Re: [cryptography] To Protect and Infect Slides
Brian Carroll rightly expands the discussion of pervasive targeting by ubiquitous technology. In architecture, for example, the increasing use of automation for controlling building systems -- HVAC, electrical, plumbing, security among others -- poses considerable vulnerabilities beyond legacy analog controls. Many of the automated systems are administered remotely over telephone, cable and wireless networks. Others are controlled locally within structures. Some are secured with encryption but many are not. And few are TEMPEST-protected outside military and governmental facilities. We have found that few architects and building engineers are knowledgeable about building automated systems nor the variety of means to secure and protect them. They are customarily designed, operated and maintained by specialty firms not traditional building designers. Moreover we have found that building management and maintenance staff rely upon outside firms for advanced technology, thus subjecting their facilties to unsupervised interventions by outside personnel who may themselves be sub-contractors, and sub-subs for each component of automation. In short, it is fairly easy to interdict and access building automation systems for implanting devices, injecting packets, tampering with OSes, siphoning networks, temporarily suspending security, all the things recently revealed in the 30c3 presentations. Digital security and TSCM experts are familiar with many of these vulnerabilities but there is a common practice to specialize in services (often at client request) and neglect comprehensive coverage. For example, to inspect communications and security systems but not HVAC, plumbing, electrical and automation systems which often have far more inadvertent emitters and transceivers contained in extensive components throughout a structure. NSA TAO and the joint CIA-NSA Special Collection Service are especially capable to expoit these gaps, and usually send teams composed of experts in each building system to determine a comprehensive attack on vulnerabilities, and shrewdly, planting multiple and various decoys to mislead counterspies. A catalog of these full-scope operations would be quite informative and perhaps diminish the effectiveness of ruses and decoys, in particular the kind of solo operation valorized in movies, books and TV.
i was thinking about 'hidden powerline networking' as a threat the other day. basically anything that could be plugged into a socket with hidden one-way networking on chip, that would be able to siphon network data or use as a sensor or bug & send this data into a larger circuit, say apartment electrical wires that could be picked up remotely as frequencies that are outside ordinary spec, at another onsite location such that a device simply is plugged into the same site to reveal or tap into the data. i imagine this is completely TRIVIAL to accomplish, especially due to no regulatory/enforcement or consumer protections in a security or commercial context as it aids surveillance goals, especially in political framework of secret policing, informers, etc. spying by the populations. such that anything with a cord potentially could feed such data, if designed this way. speakers or router or monitor or printer or clock or lights or blender or microwave, etc. and that it could seem innocuous, yet have this capacity or this 'surveillance potential' (as in, potential energy vs. applied), such that grassroots on-site monitoring could be aided and abetted likewise by such technological compromise, this in terms of intent and design or perhaps not revealed or deployed though part of a COT readymade solution that just requires smd circuitry add-ons to activate functionality this could be a stupid-model, versus smart expert systems or total monitoring solutions, the dust mote approach that leads towards a *density* of surveillance means/measures what is the square-footage of surveillance in your domain, etc. how many bugs per cubic meter, what if it was not one or two and instead, potentially dozens, this beyond the computer itself, in the realm of what it is possible and thus a question of where ubiquity may exist when fully surveilled, to what degree is maximal different in kind from minimal, such that the garage door opener and the car and dishwasher and HDTV and phone and the LED lights and remote-control car are monitoring you, in addition to computers, cellphone, conversations. (such as: is your router and neighbors wi-fi being used as an attack vector, are you being imaged via through- wall radar via wi-fi, for tracking and monitoring. or being made ill via out of spec radiation boosting via wi-fi, etc)
[snip]
for controlling building systems -- HVAC, electrical, plumbing, .. are not. And few are TEMPEST-protected outside military and governmental facilities. .. In short, it is fairly easy to interdict and access building automation systems for implanting devices, injecting packets, tampering with OSes, siphoning networks, temporarily suspending security [/snip]
I immediately thought, not of active injection of code/devices, but passive reading of data as a surveillance mechanism. If HVAC was advanced enough, for example, then you could use HVAC sensor data to infer location of individuals within a large building by the changes in airflow required to maintain temperature or humidity. Same for electrical use if they use devices. Hell, if the system is shit-hot enough, you might even be able to detect electrical fluctuations due to capacitance induced by passing foot traffic. Given that the NSA apparently don't like deploying code when passive observation will suffice, might be a fruitful avenue of investigation if anyone here knows their HVAC/other-hardware control systems.. On 31/12/13 22:43, John Young wrote:
Brian Carroll rightly expands the discussion of pervasive targeting by ubiquitous technology.
In architecture, for example, the increasing use of automation for controlling building systems -- HVAC, electrical, plumbing, security among others -- poses considerable vulnerabilities beyond legacy analog controls. Many of the automated systems are administered remotely over telephone, cable and wireless networks. Others are controlled locally within structures. Some are secured with encryption but many are not. And few are TEMPEST-protected outside military and governmental facilities.
We have found that few architects and building engineers are knowledgeable about building automated systems nor the variety of means to secure and protect them. They are customarily designed, operated and maintained by specialty firms not traditional building designers.
Moreover we have found that building management and maintenance staff rely upon outside firms for advanced technology, thus subjecting their facilties to unsupervised interventions by outside personnel who may themselves be sub-contractors, and sub-subs for each component of automation.
In short, it is fairly easy to interdict and access building automation systems for implanting devices, injecting packets, tampering with OSes, siphoning networks, temporarily suspending security, all the things recently revealed in the 30c3 presentations.
Digital security and TSCM experts are familiar with many of these vulnerabilities but there is a common practice to specialize in services (often at client request) and neglect comprehensive coverage. For example, to inspect communications and security systems but not HVAC, plumbing, electrical and automation systems which often have far more inadvertent emitters and transceivers contained in extensive components throughout a structure.
NSA TAO and the joint CIA-NSA Special Collection Service are especially capable to expoit these gaps, and usually send teams composed of experts in each building system to determine a comprehensive attack on vulnerabilities, and shrewdly, planting multiple and various decoys to mislead counterspies.
A catalog of these full-scope operations would be quite informative and perhaps diminish the effectiveness of ruses and decoys, in particular the kind of solo operation valorized in movies, books and TV.
participants (3)
-
brian carroll -
Cathal Garvey -
John Young