What you need to know about stalkerware | Eva Galperin

TED

30 Mar 202012:57

Summary

TLDRIn 2017, a security researcher discovered that a fellow researcher, allegedly a serial rapist, was using his hacking skills to spy on victims. This led to the researcher launching an unexpected project to help victims of abuse who feared their devices were compromised. As reports flooded in, the researcher learned that abusers often use stalkerware—commercially available software that allows them to spy on victims. Despite antivirus companies' initial failure to recognize this threat, efforts to combat stalkerware gained traction, leading to the formation of the Coalition Against Stalkerware to raise awareness and push for better detection.

Takeaways

😀 The speaker begins by discussing their research on advanced persistent threats (APTs) and the discovery of a fellow researcher's criminal behavior.
😀 The speaker responds to allegations about the researcher by offering help to women who may have been targeted by hackers, leading to an unexpectedly large response.
😀 Many of the victims who contacted the speaker were women who had been sexually abused and were being spied on by their abusers through technology.
😀 Abusers often use personal information gathered from friends, family, or social media to track and control their victims.
😀 Account compromises are a common method of abuse, as people often share passwords or allow physical access to their devices.
😀 Strong passwords, unique security questions, and two-factor authentication are key strategies to protect personal accounts from unauthorized access.
😀 Social media accounts often have security and privacy features that can show unusual login activity, helping identify potential security threats.
😀 Stalkerware, or remote access tools (RATs), are programs that allow abusers to spy on victims by gaining full access to their devices, often without the victim’s knowledge.
😀 Stalkerware programs are sold as commercial products, and many abusers can easily install them on victims' devices, sometimes by tricking them into installing them.
😀 Many antivirus companies fail to recognize stalkerware as malicious, making it difficult for victims to detect and remove it.
😀 The speaker highlights the increasing recognition of stalkerware as a threat, with companies like Kaspersky and Malwarebytes starting to take action against it.
😀 A coalition called the Coalition Against Stalkerware has been launched to address the issue, with the goal of educating the public and pushing for industry-wide action to tackle stalkerware detection.

Q & A

What is the main issue addressed in the speaker's story?
-The speaker addresses the issue of stalkerware, which is software used to secretly spy on individuals, particularly in the context of abusive relationships, and the lack of proper detection by antivirus programs.
How did the speaker become involved in investigating stalkerware?
-The speaker became involved in investigating stalkerware after discovering that a fellow researcher, who was allegedly a serial rapist, had been using such software to spy on victims. This led to the speaker's decision to offer help to victims who were being targeted in similar ways.
What kind of people reached out to the speaker for help?
-The speaker was contacted by a diverse group of individuals, including women and men who had been abused and were being spied on by intimate partners. The majority of the victims were women, but there were cases involving men and individuals in various types of relationships.
What types of information can abusers gather using stalkerware?
-Abusers can gather a wide range of information through stalkerware, including personal communications, passwords, emails, photos, contacts, financial information, and even access to end-to-end encrypted messages. Essentially, it gives them full access to the target's phone or device.
Why is stalkerware so dangerous in the context of abusive relationships?
-Stalkerware is dangerous because it allows abusers to monitor and control their victims' lives by accessing sensitive information without their knowledge. This can lead to further abuse, blackmail, and the escalation of violence, especially since victims often can't easily detect or remove the software.
How does stalkerware typically get installed on a target's device?
-Stalkerware is typically installed either by the abuser having physical access to the device or by tricking the target into installing it themselves. The abuser may present it as a legitimate program, convincing the target that it is necessary for some other purpose.
What role do family and friends play in providing information to abusers?
-Abusers often gather information about their victims from friends and family, who may unknowingly disclose details under the guise of concern for the victim's 'mental health.' This kind of leakage of personal information can be a significant vulnerability for victims.
What steps can individuals take to protect themselves from stalkerware?
-To protect themselves, individuals should use strong, unique passwords for all accounts, enable two-factor authentication, and regularly check the security and privacy settings of their devices. This includes monitoring login activity for suspicious access and taking note of any devices that are logged in without their knowledge.
Why are antivirus companies slow to detect stalkerware as malicious?
-Antivirus companies are often slow to detect stalkerware because it is not always classified as malicious software. Stalkerware is often marketed as a legitimate product, and it does not fit the traditional definitions of viruses or Trojans that antivirus programs are designed to detect.
What efforts are being made to address the problem of stalkerware?
-There has been growing recognition of the threat posed by stalkerware, with antivirus companies like Kaspersky, Lookout, and Malwarebytes taking steps to better detect and classify it. The speaker also helped launch the Coalition Against Stalkerware, which aims to educate the public and advocate for changes in how antivirus companies handle these programs.