In our previous blog a few weeks ago, we defined what is eavesdropping and why it is important to protect yourself and your business against an eavesdropping attack. This time round, we would like to further expand by giving you some concrete eavesdropping examples.
What do Watergate and Edward Snowden have in common?
Both are famous examples of eavesdropping, ie. the secret or covert listening to a conversation or private communication between other people without their knowledge or consent.
The Watergate scandal in the early 1970s caught US agents working for President Richard Nixon’s administration breaking into the Democratic National Committee headquarters at the Watergate office complex in Washington, D.C. They were attempting to install listening devices and wiretap phones to gather information on Nixon’s political opponents. The discovery and following investigation resulted in legal proceedings and ultimately President Nixon’s resignation.
In 2013, Edward Snowden, a former National Security Agency (NSA) contractor, leaked classified documents revealing the extensive global surveillance programs conducted by the NSA and its Five Eyes alliance partners. Snowden’s actions brought widespread attention to the extent of government eavesdropping and sparked a global debate on privacy, security, and surveillance.
Eavesdropping can occur anywhere
While these examples are high profile, eavesdropping can occur at various levels, from governments conducting mass surveillance to individuals secretly listening in on private conversations. In many cases, the ethics and legality of eavesdropping depend on the context and the methods employed. But it is an invasion of privacy and, often, unethical, or even illegal, depending on the circumstances and the jurisdiction.
Traditional eavesdropping typically involves attempting to gather information or overhear discussions that were not intended for the eavesdropper to hear.
Electronic eavesdropping via electromagnetic waves refers to the interception of communication signals that travel through the air in the form of electromagnetic radiation. This type of eavesdropping is often associated with electronic surveillance and can involve intercepting radio frequency (RF) signals, microwave transmissions, or other wireless communication methods.
Examples of eavesdropping via electromagnetic waves include:
1. Wireless Communication Interception – signals from wireless communication devices such as mobile phones, Wi-Fi networks, or Bluetooth connections are intercepted and monitored. This can be done using specialist equipment that captures and analyzes radio signals.
2. Radar and Microwave Interception – radar signals and microwave transmissions used in various technologies, including military radar systems and microwave communication links, are intercepted and analyzed.
3. Radio Frequency (RF) Eavesdropping – radio signals are monitored and communication between devices is intercepted. This can include listening in on radio broadcasts, intercepting signals from electronic devices, or even capturing signals from wireless microphones.
What is a TEMPEST attack?
Another example of eavesdropping via electromagnetic waves is a TEMPEST (Transient Electromagnetic Pulse Emanation Standard) attack. TEMPEST is a set of standards and guidelines that address the potential eavesdropping risks associated with unintentional electromagnetic emissions from electronic devices. A TEMPEST attack involves the unauthorized interception of these electromagnetic emissions to gather information about the data being processed by a device.
One famous demonstration of a TEMPEST-like attack is the “Van Eck phreaking” by Wim van Eck in the 1980s. Van Eck demonstrated that it was possible to eavesdrop on computer monitors by capturing and interpreting the electromagnetic emissions emitted by the monitor. When a computer monitor displays information, it emits electromagnetic radiation. This radiation can extend beyond the physical confines of the monitor’s screen.
An attacker, using specialized equipment, then captures the electromagnetic emissions from the monitor. This can be done from a distance, even through walls, without any physical connection to the targeted computer. It is possible to analyze the captured electromagnetic signals and to reconstruct the information displayed on the monitor. With the right equipment and expertise, an attacker could potentially read sensitive or confidential information being processed on the monitored computer.
How to protect against an eavesdropping attack?
For companies that care about the confidentiality of business information research has resulted in recommendations for best cyber security practices and the application of security measures that include the:
• Use of portable electronic devices that can operate for a limited period of time without connection to the power supply source such as smart phones, multifunctional tablets, or laptops. Where this solution cannot be applied for every technology, for example video projectors or personal computers that do not support battery power supply, uninterruptible power supply (UPS) devices can be used, but without being connected to the power supply mains for a specific period of time, e.g., between 30 min and two hours.
• Application of clamp-on ferrite beads (or rings) on the power cable of the targeted electronic equipment. Ferrite beads are passive electronic components that can suppress high frequency signals on a power supply line.
• Filtering out the electromagnetic disturbances injected by the electronic equipment in the power supply network. The installation of specialized EMI filters is recommended on one of the electrical circuits that supply the electrical sockets in the targeted space or room.
It is also important to note that while Van Eck phreaking was a proof-of-concept demonstration, modern electronic devices are designed with greater consideration for TEMPEST standards. This includes the use of shielding and other protective measures to reduce unintentional electromagnetic emissions and enhance the security of information processing. TEMPEST countermeasures are particularly important in environments where the confidentiality of information is critical, such as military and government facilities.
Implementing best protection
There are other countermeasures that can also be taken against electromagnetic eavesdropping. They include encryption, secure communication protocols, and physical security measures that protect against unauthorized access to electronic equipment. Additionally, organizations often implement security practices to preserve data security and minimize the risk of information leakage through unintentional electromagnetic emissions.
The best protection against TEMPEST attacks and any kind of eavesdropping is to block outgoing electromagnetic waves. One way to achieve that quickly, easily, and affordably is with WAVETRAP from WAVE by AGC. The transparent glass product from WAVE by AGC is a wave blocking solution can provide a physical barrier that protects against eavesdropping.
Interested in a glazing solution against eavesdropping? Get in touch with us today and experience WAVETRAP, our transparent electromagnetic wave shielding glass.