Home | News | Hacking | Sciences | Technology | Ti 92 | Programming | Free articles | Links | Webmaster

CNN logo

















































































The complete, unofficial
TEMPEST information Page

US Army TEMPEST Test Facility Logo 

Over five years of public disclosure, and one-stop shopping for TEMPEST info...

Across the darkened street, a windowless van is parked. Inside, an antenna is pointed out through a fiberglass panel. It's aimed at an office window on the third floor. As the CEO works on a word processing document, outlining his strategy for a hostile take-over of a competitor, he never knows what appears on his monitor is being captured, displayed, and recorded in the van below.

This page is about surveillance technology.  If a search engine mistakenly led you here, try Shakespeare, Pontiacs, or Arcade Games(The graphic on the right is the logo for the US Army Blacktail Canyon TEMPEST Test Facility.)

News & Updates
skip the news and go to the introduction

March 5, 2002 - Joe Loughry has authored and released a fascinating paper on what he calls "Optical TEMPEST."  To quote the introduction, "A previously unknown form of compromising emanations has been discovered. LED status indicators on data communication equipment, under certain conditions, are shown to carry a modulated optical signal that is significantly correlated with information being processed by the device. Physical access is not required; the attacker gains access to all data going through the device, including plaintext in the case of data encryption systems. Experiments show that it is possible to intercept data under realistic conditions at a considerable distance. Many different sorts of devices, including modems and Internet Protocol routers, were found to be vulnerable."  At least the black, electrician's tape is a cheap countermeasure.  Later in the day, Markus Kuhn released a paper entitled Optical Time-Domain Eavesdropping Risks of CRT Displays.  To quote from the conclusion, "The information displayed on a modern cathode-ray tube computer monitor can be reconstructed by an eavesdropper from its distorted or even diffusely reflected light using easily available components such as a photo-multiplier tube and a computer with suitably fast analog-to-digital converter."  Kudos to you both gentlemen.  Excellent research.

February 25, 2002 - The Complete, Unofficial TEMPEST Information Page is back. I took the site down around the first of the year and had John Young archive it at cryptome.org.  However due to popular demand and some time freeing up, I've decided to continue with updates. - A new Help Wanted section has been added for companies, agencies, and recruiters looking for folks with TEMPEST/RFI/EMI experience.  If you're trying to find an engineer, send me your requirements and I'll post them.  No guarantees on successful leads, but this site does generate a fair amount of traffic, and for now the service is free.  - A couple of years ago Frank Jones, AKA "Spy King" was hyping supposed TEMPEST surveillance products.  You may be interested in his conviction and probation papers. - TinFoil Hat Linux is a single floppy-based distro with a variety of privacy features, including some unique "anti-Tempest" features.  Review here, download Web site  here.

December 30, 2001 - From an anonymous UK source: "1. GCHQ in the UK is the #1 monitoring place for TEMPEST, they HAVE NOT scaled down any business to do with TEMPEST and now even use their techniques for corporate applications. They are STILL the first port of call of the Ministry of Defence for any queries.  2. The GCHQ standard (BTR) is the bible for the UK Military with regard to installations that may negate TEMPEST emissions, mainly due to good practices and safe areas around antenna and cryptographic equipment, also JSP440 is a watered down version of the standard that also covers computer security which is available to all CIDA's (Installation Design Authorities) within the Ministry. CIDA is one of the main 'businesses' within the MoD.  Stories... these I have 'heard' from people in the know and witnessed myself:

Whitehall, London
A Ford Transit van was converted to carry an entire Tempest test kit including antennas and terminals. This was parked on the road outside the building. The antennas were able to pick up the Telephone emissions from all areas of the building, including 'Shielded' areas due to the pre-1970 external telephone wiring, and as all conversations are routed to the local telephone exchange before encoding, this posed a major security threat.  Also, static CRT images were reformed on the terminals within the van. (I have also witnessed this whilst attending a TEMPEST course at GCHQ.)

