Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Hacker Has Wiped a Spyware Company's Servers -- Again (vice.com)

Posted by msmash on from the no-mercy dept.

Last year, a vigilante hacker broke into the servers of a company that sells spyware to everyday consumers and wiped their servers, deleting photos captured from monitored devices. A year later, the hacker has done it again. Motherboard: Thursday, the hacker said he started wiping some cloud servers that belong to Retina-X Studios, a Florida-based company that sells spyware products targeted at parents and employers, but that are also used by people to spy on their partners without their consent. Retina-X was one of two companies that were breached last year in a series of hacks that exposed the fact that many otherwise ordinary people surreptitiously install spyware on their partners' and children's phones in order to spy on them. This software has been called "stalkerware" by some.

37 of 64 comments (clear)

  1. I cannot say I feel bad for these companies by Anonymous Coward · · Score: 5, Insightful

    That a company like these should even exist is not really open to debate. It's one thing for warranted police to do this; it's quite another for the average man on the street to have this capability. As a 20-year systems administrator with loads of ability to see everything on the network, I never am tempted to do so. Unless and until HR asks me to engage in such an activity, I will never do it. People have a right to their privacy. Even here at work, I never go looking through user histories, etc. Let them do what they will short of breaking the law.

    1. Re:I cannot say I feel bad for these companies by HiThere · · Score: 2

      I'm not really sure I approve of the police doing this any more than a random citizen. At the very least it should require approval by three separate courts and a public notice (which the target, of course, anonimized). And public notice doesn't mean a posting in some inaccessible place, but listing on a web page, something like:
      2018/02/18 15:27 warrant approved until 2018/02/25 15:30 to (stalk?..need better description) (some explicit description of what is to be surveilled).
      The explicit description of the target should probably by a value generated by a hash function of the IP address.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    2. Re:I cannot say I feel bad for these companies by Mnemennth · · Score: 1

      -- I think we've pushed this "anyone can grow up to be president" thing too far.

      I think this was quite the more thought-provoking part of your post. ;) mnem Thanks for that! :D

    3. Re:I cannot say I feel bad for these companies by Anonymous Coward · · Score: 1

      Privacy for all, or privacy for none.

      Allowing specific exceptions for anyone opens holes that can not be closed.

      You seem to be under the mistaken impression that police don't lie to get warrants, but they do:

      And you also seem to believe that police are trustworthy, unfortunately, they're not: https://www.denverpost.com/2016/09/28/across-us-police-officers-abuse-confidential-databases/

    4. Re:I cannot say I feel bad for these companies by Actually,+I+do+RTFA · · Score: 1

      So a public notice that I'm being wiretapped? That doesn't sound... counterproductive.... at all. And multiple courts would arrive at difference decisions because??

      --
      Your ad here. Ask me how!
    5. Re:I cannot say I feel bad for these companies by jellomizer · · Score: 1

      I disagree this can be up to debate.
      There are Black Hat Spyware companies: Which are meant to go onto anyone's PC and all the data is just used for the company. (Clicking a link in an forged email...)
      This company is in a Gray Zone. Using such tools to monitor your kids computing habits isn't necessary bad (As your children have limited rights, which are often overrides by their patients). Then the issue if you have a Work Issued computer, for Work use, while not good HR Policy, it is their equipment to be used how they see fit, even it it means monitoring what you do on that device. However there is a lot of sliding scale arguments where it could get dark rather quickly.

      While I agree a Company shouldn't be monitoring people private activity. However the employee is using the employers property and rules limited on what they can and can't do on their computers, is just as scary as them spying on my own use.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    6. Re:I cannot say I feel bad for these companies by HiThere · · Score: 1

      The advantage is it makes it a bit harder to just go to one judge who always rubberstamps everything "ok". It's not a great improvement, but it's a bit of one. I just couldn't think of anything that would really mean they had to actually show cause.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    7. Re:I cannot say I feel bad for these companies by HiThere · · Score: 1

      Did you notice that the identification of who was being wiretapped was hash coded? You can't easily tell who the target it, but it can be easily validated that the target was the one specified.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    8. Re: I cannot say I feel bad for these companies by jasko2007 · · Score: 1

      That's right! Fuck the privacy!! I don't have nothing to hide. I ll give Facebook Twitter access to anyone who wants to see it. They all talk about privacy, cowards who conceal something. what are you hiding?

    9. Re: I cannot say I feel bad for these companies by Brockmire · · Score: 1

      Fuck you, you are fucking dumb and evil.

  2. Hopefully that spyware company in Redmond by Anonymous Coward · · Score: 2, Funny

    but we are not that lucky.

  3. The hero we don't deserve... by XSportSeeker · · Score: 2

    ...so kudos to him

  4. Re:A legit use? by Calydor · · Score: 2

    Does using software to monitor your ex-girlfriend's activity warrant a vigilante destroying the data you uploaded to a private company?

    --
    -=This sig has nothing to do with my comment. Move along now=-
  5. Re:A legit use? by chispito · · Score: 1

    Does using software to monitor your children's activity warrant a vigilante destroying a private company's data? The article reads a bit click-baity to me.

    For that matter, maybe the parents told their kids they put the software on their devices.

    --
    The Daddy casts sleep on the Baby. The Baby resists!
  6. Re:A legit use? by cascadingstylesheet · · Score: 1

    Does using software to monitor your children's activity warrant a vigilante destroying a private company's data? The article reads a bit click-baity to me.

    For that matter, maybe the parents told their kids they put the software on their devices.

    Precisely. "Monitoring your own kids' behavior" is neither evil nor criminal.

  7. Re:A legit use? by Anonymous Coward · · Score: 2, Informative

    I run a Raspberry Pi running Pi-hole for my kids. I don't whitelist them, I blacklist the things I don't want them to see or use. With age comes more availability. In addition to blocking ads, beacons, and tracking evil at the DNS level, the Pi-hole allows you to truly see what happens at the DNS level on your personal network. It's pretty eye opening to see what's phoning "home". I never knew my Netgear router needed to phone Disney due to the child protection element built in (now nixed). It's alarming to see how much chatter Windows machines engage in with the mothership (again, nixed). You may not can turn off all of the Windows telemetry, but you can nix the DNS calls to the telemetry servers easily.

  8. Re:Big fucking deal by K.+S.+Kyosuke · · Score: 1

    They should have put spyware in the spyware.

    --
    Ezekiel 23:20
  9. Fuck you, Getty Images... by DontBeAMoran · · Score: 2

    Man, this took much longer than it used to...

    Anyway, Obligatory Nelson Muntz.

    --
    #DeleteFacebook
  10. Re:A legit use? by b0s0z0ku · · Score: 5, Insightful

    yes, kids should have freedom to run around and not be stalked by their parents. same as we did in the 90s. fuck this company, hope the hacker did some real and permanent damage. it's called trust.

  11. Re:A legit use? by pr0fessor · · Score: 1, Informative

    I told my kids I could track the gps on their phones to make sure they were where they said they would be. I had to ask the older kids to take a picture that proved where they where and send it but my oldest son was before smart phones so I actually I had to drive by and make sure he was there. My parents relied on the fact that we lived in a small town and I couldn't do anything without someone telling my mom before I got home.

    I have exterior security cameras because although it's a nice neighborhood we get break ins around the holidays when people are on vacation.

    My youngest son was questioned by the police recently about a robbery and I was able to prove on my security cameras he was home during the time.

  12. Re:A legit use? by b0s0z0ku · · Score: 1

    what about monitoring a spouse or partner without their consent -- or even pressuring them to consent? nah. fuck this software. hope the entity that created it so be bankrupt next year.

  13. Stalkerware by K.+S.+Kyosuke · · Score: 1

    Why do I keep reading it as Slackware? And is this a new and emerging opportunity to market Slackware to more people?

    --
    Ezekiel 23:20
  14. Re:A legit use? by b0s0z0ku · · Score: 1

    the burden of proof is on the cop scum, not you or your kids to prove innocence.

  15. Re:A legit use? by jellomizer · · Score: 1

    This type of software falls well into a gray area. They will market people who are interested in spying on others. So while there are legit good uses for it, it is easily open for abuse.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  16. Re:A legit use? by MaryannG · · Score: 2, Insightful

    "cop scum"? You sure that's the term you want to use? If so, does your answer change if they're investigating a robbery that YOU were the victim in? And before you answer, understand there is a difference between "investigating" and "charging". Further, while the OP may or may not have intended to use the word, "robbery" involves the use of violence or threat of violence...which is different than "theft". If it was you who'd had a gun stuck into your face and relieved of your wallet, I'm confident you'd likely prefer the "cop scum" to investigate possible perpetrators. Choosing your words wisely is one of the hallmarks of maturity.

    --
    Social Media Handywoman at Texas Boys Balloo
  17. Re:A legit use? by The+Grim+Reefer · · Score: 2

    yes, kids should have freedom to run around and not be stalked by their parents. same as we did in the 90s. fuck this company, hope the hacker did some real and permanent damage. it's called trust.

    I grew up a few decades before you and was thinking the same thing. But one thing that you and kids today don't have to keep them in line is the fear that we had. Don't get me wrong, I did plenty of stupid shit when I was a kid. But we had corporal punishment at school back then. Which sucked and hurt a bit. But we also knew it was nothing compared to what we would get when we got home. It was the same if we got caught by the police or a neighbor turned us in to our parents. I think by the 90's it's unlikely that you had to worry about being ratted out by your neighbors. Either way, we had to think about whether or not what we were doing was worth the ass whooping we would get for getting caught. It was pretty clear to me that as a child I had absolutely no rights.

