FROM A VERY VERY COOL SITE:

www.bugsweeps.com/info/bugsweepers.html

Computer Bugging

Bugs have got most of the headlines in recent months, but sleuths use a lot of other high-tech tricks. One active area: eavesdropping on the sensitive information in somebody else's computer. Computer users were recently shocked to learn that it isn't even necessary for someone to have access to their premises. He can tune in to a computer from down the street. it isn't even difficult or expensive.

This fact became painfully obvious about a year ago at a computer show in Olympia, England. Representatives of major computer manufacturers were there to show off their latest products. There was much emphasis on computer security. Many models featured locks and password entries to protect against unauthorized tampering and there were encryption programs that rendered stored information intelligible to only the authorized user.

Into this scene the British Broadcasting Corporation sent a reporter and a British electronics engineer named Sean Walker. They entered the show with Walker wheeling a cart. On the cart was a video display screen, a CB antenna, a VHF receiver, and a signal processor. The entire scene was videotaped for a program that later appeared on the BBC.

As Walker strolled slowly through the show, he adjusted several dials. Soon a replica of data appearing on the screen of a nearby Epson PC AX appeared on Walker's screen simultaneously. "Any hobbyist or amateur radio enthusiast could probably put this system together in a few evenings," he said on the broadcast. The cost: about $500.

This theatrical - but sobering - stunt was based on the work of a Dutch researcher named Wim van Eck of Dr. Neher Laboratories PPT, in Leidschendam, Netherlands. It had been known for years that computers radiate weak signals theoretically capable of being decoded, but it had been widely assumed that complicated and expensive equipment - available only to government spooks - was needed to capture and make sense of these emanations.

That dream was abruptly ended when van Eck assembled readily available electronic equipment, parked a van outside of an office building, and read off information appearing on computer screens several stories up. With slightly more sensitive equipment, he says, he can pick off data from computers two kilometers away.

The principles van Eck used are well known. The words, numbers, and even graphic images appearing on a computer screen are formed by a beam sweeping across the screen in a TV-like raster. The beam is off where the screen is supposed to be dark, and on as it crosses an area that is supposed to light up. This switching of the beam on and off generates a digital signal that can be picked up some distance away, as van Eck demonstrated. If another display unit at the receiving location has a beam sweeping across it in perfect synchronization with the one at the computer being tapped, and if the received signal is used to switch on the electron beam in this display, then a display identical to the one at the original computer will be formed. Van Eck pointed out that the signal is easy to pick up, because the signal that switches the beam on and off is amplified to several hundred volts, unlike other signals in the computer or display. Thus it radiates strongly.

The only real trick is synchronizing the beam sweeping back and forth across the eavesdropping display with the one on the computer being bugged. A television broadcast contains synchronization signals that are used by the receiver to keep its beam in sync with the beam at the originating station. A computer transmits no such sync signal. So van Eck built a special circuit to discover the original sync mode and generate a new signal to synchronize the receiver. Then he presented a scientific paper on the device at an industry meeting. Securicom '85, in Cannes, France, in 1985.

Computers involved in national security - especially those in such places as embassies in foreign countries - are presumably shielded to prevent such eavesdropping. For 20 years the U.S. Government has had a series of standards called TEMPEST designed to cut down on the radiation allowed to escape from a computer. (TEMPEST was originally an acronym for Transient Electromagnetic Pulse Emanation Standard.) Although no one will comment officially, we learned informally that the standards require that the potential signal be attenuated by about 70 dB - a large amount. But one source estimates that it may double the cost of a computer to build in this kind of protection. A spokesman for Wang Laboratories Inc., which builds TEMPEST-protected computers, said it adds 20 to 50 percent to the cost.

TEMPEST-protected computers are probably reasonably secure. But defense officials worry that bits and pieces of sensitive information on small computers in engineering development departments, in the offices of government officials, and elsewhere may not be so secure. And banks, insurance companies, hospitals, and others with confidential information are probably vulnerable.

A low-cost protection system may be the solution for these units. Al Montross, president of Dataprotek in Boca Raton, Fla., builds a shielded cover that goes over the entire computer. Montross says it cuts down on the radiated signal - by 60-65 dB rather than TEMPEST's reported 70 - and costs only $650.