Presented at
Black Hat USA 2021,
Aug. 5, 2021, 2:30 p.m.
(30 minutes)
Stalkerware is a type of spyware that is often used to surveil intimate partners or ex-partners. While it has been around for many years, its use has seen an uptick in recent years, with some studies suggesting a particular increase during the COVID-19 pandemic.
Technically, stalkerware is not particularly interesting: it is (primarily mobile) spyware and technically on par with commercial malware. But stalkerware is part of a broader ecosystem of technology-enabled abuse and coercive control, and therefore, technical means play only a small part in addressing it.
In this presentation, we will explain what stalkerware is, how it works and under what pretense it is often marketed and sold. More importantly, we will explain that stalkerware is part of the much wider problem of technology-enabled abuse and coercive control, such as intimate partner violence (IPV), domestic abuse, harassment, stalking, sexual violence, and other forms of gender-based violence (GBV). A holistic understanding of abuse and coercive control and the psychological harms experienced by survivors is essential for anyone who may encounter stalkerware and similar forms of tech misuse and abuse in their professional or personal lives.
The presentation will conclude with suggestions on what individual security practitioners can do when they encounter stalkerware, as well as what the security industry can do about stalkerware and tech abuse in general.
Presenters:
-
Martijn Grooten
- Security Consultant,
Martijn Grooten, a former mathematician, has been working in IT security for 14 years. He was previously the Editor of Virus Bulletin and currently works as a consultant on a number of projects, many of which deal with supporting vulnerable people and groups with digital security. He is part of the team that built the Ford Foundation's Cybersecurity Assessment Tool, a fellow at the Civilsphere Lab and a Coordinator at the Coalition Against Stalkerware.
-
Lodrina Cherne
- Principal Security Advocate, Cybereason
Lodrina Cherne is a champion for security in the digital forensics and cybersecurity industries. As Principal Security Advocate at Cybereason, she drives innovation and development of best practices related to cybersecurity standards and policy. Cherne is also a Certified Instructor at the SANS Institute where she helps information security professionals advance their foundational understanding of digital forensics. Cherne's role as a Researcher at the Technology & Social Change Project at Harvard Kennedy School's Shorenstein Center also works to frame technology in the public discourse about the reliability of information online. Cherne has earned a bachelor's degree in Computer Science from Boston University and has participated in the TELI program at Aspen Tech Policy Hub.
Links:
Similar Presentations: