What you need to know about stalkerware
-
0:01 - 0:06I want you to travel back in time with me,
-
0:06 - 0:09to the before time, to 2017.
-
0:09 - 0:11I don't know if you can remember it,
-
0:11 - 0:13dinosaurs were roaming the earth.
-
0:13 - 0:15I was a security researcher,
-
0:15 - 0:17I had spent about five or six years
-
0:17 - 0:20doing research on the ways in which APTs,
-
0:20 - 0:25which is short for advanced
persistent threats, -
0:25 - 0:29which stands for nation-state actors,
-
0:29 - 0:33spy on journalists and activists
-
0:33 - 0:35and lawyers and scientists
-
0:35 - 0:39and just generally people
who speak truth to power. -
0:39 - 0:41And I'd been doing this for a while
-
0:41 - 0:45when I discovered
that one of my fellow researchers, -
0:45 - 0:48with whom I had been
doing this all this time, -
0:48 - 0:53was allegedly a serial rapist.
-
0:55 - 0:57So the first thing that I did
-
0:57 - 1:00was I read a bunch of articles about this.
-
1:00 - 1:03And in January of 2018,
-
1:03 - 1:08I read an article
with some of his alleged victims. -
1:08 - 1:12And one of the things
that really struck me about this article -
1:12 - 1:14is how scared they were.
-
1:14 - 1:16They were really frightened,
-
1:16 - 1:21they had, you know,
tape over the cameras on their phones -
1:21 - 1:22and on their laptops,
-
1:22 - 1:25and what they were worried about
was that he was a hacker -
1:25 - 1:27and he was going to hack into their stuff
-
1:27 - 1:29and he was going to ruin their lives.
-
1:29 - 1:32And this had kept them silent
for a really long time. -
1:32 - 1:36So, I was furious.
-
1:37 - 1:41And I didn't want anyone
to ever feel that way again. -
1:41 - 1:44So I did what I usually do when I'm angry:
-
1:44 - 1:45I tweeted.
-
1:45 - 1:47(Laughter)
-
1:47 - 1:49And the thing that I tweeted
-
1:49 - 1:53was that if you are a woman
who has been sexually abused by a hacker -
1:53 - 1:56and that hacker has threatened
to break into your devices, -
1:56 - 1:58that you could contact me
-
1:58 - 2:00and I would try to make sure
-
2:00 - 2:05that your device got a full,
sort of, forensic look over. -
2:05 - 2:07And then I went to lunch.
-
2:07 - 2:09(Laughter)
-
2:10 - 2:12Ten thousand retweets later,
-
2:12 - 2:13(Laughter)
-
2:13 - 2:17I had accidentally started a project.
-
2:18 - 2:23So every morning,
I woke up and my mailbox was full. -
2:23 - 2:28It was full of the stories
of men and women -
2:28 - 2:33telling me the worst thing
that had ever happened to them. -
2:33 - 2:38I was contacted by women
who were being spied on by men, -
2:38 - 2:40by men who were being spied on by men,
-
2:40 - 2:42by women who were being spied on by women,
-
2:42 - 2:45but the vast majority
of the people contacting me -
2:45 - 2:49were women who had been
sexually abused by men -
2:49 - 2:51who were now spying on them.
-
2:51 - 2:53The one particularly interesting case
-
2:53 - 2:55involved a man who came to me,
-
2:55 - 3:00because his boyfriend had outed him as gay
-
3:00 - 3:04to his extremely
conservative Korean family. -
3:04 - 3:09So this is not just
men-spying-on-women issue. -
3:10 - 3:13And I'm here to share
-
3:13 - 3:16what I learned from this experience.
-
3:17 - 3:20What I learned is that data leaks.
-
3:20 - 3:22It's like water.
-
3:22 - 3:24It gets in places you don't want it.
-
3:24 - 3:25Human leaks.
