Technology lets domestic abusers harass and intimidate their victims even when they're out of the house, and to continue the emotional and psychological abuse even after the victim has left the abuser, said Chris Cox, executive director of Operation Safe Escape, which help victims flee abusive relationships.
Speaking this past weekend at the Shmoocon hacker conference in Washington, D.C., Cox explained that victims of domestic abuse face constant cyberattacks comparable to those launched by foreign nations against corporations and government agencies.
Abusers try to control victims' access to computers and smartphones, will harass victims online, will break into their social-media accounts and even pose as the victims online, and will use surveillance equipment and parental-control software to monitor victims' activities both in the physical and the digital realms, said Cox.
But even as technology helps the abuser, he said, it can also help the victim. To that end, Cox's organization has a website, GoAskRose.com, that tells victims how to use technology to plan a successful escape and rebuild a life afterwards.
Cox said that in their ongoing campaigns to compromise victims' communications and online accounts, and because they know intimate details about the victims, abusers can be seen as advanced persistent threats, or APTs, akin to state-sponsored or other highly skilled attackers who will keep trying to penetrate a target's defenses until they succeed.
Six million men and women suffer domestic violence every year, Cox said, and a quarter of teenagers who actively date have been harassed by a partner. One in six women, and one in 19 men, have experienced "extreme" stalking.
Cox presented one real case study, a woman to whom he referred as Anna. Anna's marriage became abusive after the first year when her husband told her she was not "allowed" to hide her passwords or PINs from him, even though he had the "right" to keep his own secrets. He also checked her phone regularly, Cox said, put a parental-control app on her phone to track her and abused her in other ways Cox didn't specify.
After two years of this, Anna left her husband, but the digital harassment only got worse.
"He knew her passwords and personal information, and he knew her mother's maiden name," Cox said, which let her attacker answer many website's identity-verification questions. "Sixteen of her accounts were fully compromised. He was able to read her emails, and she knew that."
Anna went to the police, who advised her to change her phone number and passwords, but that didn't work, Cox said. Her ex knew when Anna was looking for a job and "poisoned the well" with potential employers by sending fake emails from her account. He even remotely broke into her digital-video recorder and deleted all her favorite shows.
Another victim of abuse, whom Cox called Mike, was told by his spouse that he "shouldn't have" secret password or PINs. His spouse got total access to his online accounts and overtly installed tracking apps on his phone. Mike's spouse didn't like his friends, so he was cut off from his support network.
All of these behaviors are classic signs of domestic abuse, Cox said. Anna and Mike were both made to feel they couldn't escape their abusers, even if they physically left them. Mike was deliberately isolated from his family and friends, and the parental-control app on his phone would tell his abuser if he tried to contact any of them or tried to install secure communications apps.
When the abuser holds the digital keys
Abusers can use similar software on computers, Cox said, and often have administrative control over home-networking equipment such as routers. They can also spark social-media witch hunts against their victims, such as by breaking into their accounts and posting outrageous things or by making up fake stories about the victim.
Sometimes the abuser is the legal owner of the victim's smartphone, and can report it as stolen if the victim leaves the abuser, in effect using law enforcement against the victim.
If the victim has smart-home devices, Cox said, the abuser can use those to harass victims or make them think they're going crazy — lights will go on and off randomly, dishwashers will start without explanation, and thermostats will always be too hot or too cold.
Basically, Cox said, all those crazy Lifetime movies about horrible things that vengeful exes do to women aren't far from the truth. And today's technology can just make it worse.
How to evade an abuser's surveillance
So what can a victim do? Cox said that a victim and his or her support network, if there is one, must assume that devices will be searched or spied upon. One way is to use harmless-looking apps, preferably some that are already installed on a computer or smartphone, to plan an escape.
The GoAskRose website has many more tips. In an abusive domestic situation, the victim should use incognito mode on a web browser to set up a new email address not tied to his or her name. The new email address can be used to contact family and friends — who will form a support network — and to store notes and reminders when planning an escape from the abusive situation.
Victims should also check the USB ports and cables on the computer for keyloggers than the abuser may have installed. If they are technologically capable, they should install the Tor browser or a VPN for secure communications. If not, Operation Safe Escape can send the victim a flash drive that will boot the computer into a secure, private operating system — there's a contact page on the website to do this.
When planning the escape, the victim should try to get a disposable "burner" phone with which to contact the support network. But even on that phone, he or she should delete email or text messages that could compromise the escape plan if the abuser were to find the phone.
What to do after the escape
The period after the escape — which Cox stressed should be done with outside assistance from the support network — is perhaps the most dangerous time, as the abuser will almost certainly try to track down the victim. Victims should change account passwords as soon as possible, and delete social-media accounts if they can.
They should remove their phone's battery if they can. Otherwise, they should keep the Wi-Fi, Bluetooth and location services off on their phones when those features aren't being used. If the victim takes a laptop during the escape, the operating system should be reinstalled, if possible, to delete any tracking software the abuser may have installed.
Most importantly, Cox said, when an escapee sets up new online accounts, he or she should lie when providing the answers to password-reset questions such as "What was your mother's maiden name?" or "What street did you grow up on?" The mother's maiden name was first used as an identity-verification question in 1882, Cox said, but it's pretty certain the abuser knows the answer.
And if someone reaches out to you and says they're being abused at home, Cox said, be prepared to believe everything they say — even if f some of it sounds unbelievable. The abuser's aim is to terrorize the victim and make them feel the abuser has total power and control, whether or not that's actually true. It's your job, Cox said, to first listen and then to help the victim being to take countermeasures.