In our fifth episode, Avast CISO Jaya Baloo talks with cybersecurity expert Eva Galperin on the dangers of stalkerware
It’s no coincidence that when our pandemic-stricken world went into lockdown mode in 2020, incidents of abuse via stalkerware spiked, especially in situations where the victimizer did not live with the victim. Then, as the lockdown began to be lifted in early 2021, stalkerware abuse spiked yet again. Abusers have learned over the past couple of years that certain apps facilitate or outright promote spying capabilities without the need for malware. The subterfuge hangs simply on a shared or compromised account, which makes it all the more sinister. And much like Covid-19, stalkerware is a worldwide problem.
The good news is that some very capable people are on the case, working to identify and eradicate stalkerware around the globe. Leading the charge is the brilliant Eva Galperin, key figure in launching the Coalition Against Stalkerware, a group of cybersecurity experts (including Avast) dedicated to educating the public and providing resources for victims and survivors. Eva is our very special guest in Episode 5 of Avast Hacker Archives (AHA), the podcast series spotlighting hackers who have shaped and continue to shape the digital world.
Eva is currently Director of Cybersecurity at the Electronic Frontier Foundation (EFF) and Tech Advisor at Freedom of the Press Foundation. She’s on the front lines of the fight against stalkerware, and she tirelessly works to protect the digital freedom of the individual, particularly those likely to be preyed upon, like journalists, activists, and victims of abusive relationships. In our podcast, she explains to Avast CISO Jaya Baloo how she got so involved in the fight against stalkerware.
Eva was studying APTs back in 2018 when she discovered the horrible truth that one of her fellow researchers was a serial rapist! Being tech savvy, he allegedly threatened to compromise his victims’ devices if they ever reported him. Outraged, Eva tweeted the following message:
If you are a woman who has been sexually abused by a hacker who threatened to compromise your devices, contact me and I will make sure they are properly examined.
Three years and 10,000 retweets later, Eva is still being contacted by victims. Law enforcement is not helpful in this area, she tells Jaya, as the legality of stalkerware usually falls in a gray area. Identifying stalkerware, however, is not too difficult – it’s a product that needs consumers in order to survive. “In some ways, it’s even easier to find and detect stalkerware than it is to hunt APTs,” Eva says, “because you can just Google for it and follow the ads. They have to go find their users somewhere, whereas APTs are all hiding.”
In addition to the severity of stalkerware, Jaya and Eva also discuss the perils of being a journalist and the protections that the Freedom of the Press Foundation provide. “Good journalism speaks truth to power,” Eva comments. “It pisses power off. If, as a result of pissing power off, power decides that what you are doing is illegal, and you should be sent to jail or you should be sent to court, that’s really one of the areas where the Freedom of Press Foundation steps in.”
When asked how the cybersecurity industry can do more good, Eva says, “Everybody has a community that they care about, and that they know. Everybody has a family….Or a church, or mosque, or temple, or coven that they’re super into. Or a school. And those communities need help. They’re often being surveilled by governments, by law enforcement, by predatory companies and corporations. And reaching out to these communities and seeing what they’re concerned about, and figuring out ways to protect them, is really one of the ways in which security researchers can use their skills for the greater good.”
Jaya and Eva discuss these topics and more, such as the reason Eva passionately disagrees with the school of thought that “privacy is dead,” and the question of whether current security protocols place power in the hands of too few people. Eva voices her controversial opinion on the new “ghost protocol” and divulges what she considers to be one of the weakest links on the internet. Click below and prepare to be inspired by Eva in Episode 5 of Avast Hacker Archives!
In the eighth episode of our podcast Avast Hacker Archives, security expert Dave Aitel demystifies the NSA, explains the fallacy of the term “zero-day,” and tells Avast CISO Jaya Baloo what started him down the hacker’s path.
In the seventh episode of our podcast Avast Hacker Archives, Avast CISO Jaya Baloo talks with Phil Zimmermann, creator of the PGP email encryption package and longtime activist for privacy and human rights.