If “Bogus cops and crypto ATMs” hadn’t hooked me, the opening paragraph of a Berkeleyside article about a teacher losing her life savings to phone scammers would have:
For 27 hours straight, a team of four scammers posing as Oakland police kept her on the phone and isolated, manipulating the John Muir elementary teacher into delivering nearly $70,000.
(“Bogus cops and crypto ATMs: Berkeley teacher scammed of her life savings,”Berkeleyside, November 7, 2025)
Alex N. Gecan’s article, under the kicker PUBLIC SAFETY, included critical information about the scam, including the use of false identities, fear and sound effects. (I’ve dubbed the mobbers’ liberal use of sound effects “the mobbers’ Foley.”) The crooks “isolated” their victim over the phone as they ran the scam. They ensured compliance by warning her that “they could detect data spikes when she used other devices.” It does seem reasonable, given wireless services, that perpetrators with network know-how could have detected active devices on her network. Like mobbers who maximally oppress their victims by “surrounding” their homes and continually stalking and harassing them, the Berkeley phone scammers sought to control their victim until they got what they wanted.
What I found disappointing was the comment by the police that scammers “are often out of the area—often using Voice over Internet Protocol (VoIP) phone lines that can ‘spoof’ their true locations.” This may be true in many cases but, as “burglary tourism” shows, access and control to the victim is best achieved with eyes on the victim and the entrance to her home. Instead of using VoIP, cybercriminals might use walkie talkie apps on a wirelessly enabled phone from down the street. They might evade the use of cellular infrastructure by WiFi calling or communicating via dash-cam. And even if used to convince the victim that the scammers were police, the police scanner in the background could give them the heads-up in the event that police are dispatched to the scene. Effecting cybercrime from places of proximity gives criminals a leg up.
Like most crimes these days, mobbing has digital aspects. The platform of mobbing has a strong dependency on the network layer and the basic assumption is that the victims of mobbing will be fooled by the unusual phenomenology of sound and abandon their homes before shutting down electrical circuits or wireless services. That makes sense when you consider our utter dependence on WiFi—many of us began using the Web only after WiFi was introduced to the consumer market and have nothing to compare it to.
The inability to understand the risks of using wireless services is not cured by the unending exfiltration of data made all the more accessible due to the inherent difficulty of securing wireless services. Corporate security teams use heat mapping to detect rogue access points. In the residential arena, however, we don’t even think to worry about our neighbors’ access points, extenders, motion detecting lights, surveillance cameras, smart devices and charging processes. If WiFi signal is strong, all is good. If it’s not, we blame it on the provider. What you don’t see can’t hurt you. At least, we assume we’re “safe” until we hear some hacker yelling at the baby over the baby-cam (https://www.computerworld.com/article/1495015/hacker-strikes-again-creep-hijacks-baby-monitor-to-scream-at-infant-and-parents.html). Do all of us, each and every one, have to be personally victimized before security experts stop disregarding extreme cases like mine as “one-offs” and we admit that wireless services are not secure? This is why we “air gap” computers, running them offline and in stand-alone mode to limit the attack surface.
Military applications contributed to the establishment of the 802.11 network protocol (WiFi) . Mesh networking like that implemented in the eero WiFi devices that Internet providers hand out right and left evolved from the use of packet radio in the military and the tactical need for reliable mobile communications in the field. Interference and jamming are basic to strategy in modern warfare. This means that when the block watch captain conspires with ex-military, militia or some black hat to turn over houses in Albany, California, the neighborhood becomes a battlefield of radios, antennas and generators—a tactical network stood up expressly to attack your home. And when “property war” is waged from next door or the curbside, you’re behind enemy lines.
Mobbers exploit the assumption that cybercriminals work from out of state or out of country—far-away places where evil people lurk. When the baby-cam is hacked, we don’t suspect the doctor who lives next door. It doesn’t occur to us that the nice guy down the street who shares his WiFi and sets up his neighbors’ routers, or the one who gets up on the roof and cleans leaves from his neighbors’ gutters might be jonesing after their houses and looking for vulnerabilities to exploit in a clandestine attack on the utilities. We don’t think about the young couple who come to the door asking after that remote-controlled toy helicopter with a camera that somehow ended up in the yard. That’s what mobbers bank on.
This is why it’s important not to disregard the vulnerabilities that proximity brings and the attacks it enables on infrastructure. If you look at mobbing, the devices used to attack often operate based on principles of line-of-sight or beam-forming. Those overly powerful motion-activated lights across the street might be used to start a malicious process in mobbing. Living near a fiber cross-connect box (Infrastructure crimes: When fiber is less secure than WiFi) might also be attractive to mobbing contractors who want easy access to the communications lines of their neighbors. In Albany, I’ve also considered line-of-sight in “investor” purchases of houses directly across the street or over a backyard fence aided by beam-focused WiFi and other line-of-sight vexations. Houses may fall to speculators in patterns that are easily discerned if you consider the directionality and reach of line-of-sight and beam-forming technologies—next door, across the street, sharing accessible local sewer lines or laterals, sharing telephone poles, and so on.
When “investors” leverage a business plan of “surrounding” a victim dwelling with malicious networks that encroach over the property line onto victim infrastructure, appliances and devices, we shouldn’t be blind to their handiwork. Maybe we can’t see the abandoned piping they command or the entry point they use to thread snakes into the sewer lateral, but there are tools we can use to get information about their rogue networks (Pictures from a mobbing (part 2)).
Heat mapping allows us to visualize the vulnerabilities that come with encroachment (Stop mobbing crimes with data: Visualize nearby networks with NetSpot). Automated heat mapping can make this information accessible to consumers who are stuck with carelessly deployed and poorly secured wireless services. Passwords and encryption cannot secure a home. Unconstrained wireless signal introduces vulnerabilities to infrastructure, appliances and devices that passwords and encryption cannot address.
This anti-stalking app likely runs on a network appliance and gives less technical residential users an automated option to create a heat map based on user settings and GPS information. Some basic design specifications include the following:
- Retrieves or is configured with information about the boundaries of the dwelling and the property lines. Note that professional heat mapping applications include the capability to apply GPS overlays to network heat maps.
- Maps the boundaries of the dwelling against information on whether the residence is a house or multifamily dwelling. This app may be of marginal use in multifamily dwellings though it’s possible it could help to detect the use of power line devices on the wires or could alert customers to refrain from the use of power line devices on shared electrical wiring.
- On boot, optionally calculates and maps signal strength against the boundaries of the dwelling, providing notification of signal strength that exceeds property lines and suggesting an alternative signal strength that reduces attack surface.
- Automatically performs a heat map to show the encroachment of other network bandwidth close to and in the customer dwelling. If the dwelling is a single-family home, the heat map must extend beyond the physical structure outside to show encroachments in right-of-way or perimeter areas.
- The heat map must visualize network information in relation to major appliances and the layout of infrastructure in the house. The interface must collect information about household appliances and devices by detecting the vendor OUI of internet-connected devices or accepting manual input.
- The visualization must be easy to interpret and the user must be able to click to see a list of encroachments that include SSID and MAC address information.
- Tips should be offered on how to mitigate specific vulnerabilities.
- It should be possible to compare heat maps, that is, to obtain the delta in terms of the degree and positioning of the encroachment, the access points, and relevant vendor OUI information.
- A brief wireless frame capture is automatically performed and stored with the heat map information (Stop mobbing crimes with data: Airtool for wireless capture).
A heat map could have a number of overlay views to better illustrate what the encroachment exposes:
- Major appliances
- Electrical panels
- Network devices
- Known and deciphered wiring paths
The information should be stored in a database for tracking purposes.
All bets are off if the electrical panel contains “smart” circuit breakers. I only recently learned about these circuit breakers that allow for remote management of loads over network protocols including WiFi, 4G/5G, and Bluetooth. I have no doubt that Internet-connected circuit breakers can only make it easier to hack into and sabotage a network-connected home.
Perhaps this seems overly complex. Those who are more technical might believe that those who are less technical do not have a need for this information and are incapable of understanding or using it. Some of this can be simplified with the proper information design or allowing the consumer to opt for less granular information or for simple notifications. The fact of the matter is that consumers are using complex devices whose vulnerabilities are hidden. This is a situation in which those we count on to provide guidance may be compromised by company loyalty or pecuniary interest. If consumers are technical enough to be expected to administer their own networks, they should have visibility into the vulnerabilities that affect them. We must be able to see what our attackers do. The more visibility consumers have into the network environment, the more options they have to manage network risk. The more visibility consumers have of surrounding networks and access points, the less attractive victims they’ll be to predators who build criminal platforms based on the assumption that their victims can’t see, and don’t understand, what they’re doing.
