Top Banner
EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers
67

EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

Feb 14, 2020

Download

Documents

dariahiddleston
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

EVERY BREATH YOU TAKE

A CTI REVIEW OF STALKERWARE@Ch33r10 *not speaking on behalf of my employers

Page 2: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

FOR THE LAWYERS“The opinions expressed in this presentation are those of the presenter, in their individual capacity, and not necessarily

those of my employers.”

Page 3: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

STALKERWARE● WHAT IS IT?● HOW DOES IT WORK?● TARGETS/OPERATORS● TRADECRAFT● CTI HYPOTHESES● CORPORATE AMERICA SOLUTIONS

Page 4: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

STALKERWAREWHAT IS IT?

Page 5: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

STALKERWARE=>

SPY

Page 6: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

STALKERWARESoftware used to “facilitate intimate partner violence, abuse, or harassment, including

pernicious intrusions into the targeted person's life by way of physical or digital

actions”~The Citizen Lab

STALKERWARE | SPYWARE | DUAL-USE APPS | mRAT

Page 7: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

INTIMATE PARTNER SURVEILLANCE TOOLS

● COMMODITY STALKERWARE/ SPYWARE● DUAL-USE APPS● mRAT ● SHARED ACCOUNTS● OSINT, SOCIAL MEDIA, PEOPLE, RECEIPTS, ETC

Page 8: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

COMMODITY STALKERWAREBASIC Active & Passive Data

Collection

● Texts● Call Logs● Some Chat Apps● Pics & Videos● Browser History● GPS Location

Page 9: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

TARGET

Page 10: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

THE CITIZEN LAB | THE PREDATOR IN YOUR POCKET P 20 https://citizenlab.ca/docs/stalkerware-holistic.pdf

Page 11: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

STALKERWAREMobistealthmSpyFlexiSpyHighster MobileHoverwatchSpyzie

TheTruthSpyTeenSafeCerberusXnspyWebWatcher& More!!!

Page 12: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

STALKERWAREHOW DOES IT WORK?

Page 13: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

COMMODITY

STALKERWAREREQUIRED:● PHYSICAL ACCESS TO DEVICE● INTERNET ACCESS

INSTALL APPS FROM UNKNOWN SOURCES & DISABLE GOOGLE PLAY PROTECT

JAILBROKEN iPHONE (SPY W iCLOUD ACCT ACCESS)

Page 14: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

RWDEICA LHM KILL CHAINCOMMODITY STALKERWARE

Page 15: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

COMMODITY

STALKERWAREEASY TO USE, LEGAL-ISH*, CHEAP,

READILY AVAILABLE, SIMILAR CAPABILITIES TO mRAT/SPYWARE, NO

USER INTERACTION, NO TECHNICAL SKILL

DRAWBACK: PHYSICAL ACCESS TO DEVICE *intercepting private communication is generally illegal (potential wiretapping crime) unless person doing it is a parent, employer, LE with warrant. Stalkerware vendors suggest getting consent.

Page 16: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

mRAT

STALKERWARECHEAP-ISH, REMOTE INSTALLATION

REQUIRES: SPECIFIC KNOWLEDGE TO OBTAIN, USER INTERACTION,

TECHNICAL SKILL!!!

DRAWBACK: ILLEGAL

Page 17: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

MITRE ATT&CKTACTIC TECHNIQUE PROCEDURE

Initial Access T1461: Lockscreen Bypass Dental molding kit or playdough to lift fingerprints

Initial Access T1475: Deliver Malicious App via Authorized App Store

Install spyware from Google Play Store

Collection, Credential Access T1412: Capture SMS Messages Use Spyware to receive SMS

Remote Service Effects T1468: Remotely Track Device without Authorization

Use Spyware to Track User

Page 18: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

EXISTING AV & ANTI-SPYWARE TOOLS INEFFECTIVE AT DETECTING & REMEDIATING STALKERWARE

THE CITIZEN LAB | THE PREDATOR IN YOUR POCKET P 40 https://citizenlab.ca/docs/stalkerware-holistic.pdf

2018 IEEE SYMPOSIUM ON SECURITY & PRIVACY | THE SPYWARE USED IN INTIMATE PARTNER VIOLENCE P 452 https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8418618

Page 19: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

STALKERWARETARGETS

“THE VICTIMS ARE EVERYDAY PEOPLE”~Morgan Marquis-Boire

Page 20: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

RELATIONSHIPS

Page 21: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

SIMILAR SURVEILLANCE CAPABILITIES AS STALKERWARE

TARGETS

Page 22: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

CHILDREN

Page 23: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

EMPLOYEES

Page 24: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

JOURNALISTSWASHINGTON POST

REPORTER ASSASSINATED

JAMAL KHASHOGGIABDULAZIZ | PEGASUS

Page 25: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

DISSIDENTSACTIVISTS BLM

CITIZENS WeChat

RELIGIOUS LEADERS Tibetans | Dalai Lama

Page 26: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

CRIMINALS

Page 27: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

TERRORISTSWHATSAPP- “YOU’VE BEEN HACKED”

EUROPEAN LE- OOOPSY

Page 28: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

MILITARY TikTok=BAN

GOVERNMENTSGOV OFFICIALSLAW ENFORCEMENT

LOOKOUT | STEALTH MANGO | MIDDLE EAST | INDIRECT COMPROMISE USA/UK/AUS/IRAN

Page 29: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

STALKERWAREOPERATORS

Page 30: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

RELATIONSHIPS

Page 31: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

STALKERWARE VENDOR BREACHESFlexiSpy: Metropolitan Police

Mobistealth: Military, FBI, ICE, DHS, TSA

Page 32: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

SIMILAR SURVEILLANCE CAPABILITIES AS STALKERWARE

OPERATORS

Page 33: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

PARENTSSCHOOLS Seattle

Page 34: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

COMPANIES

Page 35: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

CYBERCRIMEHACKTIVISTS

Page 36: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

CRIMINALS El Chapo

TERRORISTS

Page 37: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

LAW ENFORCEMENT

MIAMI PEN-LINKSWEDEN MARCH 2020CITYLAB | CELLEBRITE

MOTHERBOARD METROPOLITAN POLICE

Page 38: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

NATION-STATE

JAVIER VALDEZ CARDENAS RECKLESS-1PAKISTANI MILITARY | STEALTH MANGO

Page 39: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

STALKERWAREHOSTILE ACTOR

TRADECRAFT

Page 40: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

KIMBER

SHARED ACCTS | DUAL-USE APPS | UNILATERAL MANIPULATE FRIENDS/FAMILY

EMOTIONAL & PSYCHOLOGICAL ABUSE

Page 41: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

SUKI WYNN

COMMODITY STALKERWARE OR SPYWARE EMOTIONAL & PSYCHOLOGICAL ABUSE

Page 42: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

ELECTRA

mRAT | TECHNICAL | SOCIAL ENGINEERINGEMOTIONAL & PSYCHOLOGICAL ABUSE

Page 43: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

POISON HYDRA

PHYSICAL THREATS/ABUSE TO GAIN ACCESSEMOTIONAL & PSYCHOLOGICAL ABUSE

Page 44: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

STALKERWARECTI HYPOTHESES

NORMAL USE OFCOMMODITY STALKERWARE

Page 45: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

RTFMCORPORATE AMERICA

Page 46: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

CORPORATEMOBILE DEVICE MANAGEMENT/

BYOD

Page 47: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

CORPORATESTALKERWARE VENDORS● POOR SECURITY PRACTICES● MISCONFIGS SPYFONE S3/API

● BREACHES● UNENCRYPTED

TRANSMISSION/MITM?

Page 48: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

STALKERWARE VENDOR BREACHESRetina-X (2x)FlexispyMobistealthSpy Master ProSpyHumanSpyfoneHelloSpy

TheTruthSpyFamily OrbitmSpyCopy9XnoreMobiispyWtSpy

SOPHISTICATED SPYWARE COMPANIES HACKED: THE HACKING TEAM, GAMMA INTERNATIONAL

Page 49: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

CORPORATEHOW MANY EMPLOYEES IMPACTED

BY STALKERWARE?

WOMEN ((20K*50%)*33%)= 3,333MEN ((20K*50%)*16%)= 1,667

5K (25%) Employees experience IPV sometime in their lifetimex 54% IPV Survivors Tracked w Stalkerware =2.7K (13.5%) Employees impacted by stalkerware at one point in their lives

Page 50: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

~13.5%*EMPLOYEES IMPACTED BY

STALKERWARE AT SOME POINT IN

THEIR LIVES*FIGURE APPROXIMATE BASED UPON IPV/IPS STATISTICS & SIMULATED COMPANY F/M RATIOS & WORKFORCE SIZE

Page 51: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

STALKERWARECTI HYPOTHESES

REPURPOSED USE OF

STALKERWARE

Page 52: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

CORPORATEINSIDER THREAT

Page 53: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

CORPORATEEXECUTIVESEMPLOYEES

Page 54: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

CORPORATECOMPETITORS

Page 55: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

CORPORATEINDUSTRIAL ESPIONAGE

Page 56: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

STALKERWARECORPORATE AMERICA

SOLUTIONS

Page 57: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

CORPORATECTI

THE CITIZEN LABTHE PREDATOR IN

YOUR POCKET P 37-38

https://citizenlab.ca/docs/stalke

rware-holistic.pdf

BAD=JAILBREAK

WECHAT/TIKTOK

Page 58: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

CORPORATETABLE TOP

MONETIZE | TAKE-DOWN

Page 59: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

AWARENESS

CHRIS COX | OPERATION SAFE ESCAPE

Page 60: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

RESOURCES

TALL POPPY | SAFE ESCAPE | NCADV| NNEDV | CORNELL TECH

Page 61: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

● Stalkerware, Spyware, mRAT, Dual-use Apps

● Data Access varies by vendor/type● Target/Operators: Relationships● Sub-optimal AV detection● Org Specific Threat Modeling

STALKERWARE

Page 62: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

ABOUT ME

@ch33r10

• MBA IT Management• D.Sc. Cybersecurity Student at

Marymount University• GSEC, GCIH, GCFE, GMON, GDAT, GPEN

Page 63: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

REFERENCES

6 https://citizenlab.ca/docs/stalkerware-holistic.pdf7 https://citizenlab.ca/docs/stalkerware-holistic.pdf8 https://citizenlab.ca/docs/stalkerware-holistic.pdf8 https://assets.documentcloud.org/documents/4599753/NSO-Pegasus.pdf8 https://www.vice.com/en_us/article/53vm7n/inside-stalkerware-surveillance-market-flexispy-retina-x8 https://youtu.be/EzMkqtNAo6A9 https://assets.documentcloud.org/documents/4599753/NSO-Pegasus.pdf9 https://citizenlab.ca/docs/stalkerware-holistic.pdf11 https://www.ft.com/content/263133ac-a28b-11e9-974c-ad1c6ab5efd110 https://citizenlab.ca/docs/stalkerware-holistic.pdf13 https://xnspy.com/install-spyware-on-android-remotely.html13 https://www.defcon.org/images/defcon-20/dc-20-presentations/Robinson/DEFCON-20-Robinson-Spy-vs-Spy.pdf15 https://www.vice.com/en_us/article/53vm7n/inside-stalkerware-surveillance-market-flexispy-retina-x16 https://www.helpnetsecurity.com/2014/10/21/delivering-malicious-android-apps-hidden-in-image-files/16 https://www.blackhat.com/docs/eu-14/materials/eu-14-Apvrille-Hide-Android-Applications-In-Images-wp.pdf16 https://thehackernews.com/2019/02/hack-android-with-image.html16 https://blog.malwarebytes.com/mac/2019/08/unprecedented-new-iphone-malware-discovered/16 https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=841861817 https://attack.mitre.org18 https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=841861818 https://citizenlab.ca/docs/stalkerware-holistic.pdf

18 https://www.cbc.ca/radio/day6/venezuela-s-would-be-presidents-alien-the-school-play-women-s-football-stalkerware-after-parkland-more-1.5116896/stalkerware-is-more-common-than-you-think-and-eva-galperin-has-a-plan-to-stop-it-1.5116916

19 https://www.vice.com/en_us/article/53vm7n/inside-stalkerware-surveillance-market-flexispy-retina-x24 https://www.vice.com/en_us/article/gyznnq/how-nso-group-helps-countries-hack-targets24 https://www.nytimes.com/2018/12/02/world/middleeast/saudi-khashoggi-spyware-israel.html24 https://www.ynetnews.com/articles/0,7340,L-5444998,00.html25 https://www.vice.com/en_us/article/a357b5/hackers-tried-to-compromise-phones-of-tibetans-working-for-dalai-lama25 https://www.wsj.com/articles/chinas-tech-giants-have-a-second-job-helping-the-government-see-everything-151205628425 https://www.citylab.com/equity/2017/02/cellphone-spy-tools-have-flooded-local-police-departments/512543/

Page 64: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

REFERENCES

26 https://www.calcalistech.com/ctech/articles/0,7340,L-3774443,00.html27 https://www.calcalistech.com/ctech/articles/0,7340,L-3774443,00.html27 https://www.wsj.com/articles/police-tracked-a-terror-suspectuntil-his-phone-went-dark-after-a-facebook-warning-1157799697328 https://www.cyberscoop.com/u-s-army-bans-tiktok-amid-ongoing-scrutiny-chinese-made-video-app/28 https://www.wsj.com/articles/police-tracked-a-terror-suspectuntil-his-phone-went-dark-after-a-facebook-warning-1157799697328 https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf31 https://www.vice.com/en_us/article/zmwnm3/metropolitan-police-flexispy-legal-complaint31 https://www.vice.com/en_us/article/ywqqkw/military-fbi-and-ice-are-customers-of-controversial-stalkerware33 https://www.cbsnews.com/news/610k-settlement-in-school-webcam-spy-case/33 https://www.eff.org/wp/school-issued-devices-and-student-privacy34 https://www.usatoday.com/story/tech/2019/10/08/is-the-boss-tracking-you-now/3901594002/34 https://www.vice.com/en_us/article/7x5m5a/ftc-bans-retinax-from-selling-stalkerware36 https://www.reuters.com/article/us-usa-mexico-el-chapo/el-chapo-aide-who-helped-fbi-tap-his-phones-takes-stand-idUSKCN1P32BQ37 https://www.miamiherald.com/news/local/crime/article236013148.html37 https://www.citylab.com/equity/2017/02/cellphone-spy-tools-have-flooded-local-police-departments/512543/37 https://www.cpomagazine.com/cyber-security/swedish-police-given-green-light-for-spyware/37 https://www.vice.com/en_us/article/zmwnm3/metropolitan-police-flexispy-legal-complaint37 https://www.vice.com/en_us/article/ywqqkw/military-fbi-and-ice-are-customers-of-controversial-stalkerware38 https://threatpost.com/pegasus-spyware-targets-investigative-journalists-in-mexico/139424/38 https://www.vice.com/en_us/article/ywqqkw/military-fbi-and-ice-are-customers-of-controversial-stalkerware38 https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf46 https://www.usatoday.com/story/tech/2019/10/08/is-the-boss-tracking-you-now/3901594002/47 https://github.com/diskurse/android-stalkerware47 https://twitter.com/lorenzofb/status/105767955079093452847 https://www.vice.com/en_us/article/7xnybe/hosting-provider-takes-down-spyware-mobiispy47 https://www.vice.com/en_us/article/9kmj4v/spyware-company-spyfone-terabytes-data-exposed-online-leak47 https://www.vice.com/en_us/article/53vm7n/inside-stalkerware-surveillance-market-flexispy-retina-x47 https://www.vice.com/en_us/article/gvye3m/spy-tech-company-hacking-team-gets-hacked47 https://www.vice.com/en_us/article/z4mzze/a-hacker-claims-to-have-leaked-40gb-of-docs-on-government-spy-tool-finfisher

