Silk Road forums
Discussion => Security => Topic started by: powerkush on May 17, 2012, 02:15 pm
-
So, yesterday I was watching a video of Jacob Appelbaum's newest "workshop" from New York City, April 26, 2012. ( https://www.youtube.com/watch?v=HHoJ9pQ0cn8&feature=relmfu ) I realize that it is around 3 hours long, and many of you cant be bothered to watch something of importance for this long, however there were some interesting things mentioned. The main thing that caught my attention, I believe in the second segment of these videos, was a power line backdoor. He stated that one of his colleagues at Washington State University had been working on such a project, in which they could use the power lines against you. He said that through the power line, they could see exactly what you were seeing on your television. A standard computer monitor is the same thing, you plug in your monitor to receive power just as a television would (he also talked about them watching computers/monitors). So with this in the hands of the government, which it probably is already, they could effectively monitor you, without any stone age remote intrusion backdoor. He mentioned a way to properly counter this, mainly being not being plugged into the wall, using a UPS(Un-interuptable Power Supply) in which you would just unplug from the wall, do your business, and then re connect, and they wouldn't be able to see the buffer inside the UPS or something? Other than that method, the only reasonable counter measure I can see is a laptop, not plugged into the wall, or being "off the grid" so to speak. You can say "oh they wont monitor me", but that type of thinking is wrong. They can see you using Tor, they already log every international inbound/outbound packet transfer. They could easily watch every single Tor user with this method, forget about encryption or any security method that you think makes you safe, they can see what you see. Another great tidbit mentioned, was that Truecrypt isn't exactly "safe" so to speak. Think of it this way, if they are forcing you to give up your pass phrase, and they are aware of truecrypt deniability, and more than one pass phrase for different partitions, if you give them one pass phrase, they can just say nope you didn't give us every pass phrase, and you stay in jail. Don't think you're safe just because you are a small time buyer. They want everyone involved with this type of underground network, so that it has zero chance of popping up again once they shut down the road.
powerkush OUT!
ETA : Full research paper PDF. Even mentions key logging in paragraph 1 of the introduction. You are all being key logged if you plug your computer into a power source. http://abstract.cs.washington.edu/~miro/docs/ccs2011.pdf
-
HAHHAHA...oh god. HAHAHA.
But really, this is serious. Also don't forget to turn your monitors around every night before you go to sleep / aren't using it so the FBI doesn't reverse view your monitor and see what you are doing.
And if they take you in and ask you questions, just repeat PEANUTS PEANUTS PEANUTS in your mind so that they can't read your thoughts and see your answers to your question. So when they say "did you buy drugs from the silk road" you are thinking PEANUTS PEANUTS PEANUTS PEANUTS instead of "oh shit they know."
PEANUTS PEANUTS PEANUTS
-
Not sure why you're attempting to discredit with humor, you probably didn't even watch the video. Jacob Appelbaum is a Tor developer and a Security Researcher, granted not the best, he even says so himself, but he does have quite a few highly intelligent, high target friends in the hacking community. If he says that they can see what you are doing through your power line, I'd tend to lean on the his side of this matter. He has personal knowledge of this matter. You do not. I didn't say there was some secret camera inside your monitor, I said they can have a direct line to you through your power line, which is absolutely true. Everyone who uses Tor is classified as an enemy of the state, they want to know what you're trying to hide. Data can absolutely be transmitted through the power lines, don't fool yourself. Watch the video for yourself, that's the reason I posted. Information for your mind, not fear mongering. PEANUTS PEANUTS PEANUTS.
-
Not sure why you're attempting to discredit with humor, you probably didn't even watch the video. Jacob Appelbaum is a Tor developer and a Security Researcher, granted not the best, he even says so himself, but he does have quite a few highly intelligent, high target friends in the hacking community. If he says that they can see what you are doing through your power line, I'd tend to lean on the his side of this matter. He has personal knowledge of this matter. You do not. I didn't say there was some secret camera inside your monitor, I said they can have a direct line to you through your power line, which is absolutely true. Everyone who uses Tor is classified as an enemy of the state, they want to know what you're trying to hide. Data can absolutely be transmitted through the power lines, don't fool yourself. Watch the video for yourself, that's the reason I posted. Information for your mind, not fear mongering. PEANUTS PEANUTS PEANUTS.
No, I didn't watch the video, and I don't need to. I can just tell it's total and complete BS. Anyone who uses tor is an enemy of the state? No they aren't. Site your source. And yea, data can be transmitted through the power line - if it is SET UP TO. There is absolutely no way that anyone can read the text on my screen based on the power I am consuming. Not a chance. I'd say it's common sense, but I guess you need to have at least a little bit of knowledge of how electricity and computer monitors work first.
Anyway, to sum it up: This story is just fear mongering, there is absolutely NO WAY the government is reading what is on your screen by looking at your power line.
