http://apnews.excite.com/article/200...D8C8PET80.html
Imagine that...
Printable View
http://apnews.excite.com/article/200...D8C8PET80.html
Imagine that...
Hi Juridian,
OOPs! Sorry, thought this was another katja thread :D
Seriously though...
I concur...imagine that!Quote:
"It was marketed as a way to catch a cheating lover," said Assistant U.S. Attorney Mitch Dembin.
Four people who bought the program, sold online for $89, were indicted on two counts each of illegal computer hacking. Each count carries a maximum penalty of up to five years in prison and a maximum fine of $250,000. Authorities said others were charged in Texas, Hawaii, North Carolina and Missouri.
Dembin said as many as 1,000 copies of Loverspy may have been sold worldwide.
Perez-Melara could face up to 175 years in prison if convicted.
Eg ;)
Unfortunately the little toad is still free :(
http://www.signonsandiego.com/news/m...26spyware.html
Apparently the Feds shut him down almost two years ago, and he has now done a disappearing act.
:)
I wonder. Is it really illegal to write a keylogger and sell it as such, or is it just illegal to use such tools? Would this product have been legal if he had marketted it another way, e.g. as a tool for employers to keep an eye on their employees during office hours, making sure employees aren't browsing porn or whatever?
Of course, he could be severely punished but do not forget that he must be convicted first. And to do that, it must probably be made clear to 12 people that making such a tool is illegal according to the constitution. His lawyer should probably use as defence the right of free speech, meaning that writing such a tool is legal. Using it for what it was used for was not, but he didn't use it that way. He just sold it to others who used it that way...
A good part of the legality has to do with the implementation and the intent. This thing is installing itself when they open up an email and allowing un authorized surveillance on company networks and other people's personal computers.
I don't beleave that a single one of you has actually been reading this very carefully.
I mean if you read the articles they say that everything was centralized around their network. Pay-per-view notification? From the sounds of things they where also hosting this assortment of "greeting-cards" which users where later linked to.
Depending on the locale, using 'spyware' *is* legal to do against your employees...providing they have been properly notified (again, varies by country/state/city law).
I'd say his lawyers probably have a better idea of how to defend this than anyone here (do we have any JP's here at AO? I don't recall anyone ever admitting it...) Free Speech is a tricky subject; for example, is Free Speech ok when it is used to incite violence? I'm not saying yes or no...just giving up some food for thought.
Of course the whole thing would be around some centralized server. I didn't expect anything else anyway. But the problem is if you can hold the person responsible for offering such a system. Compare it with e.g. the people behind Napster. Is Napster guilty because it allows it's users to share illegal music downloads?
If so, you could wonder how far you can actually go with these things. Say, for example, people are using Yahoo or MSN Messenger to trade illegal software or music with each other. Less efficient than a P2P network but it can happen. Or worse, assume they're exchanging childporn with each other! Would Yahoo or Microsoft be guilty because they provide the tools for doing this?
Let's go even further. AO is a site where people can exchange very technical information. Some of the information could be used by others to commit computer-related crimes. Could AO be held responsible if one member here provides information that would be illegal to spread around?
A good example of that last situation is PGP. It's an encryption algorithm and in the past it was forbidden to export the sourcecode in electronic form to people outside the USA. (So it was printed, shipped on paper to outside the USA which is perfectly legal and on the other side someone would just scan the pages back in, OCR them, correct some spelling and they had the code there too.) If someone would post this sourcecode on this forum, the forum owners might be in big trouble because they can be held responsible.
So how far is the law allowed to go in an attempt to stop these illegal actions? Can someone be punished simply for providing the tools to some other person so this person can use it for criminal actions?
Would the owner of a gun shop be responsible if a customer bought a gun at his place and then uses it to shoot a dozen people at the local post office? Even if the shop owner followed the letters of the law exactly?
This guy offered a service that could have been used in legal ways too. It wasn't very likely that it would be used for legal means but he can use that as his defense. (I'm playing the Devil's advocate here. Personally I think he should rot away in prison but this does mean that the laws must allow this in some way.)
