題名には必ず「阿修羅さんへ」と記述してください。
掲示板,MLを含むこのサイトすべての
一切の引用、転載、リンクを許可いたします。確認メールは不要です。
引用元リンクを表示してください。
投稿者 佐藤雅彦 日時 2001 年 2 月 21 日 07:42:22:
回答先: Re: これ以外に関連記事ありますか? 投稿者 電子社会における通信傍受問題研究会 日時 2001 年 2 月 21 日 05:53:27:
テンペスト」といっても
シェイクスピアじゃない、べんべん♪
――パソコン漏洩電磁波からの情報スパイ技術
●パソコンから洩れる電磁波を受信して、情報傍受を行なうというスパイ活動については、米国NSA(国家安全保障庁)が「テンペスト」(大嵐)というコードネームで開発されてきました。これはもう、かなり広く知られたテクノロジーです。
●現在発売中の『Cyber X:インターネットの闇』に、当初は、エシェロン関係の欧州議会報告書のほかに、テンペストの技術的実態を紹介しようかと考えていたのですが、あまりにもテクニカルな内容になるので、やめた経緯があります。(「国際電脳スパイ体制『エシェロン』をめぐる問題状況」という概説記事で、ちょっと言及はしましたが。)
●「テンペスト」については、かなり詳しい技術的プロフィールがジョン・ヤング氏のHPに紹介されています。
以下に紹介するワイアードの記事からアクセスできると思います。
●ついでに昨年8月の英文ニュース記事も紹介しておきます。
■■■■@■■■.■■■■■■■■■■■■■■■■■■■
● http://www.hotwired.co.jp/news/news/Culture/story/3266.html
遠くからパソコンをスパイできる『テンペスト』技術
Declan McCullagh
1999年10月26日 3:00am PDT ワシントン発――オンライン上のプライバシー流出を心配する人々は大勢いるが、自分がコンピューターに入力している内容を、その場で――隣の部屋から、または通りの向こう側から――誰かが盗み見しているかもしれない、と考える人はまずいない。
ところが、米国家安全保障局(NSA)が新たに公開した文書によると、政府のスパイにはそんなことが少なくとも10年前から可能だったらしい。スパイ機関はこの概念を『テンペスト』(TEMPEST)と称していた。これは、すべてのコンピューターが発する電磁信号を傍受して解読するための技術につけられたコードネームだ。
スパイたちはテンペスト技術のことを1960年代にはすでに知っていた――なかには、コンピューターを保護する方法の特許を取得した者さえいる。しかし、その詳細のうち、機密扱いにされていない情報は比較的まれだ。
こんな状況を全面的に変えたいと望んでいるのは、ジョン・ヤング氏(英文記事)。彼は、情報自由法に基づく要求によりNSAから得たテンペスト文書の内容を、今週自分のウェブサイトで公開した。
「テンペストを使ってスパイ行為が行われているのを、世間は知らないのだ」と、元建築家で暗号関連文書を収集しているヤング氏は言う。「防衛産業がテンペスト技術を手にしていることは公開されていない。かなり慎重に保護されている」
英国の研究者、ロス・アンダーソン氏とマーカス・クーン氏の行なった研究は、機密扱いにされていない数少ないものの1つだ。2人は、離れたところにあるコンピューター・ディスプレーの画面をキャプチャーしてくることは可能であると明らかにした。政府仕様の防護システムではこれを防ぐようになっているが、民間でこれを行なうのは高くつく上に、供給されているシステムも限られている。
ヤング氏がNSAから提供を受けた184ページに及ぶ文書は、技術標準と専門用語ばかりだった。ここからヤング氏が発見した最も興味深いものは何だったのだろうか?
