NSA spills its guts on TEMPEST attacks

Posted by Humphrey Cheung

Washington DC – Secret agents have apparently been remotely scanning and decrypting electrical signals since World War II, according to a newly declassified NSA document.  Titled “TEMPEST: A Signal Problem”, the document describes leaky signals broadcasting from teletype machines would cause nearby sensors to spike – those signals could then be translated into keystrokes.  Known as TEMPEST, this phenomenon was mostly ignored by the United States in the following years, but it appears the Soviet Union, Japan and other countries developed TEMPEST scanning into an art form and used it against the USA.

The document sits right on the NSA website and can be viewed here(link to a PDF).  Leaky electrical signals were first documented in 1943 by a Bell Telephone engineer who was operating an old teletype machine typically used for encrypted communications between the military and government.  He discovered that an oscilloscope in a far away part of the lab would spike with each character typed and upon further examination found that he could calculate the plaintext of the encrypted documents sent over the wire.  In effect, the engineer was looking at every keystroke typed.

Bell Telephone told the US Signal Corps of its findings and the company was challenged to prove that signals could be intercept.  Over the course of one hour in a secret location in New York, the Bell engineers were able to decrypt a stunning 75% of secret transmissions from 80 feet away.

The demonstration caused the US intelligence community to mandate a 100-foot diameter of control around crypto centers, but that apparently wasn't enough.  In 1951, the CIA demonstrated that it could decrypt signals from a quarter of a mile away and in 1962 an intelligence agent stationed in Japan noticed a dipole antenna was pointed straight at their crypto center.  The antenna, which was mounted on top of a hospital approximately 100-feet away, mysteriously disappeared after the officer informed his superiors – presumably the Japanese decrypted the agent’s message and removed the evidence.

These findings combined with the discovery of microphones and fine metal mesh at several US embassies in Moscow, Prague, Budapest and Warsaw forced the United States to discover new ways of protecting its equipment from TEMPEST sniffing.  But apparently this is incredibly hard.  One countermeasure was to run ten machines at a time to flood out any sniffer and another was to design machines that would fire off multiple keys at a time.  Despite this work, agents were still able to sift through the signals to find the original text.  The government finally adopted mandating a 200-foot radius control zone around cypto centers.

The declassified paper also discussed audio surveillance with miniature microphones, something which is actually fairly easy to defeat.  The NSA discovered that microphones usually need to be placed inside buildings to be effective and that something as simple as a sheet of paper was enough to muffle the sound.  Surprisingly though, the agency also discovered that soundproofing a building actually made it easier to record sounds from the inside because it reduced echoes.

I encourage you to read the declassified NSA paper, not only for its geek value, but for its historical information.  It really shows that other countries were on par or drastically ahead of the USA in some signal intelligence areas.  Of course, the entire document hasn't been declassified and there are several missing sections and blank pictures.  Only those with proper clearance know the entire story.