Slashdot Mirror
Can the NSA Really Track You Through Power Lines?
mask.of.sanity writes Forensics and industry experts have cast doubt on an alleged National Security Agency capability to locate whistle blowers appearing in televised interviews based on how the captured background hum of electrical devices affects energy grids. Divining information from electrified wires is a known technique: Network Frequency Analysis (ENF) is used to prove video and audio streams have not been tampered with, but experts weren't sure if the technology could be used to locate individuals.
While I also doubt that this is possible today, I am sure the NSA is looking at placing the respective sensors. Then we will have to do "analog routing" and mix in mains hum form several places to obscure where and when things have been recorded. Maybe we should start to offer recordings of local grid noise. Would not be that difficult to do.
Well, fighting fascism is difficult. But there really is no alternative for anybody with at least a shred of noncompromised personal ethics. The price of doing nothing is just way to extreme.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Due to the amount of signal processing that goes on with modern television, its highly unlikely. MPEG compression probably stops it at the source since its instantly fuddled with and massive amounts of the data they use is lost right then and there.
If you were actually afraid of the NSA finding you, as a whistle blower, getting around this form of tracing is trivial.
Use a UPS for power, unplugged from the power grid. No power line tracking.
Or the more old school way that people have done for a while, record it and leave before broadcasting it. Locating the source of the recording doesn't mean much if the target is already 800 miles away.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
You can SORT OF do the same thing for power, by embedding a signal in a given substation.
So, I came here to ask, "Why is this on Slashdot? Don't we all realize that isn't possible?"
Then I came here and saw this, and that it was moderated up. Oh well.
"First they came for the slanderers and i said nothing."
Or I could be talking out of my ass.
As long as there's no hum signature, you should be okay.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Tracking someone through landlines has been a Thing for many years now. Ever hear of a "lock and trace"? You can SORT OF do the same thing for power, by embedding a signal in a given substation. It's nontrivial, and it's horribly complicated, but it IS feasable. As for the "hum" thing, that's just standard TEMPEST, been a Thing now for going on thirty years, where you can fingerprint electronics via EM signatures and you can read those EM signatures via physical phenomena including audio hums and induced currents in surrounding circuits. This is why the LASER mike was actually developed, not for actual sounds (standard shotgun mikes do wonders there, because the glass reresonates sound just fine), but to get a good frequency signature on TEMPEST EM leakage. So, in sum, they're not specifically taking a van out and following lines to see what location an interviewee is at, but a lot of that is that they don't really need to because they can get all the information they need through older technologies that approximate the capabilities
HUGE problem with this theory.
The power grid operates on incredibly tight tolerances with regard to frequency. Additionally, within that margin (which is the same, everywhere, within a certain grid...and by grid, I mean, like "The United States" or "Great Britain") there is a small degree of variation that is the same for that grid and all that are built using the same equipment...which is a significantly humongous population.
Imagine a metropolitan area like, say, San Antonio. San Antonio has several power stations that service its region. Each generation turbine produces what's known as "three-phase power," which is kind of like TDMA for AC electricity. Those three phases get broken out and separated into three outputs that then go into a substation and transformers, then out on the grid. The three phases equally and perfectly distribute around the 360-degree rotation of the "exciter," which is basically the generator's key component. If that distribution gets out of whack, power spikes in a really nasty way, and copper vaporizes fast enough that it's actually a detonation.
But I digress. The point is this: AC power is a waveform, oscillating at 60 Hz. It cannot vary much at all...because within the same grid, everything is interconnected. Every generator is in sync, or has a syncrophasor to re-sync the power coming from it before it hits the grid. Otherwise, you get some power from A and some from B, with waveforms that are out of sync...and the frequency changes in both rate and amplitude, and shit blows up. (Including generators themselves...the "Aurora Vulnerability" that DoE is so batshit scared of is essentially a manifestation of this at the generator itself.)