An old 'story'. There is one main transmission site on Gibraltar where all of the signals to the passing 
allied fleets are sent (also submarine signals). These are coded within the building then transmitted via 
antenna and satellite. However a number of 'unfriendly' vessels (mainly Russian registered trawlers) were hovering near to the shore by the chain link fence. The comms officer got curios and asked for a TEMPEST check to see if they were picking up any signals.  A test proved that the fence was picking up uncoded signals that were emanating from the large capacitors used in th encoding process. The fence then acted as an antenna and the unfriendlies were receiving uncoded signals.  The station was closed down immediately.

Interference and Non-intentionally Interception.
Modern digital mobile phones are the current enemy of the UK teams. Mainly as the signal can act as a carrier wave for any radiated signal. Also, it has been noted, that people making Mobile calls at the end of the runway at RNAS Yeovilton can eavesdrop on the tower and pilot conversations.   Another 'story' tells how a British Telecom engineer was testing a mast when his laptop screen started to fill up as if the computer was typing. What had actually happened was that the voice recognition software on his laptop had detected the radiated signal from the mast during decoding and regeneration and displayed it on the screen as plain text.

August 3, 2001 - TEMPEST mentioned in James Bamford's "Body of Secrets" book (NSA tell-all, follow-up to The Puzzle Palace). Specifically, ship implemented eavesdropping on Cuba. Ross Anderson also has a lengthy section on emissions security in his new book "Security Engineering." (I recommend Anderson's work to anyone interested in security systems - from ATMs to art galleries to EMSEC to crypto. This book is destined to become a classic.) NSA's online TEMPEST Endorsement Program has recently been updated. SANS Institute (the security folks) have a nice, concise TEMPEST FAQ (my only complaint is the reference to Codex Data Systems). Some good info on BEMA's TEMPEST shielded tents (lots of interest in these at the recent Special Operations Command Show and Conference). National Security Telecommunications Information Systems Security Committee Maintenance and Disposition of TEMPEST Equipment (PDF format dated December 2000). And finally the Nicodemo Scarfo trial is underway, and the outcome will definitely have an impact on the future of legal electronic surveillance. Stay tuned...

January 14, 2001 - John Young has released a FOIA version of NACSEM 5112, NONSTOP Evaluation Techniques. This is the first public document to come to light on NONSTOP surveillance techniques. The document has been heavily redacted. We do know NONSTOP testing is very similar to TEMPEST testing. In Side Channel Cryptanalysis of Product Ciphers (Postscript format), John Kelsey, Bruce Schneier, David Wagner, and Chris Hall speculate that NONSTOP and HIJACK refer to the compromise of cryptographic devices through nearby radio transmitters (such as a cell phone, handheld radio, intercom). One of the more interesting things about the document is toward the end. "It is further noted that UNCLASSIFIED information concerning NONSTOP should not be discussed or made available to persons without a need-to-know. No information related to NONSTOP should be released for public consumption through the press, advertising, radio-TV or other public media." The original document came out in 1975, and has gone through several updates.

January 1, 2001 - John Young has received eight more TEMPEST-related documents from his October 1999 NSA FOIA appeal. The printing in the documents is in pretty poor shape, so text is being hand-typed. Currently available documents include: NSTISSAM TEMPEST/2-95, 12 December 1995 - "Red/Black Installation Guidance", Specification NSA No. 94-106, 24 October 1994 - Specification for Shielded Enclosures, NACSIM 5000, 1 February 1982 - TEMPEST Fundamentals, and NSTISSI 7000, 29 November 1993 - "TEMPEST Countermeasures for Facilities." (This last document is especially interesting in that it reveals the U.S. Government keeps a list of countries it views as having the ability and motivation to conduct TEMPEST attacks on U.S. interests. Censors did a bad job of blacking out the text in this 1995 document, and 12 of the 25 countries are identifiable. Including: Singapore, Norway, Hungary, Netherlands, Taiwan and some big industrial states that are known to dabble in economic espionage.) The remaining documents will be added as John has them transcribed.

December 10, 2000 - French SCSSI TEMPEST site, TEMPEST history, Ft. Huachuca Blacktail Canyon logo, fixed www.dtic.mil links (an astute reader pointed out that the "dead" DoD dtic sites on the TEMPEST Sources page could be revived by changing the domain - thanks Rob!).

