[ISN] Software Snags Crooks, Sneaking Spouses, but Alarms Privacy Advocates

From: InfoSec News (isnat_private)
Date: Sun Feb 17 2002 - 22:37:43 PST

  • Next message: InfoSec News: "[ISN] [infowarrior] - Message To Microsoft: Only The Truth Shall Set You Free"

    Forwarded from: William Knowles <wkat_private>
    
    http://ap.tbo.com/ap/breaking/MGAOTQHFTXC.html
    
    By Allison Linn 
    The Associated Press 
    Published: Feb 17, 2002
    
    SEATTLE (AP) - Right now, your boss, your spouse or the government 
    could secretly be reading all your typed words - even the ones you 
    deleted - while surreptitiously snapping your picture. 
    Sound alarming? The man who makes it possible is the first to agree. 
    
    "It's horrifying!" said Richard Eaton, who develops, markets and even 
    answers the technical help line for WinWhatWhere Corp. software. 
    
    "I'm Mr. Guard-My-Privacy, so it's kind of ironic," said Eaton, a 
    lanky 48-year-old with a diamond stud earring. "Every time I add a 
    feature into it, usually it's something that I've fought for a long 
    time." 
    
    His qualms haven't stopped him from selling the product, though - more 
    than 200,000 copies of it, to everyone from suspicious spouses to the 
    FBI. 
    
    And Eaton is building ever-more-detailed monitoring tricks into his 
    Investigator software. The latest version, released this month, can 
    snap pictures from a WebCam, save screen shots and read keystrokes in 
    multiple languages. 
    
    Investigator already can read every e-mail, instant message and 
    document you send and receive, even if you delete - or never even 
    saved - what you typed. 
    
    The $99 downloadable program runs "hidden in plain sight." It changes 
    names every so often, and files containing the information it gathers 
    are given arbitrary old dates to make them difficult to find. 
    
    The monitor can choose to have a user's every move sent to an e-mail 
    address, or the program can be instructed to look for keywords like 
    "boss," "pornography" or "terrorist" and only send records when it 
    finds those prompts. 
    
    Software like Investigator was virtually unknown two years ago. Now 
    it's become a lucrative niche market, attracting plenty of competitors 
    and at least one product that aims to track down the snooping software 
    itself. 
    
    Federal investigators in Seattle used Investigator to snag suspected 
    Russian computer hackers, one of whom was recently convicted on 20 
    counts including conspiracy, various computer crimes and fraud. 
    
    Another, similar product was used in the FBI's investigation of 
    alleged mobster Nicodemo Scarfo Jr. 
    
    A Maywood, N.J., security firm called Corporate Defense Strategies 
    used Investigator at an import/export firm to snare two employees who 
    were selling company merchandise and pocketing the cash. 
    
    CDS President Jeff Prusan has since used it to help clients catch 
    employees who send out resumes, download pornography or spend their 
    shifts playing games. 
    
    "It's unfortunate that it has come to this, but I've always believed 
    that it's better to know what's going on than not," Prusan said. 
    
    Miki Compson, a computer consultant and mother of four in Severn, Md., 
    used Investigator to track computer correspondence from a suspicious 
    person who she said ended up stalking her daughter. 
    
    She's recommended it to other parents whose kids were corresponding 
    with adults and defends the practice as a safety measure. 
    
    Eaton says he wouldn't likely use it on his own two children - "I'd 
    talk to them!" - but he also doesn't feel comfortable telling people 
    what to do with his invention. 
    
    And although he hates to hear tales of deception in the fast-growing 
    market of spouse tracking online, he wouldn't tell people not to do 
    it. 
    
    "I'm selling a hammer," he said. "They can beat nails with it, or 
    their dog." 
    
    If someone calls with proof the software is being used nefariously, 
    Eaton said he'll show the person how to remove it. 
    
    Ari Schwartz, associate director for the Center for Democracy and 
    Technology, said there are legitimate uses for the product, such as 
    catching employees engaging in fraud or child pornography. 
    
    But Schwartz recommends that employers inform their staffs if 
    monitoring for certain activities is occurring. He also urges spouses 
    and parents to think about the repercussions before using such 
    software at home. 
    
    "If your relationship is at the point where you feel that you need to 
    spy on your spouse, is this the best way to repair your relationship 
    or perhaps (should) you be going to therapy?" he said. 
    
    In most cases, Schwartz said, snooping software is not illegal. But 
    "we think morally there are some very large issues with (employers) 
    tracking the personal habits of their employees." 
    
    A self-taught programmer who says he barely graduated from high 
    school, Eaton stumbled on the idea for Investigator when he wrote a 
    tracker program to help him find and repair software bugs. 
    
    He started selling it as a snooper product around 1997. 
    
    Eaton still runs the company much like he did five years ago - from 
    his home in the eastern Washington town of Kennewick. His wife handles 
    the bookkeeping while he burns the CDs, answers the help line and runs 
    the Web site. 
    
    Occasionally, Eaton also checks his own Investigator logs - and is 
    always disturbed by the amount of time he spends online. 
    
    "When I look at my logs during the day, I think I need to fire 
    myself," he said. 
    
    
     
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ================================================================
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Feb 18 2002 - 01:41:17 PST