Bestand wählen
Merken

When Spies Come Home: Inside the Consumer Spyware Industry

Zitierlink des Filmsegments
Embed Code

Automatisierte Medienanalyse

Beta
Erkannte Entitäten
Sprachtranskript
we can't if
we the hello call so yeah has
mentioned we're talk about consumers spyware which is the source of malware just anybody can buy when not talk about cops
FBI people will come up a bit but total very ordinary people too can intercept e-mails text messages that so Saunders Gerda Cox I'm from motherboard which is the technology and science section of like other hackers cybersecurity distal crime the surveillance industry was and I'm bigger I I also motherboard and I was right about hackers and cyber security and thank you and so
much green I see you that's the message that Jessica received on the firing when her ex-husband but malware onto Android
device it to get a text message is GPS location and we're pretty sure the e-mails as well in 1 particular instance she was at the dinner with this ex-husband just a friends he she was texting another man the she has such relationships with the ex-husband is intercepting these messages is clearly getting annoyed his visibly that pissed off about something later on the man sexually assaults Jessica and during the assault brings up the text messages may here intercepted so this is clearly a really visceral egregious example of how digital and physical security can meld but it's only 1 of many so we go back because we received data and we went through we investigate the and when spoke to Jessica as well but this started years years ago so someone would send an e-mail it would have a bit of malware you downloaded the Windows computer anywhere yeah we activity so we talk about 10 15 years ago in the UK a man put malware onto the widest CompUSA and then Stalter and actually ended up giving the by static and then you also have now and you will snooker means that monitoring of super meets the activity of the White Fuller Gill from the river maybe like the demo Boston and clearly this is a lot more valuable information we all carry around the tracking device not pockets pretty much 24 hours a day with that you get a GPS so that we get phone calls and the text messages nothing else I mentioned the sexual assault case and then maybe the domestic violence cases stalking in this form the man put the malware on the phone to then get a leg up on the divorce proceedings so he can hear what his densities gets what was talking about and you could abuse that way and then you have other examples again on the mobile as well so in May that why as a small problem us as a handful of media reports began these rarely come into the public a study by the in the US in the domestic violence shelter they found that 75 % of shelters set that they've had someone or 1 of their victims keystrokes on by apps like this all these amour an 85 per cent being fed by
GPS so clearly this is a much bigger
problem than you may realize just a few examples of are or the other so what
is this model that some people call stock a word because it's used by people to stop on their loved ones what it what it what is it what does it do and how does it work view of you basically have to think about it as just another act on your phone or computer and it's pretty easy to install you just need physical access to the target phone so if the person wants to spy on their loved ones they just need to get a handle on the phone unlock it which may be a problem but if you think about the situation that joe just described these are people that know intimately each other very well they share a house they share a room they share a bed and they probably know each other's passcodes or maybe they saw it once you know when 1 of them was unlocking the phone and all you need is a few minutes to get the phone you go to the website of the provided that you want to use here you can see 2 the 1 on the right is from shares from a company called recognize acts they will more or less the same you go to the website and download the installed on the phone sometimes you have to like switch-off some protection for Android
but once that's done you install the app you go through some permissions you allow the app to access all kinds of information and essentially you can you see everything that the Fonsie's just insult self tested this on his own and RedPhone installed 1 of his that's I think because like 180 dollars for a year it is relatively expensive you get a just as the yeah the some for 60 dollars 50 dollars some of them offer free trials through so that you can try and our editor adjustment juicing tabla was able to get
photos of listening on conversations at the Jožef was adding and this is what the stalker or the attackers you will seize on the phone you know it's a table neatly organized you can see the the text messages GPS locations and it's you know you don't need to be very good you just you just see everything right there so we pull
to pieces malware as he sole but there are dozens of companies in this space just like this if you almost random examples truce by extends by place the mobile Hello spy movie self now quite a
few these will market to spy on your wife or your husband who wore the weather but would maybe self-images there's there's all this is the children and employees only so I found out itself and ask say can I use this a spy my wife yeah sure no problem join either consent that you just need access to the phone so even though they say
this is chosen employs only as basically a very weak legal disclaimers because plenty these companies again how the malware is actually being used so what did we learn about these industry
how did we going about digging through this sprawling industry of like dozens of companies that offer the same thing so last year a group of hackers provided us with a bunch of data from 2 companies in particular so this was
there that was stolen from 1 company based in Thailand's called aspire you may have heard of it pretty infamous and 1 day from the US already recognize that and the when the hackers gave us this data that we were presented with a set of challenges that were pretty unique we cover bridges all the time but this was a little different the main issue was that we really needed to handle these data are very responsibly and that's because most of the data that belonged to victims or in case in some cases people that didn't even know the dead being spied on and we were very aware of the fact that we did not want to victimize people again expose their personal data and we decided pretty early
on that we didn't want to identify victims less they agreed to be identified
and the the hackers themselves sexually did not want to do that they never they give us limited data even though that probably access to more they told us pretty clearly that they did not want to dump today are publicly to expose people so it was really on ask you not to do that we don't we don't want to be responsible for that the same at the same time we have to work on the data and figure out if the
data was real so we have to contact users users in some cases victims to verify the daylight and also try to understand what was the story behind the why were these people
using this these steps and the other challenge was to handle our own sources responsibly that meant not encouraging them to hack more or committee more criminal acts because we don't want to be conspirators essentially get that
some nevertheless and at the same time we had we wanted to ask them for help in figuring out what the data
loss since they knew it so well having taken that we talked to them we learn their
motives and we explain how the access and I think 1 of the best examples of how we had to deal with this was the story that we included in 1 of the 1st articles which was the story of a woman we used recogni next product on her husband who we will
call John the cop we have data from them essentially the story as far as we could understand from the data was that the woman this ascribed to these rector max product called form sharing ironically enough and she used it to spy on her husband as she put on his phone and for a span of 3 or 4 months she do all kinds of data test masses text messages e-mails and even intimate pictures and we wanted to we felt that is a good example of how people use this data but we were very careful not to damage the victims the more so we contacted the woman tried to get version of the story she never to multiple
e-mails and calls we were able to verify the identity because of the data that we had
numbers in her name we establish that they were married we never contacted the the cop the husband because we just did know if he was like we were like you know getting in the middle of the relationship essentially so once we were not
able to I talk to them we decided to still include the story as an example but we anonymized it as much as possible we change his name that's not
his real name we never mentioned her name we didn't say where they were from and we do include any
personal data in the story include there was this text which said I love you yeah I mean just flat about the there's obviously a public interest in writing by these companies and how it's used but it seems we very little public
interest in specifically screwing up 1 person's relationship all really focusing on that this was a completely unnecessary step when handling this sort of data pass all the data actually look like they're the 2 companies Lorenza mentioned such spies to e-mail addresses but mostly company data by financial spreadsheets communications companies and analyzing credit card data as well and in the rhetoric stuff which the John cop story again that's more customers even a GPS locations for thousands of people the text must use the photos something thing so Lexus
by which is definitely 1 of the most infamous companies in this space this come give you an idea of what they try to do the product know everything that happens on computer us not all smartphones no matter where what are they just wanna get everything on the phone this is from an
internal right map we can make this is this is actually from the hacked documents but in a 2006 editing simian stuff then black berry and with the Windows and we move on to my friends Android just you can see that as mobile phones and smartphones office you become more popular the people who make this now and it's a pivot of it and to go from desktop to over just really really briefly some of you may be familiar with a company called gamma which made now Fisher that's the government's lawful intelligence agencies they sell that's like Bangladesh and Bahrain of the various customers this is a document showing that at some point flexes by may have had a relationship with
gap making some sort of server and code or something like that is difficult to say how strong that relationship was so there is clearly an overlap between these people who is selling to authoritarian regimes and then the people making my wejust aspire a husband or wife or right so that catch phrase from lectures by
by-catch the the phone they're not being
sarcastic What's at Facebook fiber line Tinder telegram Yahoo! BBM SMS messages MMS messages sake send fake text messages as well if you really wanna do that for some reason remotely switch
microphone get the camera going in face time you can see they're talking to voice variety recalled calls wasn't alive calls basically again as Lorenza mentioned earlier everything that's happening on that phone fax spies public and its delta in their marketing material
as opposed to restaurants in the mud maybe the Moby selfish lower this light employees satisfies a lot more explicit so in this text messages says all hey sorry you can't come over to my my wife is home which is clearly from market awards at the infidelity the ground so
there's a show that Notable'' which has SMS and GPS spies even more idiot-proof powerful so you log in to the web portal loading docks like despite a comma whether text messages e-mails GPS completely the idiot-proof you can really get around with the states quite easily and
even news in that if you wanted as well so the attacker installs that and they're walking around and they can the
target so going back to the whole very explicit spying spells and of phrases many spouses cheats they use cellphones that cell phone will tell you what way what I mean really really over and start to get back to
that after we published our investigative series reflects by then scrubbed all mention of the legal science passes by website you can still dig up if you want but
clearly they fall of this my guess in trouble which a public evidence because as we go into this sort of behavior is clearly illegal and people are using it
to spy on the wife or husband this is from an internal factors by survey will offering customers pay why would you be interested in some friends bytes of well over the 50 % say it's I think might be partner may be
cheated on me and then you have children and then employees and that sort thing but clearly the majority wanna do this to spy on the wife was I mentioned that the the affected by data was more about the com the company itself behind the scenes
this the marketing is reinforced these are the search engine optimization terms affected by was trying to capitalize on cheating wife have to catch the husband ways to
expose the cheating husband so they would obviously trying to make the blog posts all that website use these terms and then maybe they get higher and Google results of someone such as 1 of these and they also tried to break into the Russian market this is
just central terms but Russian it's unclear if they were actually successful there's another document that says which are against Russia market harming competitors something like 4 or 5 but clearly is a global effect and with that in mind here are the least the selection of the potential companies that are selling flats spy so if you go to sparse clusters in Australia and you buy them out where you may actually buying the flats by code is just being sent to them and they put different namely or whatever Israel India Australia Thailand Brazil Nigeria Greece Argentina quite you Turkey ones so
this is everyone is not just a US or UK or Germany problem is really really all over the world so who what where these people that are using the software as a as we mentioned earlier we did contact some users that their e-mail addresses so which of them and said and asked them did you use the software and if so why don't you use it white you want and stock and
spy on you're why did uses for and surprisingly some of them were pretty honest and blunt no 1 of them said I bought it to my boyfriend was cheating other 1 said that I use the service to confirm that Maxtor friend was cheating on me it allowed me to get a remote audio recording of the Indian act which presumably meant like what she was with somebody else someone else even more surprisingly simply answered earlier this is normal is book couples do which is tall not normal you know this is not OK but this gave us an idea that you know this wasn't just marketing this was how people use the software for and we also as as we got to the data we ourselves felt a little freaked out because we were able to read some messages that you know we should never ever red and no 1 else should have red but here we can see you can see an example of a victim of abuse talking presumably to a friend about how her partner or their partner beat beat them up she say I'm going to call the police but I can call the police 1 says did you hear that my partner Hackney I think that's all he tracks so this is like and you know this is not this is regular ordinary people people like us people like you we're not talking about amazing Russian were
