April Wright -Digital Separation: Reclaiming your data, post-relationship and using risk-based OPSEC

thank you hi i'm april wright i am a preventative security specialist i've been doing this for a really long time i have a lot of interests um and opsec is one of them operational security um i have uh been through this process myself so i know a lot about it and i decided to write a talk about it after having gone through it because i'm sure that a lot of people other people can benefit from it so um i should stipulate that i'm not a counselor i'm not a doctor i'm not trained for any of this um you can find me online at architect security.org and let's jump in so there the inspiration for this talk was a

great schmidt talk essentially tldr a friend of the community passed away and they had to do digital forensics on his entire life trying to break into bank accounts like not breaking into but trying to get into bank accounts using social engineering um doing all kinds of different types of forensics to try to figure out where things were where is his insurance what are the passwords that kind of thing so the the answer was essentially to have a sort of legacy drawer which is maybe not a drawer but maybe a safety deposit box um that has the a master password for your password manager and printed copies of important documents things like that so that's that's one of the inspirations

the other one is um having gone through this it is incredibly tough um so not all breakups are due to abuse and not all breakups leads to stalking so if you're lucky enough to be peacefully decoupling this talk will be useful to you still even especially from an ocean and checklist point of view um you may encounter this situation in the future or you may have a friend that will unfortunately so this talk was specifically developed to address hostile breakup scenarios where one person doesn't want to break up when a partner is being abused or when someone's trying to get away from their partner much like would consider public wi-fi to be a hostile network

we must also consider worst-case scenarios and defend against breakup-based threats so even if your partner is not malicious they may still have personal info about you there's digital connections and they can also be used as a pivot point for attacks against you um i truly hope that nobody's in this situation um where you need to escape a relationship but i also know that's not going to be true so my heart goes out to each and every one of you um i am a survivor

i just got muted okay um so uh whether you're here for yourself or here to help a loved one understand that these concepts and activities and challenges are difficult really difficult but you're here and that's a great step so this is an official trigger warning not everyone's going to be ready to deal with this material you may be a current victim of cyber stalking or abuse or you may know somebody who is this content is not meant to inform and help but it may not be easy for everyone to watch so if that's the case for you please consider watching later when you're in a better mindset or when you're ready to help or when you can pause or stop or resume

at your own pace if you're in danger call 9-1-1 obviously but don't worry this isn't going to be that bad so more inspiration for this talk um some disturbing statistics i can never say that word i won't go into all of them but one in three women and one in four men will experience a violent partner in their lifetime and one in four women and one in 13 men will be a victim of stalking in their lifetime this doesn't even begin to count the number of people who have been subjected to non-physical forms of harm such as mental verbal psychological or financial abuse so i'm going to start this out kind of mythologically dark um before i start this story i should

note that the trans traditional translation of the latin word rape or raptus means seized or carried off carried off and does not specifically refer to sexual violence so jean lorenzo bernini's statue apollo and daphne as you can see here was a um it's an unnerving depiction of unwanted desire in ovid's poem metamorphosis the greek god apollo was an insecure narcissist sound familiar the virgin nymph daphne does not want to marry anyone so cupid shoots two arrows one that makes apollo desire daphne and one that makes daphne repulsed by apollo when daphne realizes that the stronger and faster apollo will eventually catch her she asks her father for help his solution is to turn her into a

laurel tree like you do which will make her ugly and impossible to rape this is kind of symbolic of how some people will specifically women will wear ugly clothing baggy clothing eat compulsively and try to make themselves less attractive targets so yet even after becoming a tree apollo touches her she recoils beneath the tree bark to his touch over explains he loved her still he placed his hand where he had believed her heart would be beating under the bark and he embraced the branches as if they were still limbs and kissed the wood daphne however still resisted and the wood shrank from his kisses she is disgusted with his obsession with her and clearly wants him to leave her

space you know paula does not show any empathy or compassion for this woman who he just hounded into becoming a tree he declares that the laurel tree will not be his tree that way everyone will think of him when thinking of the laurel tree in this way apollo completely erases daphne as even a memory supplanting her entirely with himself and his narcissism he uses the tree's leaves as his crown the laurel crown and in the greek language the word for laurel is daphne so sculptor bernini captures the precise precise moment when daphne symbolizes um it's from a woman to a tree apollo grasped at destiny's torso which has already begun to take the form of bark

