12.5 C
New York
Thursday, December 24, 2020
Home News Stalkerware: The invisible threat faced by domestic abuse victims

Stalkerware: The invisible threat faced by domestic abuse victims

Chris DeGraw/Digital Trends

Note: This story contains descriptions of digital abuse and references to domestic violence.

Early in her marriage, Samantha noticed that her husband would disappear into the bathroom for a long time. When he came out, he’d be angry with her.

“Later on, I found he was reading my text messages,” Samantha told Digital Trends. “They were forwarded to his phone.”

His behavior escalated, according to Samantha. In addition to violent behavior, he attempted to hack into her relatives’ bank accounts. She left him in 2015, but the abuse didn’t end. He registered a car under her name, and he seemed to know whenever — and wherever — she made a purchase or walked outside.

“I was living four states away from him, and somehow as I would be leaving, he would show up,” Samantha told Digital Trends. She declined to give her last name because her husband is still attempting to monitor her digital life.

SpeedKingz/Shutterstock

“It would seem crazy and paranoid to think someone is tracking you like this. People don’t think these kinds of things are possible. It makes you question your sanity  Since the abuser could no longer physically control or punish me, this was his way of inflicting pain,” she added.

It was only two years ago, after being continuously terrorized, that Samantha discovered the full extent of her abuser’s monitoring — thanks to the help of domestic abuse specialists and tech labs that scanned her phone. She believes he hacked at least five of her devices with stalkerware over the course of their relationship.

“Stalkerware” is a catchall term for apps that secretly monitor a victim’s communications, location, photos, password keystrokes, and more.

Domestic abuse has increased dramatically since COVID-19 forced couples into lockdown. However, the use of stalkerware has decreased during the pandemic, according to cybersecurity company Kaspersky.

“Right now, the victim and abuser are always together,” said Kaspersky Lab’s research development team lead Victor Chebyshev. “There is no need to monitor activity if they are in the same place.”

Chebyshev fully expects that the use of stalkerware will spike again once more people cease sheltering in place.

“It makes no difference if there is a quarantine, social distancing, or any other crisis situation, as we are continuously on guard without any moment of pause,” he said.

Cybersecurity firm Avast, however, detected an increase of stalkerware use during lockdown. The discrepancy may demonstrate how little of a grasp we have on these numbers.

“It remains to be seen how the numbers of detected stalkerware will look like at the end of the year, as this will show us a clearer picture,” said Chebyshev.

Stalkerware’s disturbing history

Westend61/Getty Images

Stalkerware has been around for more than a decade, though it has historically fallen under the “spyware” umbrella until recently. Using these apps as a domestic abuse tactic is still a relatively new topic among tech companies and lawmakers, though not due to a lack of prevalence.

Use of stalkerware spiked globally in the past two years, according to Kaspersky, which found that 35 percent more people worldwide had encountered the apps in 2019 than in 2018. These numbers are likely low since they are based on reports by users who managed to scan and locate the stalkerware on their devices.

A February poll conducted by Harris and NortonLifeLock found that 10 percent of Americans have used an app to monitor their ex- or current partner’s calls, messages, emails, and photos without the partner’s knowledge or permission.

“We’ve seen a huge increase, we believe, for two reasons,” said Chebyshev. “One, because we’ve improved our detection, and two, because developers who create stalkerware started to fight against our detection.”

“It was quite shocking as well to see how bad the problem is”

Last year, competing security companies like Norton Lifelock, Kaspersky, Malwarebytes and others banded together to fight the uptick of stalkerware through the Coalition Against Stalkerware.

“It was quite shocking as well to see how bad the problem is,” said Chebyshev, “[COVID-19] provides some time to focus on activities that we are doing together with the Coalition Against Stalkerware in order to increase general awareness about the problem. … Nonetheless, we think that the fight to protect all users against stalkerware will still be there for a while, unfortunately.”

Meanwhile, nonprofits and domestic violence organizations are scrambling to help survivors deal with the invisible problem while they’re in confinement. In a groundbreaking program in New York, Cornell Tech’s Clinic to End Tech Abuse teamed up with Family Justice Centers to scan and wipe survivors’ phones. The service is remote during COVID-19, with tech specialists making appointments in specific boroughs.

“There’s a lot of gaslighting going on with this abuse,” said Jenise Jenkins, director of operations for the NYC Family Justice Centers. “An abuser says ‘You don’t know what you’re talking about.’ It is hugely beneficial for our clients to know and be assured that they were not making this up. They’re hearing confirmation from a professional. Plus, once they know it’s just an app, they can do something about it.”

Cornell Tech has developed an open source antivirus technology called ISDi, which survivors don’t have to install, thereby evading the abuser’s detection. While stalkerware has decreased during COVID overall, Cornell Tech is anecdotally reporting the same number of concerned survivors.

