Stefan Krempl, Michael Schmidt, Jürgen Kuri

Pricked Ears

Bugging operations on data lines and computers are a profitable business

'Telekom - die machen das' (Telekom - they do it) has been on TV screens all over Germany. But it's not only German Telekom who do it - in many cases, there are more parties involved in data transmission. Uninvited guests hope for confidential and economically exploitable information when listening in on data lines and computer systems.

In the business world, industrial espionage has always been a part of everyday life. And the modern means of communication as well as the booming Internet have also made individual users the targets of snoopers. Although a home user's AOL password or home banking data will be of little interest to industrial spies, simply accessing a company network via Telekom from home can enable competitors to start snooping around. And in industrial espionage, whatever seems imaginable will also be put into practice. What many people may consider to be far-fetched conspiration theories is unfortunately very real in this area.

The more important research and development become for a company in a 'knowledge-based' economy, the more will the value of ideas and lab results increase in its competitors' eyes. The increasing importance of know-how correlates with the increasing use of computer technology in industry: Monitors and computers can be found in any office and are interconnected, telephones and fax machines incorporate chips and are controlled through software like all other communications devices.

More electronic company devices mean better possibilities for increasingly inconspicuous bugging operations as business technology is bound to have its weaknesses somewhere.

There are no exact figures describing the unlawful distortion of competition. 'Industrial espionage is a very dark area', says Michael Dickopf, media spokesman for the German Bundesamt fŸr Sicherheit in der Informationstechnik (federal office for the security in information technology, BSI). Every now and again, we find reports with examples of the damage snoopers do in the media. In 1986, for example, the German Bundesamt fŸr Verfassungsschutz (federal office responsible for defending the constitution) is said to have already estimated annual losses of up to DM 20 billion for the German economy (Manfred Fink, Lauschziel Wirtschaft, Abhšrgefahren und -techniken, Vorbeugen und Abwehr, Stuttgart 1996, http://www.fink-consulting.de/lausch.htm). The American Society for Industrial Security's (ASIS) investigation for the U.S. even resulted in a damage of about US$ 515 billions for the year 1996.

Twilight Zone

Everyone who thinks monitors can't be bugged, is in error: even normal text on the screen produces a strong enough signal for the receiver. Only special protection mechanisms can render the signal unusable. (Click on thumbnails for enlarged views)

This is partially due to the fact that many cases of snooping never come to light. Bugging operations through technology leave no or few traces, radio signal bugs are as much a thing of the past as sleuth's hats. 'Most companies don't even realize they have a problem', says Ingo Ruhman, board member of the forum InformatikerInnen fŸr Frieden und gesellschaftliche Verantwortung (computer scientists for peace and social responsibility, FIfF). 'Many people still think factory security involves keyrings and night watches.' Often, company representatives only become suspicious at the negotiating table, asking themselves where the competitor got all the information about their own position from.

However, even if a case of espionage is proved, most companies don't report it. They fear for their image - becoming the victim of a bugging operation is more than just embarrassing. In the worst case, it means that customer and business partners' data haven't been protected properly either and that something is amiss in the business operation routines.

Weighed Up in Gold

If the data salad is still too large for presentation, it can very wage-efficiently be searched for keywords from dictionaries configured randomly and quickly. Then, human analysts only have to eliminate ambiguities - 'snow' is just as popular with skiers as it is with drug dealers. If all goes well, the competitor could end up not only with sensitive price information and calculations, but also with information about new developments, buying conditions, marketing strategies or the business strategies in general.

Even when the signal from the monitor is to weak for bugging, trojan horses can be manipulating the graphics card. This way, a normal picture could be displayed - meanwhile the program can transfer informations to the reciever. (Click on thumbnails for enlarged views)

Lucrative targets can be found in all sectors, and - against wideheld beliefs - the size of the business is hardly important. 'Many businesses have been affected across the economy, from the builder whose quotes were constantly undercut by a few DMs to the big multis missing out on government deals they nearly had in their pockets', reports Coburg security expert Manfred Fink. 'You can find interesting data even in small engineering offices, high-tech businesses or retailer's customer lists', says Franz BŸllingen of the Wissenschaftliches Institut fŸr Kommunikationsdienste (Scientific Institute for Communication Services).