while roots sprout from her toes and erupt from her flowing hair as she lunges skyward away from apollo her body tilts on her open mouth strains as scott scholar andrea ballard put it even daphne's expression seems to betray a transformation the fear of being caught gives over to horror at the means by which she will avoid capture bernie conveys apollo's savage sexual appetite through movement the god's hands flexed the robes threatened to slip off his waist and a spray of leaves emerges from daphne pointing to his groin so i was curious i wanted to see this spray of leaves that was emerging from daphne that is pointing to his groin that she used to protect herself

so i found another angle and honestly was not disappointed i personally wanted to do this myself so kudos another tale from ovid's metamorphosis robs around the abduction of persephone and you might remember this story um she ate six pomegranate seeds on the underworld and uh she ended up having to spend six months in the underworld and six months above ground and that's how we got sure however you probably don't realize what a horrific story this actually was um this is also a bernini sculpture called pluto and persephone and it harbors similar thematic concerns about unaccepted rejection consent and violence so like apollo and daphne the story and sculpture depict the savage sexual hunt of a goddess by a god

bernini expresses the pain and sorrow as pluto clutches at her tender skin in the form of an agonized expression and a single tear these stories unique ability to convey emotional and physical strain of rejection and stalking is irrefutable these masterpieces disturbingly depict unwanted pursuit and predatory behavior if you think this is uncommon throughout history it's not here are some examples from ancient history when documentation was scarce and many stories went untold this doesn't even begin to approach modern documented history or the things that happen with modern technology so why have i included these stories because relationship violence threats stalking and beyond have been happening since the beginning of time which doesn't make it right but what has changed is that we now have

a new life online which allows an entirely easier and larger avenue for victimization this talk will assume the worst case breakup scenario as its premise so if you or a loved one is going through something like this i just want to say you're not alone again but you're pink so what happens when i do becomes i do not so here's a possible hostile breakup landscape you're dealing with a someone who's suddenly untrusted they are probably fairly technical technically savvy because most people are these days um you have a shared circle of people that you know um and they know a lot about you they probably know your social security number your birthday your mother's maiden name some of your

passwords your banking info that is basically our threat landscape so the threat for the person who's being broken up with um tends to be controlling manipulative uh they believe that they have the right to oversee all aspects of a relationship they often see themselves as victims uh and they will try to keep you from leaving um and they will sometimes even physically keep you from leaving the cycle of relationship grief which is denial anger depression bargaining and acceptance um the everything before acceptance can be very painful and become a nightmare for the victim grieving partners can quickly go from partner to threat so the target the person who's trying to get away they have been through so much normally

that um they have lost self-confidence they they don't feel like they're worthy they may stay in the relationship despite how unhappy they are because they have children or they're dependent on the other person or um there's community ties that are do not approve of um divorce or people leaving and um it a lot of abuse and bad relationships involve brainwashing and gaslighting which uh will sometimes convince someone that you know no one else will ever love you like i do that kind of thing um so stalking and bullying victims where they don't know the person so like it's a stranger on the internet um they live in fear just like somebody in a relationship um about with anxiety and fear about

what can happen who is this person what will they do next um and so there's a lot of risk that we have to manage so personal risk management uh the number one goal safety personal safety keeping yourself safe and alive so that you can build a better life um the next step is protecting your privacy protecting your privacy can protect your safety and we'll get into more about that later feeling and control is extremely important as you transition to independence you need to feel like you are making the decisions so we need to protect our assets and remove access that the person may have um try to avoid surveillance that they may try to implement and mitigating and minimizing

threats from the threat and finally monitoring for intrusion attempts and indicators of stalking which are a lot like iocs okay so i'm clearly a goddess but what does this have to do with security uh so we live in an inner connected world but it's just growing by leaps and bounds with iot and all kinds of other things so it's incredibly easy to spy on someone and watch people and um see where they're going and see what they're doing and try to sneak back into their lives anonymously we can't change a lot of our pii you can change your name and your social security number and some other things but if somebody knows your information about you they could use it

against you so it also allows uh through social media and other chat platforms for the threat to get in touch with people that you know um and they could do it on anonymously they could do it uh by pretending or impersonating someone else um we tend to overshare on social media so um if you are checking in to the local pizza place um they're going to know where you are they're going to know where you go they're going to know where you go regularly location tracking is basically built into almost every app and every device imaginable so it is a problem and a spycraft gear like hidden cameras and hidden microphones and things like that are readily