Whether his software had any legitamate merit is debateable. The fact is it was designed and marketed for one purpose. The invasion of an unsuspecting persons privacy. It was disgned specificaly to install without disclosure and hidden as an eCard. I suspect the only reason it worked useing the method it used was ease of use for the clients who brought it. After all with a little knowledge you would not nead to spend $. One of the freely available trojans (sub7/backorifice) would do the same job.Quote:
This guy offered a service that could have been used in legal ways too.
I do agree that he marketted it in a way that promotes illegal use of his product. It's similar to a gun shop displaying an instruction video of how to use the gun to rob people. You could -in fact- argue that guns are also sold for illegal purposes. People are actually training themselves by shooting at targets with the outline of a human being. So these people are training themselves to shoot someone. For whatever purpose? Well, most will claim for self-defence but if you consider the popularity of a gun as a weapon for criminal activities, you should also wonder about that.
But okay, this software would probably be used more easily for illegal activities than a gun.
But now you mention it... What happened to the people who created sub7/backorifice? Have they been arrested too? Are they too punished for creating such a tool? The fact that they are giving it away for free doesn't mean they are not responsible for how it is used? Right?
Who is really guilty anyway? The person who creates a tool and offers it's services or the person who uses the tool to commit the crime? This is a real gray area and I pity the jury that has to decide about this...
WRONG!Quote:
But now you mention it... What happened to the people who created sub7/backorifice? Have they been arrested too? Are they too punished for creating such a tool? The fact that they are giving it away for free doesn't mean they are not responsible for how it is used? Right?
There is a big difference between supplying something free/proof of concept etc. and selling it for $89, with a clear incitement to use it illegally. Particularly as it was largely advertised through spam e-mail. On top of that, this guy provided a service to facilitate illegal surveillance. After all you can get sub7/backorifice easily enough but you still have the problem of getting it on the target machine.
:p
Are you sure about that? Then what if the creator of this tool tells that he offered the espionage service as a legal service to whomever was interested (with a legal version of his spyware that would announce itself when installed) and then spreads around a free trojan application that uses the same service but then through some illegal means?
The service he offered was a centralised system that would receive the information generated by the spyware. You could argue if that is illegal or not, since the same information could also been generated by a legal version of his spy-tool. (Besides, his spy-tool would still be legal if people installed it on their own computers, instead of that of a friend, wife or fiancee... I don't think you can get convicted of hacking your own system.)
Thing is, could his system see the difference between a legal surveillance and an illegal surveillance? All it was built for was to do surveillance. And that isn't illegal, per definition...
It just depends on how well his lawyers will do in court. If he uses the same ones as M. Jacjson and O.J. then he has a good chance of ending up an innocent man. The prosecutor must have a lot to prove in this case, including the malicious intent behind it all.
Sure, they got him. Now they must get him convicted. (Oh, wait... They don't even have him since he managed to get away before he got arrested...)
Katja,
You are studying to be a software engineer, yes?...................................You must have, atleast touched on the ethics of software design. I have and i'm not studying at the same level you are. I'm to lazy to look it up for you, but there is a well difined flow chart that I have seen. It allows you easily to see software design principles and out comes of those designs. It then draws conclusions based on the required results of the software. These results are either ethical, unethical, ethical engineer not at fault, unethical engineer not at fault, unethical engineer at fault etc.
This guys aims in design are clearly unethical, couple that with the other factors like invasion of privacy, theft of bandwidth and the compromising of personnal information.
Bah, I cant be bothered
Hey jinxy
This guy has been indicted along with a variety of customers. The FBI have been working 2 years on this, since they closed him down. They must have them dead to rights?
Now there is other software you can get that will do this sort of thing, but you have to clearly state this to anyone who uses the machine (in theory). AND you have to install it.
The surreptitious way in which this was installed and managed makes it almost 100% certain for a conviction.
If they can catch them :(
What if... What if frogs had wings? What if donkeys talked? What if you sold this system intended specifically for systems administration (cough*DameWare*cough...yes, not a great analogy, but the point is valid). We can 'what if' this all day. The point is not what COULD he have done...it's WHAT HE DID.Quote:
Really? Is it illegal for me to install applications like this on the computers in my house, that my wife or kids use? Aren't they MINE? Or because they use them, I can't have any say in what happens with or to them...even though I made the money that purchased them. I even made the decision and took the action TO purchase them.Quote:
[b]Besides, his spy-tool would still be legal if people installed it on their own computers, instead of that of a friend, wife or fiancee.
