In one of the clearest examples of technical surveillance in his case, Chris Horlacher discovered and documented a DNS-based Man-in-the-Middle (MITM) attack that was intercepting and potentially monitoring his internet traffic.
Discovery of the DNS Hijack
While investigating persistent connectivity problems and router compromises in 2025, Chris noticed that DNS queries were resolving through unexpected Akamai servers located in the United States, even when he manually configured trusted public resolvers such as Cloudflare (1.1.1.1).
He engaged an independent, experienced cybersecurity professional to conduct a thorough forensic investigation. The expert worked directly with Chris as he performed extensive testing across multiple devices, configurations, and networks. The results confirmed anomalous DNS behavior consistent with interception or manipulation, primarily affecting the home Telmex network.
Controlled Disclosure Test
At the time the DNS MITM was still active, Chris made a deliberate controlled disclosure. He shared specific details about discovering and isolating the attack with only one person — Ilya Fadeev, a minor shareholder and former lead wallet developer at Equibit Group — who was known to be in communication with Marc Godard, a co-founder, former CTO, and lead suspect in Chris’s investigation of the sabotage and entrapment efforts that had been levelled against him.
Within hours of this limited disclosure, the most obvious signs of the DNS manipulation disappeared. Follow-up testing confirmed that DNS queries were now resolving normally through trusted servers.
Expert Analysis and Evidence
The cybersecurity specialist produced a detailed report documenting the investigation, test methodology, and findings. This report included extensive DNS leak tests, nslookup results, and comparative analysis across networks.
Expert Report (August 18, 2025):
Screenshots of the DNS tracing tests are available upon request to competent researchers or journalists.
Notably, this was the same expert report that Chris later witnessed being spontaneously moved to his desktop through apparent remote access via his Microsoft OneDrive account.
Strategic Context: “Control the Battlefield”
Had Chris remained in Canada, such a MITM attack might have been unnecessary. Canadian authorities could simply serve a warrant directly to the ISP for full traffic access. By relocating to Mexico, Chris deliberately removed one of the most powerful tools from his adversaries’ arsenal — forcing them to resort to more complex technical attacks like router compromises via TR-069 and DNS manipulation.
This forms part of Chris’s broader “Control the Battlefield” strategy, which comes from Sun Tzu’s Art of War: denying easy institutional access and forcing any surveillance into more detectable, and legally questionable methods.
Implications
A DNS Man-in-the-Middle attack at the router or ISP level is extremely invasive. It enables:
- Logging of every website visited
- Undetectable traffic redirection to spoofed websites
- Monitoring of communications (even HTTPS to a limited degree)
The precision, persistence, and rapid response to the controlled disclosure strongly suggest a targeted operation by sophisticated actors.
This incident adds to the growing body of technical evidence of digital harassment that includes router compromises, Microsoft ecosystem intrusions, and other documented attacks.
Further Reading:
- Router Sabotage via TR-069
- Microsoft Unauthorized Access Incidents
- Complete Media section
These attacks highlight the vulnerabilities of modern connected infrastructure and the challenges faced by individuals seeking accountability from powerful institutions.
If you value digital privacy and the right to due process, please share this post.
Have you ever suspected DNS manipulation on your network?
