IPVTech

case studies

Empowering Women and Girls through Cybersecurity Education

Case Studies

Notes from the field

Tech Stalking Victim 1

from Andrew

Summary

She called out of desperation. She figured tor is ‘technical and computery’ and may be able to help, since the local computer stores and police dept were useless. She said her computer would randomly do things she didn’t tell it to do, like move the cursor, turn the webcam light on, and one of her coworkers in another country seemed to know far more about her than she remembers telling him over the years.

The local computer stores ran anti-virus/anti-malware and found nothing. One suggested she see a doctor for dementia (she’s older). The local police told her to take classes to learn how to use her computer and even if her coworker was stalking her, he’s in a different country and therefore out of their jurisdiction. I was the first to tell her she’s not crazy and yes, infected computers can do exactly what she’s experiencing. After about 5 calls over two weeks, I eventually handed her off to a local domestic violence organization who can also help with internet stalking. It’s surprisingly hard to find an anti-abuse org that also knows how to handle the Internet. Comically, the first two orgs I called pointed me at NNEDV.org, who then point people at Tor for help with privacy online.

Technical Details

Closure

The user called back months later to say that her laptop was free of “that jerk” and she changed jobs to avoid having to work with him again.

Tech Stalking Victim 2

from Andrew

Summary

This person is an adult video performer, and as she put it, ‘there are fans, super fans, creepy fans, and stalkers. I love the first three types of fans.’ The local police detective basically told her that because of what she does for a living, there is nothing they can do about her stalker and that she brought this on herself. She found Andrew@Tor through Google searches. She talked to other companies who just wanted to sell her software, but not actually answer her questions. She had a lot of questions.

Technical Details

She was assigned a work laptop by her current employer (an adult movie studio). As this laptop was far more powerful than her personal computer, she commingled personal and work data right away. Editing personal videos, pictures, facebook, twitter, text/video chats with her boyfriend and kids, and email were all on this laptop provided by her employer.

Unfortunately for her, her employer’s admin didn’t change the default password for remote admin access. Anyone who discovered the listening TCP port on her laptop could quickly Google for information, find the remote admin access, and then fully control her laptop. The IT staff was unable to login to the remote port with the default password. It seems whomever had logged in did change the remote admin password, and systematically cleared the logs relating to “admin access”. Luckily, through conversations with the IT person, the victim, and Andrew@Tor, we discovered the software did log a disconnect in the native system log, which also recorded the IP address of the session. The IP address was registered to an ISP in Latvia.

Closure

The victim’s next step was to re-open the police case, log all of this as evidence, and proceed to clean up after the identity theft, credit card fraud, and see if they could unmask the stalker. Her employer issued her a new laptop, copied over all her data, and changed the default admin password to the employee monitoring software. This was the end of involvement by Andrew@Tor.