Page 65: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

REFERENCES

48 https://github.com/diskurse/android-stalkerware48 https://twitter.com/lorenzofb/status/105767955079093452848 https://www.vice.com/en_us/article/7xnybe/hosting-provider-takes-down-spyware-mobiispy48 https://www.vice.com/en_us/article/9kmj4v/spyware-company-spyfone-terabytes-data-exposed-online-leak48 https://www.vice.com/en_us/article/53vm7n/inside-stalkerware-surveillance-market-flexispy-retina-x48 https://www.vice.com/en_us/article/gvye3m/spy-tech-company-hacking-team-gets-hacked48 https://www.vice.com/en_us/article/z4mzze/a-hacker-claims-to-have-leaked-40gb-of-docs-on-government-spy-tool-finfisher49 https://havron.dev/pubs/clinicalsec.pdf49 https://citizenlab.ca/docs/stalkerware-holistic.pdf55 https://securityintelligence.com/articles/when-stalkerware-stalks-the-enterprise/

57 https://citizenlab.ca/docs/stalkerware-holistic.pdf57 https://blog.devolutions.net/2019/06/the-threat-stalkerware-poses-to-your-business59 https://github.com/diskurse/android-stalkerware/blob/master/README.md59 https://stopstalkerware.org/2019/10/06/the-stalkerware-threat/59 Daniel Nash BSides Belfast 2018 The Terror of Tracking https://www.youtube.com/watch?v=126s8hsuomM59 https://securityintelligence.com/articles/when-stalkerware-stalks-the-enterprise/59 https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=841861860 https://TALLPOPPY.IO60 https://safeescape.org60 https://www.ncadv.org/60 https://nnedv.org/60 https://www.ipvtechresearch.org/resources60 https://github.com/stopipv/isdi

60 https://github.com/diskurse/android-stalkerware/blob/master/README.md

60 https://stopstalkerware.org/2019/10/06/the-stalkerware-threat/60 Usenix Security 2019 Clinical Computer Security for Victims of Intimate Partner Violence https://youtu.be/YsFZ3OxwWN0

Page 66: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

RESEARCHhttps://citizenlab.ca/2018/09/hide-and-seek-tracking-nso-groups-pegasus-spyware-to-operations-in-45-countries/https://www.ipvtechresearch.org/researchhttps://www.zdnet.com/article/employee-safety-is-for-sale/https://www.vice.com/en_us/article/ywqqkw/military-fbi-and-ice-are-customers-of-controversial-stalkerwarehttps://citizenlab.ca/docs/stalkerware-holistic.pdfhttps://www.wired.com/story/eva-galperin-stalkerware-kaspersky-antivirus/Heather Mahalik https://youtu.be/IEbLOvT4FtsEva Galperin https://youtu.be/QvorPIKXrYAhttps://assets.documentcloud.org/documents/4599753/NSO-Pegasus.pdfhttps://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.htmlhttps://www.nytimes.com/2019/11/06/opinion/whatsapp-nso-group-spy.htmlhttps://www.digitalbank.global/nso-group-competitorshttps://www.fastcompany.com/90369108/inside-the-shadowy-world-of-spyware-makers-that-target-activists-and-dissidentshttps://sii.transparencytoolkit.org/search?technology_sold_facet=Phone+Monitoringhttps://www.calcalistech.com/ctech/articles/0,7340,L-3749924,00.htmlhttps://www.washingtonpost.com/opinions/2018/12/05/israel-is-selling-spy-software-dictators-betraying-its-own-ideals/https://www.vice.com/en_us/article/qvakb3/inside-nso-group-spyware-demohttps://www.vice.com/en_us/article/3da5qj/government-hackers-iphone-hacking-jailbreak-nso-grouphttps://www.welivesecurity.com/2018/06/07/invisimole-equipped-spyware-undercover/https://arsenalexperts.com/persistent/resources/pdf/Illicit_Surveillance_of_Electronic_Systems_in_Family_Law_Cases.pdfhttps://www.technologyreview.com/s/613915/stalkerware-apps-are-letting-abusive-partners-spy-on-their-victims/?utm_source=twitter&utm_campaign=site_visitor.unpaid.engagement&utm_medium=tr_socialhttps://www.zdnet.com/article/the-ultimate-guide-to-finding-and-killing-spyware-and-stalkerware/How to Fake a Fingerprint https://youtu.be/tj2Ty7WkGqkhttps://www.zdnet.com/article/google-cleans-out-stalker-apps-from-play-store/https://ivrodriguez.com/analyzing-ios-stalkerware-apps/https://blog.talosintelligence.com/2019/10/the-commoditization-of-mobile-espionage.htmlhttps://www.technologyreview.com/profile/patrick-howell-oneill/https://www.vice.com/en_us/contributor/lorenzo-franceschi-bicchieraihttp://www.structuredweb.com/sw/swchannel/CustomerCenter/documents/9353/25297/Lacoon_CP_Enterprise_mRAT_Research.pd

Page 67: EVERY BREATH YOU TAKE · EVERY BREATH YOU TAKE A CTI REVIEW OF STALKERWARE @Ch33r10 *not speaking on behalf of my employers

RESEARCHhttps://blog.malwarebytes.com/malwarebytes-news/2019/11/malwarebytes-teams-up-with-security-vendors-and-advocacy-groups-to-launch-coalition-against-stalkerware/

https://www.ft.com/content/263133ac-a28b-11e9-974c-ad1c6ab5efd1

https://www.rsaconference.com/industry-topics/podcast/threats-of-surveillance-tools-spyware-and-

stalkerware?utm_source=inhouse&utm_medium=email&utm_content=RSAC365-newsletter-edition2-text-ongoing-gen-dec2019-

2&utm_campaign=Newsletter-Edition2-Text-Ongoing-Gen-Dec2019-

RSAC365&spMailingID=41350779&spUserID=ODU5MDgxMzgxNzQ3S0&spJobID=1661540021&spReportId=MTY2MTU0MDAyMQS2

https://homeland.house.gov/preparing-for-the-future-an-assessment-of-emerging-cyber-threats

https://pages.cs.wisc.edu/~chatterjee/ppts/IPV_spyware.pdf

https://havron.dev/pubs/clinicalsec.pdf

https://havron.dev/pubs/freed-cscw19.pdf

http://nixdell.com/papers/stalkers-paradise-intimate.pdf

http://nixdell.com/papers/a046-freed.pdf

https://www.technologyreview.com/s/614168/nyc-hires-hackers-to-hit-back-at-stalkerware/

https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=8418618

http://damonmccoy.com/papers/Creepware_SP.pdf

https://www.vice.com/en_us/topic/when-spies-come-home

https://citizenlab.ca/docs/stalkerware-legal.pdf

https://www.theguardian.com/world/2019/dec/20/cyprus-police-arrest-three-in-israeli-owned-spy-van-investigation

https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf

Cian Heasley BSides London 2019 Watching the Watchers: The Stalkerware Surveillance Ecosystem https://youtu.be/EzMkqtNAo6A

https://www.defcon.org/images/defcon-20/dc-20-presentations/Robinson/DEFCON-20-Robinson-Spy-vs-Spy.pdf

http://www.structuredweb.com/sw/swchannel/CustomerCenter/documents/9353/25297/Lacoon_CP_Enterprise_mRAT_Research.pdf

Jessica Amery BSides London 2019 Stalkerware in Mobile Devices https://youtu.be/IiUFxUChJcI

https://www.rsaconference.com/industry-topics/blog/tracking-every-move-from-location-based-apps-to-stalkerware-and-advanced-attacker

https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.htmlhttps://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html