THE BLOG
10/01/2014 10:48 am ET Updated Dec 06, 2017

The Government Acts Against StealthGenie

co authored by Dr. Stephen Bryen, Founder & CTO Ziklag Systems

2014-10-01-stealthgenieandroidspysoftware.jpg

Two US Assistant United States Attorneys, Kevin Mikolashek and Jay Prabhu have filed a civil Complaint (Civil No. 1:14-ev 1273) against Hammad Akbar for selling a spyware product called StealthGenie. StealthGenie is an APP that works on a variety of smartphones. The APP surreptitiously records incoming and outgoing phone calls, allows the purchaser to intercept calls in real time without the knowledge of the smartphone user; allows conversations in a boardroom or bedroom to be recorded without the knowledge of the smartphone user, allows incoming and outgoing email, SMS (text) messages and voicemail to be recorded and read; steals the user's contact list, photos, videos and appointments.

StealthGenie works through a commercial server - Amazon Web Services located in Ashburn, Virginia. All the intercepted information from StealthGenie is stored on Amazon's server.

Hammad Akbar and his employees are Pakistani citizens and Akbar lives in Lahore. The chances of catching up with him are precisely zero. Amazon is not a defendant in the case, although clearly Amazon Web services facilitated StealthGenie operations.

The US government view is this kind of APP is an "interception device" under US Code and Federal Rules of Civil Procedure and the sale, marketing and advertising of mobile spying applications is illegal. The US Attorneys evinced specific concern that the spread of this kind of APP would help stalkers, although as the Complaint says, the product was advertised as a means of dealing with spousal cheating, which according to StealGenie's owners, a company called InvoCode Pvt. Ltd., constituted 65% of the purchasers of the APP.

This is the first case brought in a Federal court against spyware APPS. It is unlikely to ever be successfully prosecuted, so the civil Complaint really amounts to a warning to others who make similar products.

There are hundreds of companies in all parts of the world producing products that resemble StealthGenie. These products are available on the Internet. Some of them are free; others can be purchased. The simplest of them require physical access to the target's phone to install the malicious APP. More sophisticated stealthy spyware can get downloaded on a phone without the need for physical access. One way is to embed the spyware into a legitimate product and offer it to the user. Another is to plant a Trojan or other bug in the hardware of the device. Recently some Chinese phones have been found with built in spyware. There are plenty of other techniques available for professional spies. StealthGenie was meant for amateurs.

Whether the government's legal argument is sound is less than clear. There are many cases where intercept software can be sold where its use is legal. Two examples come to mind: the sale of intercept software to law enforcement and government; the sale of intercept software to business. Business has a right to monitor its employees, and this right has been generally supported in US courts. This right extends to smartphones, computers and other electronics (such as GPS trackers). It would seem, therefore, that if StealthGenie advertised its APPS for certain business spying, there would not have been any grounds for an indictment.

Another use of spyware APPS is for parents monitoring children. The US Government Complaint does not address this point. But, again, if an APP is advertised for this purpose, is it legal?

Spyware is also extensively used by companies spying on their competitors. Certainly this is not legal, but the government has not bothered to act on such spying? Why?

One thing is certain, the government's action, no matter how well-intentioned, misses the mark in important ways. The widespread spying going on in our society, some of it easily accomplished by monitoring social APPS like Facebook and Twitter, is a real scourge. So is the monetization of personal information by many of the tech-giants, who are making a fortune exploiting our privacy. We have a very long way to go before any of this is brought to a halt.