Online Abuse: Mitigation and Survival

Transcript

1. Online Abuse: Mitigation and Survival Presented by Future Ada

2. emilie@futureada:~$ whoami • Security ambassador for Future Ada • Staff

   for our Open Office Hours https://calendly.com/fa-openoffice • Ethically hacking 6+ years • Survivor

3. Housekeeping

4. Forms of Online Abuse

5. Forms of Online Abuse Harassment: Threats, unwanted contact, rude or

   obscene messages Online harassment: Catch-all term for online abuse Stalking: Repeated harassment

6. Forms of Online Abuse Cyberstalking: Repeated online harassment, with intent

   to threaten, intimidate, injure or kill.

7. Forms of Online Abuse Doxxing: Posting a victim’s personal details

   such as home address, phone number, etc. hoping others will harass.

8. Forms of Online Abuse Swatting: Having SWAT team target a

   victim’s house under false pretenses. (TTY and TDD often used)

9. Forms of Online Abuse • Revenge porn: Sharing a victim’s

   intimate media without their consent. • Sextortion: Threatening to share a victim’s intimate information/media unless they do x, y, z. • Attempt to/Compromise/Lockout of online accounts • Non-consensual acts within online games • Mixed with in-person harassment, stalking or violence

10. Statistics

11. Online Harassment Statistics 2014: 35% of U.S. adults had experienced

    online harassment 2017: 41% had experienced it, while 66% had witnessed it Most common behaviours include: name-calling and purposeful embarrassment Rainie, Lee. Online Harassment 2017. http://www.pewinternet.org/2017/10/10/online-harassment-cybersecurity-health-summit-2017/

12. Rainie, Lee. Online Harassment 2017. http://www.pewinternet.org/2017/10/10/online-harassment-cybersecurity-health-summit-2017/

13. Stalking Statistics 2012: 2.2% of women 18 or older were

    a victim of stalking, compared to 0.8% of men Nearly 7 in 10 stalking victims knew their offender in some capacity The percentage of stalking victims was highest for individuals who were divorced or separated (3.3%), compared to those married, never married, or widowed. Catalan, Shannan. Bureau of Justice Statistics. Stalking Victims in the United States - Revised. https://www.bjs.gov/content/pub/pdf/svus_rev.pdf

14. Typology

15. Classification Criteria for Stalkers Glancy, G. & Saini, M. 2005.

    An evidence-based review of psychological treatments for anger and aggression. Brief Treatment and Crisis Intervention, 5(2), 229-248. Ann Wolbert Burgess, Victimology: Theories and Applications, 3rd edition, p.368. Motivation Mental Status Method Relationship Rejected Intimacy seeking Incompetent Resentful Predatory Psychotic Nonpsychotic Harassment Threats Assaults Known Ex-intimate Potential suitor Professional Unknown Professional Potential suitor Celebrity Head-of-state

16. Factors Associated with Increased Risk of Violence Among Stalkers History

    of making threats Young age Lower level of education Previous intimate relationship with victim Burgess et al. 1997. Schwartz-Watts and Morgan, 1998. Rosenfeld & Harmon, 2002. Ann Wolbert Burgess, Victimology: Theories and Applications, 3rd edition, p.383. History of ignoring legal orders to stay away from the victim History of violence Substance abuse

17. Stalking Methods

18. Telephone Method Purpose Defense Caller ID Reveals phone number, name,

    and location of caller Opting out of Caller ID, via device or via carrier (depends on both) Fax Reveals name, fax number, and location of sender Use virtual fax services, *67 TTY and TTD (used by hearing impaired) Can be used to impersonate others Awareness training Keeping local law enforcement aware of swatting threats TK Logan, 2010. Research on Partner Stalking: Putting the Pieces Together. Lexington, KY: University of Kentucky, Department of Behavioral Science & Center on Drug and Alcohol Research. Ann Wolbert Burgess, Victimology: Theories and Applications, 3rd edition, p.361-362.

