Thread: Van Eck phreaking

It's talked about a lot in the book I'm reading (Cryptnomicon, still)... Basically, it sounds like using an ultra sensitive device to read the bits that are displayed the computer screen and determine what the person is doing by decoding those bits. I was wondering: is it actually possible? It sounded a little farfetched, but possible...

This way it can be done remotely (guess I didn't realy make it clear)

Ex:
In the book, one of the main characters is put into prison on a bogus charge. Since he has friends with money, they bribe the cops to get hime into a nicer cell and be allowed to use his computer. The desk that's given to him is a file cabinet that's curiously bottom heavy, presumably so that the authorities can spy on what he's working on...

I'm not an expert on the subject, but I can shed a little light on it.

Take a quick look at the back of your monitor. Most have a small label mandated by your government's communications authority (the FCC here in the states). The reason that label is there is your monitor puts out a modest amount of radio interference. The bits being sent to your monitor end up being broadcast over RF.

With the right equipment and some very favorable conditions, the data being emitted from your monitor can be read by a remote computer. A year or two ago, l0pht had an article where the author built such a device for his laptop from parts he obtained at Radio Shack and went around southern California snooping the airwaves from his car. He wrote he had the most luck around local government offices (police departments and county clerks).

I'm sure Google could reveal the gritty details on the concept.

Wow... That's pretty scary - I'll check google later - I don't think people here at work would look too favorably on me doing searches on "phreaking", esp. witht he types of sites it'd bring up...

> A year or two ago, l0pht had an article

What's that?

Originally posted by Govtcheez
> A year or two ago, l0pht had an article

What's that?

"L0pht Industries" was a really great security site which has since changed to '@stake security'. The guys at l0pht not only reported exploits, but published the gritty details so anyone could validate the exploit. In fact, they found a lot of exploits on their own.

The guys at l0pht weren't big on scruples; they were only interested in exposing flaws in computer security. They wrote Jack Ripper (brute force password cracker) as well as Back Orifice, and numbers of articles where they tried to build hacks based on things which were 'theoretically possible', such as the Van Eck phreaking. It wasn't enough for the writers to speculate at l0pht; they actually went through the trouble of proving (or disproving) theories.

l0pht.com was, arguably, the most technically informative site on the web for a number of years.

I couldn't believe their password cracker was/is shareware.

Wireless is the new wave of phreaking. Here uses similar freq to TV remotes ect.

I know one government department who had a hacker enter thru wireless and steal internet access. They only found him a year later, nothing said as it was not something they want to go public (that they have no security / audits and don't bother to install any).