Cryptome Posts Just-Released Tempest Documents 83
HiyaPower writes: "After a lot of perserverence, John Young has finally gotten the NSA to release a pile of stuff under the Freedom of Information Act and has posted it on his Web site at cryptome. I guess that it's at least a relief to know that if you keep after these folks long enough, they will release material about 20-year-old projects. Having had a security clearance myself, I understand the need to know aspects of this sort of stuff, but still, when there is nothing that will compromise security, it's better to get it out than to have the paranoids running around feeling that you are hiding something."
Re:Whats missing? (Score:1)
Tempest, NSA, ... (Score:1)
Deny everything (Score:1)
It is just like everyone assumes you are guilty if you plead the fifth, because nobody pleads the fifth unless they are guilty.
So the NSA has to act spooky when there is nothing to hide so we wont really know when they are really acting spooky.
Re:What info should be kept secret? (Score:2)
I'd suggest the opposite ratio. For every ten positive uses of secrecy, there is probably one abuse. HOWEVER, this still begs the question of how much is too much?
Re:How about a spell-checker NSA? (Score:2)
These people are in charge of our National Security and they can't even spell "working"? Or maybe "warking" is a special code that you need the highest security clearance to know. Or maybe it's a special "spook" kind of wanking. (Insert your own link to goatse.cx here, I'm too lazy.)
Tempest and EMP (Score:2)
Anyone really know?
Re:Tempest and EMP (Score:2)
Re:Ahhh . . . FOIA (Score:2)
Concisely speaking; get over yourself. You ain't that special as a country, nor that vulnerable.
Re:Fill In The Blanks (Score:1)
sorry for the 8th-grade humor.
Re:Sneaky (Score:1)
No, I don't miss that job.
Re:It means.. (Score:1)
Fill In The Blanks (Score:2)
Aww, come on, what's it say? (This was supposed to *reduce* paranoia?)
Re:Fill In The Blanks (Score:1)
Hence all the terrible spellings which just dont fit given the highly technical nature, who misspells working?
Jeremy
Re:Finally... (Score:1)
Re:Ahhh . . . FOIA (Score:2)
Simply restrict discussion of the material
So you want to repeal the First Amendment then?
Re:Fill In The Blanks (Score:2)
The only things I can thing that they might have XXXX'ed out are:
Light - perhaps the "compromising signal" is just "reading the fscking monitor screen" with a concealed camera.
Smell - a sudden smell of urine indicates the user has received a frightening or very surprising communication.
Tachyon Flux - the NSA has alien technology that can detect emissions of elementary particles that nobody else knows about.
I wonder what else that xxxxxxxxx could be?
Torrey Hoffman (Azog)
Re:not really that amazing (Score:1)
BTW, I don't know if anyone caught this yet, but the document appears to have been scanned, and poorly at that.
I am surprised that the govt released this information. It's good news, IMO, a sign of the times, and a healthy trend if the information is clearly not vital to US security interests.
I like this line, from the ToC:
xxxxxxxxxxxxx (C)
where the "C" is lined out, as if it no longer confidential. Doesn't sound like it was successfully downgraded, does it?
Plus, Lots o' stuff has been redacted. I imagine (hope) John Young talks about all the redactions.
Re:What info should be kept secret? (Score:2)
OK, you caught me, fair and square. On the first day of the new millennium, with my wife nibbling on my ear, in a minor post on an informal discussion forum, I made a mistake in proper english usage. Guilty as charged!
However, please don't necessarily attribute accidents to ignorance; or assume that the
person involved is lazy. Sometimes in this life, we simply make mistakes!
Re:It means.. (Score:1)
-=-
Re:Finally... (Score:1)
How long can you keep a secret? (Score:2)
Just how long do you keep a secret on stuff like Tempest? You may think theses are 20yr old and no harm could come from them... I think it is reasonable to except that some, if not most, of the current technology are still based on these earlier works. And so is it no possible to "forward" engeering these earlier design decisions to provide a better guess on the latest security system?
On the other hand, the early design could be just that, design, and not actual implementations. Like we should have a system that do X, Y and Z back in the 80s. Doesn't mean X, Y and Z are now possible.
