A Danish citizen today pleaded guilty in the Eastern District of Virginia and was ordered to pay a fine of $500,000 for advertising and selling StealthGenie, a spyware application (app) that could remotely monitor calls, texts, videos and other communications on mobile phones without detection. This marks the first-ever criminal conviction concerning the advertisement and sale of a mobile device spyware app.
Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, U.S. Attorney Dana J. Boente of the Eastern District of Virginia and Assistant Director in Charge Andrew G. McCabe of the FBI’s Washington Field Office made the announcement after a hearing before U.S. District Judge Leonie M. Brinkema in the Eastern District of Virginia.
“Spyware is an electronic eavesdropping tool that secretly and illegally invades individual privacy,” said Assistant Attorney General Caldwell. “Make no mistake: selling spyware is a federal crime, and the Criminal Division will make a federal case out if it. Today’s guilty plea by a creator of the StealthGenie spyware is another demonstration of our commitment to prosecuting those who would invade personal privacy.”
“The defendant advertised and sold a spyware app that could be secretly installed on smart phones without the knowledge of the phones owner,” said U.S. Attorney Boente. “This spyware app allowed individuals to intercept phone calls, electronic mail, text messages, voicemails and photographs of others. The product allowed for the wholesale invasion of privacy by other individuals, and this office in coordination with our law enforcement partners will prosecute not just users of apps like this, but the makers and marketers of such tools as well.”
“Mr. Akbar is the first-ever person to admit criminal activity in advertising and selling spyware that invades an unwitting victim’s confidential communications,” said FBI Assistant Director in Charge McCabe. “This illegal spyware provides individuals with an option to track a person’s every move without their knowledge. As technology evolves, the FBI will continue to evolve to protect consumers from those who sell illegal spyware.”
According to the statement of facts accompanying the plea agreement in the case, Hammad Akbar, 31, is the chief executive officer of InvoCode Pvt. Limited and Cubitium Limited, the companies that advertised and sold StealthGenie online. StealthGenie could be installed on a variety of different brands of mobile phones, including Apple’s iPhone, Google’s Android, and Blackberry Limited’s Blackberry. Once installed, it could intercept all conversations and text messages sent using the phone. The app was undetectable by most users and was advertised as being untraceable.
Akbar was arrested on Sept. 27, 2014, in Los Angeles and pleaded guilty today to sale of an interception device and advertisement of a known interception device. After accepting the guilty plea, the court immediately sentenced Akbar to time served and ordered him to pay a $500,000 fine. He was also ordered to forfeit the source code for StealthGenie to the government.
On Sept. 26, 2014, the court issued a temporary restraining order authorizing the FBI to temporarily disable the website hosting StealthGenie, which was hosted from a data center in Ashburn, Virginia. The court later converted the order into a temporary injunction, and the website remains offline.
According to Akbar’s admissions, StealthGenie had numerous functions that permitted it to intercept both outgoing and incoming telephone calls, electronic mail, text messages, voicemail, and photographs from the smartphone on which it was installed. The app could also turn on the phone’s microphone when it was not in use and record sounds and conversations that occurred near the phone. All of these functions could be enabled without the knowledge of the user of the phone.
In order to install the app, the purchaser needed at least temporary possession of the target phone. During the installation process on an Android smartphone, for example, the person installing the app was required to grant a series of permissions that allowed the app to access privileged information on the device. Once the app was activated, it was started as a “background” (i.e., hidden) service and set up to launch automatically when the phone was powered on. The only time that the app interacted with the screen was during activation, and the icon for the app was removed from the phone’s menu. Akbar admitted that because of these characteristics, a typical smartphone user would not know that StealthGenie had been installed on his or her smartphone.
Akbar also admitted to distributing an advertisement for StealthGenie through his website on Nov. 5, 2011, and to selling the app to an undercover agent of the FBI on Dec. 14, 2012.
This case was investigated by the FBI’s Washington Field Office, and was prosecuted by Senior Trial Attorney William A. Hall Jr. of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorneys Jay V. Prabhu and Alexander Nguyen of the Eastern District of Virginia.
The FBI’s Internet Crime Complaint Center (IC3) has published an advisory for consumers related to the app located at: http://www.ic3.gov/media/2014/140930.aspx.
SOURCE: Department of Justice