SAN DIEGO -- Authorities are looking for a 25-year-old El Salvador native believed to be behind a spyware program to nab cheating mates that as many as 1,000 people worldwide bought before it was shut down in October 2003. That's when the FBI raided the San Diego apartment of Carlos Enrique Perez-Melara, who was last seen in the Los Angeles area.
Perez-Melara, as well as four people who bought the $89 Loverspy program off the Internet, were indicted Friday in San Diego for illegal computer hacking and illegally intercepting electronic communications. Each count carries a maximum five-year prison sentence and $250,000 fine. Perez-Melara also was charged with 35 counts of manufacturing, sending and advertising a secret surveillance device. A conviction on all counts could send him to prison for 175 years.
The program, modified from software used by private detectives, was marketed from 2002 until late 2003 toward people hoping to find evidence of a mate's philandering by stealing passwords then used to read e-mails, explore Web site browsing and monitor other private online habits. Customers sent an e-greeting card featuring flowers and puppies to up to five different addresses. Those that opened the e-card had a keylogger secretly installed to extract passwords from the infected machines. The communiques were usually sent to customers through Perez-Melara's computer, which served as an intermediary.
"It was marketed as a way to catch a cheating lover," Assistant U.S. Attorney Mitch Dembin told news reporters.
Federal prosecutors told the Los Angeles Times this is one of the first criminal indictments against spyware computer software.
In addition to Perez-Melara, indicted buyers included a Laguna Beach, Calif., man reportedly checking up on an ex-girlfriend; an Irvine, Calif., woman trying to find out more about an estranged sister; a Long Beach, Calif., man curious about an ex-fiance; and an Ashland, Penn., woman hoping to discover a cheating boyfriend. All total, authorities believe at least 2,000 computers were infected with bought copies of Loverspy before operations shut down almost two years ago.
One victim told the San Diego Union-Tribune how she was confronted by one of the accused, about dating the woman's boyfriend. The victim assured her she didn't even know the guy, and the two struck up a friendly e-mail exchange that included the secret-stealing greeting card. Though she regularly updated her antivirus software, the woman said the infection was never detected. Now, most AV software will flag the program.
It's unclear from published news reports why only these four buyers have been indicted, but the Union-Tribune said Saturday that the FBI notified all 2,000 victims through e-mail. Authorities also warned more arrests were possible.
This story originally appeared on SearchSecurity.com.