Re: Technology risk without safeguards

[Suresh Kalkunte <sskalkunte () gmail com>]

Sir, I too believe in taking a low profile approach, but the irony is that
those in academia who I have appoached that do recognize this gap in
safeguards are reticent to take up this topic since it involves research
intersecting with negative actors.

I do not wish to take more time from this group beyond what has been
offered am all ears to being introduced to an intrepid epidemiology
researcher/academic institution who would consider to review the safeguards
I propose.

Regards,
Suresh

On Thursday, November 5, 2020, Alain Hebert <ahebert () pubnix net> wrote:

>     Well,
>
>     I'm just saying...
>
>         Speculating about "how to/was harm", on an open forum, is a good
> way to help design "scenarios" that can be abused by bad actors.  It would
> be better to address it in an academia setting.
>
>     *Now* if you're looking for worker safety, surely your local
> jurisdiction have a compliance body able to provide best practices to
> protect the workers.  I hate to bring RFC1149 again, but those high power
> microwave antenna are hell on packet drops on that medium.
>
>     PS: From my experiences with 2 .com about a FPGA Based Firewall and a
> FIPS-140 Encryption Network Card.  And my associate ~15y in the RF radio
> industry.
>
> -----
> Alain Hebert                                ahebert () pubnix net
> PubNIX Inc.        50 boul. St-Charles <https://www.google.com/maps/search/50+boul.+St-Charles?entry=gmail&source=g>
> P.O. Box 26770     Beaconsfield, Quebec     H9W 6G7
> Tel: 514-990-5911  http://www.pubnix.net    Fax: 514-990-9443
>
> On 11/5/20 10:22 AM, Suresh Kalkunte wrote:
>
> > Can you provide a case where this may
> > have happened?
> As you mention, a normal operational scenario finds powerful RF on the
> rooftop. My concern is an abnormal scenario where powerful RF is used to
> sabotage an electronic equipment or human. Magnetron + horn antenna
> (forgive me for using this as an example a few times so far) for instance
> is capable of significant harm. If I mention, I have been victimized, at
> present we do not have the diagnostic/forensic tests (forensic DNA
> scientists at the NIST can be contacted to verify) to prove intentional
> harm from powerful EMF  has occurred.
>
> My motivation to bring this topic for discussion is to make aware of the
> unlimited risk _if_ someone chooses to use powerful EMF as a method of
> sabotage. I do not relish to discuss this, but I remember reading on NANOG
> some 20-25 years ago, I paraphrase 'those with anti-social intentions do
> not publish papers'.
>
> Regards,
> Suresh
>
>
> On Thursday, November 5, 2020, <nathanb () sswireless net> wrote:
>
> > To that end, anyone working around RF should be properly trained and use
> > the safety tools provided them, they should be fine.  If an untrained
> > individual does something and gets hurt with high power RF, it is
> > unfortunate and happens all too often because of people thinking that the
> > worst case things don’t happen to them…
> >
> >
> >
> > Can you provide a case where this may have happened?  Any RF in a Data
> > Center should be on the roof, and isolated from the room at all times.
> > This is standard practice in every RF data room we’ve ever been in, whether
> > it be commercial or Government.
> >
> >
> >
> >
> > Regards,
> >
> > Nathan Babcock
> >
> >
> >
> > *From:* NANOG <nanog-bounces+nathanb=sswireless.net () nanog org> *On
> > Behalf Of *Alain Hebert
> > *Sent:* Wednesday, November 4, 2020 10:32 AM
> > *To:* nanog () nanog org
> > *Subject:* Re: Technology risk without safeguards
> >
> >
> >
> >     Maybe someone is just looking for "inspiration".
> >
> >     There is other venues to work this out "safely", IMHO.
> >
> > -----
> >
> > Alain Hebert                                ahebert () pubnix net
> >
> > PubNIX Inc.
> >
> > 50 boul. St-Charles <https://www.google.com/maps/search/50+boul.+St-Charles?entry=gmail&source=g>
> >
> > P.O. Box 26770     Beaconsfield, Quebec     H9W 6G7
> >
> > Tel: 514-990-5911  http://www.pubnix.net    Fax: 514-990-9443
> >
> > On 11/4/20 12:24 PM, Matt Harris wrote:
> >
> > Matt Harris​
> >
> > |
> >
> > Infrastructure Lead Engineer
> >
> > 816‑256‑5446
> >
> > |
> >
> > Direct
> >
> > *Looking for something?*
> >
> > *Helpdesk Portal <https://help.netfire.net/>*
> >
> > |
