Fight Back Against Stalkers Online: Tips for Everyone

3:46PM Jul 26, 2020

Speakers:

Keywords:

apps

stalker

victim

device

stalking

malwarebytes

digital

survivors

abuser

important

icloud account

spy

calls

phone

spyware

detected

detections

problem

abuse

installed

Like Rob.

And our next presentation here at the hook 2020 is a fascinating one i'm sure to many of you. The consequences of online stalking can be tragic. What steps can the average person take to recognize and protect themselves from a stalker online, the cyber collective and David Reese are here to show us are here to show us all about it in our next presentation fight back against stalkers online tips for everyone.

Hi, my name is Elliot, and I'm representing sypro collective. Today, I'll be discussing the effective ways to recognize and protect yourselves from Digital stalking with David Reese from Malwarebytes cyber collective is a New York based cybersecurity group. Our goal is to make security and privacy accessible to everyone. You've been active since 2016, and we host regular events that introduce the average person to strategies they can use to protect themselves online. In the face of pure corporate and state actors. We do this through crypto parties social events discussions and partnerships with other organizations. We're also a member of the ffs Electronic Frontier Alliance, and you can learn more about us at cyper dot NYC. And as I mentioned at the top. I'm very happy to be collaborating with Malwarebytes David Reese, he will be sharing some fantastic data that Malwarebytes has collected on the scale of the problems that we'll be discussing today, as well as insights into how the latest statistics have changed during the period in which we've all been in COVID lockdown. It's important for me to mention, right at the top. Due to the nature of the topic we're speaking about today, there will necessarily be content that discusses domestic violence abuse stalking, and violence, up to and including murder. This is unfortunately a difficult but important topic that we'll be dealing with. And I just want to make sure that we're all prepared for what we'll be covering. Having said that, let's begin. You wanted to take this opportunity to really dive into the universal digital stalking because we feel that it's a topic that doesn't get as much coverage as other types of surveillance and hacking that happen online. We often hear about high profile hacks, like the recent breach at Twitter, or cases where governments or corporations are spying on us. You don't hear as much about digital stalking. Even though it's a problem that's huge and growing. And unfortunately, get has the capacity to directly target and affect us in ways, other forms of surveillance may not. So first, let's talk about the scale of the problem, both for digital stalking, and for the wider world of domestic violence that digital stalking emerges from. I think that in both cases, the average person is often shot. When they see the numbers that show how widespread. This type of abuse is today, leading off with this statistic from the National Coalition Against Domestic Violence. Let this sink in for just a moment 20 men and women are physically abused by a partner, every minute. In the United States, so that's 10 million people a year. So, this problem and it's really a crisis of physical abuse by intimate partners, is something that really affects millions of victims, every year here in the US. If we add stalking, and sexual abuse to the problems of physical violence and we get some really unfortunate numbers, the CDC calculates that fully 27% of women and 11% of men are victims of this type of abuse in a way that has significant effects on their well being, these are you know scary numbers, this is something that really targets someone that almost every one of us knows, coworkers, friends, family members, everyone is touched by this epidemic of abuse, directly or indirectly. So, this crisis

