It is difficult to overstate the harm that can be done by sabotaging an electrical service. Because this is what those criminals who call themselves mobbers do—at least in the South Cedar Park neighborhood of Seattle, Washington and even in Albany, California, a mile-square housing destination for some of the most progressive thinkers in the United States including faculty and students of the University of California at Berkeley and the thousands of tech workers who, until the pandemic, commuted to new economy jobs in the greater Bay Area each day.
Sabotage is what it is when you box in a home with WiFi range extenders like Amazon’s Sonos-compatible Eero product line and populate the access points they share with interfering devices (“interferers”) that create heat, with infrared devices that burn, with surveillance devices equipped with high-speed cameras and Bluetooth, and with network traffic that jams. Terrorism is what it is when you track people with infrared and burn them with laser devices that aim into their homes from nearby windows cracked open, when you blind them with high-intensity focused lights that refract through their windows, and when you unceasingly shunt radio frequency onto their power lines, and into their environment to boost signal, to intensify the danger and the damage, and to ensure the availability of carrier current for unremitting rogue sound. That’s what it is when you use radio to to create or unlock heat that damages fragile circuits, when you create and use magnetic forces to unleash the charge from your neighbor’s medical batteries, and when you run charged radio frequency over a neighbor’s electric panel, over circuits with open grounds, and over the cut and frayed edges of the electrified wires your neighbor uses every day.
Power—electric power—has its own hegemony. The history of the modern American home—from warmth and light to food and water—is inseparable from the history of electrical power. Energy is shelter. Just ask any Texan who endured blackout, and then water shortage, in this year’s wintertime freeze on the poorly regulated grid run by the Electric Reliability Council of Texas (ERCOT). The politics of power are as basic as the currents running through the inlets and outlets of our homes, riding their wires and coursing through their walls. There are few ways to more thoroughly exercise dominance over a country, a city, or an individual than to sabotage the grid. And when property war is waged through the power line, the grid war is against you.
Nightmare scenarios of grid war elicit fears of being plunged into an abyss of uncontrolled chaos. When your electrical current is the carrier current transmission line for rogue data, the mobbers’ message is a data bomb. The missiles of bad actors—zip bombs, fork bombs, billion laughs attacks and busy beavers—become the dirty data bombs of mobbing as refrigerator compressors pop and sputter, heaters radiate, videos glitch, implanted defibrillators shock, hard drives whir, outlets fry, CPAPs vent radiation into airways, devices on standby hiss and buzz, eyes smart, eustachiean tubes swell, air purifiers spew, temples throb, and faces burn. There’s nothing like radiating your neighbors out of the neighborhood. Oorah!
A siege like this one is domestic terror. There is little else it can be. This can’t be what we want for the community of Albany, California that shares a border with Berkeley. And not for the San Francisco Bay Area that is home to so many survivors and refugees of holocausts, genocides and repressive regimes. Nor for any human being or any being at all. Perhaps all the U.S. Department of Justice need do to take down a domestic terrorist network, is to dismantle the national block watch program (National Neighborhood Watch, https://nnw.org/ and “National Neighborhood Watch Program,” Wikipedia, https://en.wikipedia.org/wiki/National_Neighborhood_Watch_Program).
Ω
Wireless always implies the wire. Products built on Wi-Fi 1, the 802.11b wireless network standard, came on the market in 2000. The first draft of the 802.11n standard, amended in 2009 to support multiple-input multiple-output antennas (MIMO), was published in 2006. That same year, Rob Flickenger and Roger Weeks’ Wireless Hacks included information for WiFi home administrators on how to improve and extend their wireless networks by using HomePNA and PLC, both wired standards. “While CAT5 is usually preferred over line-sharing protocols such as HPNA and Powerline, these devices can save you a tremendous amount of installation and effort” (Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network, 2nd ed., 2006, O’Reilly).
