Could cyber stalking be over for the rich and famous?
We’ll send you a myFT Daily Digest email rounding up the latest Cyber Security news every morning.
In the early 1980s, a young man became so obsessed with Hollywood actress Jodie Foster after seeing her in the film Taxi Driver that he attempted to assassinate US president Ronald Reagan in a bid to gain her attention. His many handwritten letters to her went unanswered and he didn’t stop hounding her until he had been arrested for shooting the US leader.
Harassment of high-profile individuals continues to happen; it has just expanded its range. Physical threats are still common, but much of today’s unwanted attention occurs online, under the cloak of anonymity.
“Public shaming used to take place in the town square, but now people are stalked and hounded online,” says Hollywood-based criminal lawyer Blair Berk in an interview with the FT. Berk has represented celebrities such as Selma Blair, Britney Spears, Leonardo DiCaprio and Mel Gibson, on various legal matters, including dealing with stalkers. “People can tweet and post on TikTok or do an Instagram story about someone in a matter of seconds and reach tens of millions of people in minutes, with devastating consequences,” she adds.
Cyber stalking and online harassment of celebrities have increased during the pandemic, lawyers say, as has online abuse of politicians and wealthy businesspeople. People spending time at home have had more opportunities to pick on their targets. The internet, with its scope for anonymity and its absence of gatekeepers, enables speedy and vicious attacks.
Thomas Rudkin, a partner in the reputation management team at law firm Farrer & Co in London, says that, when he started out as a lawyer a decade ago, he was handling cases of harassment that mainly involved handwritten letters. In one case, the harasser leafleted homes in the street where the victim lived with “nasty material”, he says. “But now, more and more of the abuse and contact happen through digital means, via social media or email.”
As a result, specialist security firms now offer to protect people from such threats. Among the best-known operators is London-based Defuse, a threat and intelligence consultancy that works with individuals to maintain “peace of mind, at home, online and in the public eye”. It says it “combines psychology and intelligence to identify, assess and mitigate threats and risks to prominent people and brands”.
Philip Grindell, founder and chief executive, was previously a detective in London’s Metropolitan Police. “I saw there was a gap in the market for people who were subjected to the same things MPs are,” he says. “Nobody was providing them with the same level and expertise that we had with our understanding of the threats and issues around public figures.”
One of his roles in the police was to assess the danger to politicians, after the death of Jo Cox in 2016. The British MP was murdered on the way to a meeting with her constituents. Grindell was also involved in the investigation of a white supremacist who was part of a failed plot to murder another MP, Rosie Cooper, in 2017.
Since setting up Defuse in 2019, Grindell has supported the security teams of more than 30 prominent businesspeople, including directors of global brands, in assessing threats of violence against them. His consultancy fees start at around £2,500 a day.
To assess risks and manage online reputations Defuse has a team of behavioural psychologists. When they identify a threatening individual behind an online profile they inform clients, to help allay their fears about an “unknown” person. Defuse liaises with social media platforms to remove profiles and posts, and with lawyers to secure injunctions. The company also uses “scraping” software to provide early warnings of possible online threats.
“People assume that getting a protection team or bodyguard is going to solve the problem but, when the security teams go home and they start to look at their phone, it’s all still there,” says Grindell. “The psychological harm is debilitating. I’ve had CEOs crying on my shoulder. It all becomes too much for them to handle alongside running their businesses.”
Among prominent businesspeople who have faced harassment is Tim Cook, Apple’s chief executive. Julie Lee Choi, who allegedly threatened and stalked him both physically and online, was ordered in March by a Californian court not to go within 200 yards of him for three years, nor to communicate with him electronically.
Another tech boss, Tuhina Singh, chief executive of Singaporean company Propine, was ‘doxxed’ — she had personal details published online — and trolled after being mistakenly identified as a woman arrested for refusing to wear a facemask during the pandemic.
In the UK, Gina Miller, a campaigner on Brexit and transparency in financial products, has been vocal for many years about online hate messages sent to her. She says some abuse escalated into real-life verbal attacks, leading her to hire security for herself and her family.
“Taking part in public life in any way can lead to increased scrutiny and, unfortunately, often unwanted attention,” says Caroline Thompson, an associate in the media and reputation team at law firm Withers in London. “A lucky few will have no real need to maintain any significant online presence or profile and can fly under the radar, reducing both the risk of attracting unwanted attention and a would-be harasser’s ability to gain easy access to them. But, for many, especially those in the public eye, not engaging online is simply not a viable option.”
