Declassified NSA Document Reveals the Secret History of TEMPEST
By Ryan Singel April 29, 2008 | 9:07:00 PMCategories: Sunshine and Secrecy
It was 1943, and an engineer with Bell Telephone was working on one of the U.S. government’s most sensitive and important pieces of wartime machinery, a Bell Telephone model 131-B2. It was a top secret encrypted teletype terminal used by the Army and Navy to transmit wartime communications that could defy German and Japanese cryptanalysis.
This teletype-encryption machine, known as the Sigaba m134c, was used alongside the Bell Telephone machine found to be leaking signals. The Bell 131-B2 used special one-time tapes to create unbreakable codes.
Photo: Mark Pellegrini
Then he noticed something odd.
Far across the lab, a freestanding oscilloscope had developed a habit of spiking every time the teletype encrypted a letter. Upon closer inspection, the spikes could actually be translated into the plain message the machine was processing. Though he likely didn’t know it at the time, the engineer had just discovered that all information processing machines send their secrets into the electromagnetic ether.
Call it a TEMPEST in a teletype.
This story of how the United States first learned about the fundamental security vulnerability called “compromising emanations” is revealed for the first time in a newly-declassified 1972 paper TEMPEST: A Signal Problem (.pdf), from the National Security Agency’s secret in-house journal Cryptologic Spectrum.
“There has always been speculation about TEMPEST coming out of the Cold War period,” says Joel McNamara, author of Secrets of Computer Espionage: Tactics and Countermeasures, who maintained for years the best compilation of public information on TEMPEST. “But the 1943 Bell Labs discovery is roughly ten years earlier than I would have expected.”
The unnamed Bell Telephone technician was the Alexander Graham Bell of a new, secret science, in which electronic eavesdroppers — as far away as hundreds of feet from their target tune into radio waves leaking from electronic equipment to steal secrets.
Building on the breakthrough, the U.S. developed and refined the science in an attempt to spy on the Soviets during the Cold War. And it issued strict standards for shielding sensitive buildings and equipment. Those rules are now known to government agencies and defense contractors as TEMPEST, and they apply to everything from computer monitors to encrypted cell phones that handle classified information.
Until now, little has been known about when and how the U.S. government began trying to protect itself from this threat, and the NSA paper tells the story well.
Bell Telephone faced a dilemma. They had sold the equipment to the military with the assurance that it was secure, but it wasn’t. The only thing they could do was to tell the [U.S. Army] Signal Corps about it, which they did. There they met the charter members of a club of skeptics who could not believe that these tiny pips could really be exploited under practical field conditions. They are alleged to have said something like: “Don’t you realize there’s a war on? We can’t bring our cryptographic operations to a screeching halt based on a dubious and esoteric laboratory phenomenon. If this is really dangerous, prove it.”
So the Bell engineers were place in a building on Varick Street in New York. Across the street and 80 feet away was Signal Corps Varick Street cryptocenter. The engineers recorded signals for about an hour. Three or four hours later, they produced about 75% of the plain text that was being processed–a fast performance, by the way, that has been rarely equaled.
Oddly, the lessons were forgotten at the close of the World War II — even as the Soviets seemed to have learned to insulate their machines. In 1951, the CIA told the nascent NSA that they had been playing with the Bell teletype machines and found they could read plain text from a quarter mile down the signal line.
In 1962, the Japanese, then our allies, attempted just that by aiming antenna on top of a hospital at a U.S. crypto center, according to the article. And the Russians did the same — planting not just the famous 40 microphones in the U.S.’s Moscow embassy, but also seeding mesh antenna in the concrete ceiling, whose only purpose could have been stealing leaked energy pulses.
The principal of the TEMPEST attack is deceptively simple. Any machine that processes information — be it a photocopier, an electric typewriter or a laptop — have parts inside that emit electromagnetic and acoustic energy that radiates out, as if they were tiny radio stations. The waves can even be picked up and amplified by nearby power lines, telephone cables and even water pipes, carrying them even further. A sophisticated attacker can capture the right frequency, analyze the data for patterns and recover the raw information the devices were processing or even the private encryption keys inside the machine.
Decades ago the FCC has set standards prohibiting electrical devices from interfering with other ones, concerned merely about noise. These days we know that computer monitors, audio cables and other information machines like credit card machines in restaurants actually emit sensitive information.
Outside of the government, almost nothing was known about how such eavesdropping worked until 1985, when a computer researcher named Wim van Eck published a paper explaining how cheap equipment could be used to pick up and redisplay information from a computer monitor. The first mentions of TEMPEST began in the mid 60s, and Gene Hackman introduced the Faraday cage to the public in the 1970s in the classic eavesdropping movie The Conversation.*
In addition to explaining how the U.S. discovered compromising emanations, the declassified NSA document provides a surprising historical snapshot of Cold War espionage techniques, says McNamara.
“It is … interesting that CIA rediscovered the vulnerability in 1951 and work on countermeasures soon followed,” he says. “One can assume that the U.S. Intelligence Community also begin using the electronic surveillance technique against foreign powers during this same time frame. From the 1953 and 1954 dates mentioned in the document, it seems the Russians were aware of the vulnerability by then, and were taking measures to secure their communications equipment.
Pennsylvania University science professor Matt Blaze also expressed some amazement at the Bell researchers discovering as early as 1943 that digital equipment leaked information.
“The earliest reference to emissions attacks I’m aware of … is Peter Wright’s recollections, in his book Spycatcher, of following around spies in 1950’s London by tracking the local oscillators of their radio receivers,” says Blaze. “But that’s analog, not digital.”
The NSA did not declassify the entire paper however, leaving the description of two separate, but apparently related, types of attacks enticingly redacted.
One attack is called “Flooding” and the other “Seismic.”
The idea of being able to steal plain text of an encrypted message using earthquake sensors? Stinkin’ cool.
THREAT LEVEL anxiously awaits the back story on that attack to be told.
*Professor Matt Blaze questions whether Hackman was in a Faraday cage in The Conversation, since Hackman was able to transmit out. He was definitely in some sort of metal cage, but I may have jumped to conclusions about its Faraday-ness.