19. Telephone Method Purpose Defense Calling card/Spoof card or service Provides

    anonymity for stalkers Disguises stalker phone number or allows impersonation Cannot be traced Blocking numbers Whitelisting numbers Contacting carrier Changing number: Can be temporarily changed with a service such as MySudo or Google Voice Cordless telephones Conversations can be intercepted by other devices Calls can be made by similar phones on same line Using wired phone for landline Switching landline to cellphone Using encrypted voice apps (Signal, Wire) TK Logan, 2010. Research on Partner Stalking: Putting the Pieces Together. Lexington, KY: University of Kentucky, Department of Behavioral Science & Center on Drug and Alcohol Research. Ann Wolbert Burgess, Victimology: Theories and Applications, 3rd edition, p.361-362.

20. Using a Pseudo Number Helps prevent phone number deactivation by

    others. Helps mitigate Denial-of-Service (DoS) attacks on your phone. mySudo • 1 free number • Up to 9 numbers with paid plans • Easy identity management Google Voice • 1 free number • Must pay to change number

21. Telephone Method Purpose Defense Cellphones Smartphones can be hacked Can

    be used as listening devices Can be used as tracking devices Can be used to threaten and harass through calls and text messages (with or without spoofing) Call history can be monitored Keeping phone up-to-date (both OS and apps) Encrypting phone Using a hard-to-guess passcode/passphrase or biometrics Using a password manager app Removing apps you don’t use Remove family tracking apps Double-check location sharing settings TK Logan, 2010. Research on Partner Stalking: Putting the Pieces Together. Lexington, KY: University of Kentucky, Department of Behavioral Science & Center on Drug and Alcohol Research. Ann Wolbert Burgess, Victimology: Theories and Applications, 3rd edition, p.361-362.

22. Telephone Method Purpose Defense Cellphones Smartphones can be hacked Can

    be used as listening devices Can be used as tracking devices Can be used to threaten and harass through calls and text messages (with or without spoofing) Call history can be monitored Android: install malware/stalkerware detection (Sophos, BitDefender) Don’t click on links sent via text message or email from unknown source Perform a factory reset if you suspect malware or stalkerware IPV: Get a second phone which can’t be cancelled/controlled by abuser TK Logan, 2010. Research on Partner Stalking: Putting the Pieces Together. Lexington, KY: University of Kentucky, Department of Behavioral Science & Center on Drug and Alcohol Research. Ann Wolbert Burgess, Victimology: Theories and Applications, 3rd edition, p.361-362.

23. GPS and Location Services Method Purpose Defense GPS (Global Positioning

    System) Location can be detected through GPS in: Cellphones (Find my phone, Google account, spyware apps, etc.) Tracking devices Social media posts tagging location Ensure location sharing services don’t share with untrusted source Ensure no stalkerware/malware apps installed Ensure online accounts such as Google services aren’t compromised Ensure social media doesn’t leak location Don’t post location clues on social media TK Logan, 2010. Research on Partner Stalking: Putting the Pieces Together. Lexington, KY: University of Kentucky, Department of Behavioral Science & Center on Drug and Alcohol Research. Ann Wolbert Burgess, Victimology: Theories and Applications, 3rd edition, p.361-362.

24. Covert Tracking Devices on a Car Use gloves and a

    flat light source which can fit under the car Look under the car with a mirror Look/feel for small black box or similar Look in car front grill (trucks) Look inside under benches, in spare tire compartment Take to a mechanic if unsure If a device is found, don’t remove it. Take pictures, get law enforcement involved. Don’t be afraid to call 911 and let them tell you to call non-emergency if necessary.

25. Computer and Internet Method Purpose Defense Desktop, laptop, and tablets

    can be hacked All data on the computer becomes available to the hacker and can be used to harm victim Password-protect your devices with a unique, strong passphrase Ensure your devices use full disk encryption Ensure remote lock, wipe and location: • For Windows, configure Find My Device • For Apple products, configure Find My … • For Android, configure your device with a Google account TK Logan, 2010. Research on Partner Stalking: Putting the Pieces Together. Lexington, KY: University of Kentucky, Department of Behavioral Science & Center on Drug and Alcohol Research. Ann Wolbert Burgess, Victimology: Theories and Applications, 3rd edition, p.361-362.

26. What’s a Good Password Passphrase? Something that is long Something

    that is unique Something which isn’t a song lyric or known phrase IThinkMy1200CatsAreMadeofWater WhyAreThese377WildHorsesOrange?