「彼らは、有線の傍受を行なわずに遠隔監視することができる」とヤング氏は述べた。「これが、書かれていた中で最も決定的なことだった」
約半数のページが太い黒線で塗りつぶされており、ほとんどすべての重要な数字――信号強度、最大データ帯域幅、周波数――には手が加えられていた。「国家の安全保障」という理由から、ヤング氏が要求した24の文書のうち、NSAが公開したのはたった2つだ。
そのうちの1つ、『信号危険漏出試験必要条件、電磁気学』(Compromising Emanations Laboratory Test Requirements, Electromagnetics)を作成したのは、NSAの通信・情報システム安全保障グループだ。同文書には、コンピューターからの放射される電磁波を測定する試験手順が記されている。電波を使う測定法と、コンピューターに繋がれた電話線やシリアルケーブル、ネットワークケーブル、電源ケーブルを使う測定法の両方の手順が記されている。
このマニュアルには、「本文書のレベル1制限を満たす機器は、許容できる範囲で機器単体で伝導・放射テンペスト・セキュリティーを満たしている。本文書のレベル2、レベル3制限を満たす機器は、適切に保護された環境に設置された場合に、許容できる範囲で機器からの放射によるテンペスト・セキュリティーを満たしている」とある。
この文書が条件としているこれらの放射制限は明らかに、軍事基地や下請け業者、大使館、その他の政府機関で、コンピューターを監視から守るために使われているもののようだ。
NSAが提供した2つめの文書は、同局の『技術セキュリティー・プログラム』について記したものだ。このプログラムは電子的安全性を査定し、「技術的安全設備対策」を提供するためのもの。
このプログラムでは、NSAとその下請け業者のための安全基準を設定し、必要な研修を考案し、さらに同局の専門技術の「米国防総省の他の部局や、米国の他の政府部局への」の貸し出しも行なう。
電子フロンティア財団の共同設立者であるジョン・ギルモア氏によると、NSAに残りの22の文書も提出させるには訴訟が必要になるだろうと言う。「NSAは例によって、とことん時間をかけるという戦術に出ている。これは法律に違反する行為であり、法律に従わせるためには市民が訴訟を起こさなければならない」
ヤング氏は、NSAが機密扱いに分類するのが「ふさわしい」とする文書に対して、異議があるとする訴えをNSAに送った。「これらの文書は、公開することによって国家の安全保障に深刻な損害を引き起こすことが十分に予想されるため、機密扱いにされている」というのがNSAの言い分だ。
スパイ部局はテンペスト技術をしょっちゅう使っているが、刑事訴追においてそれを証拠として扱うことについてはおそらく法律による規制が行われるだろう、とプライバシー専門家は言う。
「これを用いるには相当の根拠に基づいた裁判所命令が必要となるだろうが、扱っている内容が非常に似ているという理由から、裁判所はおそらく電話盗聴法に従うことを求めるだろう」と、『エレクトロニック・プライバシー・ペーパーズ』の共著者、デーブ・バニサー氏は言う。
一方、NSAにだってユーモアのセンスはある。文書の1つには、今まで公開されていなかった新しいコードネーム、『ティーポット』(TEAPOT)が記載されているのだ。[英語にa tempest in a teapot(=空騒ぎ)という言い回しがある]
「ティーポット 」とは、「通信や自動情報システム機器からの故意の信号危険漏出(敵意を持って誘導または誘発したもの)に対する捜査、研究、管理を指す略称」とされていた。
[日本語版:中嶋瑞穂/岩坂 彰]
日本語版関連記事
・プライバシーという名の新ビジネス
・『エシュロン』を陥れるハッカーたち
・監視カメラが自由を守る未来社会
■■■■@■■■.■■■■■■■■■■■■■■■■■■■
"Tempest" program addresses worries over computer-screen spying
http://www.msnbc.com/news/442690.asp#BODY
By Michael J. McCarthy
THE WALL STREET JOURNAL
August 7--When most computer users worry about privacy in the digital
age, they wonder who's reading their e-mail or watching where they go
online. But inside the U.S. government, security officials have a much
greater fear: Is someone with the right surveillance equipment tuning in
to what is on their computer monitors from a nearby office, or a floor
below or even across the street?
IT CAN BE DONE THROUGH THIN AIR --no phone lines needed. Everyone's
video-display terminal emits unique radio-frequency waves that can be
isolated and captured with a "directional"antenna focused on a
particular computer or room. Those signals can then be amplified with
fairly inexpensive equipment and reconstructed to show precisely what is
on your screen.
Letter by letter, a sales proposal, an R&D report or a note to a lawyer
can be captured from as far away as several hundred yards.
Aside from scientists' demonstrations and one televised stunt in England
in the 1980s, instances of this kind of computer surveillance haven't
come to light.
SEEKING SPIES
But U.S. military and intelligence agencies have been concerned
since at least the 1980s, and maybe earlier, about what they call in
official documents "compromising emanations" from computers. The
Department of Defense operates a classified program known as Tempest,
under which it is designing and acquiring technology to defend against
computer-screen surveillance, according to defense contractors and
ex-military officials. The government is looking for protective
materials and anti-surveillance monitoring tools that can keep foreign
spies from collecting stray signals from computers in defense labs or
U.S. embassies.
A cottage industry of mostly small companies has quietly emerged to
market such protective equipment. The main buyers are U.S. agencies and
government-approved contractors. The official specifications for such
equipment are classified.
