by Rob Douglas

Over the last decade, I’ve been a harsh critic of the Federal Trade Commission when they’ve been slow to move on issues of importance when it comes to fighting identity theft and cybercrime.  But, while they still have not done nearly enough to battle those who openly and brazenly advertise the sale of products designed to steal the personal information of Americans, it is important to applaud the FTC’s actions when they do move against those who aid cybercriminals.

Today, the FTC – in response to a complaint filed by our friends over at the Electronic Privacy Information Center(EPIC) – obtained a temporary restraining order “halting the sale of keylogger spyware. According to the FTC’s complaint, the Florida-based CyberSpy Software, LLC marketed and sold RemoteSpy keylogger spyware to clients who would then secretly monitor unsuspecting consumers’ computers.”

According to the FTC press release:

“According to papers filed with the court, the defendants provided RemoteSpy clients with detailed instructions explaining how to disguise the spyware as an innocuous file, such as a photo, attached to an email. When consumer victims clicked on the disguised file, the keylogger spyware silently installed in the background without the victims’ knowledge. This spyware recorded every keystroke typed on the victim’s computer (including passwords); captured images of the computer screen; and recorded Web sites visited. To access the information gathered and organized by the spyware, RemoteSpy clients would log into a Web site maintained by the defendants.

“Defendants touted RemoteSpy as a “100% undetectable” way to “Spy on Anyone. From Anywhere.” According to the FTC complaint, the defendants violated the FTC Act by engaging in the unfair advertising and selling of software that could be: (1) deployed remotely by someone other than the owner or authorized user of a computer; (2) installed without the knowledge and consent of the owner or authorized user; and (3) used to surreptitiously collect and disclose personal information. The FTC complaint also alleges that the defendants unfairly collected and stored the personal information gathered by their spyware on their own servers and disclosed it to their clients. The complaint further alleges that the defendants provided their clients with the means and instrumentalities to unfairly deploy and install keylogger spyware and to deceive consumer victims into downloading the spyware.”

At InsideIDTheft.info, we’ll monitor the progress in this case and also watch to see if the FTC brings further similar actions against other companies offereing keystroke logger software.  In the meantime, congratulations to EPIC and the FTC for moving against CyberSpy Software, LLC.