If information technology users, from personal computer operators upwards, were aware that practically all of the data they process, whether on screen, over a network or on a printer, can be easily accessed by anybody using components on sale from many electrical retail stores, would their attitude towards the role that information technology plays in their organisation change? This would, of course, depend on the nature of the information at risk – but the point is that supposedly private information can be accessed by outsiders as easily as this, and, according to Dave Perras, senior consultant at Commslogic Ltd, the majority of information technology users still cling on to the irrational and dangerous belief that computers and associated data processing peripherals are somehow in the private domain, and are therefore as safe from intrusion as a whispered conversation.
Dismay
Perras, who was speaking at a briefing session as part of the Department of Trade’s three year IT Security Awareness campaign co-ordinated by the National Computing Centre, explained that every electronic processing device emits its own unmistakable electromagnetic signal that can be detected and interpreted by any unauthorised person using simple receiving equipment, usually within a hundred yards or so, but in certain conditions over more a mile. Some years ago, the Dutch scientist Dr Van Eck amused himself at an exhibition by taking his receiving equipment and a display screen down the aisle where various suppliers of computer security devices were exhibiting: to the understandable dismay of the exhibitors, the result was that as he passed from stand to stand, their security software demonstration programs appeared one by one on his screen regardless of whether data encryption was used or not. Since then, a few of the organisations most at risk – most notably NATO and some large financial institutions – have taken steps to prevent such detection, known as passive electromagnetic eavesdropping. NATO has developed a set of specifications called Tempest, which effectively makes this form of eavesdropping impossible by restricting the extent of electromagnetic emanance down to as little as 2mm; all NATO equipment must conform to these specifications, but the cost of producing equipment to meet the Tempest requirements is too large at the moment for any significant impact in the civilian sphere. One financial institution was sufficiently moved to consider constructing a vast aluminium shell over its entire premises, but was finally advised simply to reconsider the way it used information technology in the first place. –
By Mark John
The other problem is that passive electromagnetic eavesdropping is not illegal – simply because it uses airwaves that are necessarily in the public domain, and therefore does not constitute a breach of privacy in the same way that, for example, raiding a filing cabinet does – and even if it were made illegal, detecting eavesdroppers would be virtually impossible. As things stand at the moment, Ferras concludes that for firms whose information represents a valuable, and therefore risky asset, the only sensible solution is to re-evaluate their use of technology from the bottom up – in other words, to accept that using computers, networks, modems and other devices is in fact as private as shouting from the rooftops, and until there is a technological solution – such as a less stringent but still effective version of the Tempest specifications – that will bring the use of technology into the private domain, they are well-advised to return to more traditional methods to communicate and process particularly sensitive information. The possibility of electromagnetic emanance eavesdropping could threaten to change the role of information technology in a profound way – but Ferras admits that trying to get users interested in the subject is rather like saying to a crowd, there is an odourless gas that is poisoning you now – please panic!
Computer viruses on the other hand have more obvious effects and the fact that, as th
e next speaker Dr Jan Hruska of Sophos Ltd explained, these effects can range from a harmless joke to the complete destruction of of all data being processed, means that organisations are more inclined to take steps to eradicate them – not least because there has been a significant rise in the number of viruses reported. For anyone intent on protecting themselves from the effects of computer viruses and similar foreign bodies, Hruska argued that it is important to be able to distinguish the different strains. A trojan horse, for instance, is not a virus: it is simply a piece of code that performs something – often harmful – that is not stated within its specification; for example a release of a data compression package stated that it would compress data to occupy 40% of the disk space it required originally – in fact, it compressed the data to 0% of its original size, resulting in the total loss of that data.
Logic bomb
A logic bomb is a piece of code that is triggered off if a set of conditions are fulfilled – quite often this is a time trigger – and then there are viruses proper, which are often written with elements such as trojan horses and logic bombs included. Viruses are distinguished by the ability to replicate themselves from machine to machine, network to network; by the existence of side-effects, and by a disguise that allows them to be passed from machine to machine without detection. Examples of viruses include the Italian, which is memory resident and time-triggered, and causes a bouncing ball to appear on the screen; the New Zealand or Stoned, which, one time in every eight that the machine is re-booted, will display the message, Your PC is stoned!; Cascade, which according to Hruska accounts for 35% of known UK computer infections – between October 1 and December 31 of any year, Cascade causes the characters displayed on an infected machine to drop to the bottom of the screen; other viruses, such as the Jerusalem or PLO, have the more serious consequences of file deletion and system slow-down. Sophos provides handbooks, video training courses and consultancy on how to deal with viruses, but Hruska says that for those that are uninfected and wish to remain so, the message can be summed up in one line: Don’t use software of doubtful origin.