Two jet-setting identity thieves have been arrested, caught using a spyware program to steal sensitive data from unsuspecting Americans. Their arrest has sparked a debate over the use of spyware products — are they legit or just ammunition for criminals?
Digital Journal — Jocelyn Kirsch, 22, and Edward K. Anderton, 25, were living a lavish lifestyle: trips to Paris and London; salon visits costing $1,700 each; a $3,000-a-month apartment in upscale Philadelphia. Kirsch and Anderton didn’t earn any of these luxuries — they stole money using a complex identity theft scam.
And their main weapon? A $100 sypware program.
Arrested Friday in Philadelphia, the Bonnie and Clyde of identity theft raked in $100,000 this year alone through credit cards stolen from unsuspecting neighbours. When police went through their apartment, they found printers, scanners and an industrial machine that made ID cards.
But the most intriguing piece of technology was the $100 spyware program called Spector. Users can download the software onto other people’s PCs and log every keystroke, email and Web site accessed by the PC owner. The manufacturer markets the program to employers looking to snoop on staff.
Robert Graham, the security executive at Atlanta-based Errata Security, told ABC News that applying spyware for nefarious activities is simple: "The way they would hack is simply e-mail their victims the program and claim it's a software update, pictures of naked Britney Spears or some sort of nonsense in order to get their victims to run it. Once installed, spyware installs a keylogger and [programs] that monitor online activity. Keyloggers are the most important part of spyware because that's what would give them passwords. Online banking sites that advertise themselves as being 'secure' are only secure against somebody eavesdropping on the network traffic, but they are not secure against somebody eavesdropping on keystrokes."
Graham believes sypware makers know their software is being used for illegitimate reasons since it “puts hacking in the hands of everybody.”
But Doug Fowler, CEO of SpectorSoft (maker of the Spector spyware program used by Kirsch and Anderton), disagrees with Graham. He told ABC News any software has the potential to be abused.
And it looks like that kind of software is being abused at a rampant rate. The Federal Trade Commission found that 8.3 million Americans, or 3.7 per cent of all American adults, were victims of identity theft in 2005.
Spyware software shouldn’t be burdened with all the blame, but it’s clear from this recent arrest that a software package can be spun to suit the needs of criminals. Is that analogous to blaming gun manufacturers for murders, even though people use guns for hunting practice too?
Whatever investigators find in the Kirsch-Anderton case will help future enforcement agencies in their ongoing battle against identity fraud.
It will be interesting to learn how the spyware software was twisted to turn it criminal. And most importantly, the arrest should act as a warning to computer users to be careful about what emails they open, what downloads they purchase and what information they give out online.