Personnel Security, Procedure Security and Document Security. In a subdivision, Information Security (InfoSec) contains Computer Security (CompuSec) and Communication Security (ComSec) components. Afterwards, the different security sub-units created for different threats, branching out as we go over the details …

So what are the threats that require so much precautions?

It is impossible to tell all the threats so long here, but I can clearly say that as we are discussing these issues now, some new intelligence methods are being developped somewhere… But in general, we can summarize the issue as seizing the information from involuntary emanations (passive intelligence) and attacting to information secured against unauthorized access (active intelligence).

Today, while corporations and organizations are struggling to prevent unauthorized access to data in computers primarily, thinking that they are safe by using firewalls and antiviruses, in fact, information is spreading around as emanations. For the unauthorized persons who are in passive listening mode, they only accumulate the information free in the environment with their technical capabilities. An old technology, “listenning to what is spoken in the environment by remote laser signals, by means of transducing the vibration generated on the glass into significant voice and texts (optical intelligence)” can still be utopian for somebody today. In the same way, using TEMPEST technology (obtaining information from electromagnetic emanations) to get the information from IT devices such as computer screens, hard drives, printers, scanners, etc., remotely from a distance of tens of meters, is still attractive, however it is first used in the 1960s.

“Emotional” analysis with wireless data signals: EQ-Radio …

You must have read the news that a group of scientists at MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) have conducted studies on analyzing emotions by sending wireless data signals and have 87% successful results. With the wireless signals sent, they can detect the excited, sad or irritated moods of the people. There is no doubt that this technology, called EQ-Radio, will be actively used to get more detailed information in the close future. The fact that wireless modems are widespread in every environment we are entering, will force you to embrace “what information can be gathered with the signals sent from the modems”. While we continue to feel safe with the antiviruses and firewalls we set, honestly, we live in an era when we can not guarantee that the information in our mind is not captured.

This article was published in periodical “Science and Technology to Everybody (Herkese Bilim Teknoloji)”, November 18, 2016

Bilgi Güvenliği ve Tehditler

Information Security and Turkey

I have shared in my previous article that the dizzying development in Information Technology has led to a number of complications that make our life more difficult for “Information Security”. Personal, sectoral, commercial, national and, in fact, a global sense of information security requirements renew themselves every day.

What is happening in Turkey while something new is being done every minute for information security all over the world?

In fact, the answer to this question is rather complicated not only for our country, but for all countries and even for communities like the EU and NATO. First of all, it is worth mentioning that we can see Cyber Security as the flagship of information security. In particular, the precautions to be taken in communication security are the first ring of the chain. The ministry responsible for this issue in Turkey is the Ministry of Transport, Maritime Affairs and Communications. With the amendment made in 2008 also received the new name the chief actor of the process is Information Technologies and Communications Authority (BTK). It is working on information technologies at regional, national and international level. Monitoring the communication made up of all the communication channels including internet until the 15th of July was carried out by the Telecommunication Communication Presidency (TİB), a sub-unit of the Institution (BTK), after which the authorities of the abandoned unit were gathered in the BTK.

Have a central Information Security structure been established with BTK?

Clearly no! In fact, the idea and work of establishing a National Information Security Organization, which has a comprehensive and authoritarian nature, has existed for many years in different periods. The team, which I had been working for on behalf of TUBITAK-UEKAE and which is hosted by the General Secretariat of the National Security Council, consist of Prime Ministry, the Ministry of National Defense and other relevant ministries, the Undersecretariat of National Intelligence Agency, the General Staff and the General Directorate of Power Commands worked for long days of shift for the establishment of this organization and the related laws. The current state of the draft of the proposed law, which is being developed every year, is a partly became reality as the decision of Council of Ministers’ on the “Implementation, Management and Coordination of the Workshops on National Cyber Security. As a concrete organization, we can give the National Cybercrime Intervention Center (USOM) as the example, which has undertaken the task of detecting and threatening the cyber threats that our country might be exposed to, conducting activities and informing relevant places.

Despite a central restructuring effort on National Information Security, our country has a balance formed by the support from the ministries, the General Staff and the Force Commands, the General Directorate of Security, TUBITAK and some other Public Institutions and even the banks.

Electronic signature and electronic certificate usage is spreading rapidly in our country as it is in developed countries in order to use internet in the public works more securely, which is the most important instrument of the age.

It is very clear that measures to take, planned measures, laws, drafts of laws, agencies, committees will be in an ever-changing regeneration process every passing day. However, the fact that personal information of nearly 50 million citizens has been stolen and published on the internet in the very recent past is the most concrete indication that we should take more serious steps in this dynamic process …

This article was published in periodical “Science and Technology to Everybody (Herkese Bilim Teknoloji)”, October 7, 2016

Türkiye bilgi güvenliği