What you need to know about stalkerware | Eva Galperin

110,581 views ・ 2020-03-30

TED


Please double-click on the English subtitles below to play the video.

00:12
I want you to travel back in time with me,
0
12515
5128
00:17
to the before time, to 2017.
1
17667
3476
00:21
I don't know if you can remember it,
2
21167
1726
00:22
dinosaurs were roaming the earth.
3
22917
1892
00:24
I was a security researcher,
4
24833
1726
00:26
I had spent about five or six years
5
26583
2768
00:29
doing research on the ways in which APTs,
6
29375
3059
00:32
which is short for advanced persistent threats,
7
32458
4375
00:37
which stands for nation-state actors,
8
37417
3267
00:40
spy on journalists and activists
9
40708
4018
00:44
and lawyers and scientists
10
44750
2226
00:47
and just generally people who speak truth to power.
11
47000
3684
00:50
And I'd been doing this for a while
12
50708
2393
00:53
when I discovered that one of my fellow researchers,
13
53125
4268
00:57
with whom I had been doing this all this time,
14
57417
2726
01:00
was allegedly a serial rapist.
15
60167
5041
01:06
So the first thing that I did
16
66542
2434
01:09
was I read a bunch of articles about this.
17
69000
2976
01:12
And in January of 2018,
18
72000
3018
01:15
I read an article with some of his alleged victims.
19
75042
5059
01:20
And one of the things that really struck me about this article
20
80125
4101
01:24
is how scared they were.
21
84250
1809
01:26
They were really frightened,
22
86083
1685
01:27
they had, you know, tape over the cameras on their phones
23
87792
5142
01:32
and on their laptops,
24
92958
1268
01:34
and what they were worried about was that he was a hacker
25
94250
2851
01:37
and he was going to hack into their stuff
26
97125
1953
01:39
and he was going to ruin their lives.
27
99102
2166
01:41
And this had kept them silent for a really long time.
28
101292
3184
01:44
So, I was furious.
29
104500
3083
01:49
And I didn't want anyone to ever feel that way again.
30
109375
3518
01:52
So I did what I usually do when I'm angry:
31
112917
2892
01:55
I tweeted.
32
115833
1268
01:57
(Laughter)
33
117125
2184
01:59
And the thing that I tweeted
34
119333
1435
02:00
was that if you are a woman who has been sexually abused by a hacker
35
120792
3976
02:04
and that hacker has threatened to break into your devices,
36
124792
3434
02:08
that you could contact me
37
128250
1643
02:09
and I would try to make sure
38
129917
1892
02:11
that your device got a full, sort of, forensic look over.
39
131833
4768
02:16
And then I went to lunch.
40
136625
2476
02:19
(Laughter)
41
139125
1583
02:21
Ten thousand retweets later,
42
141958
1685
02:23
(Laughter)
43
143667
1434
02:25
I had accidentally started a project.
44
145125
3417
02:30
So every morning, I woke up and my mailbox was full.
45
150208
4310
02:34
It was full of the stories of men and women
46
154542
5809
02:40
telling me the worst thing that had ever happened to them.
47
160375
4851
02:45
I was contacted by women who were being spied on by men,
48
165250
4768
02:50
by men who were being spied on by men,
49
170042
2226
02:52
by women who were being spied on by women,
50
172292
2101
02:54
but the vast majority of the people contacting me
51
174417
2559
02:57
were women who had been sexually abused by men
52
177000
3809
03:00
who were now spying on them.
53
180833
2435
03:03
The one particularly interesting case
54
183292
1809
03:05
involved a man who came to me,
55
185125
2018
03:07
because his boyfriend had outed him as gay
56
187167
5101
03:12
to his extremely conservative Korean family.
57
192292
3226
03:15
So this is not just men-spying-on-women issue.
58
195542
5125
03:22
And I'm here to share
59
202292
3142
03:25
what I learned from this experience.