27. Computer and Internet Method Purpose Defense Public websites, social networking

    sites, and blogs Can be used to threaten the victim Can be used to encourage others to contact the victim Can be used to publicly post the victim’s personal information Ensure social media and online accounts are set to private Use anonymous or false identities Consider posting misleading information Clean-up posts with sensitive data (security question answers, license plates, addresses, birthdays. etc.) Regularly “clean-up” friends and followers lists TK Logan, 2010. Research on Partner Stalking: Putting the Pieces Together. Lexington, KY: University of Kentucky, Department of Behavioral Science & Center on Drug and Alcohol Research. Ann Wolbert Burgess, Victimology: Theories and Applications, 3rd edition, p.361-362.

28. Computer and Internet Method Purpose Defense Public websites, social networking

    sites, and blogs Can be used to impersonate the victim or others to gain information about or access to the victim Can be used to spread rumors about the victim Clean-up online presence: people search engines, unused accounts Keep friends and family aware of harassment or online abuse Report threats directly to website after gathering screenshots/evidence Report threats to law enforcement Ensure you are using a password manager and change passwords for all accounts TK Logan, 2010. Research on Partner Stalking: Putting the Pieces Together. Lexington, KY: University of Kentucky, Department of Behavioral Science & Center on Drug and Alcohol Research. Ann Wolbert Burgess, Victimology: Theories and Applications, 3rd edition, p.361-362.

29. Cleaning Up Your Social Media This type of information can

    be easily used against you: • Vehicle make/model/license plates • Birthdays, anniversaries • Family member names, especially if live in same household • Security question answers: Pet names, street you grew up on, mother’s maiden name, etc. • Pictures: Badges, workplace name, type of locks or security system used at home, vacation pictures indicating you’re away from home, etc.

30. Password Managers To make sure you don’t reuse passwords, and

    can easily keep track of accounts. Make sure your household uses one. ◦ Dashlane - 5$/mo per user ◦ 1Password - 3$/mo per user; 5$/mo for 5 users ◦ LastPass - Free; 3$/mo per user; 4$/mo for 6 users

31. Computer and Internet Method Purpose Defense Email, instant messages, and

    social media websites can be hacked Others or victim can be impersonated Can be used as another method of harassment through spamming or flooding the computer with unwanted email or messages Keep friends and family aware of harassment or online abuse Filter messages to a spam folder which marks them as unread and collects them for evidence Consider creating a new email address Report impersonation directly to website after gathering screenshots/evidence TK Logan, 2010. Research on Partner Stalking: Putting the Pieces Together. Lexington, KY: University of Kentucky, Department of Behavioral Science & Center on Drug and Alcohol Research. Ann Wolbert Burgess, Victimology: Theories and Applications, 3rd edition, p.361-362.

32. Computer and Internet Method Purpose Defense Email, instant messages, and

    social media websites can be hacked Can be used to send electronic viruses or phishing scams Can subscribe victim to multiple listservs, or mailing lists Ensure you have up-to-date malware protection on your devices Maintain caution and awareness when clicking links and opening emails Report all malicious emails to your ISP, email provider or law enforcement as necessary after gathering screenshots Report spam and block unwanted senders TK Logan, 2010. Research on Partner Stalking: Putting the Pieces Together. Lexington, KY: University of Kentucky, Department of Behavioral Science & Center on Drug and Alcohol Research. Ann Wolbert Burgess, Victimology: Theories and Applications, 3rd edition, p.361-362.

33. Computer and Internet Method Purpose Defense Website browser history Records

    Internet activity, allows “cookies” Clear browsing data and log out after using a shared device IPV: If abuser checks accounts on shared devices, strategize ways to create and maintain non-surveilled accounts with DV resource Spyware/Stalker ware Monitors Internet use and more Make use of up-to-date anti-malware apps and software. Factory reset devices which have been left unattended or suspected of compromise TK Logan, 2010. Research on Partner Stalking: Putting the Pieces Together. Lexington, KY: University of Kentucky, Department of Behavioral Science & Center on Drug and Alcohol Research. Ann Wolbert Burgess, Victimology: Theories and Applications, 3rd edition, p.361-362.

34. Computer and Internet Method Purpose Defense Keystroke logging software Records

    keys typed, including passwords, PIN numbers, email, and websites Make use of up-to-date anti-malware apps and software Enable 2FA on all accounts possible Enable alerts for logins from new locations on all accounts possible Hidden cameras and built-in cameras Web cameras connected to a remote computer Tape over all cameras with electric tape or sliders (for video feeds) Use microphone locks (for audio feeds) TK Logan, 2010. Research on Partner Stalking: Putting the Pieces Together. Lexington, KY: University of Kentucky, Department of Behavioral Science & Center on Drug and Alcohol Research. Ann Wolbert Burgess, Victimology: Theories and Applications, 3rd edition, p.361-362.

