Opinion: New ways of stalking

Tsunami break the banks of a residential area in Tonga. Picture: TWITTER

In April 2011, I attended one of the fi rst cybersecurity workshops in the region held at the SPC headquarters in Noumea. It was for both policy and technical stakeholders. A mixed moderate sized group attended from Fiji, with reps from various governments departments, USP, and other regional organisations.

I was grouped with this big friendly bloke from Tonga who was with the Forum Secretariat in Suva. We had a lot of interesting discussions inside and outside the formal workshop on ICT developments in the Pacific.

Some of these lively discussions with other Pacific Island participants literally took place on the beach at night! Unlike Suva, Noumea has some breathtakingly beautiful beaches within a short distance from the CBD.

But I digress, past Saturday most of the Pacific, in fact the world was shocked at the massive underwater volcanic eruption 65km north of the main Tongan island of Tongatapu – with the capital Nuku’alofa.

I distinctly heard the rumbling sounds here in Suva and thought it didn’t quite sound like thunder. Later, I was astonished to find out it was the sounds of the volcano erupting in Tonga a distance of over 700km away.

Please join me in thoughts and prayers for the Tongan people who are facing this devastation, especially their new Prime Minister – Siaosi Sovaleni, who if you haven’t guessed by now, was that big friendly Tongan bloke from the Forum I attended the first regional cybersecurity workshop in Noumea with some ten odd years ago!

Now days, we use technology to perform everyday tasks such as banking, shopping, socialising, and, increasingly in cases of domestic abuse, monitoring individuals without their consent – or with their “permission” through coercion. Through technology, it is possible to stalk someone with very little effort.

This can involve anything from sleuthing to find out information about your Tinder date to checking a potential work candidate’s social profiles to planting spyware on your spouse’s phone. In short, technology has provided new ways for stalking to take place.

Interestingly recorded cases of spyware and stalkerware have dropped in number in recent years but have been replaced with mobile apps that can be difficult to detect and remove, covert cameras, and trackers. Spyware is usually generic and is rarely personal.

For the cybercriminals who develop these forms of malicious software, it’s about grabbing personal data like financial account details to conduct theft and fraud.

Stalkerware is different in nature. Deployed to actively monitor an individual through their mobile device, stalkerware apps can be used to track spouses, exes, children, and even employees on their work devices.

Stalkerware capabilities can include tracking a location through GPS, eavesdropping on calls and social media conversations, stealing logs, monitoring browser activity, and compromising a device’s camera and microphone to listen/take photos of a real-world environment.

In order to install stalkerware apps, physical access to the Smartphone is usually required. Stalkerware apps can be installed while the victim visits the bathroom or just leaves the Smartphone lying around. Generally once a potential stalker has made that critical decision, it’s fairly straightforward to dupe the victim and install the required app.

Once installed, these apps run quietly in the background and can be extremely difficult to detect.

Some of the warning signs can be an overheating phone and/or a quickly-draining battery.

There are other signs but generally if your Smartphone is acting oddly (as odd as it may seem), there may be more going on and not just possible malware. In 2020 and 2021, the cybersecurity company Kaspersky detected tens of thousands of cases of stalkerware being installed on smartphones.

Rates have lowered slightly, although according to the researcher, these numbers may have been skewered due to COVID-19.

After all, there is little point in installing stalkerware if the victim is in lockdown with you.

However, on the flip side close proximity caused by lockdowns and stay-at-home directives may have also made it easier to put this form of malicious software on a device.

Perhaps waiting for an opportune time to be activated.

The issue of stalkerware may also have developed a cultural element. With surveillance so much entrenched in modern societies, it’s spilling over out into our private lives almost insidiously. A study conducted by Kaspersky last year also revealed a startling trend: over one-in-ten respondents believe it is acceptable to track and stalk their partners without consent.

This rate of acceptance increased to almost 80 per cent when the respondents believed their partners were cheating on them! In total, one third of adults surveyed have experienced domestic abuse committed by a partner, according to the company.

When it comes to digital stalking and abuse, 15 per cent of those surveyed said they believed this has happened to them and almost 50 per cent of them said this was through a Smartphone app.

The thing is people might not necessarily consider themselves to be a stalker when digitally prying, unlike in the old days, when you would have to follow someone, read their diary (God forbid), or speak to family or friends about what they’re up to.

The ease with using technology makes stalking almost justifiable and being human we can certainly make up good reasons to justify why we need to do so – for their own safety or own good is always a popular one.

In general, stalkerware is far more common on Android handsets than on iPhones. This doesn’t mean that iOS users are protected, however, as other forms of tech are bridging the gap. Tracker devices, such as Apple’s AirTag and Tile, were designed to make our daily lives easier.

Lost your keys? No problem; ping the small tracker and it will give you the location of your misplaced items. However, these innovative products come with a new avenue for exploitation and abuse. Due to their size and affordability, trackers can be tucked away in the bottom of a bag, sewn into a coat lining, hidden in or affixed to a car, and more.

This means that an individual’s movements can be tracked without them knowing. Across social media, including Reddit and TikTok, individuals have reported cases where they believe trackers are being used to monitor them or as a tool for car theft. According to cybersecurity researchers, trackers are an example of technological solutions to solve a problem – with downsides identified down the line.

Does this sound familiar? To counteract this, TinyCheck is an open source project developed for law enforcement and security companies to capture network activity for analysis. When it comes to stalkerware-infected devices, TinyCheck can be used to pick up outgoing connections and to create an activity log without the operator knowing.

This could potentially record the data necessary for a case to be built against them. However TinyCheck isn’t available for most users, so what should you do if you suspect you’re being cyberstalked? Here are some suggestions – the first most obvious thing to do is check your list of apps and see if there are any programs you do not recognise.

However, this doesn’t mean you should rush and delete them. Not only could this place you in danger, as your abuser will be notified, but this could also destroy the evidence of abuse law enforcement need to prosecute. If you’ve reached this stage anyway you’re probably … never mind.

Keep your Smartphone switched on and most importantly contact local police – Fiji Police has a CID cybercrime unit trained to do mobile device forensics, and domestic abuse services like FWCC for help and support.

Here’s acknowledgement of information sources – an interesting article on ‘How tech is a weapon in modern domestic abuse…’` in ZDNet.com online.

Let us continue to remember our Tongan island neighbours in our prayers. Stay safe and blessed this weekend.

 ILAITIA TUISAWAU is a private cybersecurity consultant. The views expressed in this article are his and not necessarily shared by this newspaper. Mr Tuisawau can be contacted on ilaitia@cyberbati. com

More Stories