Pictures from a mobbing (part 1)

August 3, 2021

Pictures from a mobbing (part 1)

The criminals who mob would have you believe that they won’t be caught because they hide behind the walls of neighboring dwellings. They would have you believe that the crime of mobbing cannot be documented. This is false. And it’s possible that many of those who mob believe the walls they hide behind ensure the crime cannot be seen. This is false too. Network tools visualize network behavior. It may be that most of us can’t provide the analysis necessary to confirm the exploit of mobbing. But some can. And soon enough, some will.

The white square represents the house I live in in Seattle. The other points were collected from within the yard with the exception of the two top points, the one on the right which was collected across the street next to the telephone pole close to where the nasty neighborhood watch lady deploys a Samsung device (Mobbing by WiFi range extender). The one on the left was collected at the north boundary of the house on my side of the street. These heat maps were made using the NetSpot application on the Mac and reflect a few recent changes including my replacement of the Technicolor router with a Century Link-compatible wireless gateway that is not associated with the obsolete Prism TV. WiFi was disabled at the router for these heat maps and since its installation.

This NetSpot heat map shows the quantity of access points. I included the legend showing that blue indicates no access points, and red indicates five or more. I greyed out most of the SSIDs that came up in the results. Based on some recent developments that I’ll write about at a more reasonable hour, the Pow-Pow SSID that joined four or more Eero extenders is no longer seen. [Note 09/27/21: Pow-Pow may not be seen, but Pow-Pow is still there. I’ll be posting a screenshot that shows that in the next few days.] But Eatlutefiskandie is all around me and has been in the picture since I started doing network surveys a couple of years back.

Eatlutefisk is here too. This is more or less at the southwest corner of the house. The bedrooms are on the west side; the smart meter and the communications service boxes run along the south side.

And here. I think you get the drift. Something interesting here is the nghub, which may be a Netgear hub typically used to connect cameras from a security system so far as I can see. Cameras, especially high-speed cameras, can introduce significant interference onto the 2.4GHz band. My television and Roku are typically set up in this area of the house. The big grey square covers most of the SSIDs that were brought up in the survey.

There’s that red triangle of 2.4GHz coverage at the point noted with a signal of -63. 2.4GHz penetrates walls. The blue shows the 5G 802.11ac coverage that does not penetrate walls. Eatlutefisk is somehow in both areas.

Someone must have just come on shift at the north house. There was a fair amount of murmuring from what might be a speaker-enabled access point on the north side of the house when I was in the bathroom just now. It’s after 3:00am.

This is a bit of data from an Airtool frame collection of the same time period as the heat maps, viewed in the Wireshark application. I’ve blacked out the part of the MAC identifier that identifies the device and left the part that identifies the manufacturer. This data includes a lot of Samsung data transfer. A Samsung device or two has been prominent in the mobbing and the professional heat map I hired a while back showed a Samsung hot spot deployed to the car of the nasty neighborhood watch lady across the street and near the telephone pole. She was there today, chiming her keyfob as usual. She usually parks to line up with the south side of my house where the smart meter and the communications services are installed. [Note 08/09/21: I’m beginning to wonder whether the exploit turns infrastructure or appliances like the hot water heater at the Seattle house into WiFi access points. I just began disabling the hot water heater after learning that it takes only a half-hour to heat most water heaters to temperature and this added measure is quieting.]

Now the refrigerator compressor is running, the hard drive on this old Mac is spinning and I probably left the monitor on for too long. The harassing machine has started to churn and the whirring of sound can be heard like magnetic tape sliding between the spools.

Given the effect of the mobbing on my electricity, it’s impossible not to wonder about these TP-Link devices, that may run in multiple modes including access point or extender or may use powerline technology. [Note 08/06/21: Because mobbing appears to be a scam used to turn over properties and because it may be promulgated through some network that includes police-affiliated neighborhood watch captains and coordinators, at least in the United States, there may be a standard mobbing configuration of devices and services that circulates, specifying the powerline technology, rogue sound, and radiating antennas and transmitters that perform best in certain mobbing scenarios and conditions. The Sonos sound system may be prominent with other “smart speakers” gaining in popularity. Last I checked, Sonos did not support the use of their technology over powerline networks; given my own circumstances and the likelihood that my environment has included Sonos and powerline technologies, I imagine the interactions could be destructive.] Eye P.A. has been a great tool to use to see things like the proportion of broadcast frames or beacons and even before I experimented with turning off circuit breakers, the disturbance mobbing caused in my Technicolor router was clear. I have hundreds of samples of the router error log showing truncation of log errors that coincided with the arrivals and departures of those from the driveways of the nasty neighborhood watch lady and the south mobbing house owner, and often with traffic in the street. This Eye P.A. visualization uses the Airtool frame capture from earlier today. I have hundreds of Airtool captures as well.

In this example, both truncations occurred with ICMP protocol but I don’t recall that always being the case. One of the first people I told about it said that it was probably just a port scanner, no big deal, everyone has one. But in the end that makes no sense. What good is a router whose expected behavior is to constantly err? Cujo, the company that manufactured the firewall I had purchased assured me that while my external IP address was being attacked, I was “safe” because they were fighting off the attackers in their cloud. That notion of “safety” might apply to exfiltration of data, but has no meaning when it comes to a signal attack. The electrical disturbance interrupts the function of the router, the ONT or perhaps both, the device cannot effectively gate and rogue data is injected onto the network. This is what appears to be at least part of the picture, anyway. Interferers like high-speed video cameras and walkie-talkies heighten the disturbance and “noisy” household devices like vacuum cleaners appear to be deployed in mobbing as interferers to increase the disturbance and intensify the harassment.

A few months back, Cujo end-of-life’d the firewall I purchased. The electric disturbance that I systematically documented alongside real-world events like arrivals and departures crossing extenders I didn’t yet know had been deployed was ignored. This disturbance was likely related to what now appears to be an illicit powerline connection created to enable the overrunning of my electric service, my appliances and my devices with rogue sound.