Safety Net: The National Safe & Strategic Technology Project National Network to End Domestic Violence Cynthia Fraser on March 14, 2007 Your Relationship with Technology? From Radio � Not on Speaking Terms Scanners to Spyware: Technology Abuse � Cordial Working relationship & Survivor Safety � Very Intimate
Hillsborough County Family Justice Center NNEDV Safety Net Training ~ Tampa, Florida [email protected] 1 [email protected] 2
Safety Net: Safety Net: National Safe & Strategic Technology Project National Safe & Strategic Technology Project Stalking, sexual violence, domestic violence, abuse � Who is NNEDV At National Network to End Domestic Violence Fund � Safety Net Project 1. Building a network of “techie advocates” 2. Safety Planning – Discussing risks & benefits as technologies evolve � Our role as a TA Provider 3. Response – Increase systems capacity for survivor-defined prevention & intervention � Today’s Agenda 4. Support Survivors in Self Determination
[email protected] 3 [email protected] 4
Important Additional Support: Beyond Training & TA: Resources & Materials State Domestic Violence Coalitions “Technology Advocates”
[email protected] 5 [email protected] 6
1 Technology Use… harass threaten • Phones •Email • Computers target stalk •PDAs •IM / Chat • Screen Readers environmental manipulation •GPS • Internet •Refreshable monitor Braille •Data • Wireless • Switches abuse groom • Caller ID •VoIP • Magnifiers impersonate • Faxes • TTY/Relay • Speech intercept victimize •Answering • WebCams synthesizers surveillance Machines • Scanners • Alert Buttons [email protected] 7 [email protected] 8
Phone, Internet & Data Intersect
Phone lines carry more than voices: � People who are Deaf use TTY (teletypewriters) Phone devices to transmit signals across phone lines � Fax machines transmit images & text � Dial-up Internet connections – send data packets Technology
High speed Internet connections: � Buy it with your cable TV package � Watch movies on the Internet, use webcams � Make phone calls – via VOIP & IM
Privacy Confidentiality laws & regulations…have a hard time keeping up as tech. rapidly merges
[email protected] 9 [email protected] 10
Record-A-Call Phone Handset: Threats on Answering Know laws @ 1-party 2-party consent & notice Machine Tapes & Voice Mail � If abuser or perpetrator leaves a message, permission to be taped is usually assumed.
� Talk to local prosecutors/law enforcement about their preferred method to report a harassing message left on an answering machine or digital voice mail – learn time limits � Get answering machines donated & train survivors on use (to screen calls & document harassing messages)
[email protected] 11 [email protected] 12
2 Fax Machines EFax � Always call ahead before faxing � Check the program Fax settings � Efax services are a third party to your fax machine or email � Safety plan around faxing with survivors � � Test Line blocking Efaxes are susceptible to interception just like email � You may be required to enter your real fax number in the header vs 123-456-7890 or 000- � Federal Wiretapping laws are more vague 000-000 � Service providers may keep digital files � Newer fax machines may store data copies of fax
[email protected] 13 [email protected] 14
Caller ID & Line Block Phone # Reverse Search www.AnyWho.com
� Good for avoiding calls � Advocacy agencies beware! Even if your # is blocked it may show up. � Blocking your number: *67 + number � 800# exception
[email protected] 15 [email protected] 16
Dialing 2-1-1: Information & Referral Caller ID Strategies � Over 25% of U.S. population has access to 211 � Goal: Dialing 211 will connect customers with resources anywhere in the U.S. � Safety plan with victims/survivors around Caller ID � Learn if 211 is available in your area and how this service can impact victims – go to: www.211.org � Put free line blocking on all/most lines. TEST fax, TTY, cell, home phones with someone who has � Work with local & state 211 coordinating agencies Caller ID on privacy and safety issues � Have an organizational policy RE: anonymous � Florida has at least 10 active 2-1-1 call centers call rejection or privacy manager. What do staff do? � Hillsborough County 211 served by Crisis Center of Tampa Bay � Have policy on survivors unblocking outgoing calls from advocacy center or shelter phone line � See: http://www.211atyourfingertips.org/ [email protected] 17 [email protected] 18
3 Phone Surveillance: Wiretapping & Bugs
Wiretapping, Bugs � Taps can be placed anywhere along the telephone line that runs outside of the house & Scanners � Taps allow someone to hear calls or make calls � There are several ways lines can be tapped for ease dropping purposes
� Standard line tape with a phone handset
� An audio recorder with tape
� A Voice-activated audio recorder
� A Bug [email protected] 19 [email protected] 20
Illegal Wiretap case
Police said a person could call the phone line and punch Wireless Phones in a code that activated a microphone in & the hidden device… Conversations Interception picked up by microphone could be heard over the phone line… [email protected] 21 [email protected] 22
Radio Analog vs. Digital � Basics: using electricity, a transmitter sends sound through the air to a receiver � Telephone + Radio = Wireless
Analog = Sound Digital = Bits of Waves Data Cordless & cell phones ~ transmit & receive wirelessly � cordless phones to/from a base unit � cell phones transmit to/from a cell tower [email protected] 23 [email protected] 24 From wikipedia
4 Risks of Using Wireless Scanner Examples: Radio receiver getting multiple signals (in VHF to UHF range) Cell & Cordless Phones Might be portable (rechargeable battery packs), desktop (like regular radio) OR Internet-enabled � Losing a call � Crosstalk � Loss of legal privilege
� Interception Handheld Scanner
Not as private as you think. Desktop [email protected] 25 [email protected] Scanner 26
Interception & Variables Cordless Phones 1. Transmitter power (.001 vs 1 watt) …can be intercepted by scanners, baby monitors, other cordless phones, etc. 2. fixed frequency vs. spread spectrum (hopping) 3. Analog (broader coverage) vs. digital (010 security) � Cordless may not be safe for victims or those working with victims 4. roaming coverage, multimode/dual mode 5. neighbor’s same brand phone… � ASK victims if they use them 6. Limited range vs. broad range broadcast � Limit identifying info or escape details on cordless 7. Wavelengths: 5.8 Ghz spread spectrum (DSS) � Unplug cordless transmitter after picking up > 2.4 Ghz spread spectrum (DSS) “corded” phone > 900 Mhz (older @ 40 diff. channels) � Consider proving cheap “corded” phones to > 400 Mhz (outdated cordless) volunteers & staff > 43-49 Mhz (baby monitor) [email protected] 27 [email protected] 28
Cell Phones: Abuser Use � Safety Tip
� Checks billing records � use safer/donated phone � Intercepts Analog or Digital wireless phones � use minimal, innocuous, or decoy details � Uses phone as a listening device � check settings or turn off when not in use � Tracks Location � talk to carrier & check phone � Makes it look like victim’s device was used to call/text, when it wasn’t � document victim’s actual actions & explore/investigate how spoof or hijack happened
[email protected] 29 [email protected] 30
5 Spy Phone Example: Q-phone Cellular & Wireless Phones
� ASK survivors if they use them
� Discuss monitoring risks - settings, location services, phone plans, clones, etc.
� Safety plan about interception points - ask if abuser/perpetrator/stalker works for phone company or law enforcement
“Give it as a present to your spouse, kids, � Say ANALOG signals are easier to intercept, employees…know your spouse’s behavior when DIGITAL Spread Spectrum (DSS) signals are you are away….just push a few buttons and the phone turns into your personal detective…hear more secure [email protected] going on in the vicinity of the Q-phone”31 [email protected] 32
Cell & Wireless Phones Hotlines & Referral
� If using to respond to hotline or confidential calls, use sparingly & avoid identifying � Have/Revise policies on use of various phone details – only use digital phones whenever tech for on-call advocates possible � Negotiate contracts with Answering Services to protect confidentiality, safely dispose of records � Incorporate phone donation programs into safety plans (i.e. Wireless Foundation’s � Protect your crisis line billing records (since Call To Protect & Shelter Help and Verizon 800 number bills include #’s) Wireless’s programs) � Address barriers to access
[email protected] 33 [email protected] 34
VoIP – Voice Over Internet Protocol VoIP: Large growth expected • Analog Telephone � Cost: Internet connect as a phone line can save up Adaptor ATA device to 50% over traditional local & long-distance converts analog companies signal to digital data �Internet � U.S. subscribers to residential VOIP services growth: • IP Phones with 3 million in 2005 � 27 million by end of 2009 Source: IDC study: U.S. Residential VOIP Services 2005-2009 Forecast and Analysis: Miles to Go Before Ethernet connector We Sleep, April 2005 via router �Internet (soon WiFi) � Many companies offer VoIP service: Vonage, AT&T, Skype, Comcast, BroadVoice, SunRocket • Computer to Computer (need � Many different VoIP implementations ~ needs a Microphone, broadband Internet connection (DSL or cable) but Speakers, etc.) some plans can use a regular telephone
[email protected] 35 [email protected] 36
6 3 Types of VoIP services: VoIP & 911 � Consumer Advocacy: CT & TX Attorney Generals � Fixed: from one location the service is provided are suing Vonage for failure to disclose adequately � Nomadic: from any location with Internet access that traditional 911 service is not available to � Foreign exchange: users in one exchange receive consumers. phone calls dialed as local calls in another � VoIP providers must: exchange they selected (e.g. a customer located in � Complete the E-911 provisioning process within Tampa with a Dallas TX local phone #). 180 days of signing up a new customer. Must 2 types of 911: provide interim 911 service to the geographically � Basic 911 = you must tell them your location appropriate emergency call center. � Enhanced 911 = automatically sends your location � Inform their customers of the capabilities and info. (fixed address or location you registered or limitations of their VoIP 911 service. real time cell location) � Not market in areas where E-911 service is not available.
[email protected] 37 [email protected] 38
Other Safety Risks with VoIP Victim Safety: VoIP & E-911 � Spoofing: Use 3 way calling. Put 1st caller on hold, dial st � Discuss pros & cons of Registering present victim 2nd. Caller ID shows 1 # dialed address for E-911 service � Unblocking blocked numbers: local phone company/ � Find out what TYPE of E-911 service is cell carrier send "Calling Party Number" (CPN) with every provided call. VoIP software can get system to unblock CPN. � Service providers may use different strategies or � Tapping: Most VoIP calls are unencrypted across the procedures for handling 911 calls. Internet, making tapping easy � If move or traveling, consider re-registering � Call Screening & Call forwarding: User predefines primary address screening list of caller IDs (specific IDs or anonymous � Can take several hours to process – service not calls), then sets how each caller ID is processed immediately available. � Call Transferring. Have a buddy call her. � Obtain local emergency direct lines � Call log records all missed, outgoing, incoming & local #. � Police, Fire – check on local municipal websites
[email protected] 39 [email protected] 40
Victim Safety Strategies: VoIP Annonymizers: Spoof Cards
� Get a donated cell phone from a local domestic violence shelter to also use for 911 � Keep address & VOIP call-back number nearby • If disconnected, 911 provider will need call-back info. � Check if Burglar Alarm Companies have VoIP compatibility � If suspect interception, keep a log & document suspicions. (but not on compromised computer) � Alert law enforcement if you suspect VOIP logging, spoofing/manipulation, interception
[email protected] 41 [email protected] 42
7 Surveillance What is GPS?
� Worldwide Radio Navigation Phone Locating & GPS System developed by US Defense Dept. � 24 Satellites in space generate & receive radio signals that allow a GPS receiver/chip on earth to estimate its location
If E911 was available in a Pennsylvania town [email protected] 43 [email protected] 44
GPS & E911 Safety Planning E911 Info & GPS � Talk to victims about cell phone location limitations as E911 with GPS is rolled out � E911= Enhanced 911 � If victim calls 911 from cell phone, she may need to � Designed to provide # and exact location of a cell phone give location in detail 911 caller with GPS Chip in the phone � E-911 & VoIP 911 issues ~ http://www.voip911.gov/ In US (1996 FCC rules, & 1999 law) mandated: � adding GPS/location chips to new cell phones � Victims might want to turn phones off when not in use for location privacy/safety � Phased upgrading of 911 emergency dispatch centers so they can get # & exact location of a 911 cellphone caller � If think phone is GPS enabled with location via GPS chip subscription, victim might want to leave phone if flee � some regional difficulty rolling this out due to costs � Encourage Cell Companies to provide visible notice that location/tracking is subscribed/on
[email protected] 45 [email protected] 46
Locator Services Locate People & Services Nextel GPS, Java-enabled phone or BlackBerry 7520. No more searching for location of friends, family, restaurants, ATMs, even directions. �See yours and others current locations �People finder: location of family, friends & co-workers with their permission. Via device or private web site. �Directions. turn-by-turn text directions on your phone �Create Address Book of points of interest
Former AT&T Optional Service: Find Friends for $2.99/month [email protected] 47 [email protected] 48
8 Location Devices – Spying with GPS watch & Bio Sign monitor Maps
www.digital-angel.com [email protected] 49 [email protected] 50
Monitor Teen Drivers VEHICLE TRACKING MENU You will know what time they left, what time they arrived and a map to show you the exact location that the car was parked.
Alerts can notify you when your teen leaves school early, is speeding or visits that friend who has been declared off limits.
[email protected] 51 [email protected] 52
GPS & Stalking Cases • Colorado 2000: Stalker placed GPS in ex-wife’s car. Convicted: stalking “electronic surveillance”.
• Wisconsin 2002: GPS to track former live-in girlfriend. Convicted: $250 stalking, burglary
•Glendale. CA 8/2004: Man arrested when trying to change battery under ex-girlfriend’s car.
•Ohio 12/2004: put GPS in ex- wife’s car. Convicted: felony menacing by stalking. Ordered to wear GPS device for 1 year!
•Missouri 12/2005: Police Officer put GPS in ex-girlfriend’s car. Officer was fired.
[email protected] 53 [email protected] 54
9 GPS Monitoring GPS Safety Planning for Offenders � Trust your instincts – if you thinks you are being followed too regularly… there might be a GPS
� Offender wears ankle bracelet & GPS unit at all times � GPS device might be small, about the size of a cell phone or possibly in a small box, look for a wire. � Information is downloaded & sent to probation/parole officer � Police might search car for her – advocacy & � Supervising officer creates “hot zones” (victim’s home & educational might be needed workplace, schools, etc.) where offender is barred from � Victims can search the car : under the hood, under going—officer is notified if location violation occurs the car seats, under the bumpers, in the trunk � With “active” monitoring, supervising officer receives immediate violation alerts and can send help to victim � Or get a (new) mechanic to search ($20?) � With “passive” monitoring, supervising officer receives � A private investigator can do a thorough search, but information, typically at the end of each day, and provides it could cost $100s to $1000s no immediate protection for victim(s) � Consider leaving behind car/object if still worried [email protected] 55 [email protected] 56
Public Eye In the Sky Hidden Live Web Cams Wireless & Wired Cameras
Surveillance Camera
[email protected] 57 [email protected] 58
Univ of Tampa Campus webcam Internet Accessed Home Surveillance
Example: � Links Wireless Video Cameras � Monitor any area of your home � Take picture from a TV, or via the web � Send image �Set Motion Activated Video Tape to a friend � View archived images
Motion [email protected] 59 Detector Cam [email protected] 60
10 “Nanny Cams” Spy Cameras & Sexual Assault � Voyeurism • Security? � Pornography • Protection? � Footage of consensual sex, distributed without consent
� Footage of sexual assault distributed From the Documentary •unconsensual recording? � Coerced/groomed filming RAW DEAL: A Question of Consent •voyeurism?
[email protected] 61 [email protected] 62
Remote Control Spy Car Camera Misuse & Law “Turn play time into spy time!”
Cyclops SR1 Spy Car $199.99 Infrared laser tag game built in Battery operated
� high-res. wireless camera & miniature microphone � sends real-time audio/video back to its controller � View & listen on color 1.8 “ LCD screen or TV screen
[email protected] 63 [email protected] 64
Hidden Cameras Safety Planning How do I know if one is in my home? � Camera technology evolving - wired, The Camera Detector wireless, motion � If remote transmit, there will be a signal. activated, cell phones, upskirting � Can buy a device that will tell you if such signals are being transmitted. � Size, price, capabilities � If it is wired instead of wireless… hard to vary widely Discretely Peace of Mind Exposes detect except by finding it with your own � Camera detectors / In The Palm Hidden eyes. of Your Hand Wireless sweepers offer limited Cameras detection (varies by device)
[email protected] 65 [email protected] 66
11 Bug Sweepers & Detectors: Turning Cameras back on Offenders example = Freq. 5Mhz-1.5Ghz
� A Counter Surveillance Probe/Monitor for $1-$3000 � "sniffs" environment for hidden phone, room or body bugs, remote signals, video transmitters, and even wide band frequency hopping or "burst" bugs. � tests A.C. outlets, phone lines, or suspicious wires for very low frequency "carrier current" signs. � allows you to listen to telephones or lines for "hot mics," hook-switch bypass and "infinity" bugs, also unknown wires and cables can be tested for wired microphones. � guards against new devices brought in, remote control activation, or someone tampering with your equipment. � 24-hour "evidence" recording output stores suspicious sounds while you are away. [email protected] 67 [email protected] 68
Assistive Technology can include… 1. Technology commonly used by general public:
� Email, IM, computers, phones, PDA’s, etc. 2. Technology created to meet specific needs of people with disabilities:
Assistive � Screen reader, scanner, magnifier, refreshable Braille devices, Braille printers/embossers, dtc.
� Voice synthesizers, talking clocks, switches, TTY & Technology Relay, Video phones, etc.
� Hands free computer access – speech recognition, point of gaze (mobility), etc.
� electronic aids to daily living, wheelchairs, hearing aids, 3. Other tools for people with disabilities: � Pulley devices to sit oneself up, sticky notes, etc.
[email protected] 69 [email protected] 70
TTY & Relay Ways Abusers/Stalkers Misuse TTY & Relay Communication tools for people who are deaf or hard of hearing Telecommunication Relay Service (TRS): �Monitor communications � national U.S. service where relay operators provide two-way translation typically between audio/spoken �Impersonate victims/survivors word AND typed text or signed language. TTY (Teletypewriter) = text telephone � Communicate by typed text via telephone line to another TTY or to TRS. Also: TDD (Telecommunications Device for the Deaf) [email protected] 71 [email protected] 72
12 TTY & Relay IP Relay: Survivor & Advocate Use
To have an IP relay operator call phone # & begin Telecommunication Relay Services: relaying the conversation: � survivors use all types: text-to-voice, captioned � Go to: IP-Relay.com. Enter 10- phone, Video Relay, IP Relay, dial 711, etc. digit phone # into “Quick Connect � TRS provider (operator/communication assistant) Now” window. Click GO. must ensure user confidentiality. May not keep OR records of conversation contents. � Open AIM. Create “MyIPRelay” � Very limited exception can keep names/numbers AIM buddy. Then send an IM with dialed: if requested by Speech-to-Speech relay users. the phone # to MyIPRelay. [email protected] 73 [email protected] 74
Video Relay (VRS) Example: Ways Abusers/Stalkers Person on Computer with web cam � High-speed Misuse TTY & Relay Internet � Relay Service Interpreter � � Threaten & impersonate victim/survivors A VRS website using Windows NetMeeting freeware: � Monitor communications
N e x T a l
[email protected] 75 k [email protected] 76
TTY, Internet & Relay Safety TTY, Internet & Relay Safety (cont.)
� Know & use TTY, Relay, & Interpreter resources � Interception/Security – Email , IM back doors, etc. � Do NOT save or print transcript of communications Safety plan about making 911 emergency calls Safety plan about: � FCC requires that TTYs are compatible with 911 � TRS must connect survivor using TTY to 911 but may � Use of 3rd parties & interpreters -- discuss pros & need to ask address. cons of in-person sign interpreters vs. video/remote � Internet-based VRS & IP Relay should not be used for interpreters emergency calls. Not yet required to connect.
� Potential impersonation -- develop a system to � Be Creative -- Pager, etc. identify a survivor who does TTY or online contact Support self-determination of communication methods for survivors who are deaf or hard of hearing. � Tracks/Records -- TTY machines & history settings, & computer tracks for IP and Video relay, IM logs Create organization practices & policy.
[email protected] 77 [email protected] 78
13 PDAs & Smart Phones Text Messaging PDA (Personal Digital Assistant): small handheld or palm sized computer that � Also called SMS (Short message service) might include: � Email, web browsing, IM, texting � Primary form of communication for teens some � File transfer, Word processing, camera, Braille PDA music video display send upward of 200 text messages a day � screen reader, TTY software program etc. � Info management tools: Calendar, � Take a photo of the cell phone screen to address book document harassing messages � Optional Phone services, GPS receiver, Data syncs with regular computer Smart phones ~ a mobile phone first, but � Survivors use for help and safety also let you email, instant message, surf the Web, listen to music, etc. T-mobile Sidekick PDA [email protected] 79 [email protected] 80
Networks & Data Server Other Computers
Your Computer
� Need Protocol = communication rules - all speak the same language � Other stuff …Network Interface Cards, Cables, Hub to control traffic
[email protected] 81 [email protected] 82
Wireless Networks & WIFI hotspots WIFI Risks & Hacks hotspot = a connection point for a WiFi network. WIFI: � How? Access points (small 802.11 radio boxes � Packet sniff: views all unencrypted traffic hardwired into your network) �� transmit high frequency radio signals up to100 ft. to talk to � Computer Clone: hacks your computer’s ID# from your router �� your computer’s wireless card � Evil Twin: misdirect Access Point by using your same � WiFi hotspots are now in many public places service set identifier (SSID), or network name like coffee shops, hotels, libraries and airports. Protection: � Password, Login & Encryption, Firewalls � Many WIFI hotspots are free & easy to access. [email protected] 83 [email protected] 84
14 Wi-Fi security ~ access public networks
1. Secure your access point login: Use encrypted login fields for passwords & personal info. Phones, PDAs & � WEP (Wireless Encryption Protocol) < WPA (WiFi Protected Access) is stronger � 64 < 128 Bits Computers with � Lock down Wi-Fi network access by MAC (Media Access Control) address ~ on your wireless card
2. Secure your session & data after logging into an access point: Use a client firewall & VPN tunnel
3. Know your service provider's security policy [email protected] 85 [email protected] 86
Freedom Scientific’s StreetTalk Bluetooth Personal Area Network for PacMate: GPS
� Bluetooth chips replace � Like many GPS, can plot routes cables between devices & download maps ahead of time � This wireless technology or in real-time uses a globally available frequency band � provides turn-by-turn Braille or (2.4GHZ) speech announcements � Short-range < 30 feet � Can use Bluetooth to be 30 feet � universal bridge ~ away from user, e.g. on a guide integrates devices ~ dog harness communicate with mobile devices Abuser can misuse it to track a victim’s every move. [email protected] 87 [email protected] 88
Bluesnarfing Bluejacking
The theft of Temporarily information. This hijacking another includes, your person's cell contacts, phone by sending passwords, text it an anonymous messaging, without text message. leaving any evidence of the attack. Used to flirt. http://www.mobiledia.com/forum/topic17359.ht Bluetooth enabled cell phone ml [email protected] 89 [email protected] 90
15 Bluebugging Tips to Enhance Bluetooth Security
Most Dangerous! � Set the device to "hidden“. Personal devices like � Secretly turn on headsets can still connect to the phone, but another person’s intrusion is much more difficult since the hacker will phone and make it have to know the Bluetooth address before call you. establishing a connection.
� The attacker could � If a user wants absolute security, they can simply then place calls to "switch off" the Bluetooth functionality of their other numbers via **Calls can be mobile phone. This will not affect other that person’s phone. intercepted and the functionalities of the phone. phone can be used as a listening device. [email protected] 91 [email protected] 92
Benefits and Risks General Internet Issues of Using Computers & � Amazing resources on the web for victims and advocates if accessed safely the Internet � Discuss computer safety planning if you give a VAW/DV/SV website address � It is NOT POSSIBLE to clear all “footprints” � Assess credibility of information � Look at which state(s) the info covers
[email protected] 93 [email protected] 94
Internet History, Temporary Internet Severe Limitations Files (cache) & Cookies of History “Window Washers”
Temporary Internet Files (Cache) [email protected] 95 [email protected] 96
16 “SpyWare” or Computer Adware Vs. Spyware Monitoring Software � Adware (AKA Pestware): client-side ad serving software that delivers advertising to consumers, and might also profile users’ Internet surfing & shopping habits. This is normally downloaded by the user as part of a free software bundle via the Internet. Symptoms: sluggish system, lots of advertising pop-ups
� Spyware (AKA Malware, Surveillance Software & Hardware): software program or hardware component that helps an an unauthorized third party (such as an abuser) to gather information about the user’s computer use without his or her knowledge or consent. Symptoms: often none, they typically run in stealth mode so user never knows it’s installed [email protected] 97 [email protected] 98
SpyWare Trumps All ComputerGOD: Makes Remote Computer Talk “…the most powerful remote surveillance & control program on the market.” � Silently records all keystrokes, websites visited, email received, passwords, instant messages, details of applications & windows opened, & snapshots of the screen taken periodically.
� Control most functions of a remote computer: you can restart, shutdown, & logoff a computer, send chat messages, control the remote computer’s desktop & mouse, transfer files, & make the remote computer talk any words.
� Remote installation capable. Designed to allow a user to monitor & control multiple computers. ComputerGOD 1.00 [email protected] 99 [email protected] 100
Scene 2: Abuser comes home or has remote access
[email protected] 101 [email protected] 102
17 Screenshots of My Email
[email protected] 103 [email protected] 104
Loverspy Creator & Users Indicted August 2005
� Disguised as puppies & flowers e-greeting card � marketed at $89 to “catch cheating lovers” � Creator indicted for manufacture, sending, & advertising a surreptitious interception device. Also unauthorized access to protected computers. Charged with: 1) Eavesdropping, 2) Installing an � Violated US federal computer privacy laws = Eavesdropping Device, 3) Unauthorized Access, & illegally intercepting electronic communications 4) Using a Computer to Commit a Crime [email protected] 105 [email protected] 106
Warning: IF spyware already on computer… THEN risk of imperfect or no detection by Keystroke Logging Hardware later installing countersurveillance, firewalls, anti-virus programs
[email protected] 107 [email protected] 108
18 Approx Cost KeyGhost External Stand-alone Models KeyGhost Home Edition 128K Flash Memory - $89 $3.99 KeyGhost Std 512K Flash Memory - $99 KeyGhost Pro 1 Megabyte Flash Memory - $149
KeyGhost Security Keyboards (all brand name) KeyGhost Hardware KeyLogger Keyboards - from $129 Keystroke logging keyboards
[email protected] 109 [email protected] 110
Some Anti-Adware & Anti-Spyware Protections & Security: Programs (Sniffers) 1. Anti-Virus & Anti-Spyware software – keep For Adware, use (in order of effectiveness): updated definitions � Giant Anti-Spyware giantcompany.com 2. Install Firewalls – to filter incoming data � Spy Sweeper www.webroot.com packets, ports, protocols, etc. � AdAware www.lavasoftusa.com/software/adaware • Software – ex: free Zone Alarm � SpyBot Search &Destroy • Hardware – ex: Linksys Cable/DSL router <$100 www.safer-networking.org/en/download • Network wide (LAN’s, WAN’s, VPN’s) & home use For Spyware, use: 3. Promote use of encryption (scrambles data – � XBlock (freeware version) need key) & authentication (passwords, http://www.xblock.com/installer.shtml passcards, etc) for sensitive data. Especially Note: NONE of these programs can guarantee detection & for wireless networks. removal of adware & spyware. For that, you must reformat the hard drive [email protected] 111 [email protected] 112
Safety Tips for Advocates Safety Tips for Survivors
� Regularly ask survivors: � Create a new email account on a safer computer � “Do you use a computer?” and � Change passwords frequently, don’t use � “Does the offender have onsite or remote access to it?” obvious ones � Encourage using a “safer” computer at � Don’t open attachments from an unknown the library or elsewhere source � Discuss risk from tech savvy stalkers � Install a personal firewall & � SPYWARE trumps all anti-virus protection
[email protected] 113 [email protected] 114
19 Website Accessibility Password Safety Safety & Spyware � Change your password often � Does your organization have one? � Don’t use something obvious � What sort of information does it � Incorporate numbers, letters, and provide? characters � Don’t tape it underneath your keyboard � Don’t share it or let someone else use your computer when you’re logged in � Alphanumeric Password: N4XF6
[email protected] 115 [email protected] 116
Why Don’t We Publish this Info on the Web?! Make Your Website Safer � It’s vital to get tech safety information to victims! � Minimize info. that educates abusers But we need to do it in ways that do not give ideas or explicit instructions to abusers and perpetrators. � Encourage use of safer computers Example: “There are cell phone settings that can be � Don’t post personal info. without consent used to monitor you… so it may be safer to turn cell phones off when not in use”. We don’t publish details � No email addresses about “silent mode + auto answer”. � Please do NOT post explicit tech information on � Support informed choices: on every page the web, or publish in newsletters that will be have an alert to survivors about online posted on websites. tracking & safety risks � See NNEDV website (www.nnedv.org) and/or contact Safety Net Team ([email protected]) to discuss further.
[email protected] 117 [email protected] 118
Safety alert: computer use can be monitored & is impossible to completely clear. If you are in danger, please use a safer computer, call your local hotline, &/or call the National Domestic Web Forms vs. Email Addresses Violence Hotline at 1-800-799-SAFE. If you are at a safer computer, click here to read more. The safest way to reply to me is by: Website Safety Alerts (see handout) � Phone • There are hundreds of ways that If you are in danger please: Enable Informed Choices Is it safe to leave a message? computers record everything you do � Call 911 � Call your local hotline, or __ yes __ no on the computer and on the Internet. � Call the National Domestic • If you are in danger, please try to use Violence Hotline: 800-799- � Email SAFE a safer computer that someone � Call Rape, Abuse and Incest � Mail abusive does not have direct access, National Network (RAINN) or even remote (hacking) access to. Hotline: 800-656-HOPE Web forms don’t • It might be safer to use a computer in a public library, at a place a copy of community technology center (CTC) www.ctcnet.org (national the sent message directory), a trusted friend’s house, or an Internet Café. in the sender’s Email is not a safe or confidential way to talk Traditional “corded” phones to someone about the danger or abuse in are more private than cell yourt life, please call instead. phones or cordless phones. [email protected] email application119 [email protected] 120
20 What is Web Accessibility: Make Your Website Accessible �”The power of the Web is in its universality. Access by everyone regardless of disability is an Screen essential aspect.” readers can - Tim Berners-Lee Inventor of the World Wide Web speak the content of � Web Accessibility on the Web is about Web pages Universal design. aloud to a � The design of products and environments to be usable by all people, survivor to the greatest extent possible, without the need for adaptation or who is blind specialized design. or has Universal Design right handed only dyslexia.
[email protected] 121 [email protected] 122
Your Website - Accessible to all? � When the screen reader gets to a picture: Safety Issues in Online If you put an “alt” code text description of the image, a screen reader will say: “Click Communication: here for help” •Email � •IM & multimedia Without that text description, the screen •Counseling reader will only say aloud “image”.
[email protected] 123 [email protected] 124
Online Advocacy: Benefits & Risks? Email Privacy Tips for Survivors Potential Benefits: Significant Risks: � Accessibility � Privacy Breaches � Have more than one email address - work, �No child care/transportation home, anonymous, online ordering, etc. � � No worry about being Interception (Spyware) recognized walking into a � Impersonation � Create new email accounts the abuser building doesn’t know about. Use new secret � Harassment � Online translators or passwords - no birth dates. language specific support � Helpfulness (untested) � Ask friends/family to not share new email � Geographically remote � Assessment Difficult locations, rural folks � Organizational Liability � Consider having a separate account for � Virtual support group option abuser emails regarding custody & visitation across communities, towns: � Legal Jurisdiction decrease isolation, increase � Use safer computers when accessing new support for minority groups in � Duty to be Available – homogenous communities Technology Breaches email [email protected] 125 [email protected] 126
21 Advocate Email Use Advocate Email Use � Remember, anyone who emails might be � Include email and other forms of surviving abuse…even if the person does communication in organization policies not disclose they are a victim. Have organizational policies � Never send client names or identifying about how to most safely information in email respond to email from victims. � Use web forms instead of “mailto” email � Discuss appropriate use of work email addresses on Organizational websites. � Learn about security for emailing to Include features that promote “informed coworkers within your internal network consent” in your web form. vs to external consultants
[email protected] 127 [email protected] 128
Tracing Emails - It Can Be Done Example: Email Roadblocks � Internet Service Providers (ISP) assign a user an IP when they log-in (Dynamic or Static IP address) � Forged headers � ISP keeps subscriber info (name billing): � Annonymous Remailers – remailer strips header connection logs of who used an IP address & when from original email and inserts a different header and resends the email – sometimes routed � Emails Header info. crucial to tracing: delivery path through 3 remailers info…mail server info, IP addresses, dates & times � ISP’s that don’t retain records for long � Computer Investigation/forensics & threat � What else?? management units can trace all of this � OR you can go to WHOIS info: www.samspade.org
[email protected] 129 [email protected] 130
(IM) Security Threats Multimedia Instant Messaging Instant text messaging with people on your � IM can transfer text as well as buddy list. Access to a universal address book. files such as worms or spyware. Send/receive IMs from your mobile device � IM can open you up to backdoor Audio connect and phone: Use Voice Chat Trojan horses & viruses by talk to up to 20 buddies at a time. Activate a free opening a listening port on your phone line to get a local phone number with unlimited incoming calls, caller ID and voicemail computer, bypassing your delivered to your mailbox. firewall. Video chat - its like a high-quality video � Once your firewall has allowed conference. Plug in your webcam and look at IM in, the connection stays open each other while you chat. – hackers can get in. Can increase accessibility Might be used for � Messages are not private. Your signing between two people who are deaf messages can be viewed by Use IM via a web browser interface. *to protect others. against trojans, this is safer IMing
22 Encryption Tools Example: Crisis Center of NE Texas
Email (PGP) Pretty Good Privacy 1.Create user http://www.pgpi.org/ ID & password Instant Messaging 2.Leave 1. After download IM programs request 2. Download Gaim: multi-protocol IM client 3.Sign back 3. Add Off-the-Record Messaging (OTR) – then into website have private conversations with: Encryption, to get Authentication and additional security response
[email protected] 135 [email protected] 136
Online Advocacy
� Many risks re: “protected conversations”, organizational liability, etc. � Have a policy � discuss safety & confidentiality risks and alternative options before considering � Weigh different risks per method (email, discussion software) for one-on-one contact vs group, closed vs. open.
[email protected] 137 [email protected] 138
23 Virtual “Speak Out” Safety Online Forums “Victims reaching out to other victims” � Talk to survivors about the ways that they use blogs for empowerment and healing � Safety plan around identity and online searches � Discuss ways that blogs are used to harass or abuse – comments, monitoring without survivors knowledge, etc. � Who has access to your story? � Online name linked to real identity? � Archived by search engines?
� Who moderates? [email protected] 139 [email protected] 140
Example of Blog Posting “It does happen to people like you & me. Trust me, I know. Online Social Networking I’m Hanne. I’m a survivor of sexual violence. No Pity. No Shame. No Silence.” � Since 2001, online social networking has expanded to over 300 websites, including:
� Friendster, MySpace, Facebook, LiveJournal
� Tagged, Tribe.net, Xanga.com, Meetup.com � Very popular, huge growth in use.
[email protected] 141 [email protected] 142
A Sample MySpace Page
[email protected] 143 [email protected] 144
24 What are the Risks? SAFETY TIPS � Your friends’ friends’ friends will be able to see your info and become part of your social circle � Personal info posted online is not private— like a billboard on a highway � Predators troll online communities to find victims From � Family, teachers, coworkers, coaches, MySpace & employers can all access your info Tagged
[email protected] 145 [email protected] 146
Be a Savvy User Data All Over The Web: � Use code phrases � Think 2x before posting personal info Abuser Access & � If you use your dog’s name as a Survivor Safety password (which you shouldn’t) – don’t post your dog’s name online! � Think before accepting new “friends” � Think before posting photos - Adults need to model
[email protected] 147 [email protected] 148
Data All Over the Web Individual & Organization Sites
� Directories & Search Engines � Maps & Hybrid data (GIS) � Court & Government Sites PTA � Individual and Organization Web Pages � Information Brokers Combining networked databases, tracking devices and increasing commerce/services on the web = CHALLENGES for survivors [email protected] 149 [email protected] 150
25 ZabaSearch ~ Free Databases Court & Government Sites Births Adoptions Courts Marriages Sex offenders Military Schools Property Vehicles Licenses Campaign $
[email protected] 151 [email protected] 152
Private Sex Offender Registry Websites Pima AZ Tax Assessor Records
[email protected] 153 [email protected] 154
Pima Tax Records -- Map Links Geographic Information Systems to house -- has floor plan
[email protected] 155 [email protected] 156
26 Maps: Satellite & Hybrid Data Latitude & Longitude of NNEDV
[email protected] 157 [email protected] 158
SE DC ~ Towards NNEDV NNEDV closer
[email protected] 159 [email protected] 160
NNEDV office block Directories & Search Engines
people, place phone [email protected] 161 [email protected] 162
27 Shrinking Anonymity Social Engineering � Clever manipulation of the natural Access to Databases: human tendency to trust � Weakest link in security for any system directories, courts, is our willingness to accept someone at taxes, voter, Jiffy Lube, his/her word car repair, grocery store, � Most common method of gaining access to passwords video rental, etc. � Limit who has access and knowledge of passwords
[email protected] 163 [email protected] 164
Pretexting
� A police officer seeking revenge against a former girlfriend hacked into the woman's e-mail Pretexting & Data account, assumed her identity at an online dating service and contacted 70 men, inviting some of them for rendezvous at the woman's home. � The woman discovered the scheme when male strangers began appearing at her house, claiming she had solicited their visits via Match.com.
[email protected] 165 [email protected] 166
Information Brokers …Beware of Pretexting
[email protected] 167 [email protected] 168
28 [email protected] 169 [email protected] 170
Take Reported High-Tech Amy Boyer Case Stalking Incidents Seriously 1. Online broker Docusearch, obtained information � 54% of femicide victims reported @ Amy Boyer with a pretext calls.Sold Amy’s stalking to police in the year before they SSN & place of employment to stalker. were killed by their stalkers. 2. Stalker then found and killed Amy � 46% of attempted femicide victims 3. Family sued online broker. NH case established: reported stalking to police in the year prior
� Gathering personal info. by pretext violates consumer to the attempted murder. protection laws � Recidivism rates in stalking cases are � Investigators/brokers must exercise reasonable care rd around 60% -- Even after a criminal or in disclosing 3 party personal info to a client civil justice intervention!
(Stalking and Intimate Partner Femicide, McFarlane et al., 1999) [email protected] 171 [email protected] 172
If Survivor wants to Investigation Issues Report Crimes • Believe the victim even though seems “sci-fi” ☺ • Identify & Work with Technology Crime Unit • time may be limited for some evidence • Preserve evidence asap (letter to ISP, digital voice • Safety Plan (Technology Safety Plan) mail, etc) • Document & Save (Tips for Victims of High Tech • Work with victim to document & make sure her/his Stalking – Log Sheets) logs contain appropriate information for investigation • Survivor can check cars, test situation, but do not • Explore training resources for High Tech remove or delete evidence Investigations • Will the investigation of a tech crime impact other important parts of her/his life? (taking computer)
[email protected] 173 [email protected] 174
29 Preserving Evidence - Subpoenas, DOJ/NIJ Recommenced Search Warrants, Court Orders Resources:
� Seize computer � Credit Card � Digital Evidence in the Courtroom: A Guide For
� Internet history Purchases Law Enforcement and Prosecutors (Jan. 2007)
� Bookmarks � Pornographic web � Investigations Involving the Internet and sites Computer Networks (Jan. 2007) � Dating web sites � Look for unknown � Forensic Examination of Digital Evidence: A � Software Guide for Law Enforcement (April 2004) accounts purchases � Hotmail � Electronic Crime Scene Investigation: A Guide
� Yahoo � What else? for First Responders (July 2001) � Geocities [email protected] 175 [email protected] 176
Victim-centered processes Survivor-led safety planning
• If reported, is victim ready for media coverage? Will it impact a survivor’s safety and ability to assist in a Data Safety prosecution or perpetrator accountability steps? • Will investigating a cybercrime impact important Concepts parts of her life? (e.g. taking survivor’s computer) • Work with the survivor to identify what will best hold perpetrator accountable without further victimizing, endangering, or negatively impacting her/him • SAFETY SAFETY SAFETY
[email protected] 177 [email protected] 178
Between Feb 2005 and June 2006, over 84 million Americans have had their personal info compromised Challenges of Digital Data
� Note: Internal paper use is almost equal to SECURE internal computer use of data
� Combined Data – too much info in 1 place
� Exported or Shared Data – lose control
� The more data that is collected, shared, & combined, the higher the risk for victims
[email protected] 179 [email protected] 180
30 Why Confidentiality, RFID Credit Cards & Toll Passes Privacy, Data Safety? Radio Frequency Identification � Victims won’t come to our doors
� Info could get to Perpetrators, Community, etc
� Inappropriate info could end up in wrong place
� Info in records could get into hands of abuser’s attorney…
RFID is an automatic data capture technology � FOIA, Discovery, Liability, etc that uses tiny tracking chips affixed to products [email protected] 181 [email protected] 182
Information is Power: Information is Power: Theory & Practice Theory & Practice � Core Value of Confidentiality � We want to increase her/his access to advocacy, justice, & services � We all choose who we’re willing to tell what – it’s normal & important � We want to save ourselves work ☺ � We don’t need to know everything to � Sharing data has some benefits, but do good work and help victims MANY risks � As a survivor, its my personal � Sensitive & privileged info must be information, I hold the power of my protected own info
[email protected] 183 [email protected] 184
Things to Ponder Data Terms � Victims can also be defendants – protecting their location information can save lives Personally Identifying � Perpetrators can work in the system Client Level � Hackers are adept at getting into systems Aggregate � 70% to 90% of security breaches are Internal 1 study: 81% of security breaches originated internally, Informed Consent another 13% percent came from ex-employees, 6% from external hackers
[email protected] 185 [email protected] 186
31 Informed Consent: Just some elements required Victim Data Analysis
1. The expected duration of the subject's participation Why: Purpose of Collection/Sharing
An explanation of whom to contact for answers to pertinent questions about 2. Who has Authorized Access the research and research subjects' rights, and whom to contact in the event of a research-related injury to the subject 3. What is the Content of the Record A statement that participation is voluntary, refusal to participate will involve no penalty or loss of benefits to which the subject is otherwise entitled, and 4. Where is the location of the Data the subject may discontinue participation at any time without penalty or loss of benefits, to which the subject is otherwise entitled 5. How Long will the info be stored?
A description of any reasonably foreseeable risks or discomforts to subject 6. How Secure is the Data A statement describing the extent, if any, to which confidentiality of records 7. Who else wants the info (Function Creep) identifying the subject will be [email protected] 187 [email protected] 188
Data, Stats & Security PRIVACY � NO confidential client names on any Includes a survivor’s right computer connected to the internet � Store any confidential info on a separate to own her/his stories… computer in a locked space, or use a removable hard drive to lock away data � Install a software Firewall (even a free one) � impacts safety & healing � Keep your Antivirus software up to date � NEVER open attachments from unknown � influences quality of life sources � chances of revictimization
[email protected] 189 [email protected] 190
Data Collection PRIVACY POLICIES Use Technology
� Have them! & Data � Develop privacy & technology policies Practices that OR add tech issues to existing policies
� Include who has access to what, when Support & Create purged/deleted, security, etc Safety
[email protected] 191 [email protected] 192
32 Incorporating Your New Tech Awareness Next Steps: Key Questions to Consider
1.How can you share this information within your organization? This project was supported by Grant No. 2004-WT-AX- K082 awarded by the Office on Violence Against Women, 2.Who else do you need to bring into the U.S. Department of Justice. The opinions, findings, conclusions, and recommendations expressed in this conversation? presentation are those of the author(s) and do not necessarily reflect the views of the Department of Justice, 3.What will be easier to implement? Office on Violence Against Women. 4.What will be more difficult to implement? 5.How does FJC co-location make it easier to implement, or harder?
[email protected] 193 [email protected] 194
Safety Net: the National Safe & Strategic Technology Project at the National Network to End Domestic Violence 660 Pennsylvania Ave, SE Suite 303 Washington, DC 20003 Phone: 202-543-5566 Website: www.nnedv.org Email: [email protected]
This contact information is intended for advocates and allies. The project does not have staffing and coverage to take calls directing from victims/survivors. Advocates are encouraged to contact the Safety Net Tech Team about individual victims by phone or email for assistance (identifying details about the victim are not needed)
33