If people do become the target of unwanted attention, how should they respond? The steps to take will depend on factors such as the identity of the harasser and the relationship (if any) with them, as well as the nature of the harassment and the impact it is having on the person targeted. “Sometimes, a jilted lover will find the end of a relationship hard to deal with and embark on a path that spirals into harassment,” says Thompson.
“This is very different to the position of someone awash in a sea of hate and abuse from unknown individuals, like the women targeted in the Gamergate movement after they sought to shine a light on discrimination in the [videogaming] industry.”
Some people may want to simply quit social media, but advisers say this can make the perpetrator feel they have “won” and embolden them to abuse others. An alternative is to block accounts or report certain posts on social media.
“Sometimes, we have to talk people down from responding to the abuser in a public forum,” says Rudkin at Farrer & Co. “They are understandably outraged about what people are saying about them online, but if that account has only got five followers it may not be worth engaging with them at all. More often than not, if you ignore them they go away.”
While it is tempting to hit the delete button after receiving an unwanted message, that is not the right thing to do, according to security advisers. They say it is important to keep a record of a campaign of harassment; and recommend keeping a diary and taking screenshots, or asking for help if it is too distressing to read the communications. It is also useful to keep a clear chronological record of all instances of harassment, whether online or in person, so that these can be shared with the police and professional advisers.
Individuals can employ companies to identify a harasser. “This exercise is particularly important where there is no personal connection and no real insight into the harasser,” says Thompson. It is more thorough than a Google search and there is no need for the victim themselves to spend hours trawling through a harasser’s online activity. The investigating company will raise an alarm about any problematic material or information.
If the harasser is anonymous, the courts can be asked to order third parties, such as social media companies or websites, to disclose the person’s identity. Alternatively, the police may be able to ascertain this information. The courts can also, in certain circumstances, issue injunctions against “persons unknown” where the identity of those behind the action is unclear.
Once armed with information about the harasser, the victim can take action. Harassment is both a civil and a criminal offence in countries such as the UK and US. This means any concerns about harassment online or cyber stalking can be reported to the police or action can be taken in the civil courts by seeking an injunction and/or damages.
Back in Hollywood, Berk says the challenge for victims of harassment is choosing the right way to deal with it. “The method by which you confront and attempt to end this harassment can itself create additional targeting,” she says. “In California, our restraining order courts are covered by tabloid media, and journalists constantly monitor who is making an application for those orders. The press generated from those stories can actually embolden the stalkers and, at the same time, create a new group of harassers and targeters.”
Jonathan Arr, a partner in the private client disputes team at law firm Macfarlanes in London, has vast experience in this field, acting for multinationals and wealthy individuals. He offers a similar warning about the media in the UK: “When private information appears in the media, the temptation can be to bring legal action to prevent it going further. But, as countless high-profile individuals have found, such action may result in more, not less, scrutiny, even if the claim succeeds.”
Wealthy people worried about becoming targets can pay companies to perform digital audits of their presence on social media and the rest of the internet to see what the average person can find out about them — for example, where they live, where their children go to school and their car registration number. These cyber sleuths will comb through a client’s smartphones, laptops, tablets and cloud accounts, analyse two-step authentication and complex passwords, and install cyber security software on their home and work networks. Audits cost between £2,500 and £15,000 as a one-off fee, then a few thousand pounds for annual checks.
Data audit companies also act as “cyber bodyguards”, flagging up unusual activity on people’s devices and building “threat intelligence”, or information on potential risks of attack on prominent individuals.
Among the organisations that offer physical and online security for billionaires is Concentric Advisors in the US. It claims to have “safeboarded some of the most well-known and influential individuals on seven continents”. Its digital protection services include removing information that poses reputational risks or could be used in cyber attacks, targeted activism, doxxing or harassment of employees, and taking care of imposter social media accounts and unwanted content.
“Younger people are particularly exposed online,” says Ben Rose, a partner at Hickman & Rose solicitors in the UK. “Their Instagram posts can often be full of the places they have been, things they have done and the people they hang out with. This gives away a great deal about them that can, in the wrong hands, be misused.”
Even prominent people who try to maintain a low online profile, or none at all, are at risk, says Grindell. He gives the example of a client who asked for help with a hostile former employee who was hounding him. “My client asked us to see what we could find online about him. He said, ‘You won’t find anything on me. I don’t have a social media presence’, but he didn’t realise that other people were revealing things about him on platforms such as Instagram and Facebook,” Grindell says he was able to find out which club his client played golf at, and on which days, and the name of his yacht. “So, even if you don’t have a public profile online, there is information out there and, if people want to find it, they can.”
This article is part of FT Wealth, a section providing in-depth coverage of philanthropy, entrepreneurs, family offices, as well as alternative and impact investment
Get alerts on Cyber Security when a new story is published