available to the general public and they're fairly inexpensive so over time our lives do tend to become digitally intertwined especially if you live together when you end a relationship some of the possible complications are moving so you might be moving to a new city to get as far away as possible um you're gonna have to make new friends learn uh new uh uh new routes to work you're gonna have to learn um where things are and that is very stressful um even worse you might have to stay local because of family or kids that are shared kids are going to bring up a whole separate set of issues because you are probably not going to be able to maintain

anonymity for your address and other things because there's going to be court documents and other um other types of things that happen so um you're going to have to put up different kinds of protections um if you own assets and houses and or a house or cars or furniture or business even you're gonna have to split that up and you're going to have to um either but one person might buy somebody else out of the house or you might saw the house all together so there's going to be some some back and forth there um and there might be disapproval from people they may love your partner because they're probably very charismatic and as many narcissists are um

so there may be some pushback there as well as religion you might have shared services like you're gonna have to get your own netflix you might have to get your own accountant um if you have uh copies of important documents you're gonna want to make sure that both sides have them and you you may even have shared bank accounts and credit cards and loans and things that are going to have to be decoupled so let's think about a scorned or unhappy partner as a sort of advanced persistent threat or apt the partner who does not want the relationship to end we'll call them the advanced partner threat so they have common threats tactics and procedures ttps just like a regular apt

so we threat we fight those with understanding awareness and action when it comes to cyber bullying um anything goes the most common types of things are messaging um and uh and just trying to get in touch with the person um there's also spreading of rumors uh sharing uh photos or videos that are embarrassing uh revenge porn is something that's definitely very common in these types of scenarios they may create harassing websites or fake profiles that's one of the most common and once that content is out there it is most likely widely distributed and hard to uh to get off the internet and there's a concept of internet permanency where once it's on the internet it's

forever so it's probably indexed somewhere or copied somewhere and it's never going to go away so stalking the elective online spying on the victim um embarrassing them sending them spam signing them up for a hundred thousand spam emails um trying to prevent them from being able to do things social engineering they may call your work or your apartment or something and try to get information about you they they may try to um deface or um or do something with your own social media site um they could dox you they could provide all of your information um they could humiliate you there's all kinds of things that could just be so embarrassing that they could do

even if even if they're lives um financial control is another interesting one um probably less common but they could install ransomware on your computers if they have access they could extort you uh let's say they do have embarrassing information um they can commit other kinds of fraud or they could take money out of your shared accounts which is embezzlement so they could be them scare tactics and other types of things they could hire a third party they could hire a pi um they could impersonate you to try to um to get back into accounts that they've been locked out of or they can impersonate others to try to reconnect with you unwanted phone calls hang ups things

like that gifts letters flowers all sound very nice but not when you want the person to leave you alone uh they could be watching you from a distance uh spying with listening devices the spycraft types of stuff they could put a gps tracker under your car and you probably never notice or even uh they could be watching you with a drone i mean this is 20 20 like there are so many possibilities um they could have approached you or show up at work which could be incredibly embarrassing or possibly even dangerous um they could show up at your house uh school um anywhere that they know that you're going to be uh leaving threatening things um

i'm not talking about like a horse head in the bed i'm talking about maybe a note in the car that says like you know call me or something like i was here like just kind of showing that they can get to you um or uh they isolating you from other people by impersonating you or telling lies or other types of things also very common so cyber stalking is the crime of using the internet email or other electronic communications to stalk harass threaten another person it most often involves sending harassing emails instant or text messages or social media posts or creating websites for the sole purpose of tormenting the victim what's important about that is that stalking is

a criminal act it's criminal in all 50 u.s states um district columbia territories and at the federal level and we'll get into more about that later so it's usually a pre-lead to more violent crime so getting involved and intervening before it can become violence rape murder or kidnapping that kind of thing is really important um it is a serious problem but unfortunately until one of those things happen uh the people who are prosecuted for this type of thing usually get the minimum sentences so just to reiterate the attacks uh tend to be victim manipulation surveillance social engineering eavesdropping spying identity theft trespassing and these all have vectors that are both in person and digital so digital separation goals number one

safety number two privacy making sure that you document any negative interactions and we'll talk about why that's important later and initiating a hard stop for all communications with them that is not business related like you have to sign this paper so that um we can sell the house that kind of thing um and then uh setting up and uh monitoring for behavior that is not wanted so some of the realities of separating um you may be scared at times um you may develop some paranoia that may linger and last for a while um you may do crazy things seemingly crazy things like closing all your blinds because you think that your partner has you know that your partner has a

drone and you're afraid they're going to be watching you uh you may have to ease out of the relationship and you may need to be prepared to lie or distract or manipulate your apt to protect yourself whatever you have to do you need to do it to keep your safety so i'm calling this breakup craft because i think it's cute so reclaiming your digital identity moving towards individuality the first step is not always the actual separation there are some things you want to think about and do first so even if you plan to flee in the night consider the practical things that you can do before you leave to protect yourself if you have to get away quickly stay

with someone who understands your situation and is willing to protect you teach them ops for operational security even if they don't understand um don't go back for things things don't matter as much as your safety have a friend or family member go back to get things for you do not talk to the person cut all ties they will try to manipulate you gaslight you convince you to go back make sure you have someone to talk to someone who you can confide literally everything in even if it's not the same person that you're staying with if you hire movers this is very important tell them to not let anyone know where you'll be moving not just the movers who

show up for the job but also the receptionist have them put a note on the job to not disclose any information talk to a manager if you need to whatever it makes you feel most comfortable that they're not going to disclose information about you there is something called a address confidentiality program which we're about to talk about um but uh po boxes now have actual mailing addresses street addresses so that you can use them for certain things so get a ups box or usps box or or some kind of mail there's some other ways that you can do it you can for people who like live in rvs and they don't have permanent residences you can become a resident of like texas

and you can have all your mail sent there and um you are essentially you're being taxed at the texas rate and some other things so there's some there's some interesting uh things like that um that you can get into so confidential address programs um every state has one of these mostly um basically it is a male forwarding for you so that you never get mail sent directly to your home you have it sent to this address and then it is resent to you if you buy a house there is a paper trail to your location so there are things that you can do like start a living trust or um and and have that by the house um

renting doesn't usually have that kind of paper trail but um if you're very important if you're going to look into address confidentiality you have to do it before you move you can't do it after so access controls for identity you want to change passwords on all your personal accounts anything shared especially add a multi-factor authentication anywhere that's possible and use something on your phone versus something with sms because there are certainly ways to to get second sims sim cards uh for your phone using social engineering so randomly generated passwords and password managers for all accounts never reuse passwords hopefully you know this and ensure that you know the password of recovery answers for all of your shared

accounts so like what was their first dog or um what are what are the random answers to those things that they use so make sure that you have all of those things and then um change all of the uh uh physical things in your home so let's say you have a wi-fi um you want to change the name of the wi-fi the password for the wi-fi all of the iots um in your in your home that kind of thing so just completely changing passwords all across the board login sessions are very dangerous uh so when you log into like alexa or home google home or gmail or facebook or instagram or any of these kinds of

things um these connections persist so that you don't have to log in every time you connect to you ask alexa for something so if you've ever logged into facebook uh the that session could still be open somewhere so um this was a big oof for me uh i had logged into facebook on a shared computer and um did not realize that it was still logged in uh there was still access to my account to either post as me or read things that i had posted that were private or messages that kind of thing so um we're going to go into session detail um in a minute so before you change any passwords look to see if the service has sessions

that are open and close all of them before changing passwords you're gonna have to relog in but it's the price that you pay so social login is kind of a new concept um basically you go to a website and they say oh you want to create an account well you can log in with google or you can log in with um with twitter you can log in with uh facebook and then you don't have to remember another password but there's a problem with that um so i this is actually mine i went in and looked at um my apps and sessions and sure you know yeah there's only one app that's connected to twitter um but then i noticed uh there was a

login from san francisco about a month ago and i haven't been to san francisco since rsa back in february so i quickly closed that session um i don't know what what the deal with that was but um it's gone now um in facebook uh you can do the same thing um spotify you know i i use that as and i share that so that i can share music with friends um but you know i'm not using it for important things uh so i also made sure that apps websites and games and other types of things were turned off uh there's some more um things under facebook for business integrations and i'm not really sure how that um

