The Threat Lab also does detective work to expose perpetrators of state-sponsored surveillance. For years, even before the team’s creation, Galperin and fellow EFF researcher Cooper Quintin investigated a hacking operation that planted spyware on the computers of journalists and opposition figures in Kazakhstan. Working with the mobile security firm Lookout, Galperin’s team found that some of the same tools—perhaps made by the same for-hire hackers—were being used in a massive campaign to spy on civilian targets in Lebanon. At one point during that investigation, the EFF had a researcher walk the streets of Beirut with a smartphone to find the Wi-Fi network they’d linked with the hackers. The researcher discovered it was emanating from inside the headquarters of the Lebanese General Security Directorate.
Galperin’s own obsession is the scourge known as spouseware, or stalkerware : hidden apps installed on a smartphone by someone with physical access to the device—often a domestic abuser—that let them spy on the phone’s owner. Since early 2018, Galperin has offered her services as a kind of first responder, security consultant, and therapist for stalkerware victims.
But Galperin wasn’t satisfied with the scale of that hands-on approach. So she began shaming and pressuring the antivirus industry, which has long neglected stalkerware, to take it far more seriously. Several companies have since pledged to catalog and eradicate the apps just as thoroughly as they do traditional malware. “Stalkerware is considered beneath the interest of most security researchers,” Galperin says. “Changing norms takes time. But it starts with someone standing up and saying ‘This is not OK, this is not acceptable—this is spying.’ ”
Galperin, who has silvery-violet hair and a cyberpunk aesthetic, got her start as a systems administrator, attending security conferences and being treated, she says, like “some hacker’s girlfriend who looks after Solaris boxes.” In 2007 she joined the EFF, where her first job was to answer the 50-plus calls and emails that came in every day from people seeking help. The organization had recently filed a lawsuit against AT&T for aiding warrantless NSA spying, and Galperin was flooded with messages from people who had been targeted for surveillance. Her desk became a kind of security crisis hotline.
According to Danny O’Brien, Galperin’s former boss at the EFF, the experience gave her a strong sense of the victim’s perspective—something that’s often overlooked by the cybersecurity research community, which tends to focus more on sexy new hacking techniques than on the people who suffer from their use. “Eva isn’t afraid to plot out the consequences of hackers’ actions,” O’Brien says, “to stare those consequences down until the problem is solved.”She’s also good at plotting out, and maximizing, the consequences of her own actions. Galperin says she has no illusions that she or her small team alone can tip the balance of security for vulnerable people worldwide. But in line with the EFF’s longtime tactic of choosing cases that can set legal precedents, she says she chooses projects that promise to have cascading effects, that will force the industry to change its priorities or inspire other researchers. “You figure out the place where you need to push,” she says, “not just to help the people you help every day, the individuals, but to change the game. To change the system.” —Andy Greenberg
Bringing the Magic of Quantum Computing to the Masses
Chad RigettiFOUNDER & CEO / Rigetti ComputingIn 2013, Chad Rigetti became aware that the field of quantum computing was entering a kind of adolescence. Sketched out in the 1990s, the technology was supposed to leapfrog conventional computing by tapping into the weird physics of subatomic particles. For years, researchers had been held up by the devilish unreliability of qubits , the devices needed to perform quantum manipulations on data. But now, finally, they were finding new ways to tame them. “It was black magic, and then a framework emerged,” Rigetti says. “You could start to see all the pieces coming together.” That’s when he quit his job at IBM and struck out on his own. Six years later, in labs stocked with steampunky equipment and liquid helium, Rigetti Computing is manufacturing small quantum processors.
"Average consumers are at the risk of exposing their privacy to malicious third parties who sell location data and other private information." With the exception of the Piercer flaws, the vulnerabilities the researchers discovered would need to be fixed above the individual carrier level by the industry group GSMA, which oversees development of mobile data standards including 4G and 5G.