> >
> > *Email Support <help () netfire net>*
> >
> > |
> >
> > *Billing Portal <https://my.netfire.net/>*
> >
> > We build and deliver end‑to‑end IT solutions.
> >
> > On Wed, Nov 4, 2020 at 10:48 AM Suresh Kalkunte <sskalkunte () gmail com>
> > wrote:
> >
> > Hello,
> >
> >
> >
> > I believe the below described method of causing intentional (1) damage to
> > equipment in data centers and (2) physical injury to a person at the
> > workplace is on-topic for the NANOG community, if not, I look forward to
> > your feedback. As a software developer who has subscribed to the NANOG
> > mailing list for a number of years, I post this note relying on
> > intellectual honesty that I have had the opportunity to observe since
> > 1996-97.
> >
> >
> >
> > The below described technology risk is applicable to
> > computing/communication equipment rendered vulnerable by Intentional
> > Electromagnetic Interference (jamming an electronic device) and the risk of
> > health sabotage affecting people (jamming a human) managing the Internet
> > infrastructure enabled by intentional application of powerful
> > radiofrequency fields (RF) emitted by re-purposed components salvaged from
> > a kitchen heating appliance (Magnetron) or from an outdoor high gain/power
> > Line of sight transceiver (unidirectional microwave radio) which has a harm
> > causing range up to 25 meters (estimated using a Spectral Power Density
> > calculator like www.hintlink.com/power_density.htm).
> >
> >
> >
> > This risk from mis-application of powerful RF is from human operated or
> > IoT apparatus** with an avenue of approch from (a) subterrain placement
> > aided by a compact/mini directional horizontal drilling machine (eg.
> > principle of placing a stent in the heart) and/or (b) strategic placement
> > in an obscure over-surface location to maximize negative impact on the
> > target of opportunity.
> >
> >
> >
> > With building materials or ground offer insufficient* protection to block
> > the passage of powerful RF and the absence of diagnostic/forensic tests to
> > detect biomarkers expressed post-overexposure to harmful RF  (combination
> > of RF frequency, Spectral Power Density/Specific Absorption Rate incident
> > on a person and duration of exposure), intentional damage to electronic
> > equipment and people is at present unrestricted.
> >
> >
> >
> > The purpose of bringing this method of exploting technology to your
> > attention is with an interest to build the momentum for ushering in the
> > much needed safeguards in this context.
> >
> >
> >
> > While I'm a bit confused as to what this message is trying to ultimately
> > get at, it should be noted that folks who work with RF communications
> > equipment and other EM emitters which are strong enough to cause harm to a
> > person are generally well aware of the necessary precautions and take them
> > on a day to day basis when working with this equipment. If there's evidence
> > that some part of our industry is ignoring or failing to train their team
> > members on safety best practices, then let's hear that out specifically and
> > I'm all for working to rectify that.
> >
> >
> >
> > On the other hand, the post seems to hint at intentionally using high
> > powered RF to inflict intentional harm on a person or to jam communications
> > signals. The former is relatively difficult to do by virtue of the amount
> > of power necessary. Quite basically, there are much easier ways to go about
> > injuring someone if that's what you want to do. Of course, intentionally
> > injuring another person is a criminal act in just about every jurisdiction.
> > As far as the latter goes, the ability to jam RF communications has existed
> > for as long as RF communication has, and the knowledge of how to accomplish
> > it is relatively widespread. It is also illegal in the US and most likely
> > many other jurisdictions as well, and in the US the FCC has enforcement
> > power with the ability to levy some pretty hefty fines on anyone who does
> > so, even inadvertently though negligent practices.
> >
> >
> >
> > The post states that their intention is to "build the momentum for
> > ushering in the much needed safeguards in this context." but lacks
> > specificity with regard to what safeguards they propose beyond the
> > legal/regulatory ones that already exist, so I'm not sure what more can
> > really be said here.