Yet especially small and medium size companies still consider data loss caused by a disk crash a greater problem than the bugging and manipulation risk. For financial reasons, security measures are only taken after a proved financial loss. Quite a few people worry more about the safety of their bank accounts than about the infomation sent through data lines - although a bank robbery does not affect the balance of the account whereas the tapping of economically relevant data can very well create an overdraft in the long run.

By His Majesty's Appointment

However, it was not GEC-Alsthom itself who got involved in industrial espionage but the French foreign service Direction Générale des Sécurité (DGSE). The 'scout' is said to have tapped the Munich office's telephone and fax lines and passed on the results.

But the DGSE is not the only body occupying about 3500 employees with selective industrial espionage at an annual budget of DM 300 million. According to a second case brought to light last year following reports by the political magazine Plusminus, the American National Security Agency (NSA) - the super tanker among secret services - also gave a helping hand to its fellow citizens. The U.S. company Kennentech was therefore able to claim that the East Friesian Enercon GmbH had propagated their wind power-generating invention with ideas allegedly stolen in the States and could take the Germans to patent court as well as get their products provisionally banned in th U.S. To its own surprise, Enercon had to find that the U. S. competitor had failed to erase the German company's logo on some of the patent papers presented individually. This made it possible to identify the documents as confidential, internal information - which obviously couldn't bother anybody in the U. S.

Rented data lines are often like 'virtual cables', especially when larger distances need to be covered by radio links or satellite transfers. (Click on thumbnail for enlarged view)

Generally, industrial espionage has become the main right to exist for secret services since the the end of the Cold War. Industrial espionage in these circles has 'risen dramatically' between 1990 and 1995, according to Heribert Hellenbroich, the former head of the German secret service, Bundesnachrichtendienst (BND). The fronts in the battle for information superiority are going across former alliances: 'Friend or foe, first of all you are a competitor' (JŸrgen Nitz (Hg.), Lauschangriff, Berlin, 1995).

Only the English-speaking nations seem to be in harmony still as the secret services of the U. S., Canada, Australia and New Zealand jointly operate the enormous bugging system ECHELON [1], which scans telephone conversations, faxes and e-mails worldwide. According to the report on bugging methods issued by the EU consulting committee STOA www.heise.de/tp/deutsch/inhalt/te/1393/anchor1.html, it is clearly 'predominantly civil targets' - companies, organizations and public authorities - which this spying network is aimed at.

Of Bugs and Waves

Passive bugs, for example, can do entirely without their own power supplies since the metal cylinders which are equipped with a membrane and an aerial are activated by the microwave energy coming from a nearby transmitter. The KGB in particular brought this method to perfection, hiding these inconspicuous devices in two-edged gifts for the opponents' embassies. Today, high-tech bugs can even be fitted with tiny lenses and transmit video data.

A large number of ISDN systems is also a source of joy for snoopers, making the use of hardware unnecessary. In addition to remote administration access, the D channel also offers access to these systems as, for example, the hands-free option can be activated through a 'direct address' feature, enabling the snooper to pick up conversations in a room (see report on page 186).

A radio link allows for data to be transmitted via radio between two selected terminal bases. It is normally assumed that only the two bases receive the data transmitted. (Click on thumbnail for enlarged view)

For bugging computer communication, the easiest way is through the Net. Here, spies can apply the most varied hacker methods, take advantage of the widely known weak spots of the Internet protocol or put firewalls to the test. People sending unencrypted messages through the net make it especially easy for data thieves.

It gets more difficult when cryptography is involved or systems are operated as stand alones. But the secret agents have a solution to these problems, too. After all, monitor radiation and the electromagnetic pulses of nearly all cables connecting a computer with its peripherals like keyboard or mouse can be captured and analysed using an aerial, a frequency scanner or spectrum analyser and a recording device.

If a spy tunes into the scattering range which exists in any radio link, he can decode the transmitted data with suitable equipment. The scattering range of a data radio link should be fairly similar to what occurs in radio links for TV transmission. (Click on thumbnail for enlarged view)

'Any electronically operated device emits pulses', Dickopf states as the basis of compromising emissions. The principle of compromising radiation has been known to secret service members since the 1960s, when the British Government Communication Headquarter (GCHQ) used this method to analyse the encryption code of the French Embassy in London [2]. In sensitive areas like the armed forces or the arms industry, it is therefore one of the tasks of authorities like the BSI to protect confidential matters from being exposed through radiation (www.bsi.de/literat/faltbl/012_blab.htm).

