Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/18/84; site hydra.UUCP Path: utzoo!watmath!clyde!cbosgd!ihnp4!qantel!lll-crg!seismo!harvard!think!mit-eddie!cybvax0!frog!hydra!die From: die@hydra.UUCP (Dave Emery) Newsgroups: net.ham-radio Subject: Re: Prankster disrupts radio broadcasts Message-ID: <143@hydra.UUCP> Date: Sat, 7-Dec-85 00:04:16 EST Article-I.D.: hydra.143 Posted: Sat Dec 7 00:04:16 1985 Date-Received: Tue, 10-Dec-85 06:35:26 EST References: <701@ihu1h.UUCP> Reply-To: die@hydra.UUCP (David I. Emery) Distribution: net Organization: Charles River Data Systems, Framingham MA Lines: 88 Keywords: Vulnerable, Spoofing, Validation bitstream. Summary: Society is vulnerable In article <701@ihu1h.UUCP> parnass@ihu1h.UUCP (Bob Parnass, AJ9S) writes: > CHICAGO - A pirate broadcaster has been treating Chi- > cago area radio listeners to some unscheduled program- > ming by transmitting on the microwave studio-to- > transmitter links of area AM radio stations. It is surprising that this sort of thing hasn't happened sooner. There are so many links out there, most of which use very low power (a watt or two) that it is a testament to the basic civility and sense of order in our society that this electronic vandalism hasn't happened more often. In any case my heart goes out to the chief engineers at the stations involved. A surprising number of both AM and FM stations have unattended transmitters controlled from the studio via the STL link. There are shutoff circuits to shut the transmitter down if the link is lost but essentially no protection whatsoever against someone simulating the signal. And I suspect in at least some cases, there is only limited backup capability to shutdown the transmitter by phone lines so a spoofer might have several minutes of air-time before the transmitter could be manually shut down. Years ago I used to wonder why radicals (yes, I'm from that generation but not of that political persuasion) didn't try to take over the microwave TV relay backbone routes used until recently to distribute network programming to local affiliates to run 15 or 30 second anti-establishment commercials during some major TV event. Parking near a hilltop At&T site with a VCR, a 4 Ghz TWT power amplifier (available as surplus) and small dish would be as effective a means of getting media attention as blowing up a building. And as far as I know some care in simulating the real longlines video format would probably suffice to ensure that automatic protection channel switchovers didn't take one off the air. Today taking over a TV network feed would require generating enough RF EIRP to be a couple of db's above the network's uplink transmitter at the satellite. This would involve hundreds of watts and a moderately large dish. It would, however, require the resources of the defense department to find such a bogus uplink with no more indication of it's location then that it was somewhere in or near the continental US or Canada or Mexico. I doubt if the required special resources are set up to handle a random and unexpected 15 second uplink during say the Superbowl. And of course, if one happens to live near the ground sites (mostly Long Island, and LA) that uplink the network feeds, it might be possible to take over a local microwave link feeding the uplink. And of course if the ambitions of the group involved were less than national even a toy source of 3.7-4.2 or 12 ghz (NBC) rf would do quite nicely if located near the satellite dish that served a local TV station as satcom signals are so very weak. I suspect the local oscillator out of a TVRO would do the trick. But more sinister than the few seconds of direct media access such a caper might gain, is the implications for other more critical things that are controlled by RF links. For example, in the area where I live the power companies use microwave links to monitor and control their distribution network. I suspect a clever and somewhat more sophisticated spoofer could issue commands to remote switching stations that would cause a great deal of havoc. Doing so would require some cleverness since the RF links are mostly multichannel fm-fdm-ssb, but since the equipment is quite possibly only equiped with loss of carrier and pilot alarms, it might be possible to spoof with simple enough systems to be within the reaches of a terrorist organization. In any case all of this ought to make those of us who design systems think in terms of how we might make them less vulnerable. One method that works remarkably well in controlling vulnerability to spoofing is to transmit the information digitially and encipher the resultant bit stream. A spoofer would have to know the code to transmit anything meaningful. It is not even necessary to encode the information just as long as there is some form of data integrity checking that involves a secret key that the spoofer cannot obtain by monitoring the channel. A method that would work for radio and TV links is transmission of a validation bit stream on a subcarrier. I suspect this could be accomplished with a $50-100 dollar microprocessor and VCO. I doubt that anyone could argue that something that cheap wasn't worth considering ... David I. Emery Charles River Data Systems 617-626-1102 983 Concord St., Framingham, MA 01701. uucp: decvax!frog!die