-
I fully agree, not possible. Maybe someday but I still even doubt that. Global conspiracies are total real as far as I am concerned. That is pretty far fetched though. Just because someone claims to have knowledge in a film doesn't mean that they do, or even that the person in the film is who they claim to be for that matter. I don't think you would even have to do much research to disprove this theory.http://hackaday.com/2009/03/20/sniffing-keystrokes-via-laser-power-lines/ Seems they can monitor individual keystrokes from up to 50 feet away. I wouldn't be worrying too much about this. Unless you are very paranoid.
-
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,3360.0/
Another little thread on this subject.
-
Your sources are quite out of date. This is from 2012. This is from someone who is being watched by the government, in every aspect of his life. He has first hand knowledge of power line backdoors. You do not. Watch the video and stop spreading lies. I can't force you to watch an informational and technical presentation, but I can ask that you not attempt to spread false information when I'm just pointing out what someone else has said is going on. I could care less of either of your opinions, to me you are both just two junkies without real life connections for drugs who believe the SR rhetoric that everything is hunky dory. If SR came out and said that Tor wasn't safe they would be ruining their own business. It's up to the end user to come to the conclusion for themselves. Without watching the presentation, shut the fuck up. When Appelbaum mentioned this type of monitoring to the crowd, there were some visibly upset people in the audience, all they said was "this is some scary shit" and indeed, it IS some scary shit. Just because you refuse to believe it, doesn't mean it's not true.
-
Anyway to totally debunk your first source about "laser technology"
Here's some links about TEMPEST. Note the 1km range on this type of monitoring. These power line backdoors you can be reached ANYWHERE on the grid. Everything in the USA is connected together. Most of NA is connected. Keep dreaming but you'll never debunk the power line backdoor theory.
https://www.fas.org/irp/program/security/tempest.htm
https://en.wikipedia.org/wiki/TEMPEST
-
For those too lazy to watch the entire video, he starts talking about these power line analysis attacks at 1:05:30 of the first segment of the video. http://www.youtube.com/watch?v=HHoJ9pQ0cn8&feature=relmfu
Now if he says his colleague at WSU is doing this, how is it that you refuse to believe? I think that would just make you ignorant. You're ignoring the facts. Heres a link from the Security and Privacy Research lab in to which Appelbaum is referring to. http://seclab.cs.washington.edu/news.html
It's the latest on their news page, from 10.24.2011.
Here's the news in case you're too lazy, and I'm sure you are.
Recently, Miro Enev traveled to CCS 2011 to present his work with Sidhant Gupta on uncovering the depth of information leakage available on the modern powerline. The paper suggests that it is possible to tell what someone is watching on a TV by collecting a short period of unintentionally generated electromagnetic interference (EMI) from any wall socket in a home (not just the socket connected to the TV). This research was based on in-lab and in-home experiments with 8 TVs ranging in size, technology, and manufacturer, and a dataset of 20 movies plus over-the-air broadcasts. Miro and Sidhant also demonstrated the ability to train a neural network to predict the EMI of a television without need for physical access to the device. Full details in the paper. UW faculty members Shwetak Patel and Tadayoshi Kohno were also involved.
ETA: full research paper pdf document. http://abstract.cs.washington.edu/~miro/docs/ccs2011.pdf
Now if some people from a University can do these types of analysis on powerlines, why can't the government? Just because you think its illegal or not possible or probable? The government is involved in highly illegal citizen spying, I could care less if you believe. I do.
-
I read the article bizzle posted, and I can now see the flaw in what you are talking about.
Basically, the power line backdoor requires that you INSTALLED a device and are trying to transmit information through the power lines. It isn't something the LEA can just tap into and look at - it requires that you broadcast it. It's like saying that LE can hear everything a guy says no matter where he is at all times. And then you find out that it's because the guy is walking around holding a walkie talkie up to his mouth talking into it all day. Yea, the LE can hear what he says...because he is broadcasting it to them. Same thing applies here. Don't broadcast your screen through the power line and you'll be fine.
-
TEMPEST attacks don't even require access to power lines, transient electromagnetic emanations leak through the air. Displays can be reconstructed from significant distance, even through multiple walls, even with no connection to the power grid. The simple fact of the matter is that once you are physically located you are totally fucked if you have a competent attacker, unless you are inside of a shielded room or using shielded equipment. All of the encryption in the world isn't going to save you, your plaintexts will be pulled from the signals that your monitor leaks, what you type will be determined from the noise of your keystrokes. Local police don't even know what TEMPEST is, DEA may or may not, FBI counterintelligence have used this sort of attack against spies though so they certainly know about TEMPEST and have the equipment required to carry out such attacks.
Seems they can monitor individual keystrokes from up to 50 feet away. I wouldn't be worrying too much about this. Unless you are very paranoid.
