A Hacker Has Wiped a Spyware Company's Servers -- Again (vice.com)

← Back to Stories (view on slashdot.org)

A Hacker Has Wiped a Spyware Company's Servers -- Again (vice.com)

Posted by msmash on Friday February 16, 2018 @07:21AM from the no-mercy dept.

Last year, a vigilante hacker broke into the servers of a company that sells spyware to everyday consumers and wiped their servers, deleting photos captured from monitored devices. A year later, the hacker has done it again. Motherboard: Thursday, the hacker said he started wiping some cloud servers that belong to Retina-X Studios, a Florida-based company that sells spyware products targeted at parents and employers, but that are also used by people to spy on their partners without their consent. Retina-X was one of two companies that were breached last year in a series of hacks that exposed the fact that many otherwise ordinary people surreptitiously install spyware on their partners' and children's phones in order to spy on them. This software has been called "stalkerware" by some.

64 comments

Min score:

Reason:

Sort:

I cannot say I feel bad for these companies by Anonymous Coward · 2018-02-16 07:28 · Score: 5, Insightful

That a company like these should even exist is not really open to debate. It's one thing for warranted police to do this; it's quite another for the average man on the street to have this capability. As a 20-year systems administrator with loads of ability to see everything on the network, I never am tempted to do so. Unless and until HR asks me to engage in such an activity, I will never do it. People have a right to their privacy. Even here at work, I never go looking through user histories, etc. Let them do what they will short of breaking the law.
1. Re:I cannot say I feel bad for these companies by Anonymous Coward · 2018-02-16 07:50 · Score: 0
  
  That a company like these should even exist is not really open to debate. It's one thing for warranted police to do this; it's quite another for the average man on the street to have this capability. As a 20-year systems administrator with loads of ability to see everything on the network, I never am tempted to do so. Unless and until HR asks me to engage in such an activity, I will never do it. People have a right to their privacy. Even here at work, I never go looking through user histories, etc. Let them do what they will short of breaking the law.
  You would be shocked to learn what DoD dismisses under the latest Insider Threat monitoring requirements...Privacy concerns don't even begin to describe it.
2. Re:I cannot say I feel bad for these companies by HiThere · 2018-02-16 07:53 · Score: 2
  
  I'm not really sure I approve of the police doing this any more than a random citizen. At the very least it should require approval by three separate courts and a public notice (which the target, of course, anonimized). And public notice doesn't mean a posting in some inaccessible place, but listing on a web page, something like:
  2018/02/18 15:27 warrant approved until 2018/02/25 15:30 to (stalk?..need better description) (some explicit description of what is to be surveilled).
  The explicit description of the target should probably by a value generated by a hash function of the IP address.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
3. Re:I cannot say I feel bad for these companies by Anonymous Coward · 2018-02-16 08:15 · Score: 0
  
  OP here. While I agree in principle, there are circumstances where this is not feasible. Case in point is where police suspect a given target is trafficking child porn and need to get in fast to secure evidence. A single judge is all it takes for this and all it should take. I've worked many network investigation cases back when I worked for UUNET (anyone remember them?) and this kind of evil needs to be dealt with swiftly. If the police need multiple courts and multiple levels of permission before they take action, a suspected pervert could easily destroy/hide/remove evidence if they suspect they are going to be taken down. All it takes is to swap HDDs and throw the evidence in a river or lake. Most criminals still don't encrypt their drives, but increasingly they do. I still do a fair amount of data rescue and I work with the police on a fairly regular basis. More and more, computers are being used less and less as mobile devices are easier to traffic. In that case, Celebrite to the rescue.
4. Re:I cannot say I feel bad for these companies by Mnemennth · 2018-02-16 08:18 · Score: 1
  
  -- I think we've pushed this "anyone can grow up to be president" thing too far.
  I think this was quite the more thought-provoking part of your post. ;) mnem Thanks for that! :D
5. Re:I cannot say I feel bad for these companies by Anonymous Coward · 2018-02-16 08:32 · Score: 0
  
