Power Trip

by OSIN

It is common in 2600 for writers to preface whatever topic they may be discussing with a disclaimer such as "I by no means condone or encourage illegal activity."  That ends with this article.

Since it is now impossible in America to tell who is a criminal and who is not, or to tell what is a crime and what is not, I wholeheartedly condone the practice of the actions I'm about to lay out by any and all criminals reading this article.

But not to worry: should any of you criminals out there run afoul of the greatest crime syndicate since the Gambinos, you can always use the (((Irve "Scooter" Libby))) lameass defense, assuming you're a rich, jewish, nonviolent, first time offender.

One of the most used weapons of today's organized crime syndicate is the secret warrantless search.  That means they can enter your residence while you're away and either seize computer equipment or bug the place.  Surely such evil doesn't exist in the Land of the Free and Home of the Brave!  And, how ironic: I began writing this article on the 4^th of July.  But, yes, things are taking place that I'm pretty sure the forefathers of the USA didn't intend.  So, let's take a bite out of crime!

Our first weapon against evil-doers is wireless technology, specifically an Internet-capable wireless camera and a Wireless Access Point (WAP).  I won't go into the security considerations of wireless cameras and access points; I'll only say that it is in your best interest to change the default login password.

There are many more security issues pertaining to this technology, but they are beyond the scope of this article.  I strongly suggest that you educate yourself about these issues lest you give criminals access to spy on you.  No, what we're more interested in at this stage are the capabilities of the wireless cameras on the market now.  Different cameras have different capabilities, but if you were to select one, I would say it should have at least two capabilities: the ability to be monitored over the Internet with a browser and the ability to send email alerts or attachments.

You should consult your particular camera's documentation for information on how to set it up.  I can't really give specifics since different manufacturers' cameras vary widely, but in most cases you can set the email notification, whether to send a MPEG attachment, the number of seconds to record, which email addresses to send the alert to, and so on.

You should also think about such things as the placement of the camera.  Set it far enough away from the area you're monitoring so that the camera has enough time to record a few seconds and send an email before it gets unplugged.

You might even want to consider hiding it or disguising it as another object.  The point is that you can't have a secret warrantless search if there's video of someone in your residence.  And knowing about it is half the battle.

Remember that they don't have to kick down your door or pick the lock.  Many of these gangs have huge amounts of technical resources, so they can make their own keys to get into your place.

But let's not stop there; evildoers always collude with other criminal elements of society to get what they want.

Anyone desperate enough to do a secret warrantless search is probably wise enough to case out the victim before such a search is actually conducted.  And, during the course of such an investigation, they might discover that you have wireless cameras throughout your residence.

How might they react?  Well, barring a full-scale search and seizure, which would make secrecy moot, they might collude with a well-known criminal enterprise that shakes down citizens on a monthly basis: the power company. Keep in mind that the power company will always do what it takes to please its regulatory master.  So, with no power, our wireless camera and setup is useless, right?  Not so fast.  Consider our second weapon against secret warrantless searches: the Uninterruptible Power Supply (UPS).

When the UPS first came out, it was nothing more than a glorified surge protector.

The first ones could power a desktop computer and monitor for about 15 minutes, really only useful to give the user time to gracefully shut down the computer.  About a year ago, though, I came across the newer versions.  They had a USB port which allowed them to be monitored with proprietary software on a laptop.  They also boasted far greater power capacity than older models did.

The one I bought could power a desktop and flat screen monitor for nearly 90 minutes.  But, because I haven't used my desktop in years and I didn't want a good UPS go to waste, I wondered how long this UPS would power my wireless camera, broadband modem, and WAP.  The power requirements for all three added up to 110 Watts while the UPS boasted an ability of 450 Watts.  On top of being a surge protector, the UPS also contained a voltage regulator so I had some confidence that using it outside its intended design parameters wouldn't fry my wireless setup.

I gave it a go.