of digital abuse is really what the digital stalking that we'll be discussing today grows out of. And you do have some statistics about how digital stalking is involved in the wider world of domestic abuse. There was this Australian study from a few years ago, that found that 17% of domestic violence victims had their locations tracked from GPS trackers placed on their cars to the techniques and apps and we'll talk about in more detail later. So let's talk about apps. David Rees discuss this in much more detail, but to give you a sense of the scale, the anti virus company Kaspersky detected, more than 50,000 users who had had their Android phones infected by what's often referred to as stalker wear in 2018. And to be clear. These types of apps are just one way and probably not even the most common way in which doctors can track their victims. This is unfortunately compounded by the fact that until recently. Many antivirus products, gave only ambiguous, or unclear. Notice when their apps were detected on a victim's device. Also important to look at is the rate of increase. is this problem is getting worse, or is it getting better. Sadly, the answer seems to be worse, and it's a big rate of increase as you can see here, Android stock or apps have increased by almost 400% in the first eight months to 2019. So those are big numbers, and this is a problem is getting worse, which is why it's so important to understand and to get in front of it. So now that we've gotten an introduction to the scale of domestic abuse and digital stalking. What can it lead to. Unfortunately, as we'll see next. Digital stalking can lead to some incredibly tragic outcomes, domestic abuse by intimate partners, often can affect, not just the victim, but often the victims, family members, and children. This first case illustrates how quickly digital stalking can escalate to an incredibly tragic outcome. So in Florida, a man named Louise Toledo covertly installed a spyware app on his wife's phone. And once he did this, he was able to completely monitor all of the text messages and photos that the victim was sending and receiving on her phone. And this stalking trigger an explosion of violence against the victim. He didn't just kill his wife. He also murdered her two children, so that's an entire family wiped out as a direct result of the consequences of one of these apps. This next case illustrates how abusers often tell their victims that they're stalking and spying on them as a way you know to control and terrorize them. This man was actually a police officer in the town that the abuse took place in which added another dimension of victimization to the crime, because there was no way the victim can really turn for help. In one instance, the victim's family became so concerned about his escalating abuse that they actually called the police to call to carry out a wellness check on their daughter, and the abuser was the officer, that was dispatched by the department and arrived in response, which is really unbelievable. Finally, this case shows how an abuser can use digital stalking to completely dominate a victim's life and really destroy any expectation of privacy, that the victim might have had, you know, almost all of us are never without our phones. And when our phone becomes compromised by an abuser. It can quickly. Destroy life.

Hi everyone, my name is David Reese and like we mentioned earlier, we're going to be looking today at data on stalkerware type apps, including how many times we find these things in the wild and whether the use of stalkerware type applications has increased since shelter in place began to start with. Again, my name is David Reese, I'm currently a senior online privacy writer for Malwarebytes labs we're independent research driven blog, operated by the cybersecurity company Malwarebytes. I came to the company from a digital rights, nonprofit called Electronic Frontier Foundation represented here, where I analyzed policy and fought against expanding NSA surveillance Malwarebytes right we're a cybersecurity company that protects businesses and consumers from cyber threats, so that means viruses ransomware crypto miners a whole bunch of things that are bad or potentially bad for computers and mobile phones, and that includes what we'll be talking about today. So, first, before we look at the data itself, we have to explain both what stalkerware is and what Malwarebytes detects right we need to discuss the term stalkerware it frequently refers to a wide variety of apps like we've learned that provide capabilities to reveal text messages, emails call logs web browsing history sensitive photos, videos GPS location, all without consent. Now, the important thing here is that at Malwarebytes, we don't classify anything, as stalkerware. Instead we have two categories of apps that we detect that are by the public commonly understood as Docker where those apps are monitor apps, apps that can monitor your activity on your devices and spyware invasive apps that can spy on activity and also stealthily hide themselves from view, and perhaps even hand over some device control to the users. I need to make this also extremely clear any app that you hear about today from the panel is not classified as stalkerware by Malwarebytes, right, we do not and will not name apps ourselves, we do not use that term in our internal classifications. So we are here, mainly to share data on trends of stalkerware type applications. And then finally, we also need to discuss what detections are right what does that mean detections come in two flavors, either Malwarebytes has found a piece of malware on the device, like, a phone, and then it lets the user get rid of it, or Malwarebytes found a piece of malware, trying to get onto a phone, and then prevented that from happening. So, again, those two categories right there's remediation or removal of the malware and then separately there's prevention of the malware. So let's look at the use of these types of apps in 2018 and 2019, just looking at, like we mentioned earlier, monitor apps apps I can monitor user activity. From March to March 2018 to 2019 right we detected monitor apps, 44,116 times for Malwarebytes for Android user devices at the same time period right March to March, but 2019 2020, the year after we detected monitor apps, 55,038 times for Malwarebytes for Android user devices. So that means in a one year period right there was a detection increase of more than 10,000. That's a high number. Right. And again we have to be clear, the rise in monitor detections does not automatically guarantee a rise in the use of these apps, because Malwarebytes improved its capabilities to find monitoring apps. Our detection volume did increase. But the numbers are still pretty, pretty surprising to see. So let's look at that actually just visually here and you can see that sometime in the summer of 2019 right when we really pushed forward really recommitted to this, we again we saw increase in detections. And now, looking at the spyware detections for the same time period, right, March to March 2018 to 2019, we detected spyware apps, 2388 times, but then looking at the year after 2019 to 2020, we detected spyware apps, 1378 times, so why the decrease, a possible theory here is that there may have been in recent months or year in the recent year a decision to shy away from both making these types of tools and using these types of tools, whereas stalkerware type apps have seen little enforcement from the government particularly spyware apps have received pretty deep scrutiny actually from companies. This year, WhatsApp, owned by Facebook move forward with its lawsuit against one major spyware developer.