60
205458
2417
03:28
What I learned is that data leaks.
61
208833
3351
03:32
It's like water.
62
212208
1935
03:34
It gets in places you don't want it.
63
214167
1726
03:35
Human leaks.
64
215917
1267
03:37
Your friends give away information about you.
65
217208
2143
03:39
Your family gives away information about you.
66
219375
2893
03:42
You go to a party,
67
222292
1267
03:43
somebody tags you as having been there.
68
223583
3101
03:46
And this is one of the ways
69
226708
1601
03:48
in which abusers pick up information about you
70
228333
2143
03:50
that you don't otherwise want them to know.
71
230500
2018
03:52
It is not uncommon for abusers to go to friends and family
72
232542
5392
03:57
and ask for information about their victims
73
237958
3143
04:01
under the guise of being concerned about their "mental health."
74
241125
3167
04:05
A form of leak that I saw
75
245250
3226
04:08
was actually what we call account compromise.
76
248500
3434
04:11
So your Gmail account,
77
251958
2935
04:14
your Twitter account,
78
254917
2642
04:17
your Instagram account,
79
257583
2226
04:19
your iCloud,
80
259833
2143
04:22
your Apple ID,
81
262000
1643
04:23
your Netflix, your TikTok --
82
263667
1601
04:25
I had to figure out what a TikTok was.
83
265292
1833
04:28
If it had a login,
84
268417
1892
04:30
I saw it compromised.
85
270333
2768
04:33
And the reason for that is because your abuser is not always your abuser.
86
273125
4643
04:37
It is really common for people in relationships to share passwords.
87
277792
4434
04:42
Furthermore, people who are intimate,
88
282250
2601
04:44
who know a lot about each other,
89
284875
1559
04:46
can guess each other's security questions.
90
286458
2018
04:48
Or they can look over each other's shoulders
91
288500
2059
04:50
to see what code they're using in order to lock their phones.
92
290583
2976
04:53
They frequently have physical access to the phone,
93
293583
2643
04:56
or they have physical access to the laptop.
94
296250
2726
04:59
And this gives them a lot of opportunity
95
299000
3976
05:03
to do things to people's accounts,
96
303000
3309
05:06
which is very dangerous.
97
306333
1810
05:08
The good news is that we have advice
98
308167
2934
05:11
for people to lock down their accounts.
99
311125
2309
05:13
This advice already exists, and it comes down to this:
100
313458
3976
05:17
Use strong, unique passwords for all of your accounts.
101
317458
4834
05:23
Use more strong, unique passwords
102
323542
3226
05:26
as the answers to your security questions,
103
326792
3226
05:30
so that somebody who knows the name of your childhood pet
104
330042
3851
05:33
can't reset your password.
105
333917
1625
05:36
And finally, turn on the highest level of two-factor authentication
106
336542
4476
05:41
that you're comfortable using.
107
341042
2142
05:43
So that even if an abuser manages to steal your password,
108
343208
4018
05:47
because they don't have the second factor,
109
347250
2059
05:49
they will not be able to log into your account.
110
349333
2726
05:52
The other thing that you should do
111
352083
2185
05:54
is you should take a look at the security and privacy tabs
112
354292
5392
05:59
for most of your accounts.
113
359708
1310
06:01
Most accounts have a security or privacy tab
114
361042
2226
06:03
that tells you what devices are logging in,
115
363292
4101
06:07
and it tells you where they're logging in from.
116
367417
2642
06:10
For example, here I am,
117
370083
1518
06:11
logging in to Facebook from the La Quinta,
118
371625
2059
06:13
where we are having this meeting,
119
373708
1572
06:15
and if for example,
120
375304
1964
06:17
I took a look at my Facebook logins
121
377292
2267
06:19
and I saw somebody logging in from Dubai,
122
379583
2601
06:22
I would find that suspicious,
123
382208
1976
06:24
because I have not been to Dubai in some time.