-
3:25 - 3:27Your friends give away
information about you. -
3:27 - 3:30Your family gives away
information about you. -
3:30 - 3:32You go to a party,
-
3:32 - 3:35somebody tags you as having been there.
-
3:35 - 3:36And this is one of the ways
-
3:36 - 3:38in which abusers pick up
information about you -
3:38 - 3:41that you don't otherwise
want them to know. -
3:41 - 3:46It is not uncommon for abusers
to go to friends and family -
3:46 - 3:49and ask for information
about their victims -
3:49 - 3:52under the guise of being concerned
about their "mental health." -
3:53 - 3:56A form of leak that I saw
-
3:56 - 4:00was actually what we call
account compromise. -
4:00 - 4:03So your Gmail account,
-
4:03 - 4:06your Twitter account,
-
4:06 - 4:08your Instagram account,
-
4:08 - 4:10your iCloud,
-
4:10 - 4:12your Apple ID,
-
4:12 - 4:13your Netflix, your TikTok --
-
4:13 - 4:15I had to figure out what a TikTok was.
-
4:16 - 4:18If it had a login,
-
4:18 - 4:21I saw it compromised.
-
4:21 - 4:26And the reason for that is because
your abuser is not always your abuser. -
4:26 - 4:30It is really common for people
in relationships to share passwords. -
4:30 - 4:33Furthermore, people who are intimate,
-
4:33 - 4:34who know a lot about each other,
-
4:34 - 4:36can guess each other's security questions.
-
4:36 - 4:39Or they can look over
each other's shoulders -
4:39 - 4:42to see what code they're using
in order to lock their phones. -
4:42 - 4:44They frequently have
physical access to the phone, -
4:44 - 4:47or they have physical access
to the laptop. -
4:47 - 4:51And this gives them a lot of opportunity
-
4:51 - 4:54to do things to people's accounts,
-
4:54 - 4:56which is very dangerous.
-
4:56 - 4:59The good news is that we have advice
-
4:59 - 5:01for people to lock down their accounts.
-
5:01 - 5:05This advice already exists,
and it comes down to this: -
5:05 - 5:10Use strong, unique passwords
for all of your accounts. -
5:12 - 5:15Use more strong, unique passwords
-
5:15 - 5:18as the answers to your security questions,
-
5:18 - 5:22so that somebody who knows
the name of your childhood pet -
5:22 - 5:24can't reset your password.
-
5:25 - 5:29And finally, turn on the highest level
of two-factor authentication -
5:29 - 5:31that you're comfortable using.
-
5:31 - 5:35So that even if an abuser
manages to steal your password, -
5:35 - 5:37because they don't have the second factor,
-
5:37 - 5:40they will not be able
to log into your account. -
5:40 - 5:42The other thing that you should do
-
5:42 - 5:48is you should take a look
at the security and privacy tabs -
5:48 - 5:49for most of your accounts.
-
5:49 - 5:51Most accounts have
a security or privacy tab -
5:51 - 5:55that tells you
what devices are logging in, -
5:55 - 5:58and it tells you where
they're logging in from. -
5:58 - 6:00For example, here I am,
-
6:00 - 6:02logging in to Facebook from the La Quinta,
-
6:02 - 6:03where we are having this meeting,
-
6:03 - 6:05and if for example,
-
6:05 - 6:08I took a look at my Facebook logins
-
6:08 - 6:10and I saw somebody logging in from Dubai,
-
6:10 - 6:12I would find that suspicious,
-
6:12 - 6:15because I have not been
to Dubai in some time. -
6:16 - 6:19But sometimes, it really is a RAT.
-
6:19 - 6:22If by RAT you mean remote access tool.
