In 1985, the Dutch scientist Wim van Eck published a paper which was written about in the prestigious “Computer & Security journal. “Electromagnetic Radiation from Video Display Units; An Eavesdropping Risk?” Vol. 4(4) pp 269-286. The paper caused a panic in certain government circles and was immediately classified as is just about all TEMPEST information.

Wim van Eck's work proved that Video Display Units (CRT's) emitted electromagnetic radiation similar to radio waves and that they could be intercepted, reconstructed and viewed from a remote location. This of course compromises security of data being worked on and viewed by the computer's user. Over the years TEMPEST monitoring has also been called van Eck monitoring or van Eck eavesdropping.

In 1990, Professor Ertard Moller of Acchen University in Germany published a paper, “Protective Measures Against Compromising Electromagnetic Radiation Emitted by Video Display Terminals”. Moller's paper which updated in details van Eck's work also caused a furore.

The government policy of TEMPEST secrecy has created a double-edged sword. By classifying TEMPEST standards, they inhibit private citizens and industry by failing to provide the means of adequately shielding PC's and/or computer facilities. There is an old saying, You can't drive a nail without the hammer”. If concerned personnel don't know the minimum standards for can they shield and protect? Shielding does exist which can prevent individuals and companies from being victims to TEMPEST monitoring. But without knowing the amount of shielding necessary...

Perhaps this is the way the government wants it... My work has focused on constructing a countermeasure device to collect and reconstruct electromagnetic emissions from CRT's. CPU's and peripherals to diagnose emission levels and give security personnel a hands on tool with which they can safeguard their computer data.

In testing my countermeasure device I concentrated on interception and reconstruction of the three types of emitted electromagnetic radiation written about in van Eck and Moller's work.

1. Electromagnetic radiation emitted from CRT's – similar to radio waves.
2. Shortwaves on the surface of connections and cables.
3. Compromising radiation conducted through the power line.

I found my greatest success (distance & quality) was in the collection of emitted radiation from the CRT although we were equally successful in our other experiments. In our opinion the greatest danger of TEMPEST monitoring comes from office premises and we decided early on to concentrate in this area. A workable countermeasure tool would give security personnel a handle on distance from which compromising electromagnetic radiation could be collected. Hopefully full countermeasures would then be implemented.

Thus also as a double-edged sword. The device built albeit a countermeasures tool...can be used as an offensive TEMPEST monitoring device. My concerns however are that if such a device is not made available to the private sector then the private sector is at the mercy of the information warrior using it.

Continue to page 3