And let's move right into 2020 right looking at the data, during shelter in place of the broad takeaways we have is that Malwarebytes has recorded a significant increase in detecting stalkerware type apps for Android users. Since the broader shelter in place orders took hold across the United States and abroad so we're looking at, you know, late February, March, mid March, and then beginning in April detections for both monitor apps and spyware apps jumped by at least 30%. The detections for both monitor apps and spyware apps have not significantly decreased since shelter in place began, either. So looking at monitoring apps for 2020. Let's just kind of look through this data here starting in January right we have 924, then February 7 29 and then it starts jumping up pretty rapidly March 10 at seven APR 1450 for me, 7130, June, 7214, I looked at the data for July 1 through eighth, and it is on pace with may in June, we could likely anticipate another month of about 7000 detections, and here's what that looks like visually again, you can see this enormous spike happening in May and June. Let's look at the data now for spyware apps, as you can see right the numbers for spyware app detections, the numbers overall are lower, but the rate of increase is actually higher. So, when comparing January 22 June 2020 for both monitoring app detections and spyware app detections, we learned that as you can see here, there's been a 780% increase in monitor detections, and a 1,677% increase in spyware detections. Those are enormous numbers, we have to kind of pause and really emphasize that at least since I've been working on our bytes, which is about a year and a half, I have not seen this kind of detection at all for these apps that we've been tracking. This is huge. And so the kind of most obvious question here is why. Why is this happening. Most of the time, what we've learned is that these tools are used to maintain control on a domestic abuse survivor, or a lot of times right when they are used in situations of domestic abuse they're used again to to maintain control on a survivor control comes in a lot of forms and that can happen quite particularly during sheltering place, I tried to think through it on my own, why would these types of apps increase in popularity, if individuals are in constant contact with one another. I thought you can see the person, why would you need to spy on them digitally. I was a bit naive here. There are two immediately different populations are to immediately different realities right there are survivors who live with their abusers. And there are survivors who live separate from their abusers. For those who live separate from their abusers right sheltering in place presents sort of immediate opportunities of delusion of anger for an abuser thinking, where is my partner, why won't they visit, are they really taking shelter and play seriously are they cheating on me What are they doing, right, there's just this sort of spiral of not logic but in logic, and then they're, they're worried, they're angered that they are not in control, they cannot visibly see or confirm their control either. So that could be one of the reasons why there's been an uptick. But then, for survivors who live with their abusers. There's a possible heightened awareness of all the conversations that were already happening, but maybe previously were unnoticed. So, what I mean is right being inside in a shared space 24 seven is easy for no one. But for survivors. They are now under heightened scrutiny suddenly going to go pick up like a missing ingredient for that night's dinner becomes an affront to an abuser moment for investigation laughing at a text message, staying up just a little later than usual, just to scroll through your phone, calling someone just calling someone. These are all activities that are normal and particularly right now, right, are probably more common, because of the stress of shelter in place. However, those types of activities. Again could anger an abuser, who is seeing things through a very different lens, who is seeing things through the lens of control. Why is this person laughing at a text message, what are they hiding from me, who's texting them all of these again moments of logic, more than anything that are leading to suspicion and potentially, leading to an increase in the use of these types of tools. So now that we've contextualized the data, we can kind of broaden out the panel again and look closer at the threat, and how digital stalking itself works.

