Threat Levels

State level threats

The highest potential threat are state governments. Large numbers of people are employed to write malware by state agencies, this includes more than just the three superpowers. A known example is the "Stuxnet" computer worm. It targets small computers known as "PLC"s which allow the automation of industrial processes. The Stuxnet worm severaly damaged the nuclear program of Iran. It is presumed that the US government was behind the development of Stuxnet.

State level agencies also have access to information by corporate level threats such as Google, Facebook, Twitter, etc. It should be assumed that any information on the internet is available to state level agencies.

State level agencies have limits, they can only employ so many people and prioritize their resources to certain things. They likely don't care that you want to purchase a ham radio, because so many other people also purchase ham radios and their are other products they are more concerned about you purchasing.

However, they have automated processes to detect certain things and allocate human resources to those people. For example, some countries monitor the purchase of parts necessary to 3D print a weapon. If the purchases of a person, or even several people with high correlation between each other make this purchase, they will flag these automated monitors, and human resources will be allocated for further research.

Corporate level threats

Corporate level threats include search engines, social media companies, internet providers, cell service providers, phone manufacturers, and any company large enough to purchase politicians. Smaller companies can attempt some of the same things, but they will often get acquired by the current large companies.

Most large companies will share data with other large companies. At a minimum advertising data such as purchasing habits should be assumed to be shared by every large company.

Algorithms, such as social media feeds, the Youtube homepage and Youtube suggestions, are generally written to keep you engaged with their platform. But algorithms have also been modified to "Deboost" certain social media accounts that the social media company politically disagrees with. In many cases this is done by request of the government. Read the "Twitter files" released by Elon Musk and investigators he worked with to learn what the old Twitter regime did. I will leave you with one example, it was found that Twitter deboost not just right leaning accounts, but also left leaning accounts that were anti-war.

Small time level threats

Cartels and other small time local threats may not have the resources that that higher level threats have, but many of the attack vectors are the same.

A single person with technical know-how can scrap information from Wifi connections he is nearby. He can setup a simple website with a honeypot to record information that 99% of people will simply give voluntarily. He can even watch for you to open your garage, record the radio signal used by your garage door opener so that he can replay that signal later while you are not open and walk into your garage unimpeded. It's even possible to purchase or build fake cell phone towers.

A more brute force example, cartels have been seen using cell phone signal jammers. Imagine cartel members raiding homes without the homeowner being able to call 911, and they outnumber the homeowner.

These same threats can be done by higher level threats, but are more common with small time threats. High level threats have very large scams they can run that result in much more money, information, or psychological conditioning then these smaller, often more local threats.