A few years ago, when I was still with the government, a buddy from a different agency reached out with a serious problem. He had a confidential informant with ties to a very serious terrorist organization. He wasn’t worried about his own safety – he was worried about his informant. If anyone observed them meeting and figured out which agency my buddy worked for, the informant could end up dead. Very legitimate concern.
He was already using good traditional tradecraft like surveillance detection routes to check if he was being followed. But he remembered me theorizing years ago about using wireless signals to detect surveillance. The idea was simple: if you go to a bookstore, then a gas station, then a coffee shop, and you see the same devices at all three locations – well, even sophisticated surveillance teams using good tradecraft still have phones and other devices giving off signals.
My buddy had gone to his agency’s tech people looking for something like this, but they had nothing. He couldn’t find anything online, and when I looked, I couldn’t either. So I told him, “Give me a couple weeks.” I built him something using a Raspberry Pi, battery pack, small Pelican case, and a little screen. Wrote a Python tool, called it “Chasing Your Tail,” and it worked after a lot of testing.
I thought it was a neat idea, so I submitted it for a Black Hat talk. Didn’t think it would be a big deal, but it turned into one – packed room, got featured in Wired magazine, really cool stuff. Over the years, I’ve gotten lots of emails from people using it for things like search and rescue. Got a real tearjerker once from a guy whose wife was an emergency room doctor getting threats from crazy people. He said the tool was helping them sleep at night. Man, it got dusty in that room real quick.
I haven’t really done anything with it since then. But recently, one of my students reached out saying they were trying to get it working on a Raspberry Pi 5 and running into issues. I told them, “You know what? I don’t have a Pi 5, but let me get one, get it working, and I’ll document it better for the newer hardware.”
So that’s what I’m going to be blogging about over the next week or so, maybe with a few other topics mixed in. For the past couple years, I’ve had ideas for improving the code but haven’t had the development time. Now with Cursor, I think it’s going to be much easier than before. We’ll work on adding some improvements and document everything here.
