Of course, watching/spying implies a serious threat to privacy and individuality, but spy technologies today have ceased to be a Hollywood theme to become a reality within everyone’s scope.

An increase in the acquisition, in the most common app stores, about such “legal” spying/harassment tools known as stalkerware or spouseware can confirm this. So, does it mean these applications are approved for public use?

The clear answer is YES and this industry grows exponentially day by day, because more and more people have succumbed to the monstrous habit of stalking their closest circles, especially their romantic partners.

If we have to give a quick definition about what a stalkerware is, it is simply another subcategory of Malware, but we can specify it in a better way as “Legal Spyware”. A type of spyware that companies sell for the purpose of “monitoring”. T

he innocent alibi is that it is commercialized by alleging the product as a simple parental control, or in the worst case, a tracker used in certain private companies. Although we must say this is true; spyware can be used just for the aforementioned, however its darker aspects encourage other types of uses.

The installation of these programs is so trivial that we immediately have access to a lot of valuable information such as: the location of our “victim”, their history in their messaging applications, browsing, contacts, documents, photos, etc.

Ironically, several of these “legal software” require the user to deactivate the antivirus, which raises many suspicions about the genuine purpose of these tools. Actually, any legal monitoring tool should not represent a threat to its users under any circumstances, and let’s not even talk about super user/root permissions they request, having full control of the victim targeted.

With this kind of malware spreading out loud, the usual security recommendations like changing passwords constantly, using two-factor authentication, updating the operating system or antivirus are clearly laughable.

The-all-seeing-eye

The all-seeing eye | Image from Wall Street International.

While at a social level it is used to think that stalkers through networks are distant people, the installation of Stalkerware is usually carried out by very close individuals. All this espionage of calls, email or channels of communication like WhatsApp, Messenger, etc. mostly it is done, not by a well-versed hacker using a zero-day attack to have the victim’s device in range, but by inexperienced people who have physical access to the hardware.

As we can guess, the stalker does not have to be a hacker, he should not even know the basics of software programming; they just need a user-friendly spyware and the opportunity to install it on their target device. Although the above represents a total violation of digital privacy, it continues to be very little recognized or worrying among society.

The victims of these practices are persecuted and constantly controlled by their stalkers, often reaching extreme situations such as murder or kidnapping. Remember: full access to a person’s device (usually spyware works best on the mobile) is a direct pass to the mind of the person in question.

Despite the danger, stalkerware is still little studied/monitored by the real security experts, even many respected antivirus brands ignore this type of software in their scans and unfortunately the horror stories involving stalkerware are not simply “my phone is acting weird or my apps no longer open” but in reality they are “I’ve just been raped/molested, I’m being threatened, someone is usurping my life”.

Be-careful-with-your-mobile

Be careful with your mobile | Image from Wall Street International.

Technological abuse

Despite the relatively new explosion of social media apps, at least 10 years have passed since we have applications that are sufficiently invasive for people’s privacy, and there are innumerable cases where technological abuse has lasted for years. Beginning little by little, but gaining intensity: a person creates an email account to his partner and, later on, his social networks, granting him direct access to them.

It also replaces the old cell phone with an iPhone. And then set it up so that it can reflect the activity on an iPad and monitor all the calls and messages.

Of course, it has the cellular locator activated: so he can know where his partner is at all times.

But he simply tells the partner this function would make life easier for taking the bus. In this way, one day becomes someone totally obsessive and begins physical violence, manipulation, blackmailing and harassment towards the partner.
Technological abuse can be defined as:

  • the use of technology to spy or harass another person and, in the case of domestic violence, the partner;
  • it is also known as “digital abuse”;
  • it is a violation of privacy and in many cases it is simply underestimated;
  • often happens through constant monitoring of calls and messages and any social media app;
  • it is possible to use applications and computer programs designed to spy and track, as well as email accounts, digital banking and social networks;
  • some components: intimidation, stalking, identity theft, emotional abuse, isolation, contempt and coercion.

As a security enthusiast, this increase in stalkerware action and the use of surveillance techniques is really alarming.

If we start to investigate only a little, one of the most recurrent questions in Google is how to hack the Facebook account of our partner or lover, there are thousands of threads on the subject and multiple techniques that require a more advanced computer knowledge, which presents an important disadvantage when attacking, because it takes practice and time.

And in the case of brute force attacks, we can be testing passwords indefinitely without getting anything. But not with the stalkerware.

Electronic-eye

Electronic eye | Image from Wall Street International.

It is true that spyware merchants appeal to abusers to sell their product, but they are also sold to police bodies and government agencies for hundreds of thousands of dollars to execute massive espionage on population around the world; the same spyware used in anti-terrorist operations or against online pedophilia, is also used to control a lover in abusive relationships or a precise group in a country.

Another very disastrous aspect is that it can be purchased usually for less than $ 100 dollars.

The clearest example is in the leaked emails of Hacking Team, where it was assured this spy tool for Android sold by FinFisher for a small fortune, was very similar to another much cheaper one called FlexiSpy, created by a Thai company and with almost the same functionalities.

Forget the Dark Web, and hidden forums selling this kind of software, one can easily acquire it with a simple Google search and adjust to different types of needs; many of them have Twitter support account, and social media managers.

What’s more, the competition in this market is already so high that aggressive marketing campaigns among manufacturers are created around why my spyware is better than your spyware, to attract more buyers, and generate fake reviews to increase the prestige of the software. As an example, we can see in the blog of MSPY the criticisms they make to their competition iSpyoo, no matter the two spywares are clearly illegal:

Is iSpyoo use illegal?
It is absolutely illegal since spying is forbidden by the European and American legislation and violates human rights to privacy. In the USA, electronic monitoring by the Government is strictly limited by the Constitution and the Federal Law. There is the Fourth Amendment which says that Americans’ privacy may not be penetrated without a promise based on reasonable grounds.
If the country is not allowed to spy, what about other institutions? Obviously, any other institution, business or state, cannot get around this law…”

Espionage-5-dot-0

Espionage 5.0 | Image from Wall Street International.

How to prevent technological abuse?

As this issue obviously goes beyond the digital environment, the biggest recommendations revolve around the prevailing need to denounce. Here are some key points:

  • learn about privacy options to protect your digital identity;
  • never give up to emotional pressure to share your passwords for email accounts, social networks and other digital access;
  • learn about Social Engineering attacks and how you can evade them;
  • pay attention to worrying signals, such as constant monitoring;
  • tell a trusted person that you are being abused;
  • if you feel that your life is in danger or you were threatened, do not hesitate to make a police report.
——-
Fernando Velázquez

*Fernando Velázquez

Fernando Velázquez is a cryptographer, cybersecurity professional, privacy consultant and writer. He is the author of several articles on general Information Security topics.
.
He is the founder and Chief Technology Officer of Shield CyberSpace Boundaries (S.C.B) an organization specialized in Digital Rights Management, Online Privacy, Malware Analysis, Security and Computer Science.
.
.