Mark Loveless, aka Simple Nomad, is a researcher and hacker. He frequently speaks at security conferences around the globe, gets quoted in the press, and has a somewhat odd perspective on security in general.

Why I Am Paranoid

Why I Am Paranoid

Having had many conversations with family, friends, co-workers and conference attendees, I've come to realise that I am more paranoid than most people. Now this is not in a crazy conspiracy theory way, in fact I don't believe in most conspiracy theories - although I do find a large amount of them both entertaining and an interesting touchpoint for what happens to those that take the paranoia thing too far. My background in security, especially areas involving threat analysis and risk assessment, has allowed me to temper my paranoia to realistic levels. Or at least that is what I keep telling myself.

So how did I get here? What led to this (in my mind) justified paranoia? It comes from three main areas, and I'll provide some details for your reading pleasure.

Strange Luck

I have what I jokingly refer to as "strange luck", based off of the ill-fated television show from the mid 90s of the same name. This isn't what I would consider as good luck or bad luck, as there seems to be a smattering of both. In some cases I simply witness someone having bad luck, and I have the good luck to not have it happen to me. The running theme though is “weird”. Here is an incomplete list:

Photo by  Nikolas Noonan  on  Unsplash
  • I have seen maybe two dozen tornadoes. Growing up in Oklahoma and living in Texas has helped. So has amateur storm chasing. Remember, it is a funnel until it touches the ground, then it is a tornado. I've been in one - the tree right in front of me was pulled up out of the ground. My wife and I witnessed two on the ground at the same time while traveling south on I-35 in southern Oklahoma - one to the west of the highway, and one to the east. A lot of my nightmares to this day involve tornadoes. Or alien invasion. Sometimes both.

  • Speaking of, I have seen three UFOs, although technically it was one sighting. They were flying in formation along the US-Canadian border. This was in Blaine, Washington, in the early eighties. No, no drugs were involved, there were at least a dozen witnesses.

  • I have found a dead body. The dead body belonged to a tenant when my family lived in Tulsa and rented a garage apartment to an elderly cleaning woman. Her daughter showed up since she had not heard from her for a couple of days. More oddness, I had to ask the police and the ambulance to move their vehicles so I could drive my wife to the ER since her contact lens had scratched her eyeball, which they did right before they removed the body. That was a weird day for sure.

  • Possibly even weirder was the partial dead body. Wait, not partially dead, I just found a piece of a body (the death was pretty obviously implied). We had moved to Texas, and after a late night in the office I was driving home from downtown Fort Worth and had a flat tire. I had pulled off of the road and ended up calling my wife to come and get me from a pay phone, as a cellphone was well beyond our budget, and they weren't really en vogue in the mid 90s. Pagers were the rage, and I had my work pager on me. I gave her directions to come and find me since the spare tire was also flat, and one or both of us got the directions wrong and I watched her drive past me and on up the street. All I could do is wait until she paged me and I called her at the gas station where she had stopped. I immediately started walking toward the direction she was coming from as apparently the payphone I was calling from was a popular spot for drug dealers. As I reached the top of the hill, I noticed some stray dogs fighting over some very large bones - in particular there were two dogs seriously fighting over what looked to me to be a human femur. I dismissed it as my imagination, kept walking, my wife found me and I managed to get home safely. The next morning I went back and got the spare fixed and eventually made it to work late in the morning. My wife called me later and said that it had been reported on the noon news that a human body had been found as dogs had uncovered and scattered the skeleton, and were fighting over the bones in the neighborhood where I'd had my flat.

  • I have witnessed two people die in car accidents that occurred right in front of me. One of them my car was barely missed, back when I lived in Tulsa. I was young and driving to work alone, and it was my first time seeing a dead body outside of a funeral home. In the other car crash, the individual who died had clipped our car and plowed head on into the car right behind us. My wife, son, and I were okay, but our car, a rental, was undrivable. This was on I-45 outside of Houston. Several other cars were mangled and destroyed, and in one of them the occupant was flown to the hospital via a helicopter that landed on the highway. We just watched the whole recovery thing unfold while sitting on the back of a firetruck. Weird evening.

