Vanya was sitting in the dark room, where he was working with organisation’s secret information. Vanya decided to open the blinds so he could see, and the next day he was fired, because Vanya disclosed secret information.
One of themes studied by information security students in ITMO is classification of Information Leakage Channels. This article is going to tell you about the types of leakages and examples of them.
Technical Information Leakage Channels are split into four groups: leakage channels of information processed by Technical means of receiving, processing, storing and transmitting information; leakage channels of verbal information; leakage channels of information transmitted via communication channels; leakage channels of imagery information.
All the groups are split into more categories by the means of leakage. The first group can be roughly explained as leakage via computers. The categories here are electromagnetic, electrical and parametric methods. Electromagnetic leakages by computers exist because of their EM field that can be intercepted directly, while electrical leakages are intercepted from radiators, wires or bugs. The last method is achieved when the intruder emits high frequency fluctuations that are getting modulated by the computer.
Verbal information leakages are split in 5 categories: acoustic, vibroacoustic, electroacoustic, parametric again and photoacoustic methods. The first one is regular eavesdropping or wiretapping. The vibro in second method means that vibrations of speech can be intercepted to listen to a dialogue. These vibrations can cause other vibrations, for example, in walls. That way walls do actually have ears, the hearing of which can be muffled by carpets. The third category is related to wiretapping, although it’s not for listening to a phone call. Even when phone is idle, its microphone interprets the sound that can be intercepted, while the phone is connected to the network. Parametric method in verbal leakages is similar to its counterpart in the first group. There is a notable example of such leakage: in USSR, american embassy had a wooden shield with an eagle on it, that was presented to them by pioneer movement children. That shield had a bug in it that couldn’t be found because it wasn’t transmitting anything. As a parametric information leakage device it had inside only metal disk and antenna, which modulated signal, that was transmitted from neighboring building. The photoacoustic method, in short, is listening to vibrations of speech on windows from a distance using lasers, that are related to optics.
Communication channels consist of radio waves and wires. There are 3 categories: electromagnetic, electrical and inductive. Radio waves are intercepted by EM and wires by electrical and inductive means. The difference is that induction doesn’t require direct intervention in wire work.
Imagery leakage channels are self-explanatory with three categories: object observation, object shooting and document shooting.
Vanya opened not only blinds but a technical information leakage channel as well. All of imagery types of leakage and photoacoustic of verbal type, to be precise. But the real question here is how did Vanya’s organisation allowed themselves to have a room that doesn’t comply to standarts of work environment?
Pictures and information are taken and translated from “Защита информации от утечки по техническим каналам. Часть 1. Технические каналы утечки информации” by Хорев А.А.