Re: Technology risk without safeguards

[Matt Harris <matt () netfire net>]

On Wed, Nov 4, 2020 at 10:48 AM Suresh Kalkunte <sskalkunte () gmail com>
wrote:

> Hello,
>
> I believe the below described method of causing intentional (1) damage to
> equipment in data centers and (2) physical injury to a person at the
> workplace is on-topic for the NANOG community, if not, I look forward to
> your feedback. As a software developer who has subscribed to the NANOG
> mailing list for a number of years, I post this note relying on
> intellectual honesty that I have had the opportunity to observe since
> 1996-97.
>
> The below described technology risk is applicable to
> computing/communication equipment rendered vulnerable by Intentional
> Electromagnetic Interference (jamming an electronic device) and the risk of
> health sabotage affecting people (jamming a human) managing the Internet
> infrastructure enabled by intentional application of powerful
> radiofrequency fields (RF) emitted by re-purposed components salvaged from
> a kitchen heating appliance (Magnetron) or from an outdoor high gain/power
> Line of sight transceiver (unidirectional microwave radio) which has a harm
> causing range up to 25 meters (estimated using a Spectral Power Density
> calculator like www.hintlink.com/power_density.htm).
>
> This risk from mis-application of powerful RF is from human operated or
> IoT apparatus** with an avenue of approch from (a) subterrain placement
> aided by a compact/mini directional horizontal drilling machine (eg.
> principle of placing a stent in the heart) and/or (b) strategic placement
> in an obscure over-surface location to maximize negative impact on the
> target of opportunity.
>
> With building materials or ground offer insufficient* protection to block
> the passage of powerful RF and the absence of diagnostic/forensic tests to
> detect biomarkers expressed post-overexposure to harmful RF  (combination
> of RF frequency, Spectral Power Density/Specific Absorption Rate incident
> on a person and duration of exposure), intentional damage to electronic
> equipment and people is at present unrestricted.
>
> The purpose of bringing this method of exploting technology to your
> attention is with an interest to build the momentum for ushering in the
> much needed safeguards in this context.

While I'm a bit confused as to what this message is trying to ultimately
get at, it should be noted that folks who work with RF communications
equipment and other EM emitters which are strong enough to cause harm to a
person are generally well aware of the necessary precautions and take them
on a day to day basis when working with this equipment. If there's evidence
that some part of our industry is ignoring or failing to train their team
members on safety best practices, then let's hear that out specifically and
I'm all for working to rectify that.

On the other hand, the post seems to hint at intentionally using high
powered RF to inflict intentional harm on a person or to jam communications
signals. The former is relatively difficult to do by virtue of the amount
of power necessary. Quite basically, there are much easier ways to go about
injuring someone if that's what you want to do. Of course, intentionally
injuring another person is a criminal act in just about every jurisdiction.
As far as the latter goes, the ability to jam RF communications has existed
for as long as RF communication has, and the knowledge of how to accomplish
it is relatively widespread. It is also illegal in the US and most likely
many other jurisdictions as well, and in the US the FCC has enforcement
power with the ability to levy some pretty hefty fines on anyone who does
so, even inadvertently though negligent practices.

The post states that their intention is to "build the momentum for ushering
in the much needed safeguards in this context." but lacks specificity with
regard to what safeguards they propose beyond the legal/regulatory ones
that already exist, so I'm not sure what more can really be said here.

Matt Harris|Infrastructure Lead Engineer
816-256-5446|Direct
Looking for something?
Helpdesk Portal|Email Support|Billing Portal
We build and deliver end-to-end IT solutions.