Homemade TEMPEST Receiver

Tom's Guide writes about home brew TEMPEST receivers:

Today, dirt-cheap technology and free software make it possible for ordinary citizens to run their own Tempest programs and listen to what their own -- and their neighbors' -- electronic devices are doing.

Elliott, a researcher at Boston-based security company Veracode, showed that an inexpensive USB dongle TV tuner costing about $10 can pick up a broad range of signals, which can be "tuned" and interpreted by software-defined radio (SDR) applications running on a laptop computer.

Posted on November 4, 2019 at 6:06 AM • 37 Comments

Comments

Rj BrownNovember 4, 2019 7:04 AM

In 1967, I programmed my first computer, an IBM 1401. It was pretty common practice in those days for the computer operator to place a vacuum tube "all American 5" clock radio on top of the central processing unit and ture it somewhere between stations. As the computer changed what it was doing, the radio would pick up the RF emissions and make different sounds. An experienced operator could tell which job was running, and what stage it was in, just by listening o the radio's buzzing and clicking. If a job got stuck, it was pretty obvious from the unexpected sounds.

In 1984, I wrote a Mandelbrot set graphing program. They were pretty popular back then. I placed a FM radio near the computer when it was running so I could listed to the "Mandelbrot music" while the program was drawing the pretty fractals on the screen. It drove my wife bonkers!

Working on militart electronics, Tempest was not unusual to me. We had to do all kinds of things to sheild equipment from emmiting radiation.

I also recall a story that some spy outfit eavesdropped on computer conversations by focusing a telescope on the LEDs on the front of a phone line modem and capturing the blinking of the lights from across he street by looking thru the window.

Picking up emmissions is one thing; decoding them and understanding the traffic they carry is another.

meNovember 4, 2019 7:23 AM

I have tested it some months ago using my rtl-sdr and it worked well with hdmi. Even better with the monitor switched off

meNovember 4, 2019 7:29 AM

I have tested it some months ago using my rtl-sdr and it worked well with hdmi. Even better with the monitor switched off.
I used blue rtl-sdr from china (8€) and tempest sdr java app.
My cheap receiver doesn't have enough bandwidth so it detect only huge words. But if you open a windows 7 calculator you can see its square window and that has a textbox.
With a fullscreen black white checkerboard you can get signal up to 10meters.
If someone wants more details feel free to ask.
I remember tgat there was a research paper attached to it, i'll try to find a link

Clive RobinsonNovember 4, 2019 7:31 AM

... showed that an inexpensive USB dongle TV tuner costing about $10 can pick up a broad range of signals, which can be "tuned" and interpreted by software-defined radio (SDR) applications running on a laptop computer.

Yes I've known how to do this with RTL dongles for quite some time. I also drop comments about it here from time to time advising "red team", "Pentesters" and every on else involved with ICTsec to get to understand SDR kit.

What I've also mentioned is that quite a few,SDR devices can transmit as well as RXing, thus you can do "replay attacks".

Funny thing is I last posted, on last weeks squid thread,

https://www.schneier.com/blog/archives/2019/10/friday_squid_bl_700.html#c6800984

EngulfedNovember 4, 2019 8:54 AM

I have used these for years, very handy tool, so but regarding Tempest, what would be intresting to find ?
Part from the constant QRM that nobody seems to do anything about, try listen to HF in an urban area nowadays, not much fun ... just growlamps and all sorts of qrm over the spectrum, perhaps growlamp Tempesting could be used by the LE today

Also found this
TEMPEST RESISTING FONTS
https://www.cl.cam.ac.uk/~mgk25/emsec/softtempest-faq.html
Not sure if those are mainly for monitors, but any idea of its theory

TatütataNovember 4, 2019 9:25 AM

Re: Radios and 14xx

There is this scene in Kubrick's Dr. Strangelove (1964) where Group Capt. Lionel Mandrake (Peter Sellers) pulls out an AM transistor radio from an IBM 1403 line printer, and deduces from the routine civilian broadcast content that the USA wasn't being vitrified in an alleged surprise "nuckular" attack by the Rooskies.

