25 min
When Spies Come Home: Inside the Consumer Spyware Industry re:publica 18 - Science & Technology
-
- Education
Joseph Cox, Lorenzo Franceschi-Bicchierai
This talk covers two areas: the inner workings of the consumer spyware industry, and how that industry has been repeatedly linked to cases of domestic and sexual violence, rape, and murder.
The first is based on a slew of internal spreadsheets, financial documents, customer records, and even live intercepts captured by malware which activist hackers stole and provided to us as journalists. This data shows the popularity of consumer spyware, how some companies explicitly market their products to jealous or paranoid lovers to spy on their spouses, and even some connections to the same companies that provide malware for authoritarian regimes. But our talk also offers the behind-the-scenes of an investigation that relied heavily on information provided by criminal hackers: how do journalists verify that data, and how do they handle intensely private information? And we explain why we purchased the malware ourselves to give readers a deeper understanding of how exactly it worked.
The second part brings together interviews with sexual violence victims, domestic violence researchers, and concrete evidence of malware being used to facilitate abuse. This malware may require physical access to install, but to ignore this issue would be to miss the point: in an abusive relationship, the attacker often stays in the same building, room, or even bed as the target. This scenario presents a complicated melding of physical and digital security that the infosec community may want to pay more attention to.
Joseph Cox, Lorenzo Franceschi-Bicchierai
This talk covers two areas: the inner workings of the consumer spyware industry, and how that industry has been repeatedly linked to cases of domestic and sexual violence, rape, and murder.
The first is based on a slew of internal spreadsheets, financial documents, customer records, and even live intercepts captured by malware which activist hackers stole and provided to us as journalists. This data shows the popularity of consumer spyware, how some companies explicitly market their products to jealous or paranoid lovers to spy on their spouses, and even some connections to the same companies that provide malware for authoritarian regimes. But our talk also offers the behind-the-scenes of an investigation that relied heavily on information provided by criminal hackers: how do journalists verify that data, and how do they handle intensely private information? And we explain why we purchased the malware ourselves to give readers a deeper understanding of how exactly it worked.
The second part brings together interviews with sexual violence victims, domestic violence researchers, and concrete evidence of malware being used to facilitate abuse. This malware may require physical access to install, but to ignore this issue would be to miss the point: in an abusive relationship, the attacker often stays in the same building, room, or even bed as the target. This scenario presents a complicated melding of physical and digital security that the infosec community may want to pay more attention to.
25 min