Compromised

Until a few years ago, a cheap, off-the-shelf black and white TV set with a few minor manipulations (enlarged horizontal and vertical synchronization ranges) could capture and display the image on a PC monitor a few meters away [2]. The simplicity of the procedure is absolutely amazing. Although the color information is lost and the text is more blurred than on the original screen, it is still possible to read the information. Using more sophisticated material will, of course, result in better recognition and a wider range (a few hundred meters is well within the possibilities).

Of course, monitor development has not stagnated either. Low radiation (in accordance with MPR-2, for example) is a basic requirement for modern monitors. Should you, however, think that this will cause the useful signal to be considerably fainter, too, you are mistaken. It is only the (strong) horizontal and vertical synchronization pulses which are considered a health hazard, not the useful signal which has a considerably higher frequency. However, modern monitors usually have a horizontal deflection frequency between 70 and 100 KHz. Although this prevents the data from being captured with simple equipment, it is still possible to bug with more sophisticated equipment [2].

Assets

If an attacker manages to introduce harmful software (trojan horses) into the respective PCs, the video adaptor can be controlled to make the unsupervised monitor display simple, alternating black and white patterns which vary with the data to be transmitted. These patterns may be captured and demodulated by a potential receiver over long distances. It is even possible to display a non-compromising image which covers up the amplified signal sent to the spy.

Optimizing bandwidth in a data line involves multiplexing techniques which stuff several data streams into one line. The individual components can still be decoded fairly easily when time multiplexing is used. (Click on thumbnail for enlarged view)

Shortly after the first successful bugging attempts codenamed Tempest (Temporary Emanation and Spurious Transmission), American government specialists already started developing measures against the devices' indiscretion by wrapping selected computers, rooms or whole buildings in shielding metal sheets. 'However, these expensive protection measures have become somewhat obsolete due to the increased use of PCs and Laptops in public offices', says Ruhmann of the FIfF.

Even greater is the carelessness in the free economy where many entrepreneurs still choose to ignore the possibilities for espionage which even include decoding PINs and passwords with access codes for encoded data or bank accounts when they are entered with a keyboard. According to the Berlin security advisor Hans-Georg Wolf (see interview on page 182), even encrypted faxes are no obstacle for data collectors. After all, the data is first digitized with a scanner and then a printer spits it out at the other end of the line. These procedures are buggable, too.

As the use of Tempest computers, which always lag behind new market developments by a few years, will hardly see a breakthrough in corporate offices in the near future and not every secretary will be convinced into sending faxes from a protective tent serving as a Faraday cage (http://jya.com/bema-se.htm), there will remain plenty of backdoor possibilities for ears spying on behalf of governments and competition.

Wire Salad

For a highly secure environment it is, therefore, necessary to test the entire installation architecture. Optical fiber cables are normally resistant against compromising radiation. However, if a physical contact between a light-sensitive element (for example a photo diode) and a bent optical fiber cable is established (for example by removing the insulating coating), this signal can be scanned and demodulated just the same.

On top of this, a combination of the two emission varieties - monitor signals and crosstalking lines - is even worse. Even if the most complex encryption is applied to protect the data processed on a PC against possible attacks during their transmission elsewhere it cannot be guaranteed that the monitor signal doesn't radiate onto the network cable. Which would offer the unencrypted signal to a potential attacker on a silver plate. Modern encryption techniques at least eliminate the possibility to decode the key this way. But even hardware encryption devices have been found to radiate plain text signals.

Whole Wide World

However, these lines are often virtual. The actual way in which the data is transmitted is unknown to the user. As soon as the distance to be covered exceeds a few hundred kilometers, it is highly likely that a radio link will be used instead of a cable. If the distance is more than a thousand kilometers or if even an ocean must be crossed, carriers often use satellite communication if the transmission delay (normally less than 0.5 seconds) is acceptable. The more technically heterogeneous a transmission is, the more varied are the bugging possibilities. However, the cost involved in bugging rises (in a more or less linear way) with the capacity of the transmission line.

