Scribd
Upload
91 views26 pages

Stalker in A Haystack

This document summarizes a talk given by MasterChen on techniques for detecting stalkers online. It begins with background on MasterChen and their past talks on automation and stalking. It then discusses how to establish a baseline of normal follower activity for a target account. Next, it demonstrates how a stalker account was able to closely mimic the target's followers through automation. By comparing metrics like follower count and follow rates, the stalker account could potentially be identified. The talk serves to "even the playing field" by showing how these techniques could help find stalkers as well as automate stalking. It concludes with reminders about privacy online and resources for reporting stalking.

Uploaded by

Toni Gržinić
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
91 views26 pages

Stalker in A Haystack

This document summarizes a talk given by MasterChen on techniques for detecting stalkers online. It begins with background on MasterChen and their past talks on automation and stalking. It then discusses how to establish a baseline of normal follower activity for a target account. Next, it demonstrates how a stalker account was able to closely mimic the target's followers through automation. By comparing metrics like follower count and follow rates, the stalker account could potentially be identified. The talk serves to "even the playing field" by showing how these techniques could help find stalkers as well as automate stalking. It concludes with reminders about privacy online and resources for reporting stalking.

Uploaded by

Toni Gržinić
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 26

Stalker In A Haystack

By MasterChen
@chenb0x
https://chenb0x.net
$whoami
• SYN Shop Hackerspace Secretary https://SYNShop.org
• GreyNoise Podcast co-host & co-founder https://greynoi.se
• 2600 writer https://2600.org
• “Six Quick Points of Disguise”
• “Asterisk: The Gatekeeper”
• “Asterisk: The Busybox”
• “Hacker Perspective” 2017

• BSidesLV Speaker 2014, 2016 https://bsideslv.org


• “What I Learned As a Con Artist” – Proving Ground
• “A Peek Behind Vegas Surveillance” – Underground

• DEF CON Speaker 2016 https://defcon.org


• “Weaponize Your Feature Codes”

• DC Skytalks 2015
• “Automate Your Stalking”
Who are you?
• The easy questions:
• 1st time con-goers?
• Phone phreaks?
• Psychology geeks?
• Anyone made it to “Automate Your Stalking” in 2015?
Who Are You?
• The Harder Questions
• Who has been a victim of Stalking?
• IRL?
• Online?
• Who has done the stalking?
• This is where I HOPE that we have a significantly less sample size….Like 0.
Standard Disclaimers
• IANAL/IANAS
• Stalking is BAD. DON’T DO IT… let me do it, for research.
• This research only covers a fairly specific attack vector
Why This Talk?
• In 2015, I presented “Automate Your Stalking” at the DC Skytalks.
• https://chenb0x.net/AYS2015.pdf
• https://github.com/MasterChenb0x/stalkerbot
• I felt bad for my research being lopsided towards the “Darkside”.
• I’d like today’s presentation to even the playing field.
Quick Recap of 2015
• https://www.bjs.gov/index.cfm?ty=tp&tid=973 from 2015
• 14 in every 1,000 people over the age of 14 are stalked
• Women more at risk; 41% vs Men at 37% reported to police indicating that
about 22% of cases go unreported.
• Monitoring of subject/target/mark through following their followers
and extrapolating Target’s online activity.
• @ mentions
• Geoloc via Instagram
• Picture sharing
• Got notifications sent to smartwatch for future target activity
Visualization

Stalker

Target
Visualization

Stalker

Target
So, then how do we find the Stalker!?
• <Insert Dank Meme Here>
So, then how do we find the Stalker!?!?
Visualization

Stalker

Target
Baseline

@chenb0x before being “stalked”


• 883 followers
• 1,031,436 instances of Twitter IDs
collected; 815,751 were unique
• Of those 1.03 m, 450 were
“chenb0x”; followers that
“chenb0x” follows back; “friends”.
450/883 = 50.96% follow back rate
• Next highest number was only 124
occurances: 14.61% FBR
Baseline Screenshots
List of raw suspect scrape
Baseline Screenshots
Sorted Suspects With Counts

sort suspects.txt | uniq -c | sort > sortedsuspects.txt


Follow Rates Follow Rates & Instances
1 10 11 112 115 119 12 124 13 14 15 16 17 18 19 2 800000

20 21 22 23 24 25 26 27 28 29 3 30 31 32 33 34
35 36 37 38 39 4 40 41 42 43 44 45 450 46 47 48
700000
49 5 50 51 52 53 54 55 56 57 58 59 6 60 61 62
63 66 69 7 74 8 81 85 88 9 90 91 92

600000

500000
0%
0%
0%
0%
0%
0%
0%
1%
0%2%0%

Unique Accounts
7%
0%
0%
400000
Series1

300000

200000

100000
88%

0
0 50 100 150 200 250 300 350 400 450 500
Follow Rate
Has This Account Followed You?
@ShaolinChenple
• Stalker account was able to follow
813; 92.1% follow rate.
• The missing accounts from the 883
were protected/private accounts
• The next highest counts were
accounts in “shared interests” or
“shared profession” range.
• @ShaolinChenple did not
accidentally follow @chenb0x
directly
Results Screenshots
Raw Suspect Scrape (Sorted)
Results Screenshots
Suspects Sorted with Counts

sort suspects.txt | uniq -c | sort > sortedsuspects.txt


Follow Rate Follow Rate
1 2 3 4 5 6 7 8 9 10 11 12 13 800000

14 15 16 17 18 19 20 21 22 23 24 25 26
27 28 29 30 31 32 33 34 35 36 37 38 39
40 41 42 43 44 45 46 47 48 49 50 51 52 700000

53 54 56 57 58 59 60 61 62 63 66 73 75
76 80 86 90 91 92 113 118 119 452 812
600000

500000
0%
0%
0%
0%
0%
0%
00%
2%1%%

Unique Accounts
7%

400000

300000

200000

100000

88%
0
0 100 200 300 400 500 600 700 800 900
Occurances
Aftermath Comparison

@chenb0x before being “stalked” Stalker Account (@ShaolinChenple)


• 883 followers • Stalker account was able to follow
• 1.03 million instances of followers 813; ~92% follow rate.
of followers (815,751 unique • The missing accounts from the 883
IDs/names) were protected/private accounts
• Of those 1.03 million, 450 were • The next highest counts were
“chenb0x”; followers that accounts in “shared interests” or
“chenb0x” follows back; “friends”. “shared profession” range.
50.96% • @ShaolinChenple did not
• Next highest number was only 129 accidentally follow @chenb0x
occurances: 14.61% directly
Reminders
• Social Media is PUBLIC BY DEFAULT!
• This is a very specific social media scrape, but I’m hoping to apply this
to other platforms.
Resources and Links
• AntiStalkerbot https://github.com/MasterChenb0x/antistalkerbot
• Internet Crime Complaint Center https://ic3.gov
Conclusion

You might also like