I have to admit that I don't know enough to comment on this... ;-) Anyone?
====
Re:Ahhh . . . FOIA (Score:2)
OK. Got it. (Score:1)
Re:Ahhh . . . FOIA (Score:2)
More Tempest Info... (Score:3)
http://cryptome.org/nacsim-5000.htm [cryptome.org]
also, here is a really neat site with an analysis on what this stuff really means:
http://eskimo.com/~joelm/tempest.html [eskimo.com]
and yet more great reading:
http://www.austinlinks.com/Crypto/tempest.html [austinlinks.com]
http://www.thecodex.com/c_tempest.html [thecodex.com]
http://www.spyking.com/datascan.html [spyking.com]
Re:Finally... (Score:1)
Perhaps you should focus on legal documents, i.e. the US Constitution, instead.
Re:Non-Linear Circuits (Score:2)
It's nice to be able to recover the sync pulses that go along with a video signal... if the lines are driven by an open collector output, with a pull-up resistor... it would be easy to ping the cable in question with a cheap gunplexer radar transciever to be able to lock into the sync much easier. (If not both, at least the horizontal). At 10 Ghz the driver might act as a diode... or just a variable capacitor... either way it's modulating the line. The antennas are small, and you can use a dish if you really want to get tricky.
Being able to lock onto the sync pulse would make it a lot easier for a software system to pick out the pixels, and compensate for clock jitter, delays, etc.
Of course... this is just off the top of my head, and I don't have any kind of security clearance (and never have)... just good old Ham radio experience.
Mike - ka9dgx
Re:Finally... (Score:1)
They Are Watching (Score:2)
Re:Sneaky (Score:2)
When I asked what it was, he said that it was the fourier transform of the power line into a facility that he believed was using centrifuges to separate U235 from U238. He showed me various peaks which corresponded to motor drives, showed how they were spread out due to the different concentrations of UF6 in the different centrifuges; and a bunch of other features which made it crystal clear to him, and somewhat clear to me, that he had a good grasp of almost everything that was going on inside the plant.
When I mentioned that I didn't think that the US used centrifuges; he allowed that "Yes, that's true". The point is that you can have leakage of information from completely unexpected portals in your facility.
In the next month, this guy was shipped out to Iraq to use the ground penetrating radar he developed to look for buried weapons and facilities.
AC
Re:classified innovations (Score:1)
N.'.S.'.A.'.
-=-
Re:Needs A Proofread... (Score:1)
Re:Sneaky (Score:2)
--Mike--
Just because you're paranoid... (Score:1)
Great philosophy. And then when you do have something that will compromise security, watch the paranoids running wacko... The first key to security is treat everything as confidential, so the really secret stuff doesn't stand out obivious.
Altough this is just a general comment; in many cases the governments do held up non-critical stuff that would have real scientific significance at the time, while othentimes what those not in the known call "not secret" is among the most secret issues out there.
Re: (Score:2)
Re:Finally... (Score:1)
So a full 10% of computers are intellectual equals to oss geeks ?
What good would the cell-phone do? (Score:1)
EMP knockout (Score:1)
While we're on the subject of electric wheelchairs, is it possible to connect up your laptop of the power of your electric wheelchair? Can I also interface with the speed controls to change the acceleration rates of the chair, tilt mechanism etc?
ukNutter
Re:What good would the cell-phone do? (Score:1)
Re:What info should be kept secret? (Score:1)
Hey, no problem. The whole "beg the question" thing has gotten to me for awhile, so I'm sorry if it seemed like I was "going off" on you. I wasn't. It's more like I was venting in general, since many people make that mistake, both in this forum and elsewhere. :-)
--Joe--
Tempest, a national conspiracy? (Score:1)
For example, check any electronic device such as your computer Monitor, and you will find a required FCC label which reads:
"This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation. "
Now why would anybody [myhometechie.com] care if your home computer monitor was able to accept Interference? And for that matter, what does it mean to be able to 'accept' interference. I don't believe it is illegal to Shield your monitor internally, or to place a Lead cover on all sides, or to Coat the entire thing in copper-sheets and ground them all...