    I'm not sure how I feel about this app being able to track kids. I seriously doubt it's legal to use this on an adult without their consent. It probably violates several wire tapping laws. However, they don't really exist for children. I can certainly see how some parents may want to use this. One things for sure, you're pretty much guaranteed that kids today will have their phone on them if nothing else.

  18. Re:A legit use? by MaryannG · · Score: 1

    "there's nothing that obligates me to like or respect most cops." "Most"? Really? Not all? Because labeling them as "cop scum" comes with no qualifiers or disclaimers. I'll guess since you walked your comment back even that much, you may have discerned the issue in your first comment. Investigating isn't "scum" action. I expect that if YOU were wrongly suggested to be a possible suspect in a robbery that you'd appreciate the police to do a competent and thorough investigation of you (assuming you DIDN'T do the crime) as opposed to hauling you in and beating a "voluntary" confession out of you, right? If you had video evidence that allowed them to cross your name off a list in under a minute, I'll go ahead and suggest that practicality will tell your attitude to shut up and sit down until after the nice officer has gone away satisfied you're not the droid they're looking for. Seriously, nobody likes the police...until they need them. You, possibly, have been blessed with an existence that, so far, hasn't informed your opinion better in a moment of actual need. And if that's the case, good for you. But in a civil society with rules, there are those who are needed to enforce those rules and bring to justice those who break them. That is the implied covenant we all agree to in order to live in a civilized society...whether you consciously agree or not.

    --
    Social Media Handywoman at Texas Boys Balloo
  19. Re:A legit use? by b0s0z0ku · · Score: 1

    I'm pretty sure I wouldn't like the police even after I needed them. The one time I "needed" them, their response was utterly bungled and useless.

  20. Re:A legit use? by Anonymous Coward · · Score: 1

    Bullshit. The whole community watched you, and held you accountable for your actions. You didn't have anonymity or the right to not be seen running around outside.

  21. My kid is too old for this. by Major_Disorder · · Score: 1

    She is married and has kids of her own now. (How the hell did I get to be old enough to be a grandfather?) But if I did have younger kids I would totally lojack their phones and computers. I would tell them about it too.
    But if anyone out there is thinking about using something like this on their SO, don't. First of all it is a massive breach of trust. Secondly if you feel that you NEED to spy on your SO, then it is already over, just walk away with some dignity.

    --
    First law of people: People are generally stupid.
  22. Re:A legit use? by pr0fessor · · Score: 1

    It's true that the police have the burden of proof but if I have indisputable evidence that will make them stop wasting my time then I'm not going to allow them to arrest him make me pay for a lawyer and take it to trial before I present it. I'm just going to say here security camera footage from the time of the robbery showing that he was home and not on the other side of town.

    Someone has something against a manager or the owner where he works and the place has been swatted a couple times and they have given anonymous tips that the workers were involved in various crimes.

  23. Re:A legit use? by b0s0z0ku · · Score: 4, Insightful

    Because there's something called RESPECT, that shouldn't require spying on your partner. If your partner doesn't respect you enough to give you your personal space, you shouldn't be with them.

  24. Re: A legit use? by Zero__Kelvin · · Score: 1

    Don't get me wrong. I'm glad you don't have first hand experience with how many cops are scum. Just because one solves a robbery it doesn't mean they aren't still scum. Some are good people, but very few indeed.

    --
    Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  25. Re:A legit use? by b0s0z0ku · · Score: 1

    (1) Can he change jobs -- is working in that particular place so important as to put himself at risk?
    (2) Why are the dumbass cops going after the employees, not the swatter?

  26. Re:A legit use? by pr0fessor · · Score: 1

    He could get a job somewhere else for less pay and no one told him about it until after the police showed up to question him and three other co-workers.

    It a non-issue now the police are well aware that the company has filed a lawsuit against them and they will be on their best behavior when dealing with them.

  27. Who buys this stuff? by Anonymous Coward · · Score: 2, Interesting

    The customers for this company sound like interesting subjects for psychological study. Don't trust their spouses and kids, do trust nameless, faceless strangers who make software to violate people's privacy. If that ever makes sense to me, I'd rather spend the money on therapy.

    (As for the hacker, I wonder if "zer0 c00l" here believes that Angelina Jolie will be his girlfriend now?)

  28. Re:A legit use? by b0s0z0ku · · Score: 1

    Not only spy on their own kids, but upload their kids' data to a third party. This is either ignorant or evil.