[iwar] [fc:A.TEMPEST.Timeline]

From: Fred Cohen (fc@all.net)
Date: 2002-01-23 07:02:28
Next message: Fred Cohen: "[iwar] [fc:Internet.Less.Secure.-.Despite.More.Spending,.Web.Is.A.More.Dangerous.Place]"
Previous message: Fred Cohen: "[iwar] [fc:The.Saudi.Crisis]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200201231502.g0NF2Sh30259@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Wed, 23 Jan 2002 07:02:28 -0800 (PST)
Subject: [iwar] [fc:A.TEMPEST.Timeline]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

A TEMPEST Timeline

By Anonymous

This timeline was developed over a period of years, with the hope that it
will be used to further the understanding of the subject. The data was
gathered from unclassified sources, mostly web sites and books. Hopefully it
tells an interesting story, even though it's far from complete. And, yes I
realize, it has a rumor or two thrown in as well. A lot of information I
have gathered just couldn't be dated. I hope people will use the timeline to
direct FOIA requests and other information gathering exercises on the topic.
Acoustic TEMPEST information is mostly absent, as are military directives.
This is obviously a work in progress.
TEMPEST Timeline

Mid-1700s Ben Franklin conducts electricity.

1873 James Maxwell theorizes electromagnetic waves.

Late-1800s Crosstalk is frequent problem in infantile telephone system.

1914-1915 Field telephone crosstalk in World War I exploited and jamming
attempted, leading to lower signal British Fuller phone.

1918 Herbert Yardley and the Black Chamber discover radio transmitter
emanations.

1919 Edward Hebern invents rotor cipher machine.

1925 Charles Francis Jenkins achieves first synchronized transmission of
pictures/sound using 48 lines and mechanical scanning.

1927 Philo Farnsworth demonstrates electronic scanning.

1930s Allen Dumont develops cathode ray tube (CRT), eventually accepted as
standard for electronic scanning.

1934 Communications Act gives equal opportunity to all to lawfully use
electromagnetic spectrum. It establishes Federal Communications Commission
(FCC); International Special Committee on Radio Interference(CISPR) formed
to determine measurements and limits of radiation frequency (RF) emissions.

1935 IBM markets electronic typewriter.

1940s Receivers shielded for local oscillator radiation to prevent becoming
beacons for enemy submarines in World War II.

1941 FCC authorizes black and white 525-line TV recommended by
FCC-established National Television System Committee (NTSC).

1943 First working programmable electronic computer (Colossus) is built by
British for breaking German High Command coding system.

1946 Canadian Communications Security Establishment (CSE) created, with
communication security(COMSEC) its primary mission; British General
Communications Headquarters(GCHQ) created.

1950s Berlin tunnel wiretaps by NATO discovered to contain plaintext signal
on Communist teletype encrypted communications, first known example of
HIJACK attack; Rand Corporation intensely studies shielding to prevent
emanations.

1950 Chinese intelligence uses advanced acoustic techniques and materials
against foreign embassies in Beijing.

1952 In a method similar to laser eavesdropping, KGB gets caught using great
seal in American embassy as bug, a technique further researched by the KGB
known as electromagnetic flooding method of interception. Technique also
included using such unintentional emanators like ordinary light bulbs and
electric circuits.

1953 FCC adopts RCA's color TV system; National Security Agency (NSA)
formed, with signal intelligence (SIGINT) its primary mission; COMSEC
declared national responsibility and COMSEC board is formed; intentional
acoustic TEMPEST performed on Whirlwind I computer at MIT over phone line.
It is used to determine program execution status.

1954 MIL-STD-285 standard set for attenuation measurements for enclosures,
electromagnetic shielding.

Mid-1950s U.S. Government becomes concerned about TEMPEST and establishes
TEMPEST Program; Development of first TEMPEST standard - NAG-1A (General
Non-COMSEC Publication); Television manufacturers work on EMF problems in
set designs, especially in local oscillators. These problems are later
exploited by British to enforce TV licenses.

