http://www.cnn.com/2003/TECH/internet/09/30/spyware.lover.reut/index.html--url
is now dead--
Illegal e-cards
to spy on your lover
Tuesday, September 30, 2003 Posted:http://mailshare.nmu.edu/listserv/network-users/msg00223.html--
3:32 PM EDT (1932 GMT)
SAN FRANCISCO, California (Reuters) -- A company calling itself Lover Spy
has begun offering a way for jealous lovers -- and anyone else -- to spy
on the computer activity of their mates by sending an electronic greeting,
the equivalent of a thinking-of-you card, that doubles as a bugging
device.
Computer security experts said the Lover Spy service and software appeared
to violate U.S. law, but also said the surveillance program pointed to an
increasingly common way for hackers to seize control of computers.
Marketed as a way to "catch a cheating lover," the Lover Spy company
offers to send an e-mail greeting card to lure the victim to a Web site
that will download onto the victim's computer a trojan program to be used
for spying.
Recording keystrokes
The Lover Spy software, sold for $89 for up to five computers, purports to
record anything the victim does on the computer, including all keystrokes,
passwords, e-mail, chats and screen shots and even turn on the victim's
Web camera.
The spy program discreetly sends the information to the Lover Spy server
which then forwards it on to whoever paid for the software, maintaining
their anonymity, according to the company Web site, which did not list
contact information.
"Lover Spy is being used today by private investigators worldwide, spouses
and parents who want to protect their children," the site claims.
"You don't need physical access to the computer," said Richard Smith,
an
independent privacy and security researcher in Boston. "It makes it so
you
can spy on anybody you want."
Possible felony
"That would be a felony," said Mark Rasch, former head of the U.S.
Department of Justice's computer crime unit and chief security counsel for
security company Solutionary. "Loading a program onto someone else's
computer without their authorization is patently illegal."
"Yikes! That is clearly a wiretapping violation," Chris Hoofnagle,
associate director of the Electronic Privacy Information Center, said when
told of Lover Spy.
"It sounds a lot like a commercial version of Magic Lantern," the
controversial program the FBI proposed a few years ago to remotely install
a keystroke logger onto people under investigation, he said.
Other spyware exists, such as eBlaster from Florida-based SpectorSoft, but
it is installed manually and marketed for customers to install on their
own computer, Rasch said.
However, even installing a spyware program on your own computer may be
illegal if it is recording the data of someone else without their consent,
depending on the state in which the spying occurs, Hoofnagle said.
Setting up defenses
Not only could the Lover Spy company be prosecuted for selling software
that enables spying, but the person who pays for the service could face up
to 10 years in prison and fines for actual damages under the federal
Computer Fraud and Abuse Act, he said.
Web sites that surreptitiously send programs to a visitor's computer are
an increasingly security menace, said Chris Wysopal, research director at
security consultancy AtStake in Boston.
"The risk has always been there, but when the tools are really easy to
use
you are going to see more spying going on," he said.
The only defenses are anti-virus software, which may be able to detect the
spyware, and a personal computer firewall which can alert a user when the
trojan tries to connect to the Internet to send data out, according to
Wysopal.
People should be cautious about allowing Web sites to run unknown code on
their PC, he added.