The line printer is still happily churning out paper. The high-current 132 column solenoids driven by the nearby 1401 host's logic would have made any radio reception a very unlikely proposition. Chalk it up to artistic license.

Sellers had just turned off the main 7090 computer. An auxiliary 1401 system (not seen) would have been in charge of print jobs offloaded on tape from the main computer.

If you look closely at the picture, there is also a lunch with a sandwich and an apple stashed away just under the chain gate. I wouldn't have left anything there I would later put in my mouth, unless it was well wrapped.

I mostly knew the 1403 variants marketed with the 360, which were equipped with an acoustical noise absorbing skirts that extended all the way down to the floor. They weren't superfluous, the noise level with open covers was just about a couple of decibels less than a sawmill. Even with the cover closed, I could recognise when my own jobs were printed out just by listening.

When the printer ran out of paper, an hydraulic mechanism would automatically lift the cover and throw off all listings deposited on the top. In a self-service area users would simply separate their job and leave the rest of the stack on the machine, rather than on the nearby table, despite all the notices taped on the wall.

The printer's 2821 control unit was essentially a repackaged a 1401 with a slapped-on 360 I/O channel. It was connectable all the way up to 4381s and beyond. A bit like an USB 1.0 interface, only a million times bigger.

Steve Wozniak's brainchild and Clive's favourite computer, the Apple II, had very little shielding, a double-sided PCB without a ground plane, and an early switching power supply running at something like 20-30kHz. I remember I had to choose between listening to shortwave ("DX-ing"), or use the computer. If that wasn't enough, I lived a few hundred meters away from a large analog TV transmission site, which generated a depressingly high amount of intermodulation products in the HF band. (No amount of filtering helped, the IMD was produced in the environment).

The acoustical singing from the switching power supply or on-board regulators would provide a hint about the processor activity, touch typing can be recognisable.

I began dabbling circa 2016 with cheapo SDRs, and am amazed with what you can do with just a down-converter and an ADC. But it's not quite plug-and-play yet. It will take you several hours to configure and build SDR software on Linux, and when it runs, it will suck most of the processing cycles from your gear (Most of my machines are 2012-2015 vintage Intel I5's). So in a sense, I must still choose between computing and listening to radio (or just decode a transmission), but I made interesting discoveries, and have big ideas, if I can get around implementing them. (I just don't want to muck about with C programming, and translating a zillion header files to my preferred language isn't my concept of fun). Now, if I could offload the preprocessing to a Raspberry Pi 4 mounted outdoors...

Windows is supposed to be better at real-time than Linux, which would be the reason which it is reportedly preferred as a gaming platform. I still get more satisfying results with the five levels of priorities under Windows than all that b*llcrap with 40 steps of "priority" and "niceness" (with a counter-intuitive reversed sign!) under *nix. Basically, I want to be able to specify something like "Process X gets all the time it wants, and process Y and Z will share the crumbs". I can somehow manage to get this result on Windows, but not on Linux. I recently found out there was there was a scheduler feature adopted by Linus Torvald's imperial fiat called "autogroup" which associates processes and their priorities with the consoles they depend from. That sounds only good for interactive computing.

BTW, I'm currently testing Ubuntu-under-Windows 10, and the combination feels a little quirky when it comes to resource allocation.

One downside with the cheap SDRs is that not much work has gone into equipping them with good front ends, i.e., filters and high-IP3 LNAs, and providing proper antennas for good reception in a limited space is a challenge. The hackers don't seem to worry much about such details. But I'm still surprised about the relative lack of spurious signals at VHF.

On one machine I have a wireless keyboard/mouse combination, and I would be surprised that the dongle's crypto was extremely good. I plan to check out the signal with the SDR one day.