Technically speaking, without wired services, there would be no wireless. Practically speaking, the transformation of signal to follow physical media is evident in the variety of wireless range extenders, devices that transform Ethernet to 802.11 signal, adapters that plug-in to outlets to obtain signal over power line connection to convert to 802.11, extenders designed to make wires emit wireless signal, devices designed to move wireless signal from outside access points inside, and more. Convert it from Ethernet to WiFi and then back again—it’s all about getting signal where you want it to be, even if it’s not wanted.
For service providers like Comcast and AT&T, line-sharing is the appeal of HPNA and Powerline networking. Using residential infrastructure that is already installed cuts the cost of installing new wire. Sharing residential infrastructure provides alternate paths to get data to customers. For rogue data providers like mobbers, transports like HPNA and Powerline provide a back door to their target that allows obscures the presence of a bad actor and hides the ingress of malicious data. This is especially so for an exploit that may be designed with the legal principle of “reasonable doubt” in mind. For example, the criminal conspiracy that is mobbing may be expressed by each of the home owners who border the victim lot contributing a device whose malicious behavior is evident only within the context of its interaction in a configuration of mobbing devices. Each element of mobbing, in and of itself, may be legal and, at most, might only give rise to a civil claim between neighbors. Who knew that two neighbors sharing a Sonos network across a lot that at least one of them has coincidentally expressed an interest in buying would cause such damaging network interference? Who knew that the Eero WiFi extender had such a strong signal that the neighbor’s Roku would connect to it? Who could have thought that home automation software would try to control the neighbor’s devices? What did my device do now? Given the things that have been said and done over the years of mobbing, this kind of reasoning on the part of the architects of the mobbing scam is quite possible. Accepting the facile lies of these criminals indicates either bias or a lack of sophistication on the part of law enforcement. Taken in sum, the configuration represents a criminal conspiracy. These ploys that are intended to make prosecution impossible are easily debunked as we analyze the data, recognize the signature of the exploit, and investigate the circumstances of mobbing crimes.
The consumer devices supporting HPNA and Powerline, from routers to plug-in adapters, assume that the physical media—the wires—provides some measure of the isolation necessary for secure networking. The use of household infrastructure and home networking standards by the criminals who mob is revealing. In the past I’ve written about how mobbing from next door reduces the risks of detection with the use of shortened attack vectors and short-range technologies. Perhaps a greater reason for mobbing from a short-range position while residing close to the mobbing victim is ease of access to the infrastructure of the victim residence, including the service boxes and conductive copper wires. Adequate access would have to vary based on the exploit. Line-of-sight could constitute reasonable access from the mobber’s nest (the crow’s nest). Optimal access for a radiating wire to transfer rogue IPTV to the coaxial cable fastened to the side of the mobbing victim’s home would likely be closer.
Transfer of rogue sound over radiating wire may be a substantial contributor to whole-house mobbing. For example, while blocking in your home with WiFi extenders may be one tactic that is useful to track passage to or from a victim residence, WiFi extenders can boost signal in a manner that helps to inject sound onto conductive copper wires where HPNA and Powerline ensure it is carried into the victim environment. It’s possible that radiators are held over exterior service or wiring boxes to increase the radiation of the unshielded edges of cut wires that connect to other connectors and to allow rogue data to be injected onto the carrier wires of household systems. I have noted that when I turn off the circuit breakers for outlets on exterior walls covered by the Dobby access points at the Albany house, the mobbing prattle is forced back outside. It’s possible that the power line connection is made after the electric meter or that some rogue data is accepted onto the wires after signal boosting increases the antenna effect of the wires. This might be easiest to do in junction boxes for conductive copper wiring or exterior outlets where electrical connections are made. Note that this is all speculation based on experience; I do not have expertise in the field.
This past week at the Albany house, after multiple sightings of an apparent laser pointing into the kitchen from a cracked open window in the house of the creep to the north, I have also wondered about whether devices that transmit heat are not only being focused on devices as I use them but on the components of the electrical system of this house and about the implications of that kind of tampering. I do have the obvious concerns about safety, of course. And then there are other concerns about the motivation for doing so. For example, as well as frightening victims, inducing physical discomfort and adversely affecting health by generating radiation, if the radiation is a sign of malicious data being added to a household electrical system after the meter, how is this sensed by the meter?
