Cyberstalking: Core Environment Worked Example
In our Cyberstalking Action Plan we outline what a core environment might look like that you want to secure first. We hope that by providing a worked example you will get a feel for the typical steps you would take to secure your devices and accounts, but also get a feel for the type of advice we provide in our cases. We work in an ‘assisted self-help model’, which means that we empower you to secure your own environment. This way you learn how to do it, but are guided by experts the whole way.
Let’s assume you have the same core environment as the one we outlined in the action plan:
Home WiFi network = A Sky router as part of a wider package.
Smartphone = An iPhone 6s.
Laptop = A MacBook Pro
Email = A Gmail account
Bank account = Santander
Messaging app = WhatsApp
Home security = Canary Pro
Here is an example of the advice one of our Helpline Responders would give and the steps you might go through to secure this type of environment. This scenario is an email sent after the Helpline Responder and the user have worked through the online footprint and the selection of the core environment.
Thanks for filling in the Online Footprint form and selecting the core environment you want to focus on first. Below is a set of steps to work through to help you get good security in place. The order is important. First we want to secure a device, use this device to secure your home network and then use both to start securing your online accounts. This way you are not changing passwords for online accounts on a compromised device or network.
Any questions or concerns just give me a call or an email and I will talk it through with you.
Let’s start with your phone and use the mobile internet for now (don’t connect to your home wifi). Using your mobile data is a more secure way to access the internet until we trust your home wifi. If are on a shared contract then be aware the person you are sharing with may be able to see phone bills with itemised numbers etc.
Apple ID - your Apple ID is used to verify you are you when you have an Apple device or want to log into an Apple service online. We need to make sure that no one else uses this and is able to access your information online.
Connected devices - On your phone go to settings. At the top will be your name and a list of Apple services like Apple ID, iCloud, iTunes & App Store. Click on this. On the next screen scroll to the bottom and you will see a list of devices that your Apple ID has been used on. If there are any devices you don’t recognise you should click on the device, take a screenshot of the device info and then select the ‘Remove from account’ option in red writing. This will log that device from your Apple ID account.
Password & Two-factor authentication - we want to make sure your Apple ID is secure, as this gives a lot of access if it is breached. Follow these instructions to update password and set up two-factor authentication - https://www.telesign.com/turnon2fa/tutorials/how-to-turn-on-2fa-for-apple-icloud/. Select a password that the no one would have any way of guessing and make it complex.
Review contact details associated with Apple ID - while you are in setting up two-factor on your Apple ID it is worth reviewing the contact details and trusted numbers associated with your account. Screenshot and change anything you don’t recognise.
Phone access - physical security is important for your phone in case the stalker gets access to it or you lose it.
Add a code to access the phone - go to Settings and then ‘Touch ID & Passcode’. Set up a six digit PIN top access the phone and then enable Touch ID to unlock your phone. This will mean you can use your fingerprint to unlock the phone rather than using your PIN. You will need your PIN in certain situations so make sure you can remember it, but not something that someone could guess like your date of birth.
Software update & app review - we need to make sure that the software is up to date and there is nothing malicious on there.
Software update - new updates bring better security. Go to Settings>General>Software Update and then start any update that is waiting. You should also turn ‘Automatic Updates’ on.
App review - next I want you to review the apps that are on your phone and just make sure you recognise everything on there. Have a look through and let me know if there is anything on the phone that you didn’t put there - ignore the normal Apple apps like Clock etc.
Antivirus scan (optional) - there are apps that you can use to scan for malware on your mobile phone. iPhones are typically pretty safe in terms of malware, but it might be a good idea just to double check. If so, use a reputable malware provider from the App Store.
Privacy - finally it is a good idea to review your privacy settings. Go to Settings>Privacy to see these.
Location services - click on location services and then review the apps that have location to your location data. You can click on the apps and select a setting. I would select either Never of While Using - depending on what you want to share.
