Thanks to Galperin, install antivirus. And it may actually do some good.
April 12, 2019 9:28 PM   Subscribe

With a series of revelatory investigative articles on stalkerware by the tech news site Motherboard (When Spies Come Home) in the back of her mind, Eva Galperin, director of cybersecurity at EFF, posted a message to Twitter, and it invited any victims of sexual violence who had also been threatened with hacking to contact her for help. That tweet, to Galperin's surprise, would end up taking over a significant portion of her life. Now Hacker Eva Galperin Has a Plan to Eradicate Stalkerware (Wired).

More from Wired:
Hundreds of domestic abuse victims, who either believed or feared their computers or phone might be hacked, contacted her over the months that followed. Galperin estimates that since then, she has devoted about a quarter of her work time to acting as a kind of one-woman IT help desk and therapist, assisting people in everything from checking phones for spyware to changing passwords to even checking out a Nest camera one victim believed was being used to spy on her. "I’ve called companies on their behalf. I‘ve helped them find attorneys," Galperin says. "I’ve sat there and held their hand and told them that everything is going to be OK."

Galperin found that actual stalkerware was installed on a victim's phone in only a small fraction of those cases; far more common were hacked accounts, or threats of hacking that never materialized. But stalkerware cases were often the most extreme, she says.

"The stories don't start with 'my phone is acting weird,'" says Dave Maass, another staffer for EFF's Threat Lab, who at one point helped Galperin sort through the flood of requests. "They start with 'someone beat me up, or raped me, or threatened my children.' Horrendous stories. Having the emotional fortitude to hear these stories, to probe them, is one of Eva's real strengths."

But within months, Galperin could tell that her work as a hands-on stalkerware first responder wouldn't scale. So she began looking for a different approach. "I looked at the entire problem, and I tried to think about what could create the most bang for the buck," she says. "If a victim can run antivirus and say 'you’re not on my phone,' that would mean a lot."

In March 2018, Galperin gave a talk at the Kaspersky Security Analyst Summit in Cancun, where she presented years of research tracking a likely Lebanese, state-sponsored hacking group known as Dark Caracal. During a coffee break at that beachside conference, she started speaking with Kaspersky researchers and executives about how they and the EFF might work together. In follow-up calls, she made the case for Kaspersky to plant its flag as the most stalkerware-unfriendly antivirus software in the world. The timing, in the wake of the announcement of Kaspersky's US government ban (Security Week), was fortuitous. "It’s a good time to have things you’re asking Kaspersky to do," she says. "They desperately need a win right now."
Thanks to this collaboration, Kaspersky Lab can now warn you if your phone is infected with stalkerware -- The antivirus company looks to stop technology frequently used by stalkers and abusers. (Cnet) And other companies are trying to crack down on shady apps that spy on partners (Washington Post, The Cybersecurity 202), including Lookout (via Graham Cluley).
posted by filthy light thief (5 comments total) 46 users marked this as a favorite
It’s a great start - anything that lets victims know they can be safe from someone is a huge accomplishment - but making a deal with Kaspersky seems like a victim would only be trading active individual stalking for passive foreign-government stalking.
posted by Molten Berle at 10:47 PM on April 12 [1 favorite]

The Russian government is unlikely to beat, rape, or murder a random lady so to whatever exceedingly minor degree that's a consideration the tradeoff seems worth it.
posted by firebrick at 11:05 PM on April 12 [15 favorites]

Guy I dated (too soon) after my husband’s death was a “white hat” hacker for a security firm, always made a point to explain how he would never use his skills for “evil” and ruin his career. And yet I found he had out his contact info as the recovery info to my late husband’s gmail.

Much later, I spoke with an ex girlfriend of his and how when they were dating, he often used something to remotely access her computer.

I always wondered what else he did, if he gave himself a backdoor to any of my other systems. I know I mostly didn’t let him use my shit, but he also was an expert at penetration testing and my networks and devices where not well secured.

At the end of the day, since nothing has been fucked with, I figured it didn’t matter and if he did, he could see me enjoying moving on. But I still wonder. Nice to know I have options to check just in case.
posted by [insert clever name here] at 12:30 AM on April 13 [15 favorites]

There's a story I've wanted to tell for ages.

A dozen years ago, I was visiting a friend in the city I'm from. One day he gathers me and another friend together and we three go to a coffee shop to meet up with this newly ex girlfriend of an acquaintance of ours, hereby referred to as 'the stalker'. She also brings her Tech Guy friend with her.

She was with the stalker for about 3 years, from when she was 18 til recently, and considers the whole relationship a mistake. The stalker is a decade older than she is! She's finally been able to move out of his apartment. The stalker decides to gift her with a computer during this period. She doesn't trust the gift and takes it to her Tech Guy friend.

And he proceeds to tell us about what he found. Now I'm pretty technical, but this guy has chops on me. He's been able to trace the traffic from the installed spyware back to the IP that the stalker is using. And he also explains that the stalker is using a virtual machine with the virtual disk for the machine installed in a hidden truecrypt container. So it'd be impossible to prove any trace of what he's doing on his machine.

But the stalker had test installed the spyware on the virtual machine, and Tech Guy had his IP address. The ex knew the stalker's password. So Tech guy and the ex had screenshots taken every 5 minutes from the spyware showing the stalker creating fake profiles in the virtual machine and sending her messages. Lots and lots of messages. Trying to friend her as old friends from high school. Threatening to kill her. The whole evil gamut of scary stalker stuff.

So we listen to the whole story, look at the printouts. And then the 3 of us acquaintances of the stalker go over to his apartment to talk to him, hopefully get him to stop. Now my other two friends knew the stalker way better than me. Him and I had never got along well, and frankly I cringed whenever he opened his mouth. But here we are knocking on his door. And he opens it. I hadn't seen him for years, and he doesn't invite us in, he steps out onto his doorstep and closes his door behind him. My two friends talk to him, and I hung back and didn't catch all that was said. But the stalker lets his guard down and invites us in to show us his top of the line (for the time) computer.

His apartment is barren and dark. There's no furniture at all except back in the bedroom where he's got a mattress and folding table with a top of the line computer with an LCD screen sitting on it. Wow, I was still rocking huge 17" displays. Wow, pentium whatever? Wow, faster than my setup. And now the stalker has his guard down now and he proceeds to tell us, "you know, if you want to cover your tracks, you run your OS in a virtual machine with your virtual disk stored in a hidden truecrypt container and no one can ever find it." Or some such, basically everything the Tech Guy at the coffee shop had been explaining he was doing an hour before. He didn't admit to the stalking, not to me or while I was there, but the two guys I was with, who knew him better, asked him to stop.

The stalker didn't stop. She got a restraining order, he fought it. She got another, he fought it until she dumped 600 printed pages on the stalker's lawyer's lap. He still didn't stop. It's been a dozen years, hundreds of anonymous threatening emails sent to her. I haven't heard for a few years, but I'm willing to bet it's still going on. The stalker also turned his ire to one of the friends from that intervention and there's another decade plus of harassment to another victim. Which is why I haven't told this story online until now. I'm a little afraid of this stalker too.
posted by Catblack at 8:02 AM on April 13 [22 favorites]

"It’s a great start - anything that lets victims know they can be safe from someone is a huge accomplishment - but making a deal with Kaspersky seems like a victim would only be trading active individual stalking for passive foreign-government stalking."

That's basically saying they are trading active individual stalking for the status quo. Literally anyone using modern electronics, or existing near them, are victims of passive stalking by at least a few governments, marketers, and businesses. Yeah, it sucks, it isn't okay, it's dystopic to the core, but for better or for worse, it's now "normal" and impossible to ever go back on. There is still value in the lesser privacies and protections from peer-to-peer or stalker-to-victim surveillance.
posted by GoblinHoney at 11:28 AM on April 15

« Older Do you want to play a game?   |   Living Out Loud Newer »

This thread has been archived and is closed to new comments