A big thank you to David for sharing those statistics and his thoughts on the larger problem, as well as what specifically may have been behind those numbers from the COVID lockdown this year. Now that we've established the scale of the problem, as well as the tragic consequences that can occur and some up to date statistics. Let's next talk about the forms that digital stalking takes, because as we mentioned earlier, it's not just about software apps. So the first and arguably the most common form that digital stalking can take is through subverting legitimate apps and services that are already installed. And in many cases come pre installed on mobile devices. This approach has many benefits for this doctor. You don't require much in the way of technical knowledge, and because they're common apps, they rarely raised any suspicions from a victim. Finally, because many cases of domestic abuse involve family members and intimate partners stalkers are often already recognized contacts, which allows them to avoid safeguards in many apps, intended to protect against strangers. You begin with iCloud. Many of us are probably already familiar with my colleagues vulnerability through well publicized cases where celebrities have had their iCloud accounts compromised by hackers. Sadly, iCloud is also a big target for digital stalking, as you see in this quote from security researcher Ivan Rodriguez iCloud is one of the most dangerous ways for a stalker to attack an Apple device. Once they can get the victim's iCloud credentials. They have an incredible amount of access to their digital lives. And unlike stock where apps, use all remote. There's no app to detect and they don't need to have physical access to the victim's device. Google Maps is another natural target for many digital stalkers once Google Maps location sharing is activated, a stalker can easily track the victim's location and movements, and again this is hard to recognize if the stalker is already a contact of the victim. Google has taken steps to improve security on maps by notifying users when their location is being shared, but this only occurs after 24 hours, and at inconsistent intervals. Very similar to Google Maps is Apple's find my app, which makes it very simple to track a victim's location. This is another example with the intimate relationship that many abusers have with their victims enables apps like find mine to use for stalking the abuser has a good chance of already being included in family sharing. And this is important because there are no warning sent by phone line. If location is being shared if it creates a contact. This really highlights how important. Being a contact can be. Most of us don't think about adding someone as a contact or importing contacts from an old phone, but it can really make it much easier for a stalker that we know to target us again. Apple has been taking some steps to make find mine, a bit more secure, by sending some additional notifications around geo fencing. And finally, I want to highlight email as another often unexpected way that digital stalking can be enabled, as we'll see in a bit. Many stalker apps can install themselves via email or a text message. And these emails can be far harder to spot than the average spear phishing attempt because a stalker knows their victim, and may already be emailing them on a regular basis. They also know so many details about the victim's life that they would easily be able to write an email that wouldn't raise any suspicions.

Next to discuss is what is called dual use apps, they're different from the apps that we just discussed in that they are not extremely common apps like Google Maps, that anyone would be used to seeing on device. But even though dual use apps are not intended to be used for digital stalking, they can very easily serve that purpose. Probably one of the biggest categories to use apps can be really dangerous if used maliciously or these anti theft and loss prevention apps. It's important to note that these are not intended to be used in digital stalking apps like this are typically used to track devices that can be stolen from a business or retail location. But if they're surreptitiously installed on the victim's device, the tracking and recording capabilities. They offer can give a stalker detailed information on a victim's location and activities. Another category to mention, we may not see as often in the US, or what can be called state sponsored stalker where you should differentiate this from apps that are used by governments to spy on their citizens. Instead, state sponsored stalkerware are apps, written by state to allow citizens to spy on and stalk other citizens. Usually family members. The best example of this state sponsored stalkerware is the picture app, developed by the Saudi government. This is an app that actually has a wide range of services that are intended to streamline and digitize things like government paperwork, but it also includes functionality that allows male family members to track and restrict the movement of their wives and female relatives under the Saudi guardianship laws and by restrict. You mean restrict from leaving the country. As the app sends alerts when a woman enters an airport apps like absher are endorsed and in fact written by governments, but lead to Apple being put under a great deal of pressure to pull the app from the App Store. The good news here is that because of the backlash in 2019. The Saudis announced that the tracking would be removed from the app. This finally brings us to commercial stalkerware. What most people may think of when they hear the term digital stalking. Although, as we've already seen commercial stalker work is just one part, and perhaps not even the biggest part of the problem of digital stalking. It has a high profile though because of the shamelessness of the companies involved, even though most of these apps, hide behind the fence veneer of keeping children safe, their advertising and business plans are centered around enabling stalking. We'll discuss just a few of these apps, but there are dozens of them out there. Phone Spectre is one of the most well known software apps available for both Android and iOS phone Spectre is particularly dangerous because it advertises itself as being able to be installed remotely via text or email. This removes. One of the biggest challenges for a stalker, which is getting access to a victim's device to include the stalkerware. Once installed, don't start your claims to be undetectable and offers the ability to view text calls, and track the victims location for inspectors marketing, featuring disclaimers, that the app is only to be used by parents or for businesses to track their devices is also a good example of how the stalkerware developers, try to shield themselves from possible liability Flexi spy is probably also one of the biggest stalkerware apps available today due to efforts that Apple has been making to protect their users from stalkerware Flexi spy is only available for Android and older versions of iOS Flexi spy in a particularly scummy move even offers to deliver gift devices that have their spyware pre installed. Once Flexi spy is active, it's able to spy on calls, many ads, and even turn on a phone's microphone to spy on a victim Flexi spy also leans heavily on the parental control defense, featuring a homepage with a photo of a teenage girl, sending a text that reads my dad's not here. Give me a tech spy iPhone, Android reg Pro is $100 plus spy phone app that is only available for Android but claims offer full control over a victim's phone, including listening to the background noise and calls recording calls intercepting text messages, and more.

