Something is Afoot…

OG-AA794_GRIDAT_NS_20140204171308Back in April of 2013 there was an attack on a power station in Southern California. The attack was calculated, detailed, planned, and execute well. There were many details that perked my interest including the oil tanks being targeted instead of the windings themselves. This would limit catastrophic damage to the transformer. Additionally numerous fiber-optic lines in the area were cut, including those run by Level 3 Communications.

I have read a few writeup discussing the attack and I did come across one theory that was interesting.

Gabriel: Have you ever heard of Harry Houdini? Well he wasn’t like today’s magicians who are only interested in television ratings. He was an artist. He could make an elephant disappear in the middle of a theater filled with people, and do you know how he did that? Misdirection.
Stanley: What the f*** are you talking about?
Gabriel: Misdirection. What the eyes see and the ears hear, the mind believes.
Swordfish movie (2001)

[See the PowerPoint here]

On the morning of the 16th of April 2013 the following events unfolded at, and around, the PG&E Metcalf Transmission Substation in San Jose, Calif.:

  • 12:58 a.m. AT&T fiber-optic telecommunications cables were cut not far from U.S. Highway 101 just outside south San Jose.
  • 1:07 a.m. Some customers of Level 3 Communications, an Internet service provider, lost service. Cables in its vault near the Metcalf substation were also cut.
  • 1:31 a.m. A surveillance camera pointed along a chain-link fence around the substation recorded a streak of light that investigators from the Santa Clara County Sheriff’s office think was a signal from a waved flashlight. It was followed by the muzzle flash of rifles and sparks from bullets hitting the fence.
  • 1:37 a.m. PG&E confirms received an alarm from motion sensors at the substation, possibly from bullets grazing the fence.
  • 1:41 a.m. San Jose Sheriff’s department received a 911 call about gunfire, sent by an engineer at a nearby power plant that still had phone service.
  • 1:45 a.m. The first bank of transformers, riddled with bullet holes and having leaked 52,000 gallons of oil, overheated – at which time PG&E’s control center about 90 miles north received an equipment-failure alarm.
  • 1:50 a.m. Another apparent flashlight signal, caught on film, marked the end of the attack. More than 100 shell casings of the sort ejected by AK-47s were later found at the site.
  • 1:51 a.m. Law-enforcement officers arrived, but found everything quiet. Unable to get past the locked fence and seeing nothing suspicious, they left.
  • 3:15 a.m. A PG&E worker arrives to survey the damage.

The damage to the substation took 27 days to repair and cost $15.4 Million. In the substation’s 500kV yard, ten transformers were damaged; In the 230kV yard, seven transformers were damaged; In the 115kV yard, 6 circuit breakers were damaged. It was also claimed that a total of 52,000 gallons of mineral oil (used for cooling) leaked as a result of the bullet strikes.

The damage to the fiber-optic telecommunications infrastructure was repaired within 24 hours. AT&T had six cables cut and needed to install new cables to work around the affected area. LEVEL 3 Communications had one cable cut, which was repaired within 10 hours.

The attack on the substation was so over-the-top, especially given that no long-term damage was inflicted, that it more appropriately should have been an entry in Bruce Schneier’s Movie Plot Threat Contest. The trope “orgy of evidence” comes to mind because the attack was so inconsequential for the level of effort expended. Sure it lightened PG&E’s wallet and provided an opportunity for endless sound bites by consultants and lobbyists touting their employers agendas, but nobody’s lights went out as a result of this attack.

So this brings us back to Houdini’s misdirection. Two events occur, one is over-the-top and will obviously lead in the morning media, the other deals with some cut cables in holes next to railroad tracks – decidedly non-spectacular and non-photogenic.

The thing is is that the Metcalf Transmission Substation is next to railroad tracks. And it happens that the railroads’ right of way is used to run fiber-optic cables. I’m sure you’ve heard of SPRINT, which use to be SP Communications, which was founded by Southern Pacific Railroad way back when. Fiber is why all the big name companies in Silicon Valley want to be as close to the railroad tracks as possible!

