Securing our devices against potential espionage.
In this article, we will provide guidelines on how to proceed in the event that we believe or suspect that any of our devices (computer or smartphone) are compromised, meaning that unauthorized individuals have unrestricted access to the device. The goal of this article is not to show the reader how to detect if their devices or accounts have been compromised (compromised by trojans) by third parties.
Broadly speaking, there are certain signs that may lead us to suspect that something unusual is happening. Instances where the battery life of our smartphone suddenly becomes much shorter than usual, occasions when someone else knows our geographical location constantly without any apparent reason, cases where another person is aware of the content of conversations with others without either party providing that information. Leaving aside industrial, corporate, or international espionage, these types of situations are quite common among couples facing relationship issues, divorces, jealousy, etc.
With this introduction in mind, let’s proceed to review each measure to be taken, in order to prevent and/or identify this type of situation.
We will distinguish between several scenarios:
- Securing email and social media accounts.
- Securing your smartphone.
- Securing personal computers.
We should be aware that an attacker can determine the geographical location of their victim if they have access to their Gmail account, especially if it’s the primary account on their smartphone. If this account is compromised, not only can the attacker track the victim’s location, but they may also be able to lock or delete their data, as shown in the following image:
Below is the link from which you can perform the actions of locating, locking, and erasing data on Android phones.
It’s for all the reasons mentioned above that it’s recommended, both for email accounts and social media accounts:
- Change the passwords for all email accounts (Hotmail, Gmail, etc.) and social media accounts (Facebook, Twitter, Instagram, etc.).
- Enable second-factor authentication (2FA) on all of them, either through SMS verification or authentication apps (Google Authenticator, DUO, etc.).
3. Securing an Android or iPhone smartphone
In today’s world, if an attacker wants to spy on their victim, they will attempt to do so by installing malware on their smartphone. This is where they can gain access to conversations, phone calls, location, files (photos, documents), and more.
That’s why victims should pay special attention to the security of their devices. The following steps are advised:
To check for unauthorized call forwarding and then eliminate those forwards, you should dial the following codes in the specified order and press the call button:
*#62# : Information about possible call forwards. *#21# : Information about possible call forwards. ##002# : Erase call forward settings.
Regarding instant messaging accounts like WhatsApp, Telegram, Signal, etc., it’s recommended to log out of all linked devices and enable two-step verification. Most instances of account espionage occur when attackers gain access to victims’ accounts on personal computers, enabling them to spy on conversations.
Reset the smartphone to factory settings. For this, it’s recommended to first back up anything you want to keep (photos, phone contacts, etc.), either to an external microSD card or directly to your personal computer. Once you’ve saved everything you want, you can proceed to reset the device to factory settings, as outlined in the following article:
Once the smartphone has been reset to factory settings and after it restarts and requests new user-level configurations, it’s advised to be very meticulous with all privacy and security settings the device prompts for. This includes:
Not allowing access to the device’s location for apps that don’t require it. Not permitting access to contact lists for apps that don’t need it. Avoiding installation of unnecessary apps. Not granting apps access to your data under the pretext of providing personalized ads, etc.
Create a new email account (Gmail, etc.) with a strong password (including numbers, uppercase and lowercase letters, and special characters), and activate two-factor authentication. When the factory-reset smartphone prompts you to input and configure a Gmail account for necessary tasks (downloading and installing apps from the App Store, etc.), enter a new account, preferably one that nobody knows about and that you only use for this purpose. This way, nobody can access your phone’s location through Gmail.
Install antivirus software. The following article lists several free antivirus options:
As for instant messaging apps, it’s advised to read the following article, which lists the privacy features of some apps based on the user’s perspective. Restrict privacy settings tightly (no profile picture, no screenshot capture, etc.).
Avoid automatic cloud data storage (Google Drive, OneDrive, etc.). By default, smartphones save photos, conversations, etc., to the cloud. If someone hacks your email account, they could access all your cloud-stored data. Remember, this is how cybercriminals have obtained confidential photos and data from some celebrities.
Configure screen locking not only for initial device access but also for apps of special importance (gallery, WhatsApp, etc.). The use of biometric systems such as facial recognition or fingerprint unlocking is recommended.
Restrict notifications on the home screen so that information isn’t accessible when the phone is locked. This is configurable in the settings of each app. This way, potential attackers won’t see SMS messages (purchase codes, etc.) or WhatsApp information on the locked screen that they could use for their actions.
Always install apps from official sources.
Turn on Wi-Fi, location, and other device functions only when necessary, and turn them off when they’re no longer needed. This way, if there are apps attempting to access the various data these functions offer (location, network history, etc.), they won’t be able to obtain them.
Restart the phone every day. This is crucial since many trojans and other types of malware install on smartphones without persistence. After a smartphone restart, they become unusable.
4. Securing a personal computer
To secure your personal computer, it’s not sufficient to only install an antivirus, as certain malware can evade even the most advanced antivirus solutions and persistently grant remote access to attackers. Therefore, the steps to ensure the removal of potential malware from your device are as follows:
- Back up Files: Create a backup of your computer files and store them on an external hard drive.
- Format and Install OS: Format your computer and install a fully updated, latest-generation operating system.
- Privacy Settings: After installing the operating system, be meticulous about privacy settings and only allow necessary permissions: Don’t grant access to device location to unnecessary apps, avoid installing unnecessary applications, don’t let apps collect information under the pretext of offering personalized ads, etc. and skip cloud backup configurations.
- Partitioning: Create a partition on your hard drive to store essential data. This way, you’ll have the primary partition with the operating system and a secondary partition for file storage.
- Encryption: Encrypt both partitions and external hard drives (and generally all storage devices) using BitLocker or VeraCrypt. This adds password protection to guard against physical and cyber intrusions.
- Install Antivirus: Install reliable antivirus software.
- Keep Software Updated: Regularly update your operating system and applications to their latest versions, including all security patches.
- Avoid Saving Passwords: Refrain from saving passwords in web browsers or other services.
By following these steps, you can significantly enhance the security of your personal computer and reduce the risk of malware and unauthorized access.
5. Conclusions and advice
In this article, we have explored a recommended approach on how to proceed when possibly becoming a victim of cyber espionage.
The most common way to fall victim to this type of espionage is through social engineering, installing pirated software, having outdated systems, and poor configurations of exposed services. At this point, emphasis should be placed on continuous awareness and training in cybersecurity.
If you are or suspect you are a victim of cyber espionage, whether you need professional device assurance or a digital forensic analysis, along with handling all administrative procedures for your case, please do not hesitate to contact us.
This article provides a series of general recommendations regarding actions to take in case of being a victim of cyber espionage. JAYMON SECURITY S.L. assumes no responsibility in any case for inconveniences and issues of any nature that may arise from the implementation of these recommendations. The responsibility for any actions taken while attempting to apply these recommendations lies solely with the reader.