[07/02/21 Note: This post does not discuss MAC address spoofing or ARP (Address Resolution Protocol) spoofing and how these techniques can hide the identity of transmitting and receiving devices. The prospect of address spoofing in mobbing adds complexity to the analysis of frame capture files that might be clarified to at least some extent by heat mapping.]
For a year before I moved to northeast Seattle, I rented a small classic bungalow in Montlake, an upscale neighborhood bordering the winding tree-lined road that travels the Washington Park Arboretum. Before me, the house, or perhaps its basement level, had been occupied by the furnishings of a doctor and his wife during the renovation of their home. The one time I spoke to the doctor’s wife (as it’s commonly put), she disparaged the Latino workers who serviced the houses in the area, complaining they used their access to case neighborhood homes, presumably in anticipation of robbing them later on. Like others in the neighborhood, she and her husband used surveillance cameras to guard their possessions, even then, from Trump’s “bad hombres” and “angry mobs”.
I was shocked by her casual racism. Years before, I’d spoken out when a Texas-bred editor at Microsoft began soliciting team members to read about the Jewish banking conspiracy supposedly in the works for the millennium. In retrospect, I wish I’d complained about it to Human Resources as well as speaking up when she broached the topic yet again at a group lunch. Sadly, I don’t think anyone else said anything at all.
I was bewildered when the harassment in this northeast Seattle neighborhood was not cured but instead increasingly attended with bad bedside manner as medical professionals moved into the houses around me. I remember a gardener or painter I confided in telling me he’d seen doctors engage in worse.
Beware the roving bands of doctors. Perhaps the medical boards should investigate the extracurricular activities of their gilded members who take advantage of the respect accorded their titles to get away with crime. Another benefit of being a licensed doctor in mobbing, is that when you tell the police not to listen to your victim because she must be delusional, they accept your “medical opinion.” Yet, to the best of my knowledge, it is nowhere codified in the law that medical professionals should have carte blanche in the neighborhood or in the courtroom. “Investors” whose “acquisitions” are predicated on criminal harassment using felony means that may legally constitute torture are subject to a pathology that appears to be shared, at least in spirit, by a sizeable number of home owners in Seattle. This becomes obvious with the expression of disdain all too common for the contracts, civil rights, and even the lives of tenants. The scapegoating of tenants is an acceptable expression of class warfare. This need to make more of oneself by making less of others is a cultural sickness.
The Montlake house was let to me for a year, after which time I understood it might be sold—the common fate of single-family homes in Seattle, one that contributes to the instability of life for tenants who don’t confine themselves to apartments.
And now, on with what this post is really supposed to be about. The harassment and disruptions to sleep have intensified again as of late. What appears to be WiFi harassment continues on any device on which I elevate the sound. In addition, there is what appears to be increased harassment by directional sound from speakers at the houses on either side of my own. I’m trying harder to find an attorney to address, for starters, the damage that the City of Seattle can do when its officers and courts are so vastly ignorant about what tech-enabled crime can look like. I’ve appealed directly to the Seattle Mayor’s Office, the Chief of Police, and the Seattle City Attorney’s Office, and not for the first time. I’ve learned that I’ve suffered some hearing loss and don’t know what the likelihood is that some of the cause for the loss is the mobbing, nor do I know whether infrasound or directional sound is more likely to create hearing loss.
No one should be victimized as I have been here in northeast Seattle by a corrupt neighborhood watch and its real estate cronies. I have no choice other than to share more information in hopes that other entities will recognize the usefulness of the data I may possess and act to expose and prevent crimes like this in the future, even if the City of Seattle does not.
Ω
In Stop mobbing crimes with data: Airtool for wireless capture, I provided some superficial information about the use of tools like Airtool and Wireshark to capture packet or “frame” information. You can use frame data from Airtool and Wireshark to identify devices and to learn about their communication patterns.
You may be able to confirm the nearby presence of devices like smart speakers, by using captures to identify vendors. The vendor of a device is identified by a OUI, an Organizationally Unique Identifier. The OUI is the the first three octets in the MAC address that appears for the source or destination of a packet transmission. A MAC address has six octets. MAC addresses have two valid formats:
MM:MM:MM:SS:SS:SS
MM-MM-MM-SS-SS-SS
In each of these formats, the first three octets, MM:MM:MM or MM-MM-MM, provide the OUI. Roku devices, for example, might have any of the OUIs shown at https://udger.com/resources/mac-address-vendor-detail?name=roku_inc. Depending on the capture tool and settings you use, the manufacturer name may be included in the MAC instead of a OUI. When the information is available, it is quite helpful in beginning to make sense of the devices on nearby networks. The last three octets provide information about the interface used to transmit or receive data. There are lots of sources online for detailed information about MAC addresses. I did note in my earlier post that programming languages like Python might be used to cull MAC addresses from a capture file. There appear to be websites that offer services in the bulk lookup of MAC addresses in text files, which could be another way to get visibility into the devices operating on a potential rogue network.