Bugging frequency multiplexed data transmissions requires more effort than bugging time multiplexed ones. (Click on thumbnail for enlarged view)

If you are within the scattering range of a radio link, a relatively simple receiver will be enough to tune in to the signal. Unfortunately, there is little or no information on the technicalities of capturing signals from Telekom radio and satellite links. The signal intensity of radio links, however, is comparable to TV radio links. If you are within their scattering range, it is often possible to capture the more or less distorted useful signal with a normal TV set.

However, decoding telephone conversations or data transmissions captured from radio links is normally more difficult since a multiplexing technique is used for bandwidth optimization (see charts on page 180) - the added complexity, however, does not pose a major problem for bugging specialists. Only in very rare cases will the data be encrypted the proper way (see report on page 190 and [4]).

High-Tech

The new quality of this approach lies in having a voice or keyword recognition computer to preselect the recorded material and reducing it to manageable quantities. A British Telecom employee is even said to have officially admitted to the physical connection between their high performance glass fibre cables and the British branch of the ECHELON bugging network [5, 6].

However, the EU isn't sleeping, either. The keyword 'EU-FBI' stands for the attempt to establish a similarly efficient system which has its origins in the not yet publicised 'third pillar' of the Maastricht Treaty [6]. Unfortunately, it doesn't clearly define possible U. S. influence and the degree to which the system will be linked up with ECHELON (see www.heise.de/tp/deutsch/inhalt/te/1393/anchor1.html).

The developments in the field of digital data transmission protocols have a massive impact on the technical effort needed for bugging a specific protocol. For simple things like dialling into a mailbox from a computer, protocols like XModem are used. Bugging the telephone line only requires a galvanic (or electromagnetic, capacitive) data recorder. Demodulating the result to obtain a pure binary signal is fairly trivial as is decoding the protocol used, the main job of which is to remove flow control information.

However, this is only the case if the signal can be captured directly when transmitted from the final link to the modem. If a line between two links is tapped, the signal also involves time and frequency multiplexing techniques as well as (increasingly) digital multiplexing techniques. The larger amount of data comes with increased need for demultiplexing.

In the last few years, TCP/IP has become the universal language in the WAN sector. Via PPP, IP can be transported through telephone lines without any problems. However, TCP/IP is a packet-oriented protocol; this means the data to be transmitted to the receiver is split up into packets. To spread the load across the available transmission lines, IP packets may take different routes to get to the receiver. This will, of course, add to the complexity of reconstructing the data, especially given the fact that the packets need to be reassembled in the correct order. If an attacker is not positioned directly at the transmitting or at the receiving end, he risks either a loss of data or his bugging device must cover all potential routes.

Things have become even more complicated with the introduction of switching technologies (for example ATM switching). With ATM switching, data packets are distributed into so-called cells of identical size irrespective of their protocol (e. g. voice communication, IP) before they are transmitted on a constant route. Unlike with TCP/IP, however, these packets no longer contain explicit sender and recipient information. Instead, they contain routing information which can only be matched with a sender or recipient when coordinated with data included in the switches themselves. Fishing the chopped up IP packets out of the ATM data stream and putting them back together involves an enormous amount of effort - but it's possible, and it's being done. (Find a detailed overview of the problems encountered especially with the methods used in the U. S. in [7]).

Privacy

One of the essential criteria when choosing VPN techniques or other encryption methods for protecting confidential data during transmission are the authentication and encryption algorithms used. Special attention should also be given to the respective key lengths. They are not only subject to technical but also to political criteria.

With the help of key escrowing, government authorities want to be able to control even encrypted data transmissions. Using a special key, secret services or other official bodies can decode the data. Ideally, this does not affect normal encoding. (Click on thumbnail for enlarged view)

In general, a key length of 1024 bits will provide sufficient security for the common asymmetrical authentication methods (SKIP, RSA, Diffie-Hellman, DSS). Of late, methods based on so-called elliptical curves have also become more and more interesting. They offer the advantage of being able to authenticate (i. e. sign) without encrypting. Their key length required for secure authentication is smaller (by about 20 percent) than with asymmetrical encryption techniques (for example RSA).

