October is a month of two subjects: cybersecurity awareness month and domestic violence awareness month. It’s an interesting coincidence, as cybersecurity, technology, and domestic violence have only become more entangled over time. Improvements in technology are a double-edged sword in this way; true, it brings more effective communication, but also makes domestic violence much easier.
Abusers can track phones, follow social media posts, spam accounts, and reach out to a victim’s friends or family from anywhere. Common cybersecurity tools — tools for OSINT or administration, for example — make finding information on a target even easier.
We are hosting a live stream of four expert panelists to talk about how to prevent cyberstalking. To learn more, register for the event today.
Some Background on Cyberstalking
Cybersecurity, technology, and domestic violence have converged into a new blight on humanity and subgroup of stalking: cyberstalking. Cyberstalking is when an individual uses technology to stalk, abuse, harass, or carry out violence on another individual as part of a pervasive pattern of behavior.
Despite how central technology is to our lives post-digital transformation, cyberstalking has gone relatively unnoticed and at times derided. However, that is starting to change. Legal statutes are evolving, and the federal stalking statute, which was first enacted in 1996, was expanded to address “cyberstalking” in 2000. However, the United States Justice Department finds that current trends and evidence suggest that cyberstalking is now a serious problem that will grow in scope and complexity as more people use the Internet and additional telecommunications technologies.
But Is Cyberstalking Really a Problem?
Even with the US government making statements like the one above, some still find it hard to believe cyberstalking has any real impact on individuals. Unfortunately, once you start looking into the numbers, the reality of the effects of cyberstalking become clear.
When National Public Radio conducted a survey of 72 domestic violence shelters in the United States, they found that 85% of domestic violence workers assisted victims whose abuser tracked them using GPS. 81% of women stalked by a current or former partner were also physically assaulted by that same partner.
Think about that for a moment: domestic violence occurs in the vast majority of cyberstalking cases. This is not theoretical. it’s very real, and there’s a whole new toolkit for abusers to leverage that hackers have made for them online.
Why Can’t We Just Prosecute Cyberstalkers?
Much like domestic violence, cyberstalking is still a difficult thing for individuals and governments to identify, define, and prosecute. Less than 40% of stalking victims found that police took action against a perpetrator when they reported the crime. The most common action by the police is to take a report of the incident, which gives no additional protections to the victim and has no impact on the perpetrator. At best, it is a means of processing and checking the box under “did something” for law enforcement, with no real protection or investigative or judicial followup. This is compounded by the fact that most will not go to the police until the situation is extremely dire and they are in desperate need of police protection. 54% of femicide victims reported stalking to the police prior to being killed by their stalkers.
“In a world where we can’t tell where the line between digital and physical is drawn at work or at play, cyber crimes can be violent, they can terrorize and they can extend the toolkit of physical violence to completely dominate and hem in victims. To make matters even worse, an aggressive online campaign can extend aggressor dominance over victims even after they escape the physical presence of their tormentors.”
In order to get any further action from the police, you need a significant amount of evidence. But the evidence can end up largely anecdotal, as preserving electronic evidence is not always the top priority or consideration of the victim — in fact, quite the opposite. The majority of victims want the harassment to end and never have started at all — a good reason they often rid themselves of the evidence of the crime taking place. Many people delete those last awful texts from an ex following a breakup, so they don’t have to see them anymore; but it could very well be destroying the evidence they need to get law enforcement and society as a whole to actually help and do more than take a statement.
Further, we are creating technology with the explicit goal of making things more secure, with messaging apps like Signal, or apps like Snapchat that delete shared content after a short amount of time. These tools seek to protect the users in a pairwise connection of trust from those outside of it, with confidentiality first and foremost. However, the same feature that makes things confidential can turn a messaging tool into a safe harbor for aggressors with no consequences of evidence. They now have a way to be in contact with the victim and leave little evidence behind. Moreover, this is all done easily, with no technical prowess necessary. By creating more systems, we are lowering the barrier to entry for stalkers to evade the system.
“Improved technology, which was initially meant to create a safer, more secure online experience, can also unfortunately be used against us. Take end-to-end encryption as an example. The opportunity to take advantage of end-to-end encryption is widely accessible: from messaging apps, to hacking 101 tutorials, and more. Combine that with a low risk of getting caught, and it easily extends greyhat hackers or individuals towards the wrong (black) side more often.”
- Maor Franco, Director, Product Marketing, Cybereason
Things get even worse when you take into consideration the tools attackers build to make it easy for non-technical individuals to pursue different forms of hacking. Spyware, for example, has powerful surveillance capabilities, and some sellers of spyware even routinely market their spyware offering as a tool to facilitate intimate partner surveillance. This is when spyware jumps into the realm of stalkerware.
On the defense and response side of this, applying cybersecurity practices does not often result in hard evidence or protections for victims. Lodrina Cherne, a digital forensics expert with experience with these kinds of cases, weighed in from a technical perspective.
“Investigating a computer or cell phone can open forensic and legal questions, making it exceptionally time consuming to definitively prove cyberstalking. Even with legal and technical resources, once you have data from one person, to prove a case you’ll need to corroborate information from the other side. Depending on the specific situation, it may be more important to secure your devices than investigate and prove illicit spying.”
- Lodrina Cherne, Product Manager, Cybereason
One might think ISPs should have all that information ready and waiting to not only respond, but also explain the scope of the problem. Not so. Many online industry associations find that providing protection to their customers is costly and difficult. The Commercial Internet Exchange, whose members carry approximately 75% of the United States backbone traffic, believe that the decentralized nature of the Internet makes it almost impossible to report and respond on pertinent data for cyberstalking cases. Evidence that can provide the scope of the cyberstalking problem continues to be largely anecdotal, despite technology improvements and “receipts”.
How Can We Stop Cyberstalking Now?
All of this sends a demoralizing message: cyberstalking is incredibly difficult to prevent, prove, and prosecute. So how do we handle this? The most important thing we can do to prevent cyberstalking is to call out the problem, make sure survivors are heard, and inform and support law enforcement to develop new processes, tools, protocols, and support systems for survivors. There are a lot of wishy-washy ways to explain away cyberstalking as “not a real problem” or “easily resolved by blocking”, but the reality is much more dangerous and nuanced.
On October 2, Cybereason is hosting a live stream of four expert panelists to talk about how to prevent cyberstalking. This event embodies Cybereason’s mission to reverse the attacker advantage and empower the defender. Every individual should be free of cyberstalking and digital harassment, and we want this event to help individuals understand just how much this impacts survivors and how to help protect against it. Register for the event today.