So...I've been trying to think of how there could possibly be enough variation to fingerprint someone based on the hum caused by that 60Hz frequency noise. I've been in transmission control centers where they monitor, regulate and occasionally wet themselves over frequency shifts, and I've seen that the amount of variation needed to cause sheer panic is shockingly low..and it rarely ever happens for even a second. And those tolerances have been the same everywhere I've gone.
So no, it's not at all like TEMPEST. Because if it were, it'd be the equivalent of being able to figure which monitor you were looking at by EM emissions...when all the monitors in the country show the exact same thing.
For your security, this post has been encrypted with ROT-13, twice.
There's also the off-peak hot water signals that are modulated on the line (at around 1kHz) in some places. Those signals are generated at the local substation. Their purpose is to activate various hot-water systems to load balance the area's power use. Where the final goal is to minimise the peak usage during 'peak' periods of use.
It is conceivable that if an 'interview' is made when that type of noise appears on the line, and that an accurate time reference is available, it may be possible to use this to narrow down the search region.
Still not going to pin-point a location, but could definitely narrow it down far better than just using the 60Hz line frequency. Which is far too narrow band to provide any useful information beyond what country you're in.
To the paranoid, this sounds like a cover. When the magician says he can pull a rabbit out of your ear with his right hand, look to his left hand; when the NSA says/leaks that they can locate you by electric hum, they probably found an easier shortcut (something embedded in the camera?) and want you to go looking elsewhere so you don't find it. Remember, the NSA claims magic but practices sidechannel attacks that make it look like they know magic.
It may be just noise, but is it different noise between different power lines (and if so, consistently different)? If so, it's a fingerprint. Noise can be information if you're looking for a specific kind of noise. Not all noise is identical, and if you can fingerprint that noise, you can use it to determined the source.
Granted, that's a pretty big "if". I have no idea if powerline noise is consistent enough to be fingerprinted, different enough for a useful comparison, or strong enough to be picked up by standard recording devices. But it could be possible, in theory.
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
But I digress. The point is this: AC power is a waveform, oscillating at 60 Hz. It cannot vary much at all...because within the same grid, everything is interconnected. Every generator is in sync, or has a syncrophasor to re-sync the power coming from it before it hits the grid. Otherwise, you get some power from A and some from B, with waveforms that are out of sync...and the frequency changes in both rate and amplitude, and shit blows up.
You may wish to engage in a quick review of:
And numerous other examples of various subcarriers being successfully overlaid on the 50/60Hz power waveform. When used for data transmission, BPL technologies (while commonly deployed in short-range scenarios due to EMI problems), can deliver hundreds of megabits, up to multiple gigabits of bandwidth over tens of KMs - this was deployed and trialled for wide-coverage broadband delivery in Australia. These capabilities would indicate we already have consumer technology which can work through the noise to transmit and receive such a high-precision signal on a shared medium, and which would not create the chaos described.
I'm not disagreeing with this being highly unlikely as a useful tool for tracking without a lot of infrastructure, but the power networks are in no way clean or perfectly in sync. Phases are locked (or the generators will get yanked into line, potentially disastrously), but beyond mechanical low-frequency synchronisation at the production end, there's a lot of noise and variation. I've personally seen several scenarios, mostly large industrial estates, which vary very significantly in voltage and frequency (both over 20%) depending on time of day and resultant grid load. IT gear doesn't agree with this and requires heavy duty power conditioning.
I've been in transmission control centers where they monitor, regulate and occasionally wet themselves over frequency shifts, and I've seen that the amount of variation needed to cause sheer panic is shockingly low..and it rarely ever happens for even a second.
You answered your own question. There are tiny variations at the local substation level, fractions of 1Hz and fractions of a volt. All that is monitored and recorded, second by second. The pattern of tiny variations over time, small as they might be, can be picked out of the mains hum on the recording and matched up to the data on file. Maybe not in real-time yet, but certainly after the fact.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC