Tuesday, 22 September 2015

A Weapon for the Mass Destruction of Computer Infrastructures

Disclaimer: This is NOT a weapon. This is AN EXPERIMENT. 
You MUST NOT try this at home. The tests were performed under the supervision of licensed electricians, in a controlled environment. 
I intentionally do not provide any technical details about the devices. The purpose of this blog post is not to tell you how to do this, but to raise the awareness that this can actually happen. I believe, entities should be aware of this threat and take any necessary actions to protect their infrastructures. 

Having done a number of physical security assessments over the years, I started wondering how vulnerable our computer infrastructures are. I tried to think of a way for a malicious insider or an external third-party, to target a company’s computer network and take it down by damaging it (someone who doesn't have physical access to the server room). I started thinking about this from a different perspective and I tried to approach this "question" with an outside-the-box point of view. 


Due to my experience with physical security assessments I noticed that there are many unattended Ethernet ports (sockets) everywhere around a building. These ports might not be “active” but most of the time they are connected at the far-end on a managed or unmanaged network switch

I started wondering what would be the effect if one tried to apply electric current on an Ethernet socket from a power socket directly. The picture on the left illustrates a cable which sends electric current (220V-250V) directly from the power socket to the Ethernet port (This is very dangerous, do not make one, and do not try to use it). In reality, such attempt is actually pointless, as it will only "toast" the device you connect this modified power cable. 

The hypothetical network switch at the other end will end up toasted in a split second and the person doing this will experience a loud bang and a bright flash, along with the smell of burned plastic at the Ethernet socket side. 

This is a very dangerous thing for one to do and not a very convenient or an effective way for taking down the whole computer infrastructure. The whole point is to manage to "fry" all the devices behind the network switch!!! (..even after the network switch is "toasted", and the circuits are burned). Also, without exposing ourselves to any danger, as it would have happen if someone have used the cable mentioned earlier on. 

This made me think of what would happen if the electricity being applied is in the form of a high voltage spark. I tried to find the right device for the job, which would be capable of generating a spark for a designated period of time. 

I ended up with the device on the right hand side. Its dimensions are 8cm x 3cm x 2 cm and can fit in someone's pocket fairly easy. After a couple of tries, I discovered that this device is not powerful enough to do what I wanted to do. It could "kill" a network switch at the far end of a network socket but that about it. There is no bang, flashes or the smell of burned plastic at the socket side. Just for the record, it managed to fry the network switch on the other side, over a 50 meters network cable.

Back to the drawing board. For my experiment I wanted to "jump" the network switch and reach the rest of the devices connected to it. I wanted to assess if it is possible for someone to "fry" the other devices connected to the network switch after the switch is toasted. 

So, I ended up looking for a device that fits in a laptop bag, capable of generating a spark strong enough to jump over to the next device connected to the switch. Also, I wanted to assess how far the spark can travel over an Ethernet cable, while being capable of causing damage. 

I came across a very promising device for what I wanted to do. Its dimensions are 18cm x 14cm x 9cm. I painted it and put a sticker on it just to make it look cool! (It felt like it was intended for an episode of Brainiac.)

The device could generate a strong enough spark that I ended up testing over a 100 metres Ethernet cable. 

I took a few pictures to demonstrate how strong the spark is and how far it can reach. It is not very easy to see in these pictures but I was able to maintain the spark (arc) at 4 to 5 centimetres distance. You can see the arc in the following pictures which I haven't edited or altered in any way.
The electric arc over a 100 meters cable looked as strong as it was over a 1 meter cable. That was very promising for what I wanted to do. The following pictures are actual photos from the spark between two network cables.

I set up a network switch, and over a 5 meters Ethernet cable I connected an old working laptop. Over a 3 meters cable I connected a network HDD and over a 100 meters cable I connected my “deathray” device. 

I decided to switch on the device and apply current for exactly 2 seconds. The result was scary and interesting as well. The network switch was burned instantly with a little “tsaf” noise. There was also a buzzing noise coming from the devices plugged-in to the network switch, for a less than a second. There was a tiny flash from the network HDD and the laptop stopped working. 

It is not the cheapest thing in the world to test this, as it took all of my old hardware I had in my attic to run these experiments. I believe the threat from such a high-voltage attack against a computer infrastructure is real and should be dealt with.

If someone in the industry or in a University research group would like to perform any further experiments with this, I am happy to supply the device and provide some more information. I believe it is very important to:

a) assess how big of a threat this is, and 
b) how easy could it be, taking down a large computer infrastructure from a single Ethernet port
c) if this can affect in any way computer forensics investigations

Also, it is very interesting to conduct research for a solution which will be able to protect a computer infrastructure from such attacks. 

Please, follow me on Twitter (@drgfragkos) and share your opinions and thoughts. I hope you enjoyed reading about my little experiment. 

Once again, DO NOT try this, all experiments were performed with licensed electricians present, within a controlled environment

Please find below a better photo of the electric arc between the two Ethernet cables:

No comments:

Post a Comment