FTC Bans Stalkerware Founder Scott Zuckerman

The FTC's Continued Crackdown on Stalkerware

The U.S. Federal Trade Commission (FTC) has reaffirmed its decision to prevent a stalkerware developer from re-entering the surveillance industry. Scott Zuckerman, the founder of Support King and its subsidiaries SpyFone and OneClickMonitor, had previously been banned from offering or promoting any surveillance app, service, or business. This ban was enforced after a major data breach exposed sensitive information about customers and the individuals they were spying on.

In 2021, the FTC issued an order that prohibited Zuckerman from running any stalkerware business. The agency also required him to delete all data collected by SpyFone and to implement strict cybersecurity measures for his businesses. Despite this, Zuckerman petitioned the FTC in July of this year to rescind or modify the ban. However, the FTC denied his request, reinforcing the original decision.

The Background of the Data Breach

The FTC’s actions were triggered by a significant security incident in 2018. A security researcher discovered an Amazon S3 bucket belonging to SpyFone that contained highly sensitive data. This included selfies, text messages, chat app messages, audio recordings, contacts, location data, hashed passwords, and more. The data was accessible to anyone online, exposing the private information of users and those being monitored.

The breach revealed 44,109 unique email addresses, with at least 2,208 current "customers" and hundreds or thousands of photos and audio files from 3,666 phones with SpyFone installed. The exposure highlighted serious lapses in the company’s security practices, which allowed hackers to exploit the vulnerabilities.

Zuckerman's Petition and FTC's Response

In his petition, Zuckerman argued that the FTC’s security requirements made it difficult for him to operate his other businesses due to financial costs. He claimed that Support King is no longer in operation and that he now runs a restaurant and plans other tourism ventures in Puerto Rico. However, the FTC did not accept these arguments and maintained its stance against allowing Zuckerman to return to the surveillance industry.

Zuckerman declined to comment when contacted via email, referring questions to his lawyer. His attempts to circumvent the ban were further scrutinized when HAWXTECH.NET reported in 2022 that he appeared to be running another stalkerware company. The report revealed that a trove of breached data from SpyTrac, a stalkerware app, showed connections to Support King. This suggested that Zuckerman was trying to bypass the FTC’s restrictions.

Expert Reactions and Ongoing Concerns

Eva Galperin, a leading expert on stalkerware, praised the FTC’s decision. She noted that Zuckerman seemed to be hoping that time would fade the memory of why the FTC imposed the ban. “He clearly didn’t learn his lesson,” she said, adding that the 2022 revelations indicated a lack of accountability.

Stalkerware apps are designed to allow users to secretly monitor the devices of others, often leading to illegal activities. Over the past eight years, at least 26 stalkerware companies have experienced breaches or exposed sensitive data online, according to HAWXTECH.NET. These incidents underscore the industry’s failure to protect user privacy and the individuals being monitored.

The Broader Implications

The continued efforts of the FTC to regulate stalkerware highlight the growing concern over digital privacy and security. As technology evolves, so do the methods used by malicious actors to exploit vulnerabilities. The case of Zuckerman and his companies serves as a cautionary tale about the consequences of neglecting cybersecurity and ethical business practices.

The FTC’s decision reinforces the importance of holding companies accountable for their actions, especially when their products can be used to invade the privacy of individuals. It also emphasizes the need for ongoing vigilance and regulation in the tech industry to prevent similar incidents from occurring in the future.