Electromechanical induction meters measure using “an electrically conductive, non-magnetic metal disk that rotates at a speed proportional to the amount of electricity consumed.” Consumption is measured through the interaction of two electromagnets. One of these is driven by the incoming electricity from the power lines; the other by demand from the electrical circuits of the residence (“10 Things to Know About Your Electric Meter,” Callmepower.com, https://callmepower.com/useful-information/electricity-meter). This makes me wonder if the injection of rogue data after the meter would be sensed as demand and if this triggering of the demand process might result in the supply of electricity that could also be carrier current for rogue data on the supply side.
The takeaway is that mobbing, a crime with prominent digital features, relies on proximity and physical access. This understanding should promote investigation and allow for increased prosecution of cases that are routinely abandoned because the bad actors are assumed to be out of reach. When mobbers hide next door, and even if they mob only your phone over HPNA and not your every device, the use of network survey tools like heat maps combined with police consideration of events that occur in the material world could help to prosecute them.
Today the Biden Administration announced it is stepping up measures to prevent attacks on the grid so that Americans “can rely on a resilient, secure, and clean energy system” (“US Takes Steps to Protect Electric System From Cyberattacks,” Security Week, April 20, 2021, https://www.securityweek.com/us-takes-steps-protect-electric-system-cyberattacks). Those efforts should include the rogue use of digital devices to sabotage power by domestic terrorists like mobbers. Effective prosecution should begin to deter those who mob—neighborhood watch captains, for example—because they believe they can’t be caught. Like one of the mobbers told me early on when they hoped to make me believe, “We’re in the wind.” The recognition that the bad actors who commit digital crimes may not be hidden behind seven proxies could help to spur police investigation into 21st century crimes that increasingly incorporate digital aspects (Police practice must change to protect us from mobbing and IoT crimes).
Ω
A few months back, I opened the door of the Albany house and paused at the top of the steps. I don’t recall if it was only to check for the wild turkeys rooting about in the dirt or to look for the squirrel that eats rose hips in the bough of the cedar tree. A man called to me as he walked rapidly past on the other side of the street. “It’s okay,” he said, quickly adding something like, “He’s with a truck; that small one back there.” Then he looked over his shoulder at a man midway up the utility pole a few doors north. I didn’t know him. But what was curious was the quickness of this stranger to assure me that there was nothing suspicious.
This was not my lakeside neighborhood in Seattle where I had photographed an old man and his no-name “satellite” truck at the utility pole I share with the unfortunate woman I call “the nasty neighborhood watch lady” and the owner of the south mobbing house. The utilities vary, but the infrastructure—and the lack of any meaningful security—are mostly the same.
Ω
“If you can’t measure it, you can’t manage it.” In the science of “flow management,” the adage rings true (Colm Slattery and Ke Li, “Electromagnetic Flow Meters: Design Considerations and Solutions,” AnalogDialog, June 2016, Vol. 50, https://www.analog.com/en/analog-dialogue/articles/electromagnetic-flow-meters.html#). Meter reading was an early application of power line technology. In Carrier-Wave Telephony over Power Lines: Early History, Mischa Schwartz cites patents as early as 1898 and 1905, in Europe and in the United States (https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=4752669). The collection of data from metering devices, called automatic meter reading, is its own science. Meter reading is performed by handheld device, by mobile devices or over networks using wired or wireless solutions, by radio frequency communications, or by power line transmission. The need to retrieve data from utility meters is what created the smart meter. It is also the rationale for some of the strongest objections to them.
