[ISN] 5 indicted in spyware e-mail case

InfoSec News isn at c4i.org
Mon Aug 29 14:06:08 EDT 2005 

http://www.signonsandiego.com/news/business/20050827-9999-1b27spy.html

By Onell R. Soto 
UNION-TRIBUNE STAFF WRITER
August 27, 2005 

The spyware program was designed for private detectives, authorities 
said, but it really took off when it was marketed to jealous lovers. 

"Catch a cheating lover," the San Diego company's Web site boasted. 
"Send them an e-Greeting card!" 

The cards, Lover Spy promised, deployed software to track everything 
that unsuspecting recipients did on their computers. About 1,000 
people signed up before the FBI shut the company down in October 2003. 

One Laguna Beach man targeted his former girlfriend. A Long Beach 
woman went after her ex-fiance. An Irvine man wanted to know more 
about his estranged sister. And a Pennsylvania woman wanted to check 
out whether her boyfriend was cheating on her. 

Federal prosecutors announced computer hacking indictments yesterday 
against all four and against Carlos Enrique Perez Melara, the 
25-year-old former San Diego man who prosecutors say created the 
software they used. 

Perez, a native of El Salvador, probably is in the Los Angeles area, 
said Stewart Roberts, the second highest-ranking agent at the San 
Diego FBI office. 

Crime Stoppers has offered a $1,000 reward. 

Perez is charged with 35 crimes, each of which carries a potential 
five-year prison sentence if he is convicted. 

Spyware is one of the fastest-growing examples of malicious software, 
a computer security expert said. 

It is designed to track what computer users do. 

Some types - the fastest-growing segment - use such information to 
select which pop-up ads users see when using the Internet. 

However, other software can be used by identity thieves to get account 
numbers and passwords, said David Cole, director of Symantec Security 
Response, part of the company that produces the Norton anti-virus 
software. 

More than half the malicious software submitted to his company by 
suspicious users and computer security professionals is designed to 
aid identity theft, he said. 

"We're seeing more spyware," he said. 

The FBI has not found any instances of identity theft linked to the 
Lover Spy software. The agency has notified all 2,000 victims via 
e-mail. 

One of the victims of the program said yesterday she was shocked by 
the invasion of her privacy. 

"I didn't know it was on my computer until the FBI contacted me," she 
said. 

The resident of a small town in central Pennsylvania said she didn't 
want her name used because her privacy had been breached enough by the 
woman who was spying on her. 

"She contacted me because she thought that I was dating her boyfriend, 
but it wasn't true," she said. "I had never met him. I didn't know who 
he was." 

She said she was sympathetic with the suspicious girlfriend and struck 
up a friendly e-mail relationship. 

"She sent me a greeting card on the Internet through my e-mail and 
that's how she got into my computer," she said. "She had access to 
everything." 

She said she regularly updated her anti-virus software and checked for 
malicious programs, but none of those measures detected the program 
when her computer was infected. 

Such programs have since been updated to catch the Lover Spy software, 
which tracked Internet use, e-mail and everything typed on infected 
computers and could be used to turn on cameras hooked up to the 
personal computers, said the FBI's Roberts. 

Employers and parents use similar surveillance software on computers 
they own to keep track of their workers and children, he said. 

Perez advertised the $89 software on a Web site and through 
unsolicited e-mail. 

The software was deployed on computers around the world, which would 
send information to Perez's customers and to him at his downtown San 
Diego apartment, prosecutor Mitch Dembin said. 

"People were spying on others simply to learn what they were doing," 
he said. 

The FBI began investigating after getting a tip from someone who got 
e-mail spam from the company. Perez was present when agents raided his 
apartment and took his computers Oct. 10, 2003, but has since 
disappeared, Roberts said.

More information about the ISN mailing list