Episode Details

I'm contacted by people on a regular basis who believe that their devices have been compromised and that they're being stalked and spied on. Sometimes they've misinterpreted what they're looking at but sometimes they are actually being digitally stalked. Find out what to do about it in this episode.

Today's guest is John Bambenek. John is the Vice President of Security Research and Intelligence at ThreatSTOP and the President of Bambenek Consulting where he provides security consulting, penetration testing, forensics, and auditing. He has spoken at numerous security conferences including Black Hat. He has spent 20 years doing investigation work on cybercrime threats.

John is going to go over what Stalkerware is, in what scenarios it is most common, and things we can do to mitigate the harm it can do.

• [1:00] - John Bambenek is the Vice President of Security Research and Intelligence at ThreatSTOP and owns his own company, Bambenek Consulting. He has been working in cybersecurity since college.
• [3:01] - John explains that Stalkerware is a malicious mobile app that is put on your phone to track your movements, monitor who you are talking to, see your texts, and other various activities through your phone.
• [3:26] - Stalkerware is most commonly found in cases of former relationships, but John shares his experience with Stalkerware found on the mobile device of an assassinated politician in South America.
• [4:39] - Odds are, if there is Stalkerware on your phone or mobile device, that that is not all that is going on. There are usually many signs of abusive or controlling behavior.
• [5:45] - There are also ways that people can be stalked without installing Stalkerware, such as monitoring Instagram and Facebook activity.
• [6:29] - Multiple IP addresses and their locations are often misinterpreted.
• [9:14] - Stalkerware is most commonly installed onto someone's phone by someone who has physical access to it, although remote installation is possible.
• [9:58] - There are also built-in features that can be misused, such as Find My Friends on an iPhone.
• [11:18] - Stalkerware is different from malware that is accidentally downloaded where hackers may have access to a device belonging to someone they don't know. Stalkerware is intentional and usually involves some prior relationship.
• [14:08] - Whenever you can, have a password on your phone that you don't give to someone, multi-factor authentication on accounts and other important logins.
• [14:50] - Multi-factor authentication is a very useful early warning system. John shares an experience he had in another country and how multi-factor authentication helped catch something unusual early on.
• [16:07] - John is a unique case because he wants a device compromised to aid him in his career in security research and shares some stories about his experiences.
• [18:12] - Chris and John discuss devices to bring or not to bring to conferences like Black Hat.
• [21:52] - A factory reset and changing all passwords is largely sufficient in eliminating Stalkerware installed on a phone.
• [24:28] - Once you start getting real-world indication that you are being stalked, establishing a police report is an important next step.
• [25:28] - With effort and with a court order, it may be possible to determine who has installed the Stalkerware on your device if you don't know who it is.
• [26:31] - One