They can monitor individual key strokes if they can get audio intelligence of typing, considering laser microphones can get audio from (something like) a mile away if they can target vibrating glass windows, I think 50 feet is a major underestimate of how far keystrokes potentially leak. Especially if they have the laser microphone hovering up in the sky on a mini UAV. Or maybe they have a dozen laser microphones on a mini UAV all targeting different windows as it goes from neighborhood to neighborhood hoping to catch something interesting ;).
don't underestimate spies and spy catchers. Then again I have not heard of this sort of attack being carried out by police other than FBI in cases of counter espionage and counter terrorism, so it isn't standard operating procedure yet.
-
This isn't even about tempest, some retard posted a stupid link about lasers monitoring the power, but that's not even what I am referring to. If you read the article you can understand it a little better, but they basically just tap into your power line from anywhere, and through analysis of your varying power, they can see exactly what you're doing. This includes even down to the smallest things such as typing on your keyboard. Another great thing about the article is all of the sources listed at the bottom, a complete treasure trove of information regarding the subject. The government started doing this stuff in the 70's and 80's and most information is still classified.
-
That paper discusses a type of TEMPEST attack
my point is that they don't even need access to power lines to do this sort of attack, enough leaks through the air.
http://2po5jdzeffv2kyv3.onion/polyfront/tempestmonitor.png
image of a TEMPEST attack carried out against a monitor, ten meters away and through two walls
image of the way the military protects from such attacks
http://2po5jdzeffv2kyv3.onion/polyfront/tempest2.jpg
turn your monitor into a radio broadcast
http://www.erikyyy.de/tempest/
causes monitor to leak signals that your radio then picks up and plays as music :P
-
Not quite, Part 5 titled System Description. They plug into the wall.
I know about TEMPEST, this is a little different. They could potentially monitor you from a central location thousands of miles away with a sophisticated system.
-
TEMPEST doesn't specify that the transient signals are transmitted through any particular medium.
A. Are there transient electromagnetic signals that are leaking information?
B. If so, someone gathering and analyzing those signals is engaged in a TEMPEST attack
TEMPEST is a codename referring to investigations and studies of compromising emission (CE) (see Van Eck phreaking). Compromising emanations are defined as unintentional intelligence-bearing signals which, if intercepted and analyzed, may disclose the information transmitted, received, handled, or otherwise processed by any information-processing equipment. TEMPEST is a codename only and is not an acronym.
Compromising emanations consist of electrical, mechanical, or acoustical energy intentionally or by mishap unintentionally emitted by any number of sources within equipment/systems which process national security information. This energy may relate to the original encrypted message, or information being processed, in such a way that it can lead to recovery of the plaintext. Laboratory and field tests have established that such CE can be propagated through space and along nearby conductors. The interception/propagation ranges and analysis of such emanations are affected by a variety of factors, e.g., the functional design of the information processing equipment; system/equipment installation; and, environmental conditions related to physical security and ambient noise. The term "compromising emanations" rather than "radiation" is used because the compromising signals can, and do, exist in several forms such as magnetic- and/or electric field radiation, line conduction, or acoustic emissions.[1]
Honestly I just glanced at the paper, maybe you are right, but it seemed like they were working with electromagnetic emissions, if it were only power consumption data being used then it wouldn't be TEMPEST but this doesn't seem to be the case from my quick scan of that paper.
-
True, but what above was referring to was the ranged, wireless type attack of emi analysis, and the first guys "source" was a terrible one at that. This type is through the wall, they could get to you anywhere, potentially. If they've been working on these types of things for 30 to 40 years, I'm sure they have some sophisticated things in place to be monitoring everyone's power signals.
-
First off, you are quoting a video off of youtube as fact, and stating that I am presenting disinformation. It is just as likely that your youtube video is bullshit just that same as any links you or I can post. As far as I can tell from all of this info, you can be monitored from up to 1 km away maybe more even, but you would need a reason to be monitored in the first place, either way all of the sites and info presented still leads to forming just an opinion on this matter. I try to be skeptical rather than believing whatever I see on youtube. Even with the website you posted I have not seen anything that leads me to believe that I should be anymore careful than I already am. The link that I posted to laser technology is actually how some of this monitoring works, for your information. Either way you would have to have someone investigating you already. You guys are definetly far too paranoid, and probably shouldn't use a site like SR if you're that concerned. Retards don't research the shit they spew, keep on quoting youtube vids man.
-
You should also keep in mind the fact that on average in every northa american household there are 6 tvs, and probably at least 3 computers cellphones ipods and multiple other frequency producing products to interfere with their signal monitoring. If you believe that they monitor every singnal from every house in the world or even in any said country then you should consider the resources that that would require. There are 5000 police in my city of 1 million people, I think you would need to hire some more intelligence officers.
-
Thanks for posting powerkush, and ignore the trolls. :P
I think your posting style probably put people off, ie:- "don't think you are safe", "you are all being keylogged" etc., but it's good to be aware of the potential for these type of attacks. When the US government said they wanted "full spectrum dominance", they meant it, so one can never be too careful.
I was looking into getting a couple of UPS units anyway, so this just adds to the reasons why I should do so.
-
So, yesterday I was watching a video of Jacob Appelbaum's newest "workshop" from New York City, April 26, 2012. ( https://www.youtube.com/watch?v=HHoJ9pQ0cn8&feature=relmfu ) I realize that it is around 3 hours long, and many of you cant be bothered to watch something of importance for this long, however there were some interesting things mentioned. The main thing that caught my attention, I believe in the second segment of these videos, was a power line backdoor. He stated that one of his colleagues at Washington State University had been working on such a project, in which they could use the power lines against you.
Uh ... you guys. This is really hilarious.
While well intentioned, Power Kush's limited understanding of the technology and terminology involved here has led to his totally misconstruing what's meant by a "power line" backdoor that's resulted in his perpetuating misinformation. 328052E is absolutely right, it's referring to a specific device. Have a look:
http://en.wikipedia.org/wiki/Power_line_communication
This type of PLC broadband technology allows you to distribute broadband throughout your house and works as a convenient alternative to wiring ethernet into every room or using wireless by instead plugging in a PLC device to your broadband router, then into the wall and have your other machines in other rooms accept the signal from the wall with another PLC device that you attach to your network card. There are also power line digital subscriber services that offer broadband through the power line available in limited areas that a consumer can subscribe and be set up to receive broadband through their electrical currents to a power line specific receiver in your home that is then redistributed. But this is FAR FAR different from anyone being able to just watch what's on your monitor by monitoring the electrical currents transmitted through your wall.
So just to be clear, you would need to be using PLC technology in the first place to be susceptible to the backdoor.
-
Okay, I just skipped over the PDF the OP linked to, and I think the OP's assessment of what it means is correct. I am aware of powerline adapters, but that isn't what is being discussed. The subject of the discussion is monitors/TVs leaking information into the grid, not network traffic, which is the purpose of consumer powerline adapters.
Basically, they are saying that, if you can attach a monitoring device to someone's electricity supply, you can potentially see all activity on displays plugged directly into the same supply, because the displays themselves leak the information into the power grid.
-
Okay, I just skipped over the PDF the OP linked to, and I think the OP's assessment of what it means is correct. I am aware of powerline adapters, but that isn't what is being discussed. The subject of the discussion is monitors/TVs leaking information into the grid, not network traffic, which is the purpose of consumer powerline adapters.
Basically, they are saying that, if you can attach a monitoring device to someone's electricity supply, you can potentially see all activity on displays plugged directly into the same supply, because the displays themselves leak the information into the power grid.
Okay, I see what you're referring to with the EMI sniffing from the pdf but that's a separate issue from a power line backdoor. I think the primary limitation there is logistical because of the practical limitations of needing to be within a fairly close distance since they'd need to intercept the power signal before it hits a transformer. If they're already on to you enough to target you for surveillance, there are plenty of other more conventional and less costly means to do so that don't have such proximal limitations. Probably why it hasn't been utilized outside of spy tech yet, as it's not close to practical.
Even if EMI sniffers were cost effective it would still be severely limited by present day electrical grid infrastructure to be only good for targeted use and not wide scale application where the gov could just collect data on everybody en mass and store it in a gigantic database somewhere.
-
http://www.terrorfeed.com/index.php?id=bug-clip-bluelight
-
Time to get my shotgun and my tinfoil hat and sit in a corner and rock back and forth ......
-
First, bizzleclaw, please just stop posting here if you cant even be bothered to read some information and understand said information.
Second, in regards to jpinkman, this has nothing to do with the powerline networking hardware you can get in your home. No one knows what the transformer would do to this information, but I do have an electrician contractor buddy who I could ask, he would know quite a bit more than me. I'm not trying to freak people out, but this was news to me, and I felt it very important and it even lists counter measures for these types of things. If they can't do it now, then I would assume that the "smart meters" they are installing would do it perfectly. These things act the same as a cellphone I have read by wireless sending information, and they send all data to a central server(suppose to only be the power company, but you know how that goes). If you look into them it specifically mentions this EMI type of data being sent as well. Bottom line is were all fucked whether its now, or in a few years once all of the smart meters have been placed, and we should look into counter measures for safety.
-
While this is all theoretically, and somewhat practically possible, it is still being researched. Local and even state enforcement officers would not have access to these technologies, yet. Just stay aware of these technologies, but don't bother running around like a chicken with it's head cut off because the sky is falling and you've seen a wolf. Fear mongering only helps the bad guys.
The very fact that a TOR developer is aware of this is comforting, because they are working hard to help anonymize those who are in danger, whether it be from police, police states or just plain criminal governments.
If you're really worried about power line snooping you can use a series of power conditioners/UPS devices to obfuscate small power surges/brownouts.
There are already many smart meter hacks out there as well, most people use them to get free power, stupidly, then the power company does a line trace and charges them.
Chill eeeeSecurity.
-
These things act the same as a cellphone I have read by wireless sending information, and they send all data to a central server(suppose to only be the power company, but you know how that goes). If you look into them it specifically mentions this EMI type of data being sent as well. Bottom line is were all fucked whether its now, or in a few years once all of the smart meters have been placed, and we should look into counter measures for safety.
Dude, in the whitepaper you provided here's a direct quote:
"The researchers did conclude, that “from a privacy perspective, we also observe that today’s utility companies are not collecting the granularity of information necessary for repeating our analyses, and the [Ubiquitous computing] technologies from the research community that could collect this type of information are not yet widely deployed.""
IOW, present day utility company smart meters don't have the sophistication to disseminate EMI like you're suggesting, and won't be until it's cost efficient to do so. That's not to say it won't happen if gov gives incentives that makes them cost efficient to deploy.
But even if the day comes along where power meter EMI taps are ubiquitous, the gov will still need to get a warrant to tap you, just like they would your phone, if they don't want to risk the case thrown out and want to use it as evidence in your prosecution. Sure if the case can be made that you're a terrorist they can circumvent getting warrant with patriot act provisions, but I doubt most people here fall into that category.
And if they have the wherewithal to get a warrant to tap your power line, why not just tap your phone and broadband line using present technology? This would make information gained from an EMI tap largely redundant, which might be part of the reason there seems to be no rush to deploy it.
In the future if more people get a clue about security and start using VPN's with regularity, then EMI taps could be put to far better use. But I just don't see how an EMI tap now offers much advantage over a phone or broadband tap to make it worthwhile.
-
Have any of you seen powerline network adapters?
Yes...data can travel back and forth through those wires. I don't have the knowledge to determine if this can translate into something like a powerline backdoor...but I wouldn't doubt it for a second.
-
Have any of you seen powerline network adapters?
Yes...data can travel back and forth through those wires. I don't have the knowledge to determine if this can translate into something like a powerline backdoor...but I wouldn't doubt it for a second.
Actually, we were just discussing it.
-
Uh . . . folks . . . electrons are non-specific. The electricity entering your house and distributed throughout your house/apt/outhouse don't carry labels. First, there is no way to track what electrons go where; after they pass through your fuse box, they go throughout your house to every light bulb and wall wart. After they arrive at their destination (your computer), they travel thought a transformer where the voltage is stepped up (or down) and then to your monitor. The video signals travel an even more convoluted route.
This is definitely tin-foil hat stuff--amusing at best, pathetic at worst.
Reading the EM signals from your monitor is pretty far-fetched as well.
Concern over security is a great thing, but it is possible to reach absurdity very quickly.
-
Have any of you seen powerline network adapters?
Yes...data can travel back and forth through those wires. I don't have the knowledge to determine if this can translate into something like a powerline backdoor...but I wouldn't doubt it for a second.
Actually, we were just discussing it.
Woops. That is what I get for reading the first page of post this morning and waiting till this afternoon to post my high-deas.
-
Uh . . . folks . . . electrons are non-specific. The electricity entering your house and distributed throughout your house/apt/outhouse don't carry labels. First, there is no way to track what electrons go where; after they pass through your fuse box, they go throughout your house to every light bulb and wall wart. After they arrive at their destination (your computer), they travel thought a transformer where the voltage is stepped up (or down) and then to your monitor. The video signals travel an even more convoluted route.
This isn't about labeling all electrons flowing into a house.
This is definitely tin-foil hat stuff--amusing at best, pathetic at worst.
If you were arguing against the facts presented in the pdf link from research conducted by forensics professionals at an academic research institution then, based on the quality of your arguments, you might have a point.
Reading the EM signals from your monitor is pretty far-fetched as well.
If you bothered familiarizing yourself with the technology involved, you might not sound so ignorant.
Concern over security is a great thing, but it is possible to reach absurdity very quickly.
Healthy skepticism is a great thing, but ignoring research and factual evidence is not healthy but stupidity.
Since you appear too lazy to read the whitepaper, I'll spell it out for you. The reason it's possible is because of switched mode power supplies (SMPS), the kind that provides higher efficiency and smaller form factor for consumer electronics. Energy Star mandates some consumer electronics use SMPS power supplies, so consumers don't have much choice. It's that same efficiency small form factor that makes SMPS convenient for consumers looking to save money.
One consequence of SMPS is EMI, which can be monitored remotely. The researchers developed the ability to determine particular EMI signatures of various motion picture studio splash screens. They were also able to isolate the video signal from all the other "noise" in the EMI.
Now, it'd make more sense to discuss what the real practical applications and threat to privacy this could pose. It could be used to crack down on copyrighted material and piracy. If it can ID motion picture logos by signature it could certainly do so for web sites appearing on a monitor. Could it do so for real time keystrokes typed into a site like SR? Well seeing as how keystrokes themselves emit EMI and there are keyloggers that can be made from common items that capture keystrokes from EMI, this is not a stretch at all.
So if you care to get up to speed with modern technology and join the discussion with something interesting to contribute, then go for it. We're not discussing whether it's possible at this point, since it is, we're discussing whether it's PRACTICAL.