differs from sso but i just went through all of my settings and checked to make sure that they were not allowing um personalized ads and other types of things uh google also has something similar so you basically click on your face in the top right corner and then it'll show you your devices and you can review all of those make sure that none of them are your apt's device um i found this uh just like on twitter i found this thing with uh um grammar checker and i was like i don't remember installing this so i just removed it no big deal um there's some other things that you can have an account link to

and there's a security check up so there's google has a lot of tools for locking down your account so i suggest just playing around in there and trying to see what um what is available and what's linked and making sure that you're minimizing that um instead of using uh social login use app passwords if possible so like google makes it so that um on my iphone i can have uh my google account uh for youtube um have a special password so that uh all of my devices can have separate passwords and that's an extra layer of security social logins are convenient you don't have to remember another password you don't have to put something else in

your password manager but you're also sharing all of the data from the uh the third party back to the social network and if you're paranoid about how much data the social network already has this is not gonna help um so it takes like 30 seconds to create a new password and put it into your password manager facebook should not be your password manager that's just silly it will maybe go away one day it may be unavailable it just do it the right way and um put it in your password manager so device security location services just disable them completely if you are currently being stocked or have some kind of cyber bullying or hostile breakup situation

if you go to tacobell.com and you can enter your your zip code manually they don't have to know your precise location there's almost no reason to locate to turn them on except maybe for max or something like that especially if you're dealing with a stalker so consider disabling the find my phone feature um if somebody is able to social engineer their way to into one of the app stores or an account that has access to that uh that is very dangerous so is the 800 000 you're going to spend on a new iphone that is nothing compared to the cost of your life and your safety and your feeling of feeling of safety so review all the installed apps and

remove any apps you don't use if you have a family account and this is very important um with both android and ios app stores you can have family accounts that share purchases they can also usually find phones between the family so make sure that you completely remove your apt from your family um so that they can't uh get into things that you download that like let's say that you downloaded um a dating app they might see that and that could throw them over the rails right uh so encrypt your uh computers and devices um make sure that you have encrypted uh hard drives encrypted phones um anywhere you can encrypt things encrypted and here's a really good link

um about uh how to do that more device security um get a new phone number um you can get a voice over ip phone number change your mobile number if you have a home number change it a lot of people don't um get a voice over ip number that will forward to um to your uh actual cell phone number um they are actually pretty good like google voice is actually pretty good at uh stopping spam as well as being able to block numbers really easily um get a new sim card uh and change your mobile provider that could be another um thing that you might want to do just so that they don't know who to contact

to try to do like a clone sim attack um add a pin to the provider uh so that they like a verification code so that um it only you know so that that's different than anything you've used before to prevent uh different types of things from happening like forwarding or changing billing or giving away billing information biometrics just remove them all together when you're in a stocking situation um especially fingerprints um they can be used while you're unconscious and i know that's really dark but it's true um and then use a vpn on all of your devices make sure it's one that's offshore and doesn't log so opsec um you may want to change your

name and your social security number this is one of the most common things that people do that are trying to escape a bad situation if you have kids involved this may not be a step that you take if you're going to change your social security number you want to make sure you change your name first otherwise it'll be documented if somebody asks where you are where you're from what you do for a living give vague answers don't tell them oh yeah that's the building i live in or um you know ju just be really wary about what you tell strangers because you never know who people are um when you're going out alone there are

apps that you can um have you and a friend and you tell them basically i'm going out um if i don't check in within this amount of time and your device will ask you to check in it will alert them and then they can know your location and things like that um you can do it with like uh dms or messages but the apps make it really easy um carry a self-defense device if you go out um check your local laws like in massachusetts you uh i believe you need to have a um like a gun license to have a taser i think is what i read um brass knuckles i mean that's questionable too um but like a

whistle or pepper spray those are usually legal but again check your local laws um and um definitely avoid doing any kind of online dating until this is done because they may try to catfish you or find you in dating by targeting certain demographics and things like that so that that could really be bad make sure you don't check into places virtually do not write reviews about the places that you go to just avoid it um there's no reason to give five stars to the place that you go every morning for coffee because that's going to expose where you know what your habits are um very your routine go to different coffee place every morning um take a different route to work

uh don't uh change gyms like there you know there's different kinds of things that you can do to change the uh the knowledge that the attacker has about you uh credit cards and financial considerations get new card numbers uh make sure that if either you're removed from their credit card or they're removed from yours um change the secret word with your bank like uh don't use your mother's maiden name please use it uh something random that you can pronounce uh that you store in your password manager um get a new bank new bank brand that also makes it harder for them to social engineer the bank into giving them information um and as soon as you have a new account

