Hackaday Links: November 14, 2021

Hackaday Links Column Banner

If you’re an infrastructure dweeb, it’s hard to drive past an electrical substation and not appreciate the engineering involved in building something like that. A moment’s thought will also make it hard to miss just how vulnerable a substation is to attack, especially those located way out in the hinterlands. And now we’re learning that late year, someone in Pennsylvania noticed this vulnerability and acted on it by attacking a substation with a commercial drone. Rather than trying to fly explosives over the substation fence, the attacker instead chose to dangle a copper wire tether under the drone, in an attempt to cause a short circuit. The attempt apparently failed when the drone crashed before contacting any conductors, and the attacker appears to have been ignorant of the extensive protective gear employed at substations that likely would have made a successful attack only a temporary outage. But it still points to the vulnerability of the grid to even low-skill, low-cost attacks.

We’ve probably all had the experience of using someone’s janky app and thinking, “Pfft! I could write something better than this!” That’s what a bunch of parents of school-age kids in Sweden thought, and they went ahead and did exactly that. Unfortunately, it didn’t turn out quite the way they expected. The problem app was called Skolplattform, which was supposed to make it easy for Stockholm’s parents to keep track of their kids’ progress at school. The app, which cost 1 billion Swedish Krona to develop, is by all accounts a disaster. But some frustrated parents managed to reverse engineer the API and build a new, better one on top of it. This resulted in Öppna Skolplattformen, an open-source app that actually works. Not to be upstaged, the city of Stockholm accused the parents of cyber crimes and data breaches. They also engaged the parents in an “API war”, constantly changing their system to nerf the new app and forcing the parents to rewrite it. In the end, the parents won, with Stockholm changing its position after a police report found that all data being accessed were voluntarily made public by the city. But it’s still a cautionary tale about the dangers of one-upping The Man.

Sam Battles is in a bit of a moral bind, and it’s something that others in our community may run into. Sam is perhaps better known as “Look Mum, No Computer” on YouTube, and as the proprietor of the “This Museum Is (Not) Obsolete” showcase of retro technology in England. He’s also an avid builder of analog synthesizers, including a world-record synth with a thousand oscillators called the “Megadrone.” He’d like to tackle another build to try to break his own records, but in a time of fragile supply chains and other woes too numerous to mention, doing so would likely require the world’s entire supply of some components. Hence the dilemma: do any of us as hobbyists have a moral obligation to tread lightly when it comes to component selection? It’s an interesting question, and one that’s sure to engender strong opinions, which of course we encourage you to share in the comments section. Please just try to keep it civil.

Remember wardriving? If you were around in the early days of the 802.11 standard, you’ll probably recall how wardriving was a popular way to find open-access WiFi hotspots. While today we call using other people’s computers “The Cloud,” back then it was often the only way to get a connection. You’d think that wardriving would have been killed off by the pervasive connectivity of cell phone networks, but that’s hardly the case, at least for security research purposes. A security researcher built a warwalking rig into a backpack and toured neighborhoods in Tel Aviv, and discovered that 44% of people used their cell phone number as their WiFi password. He did this by collecting 5,000 password hashes and using a GPU cracking tool called hashcat to look for passwords matching the Israeli phone number schema, of which there were 2,200. A further comparison of the non-cell-number hashes against the rockyou.txt list of common passwords led to another 900 passwords. So perhaps you should reconsider your approach if you’re using a password like these.

And finally, a little trip down computer memory lane for any Microsoft employees who were onboarded in the early 1990s. Chances are good that they needed to endure this 1994 orientation film that covers the history of Microsoft and the glories of working in Redmond in the pre-Windows 95 days. Aside from the usual snark that attends glimpses of haircuts and fashions back in the olden times, the film is an interesting glimpse into where Microsoft saw itself in the developing computer culture. There are some dubious parts, like claiming — perhaps inadvertently — that Bill Gates and Paul Allen invented languages like Basic, Fortran, and Cobol. But it’s still pretty cool to look at what things were like at Microsoft before it became the behemoth it is today.


