DOJ brings down the hammer on StealthGenie mobile ‘stalking’ app

The Justice Department is cracking down on mobile stalking apps as selling spyware to secretly invade victims' privacy is a criminal offense.

Credit: Tori Rector

A Paskistani man is the first to suffer the wrath of the Justice Department for selling mobile spyware that was “undetectable by most users” and marketed as being “untraceable,” but “designed for use by stalkers and domestic abusers.” While StealthGenie is the “first-ever criminal case concerning the advertisement and sale of a mobile device spyware app,” hopefully it is just the start of wiping out stalking spyware.

After StealthGenie was physically installed on an iPhone, Android or Blackberry, the app could intercept communications and make them available to the installer/stalker in “close-to-real-time” on the server hosting the StealthGenie control panel. It won’t do you any good to try to find the website that was previously hosted on Amazon Web Services, as a Virginia judge gave the FBI a green light in the form of a temporary restraining order to disable the StealthGenie site. All that's left is a cached version.

Cached StealthGenie website screengrab StealthGenie

“Selling spyware is not just reprehensible, it’s a crime,” according to the Department of Justice statement peppered with quotes. DOJ Assistant Attorney General Leslie Caldwell also stated:

“Apps like StealthGenie are expressly designed for use by stalkers and domestic abusers who want to know every detail of a victim’s personal life – all without the victim’s knowledge. The Criminal Division is committed to cracking down on those who seek to profit from technology designed and used to commit brazen invasions of individual privacy.”

Dana Boente, U.S. Attorney for the Eastern District of Virginia, said, “StealthGenie has little use beyond invading a victim’s privacy. Advertising and selling spyware technology is a criminal offense, and such conduct will be aggressively pursued by this office and our law enforcement partners.”  

According to FBI Assistant Director in Charge Andrew McCabe:

“This application allegedly equips potential stalkers and criminals with a means to invade an individual’s confidential communications. They do this not by breaking into their homes or offices, but by physically installing spyware on unwitting victim’s phones and illegally tracking an individual’s every move. As technology continues to evolve, the FBI will investigate and bring to justice those who use illegal means to monitor and track individuals without their knowledge.”

Hammad Akbar, CEO of InvoCode – the company that marketed StealthGenie online – was “charged in the indictment with conspiracy, sale of a surreptitious interception device, advertisement of a known interception device and advertising a device as a surreptitious interception device.”

The indictment (pdf) alleges that the website was mainly focused on “potential purchasers who did not have any ownership interest in the phone to be monitored, including those suspecting a spouse or romantic partner of infidelity.” The DOJ mentioned the company’s business plan that marketed the app first for the purpose of exposing “spousal cheat: Husband/Wife of boyfriend/girlfriend suspecting their other half of cheating, or any other suspicious behavior, or if they just want to monitor them.” The “spousal cheat” market allegedly made up about 65% of StealthGenie purchasers. The DOJ seems to also believe Akbar and his employees faked the testimonials, claiming “they appear to be fictitious.”

The app functionalities included interception of the following wire and electronic communications: call recording and interception, activating a smartphone microphone to record surrounding conversations, monitor all outgoing and incoming electronic mail, text messages and voicemail, as well as monitor photos, videos, contacts and calendar appointments on the phone.

If the DOJ has gone after StealthGenie because selling spyware is a “criminal offense;” the app is designed for use by “stalkers and domestic abusers” and the technology is “used to commit brazen invasions of individual privacy,” then will other similar spyware soon face the same fate? Don’t get me wrong as I’d love to see all spyware wiped off the face of the earth, but why hone in on StealthGenie? There is a huge market for stalker’s-best-bud “undetectable” apps. Do not take this as an endorsement, but for example:

FlexiSPY lists “catch cheaters” first, followed by “protect children” and “monitor employees” because “you have a right to know.”

Also advertised as "100% undetectable," the mSpy website adds, "employees and children properly controlled."

“Ideally suited to monitor your children, employees or loved ones,” the “completely undetected” Highster Mobile claims its software can “secretly track and spy on virtually any cell phone.”

The “completely stealthy” SpyPhoneTap also mentions children, employees, before adding, “Or wanting to know what your partner is up to?”

Taking a different tactic, the Mobile Spy asks, “Do you suspect your child or employee is abusing their SMS or Internet privileges? If yes, then this software is ideal for you.”

“No one will ever know they are being monitored,” Mobistealth claims. It is marketed toward parents monitoring children, monitoring all company-owned cell phones, or if you are “an investigator looking to uncover the truth.”

SpyEra simply lists all the capabilities of its “undetectable” software; parental control and employee monitoring are not mentioned until links at the bottom of the page.

Take note, sneaky stalkers and domestic abusers, aka creeps and creepettes who install spyware to invade the privacy of your victims, installing such 'undetectable' software to intercept communications without permission can also be a crime. StealthGenie also had a disclaimer about "ethical monitoring" of employees or children, or else needing written permission before installing the app on another person's phone.

Parents and companies can monitor cell phones, so perhaps part of the reason StealthGenie was targeted is in the marketing of the mobile spyware app. The complaint (pdf) filed by the government may hold the real another reason why the DOJ went after StealthGenie. In December 2012, the spyware was installed on an undercover FBI agent’s Android smartphone; the software then intercepted and made available “wire and communications” from the agent’s phone on the StealthGenie website.

I hope more mobile app spyware soon falls under the DOJ axeman, but even supposedly "lawful" phone spyware works "without the victim's knowledge." Too bad the DOJ doesn't also find that to be "reprehensible" and a "crime."

Cybersecurity market research: Top 15 statistics for 2017