If you are new to the Equibit story, please read The Assassination of Equibit, originally released in 2023.
In December 2020, shortly after beginning to document what he believed was coordinated surveillance, Chris Horlacher deployed a honeypot on his home network named “Equibit-DEV”. What happened next provides some of the most intriguing technical evidence in his case.
The NASA HPCC Connection
Within hours of bringing the honeypot online, it recorded a probe from IP address 169.254.15.240 — a device on the NASA High Performance Computing and Communications (HPCC) network.
Even more notable: the probing system created a DNS entry for itself as “Equibit-Dev-3.local” — directly referencing the name and naming convention of the honeypot on Chris’s local network. This was not random internet noise.
Rigorous Isolation and Control Testing
Chris did not treat this as a one-off event. He conducted extensive testing to validate the finding:
- Offsite Testing: The HoneyPi was taken to four different AirBnB locations across the Greater Toronto Area. In all cases, no unusual external probes were recorded.
- Network Changes: New modem, bridged router, OpenVPN tunnel, and device-by-device isolation tests were performed. The anomalous alerts continued.
- Modem Isolation Test: On April 12, 2021, when the modem was physically disconnected, all external alerts stopped immediately. They resumed shortly after the modem was reconnected.
These controls strongly suggest the activity was not local contamination or background scanning, but targeted interaction with Chris’s specific infrastructure.
Suspicious Reactions from Key Individuals
Chris promptly shared the NASA hit with two people:
- Marc Godard (long-time associate, Equibit co-founder, and lead suspect) downplayed the significance.
- George Plytas (experienced IT security professional who had previously helped Chris) immediately ceased all communication after being informed. Chris has not heard from him since.
Notably, after these disclosures, the most anomalous external probes ceased — a pattern that later repeated with the DNS Man-in-the-Middle attack.
Why This Matters
A probe from a NASA HPCC network is not something that happens to average users. NASA is a major U.S. federal agency and part of the broader Five Eyes intelligence community’s technical ecosystem. The speed, specificity, and subsequent behavioral changes strongly suggest targeted reconnaissance by sophisticated actors.
This incident occurred as Chris was preparing legal action related to the alleged sabotage of Equibit Group — a federally supported blockchain R&D company whose technology had implications for securities markets.
Broader Pattern
The honeypot hit fits into a larger documented pattern of technical surveillance that includes:
- Router compromises via the TR-069 protocol
- DNS Man-in-the-Middle attacks
- Microsoft ecosystem intrusions
Together, these events paint a picture of persistent, multi-vector monitoring that intensified around legal and advocacy activities.
Further Reading & Evidence:
- Router Sabotage Analysis and Videos
- DNS Man-in-the-Middle Investigation
- Microsoft Unauthorized Access Incidents
This case continues to raise serious questions about the boundaries of legitimate intelligence activities versus harassment of citizens exercising their legal rights. The NASA connection, in particular, suggests the interest may extend beyond Canadian borders.
If you believe government accountability and digital privacy matter, please share this post.
Stay tuned to equibitlawsuit.com for more updates on the Equibit lawsuits against CSIS and related actors.