-
One final thing I forgot to mention which I believe is the nail in the coffin that won't make EMI taps ubiquitous anytime soon (so breathe easier because no one is fucked) is how easily it can be thwarted by installing an EMI filter, which are in fact quite common today. So it really makes no sense to make a large investment in installing this technology in the power meters of every house if it can so easily be rendered obsolete. Far more effective to keep it stealth and use it only on the meters of targeted residencies so as not to create public awareness about it's capabilities that any paranoid person can easily take preventive measures against.
-
Thanks for all of the intelligent replies pinkman. I have my opinion on this from the small amount of research I did and I have the exact same feelings as pinkman. Its never ridiculous to be skeptical and ignorance is just as bad. I never tried to say any of this was not possible just not something I would worry about. I mean if they are within a km of you listening to your emi from your computer ,than you have already got bigger issues. Interesting subject ,but I feel that underground technology will stay ahead of the game.
-
These things act the same as a cellphone I have read by wireless sending information, and they send all data to a central server(suppose to only be the power company, but you know how that goes). If you look into them it specifically mentions this EMI type of data being sent as well. Bottom line is were all fucked whether its now, or in a few years once all of the smart meters have been placed, and we should look into counter measures for safety.
Dude, in the whitepaper you provided here's a direct quote:
"The researchers did conclude, that “from a privacy perspective, we also observe that today’s utility companies are not collecting the granularity of information necessary for repeating our analyses, and the [Ubiquitous computing] technologies from the research community that could collect this type of information are not yet widely deployed.""
IOW, present day utility company smart meters don't have the sophistication to disseminate EMI like you're suggesting, and won't be until it's cost efficient to do so. That's not to say it won't happen if gov gives incentives that makes them cost efficient to deploy.
But even if the day comes along where power meter EMI taps are ubiquitous, the gov will still need to get a warrant to tap you, just like they would your phone, if they don't want to risk the case thrown out and want to use it as evidence in your prosecution. Sure if the case can be made that you're a terrorist they can circumvent getting warrant with patriot act provisions, but I doubt most people here fall into that category.
And if they have the wherewithal to get a warrant to tap your power line, why not just tap your phone and broadband line using present technology? This would make information gained from an EMI tap largely redundant, which might be part of the reason there seems to be no rush to deploy it.
In the future if more people get a clue about security and start using VPN's with regularity, then EMI taps could be put to far better use. But I just don't see how an EMI tap now offers much advantage over a phone or broadband tap to make it worthwhile.
I would need to do some more research to determine if this sort of attack would require a warrant. I believe wiretaps that are only capable of gathering illegal communications are somewhat of a gray area, there used to be a lot of discussion about carrying out Bayesian traffic classification at ISPs and looking for traffic patterns consistent with child pornography. Some distinction between viewing *communicated data* to find illegal data and viewing *communications metadata* to get a warrant to view data that is determined to be illegal. Unfortunately it has been quite some time since I was looking into traffic classification at ISPs, and I am not certain of the actual laws regarding wiretaps in this instance.
However, I am aware of other subtleties of the wiretapping laws. For one they only apply to payload data, not routing metadata. The government does not need a warrant to see which IP addresses you communicate with and when, only to see what you actually send to those IP addresses. They can also see which IP addresses communicate with you without a warrant, just not what they send to you. Sometimes knowing this information is enough to determine the payload data of the communications, however it is not technically a wiretap and doesn't require a warrant.
There are a lot of "loopholes" in the wiretapping laws that allow for people to be essentially wiretapped in some instances, without the requirement of any warrant.
-
tinfoil hat... tinfoil hat...
-
Isolation transformers (no change in voltage just two identical coils and no bonded/common neutral, very little voltage loss adjusted through the taps on the secondary) have been used in any and all important government installations for years. It seems the Russians figured out how to turn an entire building into an inductance microphone from the transformer (possibly the utility step down transformer) somewhere in the mid 1980's and obtained some very sensitive information using this method before it was discovered.
Directional microphones have also come a long way but usually require line-of-sight (or practically, not generally inhibited greatly by most material commonly used in wall construction barring of course Faraday cages & other somewhat extreme but possibly soon to be viewed accepted as more feasible if one necessitates such assurances) but can be thwarted by pink noise generators (used in many sensitive buildings, do not produce an audible sound as such as just make overhearing a conversation from more than a few meters away very difficult).
As for the topic at hand, it is possible in principle and I admit ignorance as far as exact capability and do not believe the entire truth of this technology will be released in fashion as this is the kind of thing that is exempt from discovery in prosecution. It could well be much worse.
That being said one would have to a high profile target to warrant such man hours being devoted.
No I'm not a cop, I just might know something about large application direct digital controls.
-
However, I am aware of other subtleties of the wiretapping laws. For one they only apply to payload data, not routing metadata. The government does not need a warrant to see which IP addresses you communicate with and when, only to see what you actually send to those IP addresses. They can also see which IP addresses communicate with you without a warrant, just not what they send to you. Sometimes knowing this information is enough to determine the payload data of the communications, however it is not technically a wiretap and doesn't require a warrant.
