|
The technically easier task is eavesdropping on the contents of a computer monitor's screen.
There are a number of points along the path from video card to the monitor which might potentially radiate an electromagnetic signal which bears an impression of the "screen contents". The first is the card generating all of the signals. Next is the cable linking the card to the monitor and finally there is the monitor itself.
Ferrites at each end of the cable and a foil or braided shield mean that all but very old or very cheap kit will not betray your viewing habits by turning that cable into an antenna. And a closed computer case will keep the video card from broadcasting to all and sundry.
This leaves the original TEMPEST attack on the signal radiated by the display device as it "constructs" the image. With a TV set or older low resolution monitors reconstructing a monochrome facsimile of the screen is a relatively trivial task. It is something that any expert hobbyist could manage since both broadcast very strong signals. Primarily because neither has any significant shielding, which allows the 40-80,000 volt "flyback" transformer (among other things) to act as an effective radio transmitter. And relatively trivial is not the same thing as easy. Recovering the screen image, still requires extracting a multi-megahertz signal from a very low frequency carrier signal.
Now all that is allowable simply because the device came first. The frequencies at which TVs and like resolution displays operate, weren't particularly useful for hit bandwidth communication anyway so there was no great incentive to "protect" the 24-25 KHz band, and once TVs started (mass) broadcasting whacking great carrier signals on these frequencies the point became moot. That band of radio was simply DEAD. Eventually advances in technology make it possible to skim a "strong" nearby signal from the general noise. And thus TEMPEST is born. With one major caveat. The "listening antenna" has to be placed where the desired signal is the strongest one.
Variable resolution computer monitors (Particularly as screen resolutions radically departed from VGA specs (and near parity with TV)) made it too expensive to continue the policy of simply abandoning bands of the airwaves when they became too "polluted". To start with instead of residing in one narrow notch of the electromagnetic spectrum, the various signals are smeared across a broad swathe. And nor are the vast majority sinchronised with a small number of broadcast signals.
This along with the general propensity of modern kit of any sort to radiate on any number or commercially valuable wavelengths lead to Emission's Standards Control. Modern electronic kit has just too many (and varied) high frequency components to be allowed to radiate freely. Enclosures are shielded, as are cables which are further protected with ferrite cores. All enclosures containing electronic componentry which has the potential to radiate a signal mist by regulation be shielded to a certain minimum standard.
Yes this allows some leakage, but not very much. Certainly not enough to be distinguishable from the background at any practical range, except where computers are very few and far between. In any urban setting, the receiving antenna, a fairly large, complex and delicate device in its own right, would have to be within the target's property boundaries to get a reliable signal. And forget about picking out anything from a cubicle farm at all, at all. Obtaining a suitable angular orientation to the "device of interest" makes the whole problem just that little bit more interesting.
So theoretically it is doable, and it might barely be practicable under precisely the right circumstances, (Say at a trade show) but as a general purpose, surveillance technique, that can be legally carried out without an enabling warrant, it's a non starter. And the counter is ludicrously simple. A device that sits between the computer and the monitor cable which precisely synchronises with the timing signals to the monitor and broadcasts a "jamming" signal on exactly the same wavelength as the monitor.
Now for reading old data from a hard disk.
One theoretical possibility is remounting platters in more sensitive platforms and doing all sorts of scientific magic to "read" the "spaces" between magnetically stored bits. It works on the theory that at different temperatures, the exact position at which a bit is written moves slightly because different parts of the hard disk expand and contract at slightly different rates. So far so good. However, just to get the necessary resolution to read inside the "gaps" requires at least two and arguably three or more generations more sensitive hardware. So anything stored on cutting edge hardware is safe for at least two years.
For "fresher" data the only available option is quite literally putting the platter under a microscope and reading the "fringes" one bit at a time.
And having achieved the necessary degree of acuity of magnetic "sight" the "reader" has to hope that the "overwrite" occurred under completely different conditions than when the overwritten data was originally written.
According to the articles I've read, the best hope is scanning the disk's surface for areas where there actually is a good solid read in the gap. Such locales are decoded and some sense is hopefully made of the data found there. Illicit material of single types: pictures, music, movies are easiest. But it's a total crap shoot as to whether anything of use is actually recovered. The more there was originally the better the chances, but there is no guarantee. And it's an expensive fishing trip no matter what.
Finding remnants of a child porn collection, or evidence of a bootleg collection of five thousand copyright audio tracks would be amongst the least difficult of tasks. Tracking down specific "subversive" literature? Not bloody likely! Plain text at best amounts to only a fraction of a percent of stored data, finding it amongst the small amount of actually recoverable data in actionable amounts would be highly unlikely.
It's doable yes. Practical only with relatively dated recording media, and to all intents and purposes, there will be no further significant improvements in the capability. Current generation kit, just doesn't have any gaps from which reliable data can be recovered. Next generation kit will make such "reading between the lines" impossible. Every single magnetic domain on the hard disk platter will occupy its own individual micro machined pit. And there will be nothing whatsoever in the gaps.
It's a dead end technology, good for perhaps a few more years as a forensic fishing rod. But as a tool of repression, its not a concern.
There are so many other, far easier avenues of intrusion, that TEMPEST and forensic recovery of overwritten data are almost pure fap material. Workable only under ideal conditions. Trojans; undisclosed back doors (for the ConspTheory crowd); ISP logfiles, unpatched vulnerabilities; social engineering; physical bugs; software bugs; all are far far bigger threats to anyone's data.
Sorry to say, but the demos you have seen are pretty much all fluff and no substance. It keeps the paranoid looking over their shoulders. It works a lot like the Stassi files. It wasn't so much that you were in there and under surveillance, but that it was impossible to know that you weren't. But the counters are so simple, a $10 jamming device to thwart covert surveillance and a ball peen hammer to make forensic examination of a hard disk a moot point. Almost any form of halfway decent encryption will also make it virtually impossible to recover anything at all.
As with any other law enforcement "surveillance device" they're essentially stupidity filters and in this case very expensive and utterly impractical ones at that.
NSA can indeed do these things. At least for demonstration purposes. But there is no earthy reason for the NSA to attempt to go to the expense with no guarantee of a result, to attempt to use the technology except in the most exceptional of circumstances. And as the saying goes: "If you can't take a joke, why did you join the ..."
If THEY want to "come for you and I", we have almost certainly left enough subversive footprints across the Web, that THEY will have all the excuse they need to cause us to "disappear" if THEY so desire.
If the NSA (or anyone else) IS looking over your shoulder, I can almost guarantee that these two techniques are amongst the last that will be pulled from their bag of tricks (dirty or otherwise).
|