1956 British intelligence breaks ciphers of Egyptian Hagelin machine
(London) by detecting clatters through phone bug in Operation Engulf.

1958 U.S. Air Force begins Simulation for Air and Group Engagements (SAGE)
air defense system, using graphical terminals; British intelligence picks up
Russian London embassy radio's local oscillator's emanations up to 200 ft
away to figure out tuned spy frequencies in Operation Rafter.

1959 MIL-STD-220A (Method of insertion-loss measurement) implemented; CSE
mission expanded to give advice and support on emission security.

1960s Federal standards FS222/FS222A replace NAG-1A.

1960 Canadian Communications Security Board policy paper expands COMSEC
mission to include TEMPEST; British intelligence conducts HIJACK attack on
conducted signals generated by French diplomatic cipher machine(London) in
Operation Stockade, showing importance of red/black separation; FBI conducts
operation similar to Stockade against French embassy in Washington.

1961 Julius Silverman et al. v. US(365 US 505) U.S. Supreme Court case
concerns heating duct acoustic TEMPEST; British intelligence informs the CIA
and NSA of Engulf and Stockade operations in conference. Presentation of
Rafter to the CIA causes uproar.

1962 NSA's Project Tempest(defensive methods) begins; During Cuban missile
crisis, NSA(aboard Oxford spy ship) attempts to circumvent unbroken Soviet
cipher system by capturing radiation emitted from Soviet cipher machines
located at Russian communications station in Cuba. Noise spikes are also
attempted to be captured, revealing rotor settings on older cipher machines.

1964 Operation Stockade against French embassies in London and Washington
ends when French technicians install metal sheets and copper tubes in cipher
rooms; NSA 65-6 specification set for RF shielded enclosures for
communication equipment; NSA considers HIJACK when improving U.S. State
Department COMSEC; Teletype comes into widespread use.

1965 At a System Development Corporation conference of research security
administrators for classified systems, Jerome Russell of Lawrence Radiation
Lab discusses TEMPEST.

Mid/Late-1960s Military/intelligence standards established for effectiveness
of electromagnetic shielding enclosures; Naval Research Laboratory works on
TEMPEST, leading to national standards specifications.

1966 White Electromagnetics publishes RFI/EMI Handbook on Measurements;
Robert L. Dennis' unclassified paper "Security in the Computer Environment"
mentions the 1965 System Development Corporation conference.

1967 TEMPEST first publicly discussed at Spring joint computer conference.
Willis Ware of Rand addresses TEMPEST threat; NAG-8/TSEC (TEMPEST
Information Memoranda) published. It is replaced by NACSIM 5000.

1968 Arms Control Export Act passes. It requires licenses to export TEMPEST
information(products); Omnibus Streets and Crimes Act criminalizes
trespassatory Electronic Intelligence (ELINT) as interception of aural,
wired communications; Department of Defense (DOD) Directive S-5200.19
"Control of Compromising Emanations" published.

Late-1960s TEMPEST Project established between NSA and DOD.

1970s FCC receives increasing number of complaints of interference to radio
and TV reception where digital equipment is identified as source.

1970 National Communications Security Information Memorandum (NACSIM) 5100
(Directive of TEMPEST Security) published; National Communications Security
Emanations Memoranda (NACSEM) 5101 published. It is replaced by
NSTISSAM/2-93.

1971 IBM begins measuring emanations of all its devices for
information-bearing radiation, a project that included Walter Tuchman of
Data Encryption Standard (DES) development; National Communications Security
Committee (NCSC) 4 (National Policy on the Control of Compromising
Emanations) published. It is replaced by NTISSP 300; NACSEM 5106
(Compromising Emanations Analysis Handbook) published. It is replaced by
NSTISSAM/2-91; KAG-30A/TSEC (Compromising Emanations Standard for
Cryptographic Equipment) published.

1972 Canada's first embassy collection operation (Stephanie) in Russia uses
TEMPEST proof safe to hold intercept equipment.