Like most things on the Internet, there are ways to obscure the source and destination of any data exchange. Mobbers who play their shell games over the wire may obscure network behavior with measures that include the heavy use of broadcast or multicast addressing, or the use of network extensions or repeaters that retransmit data while hiding its origin. And though MAC addresses are specified as unique device identifiers, the mobbers’ shell game extends to tricks like MAC spoofing–a technique used to impersonate a network device. Spoofing increases the difficulty of identifying bad actors. The point is, that because of the complexities involved, it’s important to proceed carefully.
If you’re lucky, the OUI is transparent or can be referenced with ease. If this is the case, you’ll be able to verify the secure radio link (SRL) that is conveniently positioned on the mobbers’ deck for your morning radio broadcasts, the walkie talkie the mobbers use because of its capacity as an interferer, or a drone made by a company that makes nothing else. It’s unfortunate that victims of any crime must spend their time and energy reading frame capture files or collecting data at all. But I don’t expect this to continue for much longer as security experts and researchers begin to understand the need to take residential network security more seriously and manufacturers begin to use artificial intelligence to create infrastructure and devices that refuse or discard malicious data streams and are otherwise less vulnerable to exploits including physical network attacks.
Certain devices and interfaces may not require cross-referencing to verify their presence. For Sonos wireless sound systems, the MAC addressing often uses “Sonos” as the OUI, and using tools like Eye P.A. to visualize captures can make it possible to search on “Sonos” and see a list that extends to those interfaces that are less transparent and use a specified OUI.
If you can compile a list of the Sonos components that appear on a regular basis during hours when you’re being harassed by infrasound, for example, this may be useful information the police can use to approach Sonos for their cooperation. No reputable manufacturer should protect those who abuse their technologies by enlisting them in crimes of harassment and domestic terrorism. Perhaps Sonos is not responsible to consumers who do not purchase Sonos systems but are victimized by those who do. However, given my experience, as well as the likelihood that the use of the Sonos to clear properties is a known real estate scam, I would suggest that certain features of the Sonos wireless sound system expose the general public to security risks that should concern the company. More on this in the final part of Infrastructure crimes: Mobbing with interference; extraction by heat (part 1).
When you’re being harassed by sound, it can be quite useful to have some knowledge of the devices that are operating in your environment. Use of Airtool and Wireshark can give you that. But that alone is not enough.
Ω
When your “neighbors” deploy a criminal soundscape to your home and the soundscape is enabled by WiFi, the crime likely extends to the Internet of Things (IoT). When you’re being mobbed and the mobbers’ networks overlap and overlay yours, your IoT ecosystem includes theirs, and vice versa. This is especially so when the mobbers have good proximity to you and flank you on two or more sides. House-mobbing is an IoT crime. The “IoT abuse” suffered by women in Silicon Valley whose complaints were taken as symptoms of mental illness shares features with neighbor mobbing (The New York Times on the digital tools of abuse). Malicious lighting schemes from next door can be used to detect motion on your property and even the light you turn on when you get home at night. Mobbers can use everyday events within the bounds of your property to trigger harassing behavior by devices installed on their own lots. House mobbing can involve a responsive system of triggers and actions that you may be able to methodically, albeit crudely, test, by observing what happens as you walk your property. If you find that the mobbers’ harassing machine is built to be responsive, you might want to clock the time and note your actions as you duplicate your tests during wireless frame capture in hopes that the documentation can later assist with an investigation.
Mobbers are opportunistic and appear to exploit any device they can. When the attack surface is your home, your utilities and devices–even your windows and walls–are up for grabs. Early in the mobbing there was more than one occasion when I turned something off to ameliorate the harassment only to hear the protest of some smartass criminal from next door, “Hey! We’re using that!” The IoT ecosystem is populated with devices; all of the mobbing victim’s belong to the mobbers. This includes your router. Firewall, schmirewall. A physical attack that relies on the use of signal and can take your devices, can enslave your router too.