TatütataNovember 4, 2019 9:37 AM

if you put your GSM phone near any such devices, you can hear when its "talking" to the celltowers every now and again...

I found it rather disturbing how often a radio or TV interview would be perturbed by a GSM phone performing a location update, with a characteristic galloping sound lasting about 2-3 seconds. An incoming call would result in an outright buzz following the initial handshake. This would sometimes even happen in studio interviews, like if the sound technician in the booth wasn't listening.

This phenomenon is now rarer. Microphones are either better shielded, 3rd generation and beyond cellular is less chatty, or maybe broadcasters have learned.

Eck!November 4, 2019 10:03 AM

The SDR dongles DVB-T have been around for many years, over 10.

Nothing magical and certainly not new. One use is tracking transponders at 1090 and ADSB position information. Also not a new thing.

One of those, a fast computer, software, and its useful. Compared
to commercial gear its a toy. But its cheap and widely available.

Tempest is a program for EMI hardening computer and other sensitive security
related gear. EMI is electromagnetic Interference and the its kin RFI Radio Frequency interference and the aim of the program was to reduce it to the unhearable level so that sensitive (in the sense of information contained is required to be secure) equipment would not compromise security. The problem
is even if you can hear it making sense of it is quite a bit more difficult. However the Tempest program was to prevent radiating it so it could be heard
in the first place. It was a part of the radio arms war. The other side
was ECM Electronic countermeasures and its basic kin jamming.

So what can we do with those dongles... Anything that requires a receiver.
The biggest thing is any form of wireless content save for the bulk of
them are encrypted and generally hard (not impossible) to crack. But ther eis a layer of radio stuff like door openers, car key fobs and the like that are not highly encrypted and could be a target for criminal activity.

There is for sure a lot of negatives possible but the people who are using
seem to be looking at the benign and even constructive uses. One is Amateur radio in the VHF and UHF regions. Electronics gear for measurement.


Like anything bad and good exists by the use of the actor not the technology.

Clive RobinsonNovember 4, 2019 10:14 AM

@ Engulfed,

TEMPEST RESISTING FONTS Not sure if those are mainly for monitors, but any idea of its theory

They are.

The theory is delightfully simple at 20,000ft but quickly turns to treacle as you get closer.

The principle is that a fast rising edge contains energy from "all frequencies" (and yes there are negative frequencies mathematically).

As you change the rise time of the edge so it becomes less steep it's high frequency content drops. For any given object that can radiate it's effeciency is related to it's "Capture area" as an antenna at that frequency. As frequency goes up wavelength goes down thus it's easy to see that for any given object it will radiate higher frequencies more efficiently than lower frequencies (I'm going to leave resonance out of this conversation it just gets tedious).

The distance a signal travels is based on it's wavelength and how efficiently it is coupled into "free space". The lower the frequency the longer the wavelength so the better it's freespace radiation. But... Not only is hogh frequency easier to couple efficiently, the greater it's potential modulation bandwidth.

So high frequencies in the high VHF / low UHF are where you want to be looking for usefull frequencies.

So if you in effect "filter the fonts" digitally you reduce their ability to radiate usefull information.

The fun starts when you realise, firstly you have three signals one each for Red Green Blue and the image is two dimentional so there are two frequency spectra one for the high frequency horizontal signal and one for the lower frequency vertical signal multipled by three signal sources.

This means you have a lot of edges and sprctra to play with.

The human eye / brain "makes edges" where edges are not realy there. It also has a non linear response to different light frequencies.

So rather than have all the RGB signals fast rise together you can stagger them with respect to each other. You can trick the eye / brain that the font looks sharp / clean when infact it's in aggrigate signal is quite messy and relatively low in high frequency components.

Hopefully that will give you sufficient of the 20,000ft view rather than getting down and dirty with two dimensional FFT's and other DSP filtering tricks.

