Damn - now I need to go off-grid as well
Forensics and industry experts have cast doubt on an alleged National Security Agency capability to locate whistle blowers appearing in televised interviews based on how the captured background hum of electrical devices affects energy grids. Divining information from electrified wires is a known technique: Network Frequency …
Not really. I think this story was pushed by someone having shares in Duracell.
The principal problem I have with some of the reporting about the NSA is that some absolutely reeks of psyops involvement. I'm not quite sure why they are aiming to overstate what the NSA can do other than creating some extra fear factor. Well, boohoo, it didn't work for me.
Gotta go with you on psyops, but I suspect it's more innocuous, a factor of poor understanding of what is required to track *global* power fluctuations in manpower alone.
It'd be annoying to just track London, bewildering to track New York city. Incomprehensibly man hours horrific globally. Even for remote monitors to send data on grid fluctuations in a particular area (which would be, by necessity small, due to ground current differentials and assorted other phenomena.
So, I'll go with an ill informed (sparse are those truly informed on the subject) correspondent reporting on "well, I don't know, it *might* be possible".
Hell, with the saturation level required, we'd have a massive payoff in monitoring wind, temperature and humidity and get 100% forecast accuracy.
Oh, so the frequency on the secondary (output) might be different than the frequency on the primary (input)? If this slight delta frequency happens, and then remains in place for an extended period, exactly how many total cycles can be stored in the transformer? If you store enough cycles, will it act as a UPS?
Gotta luv it when the so-called experts wheeled out haven't got the slightest clue about how the Universe works.
@JefftPoooh: Umm, no, the variations are transient, caused by large loads switching (e.g. lift motors). These will affect the locations fed by the same substation, but the substation acts as a filter, so little disturbance goes beyond. Therefore the pattern of disturbances will be unique to the substation, but you need a tap there to record it.
It sounds just about feasible, with enough resources, but it would be a lot easier to profile journalists' recording equipment, and follow them around. There's probably less dedicated journalists than substations.
Oh, they've been doing that for years. Remember all the alligator in the sewer stories? An alligator can carry a lot of monitoring equipment. It also allowed them to develop a highly-profitable handbag business for additional slush funds.
Yes, the one with the tinfoil hat. No, that's NOT my handbag.
"They will track you through the sewer pipes by the colour and content of your sh*t"
Have you ever seen fluorescein or similar dye used to track the route of drains when there is some doubt about where they really go? It's quite impressive. Presumably getting the dye into someone's food wouldn't be that difficult.
Half a smiley here.
Surely a notch-filter, to remove everything from 20Hz to 100Hz, would do the job nicely?
No hardware required, no exotic software, it can probably be compelted with open source software (eg Audacity) in a matter of minutes, and would completely strip the recording of any tell-tale signals.
Nope! The harmonics go way way up through the spectrum. You'd need to get rid of every frequency that's a multiple of 50Hz+/-5%. Up to about 5k. That encompasses virtually the entire speech frequency range.
Not even professional tools can totally remove mains interference without severe artefacts.
"Not even professional tools can totally remove mains interference without severe artefacts."
But there's no need to remove the traces of mains. IF the situtation arises where it could be removed, don't remove it. As has already been suggested, just swamp it by remixing with the addition of a rather stronger but still plausible signal wandering suitably within the expected frequency range. Add harmonics to taste. No plausible way of identifying the genuine one vs the later addition. Job done, method useless.
That's not a good plan. Just like shinning lasers at aircraft as they are trying to land and squawking on police frequencies, if you start dicking about with frequencies on the national grid you will find you receive a lot of very determined attention very quickly.
Double plus ungood is the fact that you are now the eejit almost certainly with a unique noisy ENF.
If I record all of my videos in the middle of Manhatten,LA, Biejing or Bankkok and they manage to discover this fact will it really make anything any easier......
I have difficulty in understanding just how usefull this really is. The proximity would be so large that it would be unusable.. or is there a factor of detection that I didn't understand.
I think the idea is that they could identify a studio where the recording was made by comparing with previous output from that studio. Might be useful for identifying a pirate music factory, but it would need the interview to have been done in a studio already in their database, or at least that one end of a phone interview was in that studio.
If the interview were done anywhere else, the police (or whoever) would need a database of the electronic signatures of every room in the world. Impractical, as you say, especially as the equipment at any location is likely to be variable - it certainly is where I am sitting at the moment.