But people involved in this shadowy trade say that it is possible that
nonapproved corporations also are acquiring the technology ・or making
it for themselves, as the ingredients and designs aren't particularly
esoteric. And while suppliers all say they sell only defensive
equipment, some of them concede that their products could easily be
adjusted to do offensive surveillance.
NSA ENDORSEMENTS
Some large companies are also jumping into this cloak-and-dagger market.
On its Web site, Siemens AG, the German engineering and
electronics
giant, advertises several "emission-proof PCs," including its Tempest
Deskbook and Tempest PC-DZ0.
The secretive National Security Agency, the government's main
communications-intelligence organization, has listed 18 companies on its
Web site, including Motorola Inc., whose computer-protection equipment
or testing services meet government standards. An NSA spokeswoman,
however, refuses in a telephone interview to answer questions on the
subject, saying the only information available is on the bare-bones Web
page.
While it shops for computer-protection devices, the military is
trying to make sure that other potential buyers are thwarted. Codex Data
Systems Inc. has marketed over the Internet a scanner with which you can
check whether a VDT, once shielded, is still leaking radio waves strong
enough for snoops to pick up. The Army has begun buying the $20,000
units, according to the company. But Codex also says that it has agreed
to a Pentagon request that it halt sales to anyone else.
Fearing the dissemination of this kind of equipment, the U.S.
government has banned its sale abroad without a license. Last summer,
the Federal Bureau of Investigation arrested a man in Virginia, who has
since been sentenced to prison for trying to export a computer-monitor
surveillance system.
LEGAL UNCERTAINTIES
The legality of spying on someone's VDT from afar is far from
clear. States have anti-eavesdropping laws that may apply but which vary
widely, from highly permissive to very restrictive.
Federal criminal law specifically bars intercepting and disclosing "any
wire, oral or electronic communication." That rules out using a radio
receiver to eavesdrop on someone's cell-phone call. But the federal law
doesn't contemplate computer surveillance through the air and may not
bar it, legal scholars say. Courts haven't yet had a chance to examine
the question.
"Typing to yourself is not a 'communication,' which requires two
parties, "says Michael Froomkin, a University of Miami law professor who
studies privacy and computers. "It's a real open question."
Some engineers and security experts say the threat of
computer-screen spying has been overblown. They argue that there has
been an explosion of devices, from PCs to cell phones, all emitting
oceans of radio-frequency waves, which makes it harder to pinpoint the
relatively weak radio waves from a single computer.
While technically feasible, the whole exercise of retrieving
signals covertly, from vans parked outside offices, or otherwise, could
be costly and difficult, these skeptics add. It would be simpler in the
corporate context, for example, to bribe a janitor or a disloyal
employee to infiltrate the company and nab coveted data, according to
this view.
Capturing the contents o
f a computer screen is a surprisingly
rudimentary process. Wim van Eck, a Dutch research scientist, laid out
the specifics as far back as 1985, in an article in Computers &
Security, a technical journal. One of his conclusions: "If no preventive
measures are taken, eavesdropping on a video-display unit is possible at
several hundreds of meters distance, using only a normal black-and-white
TV receiver, a directional antenna and an antenna amplifier."
In a computer, some of the most powerful radiation emanates from
the monitor, a cathode-ray tube in which electron guns fire streams of
electrons more than 60 times a second to produce the images displayed.
That bombardment produces wave frequencies, some of which overlap with
the familiar VHF and UHF television bands.
In short, the invisible, information-bearing radio waves from a
monitor are remarkably similar to a broadcast TV signal. A spy's scanner
need only tune in the waves and process them line by line to replicate
the image on the original screen.
Mr. van Eck did a little high-tech grandstanding 15 years ago,
bringing along a crew from British Broadcasting Corp. to film him as he
used an antenna-equipped van to snoop on computers inside buildings in
London. The BBC featured the caper on a show called "Tomorrow's World,"
but Mr. van Eck didn't reveal any of the information he had viewed.
At the time, his demonstration was seen as an oddity. Desktop
computers weren't yet fixtures in most offices or homes, processing
everything from personal bank records to corporate secrets.
TEMPEST EXPANDS
Concern was growing in the U.S. military, though, which stepped
up its Tempest program in the mid-1980s, according to defense
contractors and ex-military people. The Pentagon took steps such as
building "secure compartmentalized information facilities," or SCIFs:
whole rooms wrapped in screening made of copper and other metals.
Elsewhere, individual military computers and monitors were similarly
sheathed. The term Tempest is believed to be an abbreviation for
"transient electromagnetic pulse standard." The "tandard" refers to the
level at which the military estimates computers can safely "leak" radio
waves and remain undetectable to snooping antennas.