WayneNovember 4, 2019 10:18 AM

@Tatütata:
I remember back in the early '80s when I was learning COBOL, you could always tell when someone's program had done a core dump by the distinct sound the printer made.

Myself, I rewrote my JCL so it did a double-compile. If it compiled with no fatal errors, it would not produce any output and would run: presumably my previous code printout was clean and I was tweaking the report layout. If it errored, it would re-run the compile and give me a full printout so I could track down the error(s).

You'd be slapped-down hard doing that in a production environment, but I got away with it on a student computer.


I just finished re-reading Cryptonomicon, with its VanEck phreaking of laptops. Amusingly congruent with today's post.

Clive RobinsonNovember 4, 2019 10:31 AM

@ Tatütata,

I found it rather disturbing how often a radio or TV interview would be perturbed by a GSM phone performing a location update, with a characteristic galloping sound lasting about 2-3 seconds

It's the reason I was dismissive of Bunny Hung and Ed Snowden's gizmo for the iPhone.

What they were doing was taking it appart and soldering thin wires to test points. Which if you can avoid doing it is a good idea to not do.

The simple level of QRM[1] coming out of mobile phones is sufficient that most of what they apprared to be looking to "instrument" could be done with "envelope detectors" on PCB foil tuned circuits.

QSL

[1] For those not familiar with "Q Codes" they go back to a time when most communications was still done by "Morse Telegraphy". QRM stands for "... Interfered with by man made noise" QRN,stands for "... interfered with by natural noise" and QSL you can go look up ;-)

EvilKiruNovember 4, 2019 1:14 PM

@moderator: as a message prefix is generally the fastest way to summon one in my experience. Moderating isn't their primary job, however, so keep that in mind.

FANovember 4, 2019 1:35 PM

@Tatütata

> I still get more satisfying results with the five levels of priorities under Windows than all that b*llcrap with 40 steps of "priority" and "niceness" (with a counter-intuitive reversed sign!) under *nix.

No surprise. The 40 'nice' levels have _nothing at all_ to do with realtime.

On Linux, you get real-time scheduling by using the SCHED_FIFO scheduling class which has 100 priority levels. A task in this class will run until either

* it is pre-empted by a higher priority one,
* or it yields voluntarily.

Normal tasks (the ones affected by 'nice') are in the SCHED_OTHER class, which has lower priority than any SCHED_FIFO task.

I routinely run audio (hundreds of streams at 48 kHz) and SDR (30 MHz bandwidth) applications with IO latencies in the single digit millisecond range. They run rock-solid even when watching a YT video and compiling the kernel at the same time, on hardware that is at least 8 years old.

I could tell a lot more, but it would be OT on this forum. Get in contact
directly if you want to learn more.

--
FA


FANovember 4, 2019 2:20 PM

@ Tatütata

Never noticed the lunch in the printer...

One of the things I've been asking myself about Dr. Strangelove is how general Jack D. Ripper was able to send the 'Wing Attack Plan R' code without his XO (at the computer which was probably controlling data transmissions) being aware of this.

Peter A.November 4, 2019 3:11 PM

Back in the old days I had a ZX Spectrum+, which had some space inside - it was just an old good ZX Spectrum 48K board in a funny case. I've put inside some things that otherwise would be uncomfortably sticking out of the back on the edge connector, by soldering some white wires to various points and connecting them to small PCBs tucked at the sides with connectors sticking out through newly made holes :-) One of them was an RGB monitor socket.

The wires were strung rather carelessly picking up any interference along. After some time I could roughly tell from the ripples on the CRT screen what the little thingy was doing... has it hanged or is it in a tight loop, or waiting for keyboard input etc.

EvilKiruNovember 4, 2019 4:20 PM

Using paper and pencil means having to use soft lead, not press too hard, use separate writing pads for the plaintext and encoded messages, and destroy not only the top sheet of your plaintext writing pad when done, but also the next 2 to 5 sheets below it.

