If a couple of generations of spy movies have taught us anything, it’s that secret agents get the best toys. And although it may not be as cool as a radar-equipped Aston Martin or a wire-flying rig for impossible vault heists, this DIY TEMPEST system lets you snoop on computers using secondary RF emissions.
If the term TEMPEST sounds familiar, it’s because we’ve covered it before. [Elliot Williams] gave an introduction to the many modalities that fall under the TEMPEST umbrella, the US National Security Agency’s catch-all codename for bridging air gaps by monitoring the unintended RF, light, or even audio emissions of computers. And more recently, [Brian Benchoff] discussed a TEMPEST hack that avoided the need for thousands of dollars of RF gear, reducing the rig down to an SDR dongle and a simple antenna. There’s even an app for that now: TempestSDR, a multiplatform Java app that lets you screen scrape a monitor based on its RF signature. Trouble is, getting the app running on Windows machines has been a challenge, but RTL-SDR.com reader [flatfishfly] solved some of the major problems and kindly shared the magic. The video below shows TempestSDR results; it’s clear that high-contrast images at easiest to snoop on, but it shows that a $20 dongle and some open-source software can bridge an air gap. Makes you wonder what’s possible with deeper pockets.
RF sniffing is only one of many ways to exfiltrate data from an air-gapped system. From power cords to security cameras, there seems to be no end to the ways to breach systems.
Continue reading “A TEMPEST in a Dongle”
The mid-1980s were a time of drastic change. In the United States, the Reagan era was winding down, the Cold War was heating up, and the IBM PC was the newest of newnesses. The comparatively few wires stitching together the larger university research centers around the world pulsed with a new heartbeat — the Internet Protocol (IP) — and while the World Wide Web was still a decade or so away, The Internet was a real place for a growing number of computer-savvy explorers and adventurers, ready to set sail on the virtual sea to explore and exploit this new frontier.
In 1986, having recently lost his research grant, astronomer Clifford Stoll was made a computer system admin with the wave of a hand by the management of Lawrence Berkeley Laboratory’s physics department. Commanded to go forth and administer, Stoll dove into what appeared to be a simple task for his first day on the job: investigating a 75-cent error in the computer account time charges. Little did he know that this six-bit overcharge would take over his life for the next six months and have this self-proclaimed Berkeley hippie rubbing shoulders with the FBI, the CIA, the NSA, and the German Bundeskriminalamt, all in pursuit of the source: a nest of black-hat hackers and a tangled web of international espionage.
Continue reading “Books You Should Read: The Cuckoo’s Egg”
Shortwave radio is boring, right? Maybe not. You never know what intrigue and excitement you might intercept. We recently covered secret number stations, and while no one knows for sure exactly what their purpose is, it is almost surely involving cloaks and daggers. However, there’s been some more obvious espionage radio, like Radio Swan.
The swan didn’t refer to the animal, but rather an island just off of Honduras that, until 1972, was disputed between Honduras and the United States. The island got its name–reportedly–because it was used as a base for a pirate named Swan in the 17th century. This island also had a long history of use by the United States government. The Department of Agriculture used it to quarantine imported beef and a variety of government departments had weather stations there.
You might wonder why the United States claimed a tiny island so far away from its shores. It turns out, it was all about guano. The Guano Islands Act of 1856 allowed the president to designate otherwise unclaimed territory as part of the United States for the purpose of collecting guano which, in addition to being bird excrement, is also important because it contains phosphates used in fertilizer and gunpowder. (Honestly, you couldn’t make this stuff up if you tried.)
However, the most famous occupant of Swan Island was Radio Swan which broadcast on the AM radio band and shortwave. The station was owned by the Gibraltar Steamship Company with offices on Fifth Avenue in New York. Oddly, though, the company didn’t actually have any steamships. What it did have was some radio transmitters that had been used by Radio Free Europe and brought to the island by the United States Navy. Did I mention that the Gibraltar Steamship Company was actually a front for the Central Intelligence Agency (CIA)?
Continue reading “Swans, Pigs, and the CIA: An Unlikely Radio Story”