1973 Lance J. Hoffman book "Security and Privacy in Computer Systems"
addresses problem of terminal (CRT) TEMPEST; NACSEM 5109 (TEMPEST Testing
Fundamentals) published. It is cancelled by NSTISSC-049-94; NACSEM 5110
(Facility Evaluation Criteria - TEMPEST) published. It is replaced by
NSTISSAM/1-93; NACSEM 5200 published. It is replaced by NACSEM 5201.

1974 Industrial TEMPEST Program started; NACSEM 5100 (Compromising
Emanations Laboratory Test Standard, Electromagnetic) published. It is
replaced by NACSIM 5100A; Privacy Act doesn't include TEMPEST as a required
security protective measure.

1975 NACSEM 5112(NONSTOP Evaluation Techniques) published; NACSEM
7002(COMSEC Guidance for ADP Systems) published; S2-TR-75-1 (Technical
Rationale for Angle Modulated TEMPEST Signal Limits) published; CSE's
Operation Kilderkin targets Soviet embassy in Canada for TEMPEST emanations.

Mid-1970s Polish intelligence is caught by KGB intercepting power line
emanations from military building in Moscow; Soviet cipher machines
determined by KGB to be vulnerable to HIJACK attacks until replaced with
steel enclosures with noise generators(causing interference to televisions
as far as 1 mile away) and clean motor generators. Machines also determined
to be vulnerable because of recent KGB breakthroughs in flooding intercept
technology methods that included use of X-rays and radioactive isotopes.

1976 NACSEM 5202 published. It is replaced by NACSEM 5201.

1977 Germany discovers TEMPEST during exercise with NATO; Proposed Federal
Computer Systems Protection Act, as introduced in U.S. Senate, defines
TEMPEST as one form of computer access/penetration that should be unlawful.
It is never passed with this language.

1978 NACSEM 5201 (TEMPEST Guidelines for Equipment/System Design) published.
It is cancelled by NSTISSC-041-93; NACSEM 5204 (Shielded Enclosures)
published. It is replaced by NSTISSAM/1-95; Iranian students "execute" a
Prime T3300 TEMPEST computer in U.S. embassy courtyard.

1979 Don Britton Enterprises sells devices to reconstruct signals from
"leaking" cable systems; Canada's CSE borrows RFI tent from NSA for
Operation Pilgrim test, testing for emanations at 150 ft; FCC adopts minimum
technical and administrative requirements to limit interference potential of
computers and other digital electronic equipment.

1980s TEMPEST bugging devices built in UK go to places like Hong Kong golf
club and Cambridge University; FBI shows example of TEMPEST information
gathering to TRW because of PC radiation.

1980 NSA establishes its own internal TEMPEST security program; NACSIM 5002
(Technical Rationale:Basis for Electromagnetic Compromising Emanations
Limits) published. It is replaced by NSTISSAM/2-93.

1981 NACSIM 5100A (Compromising Emanations Laboratory Test Requirements,
Electromagnetic) published. It is replaced by NSTISSAM/1-91; NCSC 3 (TEMPEST
Glossary) published. It is replaced by NSTISSI 7002; U.S. Congressional
report says TEMPEST spying possible only for those with limitless resources,
such as foreign governments.

1982 NACSIM 5000 (TEMPEST Fundamentals) published; NACSIM 5203 (Guidelines
for Facility Design and Red/Black Installation) published. It is replaced by
NSTISSAM/2-95; Executive Order 12356 (National Security Information)
classifies compromising emanations information; NATO Air Mobility Support
Group (AMSG) 720B (Compromising Emanations Laboratory Test Standard)
published.

1983 Swedish National Police Board informs Swedish business community about
TEMPEST; House Democrat Al Gore talks TEMPEST with Los Alamos National
Laboratory representative in Congressional hearing; Wim Van Eck begins
TEMPEST research project in Netherlands; CSE publishes COMSEC installation
planning (TEMPEST guidance and criteria).

1984 National Communications Security Instruction (NACSI) 5004 (TEMPEST
Countermeasures for Facilities within U.S.) published. It is replaced by
NTISSI 7000; NACSI 5005 (TEMPEST Countermeasures for Facilities Outside
U.S.) published. It is replaced by NTISSI 7000; NSA publishes TEMPEST
security requirements for NSA contractors processing SCIF information; FCC
requires non-interference certification for microcomputers; Israeli
government provides shielded photocopy machines to spy Jonathan Pollard
through Washington embassy for reproduction of top-secret documents; Swedish
government commission publishes "Leaking Computers" booklet, a best-seller
in the Swedish business community; West German police apprehend Polish spy
holding evidence of TEMPEST eavesdropping; Wang Corporation sells an
estimated $75 million in TEMPEST products to U.S. military/military
contractors; NSA becomes focal point and manager of U.S. TEMPEST security
and makes recommendations to NTSSC; U.S. government/military agencies,
including the Air Force and NSA, identify concept of zoning.

1985 Iverson builds TEMPEST version of IBM PC for Operation TEMPEST; Grid
Federal Systems makes only NSA-approved portable TEMPEST computer using a
plasma display; Dutch scientist Wim Van Eck publishes an unclassified paper
on TEMPEST eavesdropping of up to 1 km after demonstrating it at Securicom
'85 in France, raising both awareness and furor in open security community
because of its ease and affordability by individuals. Others duplicate his
device; BBC's "Tomorrow's World" runs 5-minute TEMPEST demonstration (with
Wim Van Eck's help) on TV, introducing it to British public. Targets are New
Scotland Yard and an office in London; Prestigious and scholarly journal
"Computers and Security" discusses Van Eck radiation paper; Canadian
Criminal Amendment Act criminalizes TEMPEST reception; DOD "Yellow Book"
(Secure System Development Environments) deems TEMPEST outside its scope;
NSA COMSEC publishes "Procedures for TEMPEST Zoning Information - Processing
Equipment, Systems, and Facilities"; NSA public affairs director says they
have been open and have been charged with being open in assisting public
sector with TEMPEST protection standards.

1986 Electronic Communications and Privacy Act considers unwired
communications but unclear on TEMPEST; Sales of TEMPEST security systems and
services reach $874 million with over 50 manufacturers; Exhibitor at
Computer Security Institute (CSI) conference stopped by U.S. Government from
demonstrating product protecting against TEMPEST. Wang Corporation stopped
by NSA from giving TEMPEST demonstration; Government report says better
evaluations needed to determine required TEMPEST countermeasures for DOD;
National Telecommunications And Information Systems Security Instruction
(NTISSI) 4002(Classification Guide for COMSEC Information,Control of
Compromising Emanations) published; Polish Secret Service TEMPEST target
list (~180) surfaces in Germany; East German Foreign Office concerned with
extreme Robotron PC radiation at East German embassies.

1987 Zenith provides Pentagon with 12,000 TEMPEST PCs; NSA requests company
to cancel TEMPEST demonstration at Interface '87 conference;
Czechoslovakians supposedly perform TEMPEST eavesdropping on U.S. military
installations while posing as tourists in U.S.; Sean Walker, a BBC reporter,
demonstrates TEMPEST at trade show by pushing Van Eck cart around and tuning
into exhibitors' computers; NTISSAM COMPUSEC/1-87 (Advisory Memo on Office
Automation Security Guidelines) addresses TEMPEST as potential threat;
Computer Security Act (successor of numerous Federal Computer Systems
Protection Act bills) fails to address TEMPEST; Van Eck receives patent for
TEMPEST video terminal, using scrambled raster patterns

