Is it time to reinstitute the TEMPEST Program??
Published on 11/06/2007
For you folks who work for for a company or who act as security
consultants for private, commercial or government entities, this is
something you should be aware of.
The following was received from Keith, a member of the A List, and
addresses something I have been preaching for years..... wireless
keyboards DO emit a signal capable of being intercepted at distances
of up to 200 meters (I believed in the beginning and I believe now
that they are a threat).
Personally, I believe that if you build a high gain system devoted to
just that frequency range (as the soviets did with typewriters and
CRT tubes, etc.) you can pick up the signals at much greater
distances. But that is just one persons thoughts.
Now, before anyone jumps me ....YES....this is a commercial posting
by a company looking for business. But, it does tell a tale.
Time to Re-Institute the Tempest Program?
During the Cold War, the United States was very concerned about the
ability of its adversaries to gather intelligence by reading what was
being typed on computers. It was determined that computers emitted a
signal that could be captured and used to reconstruct key strokes.
There were other emanations as well.
The counter this technical interception, the United States and its
allies adopted a Tempest program to shield and otherwise protect
computer systems that were processing the most sensitive classified
information. Business and industry also had to consider how to
protect themselves. But, in the wake of the Cold War, interest in
protecting computer systems from reading key strokes has diminished.
In the 21st Century, Industrial Espionage is a major threat to
businesses. Estimates are that Industrial Espionage costs businesses
between US$150-300 billion as companies and nations spy on businesses
and steal their trade secrets to gain competitive advantages.
Today's computer systems are very different from those used during
the Cold War but old spies never die, they just change their game.
Industrial Espionage practitioners in Israel and Germany are now
offering a relatively low-cost device that can once again capture the
key strokes by reading the emanations. The difference is that now
the emanations come from wireless keyboards and from the cable
between a computer and a flat screen monitor. Sitting a hundred or
two hundred meters away, business spies can read everything being
typed on a company's computers.
It may be time for a new Tempest program for business.
This latest development is just one more indication that Industrial
Espionage continues to pose a major threat to businesses and it is
important for businesses to have a comprehensive Counter Industrial
Espionage program that matches their risks. For large or small
businesses, domestic or foreign locations, BSSG has experience in
helping you develop an appropriate Counter Industrial Espionage
program. If you have questions about your industry and want to know
how Industrial Espionage can affect you, get in touch with us.
Industrial Espionage Follow-Up
Last month, the Analysis Brief featured an article about the
considerable Industrial Espionage threat coming from the People's
Republic of China (PRC). At the time we noted that the Industrial
Espionage threat involves a number of countries and businesses. The
U.S. government says Industrial Espionage against the U.S. involves
at least 104 countries. This month we have yet another example
involving the PRC.
The U.S. Attorney's Office in San Francisco filed a 36-count
indictment in the U.S. District Court for Northern California several
months ago. The indictment accused MENG Xiaodong Sheldon of stealing
military related trade secrets from Quantum3D, in Silicon Valley, San
Jose, California. According to investigators, the defendant tried to
sell sophisticated high-end visual simulation training software for
flight simulators to the Air Force of People's Republic of China, as
well as the Malaysian Air Force, and the Royal Thai Air Force.
MENG, at one time, was an employee of Quantum3D. Allegedly, he
subsequently stole the trade secrets from Quantum3D and tried to sell
them. Potential customers were in China, Malaysia and Thailand.
That technology is covered by the U.S. Economic Espionage Act (EEA)
of 1996, which prohibits its sale abroad without an export license
and there were undoubtedly other aspects of the EEA that are being
MENG was released on a $500,000 bond and was the target of a two-year
investigation involving the U.S. Attorney's Office, the Federal
Bureau of Investigation (FBI) and the Department of Homeland Security.
This is just one more example of the substantial threat companies
face from individuals who may have legitimate access to trade secrets
but are willing to conduct espionage for or on behalf of others.
BSSG has considerable expertise in developing a comprehensive Counter
Industrial Espionage program that includes a risk assessment,
policies and procedures, education and awareness, a reporting and
analysis approach, enhanced physical security measures and special
technologies, including IT security measures.