[Cryptography] Creepy correlation noted

Tom Mitchell mitch at niftyegg.com
Tue Jul 11 22:03:15 EDT 2017


On Tue, Jul 11, 2017 at 5:02 PM, Henry Baker <hbaker1 at pipeline.com> wrote:
> While this note doesn't discuss encryption, per se, perhaps there is some encryption technique that could be used to solve this type of surveillance.
.....
> No, I don't believe I've been hacked, unless you consider surveillance by your own ISP to be hacking.
.....
> Any ideas?

If this is what is happening there needs to be a law to slam the door
for ISPs selling such a service.

Anyone with cash and an apparent storefront could buy such a service.
Even the Russians...  ;-)
Stalkers are both poor and rich. Agents of good, bad and evil are both
poor and rich.
Employees could abuse such an infrastructure and might bypass audit.

Sadly crypto might not help here unless you use a VPN in
interesting ways.    Using a VPN exchange with a local friend might be
diagnostic
if local routing bypassed the ISP central switches because it was on
the same wire.
A local squid proxy might show interesting traffic in logs.

Criminals once targeted employees of an geologic firm that sent
folk out for weeks at a time.   Hello, is Perry in.  and the secretary said
no.  When will he be in? ... oh not for a week or two.  Thank you I
will call back then.
The house had been emptied into a 'borrowed' monster van when he got home.
Nothing was recovered...
The word went out... and the secretaries in the geology community
learned to say nothing other than -- may I take a message.

Yes that was phishing and social engineering but to a physical end digital
is not different.

This predated voicemail.  Do check your message "Hello this is
555-1212 leave a message"
might leak too much info.    "After this short haiku leave a message" might
be better for friends that know you.

Do you have a 'Nest'.  Security cameras?
It makes sense to snoop your net and look for traffic that
is unexpected.   You could have been hacked but invisibly
and if so it would be a worthy discovery.

Yes cron and automated URL gets make sense.
Browsers can be launched with a URL from a shell script so CSS
content gets pulled too.
There was a Firefox? plugin that would visit a dozen famous sites
and follow random links while searching for 'interesting' words.
The intent was to make a browser history worthless for discovery.

Time for me to dust off and update my gateway router again.

Some things might help.
   See: "privacy badger"

   See:  # This MVPS HOSTS file is a free download from:
            # http://winhelp2002.mvps.org/

For the MVPS, a script can convert the hostnames to IP addresses for a
block or drop
list to load into a firewall to catch the random scripts in HTML/CSS
that have hard
coded IP addresses that MVPS used to catch by name.




-- 
  T o m    M i t c h e l l


More information about the cryptography mailing list