Using my laptop to monitor the UPS, I found that after an hour of running all three devices off the UPS, the battery's charge had fallen to around 92 percent.  Not bad.  Now, theoretically, if the power usage is linear, then that might run the setup for more than 10 hours, but in a real-world scenario, more power is going to be utilized as my wireless components become more active or have to send out data over my broadband connection.

I never tested how long it could power the setup since you can decrease the life of the rechargeable 12 volt battery if you go below 80% charge, so let's assume for argument's sake that my UPS will power the full requirements of my wireless setup for 7 hours.  That's still a long time for miscreants to have to wait to start their search.

But power outages are common in the United States.  It's not unusual for one to occur, and there are usually no sinister forces behind them, so how do you know if the power outage at your residence is a normal one?

For that matter, how would you know that one occurred?  It's true that my UPS starts beeping when the power goes out, and since my wireless camera also has a microphone, I'd be able to hear it if I logged in to see what's going on.

But I'd have to know that an outage has occurred to connect in the first place.  The point is that you may not know if the outage is just a normal blackout, but there are ways of knowing that an outage has occurred.  The problem is one of notification. And in this next part, I'm going to use a program that's been used on computers for several years to track battery energy consumption (our third weapon): Advanced Power Management (APM).

APM is normally used on laptops to monitor the battery and do some notifications when the battery level approaches critical levels.  The good thing about APM is that it will tell you when the power goes out or the power adapter is unplugged from the wall socket.

It goes without saying that APM will treat a power outage the same way it would treat unplugging the power adapter from the wall and running on battery power.

For this example, I'll be using OpenBSD.

On OpenBSD 3.9, my version of APM will give human readable statistics on the status of the power.  On a laptop, the command to execute is: apm -v

You may need to start the APM daemon first, which is merely ampd.  When you run the apm -v command it will output three lines similar to these:

Battery state: high, 100% remaining, 151 minutes life estimate A/C adapter state: connected Performance state: uninitialized (200MHz)

But when the AC adapter is unplugged or there is a power outage the second line in the output from apm -v changes to this:

A/C adapter state: not connected

So, it's that particular line that we are most interested in.  After plugging the laptop into a wall socket, we could write a script that would run in cron every minute and test whether that second line had changed.

Before we proceed, though, I want to return to the wireless camera.

Anyone who has one of these cameras and has used the motion detection email attachment option will tell you that it's sometimes too sensitive to light changes and not sensitive enough to motion unless you have the sensitivity set to high.  The false positives the camera sends out can be annoying.  Wouldn't it be nice if the camera's motion detection option could be turned on only if the power goes out?

I found that it is possible, assuming your camera allows it.  Most of these cameras are running a simple web server to which you can log in and make changes to the settings and options.  My camera, for instance, uses the GET method when you click the Apply button to turn motion detection and emailing on.

The entire call I need to use shows up in the browser URL location bar.  So now that I know what the full URL is to do this manually, I can incorporate that knowledge in my cron script so that when a power outage is detected it will automatically turn on the motion/email option using GNU Wget.

Here is a Perl script that would perform this feat (the GNU Wget line has been truncated since the real call is very, very long):

apm-monitor.pl:

#!/usr/bin/perl @apm = `/usr/bin/apm -v`; foreach $line (@apm) { if ( ( index $line, "not connected" ) > 1 ) { # If the apm.lock file does not exist if ( !( -e 'apm.lock' ) ) { # We only want this command to run once which is why we have a lock file `wget -O powertrip.html -http-user=admin -http-passwd=yourpassword http://camera_ip/adm/file.cgi?audio_enable=enabled&mot=enabled&email=you\@yourisp.com`; $lock = `/bin/touch amp.lock`; } } else { # The power is back on. Remove the lock file but do not turn off monitoring if ( ( index $line, "connected" ) > 1 ) { $exec = `/bin/rm -f apm.lock`; } } }

As I said, the HTTP call has been severely truncated.

The actual call is much longer.  Each camera is different, though, so you may actually have to sniff your traffic to learn the actual call to your camera's webserver to turn on motion detection.