  • I have seen - multiple times - what one might call a ghost. I have no idea what this actually is that I am seeing, but it is something that I could physically see with my own eyes, and before you ask, yes while completely sober. I also did amateur ghost hunting way before it become a cable television thing, in fact that is how my wife and I met. To this day I still see these whatever those things are. I think nothing of it. It is only creepy when it is an odd shape, like a two foot high white blob that follows me around in an old building and peeks around corners or something.

  • I have been stopped by the police twice as a suspect in an armed robbery. In both cases my vehicle matched the description of the getaway vehicle, in fact in one of the cases there was a roadblock with a lot of police and guns drawn. So never own a rusty green Pontiac SS or a old maroon Ford Maverick, trust me.

  • I have been mugged four times - once at gunpoint, twice at knifepoint, and once I was simply hit on the head with something. In the case of the gun, the police were right there and caught the guy, in the other cases, they got away. All total from the four muggings I was probably out maybe $40.

  • I have been pickpocketed more times than I can remember. At this point I carry a bait wallet with my real wallet in my front pocket. Don’t laugh - I am on my third bait wallet.

Photo by  Matt Seymour  on  Unsplash

Government Investigations

My background is in hacking and the hacking community. As a result, not only did I have the usual paranoia associated with being a hacker that pushed the limits of laws while exploring the growing online world, but I had odd interactions with law enforcement that simply added to it. I've been under investigation by the FBI twice and Secret Service once. Oddly enough, that was not enough to prevent me from getting a Secret-level security clearance when I worked at MITRE, and I even worked on a few classified projects with the FBI.

  • I had tracked the movements of then President Clinton during a visit to the Dallas area, as the Secret Service communicated via plaintext pager traffic, sending messages to each other about the progress of the President as he moved through Dallas. I made the mistake of mentioning this to a local television reporter and actually being interviewed on air about it. The reporter stated that afterwards the Secret Service showed up at the television station and mentioned I was under a big investigation and they questioned him about me, but I was on the air as "Simple Nomad" and I was never raided nor heard anything after that. I guess the Feds are touchy about tracking presidential movements in Dallas for some reason. The reporter gave them nothing. This was in the early days of the web so I guess that made it hard to track me down or something, or they realized I did them a favor. Unencrypted pager traffic from the Feds completely ended shortly after that.

  • During a DEF CON conference in Las Vegas, I was having a chat with an FBI agent where we were simply talking shop about security. It had started as about 4-5 of us but eventually ended up being just the two of us. Now this guy looked so familiar that I finally asked him, have we met before? I felt like we'd chatted before, maybe at another conference, and told him so. I started asking him about other conferences we might attended, and he finally laughed and said yes we had chatted a couple of years before quite extensively at DEF CON. When I mentioned I didn't remember chatting with a Fed at DEF CON like that before, he smiled and said "I was operational then". After a slight pause, we both started laughing, and I said that I was never arrested so I guess he didn't get anything good out of me. He said yes, I was quite well in check and they got nothing.

  • I was speaking at a conference in Dallas, so it was a local gig. My session was in the afternoon, and after checking out the agenda I saw the head of the FBI's Dallas Cyber Task Force was speaking, so I though it might be interesting to see what the guy might say. I arrived early for his talk, and had gone into the restroom. On the way out there was a gentleman preening in front of the mirror by the sinks. As I approached, he looked up and even though my name badge was in my back pocket, he saw me and recognized me. "Mark Loveless! Well what a surprise!" He lit up like a Christmas tree and introduced himself as the head of the Dallas Cyber Task Force. He was thrilled I was there to hear him speak. He kept asking me questions as we walked to the room where is session was at. "You still hacking?" "You bet, every day." He'd just laugh and laugh. "Hey do you know blah and blah? Oh of course you don't. You gotta meet them!" He named off two guys by first name, they were his co-workers there in attendance, and I did meet them. They seemed slightly thrown off as they obviously knew who I was. The agent referenced me several times during his talk, goofy things like "and to perform X, hackers often use that tool, uhm, Mark what is the name of that tool?" And I'd answer. Pity he couldn't stay for my talk in the afternoon, but his two colleagues did. Nice guys. They never did tell me when and why they had investigated me, but we had a nice chat nonetheless.

The Hotel Room Issue

Occasionally one has one of those incidents that really brings on the paranoia. That sobering moment when you realize that 1) yup they are out to get me, and 2) oh holy crap I am so unprepared. This is that incident.

In 2001 in Las Vegas, I was scheduled to participate in Hacker Court at the Black Hat Briefings. Since the hour-long mock trial takes place during happy hour and consists of a joke-laden mock trial with real hackers, real lawyers, real Feds, and real prosecuters (one year they had a real federal Judge), I thought I should leave my laptop in my room at Caesar's. Now I was already fairly paranoid, so I had removed my hard drive from the laptop and loaded it into the room safe, and for added measure I took a very long hair from my hair brush (back then my hair was nearly waist long) and placed it across the drive before I closed the safe door. I had also noted the screw positions of the screws holding the plates on around the light switches and wall outlets, since I figured those were good places to hide a listening device - this was after the Dallas Cyber Task Force encounter, so my guard was up.

Lo and behold, when I got to my room, two wall outlets had screws in different positions, and I ran to the safe. The drive was still there, but the hair was gone. I instantly sobered up, and spent the next few hours examining the hard drive after booting from a CD and mounting the hard drive read only. Apparently the drive was inserted into the laptop and the device was booted. A bait subdirectory named "0day" in my home directory had been accessed and copied to an external device that had been mounted, and the two large files "a.tgz.enc" and "b.tgz.enc" had been copied. A few other directories had been looked at, then the system was shut down after maybe ten minutes or so. All the timestamps lined up with me being in Hacker Court.

The funny thing is, I discovered after I reported this to Caesar's hotel staff (who moved me to the Flamingo across the street, since both are owned by the same company) that I was not the only one this had happened to. All told there were about a dozen incidents that year in Vegas. The FBI even tracked me down the next day to ask me about it. Later in life I did learn a bit more about the incident through other sources, and it seems there was a large operation conducted by a foreign government agency. It is no secret in the security community that a lot of spy stuff goes on in Vegas during BHDC summer camp - friends of BH organizers that work at hotels report a huge amount of government discounts being used to book rooms, certainly three or four times more than the government agencies and contractors that actually attend Black Hat.

The punch line? Well, those two files - a.tgz.enc and b.tgz.enc - contained old Linux kernel source code and porn. I hope it was worth the resources required to decrypt them.

If you run into me while I am traveling, even at dinner during a conference, this is why my laptop bag is with me. I just deem the hotel room unsafe which simplifies things substantially.

Photo by  Jon Tyson  on  Unsplash

Photo by Jon Tyson on Unsplash

So Here We Are

There have been other odd things in my life as well, such as my wife and I staying in a motel room with bullet holes in the wall, asking for a hotel room on a higher floor in NYC because the street gunfire was too noisy for me to sleep (it was the 90s), or the fact that I flew out of Boston Logan airport on a Friday, connected in Newark and saw the twin towers from the airplane, and the following Tuesday a bunch of hijackers flew out of the same airport - Boston Logan - and took down those towers. Weird things happen in life. But I've had some really odd personal things happen that make me think I should take a few extra precautions, because if there's one thing I've learned from examining streams of ones and zeroes, when patterns appear those patterns might mean something.

Lost in Transition

Lost in Transition

My iPhone Apps, and Why I Use Them

My iPhone Apps, and Why I Use Them