Re: Technology risk without safeguards

[Alain Hebert <ahebert () pubnix net>]

    Well,

    I'm just saying...

        Speculating about "how to/was harm", on an open forum, is a 
good way to help design "scenarios" that can be abused by bad actors.  
It would be better to address it in an academia setting.

    *Now* if you're looking for worker safety, surely your local 
jurisdiction have a compliance body able to provide best practices to 
protect the workers.  I hate to bring RFC1149 again, but those high 
power microwave antenna are hell on packet drops on that medium.

    PS: From my experiences with 2 .com about a FPGA Based Firewall and 
a FIPS-140 Encryption Network Card.  And my associate ~15y in the RF 
radio industry.

-----
Alain Hebert                                ahebert () pubnix net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770     Beaconsfield, Quebec     H9W 6G7
Tel: 514-990-5911  http://www.pubnix.net    Fax: 514-990-9443

On 11/5/20 10:22 AM, Suresh Kalkunte wrote:
> > Can you provide a case where this may
> > have happened?
> >
> As you mention, a normal operational scenario finds powerful RF on the 
> rooftop. My concern is an abnormal scenario where powerful RF is used 
> to sabotage an electronic equipment or human. Magnetron + horn antenna 
> (forgive me for using this as an example a few times so far) for 
> instance is capable of significant harm. If I mention, I have been 
> victimized, at present we do not have the diagnostic/forensic tests 
> (forensic DNA scientists at the NIST can be contacted to verify) to 
> prove intentional harm from powerful EMF  has occurred.
>
> My motivation to bring this topic for discussion is to make aware of 
> the unlimited risk _if_ someone chooses to use powerful EMF as a 
> method of sabotage. I do not relish to discuss this, but I remember 
> reading on NANOG some 20-25 years ago, I paraphrase 'those with 
> anti-social intentions do not publish papers'.
>
> Regards,
> Suresh
>
>
> On Thursday, November 5, 2020, <nathanb () sswireless net 
> <mailto:nathanb () sswireless net>> wrote:
>
>     To that end, anyone working around RF should be properly trained
>     and use the safety tools provided them, they should be fine.  If
>     an untrained individual does something and gets hurt with high
>     power RF, it is unfortunate and happens all too often because of
>     people thinking that the worst case things don’t happen to them…
>
>     Can you provide a case where this may have happened?  Any RF in a
>     Data Center should be on the roof, and isolated from the room at
>     all times.  This is standard practice in every RF data room we’ve
>     ever been in, whether it be commercial or Government.
>
>
>     Regards,
>
>     Nathan Babcock
>
>     *From:* NANOG <nanog-bounces+nathanb=sswireless.net () nanog org
>     <mailto:sswireless.net () nanog org>> *On Behalf Of *Alain Hebert
>     *Sent:* Wednesday, November 4, 2020 10:32 AM
>     *To:* nanog () nanog org <mailto:nanog () nanog org>
>     *Subject:* Re: Technology risk without safeguards
>
>         Maybe someone is just looking for "inspiration".
>
>         There is other venues to work this out "safely", IMHO.
>
>     -----
>
>     Alain Hebert         ahebert () pubnix net  <mailto:ahebert () pubnix net>    
>
>     PubNIX Inc.
>
>     50 boul. St-Charles  <https://www.google.com/maps/search/50+boul.+St-Charles?entry=gmail&source=g>
>
>     P.O. Box 26770     Beaconsfield, Quebec     H9W 6G7
>
>     Tel: 514-990-5911http://www.pubnix.net  <http://www.pubnix.net>     Fax: 514-990-9443
>
>     On 11/4/20 12:24 PM, Matt Harris wrote:
>
>                 
>
>         Matt Harris​
>
>                 
>
>         |
>
>                 
>
>         Infrastructure Lead Engineer
>
>         816‑256‑5446
>
>                 
>
>         |
>
>                 
>
>         Direct
>
>         *Looking for something?*
>
>         _*Helpdesk Portal* <https://help.netfire.net/>_
>
>                 
>
>         |
>
>                 
>
>         _*Email Support* <mailto:help () netfire net>_
>
>                 
>
>         |
>
>                 
>
>         _*Billing Portal* <https://my.netfire.net/>_
>
>                 
>
>         We build and deliver end‑to‑end IT solutions.
>
>         On Wed, Nov 4, 2020 at 10:48 AM Suresh Kalkunte
>         <sskalkunte () gmail com <mailto:sskalkunte () gmail com>> wrote:
>
>             Hello,
>
>             I believe the below described method of causing
>             intentional (1) damage to equipment in data centers and
>             (2) physical injury to a person at the workplace is
>             on-topic for the NANOG community, if not, I look forward
>             to your feedback. As a software developer who has
>             subscribed to the NANOG mailing list for a number of
>             years, I post this note relying on intellectual honesty
>             that I have had the opportunity to observe since 1996-97.
>
>             The below described technology risk is applicable to
>             computing/communication equipment rendered vulnerable by
>             Intentional Electromagnetic Interference (jamming an
>             electronic device) and the risk of health sabotage
>             affecting people (jamming a human) managing the Internet
>             infrastructure enabled by intentional application of
>             powerful radiofrequency fields (RF) emitted by re-purposed
>             components salvaged from a kitchen heating appliance
>             (Magnetron) or from an outdoor high gain/power Line of
>             sight transceiver (unidirectional microwave radio) which
>             has a harm causing range up to 25 meters (estimated using
>             a Spectral Power Density calculator like
>             www.hintlink.com/power_density.htm
>             <http://www.hintlink.com/power_density.htm>).
>
>             This risk from mis-application of powerful RF is from
>             human operated or IoT apparatus** with an avenue of
>             approch from (a) subterrain placement aided by a
>             compact/mini directional horizontal drilling machine (eg.
>             principle of placing a stent in the heart) and/or (b)
>             strategic placement in an obscure over-surface location to
>             maximize negative impact on the target of opportunity.
>
>             With building materials or ground offer insufficient*
>             protection to block the passage of powerful RF and the
>             absence of diagnostic/forensic tests to detect biomarkers
>             expressed post-overexposure to harmful RF (combination of
>             RF frequency, Spectral Power Density/Specific Absorption
>             Rate incident on a person and duration of exposure),
>             intentional damage to electronic equipment and people is
>             at present unrestricted.
>
>             The purpose of bringing this method of exploting
>             technology to your attention is with an interest to build
>             the momentum for ushering in the much needed safeguards in
>             this context.
>
>         While I'm a bit confused as to what this message is trying to
>         ultimately get at, it should be noted that folks who work with
>         RF communications equipment and other EM emitters which are
>         strong enough to cause harm to a person are generally well
>         aware of the necessary precautions and take them on a day to
>         day basis when working with this equipment. If there's
>         evidence that some part of our industry is ignoring or failing
>         to train their team members on safety best practices, then
>         let's hear that out specifically and I'm all for working to
>         rectify that.
>
>         On the other hand, the post seems to hint at intentionally
>         using high powered RF to inflict intentional harm on a person
>         or to jam communications signals. The former is relatively
>         difficult to do by virtue of the amount of power necessary.
>         Quite basically, there are much easier ways to go about
>         injuring someone if that's what you want to do. Of course,
>         intentionally injuring another person is a criminal act in
>         just about every jurisdiction. As far as the latter goes, the
>         ability to jam RF communications has existed for as long as RF
>         communication has, and the knowledge of how to accomplish it
>         is relatively widespread. It is also illegal in the US and
>         most likely many other jurisdictions as well, and in the US
>         the FCC has enforcement power with the ability to levy some
>         pretty hefty fines on anyone who does so, even inadvertently
>         though negligent practices.
>
>         The post states that their intention is to "build the momentum
>         for ushering in the much needed safeguards in this context."
>         but lacks specificity with regard to what safeguards
>         they propose beyond the legal/regulatory ones that already
>         exist, so I'm not sure what more can really be said here.