It's not much of a stretch to imagine that intelligence agencies have been heavily invested in this area and are far ahead of public research, given signals intelligence has basically been their bread and butter since forever. Moreover, Stuxnet was so advanced for the time that its existence stunned the world.
Keystrokes can be captured indirectly via audio analysis, electromagnetic emissions from wiring, and now RF imaging techniques looking at finger movements. Wouldn't be surprised if they can create multi-modal composite models to attain higher accuracy, or if RF imaging is able to capture lip/jaw movements these days.
The really sexy part is probably what they're able to do with fixed wing airborne platforms, where you can afford to pack ridiculously high-end sensors and local computing power on board.
It still weirds me out to think that a gimmick from 2008's The Dark Knight is more or less a reality now, or will be soon if it already isn't.
They were busy snoring when it came to 9/11. Fake WMDs, never ending wars against goat herders, snowden, not to mention 13 Russians who apparently swung an election.
If someone is busy triggering mail bombers and lunatic shooters just by targeting and upvoting their posts on social media what's all this sci-fi stuff good for? The more complex the world gets the more pointless all this superficial gimmickry looks.
Just look at the budgets thrown at these agencies. Its frankly sickening.
>If someone is busy triggering mail bombers and lunatic shooters just by targeting and upvoting their posts on social media what's all this sci-fi stuff good for?
Your first assumption is that any of those actions were against the ethos of the ones in charge of this technology. They aren't there to stop the bad guys. If anything, the bad guys winning some of the time helps provide public support for the endeavors of those behind this technology. Consider how the people in charge of this technology either gain or lose from the actions of the people you want monitored, compared to what they have to gain or lose from the actions of others who they could use this technology to monitor.
In my personal view, MLK Jr., after his turn to focus on the plight of the poor, is far more a schema of the intended target of this type of technology than James Earl Ray.
They weren't snoring of course, there's no shortage of evidence showing foreknowledge about 9/11 that was consciously ignored by the Bush administration and the intelligence services prior to the event and then (only half-successfully) covered up afterwards.
Since we're speculating about spies, politics and secrecy to begin with, is it really in the spirit of the game to just trust a report published by the government that says the government was doing things right?
It's too bad people were arguing with your point about 9/11 as if they could prove that was invalid, it would completely invalidate your entire argument.
The most recent example of your argument was the death of Jamal Khashoggi. The Washington Post reported that the CIA had advance notice of the attack.
The problem of course is because of the secret nature of their budgets, spending, successes, and failures, it's hard to know how good or bad they are for the country.
But there comes a time when we get real victories, even if they aren't revealed for decades. And the victories that happened this decade, may not be revealed for another two or more decades from now.
Monitoring the blank landscape for signals of malevolence is one thing. But targeting a specific landscape for an attack is another thing entirely. In other words, it is easier to cause an action of attack than it is to monitor, forewarn or prevent somebody else's attack.
The possibilities are now open to detect presence behind doors or to shoot people deeply embedded in buildings.
The incentives aren't there to perform better. Even after all these failures you mentioned, they haven't really been punished in any significant way whatsoever, so why improve?
Correct. The incentives are only truly there, generally, as an organization, for intelligence agencies to do what retains them capabilities, and their budget.
And when every department is granularly information insulated, it's easy for an individual to get caught in a task that serves the above while not even realizing.
I see, well the reason you should care has nothing to do with their mandate.
What they have is a monopoly on hacking without consequence, and infinite budget to explore every vector in hardware, software and physics to exploit, for no particular reason for no discernable threat aside from "that agency over there is also doing it, maybe", and assuming that is a threat.
> They were busy snoring when it came to 9/11. Fake WMDs, never ending wars against goat herders, snowden, not to mention 13 Russians who apparently swung an election.
Ouch. All apparently true, but ouch.
This kind of things won't change until major national security incidents cause budget cuts, not budget increases. It should be like the private sector. When you repeatedly F things up, you make less and not more.
The counter-argument will be "but you're hobbling our intelligence!" Okay, then create a competing intelligence agency to the CIA/NSA/etc. and give the budget to the one producing results.
The replies to this post completely dismiss the elephant in the room.