start funding it you can usually go into like if you're a salaried employee you can split your um your paycheck into two or more accounts so start you know sending a little bit of money um if you are planning to leave that kind of thing or just completely switch it over if you're you're just done and you're you're out um atm pin uh it's hard to remember you probably have the same one forever but it's worth doing and you should probably do it regularly anyway freezing your credit is very important because it means that the uh attacker can't open accounts in your name while the account is frozen now one of the problems with that

is that if you if you don't claim your your account like your information before they do they can claim it if they know enough about you so make sure that you've claimed all three bureau freeze accounts um today just i mean everybody should do that and then put credit freezes on and only remove them if you need to do like a check for um for like an apartment or a loan for a house or something like that social media oh my gosh so just assume anything posted online is could be public at any time we've seen this with instagram and some other different platforms where private things were made public that being said you can review the privacy options of

your social media account uh like have a completely private instagram um you can also you know avoid posting instagram potentially while you're dealing with something uh go through your friends list and remove anyone that is closer to the apt than you are um you don't need to show your phone number on twitter you don't need to show your birthday on facebook um it's just just don't just don't show that just share as little as possible um use a voiceover ip number for um signing up for different things and you can get different ones for different accounts as well and you can create groups for different types of friends so that you can only share certain things with

people that are in your family group or whatever but again assuming everything that is posted online could be made public at any time don't accept friend requests from people that you don't know or if it is someone you think you might know contact them out of band to verify warn people around you what you're going through um you don't have to go into a lot of detail just tell them but um you know don't give away any information about you to anyone for any reason right now because you're having an issue um avoid polls and quizzes i mean that's kind of my general advice anyway don't post photographs that might indicate your location um this is like one of the number one

obstacles is when you take a photo look in the background look in the reflections look uh look at for landmarks uh anything that could expose where you are as well as making sure that when you share your data and iphone has a new feature for this you share it without um uh without the location data and if you have location data turned off it won't even be uh part of the photo anyway um don't over share uh private events uh thoughts locations um and you can go back and limit old posts too um one thing that i do frequently is oh sip myself so i look at my own footprint and it's kind of beyond the scope of

this talk um i use maltigo uh i close information exposure points that um like old accounts i found like an old tumblr account once and i'm like i don't know i don't use that so to totally delete it um you can hide unsubscribe and go to uh like these people search sites and you can opt out um sometimes you have to give them more information than uh than they may already have but it's worth it to get it removed um from from the general public um this is not going to keep like you know the government from finding you but this is going to keep like the average person from being able to find you on the search sites

spend about i personally spend about an hour a week doing this um maybe every two weeks um so uh there's a great resource uh from intel techniques.com uh where um it gives a list of all the search sites and how to opt out uh there's also a privacy checklist from intel techniques michael basil has some fantastic resources so definitely check these out um protect your life cover your tracks trust but verify change all physical blocks as well as your passwords um create an air gap between shared personal networks so um you know friends of his friends of yours friends of theirs friends of yours i should say um and uh warn others in writing if

you're in danger so i once told my boss if i don't show up for work send help like if i don't call you or show for work i'm in trouble um here's some information about changing your social security number like i said if you're going to change your name do it before you apply for a new number i don't know how this works in uk or other parts of the world um sorry so detection you can set up new login notifications for important websites um uh notifications for withdrawals from or payments from your bank uh tell your neighbors and other people like if anybody's suspicious is seen like let me know um you can set up personal surveillance

like body cameras or um you know household cameras things like that you may give up some privacy for that but if something happens there's a record you can set up google alerts for your name and but most importantly whatever alerts you set up review review them don't just ignore them don't delete them so some indicators of compromise are unexpected login notifications unexpected bank transfers somebody reports suspicious behavior there's a notification from your camera that says it's a movement um uh unexpected credit alerts so if um you probably have credit monitoring from some breach that happened to some company where they had they gave out free credit monitoring if you don't uh pay for it um it's definitely worth it

um or if an unrecognized app shows up somewhere um you know that's also an indicator there are some preventative and detective entry controls like door jambs with or without alarms um there are some uh various things that can keep uh doors from opening um the one on the left i use in hotels especially around defcon though if you are in an apartment and you can't install external cameras this uh the ring people camera is really good there's also simply safe it's not like a lot of installation nest cameras cloud recording notifications put them all around anywhere you need them car cameras very important too if you drive i mean for even if you aren't being

