Resources

Cyberstalking 101

by Gal Shpantzer

The Internet is often the first place a stalker goes to make contact with victims. From there, the stalking can take place on or offline in many variations ranging from personally intimidating the victim to gathering unwitting mobs of online users to aid in the crime.

We started seeing the dangers posed by cyberstalking back in 1999 in California when a former security guard put one woman's life in serious jeopardy after she rejected his romantic advances. He simply posed as the victim in postings on bulletin boards catering to discussions of sexual fantasies saying ‘she’ wanted to play rape games. He included her real phone number and street address, and complete strangers started showing up at her doorstep, wanting “to fulfill her rape fantasy.”

Stalking, which involves the repeated, unwanted conduct that causes fear in the target of the stalking behavior, has been recognized by all 50 states as a crime. While criminal stalking behavior involves implied or threatened violence rather than actual violence, it should be taken seriously. There have been many cases of physical violence following stalking behavior, up to and including murder/suicide. This is especially true in intimate partner stalking, during a breakup or after the end of a relationship.

As a newest form of stalking, cyberstalking is the online variant of the more traditional physical methods of surveillance and intimidation of stalking victims, such as showing up at work and home, mailing communications via US Post and others. Cyberstalking methods can include use of email, instant messenger, chat rooms, websites, interactive portals, and social networking sites.

Cyberstalking is unique among stalking behaviors since it allows the stalker a perceived measure of anonymity and requires no physical travel in order to interact with the victim. It is highly efficient and can be directed at multiple victims with relative ease compared to physical stalking methods. But just because they can't be seen, doesn't mean they aren't harming their victims. Cyberstalking can paralyze the recipients by means of humiliating, intimidating and even horrifically detailed threatening anonymous communications. And it can be just as dangerous, as in the case of the woman in California when men started showing up at her door wanting to “act out” her rape fantasies.

These same issues – the ability to hide oneself and go after multiple targets across state lines, are also creating new technical and legal challenges to law enforcement, investigations and prosecutions. As a result, agencies are typically under-funded, their forensics investigators don't fully understand where and how to find and preserve digital evidence, and they're all pushing against jurisdictional laws in the real world that don’t apply to cyberspace.

There have been improvements over the years, with growing numbers of advocates, laws and enforcement with a Master's in Cybersecurity like the one offered online from Utica College step up to the challenges of this new way to harass and stalk victims.

In the next part of this series, we will examine some of the technical aspects of cyberstalking investigations and the first successful cyberstalking prosecution.

Gal Shpantzer, contributing analyst to the Security Consortium is a trusted security advisor to CSOs of large corporations, Silicon Valley startups, universities and non-profits. He has been a contributing editor of the popular SANS Newsbites security newsletter since 2002 and has co-authored book chapters, courseware and assigned papers on topics including IT ethics, Information Warfare (IW), business continuity, cyberstalking and digital forensics.

References:

http://leb.fbi.gov/2004-pdfs/leb-november-2004
http://leb.fbi.gov/2003-pdfs/leb-march-2003
http://www.ncvc.org/src/AGP.Net/Components/DocumentViewer/
http://www.nij.gov/topics/crime/stalking/pages/welcome.aspx
http://www.sans.org/newsletters/newsbites/newsbites.php?vol=6&issue=17
http://www.theregister.co.uk/2004/07/30/man_cyber_stalking/