Prepare for screen warfare

 

When I was a child I liked to blow bubbles, perhaps because it gave me a strange sense of freedom. I couldn't fly, but bubbles could, and a little piece of me was in those bubbles. Now it is no longer a childish notion. Little pieces of me are flying around the globe, except this time, I have played no part in the process, and it is happening without my consent.

I, along with my fellow human beings, form the bulk matter of networks whose existence we are unaware of, owned by people we do not know and used in ways we can only imagine. While the information is tangible, its conduit, "cyberspace", is ethereal.

Ironically, as Margaret Wertheim, author of The Pearly Gates of Cyberspace points out, while cyberspace is a technological by-product of physics, it is not subject to or bound by the laws of physics. When one enters cyberspace to surf the Web, the laws of Newton and Einstein are left behind. So too, are many of the civil laws of decency, honesty, privacy and fair play.

Private citizens, individual nations, continents and the entire globe; we are all warriors in the information war. Reluctant warriors, and mostly oblivious of the fact that we are fighting at all. We became so unintentionally the day we allowed information about ourselves and our children to be stored in electronic format on the ubiquitous "database"- an unmitigated Domesday Book, an organised, flexible, inter-connectable depository for the entire contents of the world.

Of course, Information Warfare has always been with us, but the information was never so copious and accessible and the warfare never so immediate and effective.

As computer technology continues along the road of complexity and sophistication so too do the tools of code breaking, system infiltration, information theft and destruction. The perpetrators of these well-documented misdeeds are not all solo operators on an ego trip. Many are on the payroll of legitimate organisations, while others ply their trade for more dubious masters. Notwithstanding, even some of the legitimate organisations may be employing the tools of Information Warfare for unfair military, economic or industrial advantage, which somewhat clouds the issue, making the boundaries as nebulous as cyberspace itself. Consider two incidents that occurred this August. In the first, hackers broke into a Web server for the Safeway supermarket chain, downloaded e-mail addresses for thousands of customers and sent them a bogus announcement of a price hike.

In the second, two Kazakhstani residents were arrested in London and charged with infiltrating Bloomberg LP's computer system in Manhattan in an attempt to extort money from the financial news company's founder Michael Bloomberg. While these may be viewed as the softer side of Information Warfare, the fact is that they happened very recently, and the preventative technology was not effective enough.

Even when the preventative technology is in place, there are so many ways to circumvent it on the Web that some protected sites, or indeed surveillance attempts, are as incongruous as a well-manicured flowerbed in the middle of a weed garden. This situation can work equally well for the forces of destruction as for the forces of virtue.

Dorothy Denning, the doyen of computer security, cites some examples in her paper, Activism, Hactivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy. In 1996 the Afghan headquarters of terrorist financier Osama Bin Laden was furnished with computers and communications equipment, on which a network was established that utilised the Web, e-mail and electronic bulletin boards. Hamas activists then proceeded to use chat rooms and e-mail to plan operations and co-ordinate activities, thus bypassing the ability of Israeli security officials to intercept and decode their messages.

On the virtuous side, human rights workers are increasingly using the Internet to organise action against repressive governments, encryption playing a vital role for obvious reasons. Guatemalan activists, for example, have credited their use of the Pretty Good Privacy program with saving the lives of witnesses to military abuses - a good reason for many governments to outlaw the use of encryption perhaps - although Echelon, the international communications surveillance system hosted by the US, UK, Canada, Australia, New Zealand and now interestingly, Ireland will trap more and more of the above type of communiques.

Shunning all network and Internet connections, while making you less vulnerable at one level, will not protect you if somebody is determined to see the contents of your computer. Unless you are working in a windowless, copper-lined cavern, surveillance equipment can tune in to what is on your monitor from a nearby office in the same building, or even from across a street. Without delving too deeply into the technology, it can literally be done through the air with no phone lines. All computer screens emit unique radio-frequency waves that can be isolated and captured with a "directional" antenna focused on a particular computer or room.

Those signals can then be amplified and reconstructed to show precisely what is on your screen. The following incident was reported in the Wall Street Journal in July. Briefly, the FBI arrested Shalom Shaphyr, an Israeli citizen who was in the US under a business visa, for attempting to export a monitoring system that could be used to spy on computers. Tipped off that he was hunting for the equipment on behalf of the Vietnamese government, the FBI and US Customs Service launched a successful sting operation.

Pleading guilty to attempting to export defence equipment without a license, Mr Shaphyr said that the monitoring equipment "would be used in an urban environment to view computer screens in buildings and offices without the knowledge or consent of the computer users".

It would be true to say that US military and intelligence agencies have been concerned for at least 20 years, about "compromising emanations" from computer screens. Operating a classified program known as Tempest, the US Department of Defence is apparently designing and acquiring technology to defend against computer-screen surveillance, looking for protective materials and anti-surveillance monitoring tools that can prevent foreign spies from collecting stray signals from computers in defence laboratories or US embassies.

According to the Wall Street Journal report, a cottage industry has quietly emerged to market such protective equipment, the main buyers being US agencies and government-approved contractors, although this is changing with large companies like Siemens AG, Motorola and Codex Data Systems entering the market.

While Siemens offer several "emission-proof" PCs, Codex Data Systems did market a scanner on the Internet, which checks whether a screen, once shielded, is still leaking radio waves strong enough to be detected. According to Codex, the US army is buying the $20,000 units, and they have agreed to a Pentagon request to halt sales to anyone else.

While official specifications for surveillance equipment are classified, people involved in the trade say that it is possible non-approved corporations also are acquiring the technology - or making it for themselves, as the ingredients and designs are not especially cryptic. The most worrying aspect of this situation is that while suppliers say they sell only defensive equipment, conversely, such equipment could be adjusted to do offensive surveillance with little effort.

The gallery of surveillance rogues is ominous, as listed by Duncan Campbell in an Infowar.com article entitled The Spy in Your Server. The new FBI Internet tapping system code-named Carnivore runs a packet sniffer program to select the data it wants from inside the ISP local network, while their Digital Storm and Casa de Web programmes will leave no one or zero, audio or data, untouched.

The Regulation of Investigatory Powers Act in Britain, which has extended telephone-tapping powers to cover Internet service providers and enables the government to arrange indiscriminate tapping or e-mail interception for foreign police forces and security agencies is only the start in that country. By the end of this year, the Government Technical Assistance Centre will have begun operations from MI5 headquarters, breaking codes used for private email or for protecting files on personal computers.

The Dutch security service collects e-mails sent abroad by companies, while laws are being prepared to allow their Justice Ministry to tap into e-mail and subscriber records, scan messages and mobile phone calls and track users' movements. Australia also deserves a mention for passing laws allowing security agents to secretly attack and modify computers to obtain information.

It only takes a whirlwind tour of official surveillance operations around the world to make one feel that the lowliest and most innocuous computer user is not merely a foot soldier in the field of Information Warfare, but fair game for anyone, approved or otherwise, with the right equipment and a mission to accomplish. While you can sign up to services that retain your anonymity and prevent unwarranted data collection, their days can only be numbered, as counteractive software cannot be far behind.

If it's sensitive don't e-mail it, lick a stamp and post it!

Berni Dwan is a freelance technology writer