[cryptography] To Protect and Infect Slides

John Young jya at pipeline.com
Tue Dec 31 14:43:58 PST 2013


Brian Carroll rightly expands the discussion of pervasive targeting by
ubiquitous technology.

In architecture, for example, the increasing use of automation
for controlling building systems -- HVAC, electrical, plumbing,
security among others -- poses considerable vulnerabilities
beyond legacy analog controls. Many of the automated systems
are administered remotely over telephone, cable and
wireless networks. Others are controlled locally within
structures. Some are secured with encryption but many
are not. And few are TEMPEST-protected outside military
and governmental facilities.

We have found that few architects and building engineers are
knowledgeable about building automated systems nor the variety
of means to secure and protect them. They are customarily designed,
operated and maintained by specialty firms not traditional
building designers.

Moreover we have found that building management and
maintenance staff rely upon outside firms for advanced
technology, thus subjecting their facilties to unsupervised
interventions by outside personnel who may themselves
be sub-contractors, and sub-subs for each component
of automation.

In short, it is fairly easy to interdict and access building
automation systems for implanting devices, injecting
packets, tampering with OSes, siphoning networks,
temporarily suspending security, all the things recently
revealed in the 30c3 presentations.

Digital security and TSCM experts are familiar with many
of these vulnerabilities but there is a common practice
to specialize in services (often at client request) and
neglect comprehensive coverage. For example, to inspect
communications and security systems but not HVAC,
plumbing, electrical and automation systems which often
have far more inadvertent emitters and transceivers contained
in extensive components throughout a structure.

NSA TAO and the joint CIA-NSA Special Collection Service
are especially capable to expoit these gaps, and usually
send teams composed of experts in each building system
to determine a comprehensive attack on vulnerabilities,
and shrewdly, planting multiple and various decoys to
mislead counterspies.

A catalog of these full-scope operations would be quite
informative and perhaps diminish the effectiveness of
ruses and decoys, in particular the kind of solo operation
valorized in movies, books and TV.





More information about the cypherpunks mailing list