stalkerware apps that we just discussed, can extract a great deal of information from a victim's device but there are limits, especially on iOS apps are restricted in what information they can get from other apps installed on the phone. This is important because a victim's social media activity is usually a big target for stalkers. However, if the stalker can jailbreak or root, the victim's device. They can essentially sidestep any restrictions the operating system, enforces to protect users from spy. The barrier to this approach is that jailbreaking an iOS device or rooting, an Android device requires the most technical knowledge, and also requires that the stalker have access to the victim's phone for the most time of any approach. In addition, an operating system update is likely to restore the phone to a secure state, acquiring a stalker to start all over again. Having said this, there are toolkits and guides to jailbreaking phones that are widely available online jailbreaking, or rooting a device has huge payoffs for a stalker. This allows stalking apps to avoid the iOS sandbox protection, largely prevent apps from spying on other apps, giving a stalker almost total control over a victim's device. In addition, package managers, make it easy to find and install stalker ads. Once the phone is jailbroken or rooted. Now, you've touched on this before but it's important to also highlight the need to be careful about accepting gift devices as this can be an easy way for stalkers to ensure that their victim is using a compromised device gifting devices pre installed, stalkerware is probably a very common approach to stalkers use, given that many stalkers are intimate partners of their victims. So phones and tablets, big ticket purchases, and most of us are used to getting them from family and friends as gifts. Sadly, this makes it easy for stalkers to keep track of a victim, by giving them a device that could be linked to a compromised iCloud account, have common apps configured for stocking stalkerware apps installed, or even be already jailbroken. Now that we've covered the scale of the threat, discuss the risks and looked into the many ways startups can compromise the privacy of their victims. Let's talk about defense. The good news is that there's a variety of strategies that all of us can take to defend ourselves from Digital stalking, even if we don't have a lot of technical know how it is important to note, and I'll be stating this repeatedly that before you take any defensive action against a digital stalker. Even something as seemingly minor as searching online for information. It is critical to be extremely careful, as we've seen already many stalkers are very unstable and even the slightest hint that they may be losing control can set off a spiral of sirens. The first piece of advice. Be proactive, preventing a stalker from getting access in the first place is possible, as we've seen many of the attacks stalkers use require that they have physical access to your phone, or device, keeping control over your devices and not sharing pins and passwords can head off. Many of these attacks, before they even begin. It's also important to stay up to date with the latest updates for your device apple in particular has been very aggressive in enhancing the privacy protections for iOS. So each new release, makes it more difficult for an attacker to gain access. Remember, also the device update can restore a jailbroken or rooted device to a secure state. Be wary of unusual message attachments, even if it's from someone you know, set up and use two factor identification. This is critical in preventing stalkers from getting access to your iCloud account, even if they have the password. And be careful about reusing passwords and change them regularly. Finally, it's important to plan for resilience. If you feel that you're at high risk. Keep a backup method of communicating and getting online. It can be another device that the stalker might not know about, or it can be the device of a trusted friend or family member.

