I presume others far smarter than me have thought of this before, some of whom are employed by the intelligence agencies of nations. It also occurs to me that when people say the CIA can hear their every word by monitoring their fillings they may be on to something.
The excerpt below mentions the non-intelligence gathering practical issues, and ends with why monitoring is difficult–but not impossible, to some level. The question of value and interpretation of the surveilled information is a different one, which ISTR was a GQ thread itself once.
The impulse shown in Fig. 2 is typical of the type of “ringing” transient often found at the end of a long-branch circuit, where most computer equipment is installed. This ringing is the result of the natural inductive and capacitive reactance found in building wiring. These reactance factors mean that the building wiring will oscillate at a unique frequency when energized by surge current — much the same as a radio transmitter oscillates when its output circuit is energized. While IEEE has found that 100 kHz is a typical ringing frequency for long branch transients, the actual frequency will vary depending on the specific reactance of the wiring. In fact, transient surges actually look more like a single (unipolar) impulse than a ringing one nearer to the electrical service entrance of the building (where little wiring reactance comes into play).
As part of the wiring system when installed, a surge strip interacts with its environment, and branch-circuit impedance becomes a factor in the frequency response and clamping performance of the device. This implication is important: Because branch-circuit impedance varies throughout the system, the performance of the surge strip will vary as well. Furthermore, because these same characteristics affect the frequency, wave shape, and rise time of an impulse at different places within the system, the performance of surge strips often becomes unpredictable.
I think you’re right that some people have tried to do this … maybe are still trying … but if they’re successful, they would probably be keeping very very quiet about it …
The article seems to be speaking about swings above 100V and 1A … I think it’s fair to say computers use 5V and 20mA … and maybe this smaller amount isn’t readily detectable … plus I believe the typical computer has several microprocessors all working at the same clock frequency … very difficult to discern what these microsurges would be telling us …
Compare this is a single old electro-mechanical teletype machine … and here we could get a good idea of what it’s typing out just by measuring the changes in line current … but nothing a couple big capacitors won’t fix …
Surge protectors are not a replacement for good ol’ fashion back-up …
I don’t think you’ll get enough of a signal that way to be able to hear anyone speak. The signal is going to be swamped out by electrical noise.
Inductive and capacitive coupling has been used for surveillance in the past though. Several decades ago, I worked for a defense contractor and worked on classified stuff. Some of the buildings in our facility had no indoor plumbing. You literally had to go to another building if you wanted to pee. The reason for this is that electrical signals from computer monitors were found to be able to travel down water and drain pipes and could be picked up and deciphered. The building had its own generator and was as isolated as possible from the rest of the world electrically. It also had a high fence with barbed wire around the building.
Buildings containing classified materials also weren’t allowed to have windows, and all classified materials had to be kept some distance away (I forget the actual distance) from the outside walls at all times.
People have been able to pick up sounds by shining a laser at windows to measure the window vibrations.
Maybe if you used cold-riveted girders with cores of pure selenium, so that the whole building is some kind of huge super-conductive antenna.
Some other fun ones, that are fortunately obsolete now:
CRT monitors basically illuminate one pixel at a time (there’s some phosphor decay, but that can be corrected for). As such, you can record the diffuse light from the window of an office illuminated by a CRT, and figure out what was displayed on it. You have to sample at a very high frequency (tens of millions of times per second), but the light at any one time corresponds to just one pixel, and so you can assemble the samples together into a perfectly usable image.
You can do a similar thing with the data going over some types of (old-school, phone line) modems. Some were built such that the activity light was just an LED directly connected to the data line. To the human eye, it just looks like the LED comes on when data is going over the serial line and off if not. But LEDs have a fast response time, and so if you sample at a higher speed, you can figure out the exact data that was sent over the line.
I recall hearing about how the old IBM Selectric typewriters could be read. The type was evenly spaced around the outside of a ball, which reverted to a base position when it wasn’t typing. Thus the time to print each letter was a function of how far away it was from the base position, and by recording the clack, clack, clack and measuring the timing, a fairly good idea of what was written emerged. There were probably groups of letters or numbers that were very similar in the interval time, but even then it narrowed down the choices available. Could be a myth…
Maybe. But anything else on that branch circuit would probably obfuscate anything decipherable. Like fluorescent lights (which can be present in LCD displays), PWM for LEDs, etc.
I would have to say with most CPUs operating in the GHz, unless you had something ancient or slow, plus GPUs, memory controllers, SSDS, etc. as someone had mentioned. I can’t see this as being possible with the majority of available test equipment. You’d have to really want to do this and have some serious cash to get the stuff that could. Also, unless you had previously developed this technology to decipher intelligence from the branch circuit, you’d be be capturing a lot of raw data which is even more of a burden.
Technically possible under specific conditions in a lab but I’ll have to provide the opinion that it’s not feasible in a real-world scenario. I could see other avenues being exploited before this.
As the article you referenced points out for a different context, the signal level will be different on branch circuits than it will be at the facility enterence. I’ve never heard of this kind of surveillance being done at the facility enterence: the signal is too small and noisy to be usefull for /anything/ once you move away from the source.
Power supplies can certainly be used for surveillance. The most commonly analysed target is encryption / decryption: if you can gradually accumulate enough information to get the keys, then you can decrypt the encrypted information you observe somewhere else on an open wire.
Another worry is that a virus kind of thing on your computer could deliberately drive the power supply, so that it could transmit information from inside a secured computer, even though the computer has no network connection of any kind.
This kind of information has a very slow transmission rate, because it has a very small Shannon limit, because the bandwidth is narrow, the size of the power modulation is low, and the noise is high. Which is why it is a more of a concern for just getting a decryption key - say 1024 bits - rather than exposing a document in real time – as they could and did get from laser-window watching, selectric typewriter listening, CRT radio emmission recording, or Beer-can-in-wall microwave surveillance.
If nothing else, even if you could pick up sound sources in a building, you’d be getting all of the sound sources in the building. Good luck following just the conversation you’re interested in when you’ve got 500 people talking at once.
It was electronic; it just wasn’t wired or internally powered. A similar technique is used with many RFID devices nowadays.
My first assignment out of college was working on the design of a switching power supply for the Trident fire control system. A great deal of attention was paid to filtering out conducted EMI from the power supply because of the possibility of deducing the state of the fire control system (are we getting ready to launch?) from electronic noise generated by return currents running through the hull of the submarine.
Old paper but still relevant. Not too many use serial now a days but Ethernet waveforms are somewhat similar. I think at higher data rates this would become difficult.
Also, I wonder if with the switching power supplies in use today, if that would negate the effectiveness. Or maybe use it to your advantage? If a simple feedback loop could be established then you could trigger spikes in current consumption to correlate to the spikes of the switching power supply and communicate more effectively.