That's all well and good, but tapping EMI from a power meter is an entirely different medium altogether than tapping internet traffic. You already need a warrant in many cases today to tap power meters, since the practice is common in busting growers. Probable cause to get a warrant for a power meter tap is determined by metrics such as the amount of electricity used and cyclical times of use common to grow cycles. Of course it will take some cases in court to set the long term precedent of privacy implications of an EMI tap but, based on the type of knowledge obtainable, it's hard to see how it wouldn't be considered an invasion of privacy. There would be no way to discern between payload and metadata in an EMI tap, and without that distinction I don't see any wiggle room for LE to claim they should have free access to what's on your monitor or what you watch on your TV.
-
I really am not sure how the laws would apply to such taps. I just know that they are sneaky fuckers and the laws are not anywhere near up to date with technology. They are like the police tactics version of analog drugs. GPS is illegal to put on cars without a warrant? Who cares we can follow cars with license plate cameras without warrant. License plate tracking without warrant is illegal? Who cares we can track cell phone positioning. Cell phone positioning without a warrant is illegal? Who cares we can have a mini UAV lock onto the vehicle and follow it around. Mini UAV surveillance without warrant is illegal? Who cares we can blah blah etc.
-
I really am not sure how the laws would apply to such taps. I just know that they are sneaky fuckers and the laws are not anywhere near up to date with technology. They are like the police tactics version of analog drugs. GPS is illegal to put on cars without a warrant? Who cares we can follow cars with license plate cameras without warrant. License plate tracking without warrant is illegal? Who cares we can track cell phone positioning. Cell phone positioning without a warrant is illegal? Who cares we can have a mini UAV lock onto the vehicle and follow it around. Mini UAV surveillance without warrant is illegal? Who cares we can blah blah etc.
Yes, it's true LE has many options and technology will always stay ahead of the law and the legality of new technology isn't truly determined until it winds up in court. That's where an educated guess as to whether the law will rule a new technology like EMI taps are an invasion of privacy will come in, and it's hard to see where there's much grey area involved with something so invasive in revealing your realtime communications and tv viewing activities conducted in your own home and there's plenty of precedent to think it would be ruled as such.
If there's a 90% chance a new technology will require a warrant for use, is it worth it to invest in that technology by providing utility companies with tax breaks to install them? Not really. It makes more sense to allow the consumer free market to do what it does, and work with with whatever technology assumes widespread adoption. It made sense to test the limits of the courts once GPS devices became affordable and commonplace. If utility companies already deploy EMI taps capable of disseminating that sort of information, then yeah why not give it a whirl until it's challenged in court. But there's no evidence that such meters make economical sense at the moment, or that there's any sense at all in a power company wanting to disseminate the EMI coming from your TV or monitor.
I'm sure the gov is more than aware of the risks involved in spending years developing hyper specialized technological solutions that market forces could in an instant make obsolete. Just look at SMPS. Tomorrow a company or ingenious entrepreneur could introduce an even more efficient power switching standard that would make SMPS a thing of the past, and any tech developed by the gov to exploit SMPS a pile of junk.
-
What if it can't see your monitor though? What if it can only detect SR, and then the fact that it detected SR being loaded is enough to get a warrant to actually check what you are doing. That is what I was saying about wiretaps that are programmed to be blind to non-illegal things but not to things that are 99.999999999999999999999999999999999999999999999999999999999% certain to be preidentified illegal things. It also helps when they are not actually looking at what is on your monitor but only at the fingerprints what is on your monitor leaves in your utility bill. It is essentially a wiretap but at the same time it has different properties too, and similar things that are also essentially wiretaps with different properties are not legally considered wiretaps, so it could really go either way when it gets to court.
-
What if it can't see your monitor though? What if it can only detect SR, and then the fact that it detected SR being loaded is enough to get a warrant to actually check what you are doing. That is what I was saying about wiretaps that are programmed to be blind to non-illegal things but not to things that are 99.999999999999999999999999999999999999999999999999999999999% certain to be preidentified illegal things. It also helps when they are not actually looking at what is on your monitor but only at the fingerprints what is on your monitor leaves in your utility bill. It is essentially a wiretap but at the same time it has different properties too, and similar things that are also essentially wiretaps with different properties are not legally considered wiretaps, so it could really go either way when it gets to court.
Good point. But I still don't see any reason for the gov to invest in development or push for wide scale adoption in a technology that can A) Be so quickly rendered obsolete. B) Is so easily thwarted by an EMI filter C) Faces questionable determination of legality in court D) Information gleaned is largely redundant from what can be gained from legal taps.
There are enough ways to exploit current technology to nab someone then to invest in something like this that is all so precariously dependent upon the continued use of SMPS.