1988 Sales of TEMPEST security systems and services estimated to reach $2.9
billion by 1992; Endorsed TEMPEST Product List (ETPL) begins after
Industrial TEMPEST Program is restructured; NTISSP 300(National Policy on
Control of Compromising Emanations) is published. It is replaced by NSTISSP
300; NTISSI 7000 (TEMPEST Countermeasures and Facilities) is published. It
is replaced by NSTISSI 7000; NSA infosec booklet "TEMPEST Alternatives Data
Book (including maps of zoned facilities)" published; BBC's second TEMPEST
demonstration on TV show "High Tech Spies" takes place. Targets are London
law offices and brokerage firms; Editor of "Computers and Security" journal
updates Van Eck information in "Abacus" journal and later in "Computers and
Security" journal; Consumertronics of New Mexico publishes plans for Van Eck
unit to general public, along with other information in booklet "Beyond Van
Eck Phreaking". Future revisions include Van Eck's actual plans; Ian Murphy
(Captain Zap) presents TEMPEST receiver plans; First International Symposium
on Electromagnetic Security for Information Protection (SEPI) takes place in
Italy; 1989 British central computer and telecommunications agency publishes
"TEMPEST:The Risk"; NSA drafts specification for high performance shielded
enclosures.

Late-1980s French army demonstrates TEMPEST to French government.

1990s After German reunification, removed French army sells 50 TEMPEST
receivers at scrap value to unknown parties.

1990 British Computer Misuse Act explicitly excludes TEMPEST eavesdropping
as threat and states that it is legal; Professor Erhard Moller of Acchen
University in Germany publishes detailed update of Van Eck's work, with
addition of helpful protective measures; "Computers and Security" journal
publishes article by Peter Smulders of Eindhoven University of Technology on
TEMPEST eavesdropping of RS-232 cable; Christopher Seline publishes
evaluation of American laws, pertaining to TEMPEST, on Internet; National
Security Telecommunications and Information Systems Security Committee
(NSTISSC) TEMPEST Advisory Group (TAG) group formed to streamline
national-level TEMPEST activities, which leads to updated standards; "EMP
and TEMPEST Protection for Facilities" published by U.S. Army Corp of
Engineers.

1991 First American broadcast of electromagnetic eavesdropping is shown on
Geraldo Rivera's "Now! It can be told" show, performed by Winn Schwartau;
Jim Carter, in coordination with Benjamin Franklin Savings and Loan,
demonstrates successful attack on Diebold ATM machine using TEMPEST; CIA
Inspector General report galvanizes intelligence community to review and
reduce domestic TEMPEST requirements. This leads to "smart" TEMPEST policy;
National Security Telecommunications and Information Systems Security
Advisory Memorandum (NSTISSAM)/1-91 (Compromising Emanations Laboratory Test
Requirements, Electromagnetic) published. It is superseded by NSTISSAM/1-92;
NSTISSAM/2-91 (Compromising Emanations Analysis Handbook) published;
NSTISSAM/3-91 (Maintenance and Disposition of TEMPEST Equipment) published.
Before this directive, the NSA destroyed everything; NACSEM 5009 (Technical
Rationale:Basis for Electromagnetic Compromising Emanations Limits)
published; Another International Symposium on Electromagnetic Security for
Information Protection (SEPI) takes place in Italy; TEMPEST industry becomes
1.5 billion dollar business.

1992 Spy Supply of New Hampshire is harassed by the NSA to stop sales of its
Van Eck eavesdropping unit; Chemical Bank is apparent target of TEMPEST
attack against its credit-card processing facility; NSTISSAM/1-92
(Compromising Emanations Laboratory Test Requirements, Electromagnetics)
published; NSTISSAM/2-92 (Procedures for TEMPEST Zoning) published.

1993 TEMPEST included as insidious tool of information warrior in book
"Information Warfare" by Winn Schwartau; FBI tries TEMPEST techniques to
help investigate CIA spy Aldrich Ames; Grady Ward publishes PC TEMPEST
countermeasures, using easily-installed, widely-available components, on
Internet; NSA introduces formal ZONE program through Government Industry
TEMPEST Advisory Panel (GITAP); Worldwide market for CRTs reach 168 million
units valued at $13.6 billion. CRT computer monitors projected to have 70%
of market by 2000; NSTISSAM/1-93 (Compromising Emanations Field Test
Requirements, Electromagnetics) published; NSTISSAM/2-93 (Rationale for
Compromising Emanations Laboratory and Field Test Requirements,
Electromagnetics) published; National Security Telecommunications and
Information Systems Security Instruction (NSTISSI) 7000 (TEMPEST
Countermeasures for Facilities) published; NSTISSP 300 (National Policy on
Control of Compromising Emanations) published.