Ok, that's enough; you have to qualify your statements more accurately. By WHOSE definition? Hacking isn't illegal, by definition... Selling surveillance mechanisms isn't illegal, by definition... Prostitution isn't illegal, by definition... OH, you mean as define by your jurisdiction? What about *his* jurisdiction? Or by the Oxford Engligh Dictionary, for that matter?Quote:
Thing is, could his system see the difference between a legal surveillance and an illegal surveillance? All it was built for was to do surveillance. And that isn't illegal, per definition...
Ok, before you say another thing, go study the wiretapping laws, the computer crime laws, the privacy laws, and have a nice big cup of reality check...oh, and make sure they are the US laws, as those are the ones that apply in this case. The advertisement for this program indicated its intent was to allow one to spy on the activities of another person without their consent. Not a lot to prove there. Since it was a business, and he was obviously selling the software (most likely the transactions all took place online) and collecting fee's, there is probably a HUGE evidence trail, if one knows where to look.Quote:
It just depends on how well his lawyers will do in court. If he uses the same ones as M. Jacjson and O.J. then he has a good chance of ending up an innocent man. The prosecutor must have a lot to prove in this case, including the malicious intent behind it all.
Using OJ and Jacko as a comparison is weak. Those crimes had a huge amount ofoutside influence and inflamatory factors; prejudice police officers tampering with the scene/evidence, a plaintiff whose family has a history of filing law suits for financial gain, conflicting and changing testimony... No, that's a ridiculous analogy. Both of those cases suffered from media-whore attention, celebrity influence, and greed. As Juridian said, this is all about INTENT. Whether Perez-Melara knew that his intent was illegal or not is, to be honest, of no interest to me. He very well could get off with that argument, truthful or not. But his intent was to make financial gain by selling software that allows the owner to spy on other peoples computer activities, without their consent (as defined by the word "spy").
The invasion of an unsuspecting persons privacy.
this is all about INTENT.
financial gain by selling software that allows the owner to spy on other peoples computer activities
and selling it for $89, with a clear incitement to use it illegally. Yada yada yada...
Ummm no and agian, I have a feeling its all about how he used his network for notification and the like... and if I have things correct he also went as far as hosting a number of these "e-cards". Where as other malware are a bit more DIY.
Hey guys, don't get me wrong but I too think this guys should be kicked into jail with the key mysteriously disappearing. Yet with these kinds of computer crimes there are so many ways that it can go wrong and thus the criminal might get away from it all with barely no negative effects for him. In my opinion it takes a lot of trouble to catch these guys and whenever they're caught, two other people will take over what he did.
Yes, I believe there was an intent from this guy to commit these criminal acts. But the toughest job is to get the proof to show beyond any reasonable doubt that he is guilty. Will the prosecutor manage to do this? I wonder.
It depends on the evidence the prosecutor managed to get about this case. He will have to prove criminal intent behind this all.
I've heard about several other computer crimes in the past where the police just blew the case simply because they made all kinds of mistakes during investigations. The problems with these kinds of crimes is that they tend to leave a minimum of physical evidence...
And they still have to catch him first...
Hey Spesh~ the Feds don't take that long to build a case unless they are playing for a full house? ;)Quote:
Ummm no and agian, I have a feeling its all about how he used his network for notification and the like... and if I have things correct he also went as far as hosting a number of these "e-cards". Where as other malware are a bit more DIY.
Sure, the "after sales support" is pretty damning, but I think that the authorities are trying to establish some judicial precedents here?
Yeah, I heard that he stole someone else's software and modded it for his "product" :rolleyes:
The Grokster Dreamcast case would seem to me to set a precident as far as intent goes..............................The Judges seemed to me to imply, no matter what your software does, as long as it has some none illegal uses and as long as it is not marketted for illegal use, it aint your fault if it is put to illegal use.
This case may well be about p2p but it must have ramifications for all software development.
<hushed voice-over>Todays password is precedent</voice-over>
LOl Zen,
You didn't close the bold tag mate and yes I am some what English challenged.
The problem was not that he created the tool. the problem was the the creator himself, was using it illegally. He was recieving the information from the trojan that was installed w/o the victims consent or knowledge, and was obviously completely aware of that (intent). Think of it this way, it is NOT illegal to manufacture wiretappers and spy gizmo's and then sell them (or give them away) with a disclaimer discouraging illegal use. It is illegal to manufacture the same items, tap someones phone then sell the tapes to some *******.
