Indicators of Compromise

For much of the current year, I have had the unexpected pleasure of working a contract in the field of network security, which was more interesting than I might have thought, particularly given my own circumstances of being the victim of a “property  mobbing” that has a strong component of monitoring, hacking, and various radio- and speaker-based forms of harassment.

The network security field is focused on incident response (IR), that is, responding to network intrusions. The leaders in the field are focused, perhaps, on the real-time detection of intrusions, but this requires up-to-the-minute visibility into the state of all network endpoints, that is in most cases, physical or virtual devices on the network that can be identified or associated with IP addresses or with MAC addresses. A MAC address uniquely identifies a device with information that includes the device manufacturer and type. The combination of IP address and MAC address can give a hacker a secure footing on the path to the Holy Grail of hacks.

In the last months, I have learned a little, and have a few ideas.

If there is any merit to my experience of being followed over wireless services that the hackers manage to somehow chain together into an access point for harassment using whatever speakers the devices on those networks make available, the technical viability of this type of following must be established.

If there is any merit to my experience of being followed on other people’s cell phones, it is likely based on their wireless services being allowed to remain on. But my understanding is that phones give off signals even when services are turned off. The technical viability of this should be established. Another possibility is the use of satellite phones that spoof towers providing a foothold on devices that have cellular services turned on. I know that cell phone calls can be eavesdropped on by using satellite phones to spoof cell towers. But this is an interesting angle to explore.

An Indicator of Compromise (IOC), in the field of network security, defines a pattern of “artifacts” that indicate that a system has been compromised by an intrusion. These might include changes to specific files, command-line instructions to run executable files like the Windows Service Host (svchost.exe) on Windows machines, or the names of files that are characteristically used to save credentials dumped from a plain text file.

If cellphone harassment relies on the use of the speaker on the device, then perhaps an IOC should look for an intrusion that is followed by changes to speaker settings and perhaps even the use of on-board sound applications that might be required to play the sound on the speaker. The most important artifacts would be use of the speaker that cannot be related to user request and similar use of sound applications.

If the problem is recording the harassment while it plays, what would at least stop the harassment would be a software mechanism that would detect this use of the speaker, record it, and shut it down. This would be helpful for victims who, like me, are being monitored. Being monitored makes it difficult to get proof of the harassment since the harassers shut the harassment off, minimize the volume, or perhaps change the vehicle of the harassment to a different source whenever detection is close at hand.

I have also wondered if the cell phone harassment might come through channels reserved for system sounds or phone rings and have experimented with keeping them off.

I recently learned that there are recipes online for using a CB radio and a linear antenna to project harassment onto speaker systems in a neighboring home and am curious about whether it is possible to project harassment onto other radio systems, including wi-fi, by simply changing the frequency to another gHz range. Would its effect be limited to interfering with the signal? Or can you put sound on those radios too? Perhaps I’ll look more into this this weekend if I get the change to do a more substantial post on radio, something I’m also just beginning to learn about.

My understanding is that a parametric speaker can also be used to project sound directly onto speakers, so this may be another option for the scumbucket mobbers who seem to be having a social gathering this Friday night next door that is probably not coincidental to the evening program of harassment now increasing in intensity on my TV over the news of the Paris bombings. I have considered whether, if the mobbers are hired harassers, whether they kick it up a notch depending on the count of their benefactors resident at the mobbing houses. This would, after all, lend more of a feeling of credibility if I’m to believe that the strangers who’ve come to their houses are all participating. Or is it in fact that they actually perform for each other when they have gatherings to see who can deliver the “best,” most cutting harassment, who might cause me to cry, or who might actually finally break me and cause me to flee my home! Oooo, Burn! I can just picture them on the other side of their exhaust fan that vents into the narrow space between their house and mine, craning their necks forward and whispering into the venting (that I probably wasn’t supposed to have seen father and son putting together in their garage one day, or to have seen a workman later repositioning to the height of the window in my facing kitchen door), “You’re old, you’re ugly, get out!”, or perhaps they’re using some computer-based mixing system cobbled together on their ground level. What won’t some privileged white kids turned felons do for a good time?

Either way, the mobbers or those who’ve hired them are much less “cool” or “badass investors” (aka real estate “property mobbers”) than plain pathetic and probably emotionally disturbed to boot. But that does not lessen the criminality of either being or hiring professional bullies to harass someone day-in-and-day-out and ensure they don’t even have privacy in their bed or bath. That does not lessen the criminality of the human rights crime that is forced eviction. Nor does it lessen the inherent criminality of having your attorney chum from college who advertises a specialty in eviction law and is also in attendance this evening, participating in the harassment as well as attempting to discredit the victim in court. These people may be professional tenant clearers, attorney in tow to refer clients to them and to defend them against their crimes. These are people who have no right to professional licenses of any kind. These are people who need to be arrested and prosecuted. Come on, Seattle Police. This shouldn’t be difficult to see through. These people have big mouths and are confident that they cannot be prosecuted. There are people who know what they do.

Another idea is an application that detects the use of the speaker by an unauthorized application or one that is not related to the current processes on the phone. Detection should trigger recording of the sound on the speaker, if any. If the speaker has been activated to listen, an alert should be sent and the listening capability squelched. The two-way use of the speaker makes it possible to both  monitor and to deliver harassment.

Apparently there are meetings these days where people are told not only to turn off their phones, but to leave them outside the meeting room because of these capabilities, which will likely be shown to be useful in corporate espionage. Even the public swimming pools I go to have become increasingly sensitive about the use of cell phones onsite, probably because of “camfecting,” that is, using the onboard cameras on cell phones to spy. But monitoring sound should also be of concern. At this point, phones are largely unmanaged devices, making them very attractive, I would imagine, to criminals such as those who have been pursuing me in an attempt to harass me out of my home for some corrupt and criminal real estate speculators in my neighborhood.

Maybe I’ll look into what it takes to detect the use of a smart phone speaker to listen, and to speak.

Back to my day.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: