Hackers all have different intentions—some are committed to making computer networks more secure, while some are more interested in exploiting system vulnerabilities. Many hackers fit into one of these two categories, though some do dance between the two.
However, there is a special subgroup of hackers: those who make the FBI’s Cyber’s Most Wanted list. These individuals give a whole new meaning to “black hat” hacking. The nature of their crimes is such that the U.S. has mobilized all law enforcement agencies against them in an attempt to bring these hackers to justice.
For the next few weeks, we will be counting down the 10 most wanted hackers by the FBI.
This week, we begin with number 10…
Carlos Enrique Perez-Melara
A former San Diego college student, Perez-Melara was originally indicted in 2005 for 35 counts of manufacturing, advertising and sending an electronic interception program; unlawfully intercepting electronic communication; and disclosing said communication to other parties for financial gain, among other things. Each count comes with a sentence of at most five years in federal prison and a fine of $250,000. He therefore faces a maximum sentence of 175 years and $8.75 million in fines.
Perez-Melara is responsible for creating Lover Spy – a website that advertised a way for customers to catch a cheating partner.
For $89, customers were able to purchase a copy of the “Lover Spy” program. They would then send a seemingly innocuous e-card to an intended victim and upon opening said card, the victim would unknowingly download spyware hidden deep within the greeting.
The program was designed “with stealth in mind,” claiming that it would be impossible to detect by 99.9 percent of users. Once installed, Lover Spy sent regular reports of the victim’s online activities, including emails, passwords, chat messages and online purchase record, to the customer via the use of a keylogger. The program even gave customers the ability to remotely control the victim’s computer, such as by altering files or turning on the webcam.
In all, 1,000 customers purchased the program, who then sent infected e-cards to 2,000 people. It was ultimately determined that about half of these intended victims were infected by the Lover Spy program. At the time, antivirus software didn’t recognize Lover Spy as dangerous, so it let the malicious program through. But the FBI eventually caught up with its developer, executing a search warrant of Perez-Melara’s apartment in October of 2003.
After his indictment in 2005, Perez-Melara failed to show up for his court date and has been on the run ever since.
In the meantime, the FBI has kept busy. Four other individuals have been indicted by a federal jury on two counts of assisting Perez-Melara to unlawfully intercept electronic communication and unlawfully gain access to the victims’ computers. A number of customers have also been prosecuted in cities including Charlotte, NC; Honolulu; and Dallas, with prosecutions in other locations going forward.
According to the FBI, all victims of Lover Spy have been notified.
- Hacker Myths Debunked
- Top Five Hacker Tools Every CISO Should Know
- Infosec’s Rising Stars and Hidden Gems: The Hackers
- Average Cyber Crime Incident Costs Companies $12.7 Million
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the ShellShock and Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].