Spyware app StealthGenie’s CEO fined $500K, forfeits source code

StealthGenie CEO fined $500K for selling spyware, forfeits source code

Sad StealthgenieIn the US, it’s a federal crime to sell spyware.

To adhere to the legal side of the line, monitoring apps have to be marketed at employers who want to keep an eye on their workers, or guardians who want to watch over their kids.

But one company, StealthGenie, made no bones about its target audience being jealous people.

So on Tuesday, we saw the first-ever criminal conviction concerning the advertisement and sale of a mobile device spyware app.

The Department of Justice announced that the creator of StealthGenie, 31-year-old Danish citizen Hammad Akbar, had pleaded guilty to advertising and selling StealthGenie.

After accepting the guilty plea, the court immediately sentenced Akbar to time served – he was arrested in September – and ordered him to pay a $500,000 fine.

He was also ordered to turn over the source code for StealthGenie to the government.

Akbar was indicted in the US state of Virginia in October on federal wiretapping charges of creating and distributing a known interception device.

StealthGenie had been used to intercept email, images, video, phone calls, texts and other communications on mobile phones, and to turn a mobile device into a bug that can pick up sound in a 15-foot (4.5m) radius around a target, while being undetectable by the average user.

According to court documents, StealthGenie said right upfront in its business plan that partner-stalkers were its target market, or in spyware-speak the “spousal cheat” market:

This business plan ... stated that the first target population for the marketing of the app was "[s]pousal cheat: Husband/​Wife of boyfriend/​girlfriend suspecting their other half of cheating or any other suspicious behaviour or if they just want to monitor them."

This so-called “spousal cheat” market would constitute 65% of buyers, according to that business plan:

According to our market research[,] the majority chunk of the sales will come from people suspecting their partners to be cheating on them or just wanting to keep an eye on then [sic].

But as advocates for the victims of domestic violence will tell you, stalkers and abusers often use these type of apps to track their victims.

Prosecuting users of spyware isn’t unheard of. In October, a California woman was charged with planting spyware on the phone of a police officer who was also her ex-husband.

But prosecuting one of the makers of such spyware is new.

At the time Akbar was indicted, Hanni Fakhoury, staff attorney for the Electronic Frontier Foundation, told Wired that it’s not enough to hold spyware users accountable:

The government is trying to say it’s not enough that the users are responsible, but that the maker is an enabler of this privacy invasion and are potentially liable.

Following Akbar’s sentencing, US Attorney Dana J. Boente of the Eastern District of Virginia confirmed that law enforcement has no plans to shy away from prosecuting spyware makers:

The product allowed for the wholesale invasion of privacy by other individuals, and this office in coordination with our law enforcement partners will prosecute not just users of apps like this, but the makers and marketers of such tools as well.

So how do you know if there’s spyware on your phone? Here are some answers to a couple of commonly asked questions:

Can spyware such as StealthGenie be installed without physical access to the phone?

Not usually. Stalkers need access to the phone, if just for a few minutes, to install spying apps like StealthGenie or mSpy.

As far as security software goes, these apps often get classified as “Potentially Unwanted Apps” (PUAs) rather than as malware, given that, typically, they’re manually installed, and somebody’s agreed to their terms.

“Somebody” doesn’t mean the phone’s owner/user, mind you. A stalker or abuser can check the box to say “yes, please snoop on this phone” for you.

And again, these apps can be legally used for parental tracking of children, employee monitoring (preferably with informed consent), or tracking down a lost or stolen phone.

All of that means that spyware apps often can’t really be defined as malware, regardless of how dangerous they can be in the wrong hands or how easy it is to use the apps for illegal purposes.

How can I detect if somebody’s installed spyware on my phone?

Unfortunately, it can be hard to do. Increased battery drain, storage or data usage might indicate something’s up, but how many of us average people have the time, or the know-how, to check such things?

Best advice? Don’t let anyone near your gadget. If only you have access to it, then only you know what apps you have on it.