It seems that YouTube's censorship algorithms finally stopped blocking it: search YouTube for the 5 hour long DVD series "The New Pearl Harbor ~ full" (dWUzfJGmt5U if it becomes unlisted)
I full expect that our online speech from bunkers will be eventually the only thing that is hard to decrypt.
We will be tracked 24/7 by our gait and shape and facial recognition with handoffs between drones and tiny street level cameras, or perhaps to make things easier we may just be tagged eventually with a non invasive RF sensor or coating. Metadata of who you visited or interacted with will be analyzed for patterns with machine learning. Items you order will be tagged and possibly interdicted as it becomes cheaper and cheaper to do so. People won’t be able to organize anything dangerous because the state (which at that time will be 99% just AI) will already have predicted that the same way AlphaGo would predict any chess combination. Any uprising will be pre emptively quelled using pinpoint nanobots which were deposited to lie dormant in everyone’s bodies until activated. States will endure forever.
Speaking of those nanobots, once you have them in people’s bodies they can report back all your whereabouts and activities. It’s easy enough to get them in via people’s food and water supply.
The main hiccups will be in the early years as the nanobot swarms are still clumsy and may reveal themselves before they learn how to stay in an organism without getting washed out so easily and without triggering an immune response.
>Moreover, Stuxnet was so advanced for the time that its existence stunned the world.
Not technically advanced. It was using a collection of 0-day exploits to get into a PC via a USB drive. Any basic hacker could accomplish that with existing exploit tooling.
What was so advanced about it was the coordination to enable it. The collection of 0-day exploits, the knowledge of the architecture of the centrifuge, and the engineering expertise to compromise the centrifuges in a non-obvious way.
Stuxnet was incredibly simple technologically, but it was distilled down to exactly what it needed to do and delivered to just the right people by an advanced vast intelligence apparatus. It did not depend on any breakthroughs in signals, encoding, hardware, etc. I'm not suggesting they aren't capable of technological breakthroughs, but stuxnet definitely isn't an example of one.
You make it sound much simpler than reality, have you read any of the technical reports or just the latest CNN report? I would highly recommend at least reading the Wikipedia entry for Stuxnet, particularly under "Operation" [0] before brushing it off as a job any script kiddie with access to zero-days could accomplish.... never mind that using four zero-days is "unprecedented". Also you are ignoring the fact that they just didn't hack Windows, but also a number of very specific Siemens custom software packages and PLCs. All technical analysis of Stuxnet that I have read until now have said it could only be a government actor with enough resources and time to build something of this magnitude, targeted so specifically as to only affect centrifuges in Iran, although it was discovered in various countries. If you need more technical details, Symantic wrote up a ~60 page dossier with lots more technical details[1]. You would be surprised how insanely detailed this thing is.
I am completely aware of how it worked and you seem to have ignored what I said. The organizational effort to collect the 0 days, target the right centrifuges, etc is what was impressive but there was nothing new technological there. Putting together multiple 0 days is how hackers win sandbox busting competitions for browsers.
Stuxnet has been analyzed in detail and there were no new special hacking techniques like unknown ASLR vulnerabilities or arbitrary unprivileged memory reads like spectre. It was just some 0-days wrapped up with a laser focused task that took years of effort to research.
It's shockingly impressive how much effort went into researching what needed to be done, not the actual mechanism thag was used to do it.
If someone plans out a super elaborate assassination of the hardest target in the world and completes it with a homemade shiv, you don't comment on how impressive the shiv itself was. It was the ability to know when/where/how that was impressive.
Yeah, if Stuxnet had been using something like Spectre or Meltdown the world really would have exploded. And without the source/whitepaper I'm not sure people would have even figured out what it was doing for quite a while.
They say Stuxnet featured nothing very new or technological but I don’t recall anything else infecting PLC’s and using ambient temperature sensors to define behavior. That is just one techno. aspect I found original. The fact that this wasn’t anything new to Symantec researchers is kinda frightening of itself.
>but I don’t recall anything else infecting PLC’s and using ambient temperature sensors to define behavior. That is just one techno. aspect I found original.
The target was interesting and the attack subtle, but attacks on industrial control systems had been the target of research even in the public in the same time frame: http://edition.cnn.com/2007/US/09/26/power.at.risk/
>I'm not suggesting they aren't capable of technological breakthroughs, but stuxnet definitely isn't an example of one.