124
384208
2625
06:28
But sometimes, it really is a RAT.
125
388125
2893
06:31
If by RAT you mean remote access tool.
126
391042
3101
06:34
And remote access tool
127
394167
3059
06:37
is essentially what we mean when we say stalkerware.
128
397250
4684
06:41
So one of the reasons why getting full access to your device
129
401958
3685
06:45
is really tempting for governments
130
405667
2309
06:48
is the same reason why getting full access to your device
131
408000
2893
06:50
is tempting for abusive partners and former partners.
132
410917
5083
06:57
We carry tracking devices around in our pockets all day long.
133
417042
4101
07:01
We carry devices that contain all of our passwords,
134
421167
3642
07:04
all of our communications,
135
424833
2351
07:07
including our end-to-end encrypted communications.
136
427208
2643
07:09
All of our emails, all of our contacts,
137
429875
3226
07:13
all of our selfies are all in one place,
138
433125
3601
07:16
often our financial information is also in this place.
139
436750
3518
07:20
And so, full access to a person’s phone
140
440292
3101
07:23
is the next best thing to full access to a person's mind.
141
443417
4125
07:28
And what stalkerware does is it gives you this access.
142
448375
5184
07:33
So, you may ask, how does it work?
143
453583
3976
07:37
The way stalkerware works
144
457583
1601
07:39
is that it's a commercially available program,
145
459208
3726
07:42
which an abuser purchases,
146
462958
3518
07:46
installs on the device that they want to spy on,
147
466500
2976
07:49
usually because they have physical access
148
469500
1976
07:51
or they can trick their target into installing it themselves,
149
471500
5309
07:56
by saying, you know,
150
476833
1268
07:58
"This is a very important program you should install on your device."
151
478125
3684
08:01
And then they pay the stalkerware company
152
481833
4268
08:06
for access to a portal,
153
486125
2768
08:08
which gives them all of the information from that device.
154
488917
3267
08:12
And you're usually paying something like 40 bucks a month.
155
492208
3351
08:15
So this kind of spying is remarkably cheap.
156
495583
3459
08:21
Do these companies know
157
501875
1601
08:23
that their tools
158
503500
4726
08:28
are being used as tools of abuse?
159
508250
2434
08:30
Absolutely.
160
510708
1268
08:32
If you take a look at the marketing copy for Cocospy,
161
512000
2809
08:34
which is one of these products,
162
514833
1518
08:36
it says right there on the website
163
516375
3143
08:39
that Cocospy allows you to spy on your wife with ease,
164
519542
3809
08:43
"You do not have to worry about where she goes,
165
523375
2226
08:45
who she talks to or what websites she visits."
166
525625
2934
08:48
So that's creepy.
167
528583
1250
08:50
HelloSpy, which is another such product,
168
530583
3560
08:54
had a marketing page in which they spent most of their copy
169
534167
4642
08:58
talking about the prevalence of cheating
170
538833
1976
09:00
and how important it is to catch your partner cheating,
171
540833
2685
09:03
including this fine picture of a man
172
543542
3017
09:06
who has clearly just caught his partner cheating
173
546583
2476
09:09
and has beaten her.
174
549083
1268
09:10
She has a black eye, there is blood on her face.
175
550375
2518
09:12
And I don't think that there is really a lot of question
176
552917
4101
09:17
about whose side HelloSpy is on in this particular case.
177
557042
4892
09:21
And who they're trying to sell their product to.
178
561958
2542
09:26
It turns out that if you have stalkerware on your computer or on your phone,
179
566625
5976
09:32
it can be really difficult to know whether or not it's there.
180
572625
4018
09:36
And one of the reasons for that
181
576667
1559
09:38
is because antivirus companies
182
578250
2601
09:40
often don't recognize stalkerware as malicious.
183
580875
6601
09:47
They don't recognize it as a Trojan
184
587500
2268
09:49
or as any of the other stuff that you would normally find
185
589792
3059
09:52
that they would warn you about.
