How to identify if your electronic devices are spying on you

Maria says she grew up in a “loving” Catholic family on the east coast of the United States, which made big Sunday dinners. Her parents had a good marriage and she wanted that kind of respect and closeness in her own relationship.

When she met her husband in her early twenties, it was love at first sight.

But the romance quickly soured, turning into a 25-year story of abuse and control.

First was the name calling. So, complete control of your finances, your movements, and eventually your three children.

Her husband opposed the idea of ​​her having a job where she could interact with other people and forbade her to use the computer.

“He called me fat every day and kicked me out of the house when he was angry,” she recalls.

Eventually, financial abuse increased. First, he took the salary she received for working as a cleaning lady, then he applied for credit cards in Maria’s name using her personal documents.

Six years ago, Maria finally collapsed when she heard him say he wanted her dead. With the help of the church she attended and her family, she slowly formulated an escape plan.

After having her house foreclosed, she finally moved in with her sister. She got a laptop for the first time and finally had the freedom to open a Facebook account. And started dating.

But soon her ex-husband began replying to messages for the man she was seeing. And it also started to appear wherever she was.

Suddenly, she would spot him driving behind her on a highway. Once, she was so scared that he was chasing her and might pull a gun that she called the police.

Although she didn’t press charges, the stalking eventually eased and she drifted further away. But she found that she had been a victim of the call stalkerware.

Stalkerware is commercially available software that is used to spy on another person through their device—usually a phone—without their consent.

It can allow the user to see another person’s messages, location, photos, files and even scour conversations in the vicinity of the phone.

To help resolve the issue, Eva Galperin formed the Coalition Against Stalkerware in 2019.

She decided to form the group after looking at the accounts of several alleged rape victims, who were afraid that their lives would continue to be ruined by the attackers through technology.

When someone has access to your phone, the potential for exploitation is enormous, she explains. For example, a victim could be blackmailed with threats to share intimate photos.

Galperin says that in the domestic violence cases she encounters, “some level of technology-enabled abuse is almost universally present,” and that this often includes stalkerware.

“It’s usually related to the most violent cases — because it’s a powerful tool for coercive control,” she adds.

Research indicates that stalkerware proliferation is a growing problem: a Norton Labs study found that the number of devices indicating they had stalkerware installed increased by 63 percent between September 2020 and May 2021.

The report suggested that the significant increase may have been caused by social isolation, as people spent more time at home.

“Personal belongings are more accessible, likely creating more opportunities for abusers to install stalker apps on their partners’ devices,” the report found.

Over the past two years, Galperin has managed to convince a handful of antivirus companies to identify this type of software as malicious. This came after an initial reluctance to mark the stalkerware as an unwanted program — or malware — because of its possible legitimacy of use.

In October, Google removed several ads from apps that encourage potential users to spy on their partners’ phones. These apps are often marketed to parents who want to monitor their children’s movements and messages—but instead have been repurposed by abusers to spy on their spouses.

One such app, SpyFone, was banned by the US Federal Trade Commission in September 2021 for collecting and sharing data about people’s movements and activities through a hidden hack on the device.

Despite these positive moves, some stalkerware applications and advice on how to use them are still easily accessible on the internet.

According to Galperin, the next issue the FTC is investigating is companies that sell and buy phone location data from users without their knowledge. She calls this technology “an extremely powerful tool” for private investigators, who use it to track victims’ locations.

With stalkerware deliberately designed to be difficult to detect, even those who are tech savvy can still fall prey to it.

One such person was Charlotte (not her real name), a senior cybersecurity analyst.

Soon after getting engaged, she slowly noticed that strange things started happening with her phone. The battery drained quickly and it restarted suddenly – both telltale signs of stalkerware potentially installed on her device.

Until her partner made it clear that he always knew where she was, and that’s when she finally connected the dots.

To get some advice on what to do, she went to a hacker meeting. The meeting took place at a location where her fiance had worked and she knew some of the faces.

She was shocked to discover that there is a culture of acceptance that partners can track each other down.

The “brotherhood” environment among tech men she encountered encouraged her to enter cybersecurity, to reinforce “representation from different perspectives.”

A quick Internet search reveals many services claiming they can hack into someone’s smartphone with just a phone number, usually for a few hundred dollars to be paid in cryptocurrency.

However, while software with these features can be accessed by investigative bodies, cybersecurity experts believe these sites are likely scams. Instead, the use of stalkerware depends in large part on “social engineering,” which Charlotte says people can learn to be careful about and avoid.

The target may receive a text message, which appears to be truthful, inviting them to click on a link. Or a fake app disguised as a legitimate one might be shared with it.

Charlotte says “don’t be afraid” if you try to delete a suspicious app and it displays a series of warnings.

“Sometimes they use scary tactics to keep users from removing the software. They use a lot of social engineering techniques.”

If all else fails, Charlotte recommends doing a factory reset of the phone, changing all of your social media account passwords and using two-step authentication at all times.

So what would be the best way to tackle the problem?

Most countries already have some sort of wiretapping statute and anti-stalking laws in place.

For example, in 2020, France introduced a new domestic violence bill that, among other things, tightened sanctions on secret surveillance: geographic tracking of someone without their consent is now punishable by one year in prison and a fine of €45 thousand (R$290 thousand). If this is done by the partner, the fines will potentially be even higher.

paths to follow

But for Eva Galperin, this is not a problem that we can expect new legislation to solve entirely.

She thinks that both Google and Apple could, for example, act by making it impossible to buy any of these apps in their stores.

Crucially, she adds, the focus must be on better training for police to deal more rigorously with the problem.

One of the biggest problems she says she sees is that victims turn to law enforcement with the intention of enforcing it. However, authorities turn a blind eye and “say this is not a priority problem”.

The proliferation of cyber-stalking has also brought a new type of support service to victims of domestic violence.

The Clinic To End Tech Abuse —Ceta— is one of these facilities, associated with Cornell University in the United States. Ceta works directly with abuse survivors while collecting research on the growing misuse of technology.

Rosanna Bellini of CETA says they typically don’t recommend removing stalkerware right away from a victim’s phone — without doing security planning first with a caseworker.

Past experience has revealed this approach: if the aggressor’s access to the victim’s telephone is suddenly cut off, this can lead to an escalation of violence.

For Maria, who has been free from abusive marriage for six years, things aren’t perfect, but they’re looking up.

“I have a good relationship with someone who really cares about me and supports me, helping to build my story,” she says.

There are still times when she gets anxious dealing with the phone. She was diagnosed with post-traumatic stress disorder (PTSD). But she wants other victims to know that cyber stalking is huge and that they are not alone.

“Don’t be afraid. There’s help out there. I’ve made great strides, and if I can do it at my age, —at 56— anyone can do it.”