The biggest concern I sensed from the OP, that EMI taps are universally deployed and storing all your tv and monitor information in a database for future analysis somewhere, I think can be safely put to rest. Such units are not deployed and there's no reason to think they will be anytime soon. Of course there's no reason not to remain vigilant should you ever learn the gov is considering such a push or if they ever are. But there's no good reason to think they will be unless power companies can come up with an economical reason to want to pay a premium for such costlier units enough that manufacturer would invest to bring them to market.
-
Got to agree with the um... Tinfoil hats.
You guys are wearing a large stack of tinfoil hats.
Ignorance is bad? So is outright paranoia. I hardly have the interest to make a detailed statement of why you are wrong, but put simply:
For anything like this to even be plausible, there would need to be a direct tap on the screen's power cord itself. After that, all of the electricity from the power strip, from the room, from the house, from the neighborhood and beyond, all gets melded together in one single demand for simple electricity.
I'm all for healthy skepticism, but this is taking it a little too far.
-
Got to agree with the um... Tinfoil hats.
You guys are wearing a large stack of tinfoil hats.
Ignorance is bad? So is outright paranoia. I hardly have the interest to make a detailed statement of why you are wrong, but put simply:
For anything like this to even be plausible, there would need to be a direct tap on the screen's power cord itself. After that, all of the electricity from the power strip, from the room, from the house, from the neighborhood and beyond, all gets melded together in one single demand for simple electricity.
I'm all for healthy skepticism, but this is taking it a little too far.
Uh, have you even bothered to follow the thread? We're already way ahead of you kid.
-
People can call "tinfoil hats" all they want, but this is a potential vulnerability, and is worthy of discussion. I don't think anyone here is overly paranoid, or claiming that the sky is falling, but this is definitely something to watch for in future (or now, if you want to be ahead of the curve).
Hyruleantoker, read the pdf that was linked to earlier in the thread. Your assessment of the limitations and implementation of this technique are incorrect.
There's been some good points made here by both kmfkewm and jpinkman. I agree that this method is unlikely to be put into widespread use by LE at any point soon, but that's not to say it's beyond the realms of possibility in years to come. As "smart meters" get "smarter", there will be plenty of data available to whoever wants to purchase it, and if the energy companies can harvest and sell that data legally, they will certainly do so. I'm not sure whether the components needed for this kind of monitoring would be prohibitively expensive, but I think that there would be a market for the data, and not just from LE. I suspect that, if this is ever implemented, it will be to cater for the information market, rather than funded by LE for spying purposes.
-
I apologize for coming off as blunt and admittedly stupid in my previous post. While I have not yet read the article, nor entirely bought into the idea, I will open my mind to the possibility. I don't like seeing others just close their eyes and call people idiots, so it's much worse when I do it. I'll do some research before calling bullshit next time.
Humbly,
~Toker
-
HAHHAHA...oh god. HAHAHA.
But really, this is serious. Also don't forget to turn your monitors around every night before you go to sleep / aren't using it so the FBI doesn't reverse view your monitor and see what you are doing.
And if they take you in and ask you questions, just repeat PEANUTS PEANUTS PEANUTS in your mind so that they can't read your thoughts and see your answers to your question. So when they say "did you buy drugs from the silk road" you are thinking PEANUTS PEANUTS PEANUTS PEANUTS instead of "oh shit they know."
PEANUTS PEANUTS PEANUTS
i love you
-
As "smart meters" get "smarter", there will be plenty of data available to whoever wants to purchase it, and if the energy companies can harvest and sell that data legally, they will certainly do so.
Great point. And I think that potentially bodes well for us, since the legality of the electric company selling data such as what you watch on TV and web traffic history for commercial purposes will likely be challenged in court before LE, and their decision whether to pursue it could well depend on the outcome of such a court decision.
I could see the cost of this technology coming down enough in the future (since it always does) that would make it economical if they can profit from selling the information to 3rd parties commercially without the homeowners consent. But the move to make that happen should be accompanied by enough press and fanfare by privacy advocates and information security industry and accompanied by an appropriate court challenge to give us plenty of heads up when that's about to happen ... so not writing it off altogether and staying aware of its potential can only help in keeping you several steps ahead should the time ever come.
-
I apologize for coming off as blunt and admittedly stupid in my previous post. While I have not yet read the article, nor entirely bought into the idea, I will open my mind to the possibility. I don't like seeing others just close their eyes and call people idiots, so it's much worse when I do it. I'll do some research before calling bullshit next time.
Humbly,
~Toker
Or if you want the quick cliff noted synopsis of the whitepaper you can read my reply #31.
S'Ok, at least you're man enough to admit fault. I made the same mistake too at first glance, going by the OP's description which by calling it a "Powerline Backdoor" sounds like something entirely different as it's known in the security industry. I tried to temper my first post not wanting to come across as too much of an ass in case I was wrong, even though I'm sure I did anyway :-[ , which I discovered after reading through the excellently researched and well documented U of Washington PDF whitepaper on it.