186
592875
1518
09:54
These are some results from earlier this year from VirusTotal.
187
594417
3809
09:58
I think that for one sample that I looked at
188
598250
2684
10:00
I had something like a result of seven out of 60
189
600958
4685
10:05
of the platforms recognized the stalkerware that I was testing.
190
605667
3392
10:09
And here is another one where I managed to get 10,
191
609083
3476
10:12
10 out of 61.
192
612583
1643
10:14
So this is still some very bad results.
193
614250
3708
10:19
I have managed to convince a couple of antivirus companies
194
619500
3851
10:23
to start marking stalkerware as malicious.
195
623375
3143
10:26
So that all you have to do
196
626542
1267
10:27
if you're worried about having this stuff on your computer
197
627833
2768
10:30
is you download the program,
198
630625
3059
10:33
you run a scan and it tells you
199
633708
2393
10:36
"Hey, there's some potentially unwanted program on your device."
200
636125
3643
10:39
It gives you the option of removing it,
201
639792
2309
10:42
but it does not remove it automatically.
202
642125
1934
10:44
And one of the reasons for that
203
644083
1518
10:45
is because of the way that abuse works.
204
645625
1893
10:47
Frequently, victims of abuse aren't sure
205
647542
3226
10:50
whether or not they want to tip off their abuser
206
650792
2476
10:53
by cutting off their access.
207
653292
1767
10:55
Or they're worried that their abuser is going to escalate to violence
208
655083
6101
11:01
or perhaps even greater violence
209
661208
2310
11:03
than they've already been engaging in.
210
663542
2541
11:07
Kaspersky was one of the very first companies
211
667917
2226
11:10
that said that they were going to start taking this seriously.
212
670167
3267
11:13
And in November of this year,
213
673458
3101
11:16
they issued a report in which they said
214
676583
2060
11:18
that since they started tracking stalkerware among their users
215
678667
4351
11:23
that they had seen an increase of 35 percent.
216
683042
4833
11:29
Likewise, Lookout came out with a statement
217
689708
3185
11:32
saying that they were going to take this much more seriously.
218
692917
3142
11:36
And finally, a company called Malwarebytes also put out such a statement
219
696083
4685
11:40
and said that they had found 2,500 programs
220
700792
4517
11:45
in the time that they had been looking,
221
705333
1893
11:47
which could be classified as stalkerware.
222
707250
2250
11:50
Finally, in November I helped to launch a coalition
223
710875
5809
11:56
called the Coalition Against Stalkerware,
224
716708
3060
11:59
made up of academics,
225
719792
4392
12:04
people who are doing this sort of thing on the ground --
226
724208
3101
12:07
the practitioners of helping people to escape from intimate partner violence --
227
727333
6310
12:13
and antivirus companies.
228
733667
2392
12:16
And our goal is both to educate people about these programs,
229
736083
5643
12:21
but also to convince the antivirus companies
230
741750
3476
12:25
to change the norm
231
745250
1684
12:26
in how they act around this very scary software,
232
746958
5310
12:32
so that soon, if I get up in front of you
233
752292
2726
12:35
and I talk to you about this next year,
234
755042
2267
12:37
I could tell you that the problem has been solved,
235
757333
2810
12:40
and all you have to do is download any antivirus
236
760167
2726
12:42
and it is considered normal for it to detect stalkerware.
237
762917
4142
12:47
That is my hope.
238
767083
1810
12:48
Thank you very much.
239
768917
1309
12:50
(Applause)
240
770250
5000
About this website

This site will introduce you to YouTube videos that are useful for learning English. You will see English lessons taught by top-notch teachers from around the world. Double-click on the English subtitles displayed on each video page to play the video from there. The subtitles scroll in sync with the video playback. If you have any comments or requests, please contact us using this contact form.

https://forms.gle/WvT1wiN1qDtmnspy7