Never suggested it was. My point still stands that the world was shocked it existed, if only for precisely the reasons you described. It was an indicator of the degree to which intelligence agencies had their shit together at the time. Things that advanced had never really been publicly seen nor pulled off before.
As an aside, one can likewise argue that imaging people via RF isn't really a breakthrough unto itself, but merely putting existing technology and knowledge together in a complicated but exacting fashion.
But it wasn't advanced technologically though. Any blackhat with a stash of 0 days and instructions from the right plc engineer could have put together the payload to do this.
When it comes to seeing through walls, these are new techniques. It's not about knowing the right target through intelligence gathering, etc. It requires new state of the art methods not already available to the public.
hmm, what holds more informational value - thousands of articles and detailed analysis from experts all over the world, or one presumably disgruntled anonymous user on public internet forum that keeps repeating itself?
There are not thousands of articles saying that it was a technological breakthrough. Most sophisticated doesn't mean a new technique was used, etc.
> presumably disgruntled anonymous user
I don't think you understand what I'm saying. I'm not disgruntled at all. I'm pointing out that it was not a technological breakthrough in any regard so it's wrong to identify it as one.
If someone unexpectedly accumulates the largest amount of gold in the world, it's impressive, but it's not a breakthrough in gold-mining technology.
My first job in tech as a teenager (2007 or so) was doing blueprint analysis and WiFi Access Point placement for a US Defense contractor in the Midwest.
While working on one of the buildings with some missile guidance programs, I found a small room in the center of the building that had twelve inch thick concrete walls and a thick steel door. Determined to do my job, I experimented with placing several access points near this room until I found a combination that would force enough signal to connect through those walls. I had the telecom team pull wires, a month later I threw some WAPs in my backpack and installed them.
A week later I got an email marked urgent demanding that my team turn off these access points immediately. I complied, but asked what exactly the concern was. They mentioned that by bouncing WiFi signals, a van parked in the parking lot could monitor the activity in any room they wanted.
At the time I thought they were crazy, and at times I've told this story to demonstrate how paranoid that company was. Looks like there was some real basis to their concern.
It's called an active emanation attack. Passive attacks interpret the electromagnetic signals that electronic devices naturally emanate. They try to reconstruct what the original information was. The active attacks work by doing the equivalent how you see trees at night with a flashlight: they hit the target with a signal, it is affected by what's there, it bounces back, and you get a distorted version of whatever that was. EMSEC standards, esp TEMPEST shielding, were invented to mitigate as much of that as possible. Although it's classified, there's been a number of sites talking about public and some declassified info.
I don't have the link to old site everyone in hacking community used. Here's one provider that describes it nicely plus illustrates what the products look like. They used to be way bulkier.
Here's the quote that first taught me about the risk you described:
"A STU-III is a highly sophisticated digital device; however, they suffer from a particular nasty vulnerability to strong RF signals that if not properly addressed can cause the accidental disclosure of classified information, and recovery of the keys by an eavesdropper. While the unit itself is well shielded, the power line feeding the unit may not have a clean ground (thus negating the shielding)... The best way to deal with this is to never have a cellular telephone or pager on your person when using a STU, or within a radius of at least thirty feet (in any direction) from an operational STU (even with a good ground). If the STU is being used in a SCIF or secure facility a cell phone is supposed to be an excluded item, but it is simply amazing how many government people (who know better) forget to turn off their phone before entering controlled areas and thus cause classified materials to be compromised."
These are also another piece of evidence for two claims I often make: mainstream security folks don't produce devices that are actually secure; NSA/DOD are opponents of securing American infrastructure. On the first, high-assurance security and NSA certifications for TS/SCI demanded EMSEC since they were known attacks, esp by US and Russia. Mainstream ignored them mostly for "secure" products with only a handful trying to do something.
The second claim is from fact that security agencies misled U.S. companies and individuals about these risks specifically so they could use the attacks on them if needed. Although I don't recall if current, they also refused to sell TEMPEST-certified systems outside Defense in the past. So, NSA and pals were known to keep us vulnerable on purpose long before Snowden leaks. I've been griping about and trying to raise awareness of it for some time. Examples:
BTW you don't need rocket science to find out who is back home in your neighborhood, or the other room etc. As most people carry phones in pockets/bags so it is enough to just log clients' MAC addresses in WiFi promiscuous mode and then correlate them.
