Lavinia Popinceanu is a Canadian via Transylvania in Romania and moved to the United States in 2011 to attend a U.S. graduate program. From a professional standpoint, she has a background as an operations executive in logistics, sales and marketing multinationals in emerging markets for the earlier part of her career, and venture capital and growth equity technology investments in Canada and the U.S. for the remainder, totaling over 10 years. So she was privy to and passionate about the technology focus of the business and emerging trends, having analyzed dozens of companies prior to business school, not oblivious to technological security and privacy advancements and capabilities. This is her story:
LIFARS: Without disclosing too much information, what is the surface of the case you are involved in?
Lavinia: In 2013, a mutual classmate, introduced me to a third one who was interested in the Romanian financial markets, specifically with regards to private/alternative investments. As is the norm in such graduate programs, I readily accepted to meet this second classmate to help them gain a better understanding of the Romanian financial markets, but also cultural aspects.
Upon meeting, not much stood out as unusual about the conversation at the time.
In retrospect however, signals should have prompted higher cautionary measures – first, the fact that the would-be stalker had asked me where my phone was at some point during the meeting, without any connection to the ongoing conversation. Second, that he, probably fathoming himself a hacker, asked whether he looked better with the hood of his sweater on or off, indirectly alluding to the faceless hacker image we all became acquainted with through media. And last but not least, that something felt off, my intuition on alert.
I failed to recognize these signs even a month or so later on, when someone was waging some sort of cyberattack, my antivirus software trying to aggressively block it. I did not put two and two together at the time, failing to make a connection between these incidents. Even after the real-life stalking grew more intense, I chose to laugh it off rather than warrant serious consideration, knowing of the stalker’s imminent graduation and campus leave. The story did not end there, unfortunately.
Two years on, and one year after the stalker had left campus, I realized the cyberstalking and espionage efforts were as pervasive if not more so than before, and eventually gauged the full extent of the matter. As it turns out, this person was using cybermonitoring and tracking applications readily available on the market, not only to gather very specific information on my minutiae location, phone, email and text/social media conversations, but to also gain access to my banking and other sensitive private accounts.
What was most concerning, he was listening live into surround conversations via remote mic activation, and watching me through my phone and laptop’s cameras at all times, in addition to blocking communications or contact from parties he felt might posit a romantic interest. The fact that applications like these exist at the ready for anyone to use on unsuspecting individuals, friends, business or intimate partners, is puzzling and the experience very distressing, to say the least.
Ultimately, the cyberstalking aspect culminated with them manipulating and hiring third parties into following me in real life, including sending a car to ‘forewarn’ me by aggressively slamming the breaks on purpose on the highway in an attempt to hurt me, swerving away before the driver and I could get the license plate number, after leaving behind or forsaking the devices I was being tracked through. The cab driver, who was witnessing the incident, was actually more scared during and after the incident than I was. Following this, I decided to file a police report. A report was issued, based upon which I was able to set the wheels in motion for obtaining an emergency stalking no contact order in the County.
At the hearing however, the judge, male, denied my petition for an emergency order, apparently due to lack of evidence. I do believe it partly had to do with the fact that I, as a plaintiff, was of foreign citizenship, versus the defendant who is an American citizen. Even so, how do you prove that you’ve been cyberstalked for 2 years? That was when I reached out to LIFARS for help with identifying the changes that these monitoring and tracking apps effected at the operating system level, after I dug through my own devices and found a ‘creator-owner’ account with special user status, superseding mine as an administrator, on my laptop, something that I had not created myself or was aware of. I need to underline here that no one else other than myself had legitimate physical access to my devices during this time whatsoever, except remotely, in what I suspect was through my home WiFi network. This was probably done through some sort of man-in-the-middle (MITM) technological means.
The next hearing, with a different judge, was scheduled three weeks later, time during which I felt very vulnerable physically and psychologically, something that also caused distress and concern with my family abroad and school administrators, to the point where I had left evidence with them as proof for further legal action in case any physical harm happened to me in the meantime.
LIFARS: What security measures did you take in order to remediate the issue? {Plus: tips to other people might be involved in the situation}
Lavinia: LIFARS has been key in gaining a deeper understanding about what was going on and validating the findings that I happened upon on my own. Having a cyber specialist on your team definitely shortens the time to identifying and implementing a resolution, ultimately giving you peace of mind.
Prior to reaching out to LIFARS, I changed my mobile devices, after initially trying to restore the operating systems and not achieving the expected results. At the same time, I became more cognizant of and limited my online presence and applications usage, especially social media such as Facebook, known to be fairly pervasive in tracking users’ location. Additionally, I changed and varied my daily routines and removed people in my life that I have entrusted myself to and with information about my daily life, that have proven untrustworthy despite my making them aware of the situation. One has to treat the issue seriously, from the start, and remove the problem at its root. It is better to over-react than to find yourself in a situation so overwhelming, it seems without resolution.