So what does it mean to say, "It must accept interference" - as a whole, if the device itself must accept any radio signals which touch it, but not necessarily alter its operation as a result, well then in that sense - it is impossible to *not* accept interference. Radio waves interfere with all objects and people constantly.
I believe this is worded in such a way as to confuse and scare end-users of electronic equipment into not installing better shielding should they come up with a useful reason to. (ie: Their computer speakers 'pull' their screen to one side). After all, a device which easily accepts radio interference also emits radio interference through the same diminished resistance.
Why would the FCC care if our electronic equipment was all together "quieter"; if anything, it would leave more of the spectrum open for commercial use.
Re:What good would the cell-phone do? (Score:1)
Re:Tempest, a national conspiracy? (Score:1)
And what is a reasonable reaction to EMF, and why should a devices reaction to EMF be governed by law in such a vague way?
It doesn't state that, "The device must operate properly under the influence of EMF"; and if it did, I suspect the law would be much more eleborate in terms of the EMF Signal Strength a device is expected to operate normally under the influence of.
It only states the device must "accept" EMF. It doesn't say that, "EMF" should or should not effect the operation of the device in a desirable way, only that the device [myhometechie.com] must be able to accept it.
Finally... (Score:1)
You make a good point about how there is a strong case for secrecy in government. Far too often there's a clarion call for the government to tell all.
Government is FOR the people, not BY the people. We invite leaders to take office, and they govern for us.
Ben^3Additional Tempest info avaiable on the web. (Score:1)
http://www.eskimo.com/~joelm/tempest.html
Tempest info is really outdated... (Score:3)
--
Re:More Tempest Info... (Score:2)
One thing I didn't quite understand (Score:1)
Re:Tempest, a national conspiracy? (Score:1)
Geez man, all that it means is that you can't complain when your TV doesn't work due to living next to a radio tower. Part 15:1 says that your neighbor can report you to the FCC if you use your FCC-regulated device improperly and ruin his TV reception, part 15:2 says that you can't get in trouble for ruining his reception if you aren't modifying the operation of your FCC-compliant devices
That's nice but.. (Score:1)
Sweet (Score:1)
SourceForge spoof [antioffline.com]
Whats missing? (Score:2)
Cover Up (Score:1)
Paranoid (Score:1)
--
What info should be kept secret? (Score:1)
For every positive use of secrecy is there not ten abuses. What benefits does the country gain by secrecy? Defence, should that be attack, is not a good enough reason. There can be a good argument made that secrecy has been a contributing factor to many wars.
Medical records, criminal records etc etc What truly do we want kept secret?
Is a more thoughtful way to admit that people in power will always abuse that power and one of the abuses is the hoarding of information. One way to lessen the abuse of power is to make all information open, I mean everything.
I mean, if Timmy can get a security clearance what reason is there for the rest of us not to have one
I'm wondering if Jon Katz is as I type readying his next multi part article on this very matter. I could not care less as the only time I see his articles is when they are part of the quickies
Re:Ahhh . . . FOIA (Score:1)
who exactly would that be? Zimbabwe is hostile to the U.S.?
Isn't it amazing how the american public tends to believe in it's non-existent superiority. This same believe is what let's the NSA and others like it get away with claiming that keeping ALL 'sensitive' technologies from prying eyes.
The clear disadvantage of this paranoia is obviously that it never pays to be an US ally.
Quite contrary, whenever an ally comes up with a new technology or surveillance technique the NSA, CIA, IRS [yep, them too] immediately gathers to pick their ally's best brains.
So, in the spirit of mutual distrust everybody is afraid of everyone, and even slashdotters with above-average intellligence fall for the oldest ploy in the book.
By scaring people, you easily get away with murder and ultimately by scaring the living daylights out of the masses they are easily controlled...
Most of the technologies described in the papers are common knowledge among tv repair staff the world over...
news flash (Score:1)
You cry "We have a right to know everything!" and "They redacted lines!"