For symmetrical data encryption techniques (IDEA, Triple-DES, Blowfish etc.), a key length of 128 bits is sufficient (112 bits with Triple-DES) if the algorithm is strong enough, like with IDEA. In general it is advisable only to rely on encryption and authentication techniques which have been published and discussed in detail in the respective media (a good reference can be found at [8]).

Distrust

Key escrowing involves providing the French controlling body SCSSI with the suitable key used for encrypting the data. Usually, the encryption key used will be encrypted asymmetrically with the SCSSI's public key and will subsequently be sent together with the actual data. This way, only the SCSSI can decode the data key with their own private key and can then listen in on any data transmission.

In the U. S., encryption products using any desired key length are allowed. However, only products using crippled keys can be exported. Until a short time ago, this meant: Only asymmetrical algorithms with a key length of up to 512 bits and symmetrical algorithms with a key length of up to 40 bits are suitable for export. Now, DES with a key length of 56 bits is allowable, too. The U.S. government frequently grants special permissions for U.S. companies with foreign subsidiaries (especially banks and insurance companies) to use U.S. products with 128-bit data encryption.

In this context it is advisable to proceed with caution once U.S. encryption products using strong encryption techniques become available on the free market outside the U. S. In most cases, they use key escrowing. A legal way out taken by several U.S. manufacturers is to add the encryption modules developed outside the U.S. to the product after it has left the U.S.

Generally, it appears that the U.S. government only consents to exporting algorithms it can break itself without too much effort. The reasoning behind the recent authorization of 56-bit DES is, therefore, quite obvious - it seems that the NSA feel capable of decoding data encrypted that way without much hassle. However, the EU governments (which includes the German Bundesregierung) are not without fail, either. There is no end to the discussion on cryptographic limitations and key escrowing. Only a short while ago, the so-called Wassenaar Arrangement [10] provided agreements on controlling the export of encryption products.

False Security

Of course, nobody goes through all these motions for bugging a user's privat Internet connection. But no business can avoid becoming the target of industrial spies. Technical props like encryption, shielding against compromising radiation etc. help - but they don't come cheaply. Even bug-proofing an ISDN system will quickly gobble up six-figure DM sums, encryption hardware fast enough for high-speed networks may cost several DM 10,000 (see reports on page 186 and 190).

And those who think they've done it all can't be safe, either. For if technology fails, there is always the human factor: According to the bugging experts, the best results can still be achieved with a charming nature and some private knowledge of a target person. Often, the material for blackmail can already be found by searching the Net with one of the common web or Usenet search engines: Whoever thinks about the fact that all the data might be stored when surfing, shopping or communicating through the Internet? (jk)

Bibliography
[1] Ingo Ruhmann, Christiane Schulzki-Haddouti, Abhšr-Dschungel, c't 5/98, S. 82
[2] Markus Kuhn, In die Röhre geguckt, c't 24/98, S. 90
[3] The Threat of Information Theft by Reception of Electromagnetic Radiation from RS-232 Cables, Peter Smulders, Eindhoven University of Technology, Department of Electrical Engineering, Eindhoven, The Netherlands, 1990, jya.com/rs232.pdf
[4] Michael Schmidt, Unter Ausschluß der Öffentlichkeit, Virtual Private Networks - vertraulicher Datenaustausch über das Internet, c't 8/98, S. 226
[5] Menwith hill station, BT condemned for listing cables to US sigint station, www.gn.apc.org/duncan/menwith.htm
[6] ECHELON: America's Secret Global Surveillance Network, Patrick S. Poole, Deputy Director, Center for Technology Policy Free Congress Research and Education Foundation, www.freecongress.org/ctp/echelon.html
[7] Electronic Surveillance in a Digital Age, OTA-BP-ITC-149, GPO stock #052-003-01418-1, www.wws.princeton.edu/~ota/disk1/1995/9513.html
[8] Bruce Schneier, Applied Cryptography, Second Edition, John Wiley & Sons, New York 1996
[9] Bert-Jaap Koops, Crypto Law Survey, cwis.kub.nl/~frw/people/koops/lawsurvy.htm
[10] Wassenaar Arrangement, List of Dual Use Goods and Technologies and Munitions List, WA LIST (98) 1, 03-12-98, http://www.wassenaar.org/

Translation by Eva Wolfram