No, it's worse than that and that's why this is impossible.
The "noise signature" of every studio changes over time. The technique is useful to confirm whether or not a recording was made in one take or whether it's been tampered with, no more, no less.
- Eg if the background hum has "jumps" in it, then a segment was either cut out or cut in. If the background hum is missing, then it's probably been tampered with.
It's listening for frequency shifts as the load changes on the local substation. Those changes are very chaotic, and quite random - the HVAC might be merely chaotic given a known outside temperature range, but the lift movements really are random!
A given florry ballast might whine differently to another, but again, that whine will change as the supply voltage varies and the whine pattern will change as the lamp and ballast ages, and significantly when the lamp is changed.
Some secure buildings and rooms have windows mounted in 'floating frames', much like the glass in a picture frame. A couple of high speed electric motors turning eccentric weights introduce vibration to the windows to thwart laser and IR surveillance equipment. The signal to the motors is sent from transducers analyzing unique, dynamic variables in the buildings HVAC system to introduce randomness that is unique and impossible to replicate, or filter out, outside an incredibly controlled micro-environment. There are simply too many variables in an HVAC system.
Something similar could be done with mains power, and you'd only have to do it where the power came into the building. For the paranoid executive, or Cobra Commander, I suppose there might be a degree of 'Black Sheep' concern. If your building is the only one on the block expressing a palsied utility hum you're going to stick out (like the solitary black sheep in the flock). I would hope, that if someone were outputting a volume of 'undesirable' media sufficient to rule out natural grid fluctuations, that the State agencies already knew where they were. But I've got little faith in those jackasses.
"You could in theory make a noise interference reference database from freely available media on the likes of You tube producing locations based on available or scraped user data"
...Or an audio survey from all of the tracking transceivers (cellular phones).
"The problem was a prodigious one because of the huge amount of frequency variation in local power grids. All manner of electrical devices could cause a dip or spike in neighbouring networks."
Well...yeah: That's what makes it locational data, surely?
I seem to recall an interview on the radio last year where police in the UK were using ENF to locate audio recordings geographically. It's a bit hazy, but I seem to remember that they were building up a database of locales.
If the UK Police were talking about doing it (or even trying to do it) last year, then I have no problem believing the NSA are already doing it and have been for years.
Discourage whistleblowers by saying 'We know where you are , we are coming to get you!'
If they did have a technique that worked , they wouldn't publish the details, because then whistlebowers , or ISIL terrorists making their 'cough up or we kill the kid' videos would very quickly take precautions to avoid their location being identified.
Maybe they can track location, but they aren't going to tell us how they do it.
"Maybe they can track location"
Not really. At any given time, the grid frequency in the UK is the grid frequency *everywhere* on the grid in the UK. There may be local changes in harmonics and stuff in different parts of the network, but the fundamental frequency is location-independent anywhere on the grid.
The 2010 article, iirc, alleges that a database of grid frequency vs time can be used to verify *when* a recording was made, and there is some limited plausibility in that, at least in principle.
On the other hand you cannot easily use mains hum info to verify *where* a recording is made, except perhaps in the presence of obvious standout oddness e.g. spot welding machinery in use 3 metres away.
Otherwise known as FUD. Fear, Uncertainty and Doubt. Standard issue, cheap, easy and always works to some extent. It's a throwaway freeby that comes whenever an argument has to be released against something.
I first learned of the term when I had to participate in a competitive proposal for some US Defence contract. " Where's the FUD ?" (against the competitors' solutions) I was asked.
Standard acronym in the IBM sales force handbook back in the 80s. After a FUD session they usually rolled out "Remember no IT manager ever got fired for choosing to go with IBM." Worked well given their market share, which couldn't be based on superior technology because it wasn't.
"The second problem was the need to log ENF values and the secret signal sauce that allowed location to be determined. "This could mean hundreds or thousands of logging devices in a country if you want to be able to locate a recording accurately," he said."
Not a problem, we are installing those-
"We aim for all homes and small businesses to have smart meters by 2020. Energy suppliers will be required to install smart meters and take all reasonable steps to install them for everybody."
Then there's the Xbox Kinect, Siri's online audio analysis etc etc and Google did some EMF investigations with it's Streetview cars
If they ARE RECORDING and storing ALL telephone conversations and various other communications, they already have various background signals (and probably not just 50 Hz ones).
