Professional Documents
Culture Documents
1. INTRODUCTION
Echelon is the technology for sniffing through the messages sent over
a network or any transmission media, even it is wireless messages. Tempest is
the technology for intercepting the electromagnetic waves over the air. It
simply sniffs through the electromagnetic waves propagated from any devices,
even it is from the monitor of a computer screen. Tempest can capture the
signals through the walls of computer screens and keystrokes of key board
even the computer is not connected to a network. Thus the traditional way of
hacking has a little advantage in spying.
For the common people it is so hard to believe that their monitor can
be reproduced from anywhere in one kilometer range without any transmission
media in between the equipment and their computer. So we have to believe the
technology enabled us to reproduce anything from a monitor of computer to
the Hard Disks including the Memory (RAM) of a distant computer without
any physical or visual contact. It is done with the Electromagnetic waves
propagated from that device.
The targets for the ECHELON system developed by the NSA are
apart from directing their ears towards terrorists and rogue states; ECHELON
is also being used for purposes well outside its original mission. In America
the regular discovery of domestic surveillance targeted at American civilians
for reasons of “unpopular” political affiliation or for no probable cause at all in
violation of the First, Fourth and Fifth Amendments of the Constitution of
America– are consistently impeded by very elaborate and complex legal
For these above reasons our country INDIA must be enabled to cop
with the new interception system. For that we, engineers must do the work
other wise our country will also become vulnerable to any attacks from the
other states. For that reason i am presenting this seminar.
3 INSIDE TEMPEST
RED Base band Signals -- The most easily recognized CE is the RED base
band signal in attenuated but otherwise unaltered form, since it is essentially
identical to the RED base band signal itself. This emanation can be introduced
into electrical conductors connected to circuits (within an EUT) which have an
impedance or a power source in common with circuits processing RED
baseband signals. It can be introduced into an escape medium by capacitive or
Figure 1
Figure 2
Attack software can read these parameters directly from the video
controller chip, or find them in configuration files. For instance, on the ones
Linux Workstation, a line of the form
If we de_ne t = 0 to be the time when the beam is in the centre of the upper left
corner pixel (x = 0, y = 0), then the electron beam will be in the centre of the
pixel (x,y) at time
For all 0 _ x < xd, 0 _ y < yd and n 2 IN. Using the above formula with the
frame counter n = 0, we can now calculate a time t for every pixel (x,y) and set
this pixel to an 8-bit greyscale value of [255/2+S(t)+R] with amplitudes, A =
255/4 and m = 1, where R is in between 0 and 1 is a uniformly distributed
random number that spreads the quantization noise (dithering) for screen
contents generated this way to broadcast an AM tone.
figure 3
It is not necessary to fill the entire screen with the pattern, but the
energy of the transmitted signal is proportional to the number of pixels that
display it. Ideally, both fc and ft should be integer multiples of fv to avoid
phase discontinuities from one line or frame to the next.
This will work everywhere in the labs and in nearby rooms, while
reception over longer distances was good so long as the receiver antenna was
held close to power supply lines. As one might expect from the wavelengths
involved, the power lines appear to propagate more RF energy than the
parasitic antennas in the PC do. In addition, the handheld radio used for this
demonstration had only a simple untuned dipole antenna, so with a better
antenna we would expect to get reasonable reception at several hundred
metres.
The shortwave (HF) radio bands in the 3{30 MHz range seem to be
the best for this attack. They are the highest bands that normal radios can pick
up and that are well below the pixel frequency fp. Although computer monitors
and video cables are too small to be efficient antennas for these frequencies,
line, the VDU cable can be a quite adequate antenna. In these cases, the attack
software can broadcast unobtrusively in the evening and early morning hours.