Clive RobinsonNovember 4, 2019 5:55 PM

@ Franz,

You can use paper and pencil. No Tempest emanation at all.

You wish...

Remember certain fundemental rules of physics, that give,

1, All coherant energy / state changes to a decoherant state when work is done.

That is,

2, No process of work is 100% efficient. By the process of radiation transport, all waste energy steps down to heat by the process of radiation and absorbtion, each step in the chain being less coherant and less discernable at distance.

Thus the mechanical energy of writing, gets transported away by conduction and radiation. The bulk of that radiation is acoustic and has very definate coherant information superimposed / modulated upon it.

Further whilst TEMPEST uses "passive" EmSec techniques, there is a much larger cannon of "active" EmSec attacks. In the case of you writing, a suitably high frequency RF source can be used to "illuminate" your hand and the writing implement. All conductors and dielectrics in such an EM field distort it. Thus if they move the field becomes modulated by the movment. Such modulation can be detected by standard doppler techniques. If two or more receivers are used you can come up with mathmatical transforms that will fairly accurately describe the movments, the hand and writing instrument make, thus in effect "see the words written"...

@ EvilKiru,

and destroy not only the top sheet of your plaintext writing pad when done, but also the next 2 to 5 sheets below it.

There is a simple way to avoid this issue, which I've mentioned once or twice befor. And trust me when I say you don't want to leave blank sheets of paper you have written on around, and destroying them effectively can attrack quite a bit of attention...

Thus one way to avoid these problems is find a realy hard substance, such as the glass in a photo frame. Tear of each sheet off the pad before you write on it and place it on the glass surface then write on it.

You will be quite hard pressed to leave any indentations on the glass. However it's possible using ESDA techniques to show the pattern left on the glass in the residual static electricity (you can do this with laser printer toner dust). So when you have written on a sheet, remove it from the glass and use a soft cloth of silk or other static electricity related material to "wipe the glass down" immediatly, which destroys any residual pattern in the static charge.

Members of staff having framed pictures of their family / loved ones on their desk is fairly common, as is a cloth to wipe dust off of objects in a draw. Thus neither is particularly suspicious to have around, unlike a noisy shredder or ash tray full of burnt ashes and the air reaking of burning paper.

Rj BrownNovember 5, 2019 6:52 AM

A possible mechanism by which these lasar attacks on microphone might work is light pressure. In the late 1980's I was attending a conference at the University of Rochester where we were given a tour of the laboratory for laser energetics. They were using the combined light from many powerful lasers to compress matter and obtain a nuclear fusion reaction. Given that we don't need to apply quite that much pressure to move a tiny microphone presure sensor, which is what acoustic microphones really are, I suspect that these microscopic transducers are able to be moved by light pressure from the attacking laser.

Also @Clive_Robinson: If you use ink from a good fountain pen, almost no pressure is needed at all, as capilary action causes the ink to flow. This should both reduce the residual impression of the substrate as well as lessen the generation of static electricity by friction.

Alyer Babtu November 5, 2019 12:29 PM

The $0.64 question - can you build a mobile phone using these ideas and components?

Think November 5, 2019 1:12 PM

When you read and write and ‘think’ you modulate sounds inside structures within your ear canal. The tensor tympani comes to mind as a natural sound dampener. Your ‘inner voice’ is something you can hear and with the right equipment so can others.

These anatomical structures are very similar in all humans. As the sounds of a common language are shared among others, it’s generated motions can be intercepted and decoded. You’d want to wear special ear covered head phones while thinking as a clandestine operative writing up a report. How about communicating your thoughts to your partner by simply positioning your head and thinking to yourself in a predetermined spot with special radiation detection gear positioned just so. Waiting for you.

Maybe those cool ear buds of yours do something else?