Makes one wonder if the "Internet of Things" will lead to the oppressive net of beings....
Last thing I need is a lonely (electronically-) promiscuous fridge joining up with others of its kind in some sort of NSA-led refrigerated neural network....puts a chill on things, one might say....
"recording .. telephones .. they already have various background signals (and probably not just 50 Hz ones)."
Unlikely. There's so little bandwidth/data in a typical highly compressed telephone call these days that it's amazing you can ever understand the caller at the other end at all (though if you turn it into small scale VoIP it suddenly needs hundreds of kbits/s again, but that's another story). The idea that you can then extract useful 50Hz harmonic info from the recorded background is almost infinitely improbable.
Nice hot cup of tea, anyone?
I think it could be done, and quite easily. I think the issue is that they're not telling us the whole story. All you have to do is *inject* noise at the substation level. A known, cyclic pattern that can later be extracted from a recording. Et voila, you'll know which sub-station the recording equipment was getting its power from, and from there you can make a deduction, or, in the case of the Americans, carpet-bomb the entire fucking neighbourhood.
If they're doing it, *that's* how they're doing it.
I don't work for the NSA. Honest.
It's possible that a battery-power device could pick up radiated mains hum from the surroundings, but blocking such interference is part of designing professional recording equipment, things like using a balanced line microphone lead.
But what will your digital recording module do to these very low strength signals that do get through the screening?
It may be that the Police still record on cassette tapes because they know it doesn't lose that background signal. And so they can give a court an assurance. Their recorded evidence can be tested with tests that are known to the court system. But how much does the digital recording technology already used by the news media fit in with those tests?
If I were a future Edward Snowden, I'd be worried more about whether the compressor program had been hacked. Can you trust the companies which make the hardware? Have we already forgotten the Sony BMG copy protection rootkit scandal?
Back in the bad old days of the Cold War, computers and other similar items that were used by certain government agencies had TEMPEST protection to prevent keystrokes from being read on the grid. Problem was, the tap had to be at the main input to the building for it to be effective and also the more keyboards being used, the more problematic it was to read the info.
I'm not sure as I've been out of that field for sometime but I remember hearing that TEMPEST protection (and it's cost) wasn't needed as the amount on noise on the grid was too high to be able read this info. I suspect that the same thing applies to this. There's just too much background noise from all electronic devices for this technology to work with any degree of accuracy.
"Back in the bad old days of the Cold War, computers and other similar items that were used by certain government agencies had TEMPEST protection to prevent keystrokes from being read on the grid. Problem was, the tap had to be at the main input to the building for it to be effective "
Not strictly true: TEMPEST protection stops your keystrokes and monitor display being read remotely, across the street, without having to be tapped ANYWHERE. It shields against any leaks, which otherwise broadcast exactly what is going on electronically on your computer to anyone with the relevant sensitive electronics within a hundred yards.
As someone who actually did record the phase of the grid for extended periods I can say that it's plausible for certain situations.
First of tall the averaged frequency of all points in the grid is the same, however there may be some minor phase shifts. Those are however probably completely useless for this.
The harmonics also are much less useful as they might seem since those depend on your very local conditions, particularly when talking about the sound aspect of it. The type of "Loudspeaker" would probably completely dominate this.
It is rather trivial to fake this anyhow. Just record the hum of a the place and time you want, and filter out the original hum, then paste in the fake one. Alternatively you can just use notch filters at 50, 100 and 150 Hz and fill up the space with narrow band noise.
So yes, if I was the NSA I would do it, particularly since it's cheap to do (our setup at work was essentially some cheap Foxconn PC and a tiny bit of homegrown hardware to connect the mains and the output of our clock to the soundcard) and it might be helpful in rare cases.
a) "unnatural variations." The entire grid is a manufactured and hence unnatural artifact.
$) It occurs to me that many device I've owned have introduced low-frequency ringing on the line. Foxing this technique would seem to be trivial in a post vacuum-tube technology base.
"Never mind the Bollocks" this is just frighteneering for the gullible.
The killer is that almost everything is recorded and transmitted using lossy compression,
"whistleblowers" not in a studio will be using at best semi pro kit which will have mics on the recorder and the noise of the tape in the mechanism will drown any hum from a mains adaptor.
