Two hackers supplied Motherboard with 130,000 account details hacked from Retina-X and FlexiSpy, who market covert surveillance tools to jealous spouses and nervous parents — tools that are intended to be covertly installed on their laptops and mobile devices in order to tap into their keystrokes, mics, calls, stored photos and other capabilities.
An overwhelming majority of survivors of domestic violence report that their exes used tools like these as part of their strategy for controlling them through trickery and fear.
The spyware doesn’t just make the data available to creepy parents and spouses, though: as the hacks demonstrate, these companies are materially deficient in protecting the data that their software gathers, leaving it vulnerable to other creeps who steal it and use it for their own nefarious purposes.
One of the hackers who dumped the files to Motherboard claims to have wiped all data from Retina-X’s servers at the end of February, which coincides with a time when the company’s logins shut down due to “hardware failures.” They say that they deleted all of Flexispy’s files on Monday, redirecting visitors to the homepage of Privacy International.
The hacker behind the FlexiSpy breach went by the handle Leopard Boy, a reference to the 1995 cult film Hackers. Leopard Boy said that what FlexiSpy allows people to do is “fucking seedy and skin-crawlingly revolting.”
“I think they’re a bunch of unethical assholes who prey on insecure people in order to line their own pockets,” the hacker said. The goal of hacking FlexiSpy, Leopard Boy said, was to send a warning to this sort of industry as a whole.
“As good old Phineas once said, leaking isn’t an end in itself; it’s all about the message,” Leopard Boy added, referring to hacker Phineas Fisher. (Phineas has become a sort of folk hero in the hacking community for breaking into the servers of FinFisher and Hacking Team, two companies that sell spyware exclusively to governments.)