WASHINGTON It's not just the federal government intercepting your communications. It could be a nosy relative or jealous partner.
Among five individuals added this week to the FBI's list of most wanted cybercriminals is a former San Diego college student who developed an $89 program dubbed "Loverspy" and "Email PI." Sold online from his apartment, the program was advertised as a way to catch a cheating lover by sending the person an electronic greeting card that, if opened, would install malicious software that captured emails and instant messages, or even spy on the person through their webcam.
The case of Carlos Enrique Perez-Melara, 33, is noteworthy because he appears to have made relatively little money on the scheme, unlike others on the FBI list accused of bilking millions of dollars from businesses and Internet users worldwide. Perez-Melara was a native of El Salvador in the United States on a student visa in 2003 when he sold the spyware. He was accused of helping turn average computer users into sophisticated hackers who could use the information to stalk their victims.
Loverspy was designed "with stealth in mind, claiming that it would be impossible to detect by 99.9 percent of users," according to a July 2005 federal indictment of Perez-Melara.
An FBI section chief who oversees operations in the agency's cyber division, John Brown, said Loverspy was one of many illegal hacking-for-hire services available online. In one case earlier this year, a New York police detective was arrested for spending more than $4,000 on hacking services to obtain the emails of more than a dozen of his colleagues. Many of the operators tend to be based abroad.
"These are sophisticated folks who know how to hide themselves on the Internet," Brown said.
Brown said Perez-Melara was added to the FBI most wanted list in part because the former college student has been so difficult to find. Perez-Melara has eluded the authorities since his indictment eight years ago, with his last known location as El Salvador. The government is now offering a $50,000 reward for information leading to his arrest.
According to his indictment, Perez-Melara sold the program to 1,000 customers, who then tried to infect roughly 2,000 others. Victims took the bait only about half the time, the government said. People who purchased the spyware were charged with illegally intercepting electronic communications. Most of those cases appear to have resulted in probation and fines.
Years later, there is an established commercial market for snooping software that domestic violence advocates warn can also be used to stalk victims. Software like ePhoneTracker and WebWatcher, for example, is advertised as a means of monitoring kids' online messages and tracking their locations. For $349 a year, Flexispy Ltd. of Wilmington, Del., promises to capture every Facebook message, email, text and photo sent from a phone, as well as record phone calls. These services would only be legal if the person owns the phone or computer or is authorized to install the software.
Others identified on the FBI "most wanted" cyber list includes Alexsey Belan, a Russian, who allegedly broke into the computer networks of three major U.S. e-commerce companies. Belan is accused of stealing the companies' user databases and encrypted passwords, which he then sold. Two others named by the FBI hijacked computers with malware disguised as online advertisements, then sold security fixes to victims. In one case, the loss to consumers was estimated to be $100 million.