Connect the dots. Mind reading 101. Tell me your secrets. Making you an unwilling thought transducer can be painful. Sonic weapons leave lasting brain damage in some

https://www.theguardian.com/world/2017/sep/14/mystery-of-sonic-weapon-attacks-at-us-embassy-in-cuba-deepens

https://www.popularmechanics.com/military/weapons/a21201860/sonic-attack-cuba-china-guangzhou/

https://www.nytimes.com/2018/06/08/world/asia/sonic-attack-china-guangzhou-consulate.html

It’s all just pattern recognition, signals intelligence.

There is similar work being done on the brain. There are also therapeutic opportunities for traumatic brain injury.

https://www.zdnet.com/article/brain-scans-can-read-your-mind-researchers-say/

Clive RobinsonNovember 5, 2019 8:56 PM

@ Petre Peter,

Another reason why you should switch to an LCD

For what?

If you mean for your computer display, it won't get you much.

The reason being it's still the same cable carrying the image signal down to most display devices.

It's the signal radiated from that computer to display cable that most attackers would go for by choice.

Clive RobinsonNovember 6, 2019 7:37 AM

@ Alyer Babtu,

The $0.64 question - can you build a mobile phone using these ideas and components?

Look up LimeSDR in Guildford Surrey UK.

https://limemicro.com/community/

Not only can you make a mobile phone, you can make a mobile base station with their inrxpensive products.

Z.LozinskiNovember 6, 2019 12:26 PM

@Rj Brown
> If you use ink from a good fountain pen, almost no pressure is needed at all as capilary action causes the ink to flow.

Modern fountain pen nibs are mechanically much more rigid than the high quality 18K gold nibs from the 50s to 70s and will leave an impression on any underlying sheets of paper. Many of the fountain pens available today use steel nibs with fine points (think of the disposable Pilot fountain pens). You are of course right, the pressure required to write with a fountain pen is significantly less than a ballpoint. (Enough that Parker had to re-engineer their fountain pen nibs to stop them breaking once people had learned to write with the pressure required for a ballpoint).

A glass plate is a good low tech solution to the problem

Z.LozinskiNovember 6, 2019 12:40 PM

@Clive & @Alyer Babtu,

I've seen people running entire 4G/LTE mobile networks (Radio and Core) on Raspberry-Pi node.

To go along with the LimeSDR that Clive mentioned for the RAN, here is an example of what you need for the core:

https://www.quortus.com/news-and-events/press-releases/running-a-mobile-network-on-a-raspberry-pi/

The technology exists to allow you to build a mobile device (or network) from low cost components. Making it secure is a whole different problem.

There was a really good presentation at CCC or HOPE from the guys behind GSMK Cryptophone in Germany on what they had to do to make their device secure.

vas pupNovember 6, 2019 5:40 PM

@Bruce and @Clive:
Just found this interesting and related to weed out signal:


Novelist Jos Saramago wrote, "Chaos is merely order waiting to be deciphered."

Clive RobinsonNovember 6, 2019 11:57 PM

@ vas pup,

    "Chaos is merely order waiting to be deciphered."

Chaos can be deciphered any time, when we have the "right" key. The real problem is trying to find the right key, amongst all the others. Even if we creep along bit by bit our odds of getting the right message diminish rapidly...

But also bit by bit we can make any key, thus all messages are equiprobable... Thus even when chaos arises from chaos, we might still be holding the truth but fail to recognize it.