35. Detecting In-Person Cameras What can these devices look like? Check

    your outlets and follow devices Get a spot infrared thermal imager to inspect unusual heat sources Scan your local network for unknown devices

36. Computer and Internet Method Purpose Defense Online databases and information

    brokers Personal information sold to and published by corporations, courts, and government agencies Go through workbook and remove yourself from people search engines Don’t sign-up for accounts with real information Get P.O. Box for online shopping Identity theft or other financial harm Identity theft Purchasing items or services in victim’s name Sign-up for credit monitoring (Credit Karma) Put in place a credit freeze Keep notes/pictures of unwanted mail Return to sender unwanted mail (Get a rubber stamp and ink pad) TK Logan, 2010. Research on Partner Stalking: Putting the Pieces Together. Lexington, KY: University of Kentucky, Department of Behavioral Science & Center on Drug and Alcohol Research. Ann Wolbert Burgess, Victimology: Theories and Applications, 3rd edition, p.361-362.

37. Cleaning Up Your Online Presence Removing yourself and family members

    from people search engines (and more): https://inteltechniques.com/data/workbook.pdf Regularly Google yourself: Full name, email address(es), phone number(s) Full name and city, and previous cities of residence Repeat for family members, which can lead to your information

38. Computer and Internet Method Purpose Defense Malware Viruses, worms, ransomware

    Ensure devices and applications are up-to-date Ensure malware protection is on and up-to-date Add browser extensions for safety Don’t download applications/torrents/files you don’t know Don’t click on attachments without verifying URL and sender or unexpected attachments Configure automatic backup of files to cloud TK Logan, 2010. Research on Partner Stalking: Putting the Pieces Together. Lexington, KY: University of Kentucky, Department of Behavioral Science & Center on Drug and Alcohol Research. Ann Wolbert Burgess, Victimology: Theories and Applications, 3rd edition, p.361-362.

39. The Ultimate Resource Extreme Privacy: What It Takes to Disappear

    by Michael Bazzell ~40$ on Amazon: https://smile.amazon.com/dp/B0898YGR58/ref=cm _sw_r_tw_dp_U_x_ZtK5Eb1TFZMMK Walks you through technology, legal, practical resources and more to help defend against stalking and/or surveillance

40. Protecting Yourself

41. 1. Get a Password Manager • Sign-up for a reputable

    password manager: • LastPass (Free), 1Password, Dashlane • Make 1 long passphrase, like: WhyAreAllThese258HorsesOrange? • Download a browser extension and app. • Transfer/Add your accounts to LastPass and delete any stored elsewhere.

42. 2. Check for Compromise • Go to https://haveibeenpwned.com/ and sign-up

    with any e-mail(s) you currently use. • Confirm your e-mail(s). • Note the sites with the previous breaches you may be a part of. You will be alerted if your data is found in a new breach.

43. 3. Change Reused or Compromised Passwords • Search for the

    sites in your password manager and change the affected accounts’ passwords first. • Go through the list of accounts. How many are there? Do you still need/use the account? Does it spark joy? • Over time, change the passwords for each account.

44. 4. Setup Multi-Factor Auth (also called 2FA) • Start with

    your email and financial accounts, then go by order of importance (ex: any account that has your SSN). • An app like Google authenticator, Okta or Duo is more secure than a text message (especially if your harasser has the ability to cancel/change your number).
45. None

46. When Things Go Wrong

47. It’s not your fault

48. You don’t have to be alone

49. We can do something about it

50. 1. Recognize • Recognize the situation for what it is.

    • If necessary, take a deep breath and call a loved one or an org. • As upsetting as it can be, recognize that it's extremely important that you DO NOT respond to this person. Engaging with the offender usually makes matters worse. • Perpetrators seek out power over their victim, and a reaction.

51. 2. Find Support • Call 9-1-1 if in immediate danger.

    • Don’t be alone. If you have a friend, family member or community member you trust, ask for help or support. • Call a crisis hotline such as NOVA (800-TRY-NOVA), or find a local support group that helps victims. (You can even do so anonymously)

52. 3. Gather Evidence • For mobile devices, download the DocuSAFE

    app from the NNEDV. Helps keep evidence such as texts, emails, videos, screenshots, etc. https://www.techsafety.org/docusafe • For laptops/desktops, take screenshots, save a site’s page, videos and emails. For e-mails, save them all and make a backup to the cloud via an account the stalker is unaware of.

53. 4. Gather Evidence, Continued • Save it to an online

    account that is backed up and secure, such as a Google Drive that has a complex password and is set up with 2-Factor Authentication. • Make use of the incident log template by copying it to your Google Drive: https://goo.gl/VqmZLM

54. 5. File a Police Report • File a report at

    the local, state and/or federal levels. • Local: If not an emergency, Spokane, Spokane Valley, Liberty Lake and most cities in the area can simply call Crime Check at 509.456.2233. If you know your perpetrator’s location, call their local police department. • State: If victims under the age of 18 have had intimate images disseminated, you can alert the Washington State Patrol. For other states, it depends. • Federal: If across states, file a report with your local FBI office, or the one where the perpetrator resides. If your online accounts have been hacked, and fraud have been committed as well, you can also reach out to the Spokane Secret Service.

55. 6. Contact the Website/Platform/ISP • Contact the website, platform or

    ISP by phone, email and any contact submission forms that they have available on their site. (Google “report abuse” + sitename) • For intimate pictures or material: Request that they take the content down immediately, and let them know that you're filing a case with your local police department. Keep contacting them to remove the material until it’s taken down. • For other behavior such as threats or stalking: Make them aware of the user’s behavior and let them know that you're filing a case with your local police department.

56. What NOT to do

57. If someone you know is being targeted • Listen. •

    Show support. • Let them be in control. • Accept their choice of not pursuing any type of action. • Don't blame the victim for the crime; don’t blame yourself.

58. Resources

59. Local Resources - Spokane Spokane County Crime Check: File police

    report over the phone, add details to current report and more. 509-456-2233. 24/7. See https://www.spokanecounty.org/1076/Crime-Check. Legal Voices: Helps women through the legal system and has resources listed here at https://www.legalvoice.org/info-for-stalking-victims.

60. Local Resources - Spokane Spokane YWCA: Information on how to

    seek a protection order and filling out paperwork at https://www.spokanecounty.org/DocumentCenter/View/1907 9/Seeking-a-protection-order. Eastern Washington University: Help for students who are victims of a crime. Has specialized help for sexual assault. https://sites.ewu.edu/student-support-advocacy/.

61. Local Resources - Spokane Lutheran Community Services: Support for non-intimate

    partner violence, harassment and other crimes. Has locations throughout WA state and Boise, ID. https://lcsnw.org/office/spokane/ Spokane County Crime Advocates: If you’re the victim of a crime, advocates are there to help you access resources. Whether it be for emotional, financial, legal support and more. https://www.spokanecounty.org/3178/Advocates

62. Local Resources - Spokane Gonzaga University: For women, men and

    children who are survivors of domestic violence, sexual assault, and other crimes against persons https://www.gonzaga.edu/school-of-law/about/student-resou rces/student-organizations/student-organization-of-victims-ad vocacy-sova.

63. U.S. Resources National Domestic Violence Hotline: Helps with current or

    former intimate partner violence and stalking. Online chat and hotline for 24/7 support. 1-800-799-7233. https://www.thehotline.org

64. U.S. Resources Stalking Resource Center: Links to different resources and

    how-to’s for victims of stalking, including relocation. https://victimsofcrime.org/our-programs/stalking-resource-ce nter/help-for-victims HeartMob: Online anti-harassment resource, especially useful if you’re receiving a “mob” of harassing messages on social media. Has lots more resources too. https://iheartmob.org/

65. Revenge Porn Resources Cyber Civil Rights Initiative: Led by survivors

    of non-consensual porn dissemination. Has 24/7 crisis line, can refer you to pro bono or low bono attorneys and more. https://www.cybercivilrights.org/ BADASS Army: Help against revenge porn/intimate images dissemination. Information for specific state laws. https://badassarmy.org/

66. Questions? @FutureAda [email protected] https://futureada.org/ https://calendly.com/fa-openoffice