Stalkerware with John Bambenek

I'm contacted by people on a regular basis who believe that their devices have been compromised and that they're being stalked and spied on. Sometimes they've misinterpreted what they're looking at but sometimes they are actually being digitally stalked. Find out what to do about it in this episode.

Today's guest is John Bambenek. John is the Vice President of Security Research and Intelligence at ThreatSTOP and the President of Bambenek Consulting where he provides security consulting, penetration testing, forensics, and auditing. He has spoken at numerous security conferences including Black Hat. He has spent 20 years doing investigation work on cybercrime threats.

John is going to go over what Stalkerware is, in what scenarios it is most common, and things we can do to mitigate the harm it can do.

Show Notes:

• [1:00] - John Bambenek is the Vice President of Security Research and Intelligence at ThreatSTOP and owns his own company, Bambenek Consulting. He has been working in cybersecurity since college.
• [3:01] - John explains that Stalkerware is a malicious mobile app that is put on your phone to track your movements, monitor who you are talking to, see your texts, and other various activities through your phone.
• [3:26] - Stalkerware is most commonly found in cases of former relationships, but John shares his experience with Stalkerware found on the mobile device of an assassinated politician in South America.
• [4:39] - Odds are, if there is Stalkerware on your phone or mobile device, that that is not all that is going on. There are usually many signs of abusive or controlling behavior.
• [5:45] - There are also ways that people can be stalked without installing Stalkerware, such as monitoring Instagram and Facebook activity.
• [6:29] - Multiple IP addresses and their locations are often misinterpreted.
• [9:14] - Stalkerware is most commonly installed onto someone's phone by someone who has physical access to it, although remote installation is possible.
• [9:58] - There are also built-in features that can be misused, such as Find My Friends on an iPhone.
• [11:18] - Stalkerware is different from malware that is accidentally downloaded where hackers may have access to a device belonging to someone they don't know. Stalkerware is intentional and usually involves some prior relationship.
• [14:08] - Whenever you can, have a password on your phone that you don't give to someone, multi-factor authentication on accounts and other important logins.
• [14:50] - Multi-factor authentication is a very useful early warning system. John shares an experience he had in another country and how multi-factor authentication helped catch something unusual early on.
• [16:07] - John is a unique case because he wants a device compromised to aid him in his career in security research and shares some stories about his experiences.
• [18:12] - Chris and John discuss devices to bring or not to bring to conferences like Black Hat.
• [21:52] - A factory reset and changing all passwords is largely sufficient in eliminating Stalkerware installed on a phone.
• [24:28] - Once you start getting real-world indication that you are being stalked, establishing a police report is an important next step.
• [25:28] - With effort and with a court order, it may be possible to determine who has installed the Stalkerware on your device if you don't know who it is.
• [26:31] - One thing to keep in mind is when you wipe the phone, you also wipe the evidence.
• [27:13] - Taking down the people who create these Stalkerware malware is more valuable to police and investigators than individual cases of Stalkerware.
• [28:23] - The Coalition Against Stalkerware is a community of activists providing resources to victims and who are trying to figure out what can be done about Stalkerware on a larger scale.
• [29:30] - Language needs to be precise because there are software creators whose intentions are not malicious.
• [31:40] - There are laws that need to be changed and police detectives need to be educated so they can become experts in examining mobile phones.
• [33:00] - John explains that if you give someone access to your phone years ago and then they install Stalkerware on your phone maliciously later, they will not go to jail for it because you gave them permission at some point.
• [34:43] - There are industry coalitions and other groups dedicated to helping victims of stalking, but stalking has been a prevalent behavior in long term documented history.
• [35:27] - There are people who want these tools to monitor and control someone's movements and there are people who want to make money by providing this malware to them.
• [36:01] - There are lots of ways someone can be stalked without the use of Stalkerware. Because of the nature of social media sites like Facebook, we are leaking information all the time that can be watched and used.
• [37:41] - People don't understand the difference between anonymous and private. John gives examples of how this can be a problem.
• [39:10] - To get the benefits of advancing technology, we have to give up something in exchange. These things are not necessarily good or bad, you just need to understand what you're giving up to have this service.
• [40:16] - Every decision has its pros and cons and you have to be mindful of what they are and be okay with that. And sometimes there are ways to mitigate some of those harms.
• [40:40] - John explains the problem with Bluetooth: We have so many devices and it's all or nothing.
• [43:16] - There are many contact tracing apps that are created for a legitimate purpose that can be misused for the purpose of stalking.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.

Links and Resources:

• Podcast Web Page
• Facebook Page
• whatismyipaddress.com
• Easy Prey on Instagram
• Easy Prey on Twitter
• Easy Prey on LinkedIn
• Easy Prey on YouTube
• Easy Prey on Pinterest
• John Bambenek on Twitter
• John Bambenek on LinkedIn
• ThreatSTOP
• Bambenek Consulting
• Coalition Against Stalkerware