Steve RusselleNovember 7, 2019 7:33 AM

Nobody believes TEMPEST is a genuine threat.
I used to help teach computer data hiding classes. This was in the '90s.
Most of my bits demonstrated freeware methods that any 12 year old kid could execute at that time. The attendees were mostly government and defense contractor computer system and security guys.
One thing I used was a TEMPEST intercept that I set up by simply attaching an outboard VGA monitor to a notebook computer. I cut the red, green, and blue signal wires, but left all the other wires (sync, etc.) attached to the notebook.
For TEMPEST detection, I used a cheap, garage sale police scanner. I tapped the IF chain by coupling the input of a video distribution amplifier ($50 new) and drove the external monitor RGB input lines with that.
I had a computer 30 feet away "in the adjacent hotel room" with a spreadsheet onscreen.
I tuned around until the image of the remote spreadsheet appeared on my intercept screen, then changed video resolution if I had to until the image was full screen.
Sure, the video timing wasn't perfect, so the intercepted image rolled a little, but everyone in the class could easily see the image, recognize it for what it was, read it, capture it, and they learned that TEMPEST isn't a boogy man pipe dream at all but is a very real thing.
Back then, any 12 year old kid with an imagination could do some TEMPEST intercepts with bottle deposit money while the sophisticated systems were selling for a fortune.
Times and equipment has changed, and it's cheaper and easier now.

wumpusNovember 12, 2019 5:54 PM

Re: Radios and 14xx

In the 1970s I had a "dataman" math toy: http://www.datamath.org/Edu/DataMan.htm
(similar to a "Little Professor" in that it only told you if your math was right or not).

I eventually realized that if you played a radio nearby (memory is lacking, but I'm pretty sure it had to be AM) the RF interference was reasonably accurate for what the machine was doing (from a foley artist POV, I was clueless about hardware debugging at the time).

Both then and now, I have no idea if it was intentional.

PS. The "correct" sound was fairly similar to a sound made by one of the "Buck Rogers" robots from the TV series of the same time. They might have even taken it from the Ti device.

Clive RobinsonNovember 13, 2019 4:00 AM

@ Steve Russelle,

Nobody believes TEMPEST is a genuine threat.

Some of us do and have done for many decades.

I also know that a lot of the old advice about how to deal with it[1] such as suround yiur VDU with lot's of other VDU's is nearly compleatly pointless.

But times have moved on and TEMPEST is now a decreasing subset of the more rapidly growing EmSec field of endeavor. Not least of which is TEMPEST is "Pasive EmSec" whilst there are lots of interesting tricks with "Active EmSec" that I --probably amongst several other engineers-- was independently investigating back in the 1980's. One of which would now be called "Active Fault Injection Attacks via an EM carrier" using both CW and modulated carriers.

Then of course we now have the delight of all the "Over The Air" (OTA) systems with their myriad of faults, all clunked in way down the computing stack. Old examples of the "Evil Maid" type atacks on Firewire and USB are just the known tip of the iceberg.

One concern some of us "olduns" have is that the ICTsec industry appears to only live in the current moment. That is many practitioners appear not just to be "not learning from history" the appear to be more or less compleatly "unaware of history". Thus "lessons learned" are now as if "they never happened". Worse this lack prevents them looking into future to new instancrs of attack based on old classes of attack...

[1] Some old advice that used to be given was "drown it in noise" from other sources. It did not work back then and it certainly does not work today. The reason it was given was based on two assumptions,

1, Only one receiver in use.
2, The noise was random.

Neither of which was true back then nor is it true today. Two or more receivers enable you to phase shift the signals and thus gain advantage not just like a Very Long Baseline Radio Telescope in two dimensions but also in effect move the virtual antenna in three dimensions. You can find out how when looking at modern day equivalent found under MIMO. But also people are now begining to understand the difference between,

1, Determanistic noise.
2, Chaotic noise.
3, Pesudo random noise.
4, True random noise.

With modern IQ recievers such as the much mentioned SDR drvices, when precisely aligned in time and the fact they can record hours of very high resolution signals, backend procrssing alows analysis to strip off the first two types of noise, and thr third if not cryptographically produced. Thus the desired signal rises like Poseidon from the depths to be come clearly obvious. Building such receivers needs little more than a good quality antenna, a better quality SDR front end (LimeSDR make good value in that respect), an acurate time refrence (GPS 1PPS works) and a high end laptop or desk top computer with lost of fast storage.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.