A government without secrets cannot function
-sean
Re:Ahhh . . . FOIA (Score:1)
Without getting into a flame war, I disagree. Many things that are secret are just mundane, and of no real value to anyone at all. We have seen classified stamped all over crimes. Iran-Contra, Groom lake pollution, LSD experiements on the public without permission or warning, and others are all examples of bad security policy and butt covering. We do need to rework how security works in this country. It is possible for a citizen to be held for a crime where he doesn't know what crime he committed, can't see the evidence against him, isn't allowed to talk to the press, public or family, and can be convicted and sentenced to life in jail all without confronting his accusors or seeing the evidence. Sometimes even the judge can't see the evidence, other than to have it described to him.
No, I'm not making this up.
Re:Sneaky (Score:3)
I was at work one Sunday morning a few years ago when the husband of the receptionist was there too; looking at a long strip chart; it must have been twenty feet long. When I asked what it was, he said that it was the fourier transform of the power line into a facility that he believed was using centrifuges to separate U235 from U238.
Power analysis is one of a whole class of interesting attacks on secure facilities and devices. These side channel attacks are really powerful because they sidestep a whole host of common security assumptions. TEMPEST, of course, is another side-channel attack (radiation analysis).
To see how power analysis and a refined version called differential power analysis have been used to break smart cards, check out this paper [cryptography.com].
--
Re:What info should be kept secret? (Score:1)
This may raise the question, but it certainly does not beg the question. Go look up what "begging the question" means. Or, if you're too lazy to look it up, here's a serviceable, short definition: To beg the question is to provide an answer to a question which merely rephrases the content of the question without providing any new information.
For example, if I ask you "Why don't you drink cold coffee?" and you answer "I never drink coffee when it's cold," that would be begging the question. The answer doesn't say why you don't drink cold coffee, just that you don't.
--Joe--
Re:Ahhh . . . FOIA (Score:1)
There should be a small clause in it preventing people from taking about the specifics of what they got using it outside of special forums, or some such meetingplace.
I don't think this works well. First, it would limit the ability of the public to use information which has been released, even when that information is truly innocuous -- or, even more important, when it's damning to some politicians or officials but not injurious to national security. There's some information that is released via FOIA that needs to be shouted from the rooftops so citizens can keep tabs on their government.
So, at the least, I think you'd have to distinguish between what data can be released openly and what is constrained. This means you have to evaluate material that is being evaluated for release and decide if it is too-dangerous-to-release, somewhat-safe-to-release-but-only-if-it's-sorta-ki nda-controlled and safe. I think it would be really hard to decide what goes in that middle category. From a security point of view (my professional opinion), you're better off only releasing the truly safe stuff and keeping everything else under wraps.
--
Secrets? Bah! I Poo on your secrets. Tesla me! (Score:1)
But none that I can turn into a weekend hobby project.
Anybody want to build a backyard Tesla Coil with me? Or a garden shed ZPE amplifier? -You know. To run the coffee machine after the fall of civilization?
Shit. I sure do!
So anybody with plans and schematics, please post them here, or meet me out behind the Slashdot cafeteria dumpster. I'll trade you a chocolate pudding, a Jamaican Elbow and a stack of CCR 8-tracks I got from some Dude's car I jacked. And don't worry about the NSA. Nobody believes in ZPE and most people think Tesla Coils walk downstairs and make a slinkety sound, (or appear solely in dumb-ass Westwood video crack), so we can deal with some vague certainty that you will go unnoticed by the evil powers that be. -That is, before you get, 'disappeared' by the magic Echelon Web Watchers Consortium for buying dope. Jamaican Elbows, indeed. . !
-Fantastic Lad -Fast & Confused Culture Jamming Deluxe!
Re:How long can you keep a secret? (Score:1)
Just how long do you keep a secret on stuff like Tempest?
Well, since TEMPEST falls into the category of signals intelligence, which is the bailiwick of the NSA, and since such data requires a review before declassification and release, and since the NSA is reputed to be damned good at what they do (and since they're information tightwads of the coal-to-diamond variety)...
I suspect the answer is 20 years. :-)
Seriously, the process of declassification takes into account not only the value of the data itself but also what could likely be deduced from it. Also, the bias is towards not releasing anything until it's completely clear that it's not harmful, so while I'm sure that there are warehouses full of documents that could be released and aren't, it's unlikely that much stuff gets out that shouldn't.
