Slashdot Mirror
Spyware Maker Indicted on Hacking Charges
An anonymous reader writes "The San Diego Union-Tribune is reporting that Carlos Enrique Perez Melara, the author of an investigative tool called 'Lover Spy,' has been indicted on 35 counts of federal hacking violations. This begs the question: if you develop and sell a software product, are you responsible for what your users choose to do with it?" From the article: "Perez, a native of El Salvador, probably is in the Los Angeles area, said Stewart Roberts, the second highest-ranking agent at the San Diego FBI office. Crime Stoppers has offered a $1,000 reward. Perez is charged with 35 crimes, each of which carries a potential five-year prison sentence if he is convicted. "
...it "raises" the question. "Begging the question" is something else completely, and you're not doing it.
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
Umm... hm. This isn't "spyware" in the sense people normally mean. These are hacking tools. "Spyware" is a word which is used to refer to software which in addition to its known function covertly transmits information back to the software author. This is nothing of the sort; it's a surveillance tool. It may be immoral or unethical to use this surveillance tool, but that doesn't mean it's a good idea to use words like "spyware". Words have meanings. If you start ignoring the meanings and deciding that if it's bad it can be referred to by the same terminology as any other bad things, language ceases to be useful.
Anyway, I find it funny that people are being prosecuted for creating tools like this at the exact same time that the government's use of tools like this is on the rise.
If you create a nuclear weapon, you should not sell it to North Korea. If you create a tank, selling it to Iran surely would not increase your merits in the western societies. If you sell guns to teenagers, you are a criminal and - as far as I am concerned - partly responsible if those teenagers start shooting their classmates.
Why of all things should you not be responsible for creating a software intended for potentially criminal purpose (here: spying on users) and giving it to people who will use it? Following this logic of non-responsibility, worm writers should not be persecuted, because the damage their creations have done was not their immediate fault.
Screw the FSM - Real geeks believe in the Invisible Pink Unicorn
a $1000 reward for a guy wanted on 35 counts? Cheepskates! Add a couple zeros to the back and I'll drag the guy in myself.
"I would say that 99 per cent of what my father has written about his own life is false." - L. Ron Hubbard Jr.
IANAL, but if a gun maker named their pistol "Felon's Favorite"(TM) or "Rob-Rite"(TM), then I'm sure they would be susceptible to either civil or criminal legal pleasantries.
Are there legitimate uses of this code? If so, then why didn't the author market it strictly for those uses and name it something a little less felonious than "Lover Spy?"
Two wrongs don't make a right, but three lefts do.
and we'll call it even
I mean, my friend says he'll bring the guy in and he and the feds can call it even...
R(k)
TFA doesn't explain this very well. Couldn't find an antivirus page about it, but here's another page mentioning the tool.
If hacking is a violation, then Linux must be illegal.
:-/
Yes, I know they mean that differently, but once laws outlaw "hackers", I wouldn't want to be counted as one..
Truth is in the eyes of the power-holder..
|| Geshem ||
I actually live in san diego and read this article yesterday. If it is the same article, this guy marketed it as a program to spy on your significant other. I think that is where the law gets him. If you distribute some code thats a trojan and slap on, "Educational purposes only, do not use on anyone without their permission, I am not responsible for your actions", then it seems the law is much more lenient. But this guy was marketing it as a tool that u send (like a greeting card) to check on your gf/bf to see if they are cheating.
No this trial doesn't mean coders are responsible for their users' actions, just responsible for how they say their program should be used
On a side not, this company started in 2001 - took 4 years for the FBI to notice & catch him. Kind of funny.
Why of all things should you not be responsible for creating a software intended for potentially criminal purpose (here: spying on users) and giving it to people who will use it?
It's not that. Many people who (of course) haven't RTFA miss the point. This isn't software which someone buys and then installs on their target's computer themselves. What they do is sign up at the site and then have that site send out an email with "You have a greeting card..." message. The victim clicks on the link to the website and views the card while, at the same time, this spyware is installed on their system automatically. So the end-user isn't the one doing the hacking and installation -- the guy running the site is the one who, in effect, does it all.
The end users are scumbags for using the service, but it's the guy who wrote it and put it up on the website and caused victims' computers to be compromised who is the guilty party here. This has nothing to do with distributing software.
Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
This begs the question: if you develop and sell a software product, are you responsible for what your users choose to do with it?
The question boils down to the intent of the author. If the program, when considered as a whole, cannot be reasonably construed to have alternative non-damaging or benign uses then it serves to demonstrate the malicious intent of the author and therefore it becomes possible to assign some responsibility for the actions of users to the original author(s). Software engineers, like other engineers, must have some code of ethics that governs the standard and intent of the programs that we produce. If you write a virus, worm, spam ware, or other "evil" type of application then you are responsible for the damage you cause to other people. You cannot demonstrate vulnerabilities or exploit code to prove a point while damaging other people's property in the process. In this case it seems that the author in question, Carlos Enrique Perez Melara, is indeed responsible for malicious intent in the collateral damage that his software caused.