It's also important to be aware of the warning signs that your phone, or device has been compromised, in some ways, this is hard. After all, stock or apps are designed to be invisible to the victim. There are ways, however, and some of them are quite clear to recognize that a stalker has gained access to your device. The first thing to look for is signs that your device is behaving unusually, no matter how stealthy stalkerware app, is it still needs to draw power to operate and communicate back to its remote server. And that can be signs, you can recognize if your phone's battery is suddenly draining much faster than usual, or an app that you don't recognize just trying a lot of power that can be assigned. In the same way, if you have an unexpected spike data usage. That should raise your suspicions your phone may also be noticeably more sluggish, because a software app is running in the background on top of the apps that you'd normally use. You may even have trouble turning off the phone. But all of these signs can be quite subtle and difficult to recognize on newer phones. Luckily, there are other warning signs, you can look for on Android devices, we can check the security section in settings to see if the phone has been set to allow downloads, outside of the Google Play Store. This is important because some of the worst stalkerware apps have been banned from the Google Play Store. So a stocker needs to change this setting in order to download them. Basically, if you see that this setting has been enabled, and you didn't do it. It's a huge red flag on iOS, we can check to see if there's an additional profile, that's been added to your phone. But there can be legitimate reasons for this. Usually, for devices used or set up for work. If you see a suspicious or unexpected profile here. It's also a red flag, because a stalker can use a malicious profile to monitor your device. The good news is that you can use, remove management to remove a suspicious profile. As we discussed earlier. Another huge red flag is if your phone or device has been jailbroken, or rooted without your knowledge. The problem is that these compromised phones may not seem different at all to the average person. There are signs we can look for. However, for Android devices, tools, like route checker can verify if a device has been rooted for Apple devices, the presence of an app names, it shows that a phone has been jailbroken, but the problem is that it may not always be present on a jailbroken phone, the isdi tool, which we'll talk about more later can also detect jailbroken or reject phones, but it does require technical knowledge to set up the biggest, and probably the most common warning sign isn't technical at all. starters, often give themselves away by dropping hints, or pieces of information about your activities that they could only know if you had compromised your device. This may seem strange, but it is an integral part of the feeling of control that a stalker is seeking to maintain over a victim. As we discussed before, in many cases, the stalker explicitly informs their victim that they are monitoring their devices. So there's no question at all, that is going on. Here's an example of the ways that stalkers give themselves away. Now that we've discussed the warning signs, let's talk about how we can find stalkerware, or other ways that a stalker has compromised your privacy. On Android phones and devices, many people turn to antivirus apps to find malicious software. Although this has improved recently. It's important to be aware that antivirus apps have had a problematic pattern in the past of displaying vague, or confusing alerts when they encounter soccer where this has been called the non virus problem. Having said that, many antivirus companies have made big strides in clearly identifying stalkerware and taking action against apps that are detected antivirus apps don't really exist in iOS. This is because iOS apps, run insecure sandboxes that have no access to other apps information. Just makes iOS, an inherently more secure environment, but it also makes it essentially impossible for antivirus apps to operate, because they need to monitor other apps, in order to work. IDs, is a powerful tool that specifically focuses on stalkerware. It uses a blacklist to identify the stalkerware, and as we mentioned earlier, you can also ID phones that have been jailbroken, or rooted. It's important to note that Id si is a fairly technical piece of software that's intended to be used by victim services organization to help the CLI. organization to help the clients, and it's not something the average person would run at home.

iCloud hacking

is probably one of the most common means that starters can use to monitor their victims, because it's completely remote, a starter doesn't need any access to phone, or device. Thankfully, it's fairly easy to re secure an iCloud account to prevent further monitoring the sign out of all browsers option will kick, any potentially malicious actors off of the iCloud account, providing an opportunity to change passwords, and most importantly, enable two factor authentication, which will make future attempts by stalker far more difficult. This is the most important point we'll discuss today. If you feel that you are the target of a digital stalker. It is critically important to make plans, before you do anything that may alert the stalker. As we've seen, stalkers are often obsessively monitoring the victim, which means that they're likely to immediately notice any changes. This pair with an often dangerously unstable mental state and willingness to use violence, means that careful planning is needed. This isn't to say that you can't take action to protect ourselves, you just need to use caution. Here are several important points to consider. First, make sure to have a plan to preserve evidence for future legal proceedings. This usually means backing up a compromised device, as we mentioned before, do not take office talker that you taking action in to have a plan in place to ensure your safety. This can include searches on Google re securing iCloud disabling malicious sharing settings, removing profiles, updating the device and computing stock aware. If you suspect that a stalker is monitoring your location. Any changes in your daily routine can also raise suspicions. This can include, leaving a device turned off, or leaving it at home, make a backup plan in case the stalker locks you out of your own device in contact victims and survivors organizations, using a safe device for help and advice. Now that you have a plan. How can you remove stalkerware. As we mentioned before, on the Android side antivirus apps have made big improvements in detecting stalkerware. They're a great first step in removing stalkerware on your device, but stalkerware apps can be difficult to fully remove the safest approach is to factory reset your device and start fresh. This will also fix a phone that's been jailbroken or routed. If you do this, be careful about restoring from a backup. In some cases, this can be installed stalkerware onto your phone. Also, keep in mind that this won't fix a compromised iCloud account.

There are also

organizations that exist to help victims respond, not to just domestic abuse, but specifically to digital stalking to mention again. Please don't visit any of these organizations or call them from a device that you suspect might be compromised by a stalker. It's always best to err on the side of caution and use the backup device, or a trusted friend or relatives phone to reach out several cities such as New York and Seattle have established offices, to help combat digital stalking. In addition, there are many good online groups that can offer help as well as larger organizations that advocate for survivors of domestic violence. Finally, looking forward, in many ways, the fight against online stalking has just begun. As the problem has grown in recent years, the response has often evolved. What are some ways that we can further complex talking.

The good news

is that there are many ways to push forward. Better detection tools, both antivirus apps as well as tools, specifically designed to detect start aware can help to catch problems early. It's also important to continue to improve how we alert users that they may be the target of a stalking event, so that they clearly understand the threat. And the steps they can take against it. We can also take legal action against stalkerware vendors, which, as we mentioned earlier, is already beginning to happen. This can extend to actions that make it more difficult for stalkerware vendors to advertise, making it harder to find new customers and getting stalkerware vendors removed from app stores, is a key part of this. Finally, we can improve technical and legal support for survivors, helping them to respond, while maintaining your safety. So that's it, thank you for checking us out. and please stay safe and get in touch.

Okay. Um, we are now joined by the cyber collective, and David Risa who invite questions from the audience if you, if you have questions, please ask them in the session q&a channel on matrix.

One question from the audience. Please comment on under reporting.

That's a very good question. I think there's a, you probably have a great opinion on this. I think if you mean the general underreporting of domestic violence, as it relates to, you know, this idea of digital stalking. I think that there is a lot of underreporting of domestic violence situations, of which this falls into. In the US, for sure and I think worldwide as well. David, do you have any thoughts. Yeah, so

I can speak on two things. One, the underreporting like you said Elliot just of domestic violence situations that

it seems like the the commentary here is asking yeah it's, it seems there's no desire to prosecute. Is this true and does it vary regionally. Are there any solutions.

