Skip to main content

Who needs malware? I could have wrecked this kid’s life with a notepad

hypothetical stalker
Strategically censored notes show what I was able to find out about my neighbors just by opening my window. Image used with permission by copyright holder

This is the story of how I inadvertently became an identity thief.

Well, it wasn’t inadvertent like spilling a drink or fortuitously finding a dollar bill in a parking lot. I knew what I was doing. I just couldn’t believe how long I kept on doing it.

Let me explain.

The windows of my home office face across the street toward a fugly 1970s apartment building, and I can’t help but notice residents as they come and go – I also keep loose tabs on kids going to school, drivers who can’t parallel park, a nice guy in a motorized wheelchair who goes to the grocery most mornings, and a family of raccoons.

For days, they’re out on the sidewalk reciting their full names, phone numbers, current and previous addresses, and account numbers.

In August, two new tenants moved in across the street: We’ll call them Todd and Russell. They were different from typical renters, and not just because they wear plaid board shorts with neon green flip-flops and electric-pink plastic sunglasses. They conducted all their phone calls outside, sitting on the large rocks out front or pacing up and down the sidewalk. See, Todd and Russell had no cell service inside their ground-floor apartment, and a landline (I guess) would be too twentieth-century. So they went outside to use their phones.

And Todd and Russell were on their phones a lot. Since it was August, my windows were open and I quickly picked up on their first names and that neither owned a car because they’re figuring out rides, carpools, and bus routes. Just as I was beginning to tune out this chatter, I hear Russell: “No, no, log in to the fan page.” A long pause, a car drives past. Then, as clear as if Russell were in the room with me: “Try cosmic one three one monkey.”

What?! Did Russell just speak a password on a public sidewalk? He keeps talking, but has turned away and I can’t make anything out; by the time he’s facing my way again all I get is “OK, I’ll call later,” and he heads back inside.

I write down “Pink glasses FB fan page cosmic131monkey ?!” on the pad of paper I keep on my desk, and then I get on with my day.

But wait, there’s more!

A few days later, Todd and Russel get Internet service hooked up, and I see a new Wi-Fi access point change from something like HOME-E86B to SeattlePD – very funny, boys. Even with Wi-Fi and maybe even phone service set up, they’re still out on their phones all the time.

I’m overhearing them calling utility companies and the DMV to change their addresses, order stuff from Amazon, and shut down gas service at their old place. For days, they’re out on the sidewalk reciting their full names, phone numbers, current and previous addresses, and account numbers. Some of their friends come by and I overhear their Wi-Fi password. I confirm it by signing into the SeattlePD Wi-Fi hotspot for a minute, then pulling up The Onion. No problems. Unbelievable.

outside phone
Talking on your phone outside seems innocuous enough … but who’s listening? Image used with permission by copyright holder

It’s all getting very Rear Window – except it’s my front window, and all this is happening on a public sidewalk maybe 50 feet from my ears. And it’s not just me; I’m sure neighbors on either side of me can hear as much as I do, and I know a number of them are home during the day. Do Todd and Russell have a reasonable expectation of privacy for conversations they’re conducting on a public street? While I wonder about it, to my horror, I continue to write it all down – my yellow notepad is accumulating numbers, names, circles, and arrows.

My yellow notepad is accumulating numbers, names, circles, and arrows.

This goes on for weeks. Sometimes days pass when I don’t add anything to my cache of overheard credentials, but I’m still picking up dribs and drabs. Then Todd marches outside literally shouting about how he’s not going to pay some sort of late fee. Standing in the rain, wearing electric blue flip flops (I have no idea what that’s about), Todd thumbs angrily at his phone then declares authoritatively “I’m calling to dispute a charge!” I’m all ears. Todd paces up and down the sidewalk, gives his address and phone number (boring, I already have those), then says “Eight seven two nine.”

Uh, was that a PIN number? I look through my notes: I know who Todd banks with, and now I know he has a credit card, and I probably have his access pin for customer support. I’m ashamed to admit this, but I think I could call Todd’s bank and cancel his accounts. Or worse.

I decide I’m done. I rip the sheets off the yellow notepad and throw them in my to-be-shredded recycling.

Luke, I am your stalker

By now it’s early October, and I’ve closed my office windows and turned on the furnace. However, thanks to a gigantic maple tree, I’m also outside in front of the house more often, dealing with leaves and keeping storm drains clear.

I’m raking the driveway when Russell steps outside with an envelope in one hand and his phone in the other. He waves politely to me with the envelope, leans up against a no-parking sign, and dials the phone. Several minutes pass and I just keep raking, but I’m no more than 20 feet away when Russell says “Yeah, hi, I’m calling about my amended tax return.” After a long pause, Russell recites his name, his address, a nine digit number, and a six-digit number.

Rear Window
‘Rear Window’ showed just what one man could find out with a telephoto lens. In the 21st century, the stakes are even higher. Image used with permission by copyright holder

I can’t help it. I start repeating the numbers in my head, making a sing-song out of them, working them into the rhythm of my raking.

I’m all the way at the top of the driveway when Russell turns to go inside, but I shout “Russell! Excuse me!” then start toward him. Imagine this from Russell’s point of view: That weird neighbor with the ponytail who seems to be OCD about leaves in the street just shouted your name and is half-jogging toward you carrying a rusty rake. I see the fight-or-flight response rise up in Russell’s eyes.

“Sorry, I know this is weird, but is this your social-security number?” I rattle off the nine-digit figure. Embarrassingly, it comes out like in a creepy sing-song voice.

Russell is plainly taken aback. “How did you know that?”

“You just said it when you came outside, I heard it.”

“From across the street?”

“It’s only like 20 feet.”

Russell looks. “Uh, yeah, I guess so.”

