[cryptography] To Protect and Infect Slides

Cathal Garvey cathalgarvey at cathalgarvey.me
Mon Jan 6 14:59:56 PST 2014 

[snip]
> for controlling building systems -- HVAC, electrical, plumbing,
> ..
> are not. And few are TEMPEST-protected outside military
> and governmental facilities.
> ..
> In short, it is fairly easy to interdict and access building
> automation systems for implanting devices, injecting
> packets, tampering with OSes, siphoning networks,
> temporarily suspending security
[/snip]

I immediately thought, not of active injection of code/devices, but
passive reading of data as a surveillance mechanism. If HVAC was
advanced enough, for example, then you could use HVAC sensor data to
infer location of individuals within a large building by the changes in
airflow required to maintain temperature or humidity. Same for
electrical use if they use devices. Hell, if the system is shit-hot
enough, you might even be able to detect electrical fluctuations due to
capacitance induced by passing foot traffic.

Given that the NSA apparently don't like deploying code when passive
observation will suffice, might be a fruitful avenue of investigation if
anyone here knows their HVAC/other-hardware control systems..

On 31/12/13 22:43, John Young wrote:
> Brian Carroll rightly expands the discussion of pervasive targeting by
> ubiquitous technology.
> 
> In architecture, for example, the increasing use of automation
> for controlling building systems -- HVAC, electrical, plumbing,
> security among others -- poses considerable vulnerabilities
> beyond legacy analog controls. Many of the automated systems
> are administered remotely over telephone, cable and
> wireless networks. Others are controlled locally within
> structures. Some are secured with encryption but many
> are not. And few are TEMPEST-protected outside military
> and governmental facilities.
> 
> We have found that few architects and building engineers are
> knowledgeable about building automated systems nor the variety
> of means to secure and protect them. They are customarily designed,
> operated and maintained by specialty firms not traditional
> building designers.
> 
> Moreover we have found that building management and
> maintenance staff rely upon outside firms for advanced
> technology, thus subjecting their facilties to unsupervised
> interventions by outside personnel who may themselves
> be sub-contractors, and sub-subs for each component
> of automation.
> 
> In short, it is fairly easy to interdict and access building
> automation systems for implanting devices, injecting
> packets, tampering with OSes, siphoning networks,
> temporarily suspending security, all the things recently
> revealed in the 30c3 presentations.
> 
> Digital security and TSCM experts are familiar with many
> of these vulnerabilities but there is a common practice
> to specialize in services (often at client request) and
> neglect comprehensive coverage. For example, to inspect
> communications and security systems but not HVAC,
> plumbing, electrical and automation systems which often
> have far more inadvertent emitters and transceivers contained
> in extensive components throughout a structure.
> 
> NSA TAO and the joint CIA-NSA Special Collection Service
> are especially capable to expoit these gaps, and usually
> send teams composed of experts in each building system
> to determine a comprehensive attack on vulnerabilities,
> and shrewdly, planting multiple and various decoys to
> mislead counterspies.
> 
> A catalog of these full-scope operations would be quite
> informative and perhaps diminish the effectiveness of
> ruses and decoys, in particular the kind of solo operation
> valorized in movies, books and TV.
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x988B9099.asc
Type: application/pgp-keys
Size: 6176 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20140106/bf4ffea8/attachment-0002.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20140106/bf4ffea8/attachment-0002.sig>

More information about the cypherpunks mailing list