This is a post series on cyber crime. For more posts click here or the cybercrime tag below.
Once caught malware creators shouldn’t be able to plea down. At this point, the risk level for malware creators needs to be enhanced. The authorities need to show that doing this stuff is not a kids game. Especially to all smart stupid kids like this. They can code, but they don’t really understand the risks of letting bad code out.
Shames developed his keylogger in 2013
Shames started advertising his keylogger in March 2013. As his side-project advanced, Shames graduated Langley High School and moved on to James Madison University.
At the same time, his keylogger slowly transformed into a powerful tool, adding extra features on top of keystroke logging.
These features included a dedicated builder, the ability to upload stolen data to a FTP server, and the ability to dump data and passwords from the following applications: Chrome, Firefox, IE, Opera, Safari, Bitcoin Wallet, EpicBot, Spotify, Minecraft, Rarebot, RSBot, FileZilla, Core FTP, Smart FTP, DynDNS, Nimbuzz, Pigdin, Imvu, MSN, and Internet Download Manager.
His keylogger, along with many others had been at the center of many economic espionage campaigns against Fortune 500 companies in the past few years. A Trend Micro report published in November 2014 damned Shames, turning the FBI’s gaze on his activities.
There seems to be the take on this that the developer didn’t know how the tools he developed were going to be used. It’s fairly obvious that the developer was fully aware what he was doing. After all, he didn’t just put it up on an app store as some sort of toy and it has all those inside tools to enhance it’s ability to track users. TrendMicro has more here.
What really bothers me is that he sold so cheaply. 35 bucks? For something that can wreck your life and send you to prison? Of course the irony seems to be, that after all the effort that went into this as a spying tool, the biggest effort went into defrauding companies by sending bad invoices. Still, as far as I’m concerned, the word needs to get out that if you create and distribute malware, whether it’s keyloggers, machine lockers or ransomware, if you get caught, it can ruin you career and really mess up your life. Otherwise the crime will go on the and number of victims will just get bigger until ultimately the internet just shuts down.