“I thought there would be a drop-off, but we’re busier than ever,” said Diana Freed, doctoral fellow and Ph.D. researcher at Cornell Tech.

Recovering from stalkerware

One size does not fit all when it comes to action plans for survivors. Samantha is currently living at a private address. One of her devices is still hacked — her abuser doesn’t know that she knows he has access to it. She only gives him harmless information. This way, she can control him, rather than vice versa. She is seeking a divorce, but has not gone to the police.

“It’s very difficult to prove, especially when there’s a spouse and you shared a phone plan. Gaslighting and mental warfare, which are nontangible, are difficult to explain to non-trauma informed people,” said Samantha. “Also, if he finds out I know, he might change everything.”

Stalkerware presents a legal puzzle. It is generally legal to develop the technology that underlies many apps used as stalkerware. Users can be brought up on charges like stalking or fraud if they deploy the technology for illegal purposes. However, it is difficult to prosecute; the technology is shadowy and survivors are often unwilling to share their actively monitored devices with forensic police teams. Almost half of domestic abuse cases go unreported.

“Accessing someones’ device can be violating all sorts of computer privacy laws,” said Erica Olsen, director of the Safety Net program at the National Network to End Domestic Violence. “But there are so few options for finding it, proving it, and getting rid of it. Survivors are usually forced to do a factory reset or get a new phone, which means that the evidence is not preserved.”

No easy solution

The U.S. has a huge stalkerware problem, but the nation is ahead of the curve when it comes to fighting it. In October, the Federal Trade Commission brought allegations against three stalkerware companies after they enabled users to engage in illegal monitoring activities on their platforms. Globally, the case is only the second of its kind: In 2014, a U.S. court successfully shut down a Pakistan-based stalkerware app.

Most stalkerware can be downloaded from stand-alone websites or through Google Play for Android phones — though Google has launched initiatives to filter out these apps. The search giant announced last week that it would ban ads for stalkerware apps — specifically ones “that are marketed or targeted with the express purpose of tracking or monitoring another person or their activities without their authorization.”

Android devices are also susceptible because they are open source and have a diverse ecosystem; several versions of the Android operating system are available simultaneously, making security updates erratic. Stalkerware is less common on Apple devices, since the App Store is strict about development and submission.

It’s impossible to detect many stalkerware apps without a targeted stalkerware scan, and that kind of scanning tech is still in its infancy. These apps are typically buried deep in a victim’s phone system — usually under innocuous file names like “WiFi Check,” meaning victims usually don’t notice them on their own.

Any abuser can upload stalkerware, whether or not they have a tech background.

“It’s pretty simple. You just have to Google the steps,” said Jenkins. “It happens more frequently than the layperson would think. With domestic violence survivors, they’re already dealing with so much that it just compounds their worry and concern for their safety and for their children.”

Once the information reaches the apps, the victims’ problems may only get worse, according to Chebyshev. Many stalkerware apps upload victims’ information onto insecure servers. Hackers can easily retrieve the information, and the app can use it for its own data and marketing purposes since there is no privacy agreement with the victims.

Freed said that anyone who is suspicious of activity on their phone should use reputable antiviral software that detects stalkerware — not just adware. Kaspersky, MalwareBytes, Avira, McAfee, and Avast all reportedly target stalkerware with success. In addition to its anti-stalkerware technology, CETA also provides step-by-step instructions on disconnecting from abusive partners, from removing saved passwords to enhancing Facebook security.

Samantha said she has more than one device, and she uses them all for different purposes in order to throw off her abuser. One device is for educational software for her son, for example. Another is for trusted friends and family. She is extremely careful about giving out her information to anyone.