Share my location - Click on ‘Share my location’ and turn this to off.
Significant locations - Go to Settings>System Services>Significant Locations and turn this off. In system services you may also want to review and turn off what you don’t want to share.
This secures your phone and the phone’s software. Individual apps will need their own security set up which we will work through later. For example you will need to configure security settings in Gmail itself to ensure it is safe to use the Gmail app on your phone.
Now we want to use your iPhone 6s to connect to your wireless router and make sure it is set up securely.
Secure router set up - Ok, basically I want you to follow the steps in our Hacked WiFi guide. Key things are changing the admin account password, the wifi access code and updating the software.
Physical access router check -Since the individual has had physical access to your home I want you to do a physical inspection too and make sure that there isn't anything plugged into it that shouldn't be. Like a USB key. Let me know if you find anything.
Canary Pro Home Security System
It is really important that the stalker does not have access to this system.
Ownership - The key question is if you or the stalker set up the Canary system. The first user of the Canary is the owner of the system and is the only one who can remove users from the system. If you were not the initial user - the person who set it up - then I recommend that you turn all of the devices off, unplug them and store them somewhere like a cupboard or drawer. You can then contact Canary and work through a factory reset which would re set up the device and block the stalker.
Check users and remove the the stalker - if you are the owner then you should review the other users and remove the stalker if they are still active. You can see the Canary guide on this here.
Reset the password - You can do this using this guide from Canary - https://help.canary.is/hc/en-us/articles/220063007-How-do-I-reset-my-password-
Update the device’s firmware - you can see the Canary guide on how to do this here. It is also worth making sure that the Canary app on your phone too. Go to App Store>Updates and do any that are waiting.
Next let’s secure your MacBook Pro.
Antivirus scan - first let’s check for malware.
I see from the form you have Malwarebytes on the MacBook already. Run a scan with this and then come back to me if you find something.
I then want to you download another anitivus tool like Avast! (the free Mac version - https://www.avast.com/free-mac-security) and run another scan full with this. Let me know if you find something here too.
If both are clean then we can assume it is malware free.
I recommend you keep Avast! on the MacBook. If you are happy to do this then do the following in Preferences. In Shields make sure File, Web and Mail shields are enabled. In Updates make sure everything is ticked.
App review & Updates - lets check for any other software and app issues. Some legitimate apps are sold for tracking children etc, so I just want to make sure none of these are on there.
Open up Launchpad and review the software (apps) you have on the MacBook. Anything that isn't a native Apple app (wasn’t on it when you bought it) or that you didn't install. Let me know and I will take a look at it.
Also, make sure that all your software is up to date and you are on the latest version of the operating system (should be macOS Mojave version 10.14.5).
Security Settings - next let’s look at the security settings and make sure we have a secure set up.
Go to System Preferences and then open Security & Privacy.
In the General tab make sure you have a strong password set up to access the device. Set an inactivity screen-lock to something that works for you. Mine is 5 minutes. Allow apps from app store and identified developers.
In the Firewall Tab ensure Firewall is on and in in advanced Firewall settings ensure the three options are all ticked.
In the FileVault tab you want to make sure FileVault is enabled. This will encrypt your hard drive and make sure that if anyone steals it or had physical access they will need the password to access your data (not just to take the hard drive out and put it into another computer). You will be given a recovery key, it is really important that you have a copy of this somewhere safe.
User accounts - Go to System Preferences and then click on Users & Groups. Let me know if there is more than one User set up on the Mac.
Ok, so now we should be confident that we have a secure device and that your WiFi router is secure. Now we can start securing accounts.
Having a secure email account is super important. Log in to your Gmail account on the MacBook Pro, click on the coloured circle with your initials (or maybe picture) on it and then hit Google Account. Once you are in click on ‘Security’ on the left hand side. It may give you the chance to do a security check-up, if so use this to complete the actions below. If not, you should be able to select each option manually.