Standing there with my rake, I feel like a reject from a bizarro-world Norman Rockwell painting, but now I’m on a roll. “That’s not all.” I point to my windows. “My home office is right there. You wouldn’t believe the stuff I’ve heard you two say when you’re out here on the phone.”

Russell still has the fight-or-flight thing going on in his expression, but he stands his ground. “Like what?”

“Well, names, phone numbers, accounts numbers, Facebook passwords, I think an Amazon security question or two…”

Russell stops me. “What are you going to do with it?”

“I’d like to show it to you. And, with your permission, I’d like to write an article.”

Won’t you be my neighbor?

Todd and Russell came over yesterday evening – ironically, after we watched the police arrest someone for burglary. (Yes, it’s that kind of neighborhood.) I fished the yellow sheets out of my recycling and laid out everything out for them, from that first Facebook password (it turned out to be for a fan page for their band) all the way through that afternoon’s incident with the social security number. I had many details wrong, particularly regarding their friends and relatives, but I had captured a surprising amount of information:

  • Todd and Russell’s full names (including correct spelling)
  • Their employers
  • Their previous addresses
  • Their current water and electricity service account numbers
  • Their Wi-Fi password
  • Two Facebook fan page passwords
  • Two of Todd’s Amazon security questions (although I wasn’t sure they were for Amazon)
  • The name of Todd’s bank (I was wrong about Russell’s)
  • Todd’s customer access PIN for his bank accounts
  • Todd has type 1 diabetes and is keeping it secret from his employer
  • Russell’s sister fled the scene of an accident in mid-September
  • Russell’s social security number and IRS E-Filing PIN

“If you were out on your porch I’d have gone somewhere else, but I didn’t think I was saying anything important,” said Russell. “What are the odds someone would put this stuff together?”

I’m ashamed to admit this, but I think I could call Todd’s bank and cancel his accounts. Or worse.

“I did think about it,” said Todd. “Doing phone calls outside seemed weird, but I did the same thing at my old place and it’s not like I was sitting on the bus. Phone calls are, just, private, you know? I do almost everything on my phone.”

Despite all the complex digital security safeguards in place to protect their online information, Todd and Russell fell prey to the simplest of analog holes: someone simply overheard them. All the encryption in the world can’t save you if you’re literally broadcasting your passwords to the neighborhood.

But the situation also highlights how relying on our mobile devices can backfire. The more we rely on our smartphones and tablets to organize and manage our lives, the more we assume that we can organize and manage our lives from anywhere, whether that’s the living room couch, a coffee shop, or pacing up and down the sidewalk in front of our homes. We live in cocoons of mobile apps, messages, and online friends, pushing back the noise of the world with earbuds.

But the world is only a few feet away. And, sometimes, we’ve got its full attention.

Note: My neighbor’s names aren’t Todd and Russell, and with the exception of that first Facebook password (which they assure me was changed some time ago) all sensitive data in this story has been fictionalized. My neighbors approved use of blurred out images of my notes, and we completely changed their Wi-Fi network configuration.

Correction: A Social Security Number was originally described as having eight digits rather than nine. This has been corrected.

(Image credit: Shutterstock.com and kcsb.org)

Editors' Recommendations

Topics
Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Does the Apple iPad (2022) have USB-C? What you need to know
The yellow iPad (2022) lying face-down on a green bush.

The Apple iPad (2022) comes with a plethora of upgrades. It has a landscape front-facing camera, a new keyboard, upgraded cameras, and more. But you don't get these upgrades for the affordable price tag of $329 that the base model has been for years.

The iPad (2022) ramps up the price to $449. You would expect the Lightning port to be gone, as the base model was the only iPad without a USB-C port. So, does the iPad (2022) feature a USB-C port? Here's the answer.
The iPad (2022) comes with a USB-C port

Read more
Does the Apple iPad Pro (2022) have wireless charging? Here’s what you need to know
The M2 iPad Pro.

Apple's new iPad Pro (2022) seemed to land out of nowhere, and if you've got your eye on the most powerful iPad in the Apple lineup, chances are you want to check whether it's got wireless charging before you spend your hard-earned cash. Wireless charging isn't a common feature on tablets, and we've got some good news and bad news when it comes to Apple's latest iPad Pro.
The bad news

Let's start with the bad news: The Apple iPad Pro (2022) doesn't have wireless charging. There were rumors the next iPad Pro would come with wireless charging and MagSafe, but this never came to pass. With that said, most tablets on the market don't offer wireless charging, so you're not really missing out.
Is it a big deal?
Now for the good news: Since most of us have never owned a tablet without wireless charging, you're not likely to miss it here. The new Apple iPad Pro (2022) packs a 28.65-watt-hour battery in the 11-inch model and a 40.88-watt-hour battery in the 12.9-inch model, which are two hefty battery cells..

Read more
Does the iPhone 14 Pro have a battery life problem? It sure looks like it
iPhone 14 Pro battery life settings.

I've been using an iPhone 12 Pro for the past two years, offering battery life that easily kept me happy. I rarely drained it to the point of needing to use Low Power Mode, let alone charge midday, unless I was traveling -- meaning most days, I went to bed with north of 20% left in reserve. This was great, because I prefer the size of the standard Pro model and really didn't want to go up to a Pro Max just for the battery life.

Now I have an iPhone 14 Pro, and my perceptions about whether I bought the right phone are getting scrambled. Because, well, the battery life just isn't very good. I've been white-knuckling it at under 10% battery at the end of every day, even though I've been hitting Low Power Mode at 20%. I spend a lot of time on Wi-Fi, at my desk not using my phone. I only have 3 to 4 hours of "Screen Active" time per 24-hour period (as the iPhone's battery settings display things).
It's not me, it's the iPhone

Read more