A former college student who allegedly transformed run-of-the mill, jealous, prying lovers into powerful hackers who could spy on their cheating lovers with his $89 Loverspy (originally “Email PI”) malware has made it to the FBI’s list of “most wanted” cybercriminals.
Among the five people added to the list this week is the alleged developer, 33-year-old Carlos Enrique Perez-Melara, former San Diego college student.
The FBI wants to apprehend Perez for his alleged involvement in manufacturing the spyware, which they say was used to intercept private communications of about 1,000 victims.
The FBI says that Perez advertised a way to “catch a cheating lover”, which was done via a boobytrapped electronic greeting card, typically sent from his computer, which acted as an intermediary between customers and victims.
According to his indictment, the card installed a keystroke logger onto victims’ computers.
All of the victims’ computer activities, including all sent and received email, visited websites, and passwords were intercepted, collected and sent to the purchaser directly or through Perez’s computers.
Loverspy also gave the purchaser the ability to remotely control a victim’s computer, including accessing, changing and deleting files, and turning on webcams.
Loverspy periodically sent email messages back to the services’ purchasers containing the intercepted data.
The program, initially called “Email PI”, was renamed “Loverspy” in July/August 2003, the FBI says.
Perez allegedly hosted the website as well as having developed the malware, running the operation from his San Diego apartment in 2003.
Perez, a native of El Salvador who was here on a student visa, was indicted, along with four people who bought Loverspy, in 2005.
The fugitive spyware developer was handed up to the FBI’s most wanted list because he’s been so tough to track down.
Last spotted in El Salvador, for the past eight years he’s eluded charges of creating a surreptitious interception device, (i.e., the Loverspy program); sending the program to victims (concealed in an innocuous-appearing electronic greeting card); advertising the program; advertising the surreptitious use of the program; illegal wiretapping; disclosing illegally intercepted communications; and obtaining unauthorized access to the victim computers.
Each of the 35-count indictment carries a maximum penalty of five years in prison and a maximum fine of $250,000 per count.
According to the indictment, 1,000 customers bought Loverspy, then tried to infect about 2,000 computers.
Victims reportedly took the bait only about half the time.
Those who purchased the spyware were charged with illegally intercepting electronic communications. According to FoxNews, most of those cases have apparently resulted in probation and fines.
As Fox News points out, Perez is noteworthy because out of all the big money-makers on the FBI’s list, some of whom are accused of bilking millions of dollars from businesses and internet users worldwide, he made relatively little off his scheme.
What he did manage to do was to turn average computer users into technologically sophisticated stalkers.
Perez is now facing a maximum of 175 years in prison.
Eight years ago, the indictment said that the law had informed all of the victims of spyware that they’d been electronically stalked.
I hope that they’ve learned not to open fishy e-cards by now, and that they all managed to replace their stalker lovers with much better partners.Follow @NakedSecurity