Confirmed, however there are/were flaws in MAC randomization, see A Study of MAC Address Randomization in Mobile Devices and When it Failshttps://arxiv.org/abs/1703.02874v1.
Has it been addressed somehow recently?
No, my understanding is that the MAC address is always visible, even on wifi networks in WPA/WPA2 personal or enterprise mode.
Also, I believe modern phones randomize their MACs when they scan for networks, but use their real MAC when they connect, and that's visible to anyone within listening range.
Btw, most "guest" wifi networks rely on MAC-based access control, using these same publicly visible MAC addresses.. it's an inherent weakness of the wifi standards and I think the main reason why devices can't randomize their MACs when actually connecting.
Yes, that is true, for modern devices that randomize their MAC addresses. I wasn't up to speed on that. But at least you should be able to see that a device was newly connected to the network. (Due to increased traffic between the two.) If the home WiFi does not have very many devices coming and going, you could probably do pattern matching and learn to fingerprint individual devices. At the very least, you should be able to see that "someone is home".
According to someone at DerbyCon (I know who, but don't have permission to say who), they made the claim that Bluetooth is always on and does not randomize the management frames. And that when phones turn off Bluetooth, they actually just turn off data comms from the BT chip TO the mobile CPU.
Their claim was that BT still responds to mgmt frames even when off, doesnt randomize MAC addresses, and some data can even be sent that will then turn on when the BT is 'turned on'.
I saw demonstrations of it. It, well, scared and awed me.
By moving a wifi adapter in a 2d scan pattern, you could presumably create a virtual 2d sensor and then treat anything between you and where you are wanting to image as the diffuser.
Then get even deeper, as we are at thru wall-stuff here is some research: Tan, B; Woodbridge, K. and Chetty, K. (2016) A wireless passive radar system for real-time
through-wall movement detection.https://pureportal.coventry.ac.uk/files/7646003/tancomb.pdf
Quite an awesome usecase would be to use this for perimeter security, like securing your house and cars. In my locality camera's are in a legal grey zone: the police applauds them for use in case of crime, but because of privacy laws you're not supposed to film other peoples houses and whereabouts. This would enable you to track movements without camera's. Software would make it easy to only give you signals when somebody or something moves on your property at night. All I would need is some machine learning to learn about rabbits, cats and foxes. Or you could have cameras that only turn on in case of movement on your property, hence triggering (I would hope) the legitimate interest provision in the GDPR.
It doesn’t matter whether you track people using a camera, ultrasound, WiFi signals or even manually by watching them from your window and keeping book about their coming and goings, what matters is that you process “their” data. So using a different technology to perform the surveillance doesn’t free you from privacy laws.
In Sweden RF based movement tracking using passive equipment should be perfectly fine as surveillance laws essentially only cover audio, images, and video. As long as it doesn't identify people, and doesn't violate expectations of privacy, I don't think there are any laws that could be applied.
Fixed cameras here must be placed so that they either don't show any non private property, areas the public is expected to traffic, or that all that might be imaged has given explicit permission.
Outside of this you need a permit, which is awarded rather sparingly, and which also includes the possibility of a mandated inspection of both cameras, control room, and any recorded material.
OP asked about filming/watching other peoples houses and the area sourrounding your own home though, hence my answer. You can film on your own property as you like, but if your surveillance system captures the movement of your neighbor it is possible to link the data to them as well (with high enough probability) so it becomes personal data. If you somehow manage to only capture potential trespassers and do that in a way that does not allow any linking to a specific individual (e.g. by only recording metadata) you can argue that it’s anonymous data, if you routinely capture all people moving through a given area you can’t though as it’s possible to attribute the data back to individuals using context information and statistics.
This article implies that WiFi is a privacy concern, but wouldn't any other RF signal work just as well? A bad actor could just create their own signal if you somehow protect your WiFi. That would probably be more effective anyway because they would know exactly where the signal was coming from and could choose a frequency for this application.
Of course it would. And yes, "bring your own emitter" would make things easier, but the point of using Wi-Fi is that it's already there, and you can use it passively. Any RF in reasonable range would work too, including visible light.