And, if you are in a Broadcast Studio you will be at back of a UPS so the max they can tell is if it has a Chloride or an Anton Piller and that`s it.
If you have ever had the thankless task of tracking down hum in a broadcast or sound studio environment due to a wiring "intervention"( one of the best euphemisms I`ve come across) which created a path to a common ground "somewhere" You will notice that the harmonics you pick up depend on the orientation of the loop formed relative to the source, as it isn`t just resistive.
Anyone who plays guitar not on a wireless link could tell you that firsthand, but usually not know why
So this BS by a BOC.
wasn't long ago that "experts" told us that Stingray like systems were too large to be portable and were impractical. Not long after that were told that there is NO WAI the entire nation's cell phone and electronic traffic could be captured....then told it was IMPOSSIBLE to keep it all or do any analysis of the metadata.
Hell, it was considered "impossible" or "impractical" to spoof Bluetooth, to crack most encryption or to actually track Bitcoin transfers. Even before that, "impossible" to send data down civilian grade POTS at speeds over 56Kbps.
If you broadcast it, someone can capture it. If they can capture it, eventually they'll read it. Once you've been around for more than two decades, you'll see "impossible" is what "experts" say when they're trying to keep others from investigating the possibilities of a new device or market...or exploit.
Exactly. Slightly off topic but back in the '80s I remember reading an article in Gramophone magazine about the then-new CD players and the prospects for small version for in-car players. The article pointed out that the problems of a tiny space and the heat given off by the laser made this impossible. On the back cover of the same magazine was an advert for the first self-contained in-dash car radio/CD player!
I used to work for a telecom satellite firm and we would often get interference from unknown locations. By finding the same signal (at much lower power) on other satellites in nearby orbital slots, it was possible to triangulate the location from the time difference in when variations of the signal were observed on the different birds.
In this case, if the source material was recorded with an accurate timestamp, or on a device they had a reference timestamp for, then they would only need a few points, not thousands, on the grid to get pretty close. Maybe a block or two. Once you're in the ballpark, other techniques are a lot less work to be more exact if necessary. For a whistle blower interview though. it would probably just be a matter of looking at a map, seeing a hotel in the search zone and checking the credit cards used that day.
... and you've been slurping all the telephone-calls of a nation - perhaps you just do automated voice-analysis/matching?
I call BS on matching harmonic structure, as this can be very local (or dominated by things within a few houses). The suggestion they 'inject' a signal may not be so wild - are there any grid signalling/control signals sent over power?
"are there any grid signalling/control signals sent over power?"
Yes, there are timing signals. All sources of generation have to be co-oridinated to run at exactly the same phase and frequencey. If you buy yourself a decent oscilloscope with decent noise filtering capabilities, you can see the timing signals. Look at the sinusoid, just around the point where it crosses zero, look for tiny spikes or saw tooth patterns - they are the timing signals.
I should caution that you shouldn't stick your oscilloscope probes into the live and neutral holes of your wall socket unless you have been certified (in 17th edition regs, etc.).
This would avoid the need for many detection points, and allow them to keep records of the frequency at all locations.
If this location detection via mains frequency thing is real it is yet another thing for people to worry about, if it is not it is plausible enough that one who wants to avoid such location detection has yet another thing to worry about, and waste resources "fixing".
"In London the low frequency vibration from underground trains - operating on a timetable and predictable routes - not audible to humans - will be a giveaway. At many other locations - aircraft."
That might work, in theory, if the relevant recordings were reasonable quality massively wideband and barely compressed.
But they almost certainly won't be. They almost certainly will be made with cheap microphones with limited bandwidth, and limited audio quality within that bandwidth, and the bandwidth and quality will be further reduced by whatever lossy compression is used to make an hour's worth of reasonable qualiy audio (e.g. a CD) fit in a lot less than 600 MB (~600MB is a CD).
Move along. Nothing to see (or hear) here.
So wrong. Have you ever listened to speech radio on a HiFi with a proper Subwoofer attached?
Lots of near-subsonic rumble to be heard/felt when listened to on a half reasonable FM tuner.
And 1970s Philips or Grundig cassette recorders could very nicely capture deep street rumble from outside of the building, down to say 50Hz using the built in mic, as was audible on my old Sennheisers in those days.
Biting the hand that feeds IT © 1998–2021