Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spyware Maker Indicted on Hacking Charges

Posted by Zonk on from the consider-what-you-code dept.

An anonymous reader writes "The San Diego Union-Tribune is reporting that Carlos Enrique Perez Melara, the author of an investigative tool called 'Lover Spy,' has been indicted on 35 counts of federal hacking violations. This begs the question: if you develop and sell a software product, are you responsible for what your users choose to do with it?" From the article: "Perez, a native of El Salvador, probably is in the Los Angeles area, said Stewart Roberts, the second highest-ranking agent at the San Diego FBI office. Crime Stoppers has offered a $1,000 reward. Perez is charged with 35 crimes, each of which carries a potential five-year prison sentence if he is convicted. "

17 of 233 comments (clear)

  1. I think you mean... by jpellino · · Score: 3, Informative

    ...it "raises" the question. "Begging the question" is something else completely, and you're not doing it.

    --
    "Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
    1. Re:I think you mean... by Osty · · Score: 4, Informative

      ...it "raises" the question. "Begging the question" is something else completely, and you're not doing it.

      Thank you! I was just as annoyed, and so went off to research rather than try for a first post. Thus, an explanation.

    2. Re:I think you mean... by Anonymous Coward · · Score: 2, Informative
      From the link you provided:
      The meaning you give is the newest. It is gaining ground, and one or two recent dictionaries claim that it is now acceptable--the New Oxford Dictionary of English, for example, says it is "widely accepted in modern standard English". I wouldn't go so far myself. Because of possible confusion over what you actually mean, and inevitable condemnation from people who have taken the trouble to find out what it once did mean, it's better avoided altogether.
      So it still sounds like it is the wrong usage to me.
  2. Uh, backorifice is not "spyware" by Anonymous Coward · · Score: 5, Informative

    Umm... hm. This isn't "spyware" in the sense people normally mean. These are hacking tools. "Spyware" is a word which is used to refer to software which in addition to its known function covertly transmits information back to the software author. This is nothing of the sort; it's a surveillance tool. It may be immoral or unethical to use this surveillance tool, but that doesn't mean it's a good idea to use words like "spyware". Words have meanings. If you start ignoring the meanings and deciding that if it's bad it can be referred to by the same terminology as any other bad things, language ceases to be useful.

    Anyway, I find it funny that people are being prosecuted for creating tools like this at the exact same time that the government's use of tools like this is on the rise.

    1. Re:Uh, backorifice is not "spyware" by ejito · · Score: 5, Informative

      Yep... It's definitely a tojan. Spyware is usually a program you install and use regularly with (usually stated in the EULA) privacy invasions for marketing purposes.

      This program hides itself as a greeting card program, that you only look at once, and then sets up a spy-app in the background, which is more akin to a trojan horse than normal spyware (such as gatorsoft crapware), especially since it has the ability to launch a webcam.

      It's implicit for what this app is used for, and the creator deserves to get his ass handed to him for selling the product (89 bucks? christ!). Everyone who says he wasn't the one using the app should RTFA. The trojan was installed through a greeting card from email, in otherwords from the merchant himself. He also received the same information his clients got (therefore was using the applications also). Not only that, but he deserves to be charged with spam offenses.

  3. Re:Why should you not be responsible? by DoktorTomoe · · Score: 2, Informative

    You've missed my point.

    There are tools, and there are weapons. A tool like for network testing does exactly this: network testing. Spyware or more specificaly trojans like the one mentioned in the FA, are buiold to spy. Worms are build to destroy or to do other criminal deeds such as - for example - spam or doing DDOS attacks.

    I have nothing against tools to create - but I think writing malicious things and releasing them should result in some part of liability for the creator if his/her creation is actually used.

    --
    Screw the FSM - Real geeks believe in the Invisible Pink Unicorn
  4. Re:Why should you not be responsible? by grolschie · · Score: 2, Informative

    If you create a nuclear weapon, you should not sell it to North Korea. If you create a tank, selling it to Iran surely would not increase your merits in the western societies.

    Do you mean kinda like like how Donald Rumsfeld sold WDMs and US-made Helicopters to Saddam?

  5. Dislaimer and Intent by zbyte64 · · Score: 5, Informative

    I actually live in san diego and read this article yesterday. If it is the same article, this guy marketed it as a program to spy on your significant other. I think that is where the law gets him. If you distribute some code thats a trojan and slap on, "Educational purposes only, do not use on anyone without their permission, I am not responsible for your actions", then it seems the law is much more lenient. But this guy was marketing it as a tool that u send (like a greeting card) to check on your gf/bf to see if they are cheating.
    No this trial doesn't mean coders are responsible for their users' actions, just responsible for how they say their program should be used
    On a side not, this company started in 2001 - took 4 years for the FBI to notice & catch him. Kind of funny.

