(1) Netgear PL1000 extends an Ethernet connection over power conduits. We’ve had this technology for decades. It is not a reach to believe a power adapter could be manipulated into propagating signals.
(2) to be clear, I am not advocating malice against any religion or peoples. You merely failed to connect the dots between “nation state actors” and which nation state. On Mon, Nov 11, 2024 at 4:09 PM, Jonas Bechtel <[p...@jbechtel.de](mailto:On Mon, Nov 11, 2024 at 4:09 PM, Jonas Bechtel <<a href=)> wrote: > This story is hardly believable. You unplug a power adapter to inhibit > malicious data transfer? Because some other device gets added in neighbouring > AC socket? Not reasonable in terms of electrical enginiering and gives no > reason to blame people of any religion. > > Best Regards > Jonas > > On Mon, 11 Nov 2024 21:36:10 +0000 > s3nsor <s3n...@protonmail.com> wrote with subject > "A story about OpenBSD being compromised": > >> As a public service, I feel I should share my experiences over the past >> month or so. >> >> I live on the United States, in the middle of the country in a moderately >> sized city. >> >> Six months ago I purchased a new Lenovo E16 Gen 1 laptop from Micro Center. >> On the first boot, I booted OpenBSD media and over wrote the disk with >> random data. Then I installed OpenBSD 7.5 with full disk encryption using a >> key disk. >> >> After installing the OS, I locked down the UEFI settings, disabling >> Bluetooth, disabling always on USB, UEFI rollback etc. I configured a boot >> password and systems admin password for the UEFI. >> >> I downloaded syspatch and firmware packages over Tor using TAILS on a >> Puri.sm laptop with read-only coreboot. After installing syspatches and >> firmware, the E16 was air gapped. >> >> The E16 was never connected to a network of any kind. All network interfaces >> were configured to be down. Pf was configured to drop all packets. >> >> Base package, X11, and man pages were installed. I was running X by default. >> I setup a VM in its own routing domain and configured SSH access into the >> routing domain in pf. I installed the compiler for coding on the VM. All my >> code is kept on the VM. No other packages were installed. >> >> A month ago, I was at Starbucks waiting to pick up my son for dinner. I had >> my laptop plugged into the A/C outlet to charge the battery. An older Jewish >> gentleman came and asked me to plug his laptop into the outlet for him. I >> obliged, but disconnected my power adapter. To which he said in a >> disappointing tone “your plug fell out”. I said “yup”. >> >> The next time I was waiting at the Starbucks, two days later, another older >> Jewish man came and asked to plug in. I again disconnected my power adapter >> before plugging his in. >> >> A week goes by. One day at the Starbucks, I’m facing the other direction to >> avoid glare while I was working. And I’d plugged my power adapter into the A >> b/c there was no one in the coffee shop but me and the baristas. >> >> After a few hours of being engrossed in my work, I look up from my work to >> find an older Jewish man had plugged into the same outlet as me. >> >> I’m specifically calling these 3 gentleman as Jewish b/c I think it’s an >> important detail. >> >> During the past month, I begin to notice suspicious characters at coffee >> shops I frequent. Military types using two laptops simultaneously. People >> I’ve never seen around before, etc. >> >> Finally, Tuesday of last week, there was a college aged Asian woman at my >> usual Starbucks. Probably Chinese, but I can’t be sure. I 'm a regular and >> I’ve never seen her before. She was on a cellphone, not scrolling like >> normal people, but doing a lot of typing. I think nothing of it at the time. >> >> Thursday, at the same Starbucks, the young Asian woman is there again. I >> think nothing of it, until a husky older gentleman comes in and asked to sit >> at her table and plug into the power outlet which she is plugged into. After >> the gentleman sits and begins using his phone, the Asian woman jumps up and >> leaves abruptly. >> >> On this day, I was not plugged into the power outlet, I was running off >> battery. Coincidentally, almost simultaneously with the Asian woman leaving, >> I needed another session on my VM, so I run the command to connect and the >> xterm window disappears. I open another xterm, run the command and it >> disappears. I do it a third time. I disappears. It’s then I realize this is >> exactly the behavior you get when pledge/unveil are violated. So I know at >> that instant, my machine is compromised. >> >> I wiped the data from the hard drive. >> >> I think perhaps updating the UEFI would be a good way of eliminating a >> possible root kit. I download the latest UEFI update ISO from Lenovo (over >> Tor). I reset the UEFI to factory defaults, and attempt to boot to the >> upgrade CD after disabling secure boot. The machine refuses to boot the CD. >> This makes me believe the UEFI is in fact rooted, because I’ve booted from >> to a CD image on the machine once before. >> >> Here’s how I think the compromise went down. Attackers initially used A/C >> power to connect to IME. With a connection to IME, I speculate they were >> able to drive either Bluetooth, Wi-Fi, or both. With better connectivity, I >> speculate they rooted the UEFI. From there, they were able to gain some kind >> of access to processes on the OS. Which is why my command to connect to my >> VM instance failed, taking xterm with it. >> >> Why am I sharing this story? Particularly, b/c it’s largely anecdotal and >> based on my observations and not data. >> >> Frankly, I’m frustrated. I’m an honest man. I live a quiet life. I’m not a >> criminal or a spy. >> And yet I feel as though I’ve been targeted by adversaries with apparent >> nation state capabilities. Why? There are no answers. Beyond my frustration, >> I feel deeply violated.I run OpenBSD b/c it has the best manual pages, and I >> care about privacy. The code I'm working on is unimportant, except to me to >> help me cope with the chaos of the world around me. >> >> By violating my privacy they’re stealing my peace of mind, and it’s wrong. >> And I can’t stop them. >> >> I’m sharing hoping others can learn from my misfortune, and in their >> learning I hope it makes my adversaries’ jobs harder going forward.