When a single device is attacked, it might be appropriate to analyze the behavior of the device and look for malware. But when you’re flanked on multiple sides by mobbers and all your devices are infected by verbal abuse, signal may well be the culprit. And when you’re the victim of a house-mobbing executed to avoid culpability, you’re probably not going to find malware. You can use Airtool or Wireshark to get insight into whether the Sonos next door might be responsible for the infrasound that wakes you in the wee hours, but that’s not enough. You need to be able to visualize the signal. A protocol frame may provide the service set of the access point (the BSSID) from which the device is transmitting, but doesn’t tell you where it is. To understand the “surround-sound” method of mobbing that infects your devices, you need to see the networks around you and the devices that are deployed to them. This is where tools like NetSpot come into play.
Ω
There are a lot of network tools. I’m going to talk about NetSpot because it’s most accessible to those of us who are not network professionals, for reasons of the operating system it runs on as well as cost. According to the website, NetSpot has the distinction of being the only network application that provides wireless site surveys, WiFi analysis and network troubleshooting on both Mac OS X and Windows. That’s meaningful when you’re collecting information to free yourself from a mobbers’ prison but can’t run the applications that would most help you. There are a lot of quality professional survey tools that are either too expensive, don’t run on one platform or another, and won’t run on a virtual machine. NetSpot will get you in the door as a self-help crime victim.
NetSpot is a coherent tool for WiFi discovery. Discover mode provides information about nearby networks including the SSID, which is the service set identifier that most of us typically rename when WiFi is installed.
NetSpot provides a clean and well organized table of data that includes BSSID, signal level, channel, band, security and vendor. NetSpot also includes information about the mode in which the WiFi protocol is operating. Of course, as a mobbing victim or the victim of IoT abuse, visibility into the networks operating on the 2.4G band is quite important, but when there’s a signal hack in play you need to worry about malicious transmitters using MIMO capabilities (multiple input and multiple output), which includes WiFi modes ac and n since the retroactive amendment to the 802.11n standard in 2009 (“IEEE 802.11n-2009,” https://en.wikipedia.org/wiki/IEEE_802.11n-2009). The Sonos wireless sound system requires supporting networks to use 802.11n, which can now operate on either the 2.4G or 5G band. Similarly, the Eero WiFi extender, one of the compatible choices for the deployment of WiFi networks hosting the Sonos, has capabilities that allow it to broadcast on both the 2.4G and 5G bands. WiFi signal transmitted from the 2.4G band provides the best coverage through exterior walls.
Application designers of tools like NetSpot tend to cater to some of the most basic concerns of WiFi users, among them the use of channels that are not overpopulated by competing devices on the highly trafficked 2.4G band. If you’re being mobbed, unfamiliar network professionals may advise you to change the channel of your network to improve signal quality. In my experience, this is not terribly useful when your “neighbors” have ensured that they dominate every WiFi channel the way Trump would have his militia “dominate the street.” However, in mobbing crimes, even though you may not be able to change the picture, it’s useful to perform discovery on a regular basis, even daily or at times when you tune in to broadcasts, to see nearby networks including WiFi network extensions like the Eero that can be configured as a platform for malicious exploits as well as those open access points that bad actors like to use to snare unsuspecting devices.
NetSpot does discovery mode well, but its most useful feature is the heat mapping that requires you to shell out another $100 or so above the baseline cost of about $50 for network discovery. You’ve probably seen heat maps before. Heat mapping is a data visualization technique that represents data points using color.
The technique is traced back to Loua’s (1873) appropriately grey-scale visualization of social statistics across the arrondissements of Paris (“Heat Map” in Wikipedia, https://en.wikipedia.org/wiki/Heat_map, and Heatmap: A Glance at its History, Adoption, And Evolution, https://vwo.com/blog/heatmap/). These days we see heat maps used on a daily basis to describe the spread of the COVID-19 pandemic, for example, this interactive illustration on The New York Times website at https://www.nytimes.com/interactive/2020/world/coronavirus-maps.html.
Network technicians use heat maps to visualize WiFi coverage before deploying networks as well as to troubleshoot the issues that invariably emerge with low signal strength or dead spots later on.
This means that even those working in the field may be most familiar with heat mapping as a tool that is applied to a worksite. Interior mapping is useful but it’s not enough when you’re being mobbed. In the example above, you can see the plotting of the access points selected from the left pane over the mapped area in the center. If you’re being mobbed, you may notice your own WiFi networks listed as using a channel different from the one you selected. This might be the case even if you’ve disabled WiFi at the router.
To provision for coverage in outdoor areas between buildings, however, technicians might perform a field survey with a GPS overlay, that is, a survey that shows the projected coverage for an area defined by GPS data points. Google Earth is commonly used to create this type of heat map.
