Cyberstalking Target Clean Communication Protocols
Authors: Andrew Lewman, Sarah Cortes
Protocol to Determine if a Client is a Target of Cyberstalking
For handling new victims
- basics of info compartmentalization
- In a 5 minute conversation, we’ll generally know their full name, married or not, likely abusers, what sites they use normally, what sites the abuser is using against them, if they have compromising photos being modified, and if they use the same username/password with all their favorite sites. From this short conversation, I can google them and with surprising accuracy, find where they work, what they look like, if they have kids, etc. If it’s this easy for me, it’s this easy for abusers.
- Data point: 9 of the 12 previous victims were identified correctly after the initial conversation through google searches.
- better password management
- keep username/password combinations distinct per website. browser-based plugins for password management work well
- use Keepass just don’t forget the master password
- sort out what images/texts come from where
- figure out where images or content is originating. Is it private? Is it public? Is it only on your FB? G+? Twitter? private conversation in a public space (who else was around?) Did you take a picture with your phone but never uploaded it anywhere? (beware fb and apple auto-upload features)
- Figure out if you’re being stalked by your phone or not
- if you’re unsure, assume the phone is always recording. Do not bring the phone to a safe place and use a safe line. leave it in the car, at home, at work.
- if not too risky, leave phone at home and go somewhere abnormal (out of town shopping, take a different bus/subway route) and see if there is a response such as “why did you go to x?” or “how was x?”, then do the same with your phone.
- the phone is a microphone, it can be enabled remotely and at all times. Think about “butt dialing”, except the abuser turns on the microphone at will.
- go to a store, take a picture of something in a magazine, or anything really, leave the picture on the phone, never upload it. See if that picture is sent to you by the abuser.
- say things in an empty room or place where it’s just you or the phone, see if this info makes its way back to you.
- Record everything that seems odd
- keep a log. Sample log sheet
- fb, g+/gmail, etc all present your last IP address on login. Keep track of these. Even if abuser is using Tor, they will screw up or get lazy and not use Tor a few times.
- most email systems keep record of local IP/hostname in their headers. As disturbing as the emails can be, look at the headers and record the IP in the very first “Received: by” just above the “To:” and “From:” lines.
- if someone is sending you images, if you can ignore the content, look for EXIF data, look for watermarks or other data embedded by photo editors (photoshop, and gimp, etc stamp images with unique data).
- actual photographs from most high-end cameras contain a unique serial number embedded in the picture. While this doesn’t help you directly, it will help with evidence if the abuser is caught/arrested/served a warrant.
- Most commercial providers store lots and lots of information about you and who contacts you. While you generally cannot get to this data legally (ironically), most law enforcement can without subpoena or warrant. Saving text/sms messages, emails, images, into a separate “abuse” folder can provide lots of evidence for a detective.
- Many police departments have an internet-specialist detective. The skills of the person will vary greatly, but you’ll have better luck with them than others. Bonus if they can work with the domestic violence trained people on the force. Having this person talk to me is generally a good idea, if possible.
- If someone has broken into your home, you cannot assume your home is safe from monitoring. It’s cheap and easy to setup wireless cameras and microphones. Some use your wireless network, which means you can find them with some skills. Some use cellphone connections to dial back or upload data periodically. There will be no phone dialing sound, they are silent. However, when discovered, they’ll have a phone number, and you can go to the phone company (or your detective) and get the list of numbers it dialed, how often, and if anyone dialed into it.
General Phone Communication Protocol
- At the very beginning of the call: do not discuss at that moment whether or not the line is recorded by a hostile party
- if the partner or person on the call brings it up, redirect away from this topic as the hostile party will overhear
- always ask the client or person on the call at very beginning of conversation what phone they are using
- if they are not on a land line, and you cannot forensically examine their telecommunications device, you must assume the call is recorded by a hostile party. Whether it is or not is not possible to determine without forensic examination
- make arrangements for them to call you back from a land line, preferably not in their own house, preferably from a secure location
- Terminate the call as soon as possible. That call is over.
- land lines can be recorded by a non-government agency employee abuser, but it is significantly harder than recording a cellphone
- Government agencies can more easily record land lines. For non-government employees, cellphones are easier.
- also as a general rule, conduct a diversionary conversation with the victim intended to confuse hostile parties and lull them into a sense of security that they are not detected. Else, they can become enraged and also take countermeasures which will defeat target’s measures to avoid them overhearing. I explain this to the victim later or beforehand when we are talking securely.
- When working with a client or anyone whose phone may be recorded, prevent your own contact information from coming into the scope of the hostile party. Once they call you back from a land line:
1. Follow steps 1-5 above at start
2. once you are sure they are on a land line, ask where their cellphone is at that moment
3. it must be either:
- if near them, with batteries out. Turned off does nothing as usually phones are really microphones which work at all times. Option A is worse than option B as it may alert hostile party their recording is known. Note: iphones require a tiny screwdriver to take out battery.
- in client’s car or other room away from victim with door closed. A better option as they can pretend they “forgot” it
- once you are sure of all of the above you can proceed to communicate.
- be aware, email communication with them may likely be compromised
- they are likely GPS tracked also. That means their cellphone sitting outside in their car is informing the hostile party of their physical location while calling you. Some targets are more and some less able to grasp the reality of wiretaps. Assess this and work with them and try to help them grasp this in a way appropriate to each person.
Cellphone Communication Protocol
- Use a disposable prepaid cellphone purchased at a convenience store
- Change default password immediately
General Computer Protocol
- If possible, target should cold boot the machine they are using
- First insert Ubuntu Thumb Drive
- Be sure there are no CDs or other thumb drives inserted
- Then cold boot the machine by turning it off and on again.
- When finished, remove Thumb drive
General Browser Protocol
- Start Firefox
- Clear History, wipe cookies, or simply reset firefox to defaults when done.
Email Communication Protocol
- Use freshly cleaned Firefox
- Set up gmail/yahoo/outlook acct thru this clean browser
- Suggest http://www.mailinator.com/ service to defeat email requirement
- Review yahoo, other email acct requirements
- Use disposable tracphone for cellphone info. Must change default password immediately