A company calling itself Lover Spy has begun offering a way for jealous lovers — and anyone else — to spy on the computer activity of their mates by sending an electronic greeting, the equivalent of a thinking-of-you card, that doubles as a bugging device.
COMPUTER SECURITY EXPERTS said the Lover Spy service and software appeared to violate U.S. law, but also said the surveillance program pointed to an increasingly common way for hackers to seize control of computers.
Marketed as a way to “catch a cheating lover,” the Lover Spy company offers to send an e-mail greeting card to lure the victim to a Web site that will download onto the victim’s computer a trojan program to be used for spying.
The Lover Spy software, sold for $89 for up to five computers, purports to record anything the victim does on the computer, including all keystrokes, passwords, e-mail, chats and screen shots and even turn on the victim’s Web camera.
The spy program discreetly sends the information to the Lover Spy server which then forwards it on to whoever paid for the software, maintaining their anonymity, according to the company Web site, which did not list contact information.
“Lover Spy is being used today by private investigators worldwide, spouses and parents who want to protect their children,” the site claims.
‘THAT WOULD BE A FELONY’ “You don’t need physical access to the computer,” said Richard Smith, an independent privacy and security researcher in Boston. “It makes it so you can spy on anybody you want.”
“That would be a felony,” said Mark Rasch, former head of the U.S. Department of Justice’s computer crime unit and chief security counsel for security company Solutionary. “Loading a program onto someone else’s computer without their authorization is patently illegal.”
“Yikes! That is clearly a wiretapping violation,” Chris Hoofnagle, associate director of the Electronic Privacy Information Center, said when told of Lover Spy.
“It sounds a lot like a commercial version of Magic Lantern,” the controversial program the FBI proposed a few years ago to remotely install a keystroke logger onto people under investigation, he said.
Other spyware exists, such as eBlaster from Florida-based SpectorSoft, but it is installed manually and marketed for customers to install on their own computer, Rasch said.
“Typically, you have a husband or wife who puts a keystroke logger on the home PC to monitor what Web pages the spouse is going to and what e-mails they’re sending,” he said.
However, even installing a spyware program on your own computer may be illegal if it is recording the data of someone else without their consent, depending on the state in which the spying occurs, Hoofnagle said.
Not only could the Lover Spy company be prosecuted for selling software that enables spying, but the person who pays for the service could face up to 10 years in prison and fines for actual damages under the federal Computer Fraud and Abuse Act, he said.
HOW TO BLOCK SPYWARE Web sites that surreptitiously send programs to a visitor’s computer are an increasingly security menace, said Chris Wysopal, research director at security consultancy AtStake in Boston.
“The risk has always been there, but when the tools are really easy to use you are going to see more spying going on,” he said.
The only defenses are anti-virus software, which may be able to detect the spyware, and a personal computer firewall which can alert a user when the trojan tries to connect to the Internet to send data out, according to Wysopal.
People should be cautious about allowing Web sites to run unknown code on their PC, he added.
© 2003 Reuters Limited. All rights reserved. Republication or redistribution of Reuters content is expressly prohibited without the prior written consent of Reuters.