--
Re:It means.. (Score:1)
Re:Whats missing? Modulation (Score:2)
Oxford explains it (Score:1)
own using a recent PGP version with "tempest-safe"
fonts. Why? Your monitor emits radiation at a
range of frequencies and those most easily visible
are the higher ones because they carry a higher
energy (E=freq*h_const, physicist Max Planck
figured that one out around 1900).
So a font that is low-pass filtered eliminates
the high-frequency components in your monitor's
emissions and all the cheap guys see is a window
with nothing in it (your eyes are good enough of
course to still see the letters in light gray
over not-so-light gray).
Mind you this is not limited to CRTs because the
LCDs also use CRT controllers with high-MHz pixel
frequencies and are therefore also "visible".
Another source, should you be concerned, is your
keyboard, which most likely transmits AM signals
at a couple 100 kHz over not 100% shielded copper.
Today the FBI may bug your keyboard with a little
microcontroller, tomorrow they may make the tree
next to your room listen for long-wave AM radio.
Or if they really are after you they will listen
for data transmissions from your brand-new
Serial-ATA drive, using multi-million dollar
wireless equipment, while you save unencrypted
documents to your disk.
Did I scare you? No reason to be, because the
first countermeasure is always acknowledging
that there is a problem. One way surely is to
read John's excellent articles on cryptome.org
(do follow the links if you are curious).
Happy New Millenium
From Germany.
20 years old? Bah. (Score:1)
(end comment) */ }
Re:classified innovations (Score:1)
You see, we ****** off the ******* of the ******, I call it *** *****!
Sneaky (Score:3)
For instance, suppose you are operating a high powered radar from inside your bunker (whoever the hell you are). While you type at your keyboard, the unshielded keyboard cable broadcasts weak RF signals. In theory, these weak RF signals could get inside the radar's systems, and possibly be modulated and amplified. So your keystokes are broadcast by the radar antenna.
It would be one hell of a job to detect that remotely, but it looks like they are concerned about that kind of stuff. The guys that do that kind of detection work are true hardware hackers.
Re:Whats missing? (Score:1)
Ahhh . . . FOIA (Score:2)
It's like the way we have been using our military. The press wants details for everything we do, as we do it. Oops, the foreign government we're fighting got a copy of today's paper? Now they know exactly what we're doing, and a list of probable reasons why. How'd they know how to retaliate?
We should be able to requisition documents from the government, but they shouldn't be public domain. Simply restrict discussion of the material.
Re:Finally... (Score:1)
There is a similar quote by Daniel Webster: The people's government, made for the people, made by the people, and answerable to the people. This predates Lincoln's speech by 33 years, and is being made in reference to the opening of the constitution which states "We, the people, do ordain and establish,".
So how is our government not BY the people?
Needs A Proofread... (Score:3)
I guess an OCR was used on the original document. Here's a funny one.
...compromising emanations are delectable as both electromagnetic and acoustic signals...
Re:Whats missing? (Score:1)
OF/BY/FOR is spelled out quite clearly (Score:1)
By = designed/chosen by
For = instead of/in the wishes of
I fail to see where you're confused.
20 years old info is important! (Score:1)
Re:news flash (Score:1)
Re:EMP knockout (Score:1)
Perhaps you should read his message again... (Score:1)
Re:Ahhh . . . FOIA (Score:1)
Re:Ahhh . . . FOIA (Score:2)
Seriously, basically what you're saying is we should trust the government is always acting in our best interests. Which is clearly not true given the historical record.
What's to stop them from classifying anything that constitutes evidence of actions which may not necessarily be in our best interests (despite the best intentions of those involved; I do believe most elected officials believe they are doing what's right)? Then, when someone gets FOIA access to the documents, which demonstrate clearly that this course of action was sanctioned and was not in our best interests, they can't talk about it to anyone else? That's useless!
The whole point was to provide a means to prevent coverups from succeeding.
Re:Whats missing? (Score:2)
Re:Ahhh . . . FOIA (Score:2)