  Okay, troll, I'll bite. Other than the financial cost to the taxpayers, what is the advantage of wasting the time of the other two courts?
  What value do you see in publishing the warrants? Your approach, of course, will tell people who are being surveilled, which is at best disingenuous and most likely malicious. I certainly see the cost in slandering people who are wiretapped and then not charged.
6. Re:I cannot say I feel bad for these companies by Anonymous Coward · 2018-02-16 08:35 · Score: 1
  Privacy for all, or privacy for none.
  Allowing specific exceptions for anyone opens holes that can not be closed.
  You seem to be under the mistaken impression that police don't lie to get warrants, but they do:
  
  http://www.nydailynews.com/new-york/nypd-cops-accused-lying-search-warrant-grand-jury-article-1.2974872
  http://www.baltimoresun.com/news/maryland/baltimore-city/bs-md-ci-officer-perjury-20131120-story.html
  And you also seem to believe that police are trustworthy, unfortunately, they're not: https://www.denverpost.com/2016/09/28/across-us-police-officers-abuse-confidential-databases/
7. Re:I cannot say I feel bad for these companies by Actually,+I+do+RTFA · 2018-02-16 08:40 · Score: 1
  
  So a public notice that I'm being wiretapped? That doesn't sound... counterproductive.... at all. And multiple courts would arrive at difference decisions because??
  
  --
  Your ad here. Ask me how!
8. Re:I cannot say I feel bad for these companies by jellomizer · 2018-02-16 08:59 · Score: 1
  
  I disagree this can be up to debate.
  There are Black Hat Spyware companies: Which are meant to go onto anyone's PC and all the data is just used for the company. (Clicking a link in an forged email...)
  This company is in a Gray Zone. Using such tools to monitor your kids computing habits isn't necessary bad (As your children have limited rights, which are often overrides by their patients). Then the issue if you have a Work Issued computer, for Work use, while not good HR Policy, it is their equipment to be used how they see fit, even it it means monitoring what you do on that device. However there is a lot of sliding scale arguments where it could get dark rather quickly.
  While I agree a Company shouldn't be monitoring people private activity. However the employee is using the employers property and rules limited on what they can and can't do on their computers, is just as scary as them spying on my own use.
  
  --
  If something is so important that you feel the need to post it on the internet... It probably isn't that important.
9. Re:I cannot say I feel bad for these companies by Anonymous Coward · 2018-02-16 09:09 · Score: 0
  
  i think in this day and age, companies like this should exist! and exactly for the reason of creating headlines like the above and helping technical people educate non technical people.
  This is the exact same shit that the TLA's are trying to do every time they suggest government back-doors. Now whether these companies have a viable business plan for long term growth is their own problem.
10. Re:I cannot say I feel bad for these companies by HiThere · 2018-02-16 11:50 · Score: 1
  
  The advantage is it makes it a bit harder to just go to one judge who always rubberstamps everything "ok". It's not a great improvement, but it's a bit of one. I just couldn't think of anything that would really mean they had to actually show cause.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
11. Re:I cannot say I feel bad for these companies by HiThere · 2018-02-16 11:51 · Score: 1
  
  Did you notice that the identification of who was being wiretapped was hash coded? You can't easily tell who the target it, but it can be easily validated that the target was the one specified.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
12. Re:I cannot say I feel bad for these companies by rtb61 · 2018-02-16 12:54 · Score: 0
  
  You know I once had a problem with poor email behaviour at a company. My solution, make everyone's email accessible by everyone else, things quietened down real fast. A full absence of privacy seems to work far better than a partial absence of privacy (some keeping theirs whilst other loose theirs). When everyone looses it, things seem to stabilise real quick, overnight in fact, sometimes the simplest solution is the best.
  
  --
  Chaos - everything, everywhere, everywhen
13. Re: I cannot say I feel bad for these companies by Anonymous Coward · 2018-02-16 13:15 · Score: 0
  
  CP is not an actual problem. Burrying the evidence of abuse has no effect on whether the abuse occurs.
  CP possession should be legalized (but not production, obviously) because if it was illegal to buy or sell it but legal to pirate it, nobody would purchase any, thus destroying the black market for the material instantly. And there would be no incentive to produce it. Furthermore, it would make it more likely the producers of that material would be caught if people could report that they recognized an abuser without fear of being locked up.
  Long story short, you're wasting your time.
14. Re: I cannot say I feel bad for these companies by jasko2007 · 2018-02-17 02:52 · Score: 1
  
  That's right! Fuck the privacy!! I don't have nothing to hide. I ll give Facebook Twitter access to anyone who wants to see it. They all talk about privacy, cowards who conceal something. what are you hiding?
15. Re: I cannot say I feel bad for these companies by Brockmire · 2018-02-17 14:50 · Score: 1
  
  Fuck you, you are fucking dumb and evil.
Hopefully that spyware company in Redmond by Anonymous Coward · 2018-02-16 07:36 · Score: 2, Funny

but we are not that lucky.
And nothing by Anonymous Coward · 2018-02-16 07:36 · Score: 0

of value was lost.
Big fucking deal by Anonymous Coward · 2018-02-16 07:38 · Score: 0

So they restore the backup, and life goes on.
1. Re:Big fucking deal by Anonymous Coward · 2018-02-16 07:52 · Score: 0
  
  And the hacker goes to jail. His life becomes a lot more limited.
2. Re:Big fucking deal by K.+S.+Kyosuke · 2018-02-16 08:26 · Score: 1
  
  They should have put spyware in the spyware.
  
  --
  Ezekiel 23:20
A legit use? by Robert+Goatse · 2018-02-16 07:52 · Score: 0

Does using software to monitor your children's activity warrant a vigilante destroying a private company's data? The article reads a bit click-baity to me.
1. Re:A legit use? by Calydor · 2018-02-16 08:14 · Score: 2
  
  Does using software to monitor your ex-girlfriend's activity warrant a vigilante destroying the data you uploaded to a private company?
  
  --
  -=This sig has nothing to do with my comment. Move along now=-
2. Re:A legit use? by chispito · 2018-02-16 08:18 · Score: 1
  
  Does using software to monitor your children's activity warrant a vigilante destroying a private company's data? The article reads a bit click-baity to me.
  For that matter, maybe the parents told their kids they put the software on their devices.
  
  --
  The Daddy casts sleep on the Baby. The Baby resists!
3. Re:A legit use? by cascadingstylesheet · 2018-02-16 08:20 · Score: 1
  
  Does using software to monitor your children's activity warrant a vigilante destroying a private company's data? The article reads a bit click-baity to me.
  For that matter, maybe the parents told their kids they put the software on their devices.
  Precisely. "Monitoring your own kids' behavior" is neither evil nor criminal.
4. Re:A legit use? by Anonymous Coward · 2018-02-16 08:23 · Score: 2, Informative
  
  I run a Raspberry Pi running Pi-hole for my kids. I don't whitelist them, I blacklist the things I don't want them to see or use. With age comes more availability. In addition to blocking ads, beacons, and tracking evil at the DNS level, the Pi-hole allows you to truly see what happens at the DNS level on your personal network. It's pretty eye opening to see what's phoning "home". I never knew my Netgear router needed to phone Disney due to the child protection element built in (now nixed). It's alarming to see how much chatter Windows machines engage in with the mothership (again, nixed). You may not can turn off all of the Windows telemetry, but you can nix the DNS calls to the telemetry servers easily.
5. Re:A legit use? by b0s0z0ku · 2018-02-16 08:32 · Score: 5, Insightful
  
  yes, kids should have freedom to run around and not be stalked by their parents. same as we did in the 90s. fuck this company, hope the hacker did some real and permanent damage. it's called trust.
6. Re:A legit use? by pr0fessor · 2018-02-16 08:40 · Score: 1, Informative
  
  I told my kids I could track the gps on their phones to make sure they were where they said they would be. I had to ask the older kids to take a picture that proved where they where and send it but my oldest son was before smart phones so I actually I had to drive by and make sure he was there. My parents relied on the fact that we lived in a small town and I couldn't do anything without someone telling my mom before I got home.
  I have exterior security cameras because although it's a nice neighborhood we get break ins around the holidays when people are on vacation.
  My youngest son was questioned by the police recently about a robbery and I was able to prove on my security cameras he was home during the time.
7. Re:A legit use? by b0s0z0ku · 2018-02-16 08:40 · Score: 1
  
  what about monitoring a spouse or partner without their consent -- or even pressuring them to consent? nah. fuck this software. hope the entity that created it so be bankrupt next year.
8. Re:A legit use? by b0s0z0ku · 2018-02-16 08:48 · Score: 1
  
  the burden of proof is on the cop scum, not you or your kids to prove innocence.
9. Re:A legit use? by jellomizer · 2018-02-16 09:01 · Score: 1
  
  This type of software falls well into a gray area. They will market people who are interested in spying on others. So while there are legit good uses for it, it is easily open for abuse.
  
  --
  If something is so important that you feel the need to post it on the internet... It probably isn't that important.
10. Re:A legit use? by MaryannG · 2018-02-16 09:03 · Score: 2, Insightful
  
  "cop scum"? You sure that's the term you want to use? If so, does your answer change if they're investigating a robbery that YOU were the victim in? And before you answer, understand there is a difference between "investigating" and "charging". Further, while the OP may or may not have intended to use the word, "robbery" involves the use of violence or threat of violence...which is different than "theft". If it was you who'd had a gun stuck into your face and relieved of your wallet, I'm confident you'd likely prefer the "cop scum" to investigate possible perpetrators. Choosing your words wisely is one of the hallmarks of maturity.
  
  --
  Social Media Handywoman at Texas Boys Balloo
11. Re:A legit use? by The+Grim+Reefer · 2018-02-16 09:06 · Score: 2
  
  yes, kids should have freedom to run around and not be stalked by their parents. same as we did in the 90s. fuck this company, hope the hacker did some real and permanent damage. it's called trust.
  I grew up a few decades before you and was thinking the same thing. But one thing that you and kids today don't have to keep them in line is the fear that we had. Don't get me wrong, I did plenty of stupid shit when I was a kid. But we had corporal punishment at school back then. Which sucked and hurt a bit. But we also knew it was nothing compared to what we would get when we got home. It was the same if we got caught by the police or a neighbor turned us in to our parents. I think by the 90's it's unlikely that you had to worry about being ratted out by your neighbors. Either way, we had to think about whether or not what we were doing was worth the ass whooping we would get for getting caught. It was pretty clear to me that as a child I had absolutely no rights.
  I'm not sure how I feel about this app being able to track kids. I seriously doubt it's legal to use this on an adult without their consent. It probably violates several wire tapping laws. However, they don't really exist for children. I can certainly see how some parents may want to use this. One things for sure, you're pretty much guaranteed that kids today will have their phone on them if nothing else.
12. Re:A legit use? by b0s0z0ku · 2018-02-16 09:08 · Score: 0
  
  there's nothing that obligates me to like or respect most cops.
13. Re:A legit use? by Anonymous Coward · 2018-02-16 09:23 · Score: 0
  
  You can think whatever you want. Your behavior toward them, however, carries an obligation.
  PS Your attitude seems like a big deal to you, but nobody else cares.
14. Re:A legit use? by MaryannG · 2018-02-16 09:50 · Score: 1
  
  "there's nothing that obligates me to like or respect most cops." "Most"? Really? Not all? Because labeling them as "cop scum" comes with no qualifiers or disclaimers. I'll guess since you walked your comment back even that much, you may have discerned the issue in your first comment. Investigating isn't "scum" action. I expect that if YOU were wrongly suggested to be a possible suspect in a robbery that you'd appreciate the police to do a competent and thorough investigation of you (assuming you DIDN'T do the crime) as opposed to hauling you in and beating a "voluntary" confession out of you, right? If you had video evidence that allowed them to cross your name off a list in under a minute, I'll go ahead and suggest that practicality will tell your attitude to shut up and sit down until after the nice officer has gone away satisfied you're not the droid they're looking for. Seriously, nobody likes the police...until they need them. You, possibly, have been blessed with an existence that, so far, hasn't informed your opinion better in a moment of actual need. And if that's the case, good for you. But in a civil society with rules, there are those who are needed to enforce those rules and bring to justice those who break them. That is the implied covenant we all agree to in order to live in a civilized society...whether you consciously agree or not.
  
  --
  Social Media Handywoman at Texas Boys Balloo
15. Re:A legit use? by b0s0z0ku · 2018-02-16 10:01 · Score: 1
  
  I'm pretty sure I wouldn't like the police even after I needed them. The one time I "needed" them, their response was utterly bungled and useless.
16. Re:A legit use? by Anonymous Coward · 2018-02-16 10:08 · Score: 1
  
  Bullshit. The whole community watched you, and held you accountable for your actions. You didn't have anonymity or the right to not be seen running around outside.
17. Re:A legit use? by Anonymous Coward · 2018-02-16 10:15 · Score: 0
  
  I used it for 3 days, and got rid of it. it did more harm than good. when certain phone/tablet apps stop working, its gone too far. I don't need a career maintaining this POS. I could run some lame web browser adblocker to get that waste of time.
18. Re:A legit use? by Anonymous Coward · 2018-02-16 10:21 · Score: 0
  
  In facist America, cops shoot you.
19. Re:A legit use? by Anonymous Coward · 2018-02-16 10:45 · Score: 0
  
  I set it up and forget it. I update Raspian twice a month and the Pi-hole is set to auto update the lists I use. I have four laptops, three mobile devices, and a smart TV and have not had any trouble. If you were having DNS issues, you can add a secondary DNS passthru on the Pi-hole itself.
20. Re:A legit use? by pr0fessor · 2018-02-16 10:46 · Score: 1
  
  It's true that the police have the burden of proof but if I have indisputable evidence that will make them stop wasting my time then I'm not going to allow them to arrest him make me pay for a lawyer and take it to trial before I present it. I'm just going to say here security camera footage from the time of the robbery showing that he was home and not on the other side of town.
  Someone has something against a manager or the owner where he works and the place has been swatted a couple times and they have given anonymous tips that the workers were involved in various crimes.
21. Re:A legit use? by Anonymous Coward · 2018-02-16 10:46 · Score: 0
  
  If my wife feels the need to monitor me why should I care? Unless I'm doing something to violate her trust. Then I could see why I might have an issue with that. However, at that point I'm a douche bag and should just admit it.
22. Re:A legit use? by b0s0z0ku · 2018-02-16 10:48 · Score: 4, Insightful
  
  Because there's something called RESPECT, that shouldn't require spying on your partner. If your partner doesn't respect you enough to give you your personal space, you shouldn't be with them.
23. Re: A legit use? by Zero__Kelvin · 2018-02-16 10:52 · Score: 1
  
  Don't get me wrong. I'm glad you don't have first hand experience with how many cops are scum. Just because one solves a robbery it doesn't mean they aren't still scum. Some are good people, but very few indeed.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
24. Re:A legit use? by b0s0z0ku · 2018-02-16 11:00 · Score: 1
  
  (1) Can he change jobs -- is working in that particular place so important as to put himself at risk?
  (2) Why are the dumbass cops going after the employees, not the swatter?
25. Re:A legit use? by Anonymous Coward · 2018-02-16 11:38 · Score: 0
  
  Does using software to monitor your children's activity warrant a vigilante destroying a private company's data? The article reads a bit click-baity to me.
  Yes, a thousand times yes.
  Those parents who feel the need to SPY ON THEIR OWN CHILDREN? Fuck them. Fuck them all. Those "parents" are pushing society into a trajectory where it's okay to spy on people, it's okay to have zero trust in your own children, it's okay to take pictures or record audio without people's permission. Fuck those people for trying to bend our future leaders into believing that any part of that is okay.
  Yeah, kids get away with shit. That's what happens. But establishing some modicum of trust with your children is part of successful parenting. Spying on them indicates a failure, but not a failure that the parent is willing to admit to themselves.
  So yes, hack the shit out of those companies, and screw the people who monetarily support them. They are a drag on society and represent what is wrong with the world.
26. Re:A legit use? by pr0fessor · 2018-02-16 11:48 · Score: 1
  
  He could get a job somewhere else for less pay and no one told him about it until after the police showed up to question him and three other co-workers.
  It a non-issue now the police are well aware that the company has filed a lawsuit against them and they will be on their best behavior when dealing with them.
27. Re:A legit use? by b0s0z0ku · 2018-02-16 11:52 · Score: 0
  
  Good. Hope the suit goes forward regardless of their behavior. Be a stupid cop, deserve to get slapped down by the long schlong of the law.
28. Re:A legit use? by b0s0z0ku · 2018-02-16 12:51 · Score: 1
  
  Not only spy on their own kids, but upload their kids' data to a third party. This is either ignorant or evil.
29. Re:A legit use? by Anonymous Coward · 2018-02-16 13:01 · Score: 0
  
  You assume there's no corporal punishment going on nowadays to go along with any mental anguish a bad parent might want to inflict upon their progeny. It might be less publicly excusable, but it's still damn well a thing.
30. Re:A legit use? by Anonymous Coward · 2018-02-16 20:59 · Score: 0
  
  The one time I "needed" them, their response was utterly bungled and useless.
  And then you infer on the entire population from a sample of N=1 elements?
The hero we don't deserve... by XSportSeeker · 2018-02-16 07:55 · Score: 2

...so kudos to him
Fuck you, Getty Images... by DontBeAMoran · 2018-02-16 08:30 · Score: 2

Man, this took much longer than it used to...
Anyway, Obligatory Nelson Muntz.

--
#DeleteFacebook
Vulnerable by Anonymous Coward · 2018-02-16 08:34 · Score: 0

How can the security of a system storing this amount of extremely sensitive private information be so bad? The rackspace API key was just in the device agent app ffs...
Stalkerware by K.+S.+Kyosuke · 2018-02-16 08:41 · Score: 1

Why do I keep reading it as Slackware? And is this a new and emerging opportunity to market Slackware to more people?

--
Ezekiel 23:20
What was the name of that company... by Anonymous Coward · 2018-02-16 08:46 · Score: 0

That sold spyware to sheriffs departments up and down usa who then gave that software to parents up and down usa to spy on their kids? And the software was really really bad!
My kid is too old for this. by Major_Disorder · 2018-02-16 10:40 · Score: 1

She is married and has kids of her own now. (How the hell did I get to be old enough to be a grandfather?) But if I did have younger kids I would totally lojack their phones and computers. I would tell them about it too.
But if anyone out there is thinking about using something like this on their SO, don't. First of all it is a massive breach of trust. Secondly if you feel that you NEED to spy on your SO, then it is already over, just walk away with some dignity.

--
First law of people: People are generally stupid.
Who buys this stuff? by Anonymous Coward · 2018-02-16 12:35 · Score: 2, Interesting

The customers for this company sound like interesting subjects for psychological study. Don't trust their spouses and kids, do trust nameless, faceless strangers who make software to violate people's privacy. If that ever makes sense to me, I'd rather spend the money on therapy.
(As for the hacker, I wonder if "zer0 c00l" here believes that Angelina Jolie will be his girlfriend now?)
1. Re:Who buys this stuff? by b0s0z0ku · 2018-02-16 12:52 · Score: 0
  
  vote parent up, great response :)
Better Yet by Anonymous Coward · 2018-02-16 16:54 · Score: 0

Why dont they share the info of everyone that paid for their services.
twat was that? Microsoft should have been first.. by Anonymous Coward · 2018-02-17 07:28 · Score: 0

Even the best hackers slip :)
CARDS by Anonymous Coward · 2018-02-28 17:07 · Score: 0

Do you know that you can hack any ATM machine !!!
We have specially programmed ATM cards that can be used to hack any ATM machine, this ATM cards can be used to withdraw cash at the ATM or swipe, stores and outlets. We sell this cards to all our customers and interested buyers worldwide, the cards has a daily withdrawal limit of $5000 in ATM and up to $100,000 spending limit in it stores.
order now: via email...braeckmansj@outlook.com