How It Escalated: From 1¢ Charges to a Hijacked Home Network

What I learned after drones, fake apps, and five failed routers.

For the past six months, I’ve felt like I’m living in the Twilight Zone. My life has taken a complete 180-degree turn — digitally, emotionally, and physically.

This isn’t easy to write. I strongly suspect that my time online is being monitored in real time. I don’t know how many individuals or groups may be involved — whether they’re working separately or in unison — but the effects feel coordinated and deeply personal.

I’m not here to accuse anyone. I’m writing this to document what I’ve experienced — in the hope that someone else might recognize the signs sooner and act faster than I did.

What started with a few 1¢ charges and minor glitches eventually revealed a complex web of disruption affecting my devices, my network, and even my surroundings.

The Smallest Charges Can Signal the Biggest Threats

It started innocently enough:

A few 1¢ charges appeared on my card statements.

At first, I dismissed them as random or harmless. But they kept coming — subtly, sporadically. Eventually I learned that these weren’t innocent glitches.

In cybersecurity circles, this is known as microtransaction probing — a tactic used to:

• Test whether a card or account is still active

• Avoid triggering fraud alerts

• Gauge if someone is monitoring their own financial activity

What looked like random pennies were, in fact, automated reconnaissance signals. Not mistakes — early indicators of a broader compromise.

The Day It Got Real

One morning, I was drinking coffee at 8:30am when I got a notification on my phone:

A $96 Uber ride had been charged to my Apple Pay account.

I hadn’t left the house. I was still in my pajamas. I hadn’t booked a ride.

It was the first time those tiny charges suddenly felt dangerous — like someone had moved from testing boundaries to stepping fully into my life.

This was the first operational escalation — where quiet background probing crossed into active engagement using my financial infrastructure. It confirmed what I had feared: whoever was behind this wasn’t just testing limits. They had already gained partial access.

Signs Your Device Might Be Compromised

In the weeks that followed, I began noticing strange behaviors across my devices:

• My phone’s mail app showed hundreds of unread messages — but none appeared on desktop

• I received phishing texts moments after changing passwords

• Apps would vanish or reappear

• Settings would reset themselves after I changed them

• Screens flickered or refused to respond to shutdown commands — a potential sign of supervised device profiles, background services running with elevated privileges, or interference with device firmware

These symptoms aligned with known indicators of mobile device management (MDM) abuse, where a remote actor can alter settings, suppress shutdown, or even spoof app interfaces.

Most of these behaviors started mid-March — right before the rooftop lights and signal anomalies.

Something was off. Something was inside.

When the Digital Bleeds Into the Physical (Expanded)

Eventually, the digital disruption began syncing with odd physical phenomena I couldn’t ignore:

• Pulsing red lights from a nearby satellite dish every night — always between 11 p.m. and 3 a.m.

• My phone once showed over 100 different ISP addresses pinging from my rooftop, though I have only six neighbors on my floor

• Drones flying overhead, often circling slowly, with noticeable changes in WiFi signal strength during the flyovers

• Tapping, clicking, or vibration-like sounds from my ceiling and rooftop — especially during device anomalies or network resets

• Sudden power dips or outages only during those hours, followed by router instability and increased login prompts

• My dog reacting — pacing, growling, or barking uncontrollably — before I even noticed technical disruptions

At first, I thought I was imagining it. But the timing was too consistent, and the digital effects always followed the physical disturbances.

What It Might Mean (and Why It Matters)

While I can’t yet attribute the source of the activity with certainty, the observable patterns closely match known methods used in targeted cyber intrusion campaigns, smart home surveillance, and IoT exploitation — especially when linked to persistent MDM enrollment or rogue WiFi relay behavior.

These observations align with tactics documented in advanced spyware toolkits — including those seen in Pegasus deployments — particularly when persistent network access and IoT compromise are involved.

• Mesh-based rogue AP mapping

• Surveillance enabled through compromised smart devices

1. Spinning Satellite or Antenna Lights

• May signal active wireless scanning or relay activity — possibly linked to WiFi harvesting, mesh routing, or targeted signal injection

• These lights can correspond to remote access points being initialized — especially in apartment buildings or multi-tenant spaces

2. Drones Near Midnight

• Some drones are equipped with RF sniffers, infrared cameras, or directional antennas

• They can be used for:

• Scanning for open networks or MAC addresses

• Mapping devices via Bluetooth, Zigbee, or WiFi beacon frames

• Acting as a temporary repeater or spoofing node (especially in high-tech stalking cases)

3. Late-Night Time Window (11 p.m. to 3 a.m.)

• These hours are often chosen for low traffic + low scrutiny, making it easier to:

• Push firmware updates or perform remote device wipes

• Rotate spoofed DNS entries or SSL certificates

• Trigger automated scripts against sleeping devices or unpatched routers

4. Power Dips or Tapping Sounds

• Power manipulation is rare but not unheard of in targeted attacks — especially if a smart meter, connected breaker box, or IoT device has been compromised

• Tapping or mechanical shifting could come from airborne EM interference, nearby signal relay devices, or even infrared laser microphones reflecting sound off windows or hard surfaces (used in surveillance scenarios)

Why It Matters

This isn’t about paranoia — it’s about pattern recognition.