Be aware of your surroundings and people that, despite you not knowing personally, are constantly watching and reporting on you at all times. Such was the case with this particular stalker throughout the first year. Listen closely to your intuition. What I failed to understand at the time was how serious this matter was, beyond the innocent seeming façade, my not considering to have anything to hide and obliviousness to how incisive the privacy and security breach, including data leakage, was at the time.
In retrospect, all the warning signs were there – the inquiries about my phone and references to the faceless hoody-wearing hacker, the cyber attack, the real-life following and tracking, the apparently random showing up in my neighborhood and at events I was attending, followed by continuing the real-life stalking through third parties, including roommates and people I considered close friends, and culminating with the scarier involvement in my life trying to cause physical, emotional and psychological harm.
LIFARS: What expectations did you hold from your understanding of the American Legal System? How did the outcome differ or arrive at your expectation?
Lavinia: I believe that any legal system, not only the American one, but maybe even more so as a leading example for the rest of the world, should protect those under threat in general. With increased mobility both, from a data and physical perspective, worldwide legal systems across the board need to provide for protection, with special consideration to cyber aspects, the-internet-of-things and cloud storage in particular, increasingly affecting each and every one of us, especially cyberstalking and espionage.
In an ideal world, a perpetrator is a perpetrator, and a victim a victim, without regard to citizenship or legal jurisdiction aspects. Laws and lawmakers need to partner with the private sector, insuring victim protection is warranted, and perpetrator injunction possible, across state and national borders. To some degree, the anti-stalking laws in the United States provide for safety, in that a judge is not allowed to deny a request for a plenary order of protection, although there is a long way to go in making the processes across state borders smoother. Institutional systems need to better address gaps in procedures. The hurdles in getting to the point in the process where one is legally entitled to obtain an order remain significant.
The existing procedures are discouraging in two ways – first, there are significant hurdles when trying to serve legal documents across state and national borders, something that is a key procedure in obtaining a restraining order, without which the case would eventually be dismissed. Because cross-state proceedings fall outside County Sheriff’s office jurisdiction, I was left to my own devices. I ended up having to hire private process servers after the respondent sheriff’s office plainly refused to solve the matter, effectively telling me to not contact them again in trying to have the legal documents served to the respondent’s place of residence within their county.
Second, if the in-court proceeding drags on, as is the case if one cannot have the respondent served, the plaintiff is more likely to eventually give up, by not showing up at the appointed court date and thus having the case dismissed. After undergoing this experience, I believe that a lot of cases go unreported due to these issues, eventually falling to the side, with perpetrators free to continue their harassment towards the victim and, potentially, other unsuspecting individuals.
LIFARS: What were you biggest difficulties that you went through in your experience? What advice would you give a foreigner that is seeking justice through the American Legal System?
Lavinia: Overall, the biggest hurdles were in initially identifying the existing cyberstalking and espionage applications and acknowledging their technological capabilities, while drawing parallels to the cyberstalker’s behavioral patterns. Second, overcoming the roadblocks in filing initial and subsequent police reports, and, ultimately obtaining the order of protection by serving the legal documentation to the stalker (something that the cyber perpetrator was betting would not be possible in this case, thus his confidence in continued cyberstalking over such a lengthy period of time).
At the same time, foreign citizens should know that with sufficient information it is possible to represent themselves – ie. Pro Se – without hiring a lawyer, but they would be best served by hiring a specialist in cybersecurity and protection such as LIFARS. Be informed about the legal procedure – the Court has advisors you can speak to who will counsel you pro-bono on the next steps and requirements for each step. Ask anyone and everyone you come across for advice or to refer you to other professionals you can speak to and who can help you make progress towards your legal goal.
At times, victims might also want to be knowledgeable about alternative private resources such as process servers, that can help with overcoming existing inefficiencies in the institutional process. While I am sure there are other instances depending on the particular case, these private alternatives exist for a reason – they bridge bureaucratic gaps that traditional routes limit or do not allow for.
Last but not least, seek help and insight from others who have undergone similar experiences, whether by gathering information online in general, or seeking more in-depth information by reaching out to victims. You also need to tell everyone about the problem you are facing, whether family, friends, acquaintances or third parties including school administrators, employers or landlords, without shame, remorse or by blaming yourself, in an attempt to find protection. The problem, especially its root psychological aspects, do not lie with you – they lie with those who resort to such nefarious methods in trying to gain illegitimate access to your data in an attempt to overpower and control you, and ultimately, your personal and professional lives.
