You're Never Alone With Paranoia
The feds are watching
Published December 13, 1999 in Scope

There are any number of reasons to hope nobody is looking over your shoulder, so to speak, as you use your computer. It could be you are using a bootleg copy of Photoshop to manipulate that new JPEG your cyberfriend from sent you. Maybe you're encrypting instructions that tell your connection when and where to drop off the shipment. Perhaps you're cheating on your significant other, who owns a Smith & Wesson.

See also...
... by Nessie
... in the Scope section
... from December 13, 1999

Then again, maybe your computer privacy problems are more mundane. Maybe you just need to enter some proprietary data that, in your competitor's hands, could be used to drive your company out of the marketplace and your loving family out of that nice new home you haven't paid for yet. Meet Frank Jones -- and for all you know, Frank Jones may already have met you and you didn't even notice. This retired New York City detective has written a widely used, but little-known software program called Data Interception by Remote Transmission (DIRT).

Like a telephone wiretap for computers, DIRT gives its users the ability to intercept and monitor data from any Windows PC in the world. It also allows them to take almost complete remote control of your computer and all its functions anytime it's online. They can, for example, turn on that little camera you think is off and watch you doing whatever it is you do when you think you can't be seen. Most people feel secure when they encrypt their data, but it's only an illusion if a keystroke monitor is in action. DIRT can defeat Pretty Good Privacy in a matter of minutes simply by stealing the user's key as it is typed in. Then there's the microphone.

DIRT is a tiny Trojan horse. It only occupies 20k. A Trojan horse usually comes disguised as an ordinary OS command or other program that it replaces and is able to mimic. Then it goes looking for an unused corner of your hard drive where it deposits a "secret" file with sinister instructions such as to go contact its sender and report everything it has seen. It can then replace itself with the original command or program and delete itself, leaving you none the wiser. There are a number of different ways a Trojan horse can be snuck onto a target system, but most enter via an email attachment or as part of a downloaded binary.

If you are a Linux user you are not necessarily faced with the Trojan horse problem since you can see everything that goes on in your open source code OS. With Linux, and sufficient vigilance, you can defend yourself against Trojan horses and a variety of other threats as well. But even with Linux you cannot guarantee that your every keystroke is not instantly viewed by covert, prying eyes.

You probably aren't under surveillance. Most people aren't. But it is impossible to know for sure. As Jones himself says, "Surveillance technology has progressed to the point that it is possible to identify individuals walking city streets from satellites in orbit. Telephone, fax and email communications can routinely be monitored. Personal information files are kept on citizens from cradle to grave. There is nowhere to run...nowhere to hide..."

But not all hackers and crackers work for Big Brother. DIRT has already inspired a dangerous imitation, Back Orifice. Back Orifice is a highly effective backdoor designed by a group of crackers called the Cult of the Dead Cow. Just because you haven't invoked the interest of the powers that be with some slip of your tongue or your email use of an Echelon keyword doesn't mean that some technogeek somewhere isn't looking "over your shoulder" at this very moment, or even into your bedroom.

But what if Back Orifice, DIRT, Echelon, and even PROMIS are old news to you and you've disconnected from the Internet and only run Linux? Are you finally safe from surveillance? Not if that high-tech peeping tom across the street trades his binoculars for a working knowledge of TEMPEST and Van Eck.

People often confuse these two, but they are quite different things. TEMPEST is a set of standards used to gauge and reduce electromagnetic emanations from electronic equipment. The point of knowing TEMPEST is to prevent a Van Eck device from being effective. A Van Eck device is a passive, standoff computer surveillance tool that can also be used to covertly monitor any television set, even one in use with a VCR. Porn fans take note. It does not allow the user to access the target computer but rather allows him or her to monitor via radio wave what is displayed on the target computer's CRT screen.

The Tempest project has been a joint research and development effort of the U. S. National Security Agency (NSA) and the Department of Defense (DoD). Even the program's name was classified for most of that period. Depending on whose version of the story you believe, TEMPEST either stands for Transient ElectroMagnetic Pulse Emanation Standard or it stands for nothing at all. Some TEMPEST technical data are available from a "woman-owned small business consulting firm" in Maryland which markets an 800-page manual for $200. They warn potential customers that, "Although unclassified, the TEMPEST books are considered sensitive information not sold or releasable to foreign nationals."

The Van Eck device takes its name from Wim van Eck. In Volume 4, Number 4 of Computers & Security in December 1985, van Eck described, "...the results of research into the possibility of eavesdropping on video display units, by picking up and decoding the electromagnetic interference produced by this type of equipment. During the research project, which started in January 1983, it became more and more clear that this type of information theft can be committed very easily using a normal TV receiver."

The effective range of a Van Eck device depends on the receiver and antenna system used by the technician. One device on the market ("authorized government agencies" only please) is said to have been effective in field tests at distances of over 100 meters using basic equipment: a scanner-style receiver and an antenna. Since each computer has its own electromagnetic "signature," a single computer out of hundreds in an office building can be focused upon effectively. Once it has been "sighted" on its target, the unit can be left unattended, with a time-lapse VCR to shoot the screens. All the spy has to do is come to the equipment van periodically and replace the video tape, transfer the video tape data to a computer disk, and search for keywords or critical numbers.

All one needs to build this device is moderate expertise in both computers (particularly VDTs) and TVs. This combination of skill sets is not at all unusual. One techie claimed he was able to duplicate Van Eck's experiments from what he learned reading a 4-column-inch newspaper article. He said he kicked himself for not conceiving this technique before Van Eck did. Plans for a unit reputed to be effective at ranges of up to a kilometer are available by mail to anyone with $29 and a stamp.

Still hoping you're alone?

Nessie lives in a bunker and is heavily armed. S/he writes a regular column for the Bay Guardian.