If we assume that the real target was the telecommunications infrastructure, how would someone tap some of the most monitored lines in the world?

By causing the fiber cables to be so extensively damaged that new sections have to be pulled to work around the damage. This level of disruption would require that any quality/security scans performed – using optical time domain reflectometers (OTDRs) – be re-calibrated after the repairs. The new cable sections could have been pre-engineered to have clip-on couplers (passive taps) built in that exert “micro bending” (i.e., spatial wavelength displacement). If they are detectable by the OTDR they would probably show up as noise near the repaired areas and be ignored. And the voila! Job done.

The next challenge for the strike team would be getting the output from the couplers to somewhere it could be analyzed. Once it was confirmed that the couplers had not been detected, then another team could move in and install appropriate transmitters or couple them into dark fiber for back-haul to data extraction.

We may never know the who/why of this attack. The over-the-top nature of it suggests that it was corporate sponsored as opposed to sovereign. The Metcalf Substation does have some interesting corporate neighbors, but given the nature of the communications traffic flowing in that right of way just about anyone using or traversing that corridor could have been the target.

TL;DR: The substation was actually a diversion.

But there wasn’t much to give credence to the situation until I saw my inbox this morning. Let me repeat something before we start with the new data:

Once is happenstance, twice is coincidence, three or more times is enemy action. And I don’t believe in coincidence.

Lets start with the first article that hit my inbox, USA today.

The FBI is investigating at least 11 physical attacks on high-capacity Internet cables in California’s San Francisco Bay Area dating back a year, including one early Tuesday morning.

Agents confirm the latest attack disrupted Internet service for businesses and residential customers in and around Sacramento, the state’s capital.

FBI agents declined to specify how significantly the attack affected customers, citing the ongoing investigation. In Tuesday’s attack, someone broke into an underground vault and cut three fiber-optic cables belonging to Colorado-based service providers Level 3 and Zayo.

The attacks date back to at least July 6, 2014, said FBI Special Agent Greg Wuthrich.

(Emphasis mine.) Well that’s interesting, but it doesn’t sound all that interesting. The article does note that the incidents have occurred in remote areas but attempts to play it as merely petty vandalism to delay people from getting their cat videos. (No I’m not making it up, see this line…)

Backup systems help cushion consumers from the worst of the attacks, meaning people may notice slower email or videos not playing, but may not have service completely disrupted, he said.

But repairs are costly and penalties are not stiff enough to deter would-be vandals, Doherty said.

“It’s a terrible social crime that affects thousands and millions of people,” he said.

First you have to catch the vandals to fine them, and if this has nothing to do with vandalizing infrastructure but instead tapping it this is a very serious thing. But certainly those lines will help calm those who don’t know details, have the attention span of a squirrel, and don’t have the memory to correlate other external events that are most likely related.

Now lets flip over to the Wall Street Journal.

The latest attack hit several cables in Livermore, Calif., shortly before 4:30 a.m. Pacific time and hadn’t been repaired as of early Tuesday evening, according to several Internet service providers affected by the outage. Some operators complained that law enforcement activity made it harder for crews to fix the problem.

“It’s very inconvenient in terms of getting up at 4 in the morning,” said Peter Kranz, chief executive of local Internet provider Unwired Ltd.

FBI Special Agent Greg Wuthrich said the agency understood operators’ frustration but needed its investigators to look for evidence before anyone patches up the cuts.

“When some of the first cuts were taking place, the cuts and cables were fixed, and there was no evidence, no anything to look at,” he said. “We just need to have a little bit more time to have our people go in.”

I love the complaints about law enforcement making it difficult to repair the communication lines because they want to inspect and collect evidence. This is a classic case of “repair the problem, investigate no further on root cause.” Please stop digging you could induce panic.

Again the paper plays this off not nearly as serious almost as if it’s just some kids out pranking the world. Then we get to the local paper…

The severed fiber optic cables that disrupted Sacramento-area communications is just one in a series of 11 Bay Area incidents in the past year being investigated by the FBI.

Phone, television and Internet services were disrupted in Auburn and the surrounding areas following three severed cables in Alameda County Tuesday morning, according to the federal agency.

Since July 6, 2014, there have been 11 incidents of vandalism to fiber optic cable networks in the greater San Francisco Bay Area.

FBI Special Agent Greg Wuthrich said at this point it is unclear why the cables are being damaged, but said state and federal law enforcement are coordinating on the investigation.

According to communications provider Wave Broadband, three major fiber optic cables were severed at around 4:20 a.m., causing service outages in Sacramento, Rocklin and Auburn areas.

Wait, it wasn’t just one cable shared by multiple service providers, but three different cables? Additionally as these were related to the backbone and given one of the providers involved you just tapped a decent chunk of the internet. Just what the hell is going on down there. I start searching for more information, including something on the Metcalf substation incident to try to cross reference and discover this:

The Silicon Valley power substation that was attacked by a sniper in April 2013 was hit by thieves early Wednesday morning, according to the Pacific Gas and Electric Company, despite increased security.

The substation, near San Jose, Calif., is the source of energy for thousands of customers, and the idea that it was the target of a well-organized attack, and that it might have been disabled for an extended period, raised anxieties about the possible broader vulnerability of the grid. The attack this week did not involve gunfire, and it did not seem intended to disable the facility.

The date on that “theft” is August 27, 2014. The recent string of attacks on the fibre lines started July 2014. Tell me, if you wanted to inspect the response and repair actions of an attack couldn’t you just easily disguise it as a simple theft? You could get up close and personal and inspect exactly how the substation was repaired and what additional actions were taken to harden the substation.

Look, I’m a big fan of Halon’s razor and I hate conspiracy theories because honestly 99% of them are bullshit. But we have multiple, repeat incidents. There were clues and suspicion of possible nation-state involvement which were dismissed. We have an administration who actively works to diminish the significance of attacks and events that surround us and affect us in deep and profound ways. Additionally we see that there are outside nation states who have taken a keen interest in the United States. Just look at the Office of Personnel Management hack, seriously that is a threat beyond what most realize. Then while all this is going on we have people calling to critically weaken our cyber security infrastructure, in the name of stopping terrorism.

There is someone gathering intelligence, placing equipment in the correct locations, and improving their leverage against us. We’re in a technological cold war and we’re seeing the spill over from the physical side of things. Things are not looking good, safe, or secure, especially with over 18 trillion in national debt. Stay safe and keep your powder dry.

Barron is the owner, editor, and principal author at The Minuteman, a competitive shooter, and staff member for Boomershoot. Even in his free time he’s merging his love and knowledge of computers and technology with his love of firearms.

He has a BS in electrical engineering from Washington State University. Immediately after college he went into work on embedded software and hardware for use in critical infrastructure. This included cryptographic communications equipment as well as command and control devices that were using that communications equipment. Since then he’s worked on just about everything ranging from toys, phones, other critical infrastructure, and even desktop applications. Doing everything from hardware system design, to software architecture, to actually writing software that makes your athletic band do its thing.

Citizens take law into own hands

Not only did the Sheriff’s Office narrow its scope to “life-threatening” situations, but it even encouraged people who felt unsafe to relocate. “… the Sheriff’s Office regretfully advises that, if you know you are in a potentially volatile situation (for example, you are a protected person in a restraining order that you believe the respondent may violate), you may want to consider relocating to an area with adequate law enforcement services,” the original release stated.

Selig’s community watch group, looking to fill in the law enforcement cracks, now meets once a month to discuss crime and teach its approximately 100 members about personal safety. The group also has a trained “response team,” which consists of 12 people who will respond to the scene of a reported non-life-threatening situation if called.