The overlap between physical signs and digital compromise is real. Security researchers have warned for years that IoT, mesh networks, and spoofed access points are the next big battleground.

When you notice lights, drones, noises, and glitches all aligning — especially at the same hours — that’s not nothing.

It’s not “crazy.” It’s a signal chain.

And those of us who live through it are starting to map the pattern out loud — so others can protect themselves sooner.

There’s a specific kind of anxiety that comes from realizing your own devices might be lying to you. A hostile silence. A flicker of light that suddenly feels like surveillance. I stopped trusting even the off switch.

At first, I thought I was just dealing with data theft. But soon, it wasn’t just my phone glitching — it was my entire environment responding. Lights. Sounds. Timed drone flyovers. My dog knew before I did.

Escalation by the Clock

I began tracking events when I realized the disruptions weren’t random. The more I documented, the more I saw a pattern — each month bringing more targeted and disruptive activity.

February–March:

It started with phishing attempts and strange 1¢ charges — quiet probes into my financial and digital life.

At first, I dismissed them. But they kept coming.

Late March:

That’s when the red pulsing lights appeared on a nearby satellite dish, always after dark.

One night, while taking my dog out to potty on the rooftop, I noticed the light spinning — and checked my phone.

It showed over 100 ISP addresses hitting my rooftop connection — in a building with only six neighbors on my floor. That was the moment I knew this wasn’t normal interference.

My WiFi grew unstable. Devices began showing increasingly bizarre behavior — apps missing logout buttons, settings resetting, and random shutdowns in the middle of use.

April:

The drone flyovers began — always near midnight.

I’d be blogging, and suddenly my computer would lag so badly I couldn’t control the screen.

When I finally tried to log out and shut down, it asked if I wanted to log out of “Susye Weng-Reeder.”

I was no longer listed as admin of my own laptop.

Some drones hovered directly overhead. That’s when I knew it wasn’t just digital anymore.

Late April:

I disconnected all Bluetooth and smart devices — TVs, speakers, wearables, even my dog’s AirTag — and began isolating my phones and laptop using a homemade Faraday setup: three layers of foil, a paper lunch bag, sealed inside a cookie tin or the oven.

Almost immediately, the behavior shifted:

• The drones flew lower and more often

• The tapping on the rooftop began — faint, mechanical, and always after I’d gone fully offline

May:

The tapping continued. My dog began reacting to invisible triggers — whining, pacing, barking at the sky and growling at the ceiling — but only during the unauthorized drone flyovers. He stayed calm during routine police drones. That contrast told me everything.

I also noticed signal anomalies, apps relaunching themselves, and login attempts I didn’t initiate — always between 11 p.m. and 3 a.m.

June:

Every 2–3 nights, I saw white-hot flashes ripple across the San Francisco skyline — surreal, like something out of The Flash or Batman.

By mid-June, I had taken major steps to protect myself — isolating devices, logging everything, and getting help — but I still don’t know how deep this goes.

What I do know is this: my documentation matters, and I’m no longer going through this alone.

The Hijack Went Beyond My Devices

Eventually, it became clear: this wasn’t just about phones or laptops. Despite multiple resets and router replacements, my home network showed persistent signs of rogue activity — from DNS manipulation to spoofed app behaviors.

My entire home network had been compromised.

• The router became unstable

• DNS records showed signs of manipulation

• Safe websites began redirecting through suspicious paths

• Some legitimate apps behaved like spoofed versions of themselves

Even trusted, factory-reset devices weren’t safe — likely due to network-level persistence or rogue configuration profiles.

