According to his indictment, Perez-Melara sold the software to 1,000 customers, who then tried to infect about 2,000 others. Victims took the bait only about half the time, the government said. People who purchased the spyware were charged with illegally intercepting electronic communications. Most of those cases appear to have resulted in probation and fines.
In addition to hacking-for-hire services, there is an established commercial market for snooping software that domestic violence advocates warn can also be used to stalk victims. Software such as ePhoneTracker and WebWatcher, for example, are advertised as ways to monitor kids’ online messages and track their location. For $349 a year, Flexispy of Wilmington, Del., promises to capture every Facebook message, email, text and photo sent from a phone, as well as record phone calls. These services generally would be legal only if the person installing the software also owned the device or were given consent by the owner.
Others identified on the FBI most wanted cyber list includes Alexsey Belan, a Russian, who allegedly broke into the computer networks of three major U.S. e-commerce companies. Belan is accused of stealing the companies’ user databases and encrypted passwords, which he then sold. Two others named by the FBI hijacked computers with malware disguised as online advertisements, then sold security fixes to victims. In one case, the loss to consumers was estimated to be $100 million.