I spy with my private eye..

Spyware. Image copyright (c) Sophos

Regular visitors to the Sophos website will be familiar with the case of Ruth and Michael Haephrati, the husband-and-wife team who wrote a Trojan horse and then sold it to detective agencies in Israel who used it to help business rivals spy on each other.

The Haephratis were sentenced to prison, and received a fine of almost £250,000, back in 2006.  But little has been heard until now of what punishment the detective agencies (who did the actual spying on behalf of corporate clients) received.

This week it was announced that three members of the Modi’in Ezrahi private investigation firm have been jailed after they were found guilty of using the Haephrati’s Trojan horse to steal commercial information.  A fourth man, the former CEO of the firm, made a plea bargain and escaped with just a fine.

The Haephrai/Modi’in Ezrahi case is rare because it is one of the few cases of industrial espionage using malware to have made its way through the courts.  Most malicious code written today is designed to steal from infected victims, but usually the goal is to pinch system resources, CPU time and bandwidth in order to send spam or to run off with passwords and bank account information. 

But clearly there are also people prepared to garner commercial advantage over their competitors by using such dirty tricks too.  One wonders how many other companies may be using malware to spy on their rivals, and haven’t had their activities brought to the attention of the authorities yet..