Smart meters are the end points in an advanced metering infrastructure that is managed over a network. Because smart meters are networked, they can be remotely managed. Because smart meters are networked, they are part of the attack surface that is the electric power grid. Utility meters served by a utility have always been subject to attack by virtue of their connection to the utility. But the vulnerability was perhaps less complex, more primary, and more likely to be focused on the centralized upstream provider of the service. These are the kinds of attacks anticipated in the dread scenarios of grid warfare in which the entirety of New York City is plunged into darkness.
The introduction of smart meters and remote management, however, magnifies the threat to the grid by the attack on any part of the distributed system of networked devices. In addition to inheriting the vulnerabilities of the networked system it belongs to, a network-managed device can be attacked in isolation. Hence the reddit post from an undergraduate five years back: “For my electrical engineering thesis, I want to remotely hack in to a smart meter, to disconnect the customer or brick the meter” (https://www.reddit.com/r/AskNetsec/comments/3qy9ne/i_want_to_hack_smart_meters_for_my_undergraduate/). The installed software may provide only crude functionality but all an attacker needs is a platform and a device whose security is less sophisticated than the attack. A chief design consideration for smart meters was the prevention of tampering. This is ironic, since the features that make the meters “smart” enlarge the attack surface that is available for tampering.
Smart meters have no lack of vulnerabilities. “Evaluation of Cybersecurity Threats on Smart Metering System,” a chapter in Advances in Intelligent Systems and Computing, focuses on the architecture of the smart meter as a two-way communication system between the utility producer and the smart meter device (July 2018, https://www.researchgate.net/publication/318601090_Evaluation_of_Cybersecurity_Threats_on_Smart_Metering_System). Smart meters collect information about usage and transmit that information back to the utility. Because smart meters provide two-way communications, the utility can manage the device and collect information remotely. Smart meters have been designed to include communication over power line, over WiFi or cellular mesh, two-way pager or phone. The meter controls and measures the flow of energy; the communications network creates a path for information out to and over the grid. The writers of the article found cyber-attack vectors for smart meter devices, applications, the communications network, and the data. This included attacks focused on a single device that could bring down the entire network or result in a distributed denial of service (DDoS) attack on the entire grid. The writers found that the smart meters they evaluated were vulnerable to manipulation or compromise of system data as well as attacks on the metering system itself. In Smart Meter Security: Vulnerabilities, Threat Impacts, and Countermeasures (May 2019, https://www.researchgate.net/publication/333305127_Smart_Meter_Security_Vulnerabilities_Threat_Impacts_and_Countermeasures), the writers found that the AMI could be “severely affected” by exploits including network radio jamming and packet flooding. Flooding is similar to broadcasting, a mainstay technique mobbers use to hide the origin of rogue data, if not to contribute to jamming the victim network in a denial of service (DoS) attack. For example, during peak hours of mobbing in Seattle, which tends to be when I use the AT&T TV on the Roku these days, the synchronization of sound and picture is undermined by the broadcast of rogue sound. On Comcast systems, the video might be interrupted or “glitch.” No matter the time of day, when the mobbing is aggressive in Seattle, the jamming effect that can make it impossible to upload files. Denial of service is critical to the mobbing platform which seeks to “turn over” properties by making them uninhabitable. While WiFi networks are particularly vulnerable to jamming, using Ethernet or disabling the wireless signal on a router that supplies both Ethernet and WiFi does not solve the problem (“The Feasibility of Launching and Detecting Jamming Attacks in Wireless Networks,” http://www.winlab.rutgers.edu/documents/JamDetect_Mobihoc.pdf).
In the crime of mobbing, rogue data appears to be injected onto the electrical system to ensure that all household systems are infected. I don’t know whether the injection might occur at the pole through antenna transmission from a communications wire, at the base of the meter in a field well saturated by radio frequency based on the deployment of WiFi range extenders like the Eero, or after the meter. I hope but have not so far been able to learn whether utility management and analysis could be used to detect this type of injection that might be packaged into payloads too small to detect or use a frequency that is excluded from the frequency range of the flow that is being measured. It also seems possible that the communications interfaces that are used to transmit data back to the utility might be involved in this type of injection, especially for meters that report over a power line connection. But again, all of this is speculation that I hope can be cleared up as better information is published on how mobbers tamper with power. The best case scenario would be if smart meters can actually detect this kind of harassment.
An installed smart meter becomes a component of the Internet of Things (IoT) ecosystem and a component within an unknown configuration of unknown devices interacting in ways that may not be wholly anticipated or understood. When Seattle City Light forces tenant account holders to accept smart metering, knowledge of the threat environment into which the meter is installed is limited. When Seattle City Light installs a smart meter on the side of a house that is targeted by real estate mobbers for acquisition, Seattle City Light may have greater visibility into the function of the smart meter in and of itself, but the enlarged attack surface has the greatest effect on the victim of mobbing as the mobbers exploit its communications interfaces and its potential as an interferer in WiFi spectrum as well as within the mobbers’ Internet of Malicious Things.
Back in 2009, then IOActive Senior Security Consultant Mike Davis gave the presentation “SmartGrid Device Security: Adventures in a new medium” at Black Hat USA. The newer features he remarked on included longer range, high-powered radios operating in licensed spectrum, two-way pager and cellular networks, the addition of TCP/IP networking and peering capabilities, and updates to wireless firmware. Because the presentation was in 2009, I don’t know whether some of the issues he notes, like the old software vulnerabilities of buffer overflows still apply—given the slowness with which any infrastructure is updated, it’s likely that many legacy meters whose firmware is not updated hang on the sides of our homes. What might be most important for a victim of mobbing was his emphasis that “Radios can become an attacker’s tool!” (“SmartGrid Device Security: Adventures in a new medium,” Mike Davis at Black Hat USA 2009, https://www.blackhat.com/presentations/bh-usa-09/MDAVIS/BHUSA09-Davis-AMI-SLIDES.pdf)
This may be the crux of the issue when it comes to infrastructure mobbing in which WiFi extenders are used to boost signal. Signal boosting increases the radiating potential and antenna effect of the conductive copper carrier wires. Boosting increases signal transmission range and the inevitable radio frequency interference on the 2.4GHz WiFi band. Interference disrupts radios and device function. These conditions spell trouble.
If the bar is low for attacks on the grid, it may be even lower for those whose maliciousness seeks a target next door. If all you need is a radiating line in parallel to a receiving line and an iota of knowledge about how to coil an extension cord so it behaves like an antenna, or how to frey the shielded ends of an insulated wire to enhance its properties as a radiator, the snobby audiophiles of yesteryear can hack their neighbors’ networks with all the authority they used to apply to plugging in a jack. Given a bit of pocket cash, or with the funding of a neighborhood watch, a block watch captain or some ham-fisted speculators whose dash-cams and mobile routers can’t quite close the range, your garden-variety neighborhood saboteur can order an array of WiFi range extenders and cut loose his own dirty bomb. Given a real estate scam that might be deployed through block watch members of the National Neighborhood Watch, for example, there’s the possibility of the distribution of a known set of IoT systems and software with preprogrammed, pre-configured, and even managed devices that build out the architecture of the mobbers’ Internet of Malicious Things and represent the criminal conspiracy that is mobbing.
Ω
I’ve been in the Bay Area for a while now, tending to family matters and working remotely in these pandemic times. As the weeks passed, the daily harassment as I attend online meetings and stay connected to work has worsened and the severity of the nightly harassment has increased, often waking me to verbal abuse in the wee hours after only a few hours of sleep and then becoming more circumspect at daybreak when detection becomes more likely. Despite unplugging the router, keeping the heater off of night and using other countermeasures I’ve developed as I’ve been forced to endure this crime over time, it’s difficult to thwart harassment that is enabled by combining WiFi range extenders with wireless sound systems like the Sonos. It’s even more difficult when the conductive electrical wiring of your own home turns out to provide the carrier current for rogue sound and your outlets are flooding your environment with radiation.