  6. Nothing to do with giving out software! by nacturation · · Score: 2, Informative

    Why of all things should you not be responsible for creating a software intended for potentially criminal purpose (here: spying on users) and giving it to people who will use it?

    It's not that. Many people who (of course) haven't RTFA miss the point. This isn't software which someone buys and then installs on their target's computer themselves. What they do is sign up at the site and then have that site send out an email with "You have a greeting card..." message. The victim clicks on the link to the website and views the card while, at the same time, this spyware is installed on their system automatically. So the end-user isn't the one doing the hacking and installation -- the guy running the site is the one who, in effect, does it all.

    The end users are scumbags for using the service, but it's the guy who wrote it and put it up on the website and caused victims' computers to be compromised who is the guilty party here. This has nothing to do with distributing software.

    --
    Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
  7. try again... by jpellino · · Score: 3, Informative

    This mis-use of "begging the question" arose in the 1980s.

    --
    "Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
  8. Re:According to the Supreme Court you may be guilt by sribe · · Score: 2, Informative

    All it takes is a reasonable (for some value of reasonable) chance that users will put your software to illegal uses and you get a ticket to jail or years of penury as you attempt to pay off the civil penalties that may be assessed against you.

    This is a blatant and gross misrepresentation of the SCOTUS decision you mention. What it took in that case, was quite a load of evidence that the companies in question deliberately planned to profit, albeit indirectly from illegal uses.

  9. Similair case in Israel by HateBreeder · · Score: 2, Informative

    Regarding a well publicized computer espionage case.

    It seems, the authors of the spying tool used in this case, were arrested in the UK and are being turned over to Israel for justice.

    This raises the same moral question, whether an author of the tool is responsible for the way it's being used.

    Should Fire Arms companies be held responsible whenever someone uses their branded rifle to commit a crime?

    --
    Sigs are for the weak.
  10. Justice Souter may answer your question ... by stumbler · · Score: 2, Informative
    The MGM v. Grokster ruling may answer your question. While Grokster is a copyright case, it seems this ruling could be used to create third party liability for the software maker in this case.
    "Justice Souter delivered the opinion of the Court.
    The question is under what circumstances the distributor of a product capable of both lawful and unlawful use is liable for acts of copyright infringement by third parties using the product. We hold that one who distributes a device with the object of promoting its use to infringe copyright, as shown by clear expression or other affirmative steps taken to foster infringement, is liable for the resulting acts of infringement by third parties."
  11. Re:According to the Supreme Court you may be guilt by Maestro4k · · Score: 2, Informative
    If the Supreme Court decision, in its recent case regarding P2P software, is followed the makers of software may be responsbile for the illegal use of their products. All it takes is a reasonable (for some value of reasonable) chance that users will put your software to illegal uses and you get a ticket to jail or years of penury as you attempt to pay off the civil penalties that may be assessed against you. Now all it will take is for the FBI to discover that some "potential terrorist" used this software and Mr. Perez can kiss his rights to trial, an attorney, etc. goodbye thanks to THE PATRIOT Act. Sheeze, read the article before you troll. Someone else has already commented on how you've misinterpreted the SCOTUS decision so I'll comment on how none of what you say applies in this case.

    First off the guy advertised the program solely as a product to spy on your lover or other people and did so by spamming. Secondly the software was not something the purchaser downloaded and installed on a machine on their own, it sent out an e-card, which directed the recepient/victim to visit a web site run by Perez. Said website then exploited a security hole in IE and installed the spyware in the background without any warning to the victim. Finally the software sent a copy of everything it recorded (and it even logged keystrokes) to Perez as well as the people who paid to spy on someone with it.

    The FBI isn't going to need the PATRIOT Act to bust this guy and this guy's not the least bit innocent. He promptly dissapeared after they seized his computers, so it's pretty clear he knew what he was doing was illegal as well.

  12. Re:email? by Maestro4k · · Score: 2, Informative
    How does reading plain text let someone into your computer? It doesn't and didn't. The article explains what was going on. The e-card directed the victim to a website to view it. That website (run by Perez incidentally) then exploited a security hole in IE and installed the spyware in the background without warning.

    This case does nicely show why e-cards are so potentially dangerous though.

  13. No. You read it. by www.sorehands.com · · Score: 2, Informative

    He sold this for the sole purpose of being installed into a system (in violation of the law) and sending the data out.

    This is creating a selling a product that sole purpose is to commit a crime.

    --
    Fight Spammers!
  14. The Grumpy Grammarian speaks ... by davecb · · Score: 2, Informative
    ..and saith "This begs the question" really means "you're lying".

    Begging a question is asking a question that implicitly assumes something is true that the author is trying to get you to believe. See also http://www.wsu.edu/~brians/errors/begs.html

    That would make the sentence mean you are responsible for what your users choose to do with it, which is arguably false.

    --dave

    --
    davecb@spamcop.net