Check your recovery details - important to review the email addresses and phone numbers listed in the account recovery section. If you don’t recognise the current details take a screenshot of the details and then change them. The screenshot can be shared with the police.
Review connected devices - in ‘Your Devices’ there is a list of devices that are signed into your account right now and some recent devices that have had access. Review this list and take a screenshot if you don’t recognise anything. If there is a strange device on there click on ‘Don’t recognise a device?’ and follow the instructions.
Review security events - In the recent security events it will list things such as failed logins that might indicate someone trying to access your account and also any major changes to your account. Review these, screenshot and follow the instructions if something is suspicious.
Password & two-factor authentication - change your password to something unique and strong. Ideally you don’t want a password that you use anywhere else. We also want you to set up two-factor authentication. Follow the ‘2-Step Verification’ guide in the security section or use this guide to help.
General privacy - while we are here it is also worth taking a look at your privacy settings. Still in the Google Account settings click on home on the top left. On the next screen click on ‘Take the privacy check-up’ and follow the instructions. My advice is to turn off as much as possible so you are sharing as little information as possible with Google, but this is up to you.
Check your general account set-up - If you did find something suspicious then it is worth checking that the account hasn’t been manipulated in anyway. Check your sent items, deleted items and folders to see if there are any emails you don’t recognise sending or receiving. In your inbox please also click on the cog icon (top right) and then select settings. Click on the ‘Filters and blocked addresses’ tab and then check for anything that you didn’t set up. If you do see something screenshot, remove and then let me know.
Ok, we can now be pretty confident that your Gmail account is secure. Be on the lookout for any two-factor authentication messages you don’t ask for (e.g. you didn’t just log in and have been asked for a code) and check in on your security settings regularly.
This should help secure your WhatsApp:
Two-factor authentication - Open WhatsApp on your phone and click ‘Settings’ on the bottom right, click on ‘Account’ then select ‘Two-Step Verification’. Click on enable and then follow the instructions. Make sure the PIN you select couldn’t be guessed by someone who knows you.
Restrict access to profile photo - in Privacy set ‘Profile Photo’ to either ‘My Contacts’ or ‘Nobody’. This will stop anyone being able to access the photo and then using it to search for other places you use it online.
Hide ‘last seen’ time stamp - in Privacy set ‘Last Seen’ to either ‘My Contacts’ or ‘Nobody’. This will stop anyone being able to see when you were online.
Location - in Privacy set ‘Live Location’ to ‘None’. This will mean you are not sharing your live location in any chats.
Turn on security notifications - Back on the ‘Account’ page select ‘Security’ and make sure ‘Show Security Notifications’ is enabled.
Make sure you are signed out of WhatsApp web - WhatsApp web allows you to access and use your WhatsApp account on a web browser. You need access to the phone, but if you have this you can use it to set up the web access and then stay signed in. Go to ‘Settings’, ‘WhatsApp Web/Desktop’ and ‘Log out from all computers’.
Online bank accounts are typically more secure by default, but let’s take a look. Make sure when you access your Santander account you are on a secure device (your MacBook ideally) and on a secure internet connection (home network). Here are some things we want to check though:
Log in details - make sure that the customer ID, passcode and registration number are unique to your bank account and are not known to anyone else. If you are unsure it is worth changing them now.
Recent activity - check your transactions, standing orders and direct debits and just make sure it looks right. You can also see an ‘Activity Log’ by going to ‘My Details and Settings'‘ and then selecting ‘Other Services’ on the left. Scroll down and you will see under ‘Online Services’ the activity log option. If anything doesn’t look right contact Santander directly.
One Time Passcode - in ‘My Details & Settings’ check the mobile phone number set up and make sure it matches yours. If not, screenshot and call Santander immediately.
Remember never to click a link in a message or email to access your bank account and never share your login details with anyone - not even Santander staff.
That covers your core environment. There is a lot here! Feel free to come back with any questions or concerns.