The attack software can use frequency shift keying, with 0 and 1
represented by tone patterns like those shown in Fig. 3. These would be loaded
into two video buffers which would be switched at the frame rate fv. Fast
switches between screen patterns and real-time amplitude modulation can also
be accomplished using the colour lookup table. The bit pattern would be
encoded first to provide forward error correction before its bits are used to
select the sequence of tones transmitted.
attack software would dither one or more colours in several lines of the screen
layout using a pseudorandom bit sequence. A cross-correlator in the receiver
gets one input from an antenna and sees at its other input the same
pseudorandom bit sequence presented with the guessed pixel clock rate of the
monitor. It will generate an output peak that provides the phase difference
between the receiver and the target. A phase-locked loop can then control the
oscillator in the receiver such that stable long-term averaging of the screen
content is possible. Information can be transmitted by inverting the sequence
depending on whether a 0 or 1 bit is to be broadcast. Readers familiar with
direct sequence spread-spectrum modulation will find the idea familiar, and
many spread-spectrum engineering techniques are applicable.
In most cases, only EUT input and/or output conductors carry the
intentional RED signals; all other conductors usually carry signals devoid of
classified data. Because of design weaknesses, poor component quality or
location, improper wiring layout, and inadequate shielding by the chassis
TEMPEST FONTS:-
TEMPEST fonts are used for protecting the computers form the
eavesdropper. There is some specific software for this and these softwares will
calculate the power dissisipation of the normal fonts and if it is vulnerable to
the TEMPEST attack, the software will filter that software and show that font
as the most convenient way
The filtered text looks rather blurred and unpleasant in this magnified
representation, but surprisingly, the loss in text quality is almost unnoticeable
for the user at the computer screen, as the magnified photos in the lower half of
Fig. 4 show. The limited focus of the electron beam, the limited resolution of
the eye, as well as effects created by the mask and the monitor electronics filter
the signal anyway.
4 INSIDE ECHELON
Espionage targets
Espionage methods
The form of espionage by technical means with which the public are
most familiar is that which uses satellite photography. In addition, however,
electromagnetic signals of any kind are intercepted and analysed (.signals
intelligence, SIGINT). In the military field, certain electromagnetic signals,
e.g. those from radar stations, may provide valuable information about the
organisation of enemy air defences (.electronic intelligence, ELINT). In
addition, electromagnetic radiation which could reveal details of the position
of troops, aircraft, ships or submarines is a valuable source of information for
an intelligence service. Monitoring other states, spy satellites which take
photographs, and recording and decoding signals from such satellites, is also
useful. The signals are recorded by ground stations, from low-orbit satellites or
from quasi-geostationary SIGINT satellites. This aspect of intelligence
operations using electromagnetic means consumes a large part of services.
Interception capacity, however, this is not the only use made of technology.
It has long been known that special AWACS aircraft are used for the
purpose of locating other aircraft over long distances. The radar equipment in
these aircraft works in conjunction with a detection system, designed to
identify specific objectives, which can locate forms of electronic radiation,
classify them and correlate them with radar sightings .They have no separate
SIGINT capability. In contrast, the slow-flying EP-3 spy plane used by the US
Navy has the capability to intercept microwave, USW and short-wave
transmissions. The signals are analysed directly on board and the aircraft is
Dept. of CS 29 CAS Thodupuzha
Seminar Report ’09 Tempest and Echelon
used solely for military purposes. In addition, surface ships, and in coastal
regions, submarines are used to intercept military radio transmissions.
Keywords:-
keyword “hits” are tagged for future analysis. Again, it is not just the ability to
collect the electronic signals that gives ECHELON its power; it is the tools and
technology that are able to whittle down the messages to only those that are
important to the intelligence agencies.
for the Waihopai facility. These codewords play a crucial identification role for
the analysts who eventually look at the intercepted messages.
Echelon is the vast network formed by NSA and its allies all over
the world to intercept the messages sent through any transmission media. It
plays a major role in the intelligence related work of the NSA and its allies. It
uses the largest computing power of distributed systems. It uses search
algorithms and sophisticated softwares like speech recognition and OCR
software….
the sensitive data of the industries and it will cause harm to that companies.
And again the Tempest equipments are available in USA and is prohibited of
exporting from there, and thus if some terrorists got these Tempest equipments
then it will cause harm to our industries and society. But many of the corporate
firms are protecting their companies from the Tempest attacks by use of
software and equipments to prevent the Tempest attacks.
6 . REFERENCES
CONTENTS
1. Introduction 1
3. Inside Tempest 7
4. Inside Echelon 23
6. References 36
ABSTRACT
ACKNOWLEDGMENT