Recently one day, I saw the creep next door—the one with the Dobby access points—in front of his house as I arrived home. When I asked if the Dobby access points were his, a heated exchange ensued. “You don’t know nuthin’,” he said, claiming the access points were legal and muttering about me walking around with my laptop “lookin’ for networks.” Actually, I might know a few things. Like the MAC addresses of the devices he’s deployed or been given to harass me in Albany, California as I am harassed in Seattle, Washington. But we’ll get to that later on.
The creep next door, as I shall call him, was referring to my most recent creation of a heat map, which I hadn’t tried to hide. After all, I am being battered in my bed on a nightly basis and relentlessly harassed during the days. My ears swell with fluid and become sensitive to pressure. No one should let others hurt them without speaking up. No one should increase the likelihood that such things will be done to others by ignoring those who do it to them. “I’m giving you a chance to stop,” I told him.
The next day the Albany Police showed up at my door. It was Easter Sunday. The two officers insisted that I produce my elderly relative. The implication was clear, and it was appalling. I angrily asked if they were checking on the welfare of my relative based on a report. I told them that any report was likely to have been malicious, especially given the timing of it, the day after I confronted the creep next door who was stalking me in my house on the rogue access points. Those people my relative wanted to be in touch with, I told them, were in touch with her.
In a later email to the Albany Police that has not been returned, I complained about the breach of my relative’s privacy. This because the rights of women, to privacy and more, are all too often not respected. My emailed complaint received no response. I suppose I will submit a formal public disclosure request for information although it so far appears that no oversight is in place to ensure transparency on the part of the Albany Police. Perhaps the formalized public disclosure request process that exists in Seattle is the result of the Justice Department consent decree that was recently ended.
Early in the mobbing, the Seattle mobbers sought to control me with threats. Along with threatening to “kill” me “online and off” or to put potty-cams of me on the web, they threatened a “welfare check” if I didn’t “zip it” and “get out!” The implication was that they would tell police I was dangerous or mentally ill, I supposed. As a Bay Area native whose mother introduced her to the feminist “Women’s Place Bookstore” in Oakland and who attended women’s marches in San Francisco and U.C. Berkeley as women’s studies departments got off the ground, the fact that I was a woman being threatened with the asylum for resisting a predatory crime was not lost on me.
It was hard to imagine how criminals could get away with it, but eventually they seemed to do just that and the Seattle Police showed up at my door. A malicious “welfare check” is a dangerous tactic that is likely to end poorly for the victim, not unlike being the victim of a “swatting.” I described that event soon after it happened in the blog entry Police practice must change to protect us from mobbing and IoT crimes, unaware of what the mobbers had set in motion for me. I did not expect to see the same same tactics used in the Bay Area.
I watched as the Albany Police departed from the house, one of them crossing the street to his motorcycle parked in front of the house of someone who, I was told, is a block watch captain who works for the City of Albany. A few years older than me, she attended the local high school during the years I was there. There is often an Albany Police motorcycle at her house. Within minutes, I heard her outside talking to the creep next door: “That’ll get her out of there,” she said.
Did she mean the house I rent in Seattle or the family home across the street from her in Albany? Perhaps both. In the last months, houses on two sides of me here in Albany have changed hands, with two others undergoing major repairs. Real estate mobbing does indeed appear to be a “take-no-prisoners” method to “acquire” properties in a time of decreasing lots. Given the words of the Albany block watch captain, if that’s what they’re called here, and the likelihood that she had something to do with the welfare check on my relative, it’s clear that at least in this case, there is some level of cooperation between neighborhood watch groups in different states in “turning over” properties.
Ω
This post is not done, although I hoped it would be by now. Alas, stay tuned for a bit of editing and a part 3 if I can tolerate the power being on long enough to write it.
(Yes, that was the humor of a woman being radiated by power supply. C’est la vie.)
Rest in peace, George Floyd.
On being Mobbed 
Leave a comment