I’ll summarize the full details real quick for everyone.  A county in Oregon lost a federal grant for timber that was a large source of revenue for them.  The county attempted to pass a tax levy to make up the difference, but it was voted down.  Because of this, they cut law enforcement back because that’s the obvious area to reduce funding. *SMH* One of the officers who was forced to retire early because of this mess decides to create a neighborhood watch group that is basically performing some of the duties of law enforcement mainly focused around property crime.  They’re not handing out tickets or arresting anyone, at least from what the article said.

It’ll be interesting to see how this plays out.  There are obviously legal ramifications here.  There are liability issues and then the question of what they do when they are in a situation where they should arrest a person.  So far it seems like everything they’ve been involved in has been pretty harmless, but I’m sure that won’t last forever.  While I don’t agree with the scope of law enforcement at times, I also don’t want to trivialize their job and make it sound like anyone can do it.  Since it’s a prior officer that’s running this thing, I’m hoping that there is some good quality training going on and that the people doing this are prior MIL/LEO.

Some of the citizens are saying that the local government is cutting law enforcement to basically force their hand and get them to approve the levy.  I haven’t seen their budget, but I wouldn’t be the least bit surprised if this was the case.  Regardless of whether or not there is enough money, I’m impressed with the citizens’ willingness to step up and get the job done.  While law enforcement isn’t the first place I would think that we should have citizens stepping up to fill the gap, I am glad to see them doing what needs to be done, and I’m really hoping they do it right since this is the type of thing that can set a precedent going forward.

~John

Why Would You Ever Need a Magazine With More Than 10 Rounds

Lately people have been throwing around the need argument.  It is an argument that honestly doesn’t really matter.  Drunk driving kills how many people every year and does anyone need to drive?  Why not just use public transportation?  Why does anyone need to drive themselves from point A to B?  But again, the argument doesn’t matter, it’s pointless.  Does law enforcement limit themselves to 10 rounds? What about the military?  But they’re different I hear you cry?  Are they?  Do they really need 30 round magazines that turns their guns into mass killing machines?  They should just reload like the rest of us!

1349368116_8392_why30rounders

Image by Oleg Volk.

As I am writing this I am coming down off a serious adrenaline dump.  I had wrapped my knee for the night and was dressed in such a manner as not to rapidly exit my door grabbing my weapon and having nothing more than was on the belt of my pants.

Let me start at the beginning.  My local neighborhood gun shop is a block away.  The owner is quite literally my neighbor.  I wave hi to him and his wife on my way to work every morning, we are literally on the same street.  I am merely an additional 100 yards from his business than he is from his house.  Due to my proximity, my willingness, and the fact I hang out and help because one of his sons is my age and he’s a cool guy I’m basically on the business roster.

Early this month they had to attend their buy show in Vegas along with SHOT show.  The shop owner closed up and he and the regular employees headed down for a “business vacation”.  While gone I was put on the alarm system call list, still am actually.  If any of the sensors goes off, they called the shop followed by my phone.

Tonight the alarm went off.  I missed the call and rolled out after my voicemail buzzed.  The shop owner was ahead of me and I texted his son immediately I heard the voice mail and head out.  They were finishing up clearing the building as I walked in the front door.  I had my side arm and a few other tools but I was brining up the rear so bad I wasn’t too worried.  We met up, did some debugging, notice that some of the sensors use batteries and we replaced all of them.  We reactivated the system and went home.

After the first adventure, I figured my night was over, went to a Robb life style of “Pants Free” and wrapped up my left knee.  Two hours later, my phone rang again.  I was out of the house in under 2 minutes, with my pants on, rifle, side arm, and knife.  I merely had the immediate possessions I was able to grab.  I went flying out of the house and flew down my road at about 60 mph flew into the parking lot and slid to a stop just before the front door.  I slipped past the front door, unlocked it, and proceeded to clear the building carefully and methodically. Nothing was out-of-place, nothing was wrong other than the alarm had gone off again.

oleg-volk-cop-with-rifle-1

Image by Oleg Volk.

