Slashdot Mirror

← Back to Stories (view on slashdot.org)

Court Slams Door On Sale of Spyware

Posted by kdawson on from the mother-may-i-install dept.

coondoggie writes "The Federal Trade Commission yesterday had a US District Court issue a temporary restraining order halting the sale of RemoteSpy keylogger spyware. According to the FTC's complaint, RemoteSpy spyware was sold to clients who would then secretly monitor unsuspecting consumers' computers. The defendants provided RemoteSpy clients with detailed instructions explaining how to disguise the spyware as an innocuous file, such as a photo, attached to an email."

8 of 51 comments (clear)

  1. Re:BO by negRo_slim · · Score: 4, Informative

    Finding TFA severely lacking, might I recommend a more informative article from, Ars Technica.

    --
    On the Oregon Cost born and raised, On the beach is where I spent most of my days
  2. This is good. by Surreal+Puppet · · Score: 4, Insightful

    But it's stuff like this we're really after: http://en.wikipedia.org/wiki/MPack_(software). People who code professional-grade malware generally do so to profit off of it. It's well known that in the existing ecosystem of digital crime the malicious hackers themselves rarely act as attackers in large-scale id/credit card theft; instead they sell it to people who do. Quoting this extremely enlightening interview: http://www.securityfocus.com/news/11476

    "The project is not so profitable compared to other activities on the Internet. It's just a business. While it makes income, we will work on it, and while we are interested in it, it will live. Of course, some of our customers make huge profits. So in some ways, MPack could be looked at as a brand-name establishment project."

    This particular piece of spyware is amateur stuff, aimed at paranoid spouses/bosses, but if we can hit the business of selling spyware (probably requiring the cooperation of the international banking system, as well as the governments of china and russia) it would totally cripple large-scale internet crime as we know it. It's a pipe dream, of course. But one can always dream.

    1. Re:This is good. by BountyX · · Score: 2, Interesting

      Credit card numbers are sold for 15$ a pop on irc. Social security numbers can run from 2-10 bucks. Now imagine stealing a backup tape with 15 million records...

      --
      Trying to install linux on my microwave, but keep getting a kernel panic...
  3. Re:but why? by pseudonomous · · Score: 5, Insightful

    Ultimately, hopefully, the issue which will get the defendants in trouble will not be that they sold the keylogger software OR that they provided tutorials on how to trojan it into unwitting victims computers, but rather that THEY stored illegally obtained software on THIER server. Otherwise, this sets a dangerous precident where someone decides that software which potentially has valid uses, is declared illegal. (It's convoluted but you can imagine a case where someone might have a legitimate use for using keylogger software) It's like the whole "right to bear arms thing", just becuase someone shoots his neighbor doesn't mean guns should be illegal. (they should be, IMO, but this isn't the reason)

  4. Re:but why? by moteyalpha · · Score: 3, Interesting

    Well I am seeing a paradox here because the NSA designs and creates tools like this and makes manuals to explain how to use it. Now they can say they are using it for a legal purpose, however if the mere fact of having something that could be used in a sneaky way is illegal then they would be guilty of possessing a criminal artifact. If creating the stuff is illegal, whoever contracts with a government agency to produce this stuff is criminal by this strict an interpretation. It seems to imply that a citizen can commit a crime and a bureaucrat cannot.

  5. Re:but why? by Surreal+Puppet · · Score: 3, Interesting

    You mean like the catch-all German "hacker program" law, that has had the entire security industry up in arms? The one where you could in theory get arrested for possessing a copy of NMap?
    www.schneier.com/blog/archives/2007/08/new_german_hack.html

  6. Re:Good intentions and all that... by TapeCutter · · Score: 2, Informative

    Ok, so "spyware" is a type of "malware", so define "malware"? - Can you see where I am going? - What is the magic algorithim that determines if an application is "malware"?

    --
    And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
  7. Valid REason for HAving KeyLogger by wizzerking · · Score: 2, Informative

    I am a software developer for some companies, and we have included as part of the test installation keylogger software, as well as mouse clicking software, because with out this log of information we found that humans have no clue as to the path that was used to create a problem in the software. So this a very very legitimate use of the keylogger software, and mouse clicking software when the tester, is running our program. Other times I have used keylogger, and mouse clicking software on a customer's computer just to diagnose an issue the customer was having, and found that some one on the cleaning crew was using the computers as a gaming network, the company was unaware of this activity until I installed this invisible software on their computers with their permission. When everything settled down, then I was paid to remove the keylogger, and mousing logging software.