What I've seen in speaking with law enforcement is that

there are definitely law enforcement officers who know about this they know about this threat, they're trying to get it right. But sometimes right there are communities out there who do not have a good relationship with the police. That's just kind of a fact. And so, going to the police is not a trusted maneuver for them and for also a lot of survivors of domestic abuse. Going to the police to prosecute isn't necessarily a solution for them right they want this abuse to end and and that could be filing a temporary restraining order, that can be leaving states that could be relocating, but getting into the nitty gritty right of being like, I'm going to sue someone or I'm going to advocate and push you know a district attorney to bring charges against this person specifically for the use of stalkerware, rather than just just stop abusing this person stop stalking this person stop harassing this person that doesn't happen very often right a lot of things have to come together, so there's a lot of moving parts in there. And that, that's why unfortunately again. We don't see a lot of prosecutions at least I personally have not seen a lot of prosecutions in this area. It might vary regionally, but that's that's from, that's what I've seen, and I think it's a follow up

on what you're saying. I think it really does depend, you know, you know, my focus was more on the US, but it does depend from city to city as we said any organizations that can help. There's some cities like New York and Seattle that have put efforts into creating offices to help survivors and victims, deal with stalkerware on a very specific level. I think when you roll it into overall prosecutions for domestic violence, which these usually become a part of. I think it can become difficult. And I think that as we went over in the talk. A lot of the digital stalking occurs within sort of the context of things that are already installed on the phone like find my dad. If you're in a family plan. Your abuser would automatically be able to access that information, and then it becomes a question of, are they using it in an abusive manner. But it would be an app that was already installed so it becomes a very complex question very quickly sadly.

A further question from the audience. If you were tricked into installing the ransomware was that ever a legal defense.

I'm not, I don't have awareness of a legal case that has involved that discussion, I'm not sure whether it means, is it a legal defense for the accused stalker or is it a legal defense for survivor, but I don't have any information on it.

Yeah, I want

to just recap what Elliot said there, um,

it's hard to know

whether again yeah that's a legal defense for the accused stalker who that's actually legally defending but I can't see you know how it how it would apply immediately in in the legal cases that I've looked at

another member of the audience asks, Is there any work into countermeasures for the victim such as GPS spoofing or data obfuscation that the victim can use discreetly on their device. Yeah, I think this is a fantastic question and I was actually hoping that would come up, because you know as I started to put together this presentation. And I learned more about it, I realized that in, you know, I don't have the specific numbers, but in a huge percentage of the cases. Sadly, you know, the stalker or abuser is intimate partner. So that can mean family member or partner. If somebody that the victim knows and further than that. This survivor also knows that the stalking is taking place, often because in many many cases, the abuser tells them that they're monitoring them digitally. As part of that system of maintaining fear and control. And in that case, if the survivor was to do anything that would shut that device down. That could immediately and as we've seen some of those news cases immediately provoke a very violent response. So I think that there has been to give credit where credit is due. Over the

last couple of years, a

renewed focus on the part of vendors and operating system manufacturers to detecting stalkerware. I think what we really need to move to to creating a system that is really helpful to victims and survivors is a way for them to. I'm looking for the right word. Some her cloak, or conceal their activities while it not seeming that they're actually disabling any software. And that's what can really give people to breathing when they need to get to a trusted family member's home to contact an advocacy organization that can help them plan their next steps to contact the city organization so we've talked about not making it clear that they're doing something is extremely removing a piece of software, David, what do you think about that. Yeah, on

the same points that you mentioned there, because so many of the current safety planning measures require right relying on a safe device and that could mean meeting someone in person who has a device that you know is not compromised and then using that device either to something as simple as looking up, right, the Domestic Violence Hotline nationally or regional resources for you, or making those calls looking those things up right, particularly right now right when we're living in a pandemic and shelter in place, finding that person going to that person's home is not nearly as accessible as it used to be. So, like Ellie was saying. It would be great if there were capabilities to engage in activity for safety planning, that is required for safety planning, that is hidden but, again, in that sense, the hiding of that activity would not raise more suspicions.

Having a

device that has this kind of monitoring applications on it. Right. Every step has been recorded and so survivors have to be particularly careful to do anything,

which is nearly impossible.

Okay, very quickly as we wrap up, where can people go to find out more about snipers work and and the subject.

So I think the best one to help anybody be of assistance in any way, our URL is sypro dot NYC. And then as our email and ways to contact us and any way in which we can be helpful.

And David yourself. Yeah, for sure if you

want to look at what Malwarebytes has done on stalkerware, our own research as well. You can go to our blog we are blog dot Malwarebytes calm, you'll find everything we've written on that website.

Right. Elliot from cyber and David Reese thank you both very much. Thank you.