-
6:22 - 6:25And remote access tool
-
6:25 - 6:30is essentially what we mean
when we say stalkerware. -
6:30 - 6:34So one of the reasons why
getting full access to your device -
6:34 - 6:36is really tempting for governments
-
6:36 - 6:39is the same reason why
getting full access to your device -
6:39 - 6:44is tempting for abusive partners
and former partners. -
6:45 - 6:49We carry tracking devices
around in our pockets all day long. -
6:49 - 6:53We carry devices
that contain all of our passwords, -
6:53 - 6:55all of our communications,
-
6:55 - 6:58including our end-to-end
encrypted communications. -
6:58 - 7:01All of our emails, all of our contacts,
-
7:01 - 7:05all of our selfies are all in one place,
-
7:05 - 7:08often our financial information
is also in this place. -
7:08 - 7:11And so, full access to a person’s phone
-
7:11 - 7:16is the next best thing
to full access to a person's mind. -
7:16 - 7:22And what stalkerware does
is it gives you this access. -
7:22 - 7:26So, you may ask, how does it work?
-
7:26 - 7:27The way stalkerware works
-
7:27 - 7:31is that it's a commercially
available program, -
7:31 - 7:34which an abuser purchases,
-
7:34 - 7:37installs on the device
that they want to spy on, -
7:38 - 7:39usually because they have physical access
-
7:40 - 7:45or they can trick their target
into installing it themselves, -
7:45 - 7:46by saying, you know,
-
7:46 - 7:50"This is a very important program
you should install on your device." -
7:50 - 7:54And then they pay the stalkerware company
-
7:54 - 7:57for access to a portal,
-
7:57 - 8:00which gives them all
of the information from that device. -
8:00 - 8:04And you're usually paying
something like 40 bucks a month. -
8:04 - 8:07So this kind of spying
is remarkably cheap. -
8:10 - 8:11Do these companies know
-
8:12 - 8:16that their tools
-
8:16 - 8:19are being used as tools of abuse?
-
8:19 - 8:20Absolutely.
-
8:20 - 8:23If you take a look
at the marketing copy for Cocospy, -
8:23 - 8:24which is one of these products,
-
8:24 - 8:28it says right there on the website
-
8:28 - 8:31that Cocospy allows you
to spy on your wife with ease, -
8:31 - 8:34"You do not have to worry
about where she goes, -
8:34 - 8:37who she talks to
or what websites she visits." -
8:37 - 8:38So that's creepy.
-
8:39 - 8:42HelloSpy, which is another such product,
-
8:42 - 8:47had a marketing page
in which they spent most of their copy -
8:47 - 8:49talking about the prevalence of cheating
-
8:49 - 8:52and how important it is
to catch your partner cheating, -
8:52 - 8:55including this fine picture of a man
-
8:55 - 8:57who has clearly just caught
his partner cheating -
8:57 - 8:58and has beaten her.
-
8:58 - 9:01She has a black eye,
there is blood on her face. -
9:01 - 9:05And I don't think that there is
really a lot of question -
9:05 - 9:10about whose side HelloSpy is on
in this particular case. -
9:10 - 9:12And who they're trying to sell
their product to. -
9:15 - 9:21It turns out that if you have stalkerware
on your computer or on your phone, -
9:21 - 9:25it can be really difficult to know
whether or not it's there. -
9:25 - 9:26And one of the reasons for that
-
9:26 - 9:29is because antivirus companies
-
9:29 - 9:35often don't recognize
stalkerware as malicious. -
9:36 - 9:38They don't recognize it as a Trojan
-
9:38 - 9:41or as any of the other stuff
that you would normally find -
9:41 - 9:42that they would warn you about.
-
9:42 - 9:46These are some results
from earlier this year from VirusTotal. -
9:46 - 9:49I think that for one sample
that I looked at -
9:49 - 9:54I had something like
a result of seven out of 60 -
9:54 - 9:57of the platforms recognized
the stalkerware that I was testing. -
9:57 - 10:01And here is another one
where I managed to get 10, -
10:01 - 10:0210 out of 61.
-
10:02 - 10:06So this is still some very bad results.
-
10:08 - 10:11I have managed to convince
a couple of antivirus companies -
10:11 - 10:15to start marking stalkerware as malicious.
-
10:15 - 10:16So that all you have to do
-
10:16 - 10:19if you're worried about having
this stuff on your computer -
10:19 - 10:22is you download the program,
-
10:22 - 10:24you run a scan and it tells you
-
10:24 - 10:28"Hey, there's some potentially
unwanted program on your device." -
10:28 - 10:30It gives you the option of removing it,
-
10:30 - 10:32but it does not remove it automatically.
-
10:32 - 10:34And one of the reasons for that
-
10:34 - 10:36is because of the way that abuse works.
-
10:36 - 10:39Frequently, victims of abuse aren't sure
-
10:39 - 10:41whether or not they want
to tip off their abuser -
10:41 - 10:43by cutting off their access.
-
10:43 - 10:49Or they're worried that their abuser
is going to escalate to violence -
10:49 - 10:52or perhaps even greater violence
-
10:52 - 10:54than they've already been engaging in.
-
10:56 - 10:58Kaspersky was one
of the very first companies -
10:58 - 11:01that said that they were going to start
taking this seriously. -
11:01 - 11:05And in November of this year,
-
11:05 - 11:07they issued a report in which they said
-
11:07 - 11:11that since they started tracking
stalkerware among their users -
11:11 - 11:16that they had seen
an increase of 35 percent. -
11:18 - 11:21Likewise, Lookout came out
with a statement -
11:21 - 11:24saying that they were going to take this
much more seriously. -
11:24 - 11:29And finally, a company called Malwarebytes
also put out such a statement -
11:29 - 11:33and said that they had found
2,500 programs -
11:33 - 11:35in the time that they had been looking,
-
11:35 - 11:38which could be classified as stalkerware.
-
11:39 - 11:45Finally, in November
I helped to launch a coalition -
11:45 - 11:48called the Coalition Against Stalkerware,
-
11:48 - 11:52made up of academics,
-
11:52 - 11:55people who are doing
this sort of thing on the ground -- -
11:55 - 12:02the practitioners of helping people to
escape from intimate partner violence -- -
12:02 - 12:04and antivirus companies.
-
12:04 - 12:10And our goal is both to educate people
about these programs, -
12:10 - 12:13but also to convince
the antivirus companies -
12:13 - 12:15to change the norm
-
12:15 - 12:20in how they act around
this very scary software, -
12:20 - 12:23so that soon, if I get up in front of you
-
12:23 - 12:25and I talk to you about this next year,
-
12:25 - 12:28I could tell you that the problem
has been solved, -
12:28 - 12:31and all you have to do
is download any antivirus -
12:31 - 12:35and it is considered normal
for it to detect stalkerware. -
12:35 - 12:37That is my hope.
-
12:37 - 12:38Thank you very much.
-
12:38 - 12:43(Applause)
- Title:
- What you need to know about stalkerware
- Speaker:
- Eva Galperin
- Description:
-
"Full access to a person's phone is the next best thing to full access to a person's mind," says cybersecurity expert Eva Galperin. In an urgent talk, she describes the emerging danger of stalkerware -- software designed to spy on someone by gaining access to their devices without their knowledge -- and calls on antivirus companies to recognize these programs as malicious in order to discourage abusers and protect victims.
- Video Language:
- English
- Team:
- closed TED
- Project:
- TEDTalks
- Duration:
- 12:56
marialadias edited English subtitles for What you need to know about stalkerware | ||
Erin Gregory approved English subtitles for What you need to know about stalkerware | ||
Erin Gregory edited English subtitles for What you need to know about stalkerware | ||
Joanna Pietrulewicz accepted English subtitles for What you need to know about stalkerware | ||
Joanna Pietrulewicz edited English subtitles for What you need to know about stalkerware | ||
Joanna Pietrulewicz edited English subtitles for What you need to know about stalkerware | ||
Ivana Korom edited English subtitles for What you need to know about stalkerware | ||
Ivana Korom edited English subtitles for What you need to know about stalkerware |