stocked it's a really good idea to have a 360 front and back dash cam um and make sure you set the time stamps on these things so that uh they're accurate i'll check your local laws find out if you're a two-party consent state but you may want to record threatening phone calls uh here's some devices so why do we want to keep the evidence um in case we want to seek a protective order or go for custody or press charges or enforce victims rights we want to document everything emails interactions save this if there's a website set up about you that's exposing things print it out say it as pdf it may go away same thing with social media posts so

if your data is compromised you or ransomware or something having hard copies of that is also important and make sure that there's a date and time stamp um you can usually print headers that have those for websites and stuff um and uh i mean you know things are ephemeral on the internet so just make sure that you keep records uh victim laws every state and federal like we talked about have some sort of victim laws um usually the federal laws involve uh someone crossing borders um like a state or international and the fcc gets involved when there's telephones and things like that involved but the key thing is that they must either commit a crime or

have intent to commit a crime um and so that can be a little bit difficult to prove uh so what's the difference between restraining order and a protection order a restraining order is for like a stranger um or someone who's not in a relationship with you but a protection order is like a civil protection order or stay away order it keeps people away from you um like you know you have to be a certain distance from you or not go to your work or that kind of thing um there are you can do it on your own but victims advocates will help you do it so if you just look for that resource on the internet there are a lot of them

the victims rights are listed here i'm not going to list all of them but these are the general ones that um you can get your personal property back if they keep it they you can get compensation if they do damage that cost money or even potentially if you're harmed and ended up in the hospital um and you uh have the right to be protected so don't be afraid um just be proactive and reactive if you're in danger call the police get a protective order recognize the ttps reach out if you need help i cannot stress that enough tell others what's going on talk to your friends and family re-establish your support network one of the keys to getting out of a

relationship uh well one there's two one is determination and the other is having a support network um so it's painful but um there's hope and there's especially hope if you have a support network so trolls just ignore them it's another form of cyberstalking and bullying don't feed them just ignore them so why do people do these things i don't know um it's usually because they don't want to be hurt so they hurt you it's kind of backwards and broken um this the grief cycle um for yourself to speed it up therapy i highly recommend therapy just making changes hard work it's going to be it's going to take time disconnecting from the person it's still going to take time um meeting

new people and like trying life hacking and other types of things are also useful um so gaining determination to leave just look at your situation um realize how strained and drained you are and how unhappy you are in the relationship look for the signs that we talked about like gaslighting and manipulation and just realize that you're brave and you can do anything so there's way too many resources for this talk so i'm going to kind of speed through them so we can get to questions maltego is a great resource it's got a little bit of a learning curve but i this is mine um in various forms so basically i put in my uh my email address here and then i can

check and it checks have i've been phoned um it links to my uh my address and it found a hashtag orange team which is something associated with one of my previous talks so um interesting that it found that i'm not going to show all of the the various aliases and things that i put in here that i know about myself um these are some really good technique uh resources so michael basil once again four out of five of these thank you michael these are amazing um very very good books uh i mean just a wealth of information um victim resources there's all kinds of websites um i mean uh if you are uh living with someone you might wanna

do like a tour browser session or uh even a private browser session just so that these don't show up in your search history as another offset type of thing um if you're looking for ways to um to get out or hide your tracks so i want to say that you are not alone if you are going through something like this and you might feel isolated and you might be thinking like this is so overwhelming i have to do all of these things to reclaim my digital identity but you're not alone and people will help you and people in this community will help you and people in all communities will help you there are so many resources out

there to help people that are going through um nightmare scenarios digitally with identity theft things like that so that's my talk um i really wanted to credit the person who took this photo but it's been used so many times i couldn't find them so if you want a human with me i'm at april wright on twitter and um dm me or my email address was earlier on the slides um that's my talk and i hope you never have to go through any of this but um if you do just know that there is hope so do we have any questions yeah i just want to say thank you very much this is kind of a tough topic to talk

about so um just thank you for for being able to like present it in a way and combine everything together and and just easy for people to consume and you know like you said many times if anyone out there is going through this or knows someone that's going through this you're not alone and you know if you're in a position to be an advocate and support them just you know do everything that you can to try and help people um so that's all that i'll say just to support that we do have a couple questions coming in but um the first one i'll say is from investigator chick from discord investigator chick or cheek um

