The spy who loved me: NASA, spyware, and online romance

Filed Under: Law & order

It used to be the case that single men and women met down the pub, at pottery classes, or at the funfair just behind the dodgems. But today, with more and more people working longer hours, many - if not finding love in the workplace - are turning to internet dating websites for romance.

Such was the case with one young woman who was contacted in November 2006 by a prospective suitor via the Singlesnet.com dating website. The woman - who happened to work for the National Aeronautical and Space Administration (NASA) - was courted for some weeks by the gentleman, who claimed to be from Texas.

On November 21 2006, the man sent an email to the woman's work address, claiming to contain his photograph. So far, so normal. An internet romance appears to be blossoming. Cupid's bow and arrow are about to be sprung into action. Huzzah! But in this case, the email attachment was designed to spy on the recipient's computer and the sender was not a Texan lothario but a 22-year-old cybercriminal from Nigeria.

It took just over two weeks for NASA's IT security team to determine that the woman's computer had been secretly infiltrated by a commercial piece of spyware, which had successfully accessed her email, passwords, social security number, driving license information, home address and taken over 25,000 screenshots of whatever had been displayed on her screen.

Lagos State High Court in Nigeria found Akeem Adejumo guilty last week and sentenced to 18 months in prison for two counts of obtaining goods by false pretenses and forgery. The court heard that Adejumo, who also went by the name "Stephen Williams", attempted to scam hundreds of different women, and had success with several, besides the NASA employee.

The good news is that the damage done to NASA appears to have been limited, but their female employee did have confidential personal information stolen from her computer.

"Fortunately, the victim did not have access to sensitive information," a NASA official told the press. "Some of her work product was taken, [but] it was mostly her personal information."

What this case really underlines is the important role all employees play in securing your business. If your users are not properly protected, and if you don't police what they do on their computer and on the web, then criminals may find it all too easy to sneak through your corporate defences.

NASA and the international computer crime authorities did well to track down Adejumo and bring him to justice. One wonders, however, how many other lonely hearts are scouring the web for love and potentially putting business data at risk.

More information about the case can be found on the DOJ's website and on the SophosLabs blog.

Picture credit: NASA

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.