Lately, private companies are cropping up to sell the government things
such as portable tents, which shield computer equipment and can be
quickly pitched and dismantled. BEMA Inc., based in Manassas, Va., sold
more than 25 of the tents last year, mostly to the State Department and
defense agencies, says president Robert E. Thomas, a former Army
computer specialist. The tents, which run $30,000 each and up, are made
of highly conductive fabric, plated with copper and nickel. This
material diminishes the strength of unintended computer emissions.
Mr. Thomas says he
expects to sell even more tents this year, including
a fresh order for 10 from the State Department's Bureau of Diplomatic
Security. A spokesman for the bureau, which protects U.S. embassies
world-wide, confirms that it ordered BEMA tents but will say only that
information about their use is classified.
Air Force Maj. Joe Wassel, Defense Secretary William Cohen's military
assistant for communications, confirms that the Pentagon has "purchased
BEMA products" but won't comment further.
The Army signed a contract with Codex Data Systems 18 months ago
to acquire "under a dozen"of the Nanuet, N.Y., company's DataScan
Tempest Monitoring Systems, says Codex's Mr. Jones. The system, which
alerts users to potentially compromising signals from VDTs, employs a
receiver that resembles a ham radio and an electronic box the size of a
cigarette carton, called a convertor, which reconstructs signals. It
also includes a four-foot arrow-shaped aerial of the sort used by
amateur radio operators.
Mr. Jones says that this hardware is intended to be used
defensively. But "it could also be used offensively," meaning to spy on
other people's computers, he adds.
The Army, Mr. Jones says, told him it wanted to test his system at the
White Sands Missile Range in New Mexico. Strikingly, the Army also asked
him not to sell the equipment to anyone else, until it completes its
testing, he adds. Mr. Jones says he agreed, in hopes that the Army will
become a steady customer.
Officials at the White Sands range refer inquires about the
DataScan system to Maj. William Bigelow, an Army spokesman at the
Pentagon, who declines to comment.
In the meantime, Codex still has information about the DataScan
system on an old Web site. Mr. Jones says the site has drawn inquiries
from security directors at large U.S. corporations, which he declines to
name, and from companies in China. Mr. Jones says he ignores all of
these inquiries.
LITTLE CORPORATE KNOWLEDGE
Mr. Jones's account of corporate curiosity notwithstanding,
relatively few U.S. companies outside of defense-contractor circles
appear to know much about the threat of computer-monitor surveillance or
the government's Tempest program.
Louis Gnecco, president of Tempest Inc., in Herndon, Va., which
supplies government agencies with equipment to test shielding, as well
as testing services, says that over the years, corporate-security
directors have occasionally contacted him about his wares. "They say,
'If you think my computer can be read from across the street, then show
me.' And I have to say, 'That's a classified demonstration.' "
U.S. law enforcement is on the prowl for people who try to evade
criminal restrictions on shipping equipment overseas that could be used
for either computer surveillance or protection aga
inst it. Such
equipment is specifically mentioned in a 1992 federal regulation that
lists export restrictions on U.S. weaponry, including ballistic
missiles, tanks and howitzers.
AN FBI STING
In what is apparently the first case of its kind, the FBI in July
of last year arrested Shalom Shaphyr, an Israeli citizen who was in the
U.S. under a business visa, for attempting to export a monitoring system
that could be used to spy on computers.
Advertisement
Quick Gifts Swimwear Books Music & Video Computing Electronics Toys &
Games More . . .
An informant told the FBI that Mr. Shaphyr was in Virginia, hunting for
the equipment on behalf of the Vietnamese government, according to an
FBI affidavit filed in the U.S. district court in Alexandria, Va.
With that tip, the FBI and U.S. Customs Service launched a sting
operation. After meeting with an undercover FBI agent posing as a
surveillance-equipment salesman, Mr. Shaphyr agreed to pay $30,000 for
"computer-intercept equipment," according to the FBI affidavit. He
completed shipping papers, dishonestly labeling the gear as
"video-reception test equipment," with a value of about $1,500, the
affidavit said.
After pleading guilty to attempting to export defense equipment
without a license, the 54-year-old Mr. Shaphyr was sentenced to 15
months in federal prison in January. According to the affidavit, he told
the undercover agent that the monitoring equipment "would be used in an
urban environment to view computer screens in buildings and offices
without the knowledge or consent of the computer users."
Copyright (C) 2000 Dow Jones & Company, Inc.
All Rights Reserved.
------------------------------------------------
題名には必ず「阿修羅さんへ」と記述してください。