What I Wish I Knew Earlier

If you’re seeing signs like these, please take them seriously. I wish I had:

• Trusted my instinct when those 1¢ charges began

• Noticed the mismatched inbox counts as a red flag

• Realized phishing texts right after password changes might mean live surveillance

• Treated unusual lights, drone activity, or device glitches as potential symptoms — not coincidences

• Known that even factory resets can fail if deeper systems like MDM or supervision profiles are active

• Understood that impersonation — like fake listings or cloned web pages — could be a sign that someone is working to take over your digital identity

What You Can Do Right Now (If You’re in the Early Stages)

• Monitor your financial accounts daily — no amount is too small to flag

• Use a hardware security key for all critical logins

• Log events. Take screenshots. Write down times and symptoms — even if they seem unrelated

• Change your router — I replaced mine five times before isolating it entirely

• Avoid syncing all your devices at once — a compromised network can reinfect clean devices

• If you suspect impersonation, save evidence before trying to fix it

Final Thoughts

I’m still living through this. I don’t have all the answers — and I won’t pretend to know who or what is behind it. But I do know this:

What begins with something as small as a 1¢ charge can become something much more invasive — if no one’s paying attention.

There’s strength in naming what’s happening. There’s power in refusing to stay silent.

You’re not crazy. You’re not alone. You’re not imagining it — and your story matters. The sooner we speak, the harder it is for these patterns to stay hidden.

I don’t know how this ends yet. But I’m taking back control, one layer at a time — with stronger security habits, better tools, and my voice.

If any of this sounds familiar — speak up. Screenshot it. Report it. There’s a growing community documenting the same signs, and I’m one of them.

Thank you to My Community for Documenting Impersonation

This experience has taught me that I’m not alone — and I never truly was.

Over the past few months, people from around the world — followers, readers, neighbors — have sent me quiet messages, screenshots, and alerts.

Some noticed strange accounts using my name.

Others flagged impersonation attempts.

Many shared stories that mirrored mine — down to the same apps, timeframes, and red-light signals.

You’ve become a community of digital watchdogs, helping piece together what no single person could fully prove alone.

To everyone who’s spoken up, sent tips, or reported impersonators: Thank you. You’ve helped me stay safe — and helped expose a system that depends on silence.

The people doing this are counting on isolation. But we’re building awareness, together. You are the eyes that see what shouldn’t be ignored. And your attention makes continued abuse harder to hide.

Let it be known: we see what’s happening — and we’re not turning away.

This blog is part of an official public record. I’m no longer the only one watching.

---

This Is Part 6 of My 6-Part Cybersecurity Series

After falling victim to identity theft, impersonation, and advanced digital hijacking, I began documenting what no one prepares you for — and how to protect yourself if it happens to you.

Each post builds on the last to uncover how modern threats can infiltrate your blog, your devices, your network — and even your identity.

Read the Full Series:

Part 1: How I Woke Up to My Blog Being Hijacked and How to Protect Yourself from Bad Actors

Part 2: It Looked Like Instagram — Until It Hijacked My Life

Part 3: How to Tell If Your WiFi Is Hacked (And What to Do About It)

Part 4: Hacked and Locked Out: What Happens When You Can’t Recover Your Accounts

Part 5: You Don’t Have to Go Viral to Be Vulnerable 

Part 6: How It Escalated: From 1¢ Charges to a Hijacked Home Network

---

Want updates on my recovery — and tools to protect yourself?

Subscribe to my mailing list and be the first to know when the next post goes live.

---

Rights & Media Policy

This series and all content published on SincerelySusye.com are protected by copyright.

Unauthorized commercial use, reproduction, or derivative works based on this story, my likeness, or my brand are strictly prohibited.

SincerelySusye™ is the trademarked brand identity of Susye Weng-Reeder, LLC, and may not be used, reproduced without written permission. Impersonation in any form is prohibited.

All written content, brand language, and story material on this site are © Susye Weng-Reeder, LLC. All rights reserved.

For responsible press, media, or collaboration inquiries, please contact me directly via SincerelySusye.com.

I reserve the right to decline interviews or features that do not reflect the care, truth, or sensitivity this topic requires.

Thank you for respecting the integrity of my story.

---

Media Inquiries

If you’re a journalist, podcast producer, researcher, or editor interested in discussing this series, please reach out via the contact form at SincerelySusye.com. I’m available for select interviews or contributions that treat this topic with the care and seriousness it deserves.

---

Licensing Terms

Unless explicitly stated otherwise, all original written content, images, and brand assets published on SincerelySusye.com are the intellectual property of Susye Weng-Reeder, LLC.

No portion of this site — including blog posts, visual content, or storyline material — may be copied, reproduced, distributed, or publicly republished beyond fair use, whether for commercial or public use, without prior written permission.

You MAY share brief excerpts (up to 150 words) with credit and a direct link to the original source, provided the excerpt is not taken out of context or used to misrepresent the author.

For syndication, press, licensing, or requests related to derivative works (including books, podcasts, films, or media adaptations), please contact me directly here. 

Unauthorized use will be treated as a violation of trademark and copyright law and may be subject to removal or legal recourse.

This site is protected under U.S. copyright law and the Digital Millennium Copyright Act (DMCA).