1994 "Redefining Security: A Report to the Secretary of Defense and the
Director of Central Intelligence by the Joint Security Commission"
recommends that domestic TEMPEST countermeasures no longer be required
unless specific threat identified. Zoning solutions increase in importance;
NSTISSI 7001 (NONSTOP Countermeasures) published; BEMA markets TEMPEST
tents.

1995 Internet Underground magazine publishes article about TEMPEST capers in
New York using DataScan device. After U.S. Army starts buying device,
Pentagon requests that sales outside Army stop and it is agreed to; NSTISSI
7002(TEMPEST Glossary) published; NSTISSAM/1-95 (Shielded Enclosures)
published; NSTISSAM/2-95(Red/Black Installation Guidelines) published;
Federal Information Processing Standard(FIPS) 140-1 "Security Requirements
for Cryptographic Modules" states that TEMPEST protection is not required
(regarding unclassified federal computer systems); Blowfish Advanced 95
encryption software includes feature that discourages TEMPEST monitoring.

1996 U.S. Air Force's Rome Laboratory produces next generation military
TEMPEST testing system called Computer Aided Analysis System(CAAS), using
digital signal processing; National Information Infrastructure Protection
Act doesn't directly address TEMPEST; Frank Jones of The Codex gives
monitoring demonstration on Discovery Channel's "Cyberlife"; The Learning
Channel's Science Frontier's "Technospy" shows TEMPEST eavesdropping;
Discovery Channel's Discover Magazine ("The Science of Security") shows RF
shielded TEMPEST laboratories.

1997 Hacking in Progress(HIP) conference has analog TEMPEST setup on
display; WANG Corporation releases new,cost-effective TEMPEST PC and printer
(Datadefense Secure) in response to recent network security concerns;
TEMPEST techniques against smartcards are discussed at Eurocrypt '97; Steve
Jackson's GURPS Black Ops game includes TEMPEST surveillance devices as
equipment option; WANG Corporation awarded a U.S. Government Systems
Acquisition and Support Services contract (SASS II) for TEMPEST and Zone
secure systems and maintenance valued at $105 million over 5 years 1998
"Soft TEMPEST" software techniques (sent for patent), videofonts used to
discourage monitoring, published by well-known computer security experts
Markus Kuhn and Ross Anderson, surprising many in TEMPEST field. PGP 6.0.2
and Steganos II incorporate Soft TEMPEST fonts; James Atkinson claims Frank
Jones and his Datascan device are a fraud, as are most other commercial
devices.

1999 TEMPEST intercept equipment headed for Vietnam from U.S. is stopped by
FBI and U.S. Customs in Virginia and man sentenced to prison; NSA only
releases redacted NSTISSAM/1-92 in FOIA request by John Young for all
TEMPEST standards information; FBI agent admits use of TEMPEST monitoring by
agency as possible investigative technique while participating in MIT panel
discussion of Whitfield Diffie's book "Privacy on the Line."

Late-1990s Department of Energy's Oak Ridge National Laboratory develops
Video Intercept Receiver, a compact TEMPEST receiver used for field testing.

2000 Appeal by John Young to NSA releases five more redacted TEMPEST
documents; Freeware Windows text editor implements Soft TEMPEST fonts.

2001 In Kyllo v. US, U.S. Supreme Court rules against unwarranted infrared
detection by law enforcement against private homes; Nine more redacted
government TEMPEST documents are released.

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Sponsored by VeriSign - The Value of Trust
Pinpoint the right security solution for your company - FREE
Guide from industry leader VeriSign gives you all the facts.
http://us.click.yahoo.com/lWSNbC/WdiDAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Next message: Fred Cohen: "[iwar] [fc:Internet.Less.Secure.-.Despite.More.Spending,.Web.Is.A.More.Dangerous.Place]"
Previous message: Fred Cohen: "[iwar] [fc:The.Saudi.Crisis]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
This archive was generated by hypermail 2.1.2 : 2002-12-31 02:15:03 PST