NetSpot doesn’t provide GPS overlays yet, but intends to add the capability in the future. For now, if you want a GPS overlay, you may have to retain a WiFi specialist or use a trial copy of a more expensive application like VisiWave Site Survey. Either way, if you’re being mobbed, you may want to proceed cautiously to minimize the chances of being detected until you collect data that is likely to be compelling to police or other local authorities.
It’s possible, however, that when mobbing is used by real estate speculators, neighborhood watch groups and unlicensed detectives, not all of them understand how network tools can be used to visualize the black clouds they think no one can see. In cases like mine where IoT devices are in use to track your movements in and out of your own dwelling, they’re likely to know that you’ve left your cage even if they don’t know what you’re doing. If you hire a WiFi specialist to do a survey, some smart device may send a notification the moment the specialist crosses the property line. Best case scenario, the WiFi specialist understands that the survey results may be compromised if the neighbors are alerted and comes onto the property only after charting the access points along the street.
What we need is companies that offer private individuals heat mapping services by drone. You shouldn’t have to go years before finding out that your neighbors have enclosed you in a malicious network. When malicious networks extend to the street, they should be easily viewed by police patrol cars equipped with the right software. When the police cross onto the property of someone who is being monitored, they’re being monitored too.
For those who use a Windows computer and not just a virtual machine over Mac OS X, VisiWave Traffic has the additional capability of being able to use frame capture data to show traffic patterns. Depending on how the patterns are visualized, this might be useful in mobbing to show the bombardment from access points that are suspect.
You can learn more about VisiWave Traffic and download evaluation copies at https://www.visiwave.com/.
Heat mapping typically requires the technician to walk the area to be surveyed while sampling signal. For an overview of how you can create an interior heat map with NetSpot, see “How to Create WiFi Heatmaps with NetSpot?” at https://www.netspotapp.com/wifi-heatmaps-with-netspot.html#How_to_Create_WiFi_Heatmaps_with_NetSpot. For a good discussion of how to create an interior heat map with Ekahau’s heat mapping tool, see “How to Create a WiFi Heatmap for Network Analysis, Better Coverage, and Geek Cred Galore,” at https://www.howtogeek.com/165614/how-to-create-a-wi-fi-heatmap-for-network-analysis-better-coverage-and-geek-cred-galore/. Note that the real world reference points that the author alludes to translate best to GPS coordinates in exterior scenarios.
In a house mobbing, however, you want to create a heat map that extends to exterior areas and can show the encroachment of rogue networks and access points over the property line and into your home. And when you’re being mobbed from devices hidden across the property line or obsessively tended by neighborhood watch captains, you’ll want a heat map that angles out to include a stretch of the road a few houses up and down. Depending on the geography and the signal, you might be able to plot points from the road behind your home to the road in front of it. These plotted points will enlarge the field and may reveal rogue access points and network extensions that correlate with data you’ve collected in your Airtool captures to reveal that you are likely being mobbed by devices that reside on networks deployed from next door. At the least, you may find that your neighbors have deployed suspicious networks onto your property and even over your home to ensure access to you for purposes of harassment even if you shut down your own WiFi. To document your findings over time, you should be able to use the map you create to plot the networks and access points around you on a daily basis from the privacy of your home while mobbing is ongoing and perhaps even when your own WiFi is entirely disabled at the router. This works well on the Mac. You would probably want to resave your data under a new filename titled for date and time each time you do a new survey and accumulate enough data to show patterns.
Based on my experiences here in northeast Seattle, I suggest that the deployment of a wireless network across the property line and over the router and devices of a neighbor constitutes a cyberstalking or otherwise hostile configuration whose purpose may be monitoring or harassment. This may be especially true when 802.11ac is used and the victim property is bounded by beam-forming signal shaped to track ingress and egress. Based on numerous unpleasant experiences I’ve had staying in AirBnB lodgings during the mobbing, I suspect the use of network extensions for purposes of harassment has good portability.
A heat map is not proof of bad acts in and of itself, but with some help from network security analysts, heat mapping may be confirmed to be a central component of data relevant to exploits like real estate mobbing. I intended to write in greater detail about heat maps and to provide further examples, but it’s a holiday weekend and I’d like to have some holiday. So this is the gist of it: Heat mapping is an invaluable tool that may help to identify neighbor mobbing that relies on wireless networking. If you’re associated with any relevant investigatory agency or are a security expert who is interested and whose identity I can verify, I do have additional forms of data to share. I would like to finally be able to resume my life and would be happy for some assistance.
Lastly, I am not a network or security expert. I am learning on-the-fly and writing under pressure. This entry may include technical errors and inaccuracies.
Leave a Reply