Thanks to Galperin, install antivirus. And it may actually do some good.
April 12, 2019 9:28 PM Subscribe
With a series of revelatory investigative articles on stalkerware by the tech news site Motherboard (When Spies Come Home) in the back of her mind, Eva Galperin, director of cybersecurity at EFF, posted a message to Twitter, and it invited any victims of sexual violence who had also been threatened with hacking to contact her for help. That tweet, to Galperin's surprise, would end up taking over a significant portion of her life. Now Hacker Eva Galperin Has a Plan to Eradicate Stalkerware (Wired).
More from Wired:
More from Wired:
Hundreds of domestic abuse victims, who either believed or feared their computers or phone might be hacked, contacted her over the months that followed. Galperin estimates that since then, she has devoted about a quarter of her work time to acting as a kind of one-woman IT help desk and therapist, assisting people in everything from checking phones for spyware to changing passwords to even checking out a Nest camera one victim believed was being used to spy on her. "I’ve called companies on their behalf. I‘ve helped them find attorneys," Galperin says. "I’ve sat there and held their hand and told them that everything is going to be OK."Thanks to this collaboration, Kaspersky Lab can now warn you if your phone is infected with stalkerware -- The antivirus company looks to stop technology frequently used by stalkers and abusers. (Cnet) And other companies are trying to crack down on shady apps that spy on partners (Washington Post, The Cybersecurity 202), including Lookout (via Graham Cluley).
Galperin found that actual stalkerware was installed on a victim's phone in only a small fraction of those cases; far more common were hacked accounts, or threats of hacking that never materialized. But stalkerware cases were often the most extreme, she says.
"The stories don't start with 'my phone is acting weird,'" says Dave Maass, another staffer for EFF's Threat Lab, who at one point helped Galperin sort through the flood of requests. "They start with 'someone beat me up, or raped me, or threatened my children.' Horrendous stories. Having the emotional fortitude to hear these stories, to probe them, is one of Eva's real strengths."
But within months, Galperin could tell that her work as a hands-on stalkerware first responder wouldn't scale. So she began looking for a different approach. "I looked at the entire problem, and I tried to think about what could create the most bang for the buck," she says. "If a victim can run antivirus and say 'you’re not on my phone,' that would mean a lot."
In March 2018, Galperin gave a talk at the Kaspersky Security Analyst Summit in Cancun, where she presented years of research tracking a likely Lebanese, state-sponsored hacking group known as Dark Caracal. During a coffee break at that beachside conference, she started speaking with Kaspersky researchers and executives about how they and the EFF might work together. In follow-up calls, she made the case for Kaspersky to plant its flag as the most stalkerware-unfriendly antivirus software in the world. The timing, in the wake of the announcement of Kaspersky's US government ban (Security Week), was fortuitous. "It’s a good time to have things you’re asking Kaspersky to do," she says. "They desperately need a win right now."