Of course it is, and thats the way it shoud be. Thats what courts and lawyers, and chains of evidence and investigations are for. I'd rather let a thousand guilty men go free then convict an innocent one. That innocent one could be me or you.Quote:
But the toughest job is to get the proof to show beyond any reasonable doubt that he is guilty.
-Maestr0
Ah! There we have it. We shouldn't convict him for creating this tool. He should be convicted for using it illegally. That does make things very different, though. If he has used the tool himself, to spy upon some unwilling victim, then yes... He'd have to end up in the same prison as all those people who bought it and used his tool in illegal ways too.
Still, an interesting point here. Say, you're making binoculars. Do you have to add a disclaimer to them that you're not allowed to use them to look into the bedroom of the woman next-door?
And of course other points of discussions are possible. Say you hide a small camera in your house to spy upon the babysitter while she's babysitting your child. Would the use of that be legal? And what if you hide one camera in the toilet, one in the bathroom and a few more at other places to have all her actions covered. Would that still be legal? Or would you commit a crime because the camera in the bedroom and bathroom are invading her privacy or whatever?
Making it worse, assume you have a camera in your bathroom to keep an eye on what's happening there when the babysitter is putting your child into path. And on this camera you see the babysitter undress (not in front of your child) to wash some puke off her since the baby puked over her.
Or when the camera sees the babysitter getting naked in bath with your child doing some "weird things" with the child...
I feel that all these espionage gadgets are in some grey area and the rules aren't very clear about this for most people. Would you be allowed, for example, to record a phone conversation without notifying the person on the other side about the conversation being recorded? Modern phones are getting more and more gadgets these days so I won't be suprised about phones with recording options. But are they legal, if you don't warn the other person about the message being recorded?
I've heard about two police officers who were questioning some dumb suspect. They put him in a room with a Xerox machine and told him it was a lie detector. They then connected some wires to the suspect and started questioning him. And after every answer one of the police officers would press on the "copy" button and the machine would spit out a piece of paper. Whenever that happened, they told the suspect that he was lying. And the suspect believed this and gave a full confession of his crimes.
The court released him simply because the police officers had used an illegal way to question him... The suspect had confessed and was free to go. Worse, the double jeopardy rules made it impossible for him to be arrested for the same crimes again. In the end, the suspect was laughing the hardest... :(
That is very true, the dipsh1t couldn't create a paper bloody bag. If you had fully read other people's posts you would see that he took someone else's software and had it modified to suit his nefarious purposes. That IS a crime. Just like modifying a weapon to fire full automatic, or sawing shotgun barrels off.................you have now created something illegal.Quote:
We shouldn't convict him for creating this tool
As you said:
That is exactly my point!...................binoculars are innocent per se, only their usage might be illegal. What we are talking about here is MODIFIED SOFTWARE which is more like the illegal firearms scenario?Quote:
Say, you're making binoculars. Do you have to add a disclaimer to them that you're not allowed to use them to look into the bedroom of the woman next-door?
;)
Nooooooooooooooooooow,Quote:
Still, an interesting point here. Say, you're making binoculars. Do you have to add a disclaimer to them that you're not allowed to use them to look into the bedroom of the woman next-door?
But if you sell them as. The ultimate look here, you will see sectrets, naked people and all things you should not see, maybe you are breaking the law.
This is done to death................Thread closed????????????
Quote:
Originally posted here by zencoder
Depending on the locale, using 'spyware' *is* legal to do against your employees...providing they have been properly notified (again, varies by country/state/city law).
I'd say his lawyers probably have a better idea of how to defend this than anyone here (do we have any JP's here at AO? I don't recall anyone ever admitting it...) Free Speech is a tricky subject; for example, is Free Speech ok when it is used to incite violence? I'm not saying yes or no...just giving up some food for thought.
Actually, I have been trained in corporate/business law and computer security (Doesn't make me an expert...but does at least give me half a clue). And this guy isn't doing it to his own employees....he's giving people software to spy on their spouses on other people's computers (the boyfriends, the companies, the schools, etc).
Actually his users did that.Quote:
Actually, I have been trained in corporate/business law and computer security (Doesn't make me an expert...but does at least give me half a clue). And this guy isn't doing it to his own employees....he's giving people software to spy on their spouses on other people's computers (the boyfriends, the companies, the schools, etc).
Thing is most sites that actually do these flash greeting things will actually e-mail the link to it to other people for you... in that case he did.
But he is using computers operated by him to transmit illegally obtained information.Quote:
he's giving people software to spy on their spouses on other people's computers (the boyfriends, the companies, the schools, etc).
Quote:
The Loverspy program, disguised as an electronic greeting card showing images of puppies and flowers, was sent as an e-mail. When it was executed, it would begin recording victims' e-mail messages and the Web sites they visited, prosecutors said. The information would be transmitted to computers operated by Perez-Melara and relayed to customers, authorities said.
And that is the point TheSpecialist has been making, I believe. He was part of the chain of transmittal of illegally collected data.Quote:
Originally posted here by devpon
But he is using computers operated by him to transmit illegally obtained information.
Ahh, I think I see what the issue with our viewpoints is.
Yes, his clients were the ones who were the agents propagating his software. But by selling this software for these explicit reasons, that also gives him liability. If I create a trojan and stick it on my website for anyone to download with the explicit knowledge it is a trojan and is for research purposes only.....that is one thing. If I SELL YOU the trojan for the explicit purpose of using it as such....that is an entirely different thing. This isn't the same as selling guns, unless your add says 'Our brand of gun is the best for robbing liquor stores and shooting unfaithful spouses'. Gun stores generally don't sell you guns when you tell them you want to use them to rob and shoot people.
I doubt that the majority of the people he sold software to even knew that the intended activities were illegal.
By having the software pushing the data to his own servers he was adding more rope to hang himself with.
Kind of funny tho, slap a price tag on it and you get paid for your social engineering and hacking in a pseudo legit fashion. *sighs*
And agian for about the third or fourth time in a row... I seriously doubt thats it.Quote:
But by selling this software for these explicit reasons, that also gives him liability. If I create a trojan and stick it on my website for anyone to download with the explicit knowledge it is a trojan and is for research purposes only.....that is one thing. If I SELL YOU the trojan for the explicit purpose of using it as such....that is an entirely different thing.
So, (my last remark about this topic and then it can die) what if I put a trojan on my webpage and sell it for research purposes only? I would be making a profit of this tool, yet I offer it for research purposes only.
Say that I write the code for a very fast-spreading trojan that is able to abuse an exploit that hasn't been fixed yet. If that thing would be released in the wild, it would infect lots and lots of systems. If I would then offer the sourcecode of this virus for sale to anyone who wants to research this new exploit, would I still commit a crime or am I allowed to do this because it's meant for research purposes only? What if someone buys this research code and then uses it to generate a virus that's starts running in the wild, bringing down millions of computers and causing billions of dollars of damages in lost data...
Would I be responsible for that or the person who released the virus?
Or better. I discover a way to exploit Windows and publish this information. People will have to pay to see this information. Someone pays and then uses my information to make an exploit which is then used. My fault? Or not?
Erm, I think you are confusing a trojan with a worm. And if you offer up the code on your website in it's entirety and it is released in the wild, you damn well better have proof that it wasn't you because law enforcement is probably going to pay a visit. Your liability in the matter after that is up to the courts to decide.
Beast's source and plugins where sold, the author also claimed that for the right price you'd get new functionality to an undetectable variant. Netdevil or whatever the name is... a version of that was sold as a commercial product. BO plugins have been sold.
Gaobot and SDbot had a GPL for **** sakes...
GT(-ish) bots basicly consist of nothing more than commercial software, scripts to make the program do what you want, and a few registry entries for startup and to register the program... the only thing really considered to be malware is the wrapper that compresses/drops all this ****. They are often commercial software also.
Uh yeah so an auto-rooting feature would classify almost every bot out there a worm.Quote:
Erm, I think you are confusing a trojan with a worm.
Pffft... STFU.
I am sure that Juridian is honoured by your condescension to let his thread die, I just know that I would be :rolleyes:Quote:
my last remark about this topic and then it can die
Might I suggest that you try out your suggestions and find out the answer by pure research? :D
I am sorry that I did not realise that this forum was being run for your convenience :eek: