Can the NSA Really Track You Through Power Lines? 109
mask.of.sanity writes Forensics and industry experts have cast doubt on an alleged National Security Agency capability to locate whistle blowers appearing in televised interviews based on how the captured background hum of electrical devices affects energy grids. Divining information from electrified wires is a known technique: Network Frequency Analysis (ENF) is used to prove video and audio streams have not been tampered with, but experts weren't sure if the technology could be used to locate individuals.
Interessting in any case (Score:5, Interesting)
While I also doubt that this is possible today, I am sure the NSA is looking at placing the respective sensors. Then we will have to do "analog routing" and mix in mains hum form several places to obscure where and when things have been recorded. Maybe we should start to offer recordings of local grid noise. Would not be that difficult to do.
Well, fighting fascism is difficult. But there really is no alternative for anybody with at least a shred of noncompromised personal ethics. The price of doing nothing is just way to extreme.
Re:Well, sort of. (Score:5, Interesting)
Tracking someone through landlines has been a Thing for many years now. Ever hear of a "lock and trace"? You can SORT OF do the same thing for power, by embedding a signal in a given substation. It's nontrivial, and it's horribly complicated, but it IS feasable. As for the "hum" thing, that's just standard TEMPEST, been a Thing now for going on thirty years, where you can fingerprint electronics via EM signatures and you can read those EM signatures via physical phenomena including audio hums and induced currents in surrounding circuits. This is why the LASER mike was actually developed, not for actual sounds (standard shotgun mikes do wonders there, because the glass reresonates sound just fine), but to get a good frequency signature on TEMPEST EM leakage. So, in sum, they're not specifically taking a van out and following lines to see what location an interviewee is at, but a lot of that is that they don't really need to because they can get all the information they need through older technologies that approximate the capabilities
HUGE problem with this theory.
The power grid operates on incredibly tight tolerances with regard to frequency. Additionally, within that margin (which is the same, everywhere, within a certain grid...and by grid, I mean, like "The United States" or "Great Britain") there is a small degree of variation that is the same for that grid and all that are built using the same equipment...which is a significantly humongous population.
Imagine a metropolitan area like, say, San Antonio. San Antonio has several power stations that service its region. Each generation turbine produces what's known as "three-phase power," which is kind of like TDMA for AC electricity. Those three phases get broken out and separated into three outputs that then go into a substation and transformers, then out on the grid. The three phases equally and perfectly distribute around the 360-degree rotation of the "exciter," which is basically the generator's key component. If that distribution gets out of whack, power spikes in a really nasty way, and copper vaporizes fast enough that it's actually a detonation.
But I digress. The point is this: AC power is a waveform, oscillating at 60 Hz. It cannot vary much at all...because within the same grid, everything is interconnected. Every generator is in sync, or has a syncrophasor to re-sync the power coming from it before it hits the grid. Otherwise, you get some power from A and some from B, with waveforms that are out of sync...and the frequency changes in both rate and amplitude, and shit blows up. (Including generators themselves...the "Aurora Vulnerability" that DoE is so batshit scared of is essentially a manifestation of this at the generator itself.)
So...I've been trying to think of how there could possibly be enough variation to fingerprint someone based on the hum caused by that 60Hz frequency noise. I've been in transmission control centers where they monitor, regulate and occasionally wet themselves over frequency shifts, and I've seen that the amount of variation needed to cause sheer panic is shockingly low..and it rarely ever happens for even a second. And those tolerances have been the same everywhere I've gone.
So no, it's not at all like TEMPEST. Because if it were, it'd be the equivalent of being able to figure which monitor you were looking at by EM emissions...when all the monitors in the country show the exact same thing.
Re:Interessting in any case (Score:5, Interesting)
Smart TVs are almost certainly involved and if they aren't already, soon will be.
Gullible people seem quite happy to install TVs with inbuit cameras and microphones in their living rooms and connect them to the Internet. What could possibly go wrong?
Re:Well, sort of. (Score:4, Interesting)
There's also the off-peak hot water signals that are modulated on the line (at around 1kHz) in some places. Those signals are generated at the local substation. Their purpose is to activate various hot-water systems to load balance the area's power use. Where the final goal is to minimise the peak usage during 'peak' periods of use.
It is conceivable that if an 'interview' is made when that type of noise appears on the line, and that an accurate time reference is available, it may be possible to use this to narrow down the search region.
Still not going to pin-point a location, but could definitely narrow it down far better than just using the 60Hz line frequency. Which is far too narrow band to provide any useful information beyond what country you're in.
Re: Sounds Plausible (Score:2, Interesting)
To the paranoid, this sounds like a cover. When the magician says he can pull a rabbit out of your ear with his right hand, look to his left hand; when the NSA says/leaks that they can locate you by electric hum, they probably found an easier shortcut (something embedded in the camera?) and want you to go looking elsewhere so you don't find it. Remember, the NSA claims magic but practices sidechannel attacks that make it look like they know magic.
Re:Interessting in any case (Score:5, Interesting)
Inserting a localizer signal using ultra-wide band would be very, very simple. These are basically very brief spike signals at "random" times that you cannot measure unless you know the cryptographically generated sequence in advance. They look like low-level noise to most equipment. But as soon as you know the sequence and look for it, they become glaringly obvious.
So maybe "inserting the sensors" is the wrong idea and "inserting the UWB localizer beacons" is more what they will be doing.