Federal Prosecution Achieves Guilty Plea from Stalkerware Developer
The United States government has successfully secured a guilty plea from a maker of stalkerware, a landmark event as it marks only the second successful prosecution of a consumer spyware vendor in over a decade.
Bryan Fleming, the architect behind the stalkerware known as pcTattletale, admitted [PDF] his guilt in federal court situated in the Southern District of California.
He faced accusations of marketing software deliberately designed to intercept communications, incorporating elements of interstate commerce, thereby contravening federal statutes.
According to the terms laid out in the plea agreement, Fleming conducted the sale of this spyware from Michigan. Notably, it was purchased by a consumer located in the Southern District of California, justifying the choice of court venue.
Documents reveal that Fleming began promoting pcTattletale in 2017 with the express intent of targeting individuals seeking to surveil spouses or partners clandestinely.
In line with other stalkerware types, which essentially operate as consumer-grade spyware akin to tools used by nation-states, pcTattletale was engineered for installation on both computer systems and mobile devices.
The software facilitated the unauthorized gathering of text messages, emails, phone calls, geolocation data, and browsing history.
This information was accessible through an online portal that enabled users to monitor the activities of their targets without their awareness.
Particularly alarming, court filings indicated that pcTattletale operated through video capture, documenting every movement of victims whenever their devices were unlocked.
As previously reported by the Detroit News, investigations conducted by federal agents from the Immigration and Customs Enforcement’s Homeland Security Investigations division had been underway since at least 2021.
The application was under scrutiny due to its overt marketing aimed at unlawful surveillance of intimate partners, as noted in a search warrant affidavit drafted by an HSI agent in November 2022, which was only recently made public.
Despite the existence of numerous stalkerware entities operating within the United States, usage has burgeoned in recent years.
Alarmingly, many of these applications are riddled with flawed coding, inadvertently leading to data breaches which compromised the details of countless customers; such incidents have beset mSpy on multiple occasions, along with Catwatchful and, notably, pcTattletale.
Fleming’s enterprise declared bankruptcy in 2024 following a significant data breach that exposed 138,751 customer accounts, along with sensitive device information, IP addresses, physical addresses, phone numbers, and text message data, aggravating the situation by disclosing a wealth of victim details.
Sentencing for Fleming is anticipated later this year, where he may face up to 15 years of incarceration, alongside a financial penalty of $250,000, forfeiture of all property associated with the crime, and additional repercussions.
This case represents only the second instance of a guilty plea for stalkerware since 2014; the first involved Hammad Akbar, who acknowledged guilt in the distribution of another stalkerware program called StealthGenie.
Whether two guilty pleas in a span of 12 years will adequately deter the proliferation of stalkerware remains uncertain.
However, the existence of a second case based on similar allegations—selling software aimed at clandestinely surveilling individuals—does offer a glimmer of hope and indicates that federal law enforcement is finding robust grounds for prosecutorial action.
Several anti-stalkerware advocates have been contacted for their insights, and this article will be amended to include their responses.
Source link: Theregister.com.