Note that the variable that actually turns on monitoring is mot for my camera.

To turn off monitoring, you would just change your call line and set mot to disabled, but I advise you to leave monitoring turned on after a power outage event.

There is an old saying that criminals always return to the scene of the crime.

I don't know if that's always true, but our criminals are very anal-retentive and won't give up easily.  So they may call in some favors from another syndicate which has a long history of collusion: your ISP.

I'm not sure if it is feasible for the ISP to disconnect just one DSL or cable modem, but I can imagine they would have some way to block any traffic coming from your modem temporarily.  That means that even with backup power, your email alert and attachment will not get through.  What to do then?

Although my camera has a proprietary program to save images to a flash drive or hard disk, it's not easily scriptable in a UNIX-like environment.

To combat this possible attack, then, we must resort to an entirely different setup.

Instead of using a WAP, wireless camera, and modem, we will use a digital camera, an old 8x8 WinTV card, and a program called Motion.  The OS used is some variation of Linux; in the particular case when I first built this setup, I used Red Hat.

Motion uses the Video4Linux interface, so any TV card or digital camera setup that supports Video4Linux might work.  It's hard to tell with some hardware, but that's why I never throw any hardware away if it still works.

Anyway, the setup goes like this: you hook the Video Out of the camera into the Video In of the TV card which is sitting in a PCI slot of your desktop computer.  You've downloaded Motion from SourceForge and have it installed.

Here's an excerpt from my motion.conf file:  (Distribution Example: motion-dist.conf)

framerate 10 input 1 norm 1 auto_brightness yes threshold 1000 noise_level 16 night_compensate yes lightswitch yes daemon on quiet yes execute /usr/share/alert.sh target_dir /home/pics ffmpeg_cap.new no ffmpeg_timelaps on thread thread1.conf

Some things may have changed in the later releases of Motion, so you should read the documentation.

I won't go into great detail other to say that threshold controls how sensitively Motion will react to movement, execute means that an alert script is run once motion is detected, and target_dir is where the JPEG images of the detected motion are stored.

Right before I log out of my machine and leave my residence, I have a shell script which delays the startup of Motion and runs as a background process:

#!/bin/bash echo "Sleeping for 60 seconds." sleep 60 echo "Starting motion detector..." motion &

That gives me time to get out the door before Motion starts detecting.

There are tons of other options that Motion has, such as streaming MPEGs, but they are beyond the scope of this article.

Returning to our problem of criminals secretly going through our residence, we have to assume that if your ISP is blocking outgoing traffic from your modem, then the miscreants will still have physical access to your system running Motion.  That's a problem.

If they can reboot your system using some sort of rescue CD, then they might be able to mount your hard drives, search for any JPEGs and delete them.  What to do?

A while back, I wrote an article for 2600 on loopback encryption on flash drives.

You can now read it at uk.geocities.com/osin1941.  But I think you get the idea.

Using the loopback device, you can create an encrypted filesystem to write the images.  Without knowing where to look, any state-supported criminals will not spend that much time looking for your images.  And rebooting the machine with a Linux rescue CD won't help them unless they know the password to mount the encrypted file system.

Also, there are other open-source programs, such as TrueCrypt, out there that let you do the same thing as the loopback encrypted filesystem but on-the-fly.  I highly suggest you take the time to acquaint yourself with the various options you have available to you.

It is unlikely that the current state of affairs will ever lead to the repeal of secret warrantless searches.  Once criminals get a certain amount of power, they never ever want to relinquish control and, short of an insurgency, it's very hard to break their grasp on our lives.

But, armed with the right tools, we can make it harder for them to paint us as terrorists while they themselves excuse their own for similar conduct.  And, since equal protection and treatment under the law is now a lie in the United States, it is up to us to start fighting back.

I hope this article spawns more articles on leveling the playing field for those of us who don't have powerful friends.

Code: apm-monitor.pl