December 6, 2000 - Over the past four years a tremendous amount of information has come to light on TEMPEST and related topics. So much that even though the page had no graphics, it was taking a couple of minutes to load on slow, dial-up connections. To celebrate the site's four year birthday, I've split it into four pages so it will load a bit faster. - CNET News reports on the Feds using a bugged keyboard to snag a Philadelphia mobster who was using PGP. I've been telling clients for years that this is a significant risk. In most cases it's much easier to do a "black bag" job on a target and install key monitoring software or hardware (or even hide a wireless CCD camera positioned to transmit what's being typed on the keyboard or appearing on the screen), than deal with strong encryption. Although the risk of discovery is obviously higher than a TEMPEST intercept, the lower cost and fewer required technical skills make this a much more likely attack option.  

Introduction to this Site

If you're even vaguely familiar with intelligence, computer security, or privacy issues, you've no doubt heard about TEMPEST. Probably something similar to the above storyline. The general principle is that computer monitors and other devices give off electromagnetic radiation. With the right antenna and receiver, these emanations can be intercepted from a remote location, and then be redisplayed (in the case of a monitor screen) or recorded and replayed (such as with a printer or keyboard).

TEMPEST is a code word that relates to specific standards used to reduce electromagnetic emanations. In the civilian world, you'll often hear about TEMPEST devices (a receiver and antenna used to monitor emanations) or TEMPEST attacks (using an emanation monitor to eavesdrop on someone). While not quite to government naming specs, the concept is still the same.

TEMPEST has been shrouded in secrecy. A lot of the mystery really isn't warranted though. While significant technical details remain classified, there is a large body of open source information, that when put together forms a pretty good idea of what this dark secret is all about. That's the purpose of this page.

The following is a collection of resources for better understanding what TEMPEST is. And no, I seriously don't think national security is being jeopardized because of this information. I feel to a certain extent, the "security through obscurity" that surrounds TEMPEST may actually be increasing the vulnerability of U.S. business interests to economic espionage. Remember, all of this is publicly available. A fair amount has come from unclassified, government sites. Up to this point, no one has spent the time to do the research and put it all together in a single location.

References marked with an (X), are good primary sources. If you just read these, you'll end up with an excellent overview on TEMPEST-related topics.

References marked with an (O) are reported dead links. These pages may be temporarily or permanently unavailable. Dead links are left for reference sake (you may want to check the main domain name or do further searching with AltaVista, etc.). It's interesting to note the number of military sites that now report 404 - Not Found or Forbidden Request errors for certain documents.

The site content is listed below. There are three pages in addition to this one. Introduction provides detailed background info on TEMPEST. Sources provides links to hardware manufacturers, software vendors, and specific government documents. Miscellaneous is comments from readers and other things that don't fit in the other pages.

Note: As you start viewing TEMPEST info, you likely will run into vague or confusing acronyms. A great Net resource is the Acronym Finder site.

Happy reading!

Joel McNamara
Original page - December 17, 1996 - Last update February 25, 2002

Site Contents

Introduction to TEMPEST

What is TEMPEST?
Just how prevalent is emanation monitoring?
TEMPEST Urban Folklore
General TEMPEST Information
Online Sources
Paper Sources
Monitoring Devices
Do It Yourself Shielding Sources


TEMPEST Hardware & Consulting
US Government Information Sources
Department of Energy
Department of Justice
Geological Survey
Department of State
Treasury Department
National Security Agency
National Institute of Standards and Technology
US Military Information Sources
U.S. Navy
U.S. Air Force
U.S. Army
U.S. Coast Guard
Department of Defense
Other Countries

TEMPEST Help Wanted


Tales of the TEMPEST
Non-TEMPEST computer surveillance
Change log

Disclaimer: I've never been involved with the TEMPEST community, had a security clearance for TEMPEST, or have access to classified material relating to TEMPEST. The information on these pages is completely derived from publicly available, unclassified sources.

Last changed March 5, 2002
Copyright 1996,1997, 1998, 1999, 2000, 2001, 2002 Joel McNamara