I bring all this up because I want to emphasize a point.  I left the house with merely the equipment I could grab.  I wasn’t tossing on magazine carriers.  I wasn’t tossing on multiple weapons.  I grabbed one weapon that total gave me 61 rounds to put on target.  I grabbed one weapon that could I could accurately and easily manipulate in the variety of conditions seen within the shop.  I had my side arm on my belt which gave me an extra 13+1 should my primary weapon fail.  If I had not left my firearm clipped to my belt, it would have been left at home.

Now some would say, I didn’t need to go down there, or go inside.  Police response where I live is 30-45 minutes if we’re lucky.  Further the cost of a false alarm is expensive and best dealt with.  Yes it could be considered a high risk maneuver, so is letting the criminals inside steal firearms and ammunition.  I’m comfortable entering that environment, I’m familiar with it, I know the layout, I know where I can find cover and concealment, and I know the better ways to get around to avoid kill zones.

Even more than that some would say, it isn’t my business so it isn’t my problem.  To them I would say, stay in suburbia, stay in the city, and leave those of us who like rural life to live among our like-minded neighbors in peace.  I would help my neighbor as he would help me.  Our community as a whole would be shamed by an event like this, and I will be damned if I will let the, “Let someone else deal with it” and “Not my problem” attitude take over.  The owner felt bad it interrupted my night, but in the end I told him I don’t care, doubly so because if anything was happening I don’t care if he’s on site first or I’m on site, the bottom line is the security of the business and the weapons inside.  I would rather them call me so I can give immediate support than have him out numbered in a worse situation waiting for the eventual police arrival.

The whole point of this  though is I was limited to what I could grab and head out the door with.  In this case my AR-15 and my side arm.  In the middle of the night someone is limited to what they can easily grab by their nightstand.  Be it a XDm 9 with a 20 round capacity or an AR-15 with a 30 round magazine. The point is any citizen deserves to be able to take as much fight with them as they possibly can at the drop of a hat.  Criminals do not call ahead or provide advanced notice and they will not give you a chance to go get more ammo.  Why do people like normal capacity magazines, because it’s less you have to worry about when something goes bump in the middle of the night.  It’s less you have to fiddle with.  No one has ever come back from a gun fight and said, “Damn, I wish I hadn’t brought so much ammo.”

*I have two 30 round magazines attached together like this in my rifle.  It was this that allowed me to quickly deploy with 61 rounds in hand.  I have a second set that will be taped up in the near future and relocated to quickly grab.

Barron is the owner, editor, and principal author at The Minuteman, a competitive shooter, and staff member for Boomershoot. Even in his free time he’s merging his love and knowledge of computers and technology with his love of firearms.

He has a BS in electrical engineering from Washington State University. Immediately after college he went into work on embedded software and hardware for use in critical infrastructure. This included cryptographic communications equipment as well as command and control devices that were using that communications equipment. Since then he’s worked on just about everything ranging from toys, phones, other critical infrastructure, and even desktop applications. Doing everything from hardware system design, to software architecture, to actually writing software that makes your athletic band do its thing.

Nothing Good Happens After Midnight

So Garand Gal relayed a story that I highly suggest you go and read.  Seriously, go read it, I’ll still be here when you’re done.

Did you read it? Good.  Now there are some serious take aways from this incident.  First it is another data point in my philosophy of “Nothing Good Happens After Midnight.”  Second, absorb and retain her first four bullet points.  Most especially paying attention to what the dog is telling you.