there is a fourth credit bureau as well it's inovus so creditreporting.com forward slash inovis is a fourth credit bureau um i did not know that that's good yeah that's kind of the sentiment that a lot of a lot of folks are getting online uh in there and so there is a fourth one um first question is from snoochibuchis uh do you have any recommendations for blue teams to combat or detect when they are being socially engineered for cyber stalking that's a good question um so i i think training is going to be the key here there's not going to be like a blinky box that you can install that's going to detect these kinds of things one thing that you

could detect potentially is somebody calling from different phone numbers trying to ask about the same account that could possibly be correlated um or uh if you wanted to do some kind of programmatic thing um uh you could uh if a if a certain profile has been accessed a bunch of times in like the same day or same week or whatever that could be something that you could look for um but i think training and just understanding uh the kind of so there's certain ways that people will do things like they'll give you a little bit of information and then you give them a little bit of information then they they call back again and they have more

information so just understanding how that works and just because somebody gives you a little bit of information doesn't mean that they are who they say they are so that i think that training is is just is the most important thing there's some correlation correlation that you can do correlation yes correlation but you can do um with uh like if you if you're putting all these things into like a log manager or something but um yeah just just awareness great um another question is from the same person opinions on sites and services like delete me reputation defender etc never personally used them because i want to be in control of um of what information i provide to

the sites that have all of that information on the other hand like on the other hand of that coin is that they uh have a more automated ways to do it and they probably know about all of the new uh people finder sites and advertising sites and things like that um so uh they usually cost a lot of money um so it's kind of dependent on your situation um you know it's like uh do you implement the freeware version or do you do you buy the you know off the shelf software and um it's sort of like a black box where you don't know what's going on um or are you in control but there's

i could have human error and i may not know about all the sites that are out there they may be watching dark web for um for uh compromise emails and passwords and things like that but um your password manager should be able to do that but um you know they it depends it depends on on how private you want to be because let's say that that company got breached then they would have all of your information and you know it's just a it's another layer um like having a a password manager basically um it's who do you trust who do you want to have your information and how much control do you want to have

over it awesome thanks uh another question from jmcg in a slide about google account security you mentioned apps with access to your account now your example surprise was the grammar checker which is pretty scary which is a pretty scary vector for persistence doctor wear two questions about that first do you know if google makes any effort to identify apps in their ecosystem that are effectively stalking especially those that present a benign purpose like check and grammar and then number two can you think of any other services which have this kind of third party app integration that we should be aware of and then also just wanted to add in great talk thank you um yeah uh

that's a good question i don't know about what they do internally to vet their apps um a lot of the i shouldn't say a lot some apps stores of marketplaces do vet their vendors some have so many that it's impossible so i think pretty much anybody can implement the google uh single sign-on social login kind of thing so um i i don't think they're really checking every single website that's using it um it could be a malware site or you know something that i they may have some sort of back-end thing looking at uh what uh same kind of way that they that you have like url filtering and stuff like that they may be doing a

little bit of that but um i i think it's better to just check on it regularly um yeah i mean i'm sure that i signed up for this stupid grammar thing like i'm sure that it was me it's just i don't remember doing it and i don't think it was malicious at all it was just surprising to see it there um which is why i included it because i mean even me even i am susceptible to this type of stuff um but yeah uh anything that that's a key lager um uh yeah i that that is um very suspicious i would think that anything that would want to have access to your email oh my gosh

no like any kind of plugins for like gmail just be really careful like that kind of thing um uh email keystroke loggers uh anything that asks for your location like i'm constantly getting these like these little drop down things on my browser they're like uh share your location i'm like no why i'm not it it has nothing to do with anything it's like a news site or something like i don't need personalized local news i can find that on my own so yeah it's just you just have to be vigilant i think is the key and i i don't know that there's anything that can programmatically protect you from all these different types of things

um i would say that if somebody does have physical access to your computer to you know check your cables once in a while and see if there's a new little usb adapter or something that could be a key logger um using a vpn you know in case somebody's got like a pineapple and they're doing um they're spoofing a wi-fi um just you know being very careful i don't have a better answer than that i'm sorry i i think that's great uh so we are unfortunately right at the end of the time i just want to say thank you again very much uh for for the talk it was