21 thoughts on “Hackaday Links: November 14, 2021

    1. In the 80s, the US Navy dropped steel wool over San Diego as a test of radar jamming. Not sure if it was effective at jamming radar, but it was very effective at taking out the power grid.

  1. about the evil drone attack – you could literally walk into a place like this with just a crowbar, there are no armed guards present, many times no people are present at all…
    Also, you don’t need a drone. A length of fishing line, a lead weight and a slingshot is all you need to get a conductor into the high voltage wires without you becoming a part of resulting fireworks show.

    1. Yes, a lead weigh, slingshot and fishing line will do. I don’t suggest it, though, aside from the legal and moral issues. You don’ want to be close enough to be dragging the bare copper over by the line. Really.

      As a side note, in cities with overhead trolley wires, I really do not recommend tying one end of a 36AWG bare wire to the rail and tossing the other over the trolley wire. Spectacular? yes. But there will be scars. And police. And unlike 1987, cameras with good resolution and long term storage. I should imagine a substation will be much more spectacular and scar inducing. And most seem to have cameras these days.

    2. Sure you can walk in but how long will you last. There are places where the voltage will arc over 6″ (1.8m) and kill you instantly if that section isn’t first turned off.

      Similarly a drone is more likely to kill the operator than cause any noticeable problems. The fence line is the safe limit when everything inside is energized. Dragging a conductive path outside the fence line could well be fatal.

      On top of that, any gauge of copper wire that a hobbyist is likely to get his/her hands on is just going to vaporize without even blowing a fuse. The inrush current (at most a couple of hundred amps) would just look like normal load fluctuation.

      1. metallized mylar is enough to cause problems. Sure, the inrush current will vaporize it, but the resulting trail of plasma is conductive and will last long enough to cause breakers to blow. There have been stories for decades of kite tails and balloon streamers falling into high voltage lines and knocking out a grid.

        1. In transmission it’s just economics to use fuses to suppress an ionization arc instead of putting conductors further apart.

          In distribution substations the same economy doesn’t apply and conductors are places further apart than the maximum distance of a fixed ionization arc.

          Flat or ribbon like conductors are better for establishing an ionization arc because when the arc starts (before the ionization) it generates very high frequencies of current transients (Amplitude Modulation). These higher frequencies travel through conductors using the “skin effect” whereby most of the current travels through the outer surface and not the internal area of the conductor. Ribbon conductors have a much higher ration of outer surface area to inner (cross sectional) surface area so they will last a lot longer (as the ionization forms) than a round conductor that will vaporize before sufficient ionization has occurred to support a continuing arc.

    3. > “you could literally walk into a place like this”

      You could, you might not walk out though if you do.

      Even if you do “escape” (assisted or otherwise) you might find that it’s the last thing your hands ever touch. Many a sparky has become (sometimes double) upper-limb amputee as a result of getting too close to a HV transformer.

    4. So, a lone wolf takes out a substation (and/or takes himself out in the process).
      As I see it, a bigger threat is having our entire electrical grid overseen i.e. controlled, by a government agency, giving the whole country’s electrical infrastructure a single point of failure/attack.

    1. Also he isn’t really a hobbyist if he’s getting YouTube revenue. If he’s getting significant revenue from his videos, then he has significantly more to spend on the project than a hobbyist, and incentive to spend more than a hobbyist, or even a normal price-sensitive business would spend on the parts.

      A normal hobbyist would just put such a large project on the back burner until the shortages ease and find other things to work on.

  2. That story from Stockholm is a sad example of what happens too often when government committees purchase software. Lots of money spent for bad software.

  3. On the drone incident what to distinguish a dumb kid with a really bad idea who wants to see some sparks fly from an intended “terrorist attack!” Modified drone sounds so scary. I am filing this one under dumb kid by default, but the purveyors of the narrative have other intentions. (As witnessed by all the drone puffery and terrorist! Proclamations which read like a sales pitch for more defense spending)

  4. Sadly, war driving is still a thing. Parents who can’t afford broadband to their homes drive their kids to the parking lots of businesses offering free wifi. For many, it’s the only way to complete school work.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.