That dog knew there was a problem and was quite aware of it, long before the owner did.  This isn’t as much to say the owner wasn’t paying attention, but animals have a serious knack for picking up on ques that you or I might miss.  If you have a pet and they start acting funny, listen and pay attention, odds are they’re telling you something.    It doesn’t even necessarily have to be with regard to self-defense.  Our cats let us know one of our toilet tanks was leaking and also informed us of our mouse problem.  If we hadn’t paid attention we’d have bigger problems than we currently do.

As for what she did, that was about the best possible outcome.  In that case how can you tell who the good guy and who the bad guy is?  I will say that anyone who gets out of the safety of their car and then starts shooting at another one probably needs an immediate shot of lead to their center of mass.  Especially if the vehicle they’re shooting at isn’t trying to run them over.  Remember, if you’re in a road rage incident, stay in your vehicle, which honestly this could have easily been mistaken for a case of road rage.  If someone starts shooting at you while you’re in a vehicle… you’re in a 3,000 lbs weapon, use it!  A note about the guy following in the Jeep, I applaud your initiative, but next time, call 911 first and be ready because criminals don’t like people interrupting them most certainly those who try to stop them.

I’m not sure what Garand Gal could have done differently other than engaging, except she had no clear cut defining line of who was friend or foe.  The fact one fled on foot certainly also helps color who was in the right and who was in the wrong, but we are still playing the game of hindsight.  As it all went down she kept something between her and the questionable parties.  When she finally did pay attention to the dog, her attention went to where it needed to be.

My big crux is read her story and learn what you can from it. You don’t get second chances in these types of incidents and getting a solid write up of an experience like that helps you learn what to look for and most importantly can crush false misconceptions you might have.

Barron is the owner, editor, and principal author at The Minuteman, a competitive shooter, and staff member for Boomershoot. Even in his free time he’s merging his love and knowledge of computers and technology with his love of firearms.

He has a BS in electrical engineering from Washington State University. Immediately after college he went into work on embedded software and hardware for use in critical infrastructure. This included cryptographic communications equipment as well as command and control devices that were using that communications equipment. Since then he’s worked on just about everything ranging from toys, phones, other critical infrastructure, and even desktop applications. Doing everything from hardware system design, to software architecture, to actually writing software that makes your athletic band do its thing.

Those Whacky Squirrels

So Janelle and I were sitting on the couch and she was rolling through the blogs and came across this from RNS. After she reaches the end and busts up laughing she tosses the laptop to me and says read.

I had a couple different comments for different things. First was that the whole thing revolved around remaining in “condition yellow“. Second was that when something unforeseen like this happens the first order of business is not to panic; no matter how much it hurts. Third that was the most awesome possible result when he finally got rid of the squirrel. I say the squirrel sailed into the cruiser because of Karma(we were watching My Name Is Earl). My last comment was, “People wonder why I prefer to shoot the bastards with as much distance between me and them, THAT’S WHY!” Not to mention the fact that hitting them when they’re further away is considerably harder.

I must say though, for the rider at least it wasn’t a pack like this. Best way to deal with squirrels like that is to make clouds of pink mist. Maybe it is my philosophy on dealing with squirrels that has kept any from showing up around my house.

I had someone ask if I realized that was a story. The answer is yes, doesn’t mean you can’t glean anything from it. Besides, at Philmont those squirrels were down right freaking evil, wouldn’t surprise me if a squirrel attacked someone. Also I’d probably let that squirrel live, any squirrel that freaked out two cops that much is OK in my book.

Barron is the owner, editor, and principal author at The Minuteman, a competitive shooter, and staff member for Boomershoot. Even in his free time he’s merging his love and knowledge of computers and technology with his love of firearms.

He has a BS in electrical engineering from Washington State University. Immediately after college he went into work on embedded software and hardware for use in critical infrastructure. This included cryptographic communications equipment as well as command and control devices that were using that communications equipment. Since then he’s worked on just about everything ranging from toys, phones, other critical infrastructure, and even desktop applications. Doing everything from hardware system design, to software architecture, to actually writing software that makes your athletic band do its thing.