Domestic Violence Lawyer

Latest

Attracting top tech talent to your company

Talent is everywhere, but why does it seem so hard to find good talent for your company? What are you doing wrong or what are you not doing at all? It seems that technologically advanced graduates are dime a dozen, but how do you recruit them and retain them at your company? Whether you’re a company working with social media marketing or attempting to create the next Microsoft, this article will explore all that as well as include the top tips when it comes to hiring tech talent.Start with internshipsOne of the most pressing problems when it comes to education is that there is no bridge or stepping stone to having a career sans an internship which can sometimes be exploitative. Interns are a great way for a company to fill a position that doesn’t require much experience but requires the knowledge and skills that only a graduate in a certain field is able to achieve. Many companies shy away from collaborating with universities and their placement program because many graduates are only looking to fill their resume or are only interning to complete their degree program. None of these candidates are keen to work on the company and become a part of the business. Very rarely would companies want to take on a newcomer, train them up and have them go on their merry way to another job and repeat the process over and over again. It is time-consuming and quite frankly doesn’t do the company much good in terms of progress. However, one must understand that without this program, there will be no new talent to recruit from. It’s a cycle that forces companies to give back with their time and effort, and students to pay their dues while picking up soft skills on the way. Working together with a university will not ensure that you recruit and retain new employees or budding tech talent but it offers you the opportunity to snap up promising new talent as an early bird. Furthermore, an unpromising intern today could do her rounds and come back with more experience and have more to offer.Hire fresh graduatesIf you aren’t keen on the internship pathway, there is another method to make sure you get the creme de la creme, but this often comes at a high cost. If you aren’t a notable tech company that many people are clamoring to work with, such as Google, Apple, Facebook, etcetera, it might be hard to get students interested because why would they want to waste their honors degree at a small tech company when they could try their hand at any of those aforementioned tech giants? The thing about fresh graduates is that they are all so full of hope and by the time they realize that life isn’t all roses, it might be too late to take up on the university’s offer of a placement at your firm. This is why it’s important to make tiny concessions for the naivete of students. Allow anyone who hasn’t found a job in 12 – 24 months to be granted a placement, even if they haven’t had any prior experience. Understand that the economy is not as it once was, and no experience is just another way of saying they don’t need to unlearn bad habits from a different workplace culture. They are a fresh slate that you can mold. Don’t shy away from the idea that fresh graduates have nothing meaningful to offer. Sometimes, adding a new ingredient might just be what the recipe needs.Understand that there is a deficit of tech talentWith everyone scrambling over the best in an already limited pool of resources, will only exclude the rest trying to get in. A good leader and employer knows that great talent is often headhunted and can be easily led astray by a better job offer. It’s always better to have loyalty than ingenuity. If you are able to foster your new recruit’s talents and abilities, molding her to suit your companies’ needs, it would be worth ten talented recruits with no real love for your company. Treat your employees the way that makes them want to follow you and not the salary or promise of glory. This is something that is lacking in many industries but humans all want to be appreciated, treasured, and respected. Show your employees that you care and fan the flames of their passion. Put them in a position that they desire, with the responsibilities and freedom to do as they please within a reasonable boundary. By procuring happiness in your company for your employees, you’re ensuring loyalty. However, buy them with bribes and promises without offering them happiness, and there’s always the possibility of someone else raising the stakes.EDITOR NOTE: This is a promoted post and should not be viewed as an editorial endorsement.

T-Mobile releases list of devices that will stop working next month

You guys remember the Samsung Galaxy Note Edge? Or how about your good ol’ Nexus 9. Well, I hate to be the bearer of bad news but soon, you won’t be able to use either of those devices on T-Mobile’s network.Some internal documents from T-Mobile were given to Android Police, stating that they were planning to make some changes to their network starting January 29th, also listing a set of devices that would stop working on T-Mobile at that point due to them not being “able to receive a manufacturer software update”. Here is the full list:Samsung Galaxy Note 4 (AT&T model)Samsung Galaxy Note 4 (Verizon model)Samsung Galaxy Note EdgeHTC Desire 10 LifestyleHTC Desire 650Google Nexus 9Huawei Mate 8Huawei P9Mikrotikls SIA_R11e-LTE6Netgear Arlo Security Camera SystemOnePlus 1Quanta Dragon IR7Samsung Galaxy S5 DuosSony Xperia Z3 CompactSony Xperia Z3Sony Xperia Z3 OrionSony D6616 Xperia Z3 OrionSoyea M02ZTE ZMaxAs I joked about above, these devices are quite old, but if you have any of them running on T-Mobile, you should receive correspondence soon, as well as encouraging you to contact T-Mobile for upgrade options.Update: T-Mobile will provide free replacements for people affected by this change, with customers being able to choose one of four devices: the Samsung Galaxy A21, Samsung Galaxy A11, Alcatel GO FLIP 3, or a T-Mobile REVVL 4.  

OnePlus 9 latest leaks: flat display, wireless charging and Oneplus 9 Lite

The OnePlus 9 is rumored to launch in March of next year, so the leaks have been slow and steady. Here’s two of the latest pieces of info to come out on the upcoming series.OnePlus 9 LiteEarlier this month, we covered a rumor about a third OnePlus 9 Series device, the 9E. We had very little information, but we assumed that this would be a budget version of the base model.Now, thanks to an insider speaking to Android Central, we have information suggesting that there will be three phones in the OnePlus 9 lineup, with the 9 and 9 Pro running on the Snapdragon 888 and the budget 9E running on the Snapdragon 865. Not many more details are known about this device, but hardware-wise, we can expect that it will be essentially similar to the OnePlus 8T.OnePlus 9 Battery and DisplayWe also have some information on the battery and charging of the new OnePlus 9 Series coming from 91mobiles.According to their source, the base model will feature a 4500mAh battery, 65W fast wired charging, and 30W fast wireless charging, as well as reverse wireless charging.The source also provided them with some live images, showing a corner hole-punch cutout and a flat display. However, some sources suggest that the 9 Pro will feature a curved display.

How to watch Soul anywhere online

Disney has a special Christmas present in store for Disney Plus subscribers this year as Pixar's new animated film Soul