American hackers these like regular people that just download that install it and use it we were able to identify a fifth-grade teacher in Washington DC a professional dog breeder in the US the present other sunglasses distributor again average people using a very easy
to use and and depending on the context I mean if those people are doing it to monitor their spouse they're probably gonna be breaking the law at least on the U.S. law so if you take a phone and you install malware on it without consent it's probably gonna violate the computer for abuse at which the U.S. hacking law and if your intercepting text messages or e-mails that's
probably a wiretapping violation as well a few people have been prosecuted and then some have been convicted this is when in 2014 the DOJ went after someone had planted malware on a police officer Stone Kong's similar to the John the cop instances but talking
about law lawful and I I set this no it isn't for law-enforcement it's more for ordinary people but there is still a crossover where we find members of the FBI or TSA or it's all the army or the navy have all its some of this knowledge so it is not clear if they're doing it for official use I mean the FBI can use malware investigation figure warrantless finds no problem generally but maybe they use it to spy on the wife or something maybe they were the ones doing the at the ClA activity of that's very hard to tell when you only have to
customer information then that's a global thing so as said that the companies themselves a global but clearly the users our as well so from the Rhetorex data we took GPS locations hybrid acquittal Python scripts just stop the statement because obviously we we don't docks completely random people and reveal their location when the being abused but you can see is heavily concentrated in the US and in Europe and so trickles through Southeast Asia in India Australia only a tiny bit in South America but all of these people using this now some sort of reason the goal was deflected by the
restaurants to make companies we're talking about 130 thousand people had attempts so that's typically gonna be 130 thousand targets as well 130 thousand people around the world being tracked having the rest mass and
that Texas everything else in the intercepted and then when you add in data from 2 other companies to be got laid from more recently there's probably a few the few more 10 thousand on top of that we have really concerned I am still working with the dates and the other company
we spoke about flex spider company that we that into was called direct access is as I said and they made a particle from sheriff's and they were interesting because unlike
flexes Spidey never marketed there stuff for jealous lovers but at the same time the users as the woman that we spoke about used it for that purpose they were also interesting because when we approach them they denied being hacked or rather the enhance initially they tried to cover up the act can be so they even sent us like a slightly veiled legal threats telling us to stop doing what we were doing which was reporting thank given back that data which is quite novel
when you think about data works with him and eventually this was last year than this
year the hacker breached the service again and basically got the same data showing that the company didn't really improve their security 10 after we reported the 2nd breach this year the company decided to shut down indefinitely so they're effectively dead at this point and we don't know what's gonna happen to the companies right now we don't have any information whether
there is a criminal investigation against them in the United States as Joseph said before as long as the market for employees for employers or parents you
should be fine the only time when someone who was selling the software was arrested was the case of StealthGenie where the founder of the company was arrested and fined half a million dollars because he was openly marketing for
jealous lovers yeah and then just briefly to finish when you bring up this issue with random people in the information security industry in a MOT of
steel pointing to specifically they'll say well this is really lame you have to install on the phone physically is not exactly the sexiest carried world wide and just not give you pass partner all just put a pass code on your phone if you don't have 1 that would be to completely ignore and neglect the actual from these people face the lines a mention this the physical accessing whether in the same bed the same room same building you can just look over the shoulder and maybe get a Poskus something that maybe if you remove the malware the abuse will get fired and then maybe she Leslie is the incredibly complex security problem they have to make the people in the InfoSec community haven't necessarily trying to grapple with I'll just say we're journalists not activists but we get asked the law so after this who is interested in security such security is really really generally what you may be able to do if you under threat 1st is seek professional help every case is going to be different that you have no idea how much privacy the individual has maybe they're not even allowed to leave the house maybe they had put malware on when the boyfriend said hey that I love you should install this if you really love me in that 1 case was described to us as well so that's that users to get federal help but if you really wanna check look on your iPhone 6 jailbroken you can't put this malware ordinary I and you have to jailbreak 1st which is essentially lower was the security settings saying the Android look suspicious apps maybe a setting that in the dashboard or something that should be there you could try and fact factually set aside unless they rule the Android device
just wiping it will typically get rid of it that's my the father of the iPhone jailbreaking depends and potentially be careful not to alert the stalking he found out again if you go to someone like can you help me about Bush and Stork
stalking me removes malware will then the guy get really really pissed off and physical violence is obviously can be a little bit worse and distal stalking seek professional so that was it I don't think we have time for questions
but that's all signal or jabbers or e-mails on Twitter's if you wanna chat about domestic violence stalking malware any source of ions stuff just let us know and if you do 1 last question just grab us that some with thank you
the we
Spyware
Quellcode
Malware
Strahlensätze
Cybersex
Surjektivität
Computersicherheit
Garbentheorie
Humanoider Roboter
Malware
Hauptplatine
Hacker
E-Mail
Message-Passing
Beobachtungsstudie
App <Programm>
Demo <Programm>
Bit
Computersicherheit
Systemaufruf
Malware
Computer
Dichte <Physik>
Arithmetisches Mittel
Bildschirmmaske
Weg <Topologie>
Hypermedia
Bildschirmfenster
Hill-Differentialgleichung
Information
E-Mail
Verkehrsinformation
Message-Passing
Instantiierung
Metropolitan area network
Physikalisches System
Web Site
Informationsmodellierung
Sichtenkonzept
Hauptplatine
Gemeinsamer Speicher
Rechter Winkel
Passwort
Wort <Informatik>
Computer
Humanoider Roboter
Eins
Shareware
App <Programm>
Texteditor
Umsetzung <Informatik>
Digitale Photographie
Information
Message-Passing
Tabelle <Informatik>
Randomisierung
Raum-Zeit
Gruppenkeim
Malware
Hacker
Hauptplatine
Menge
Mathematisierung
Bridge <Kommunikationstechnik>
Hacker
Hacker
Sommerzeit
Figurierte Zahl
Quellcode
Hilfesystem
Einfügungsdämpfung
Biprodukt
Softwaretest
Bildschirmmaske
Extrempunkt
Versionsverwaltung
Systemaufruf
Ruhmasse
Biprodukt
E-Mail
Message-Passing
Zahlenbereich
Telekommunikation
Tabellenkalkulation
Digitale Photographie
Adressraum
Quick-Sort
Chipkarte
Punkt
Pivot-Operation
Smartphone
Computer
Computer
Humanoider Roboter
Biprodukt
Gesetz <Physik>
Raum-Zeit
Office-Paket
Mapping <Computergraphik>
Bildschirmfenster
Biprodukt
Gammafunktion
Smartphone
Rechter Winkel
Server
Quick-Sort
Code
Unendlichkeit
Facebook
Systemaufruf
Bildschirmsymbol
Urbild <Mathematik>
Systemaufruf
Message-Passing
Gerade
Hoax
Varietät <Mathematik>
Benutzerbeteiligung
MUD
Message-Passing
Aggregatzustand
Zellularer Automat
Kompakter Raum
Sichtenkonzept
Systemaufruf
Web log
Web Site
Reihe
Sondierung
Teilbarkeit
Quick-Sort
Demoszene <Programmierung>
Suchmaschine
Minimierung
COM
Term
Quick-Sort
Zentralisator
Resultante
Web log
Krümmung
Trennschärfe <Statistik>
Schwach besetzte Matrix
Cluster <Rechnernetz>
Term
Code
Eins
Message-Passing
Dienst <Informatik>
Regulärer Graph
Software
Adressraum
Stichprobe
Dienst <Informatik>
Systemaufruf
Message-Passing
Normalvektor
Sichtbarkeitsverfahren
Malware
Computer
Kontextbezogenes System
Hacker
Kombinatorische Gruppentheorie
Gesetz <Physik>
E-Mail
Message-Passing
HMS <Fertigung>
Malware
Cross over <Kritisches Phänomen>
Figurierte Zahl
Gesetz <Physik>
Eins
Office-Paket
Instantiierung
Bit
Befehl <Informatik>
Ruhmasse
Skript <Programm>
URL
Information
Hybridrechner
Quick-Sort
Spider <Programm>
Partikelsystem
Dienst <Informatik>
Punkt
Computersicherheit
Vererbungshierarchie
Hacker
Software
Computersicherheit
Randomisierung
App <Programm>
Datenmissbrauch
Computersicherheit
Gebäude <Mathematik>
Malware
Humanoider Roboter
Gesetz <Physik>
Komplex <Algebra>
Code
Menge
Hilfesystem
Gerade
Message-Passing
Bit
Twitter <Softwareplattform>
Quellcode
Malware
E-Mail

Metadaten

Formale Metadaten

Titel When Spies Come Home: Inside the Consumer Spyware Industry
Serientitel re:publica 2018
Autor Cox, Joseph
Franceschi-Bicchierai, Lorenzo
Lizenz CC-Namensnennung - Weitergabe unter gleichen Bedingungen 3.0 Deutschland:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen und das Werk bzw. diesen Inhalt auch in veränderter Form nur unter den Bedingungen dieser Lizenz weitergeben.
DOI 10.5446/36647
Herausgeber re:publica
Erscheinungsjahr 2018
Sprache Englisch

Inhaltliche Metadaten

Fachgebiet Informatik
Abstract "I see you." That's the message Jessica received after her ex-husband planted spyware on her smartphone, giving up her location, messages, and much more. Our 'When Spies Come Home' investigative series into consumer malware, based on gigabytes of hacked data obtained from four spyware companies, reveals the scale of this industry: hundreds of thousands of ordinary people across the world have bought malware that can intercept emails, switch on microphones, steal WhatsApp messages, and more.

Ähnliche Filme

Loading...
Feedback