Cue military applications, where snipers can now kill you in the safety of your own home with a wall piercing bullet and a scope with a wifi based image overlay.
And a few years later the FBI will be using the tech to shoot people's wives after tricking them into violating some technicality of firearms law (just one example of abuse, plenty of others exist).
Then a decade or two later every patrol car will have the tech.
Trickle down effect is very real for law enforcement.
It will work even better in "silence dissident" situation. Collateral damage is just a bonus, you want other people to fear being associated with your target.
If you know what you want to kill is inside you can just point an AT4 at the building and press the bang switch. I guess .50bmg is a lot cheaper to use at scale though.
Any RF signal will work, but some work better than others. Wi-Fi is awesome for this for several reasons.
1. Having a source inside the house instead of outside is better because you lose, say, 15dB when you go through the wall; this is comparable to what a two-way mirror does to visible light. If you have to illuminate the house from outside using RF energy, you have to deal with much stronger reflections from things outside the house.
2. RF wavelengths that are too short will be badly attenuated by things like walls and doors. You can already notice this with 5GHz 802.11a Wi-Fi; if you have a few walls between you and the AP, the 2.4GHz signal usually works better. The problem gets worse at higher frequencies. (You may have noticed that many walls attenuate visible light, which is RF in the 500THz band, rather strongly.)
3. RF wavelengths that are too long provide much poorer spatial resolution. Outside the near field, your imaging resolution is limited by diffraction to about the wavelength. So you can see a person who's illuminated by the 99.5MHz emissions from your favorite heavy metal station only if their diameter is on the order of 3 m or more, and you can see their movements when they move on the order of 3 m or more. By contrast, 2.4 GHz gives you 120-mm resolution, and 5 GHz gives you 60-mm resolution. For typical humans, these are more useful.
(However, my friend Florian has done good work on passively detecting airplanes using radio illuminations from TV stations, which could be super helpful the next time the US comes to bomb your country, even if he does use Lagrange interpolation instead of B-splines like any normal person would; check it out: https://ieeexplore.ieee.org/document/8115293.)
Also! Having walls be super transparent, as they are at these longer wavelengths, is not entirely an advantage. It makes it harder to distinguish between signals from things in one building and signals from things in another.
If you want to listen to Wi-Fi signal strength changes in real time — including when someone moves around — try https://canonical.org/~kragen/sw/dev3/wifiscan.py. It depends only on Python (3 or recent 2) and PulseAudio. (MacOS hackers, consider upgrading to Linux. Apple's removal of your Esc key shows that they hate you and want you to die.)
You'll stand out if you do that....don't stand out. Just add more noise to the signal(more transmitters, that randomly beam shape and increase/decrease gain). Better to appear neurotic than suspicious, IMHO.
Standing out can do altruistic good if you really have nothing assailable (everyone has something to hide but returns diminish rapidly with their image). Surveying someone and finding heinous crimes makes them look justified. Surveiling and finding minor lawn violations and jaywalking makes them look like wasteful totalitarian bueracrats.
The more people using secure approaches the less suspicious it is to be secure. Especially if there is a sensationalist justification - fight dirty in turn and use their weapons of fear as a pretext against them.
Which reminds me of resistance to a minor driver tagging law in New Jersey. Parents were outright defying it and refusing to pay for the stickers and just covering the fine in full if it came up. Technically the risk of pedophiles tracking them is negligible statistically but there are many valid civil rights perspective complaints it helps get people on board when they would otherwise roll their eyes at the complaints of teenagers a priori.
It's not much of a stretch to imagine that intelligence agencies have been heavily invested in this area and are far ahead of public research, given signals intelligence has basically been their bread and butter since forever. Moreover, Stuxnet was so advanced for the time that its existence stunned the world.
Keystrokes can be captured indirectly via audio analysis, electromagnetic emissions from wiring, and now RF imaging techniques looking at finger movements. Wouldn't be surprised if they can create multi-modal composite models to attain higher accuracy, or if RF imaging is able to capture lip/jaw movements these days.
The really sexy part is probably what they're able to do with fixed wing airborne platforms, where you can afford to pack ridiculously high-end sensors and local computing power on board.
It still weirds me out to think that a gimmick from 2008's The Dark Knight is more or less a reality now, or will be soon if it already isn't.