Why not? Do we not treat child-porn JPGs, which are nothing but a series of numbers stored in a file, the same way we treat polariods of child-porn?
Like woodworking? Build your own picture frames.
This mis-use of "begging the question" arose in the 1980s.
"Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
"Begs the question" is a term of art in logic and debate. It's also pretty simple English, meaning "demands that we ask." To insist that *only* the term of art can be used, and the plain, simple English meaning is off-limits, is just annoying -- especially when the plain English meaning makes so much sense, and the term of art is a terrible way to describe what you mean. Besides getting to make fun of people who don't know the phrase, there's just no reason to name the logical fallacy that way.
All it takes is a reasonable (for some value of reasonable) chance that users will put your software to illegal uses and you get a ticket to jail or years of penury as you attempt to pay off the civil penalties that may be assessed against you.
This is a blatant and gross misrepresentation of the SCOTUS decision you mention. What it took in that case, was quite a load of evidence that the companies in question deliberately planned to profit, albeit indirectly from illegal uses.
Regarding a well publicized computer espionage case.
It seems, the authors of the spying tool used in this case, were arrested in the UK and are being turned over to Israel for justice.
This raises the same moral question, whether an author of the tool is responsible for the way it's being used.
Should Fire Arms companies be held responsible whenever someone uses their branded rifle to commit a crime?
Sigs are for the weak.
I'm not in favour for what he's done, but getting 175 years in prison for writing a program?
You can get less for killing a man. No wonder the prisons are already full.
Perhaps it's time to realize that it's not always the solution to lock people up for what they have done.
There are no atheists when recovering from tape backup.
I hate this constant bitching about the use of the word "hacker". Words are generally used to communicate. The word "cracker" is a word used by a small minority of geeks, and it's sole purpose is to allow the users of said word to bitch about the people who don't use it. It certainly doesn't serve the purpose of communication as most people don't even know the purported meaning the word in this context. Words whose sole purpose is to beat other people really aren't nice and the world is better off both without the word, and without those people who insist on using it.
Doesn't it make you feel good to know that our freedoms are protected by politicans, lawyers and journalists.
" I hate this constant use of the word "hacker" when the correct usage of the word should be "cracker"."
Hacking has been used to mean breaking into a computer system for decades. People are trying to change this term to cracker, not the other way around, as you suggest with "It is the media that is poisoning the word"
Vote for Pedro
How much do you want to bet that some high ranking official at the San Diego FBI office was caught cheating or at least had his email read by this program? :)
Rats would be more funny if they could fart.
First off the guy advertised the program solely as a product to spy on your lover or other people and did so by spamming. Secondly the software was not something the purchaser downloaded and installed on a machine on their own, it sent out an e-card, which directed the recepient/victim to visit a web site run by Perez. Said website then exploited a security hole in IE and installed the spyware in the background without any warning to the victim. Finally the software sent a copy of everything it recorded (and it even logged keystrokes) to Perez as well as the people who paid to spy on someone with it.
The FBI isn't going to need the PATRIOT Act to bust this guy and this guy's not the least bit innocent. He promptly dissapeared after they seized his computers, so it's pretty clear he knew what he was doing was illegal as well.
This case does nicely show why e-cards are so potentially dangerous though.
but I because freedom can be destroyed by too much freedom.
Freedom can't be destroyed by too much freedom, rather, by the abuse of it. In the ideal world, there would be no danger in open-sourcing schematics of dangerous machinery because no one would abuse that information to try and harm others. Restrictions on freedom (laws and punishments) are only justifiable because people abuse their freedom.
A big problem with a lot of Slashdotters - and a non-negligible portion of the general public - is that they read "freedom" and think "license."
He sold this for the sole purpose of being installed into a system (in violation of the law) and sending the data out.
This is creating a selling a product that sole purpose is to commit a crime.
Fight Spammers!
From the article, he collected all the information that was being sent to his clients. So he didn't just sell the software, he was collecting information that could have been used for identity theft, credit fraud, blackmail, etc.
This wasn't a simple case of selling software with the potential for abuse -- the retailer himself was one of the abusers.
I do not fail; I succeed at finding out what does not work.
This month, the Senate passed the bill protecting gunmakers from liability for the use of their products in crimes.
--
make install -not war
Gator, CyDoor, et al actually get to make money doing this, why haven't they been arrested.
because I have been enjoined by this Holy Office to abandon the false opinion which maintains that the Sun is the centre
Ownership is not a defense if the product is sold with the understanding that it will be used for illegal purposes.
"What happend to just paying for a product without being constantly nibbled to death by Credit Card Ducks?"
Begging a question is asking a question that implicitly assumes something is true that the author is trying to get you to believe. See also http://www.wsu.edu/~brians/errors/begs.html
That would make the sentence mean you are responsible for what your users choose to do with it, which is arguably false.
--dave
davecb@spamcop.net