Urban Legend has it that when the late Willie Sutton was asked why he robbed banks he replied "because that's where the money is".
If he were around today he'd probably scoff at bank robbery. These days the real money is clearly in spyware.
It shouldn't be news to anyone, of course, that cybercrooks are using spyware to generate big bucks, primarily by stealing credit card and banking information and reselling it to other swine on the 'net. What may be news, however, is the fact that many of the tools used by these characters are completely legal and available at "crazy low prices", if not for free.
The bust of a couple dubbed "the Bonnie and Clyde of identity theft" illustrates the problem. As described in a recent article in Digital Journal (among other places):
Jocelyn Kirsch, 22, and Edward K. Anderton, 25, were living a lavish lifestyle: trips to Paris and London; salon visits costing $1,700 each; a $3,000-a-month apartment in upscale Philadelphia. Kirsch and Anderton didn't earn any of these luxuries – they stole money using a complex identity theft scam.
What's especially interesting about this is that the couple didn't need to invest huge amounts of money or technical expertise to do this. All they had to do was buy a $100 spyware program called Spector Pro (from Spectorsoft). Although widely identified as malware by major anti-virus vendors such as Symantec and Safernetworking.org (the makers of Spybot Search and Destroy, one of the better anti-spyware products around), Spector Pro is also a PC Magazine Editor's Choice award winner and touts itself as a tool for enhancing corporate security by allowing employers to monitor employees' internet activity.
The thing is, the behavior of the program itself is indistinguishable from that of other forms of malware. Here's how Symantec describes it:
Spyware.Spector functions in a manner that is similar to a Backdoor Trojan Horse. When it is installed, it logs all the activity on the system. The person who installed it can then watch all the logged activity.
Spectorsoft president Doug Fowler, of course, disclaims any responsibility for the nefarious use of the product. According to ABC News (where this story originally broke):
"SpectorSoft has never marketed its software as a way to steal from people, to assume another's identity," Fowler wrote in an e-mail. "Any piece of software has the potential to be abused."
If this sounds familiar, it might be because the same justification is offered by anyone who profits from the sale of dangerous and/or deadly items. Be it agribusiness, Big Tobacco, or the NRA, they all insist that it's not their fault if the folks to whom they have aggressively and expensively marketed their products wind up morbidly obese, coughing up a lung, or mowing down a few dozen family members, friends or acquaintances.
Legally, of course, they may be right. Attempts to hold the "Merchants of Death" accountable have largely failed thanks to flotillas of high-priced lawyers and a federal government that never met a corporate lobbyist it didn't like.
Legality and morality are hardly identical, however, and the ethical situation is far less clear. My take on this is that if you are selling a product that you know, beyond a doubt, is going to be used for a moral wrong, you better be certain that said product isn't designed primarily for that purpose and/or that you're serving a greater moral good by offering it.
For example: a hammer can certainly be used to commit murder, but that's not even remotely what it's designed to do. And in any case you're helping someone build something by selling it. Weapons, on the other hand, face a far higher hurdle since their principal purpose is to kill.
By that standard, Spectorsoft is treading on potentially thin ice. Yes, their software can be used by businesses to prevent unethical behavior by their employees, but Spectorsoft doesn't just market to businesses. Indeed, two of their products (the aforementioned Spector Pro and eBlaster) are targeted at individuals who want to spy on each other, including parents who want to spy on their children.
If it walks like a duck, quacks like a duck, and gobbles up your keystrokes like a duck, shouldn't we conclude that it's fair game during Duck Season?
No comments:
Post a Comment