A look inside the shady world of Flexispy, makers of "stalkerware" for jealous spouses

Motherboard's Joseph Cox continues his excellent reporting on Flexispy, a company that make "stalkerware" marketed to jealous spouses through a network of shady affiliates who feature dudes beating up their "cheating girlfriends" after catching them by sneaking spyware onto their devices.

The overwhelming majority of women who've survived domestic abuse say that their spouses used a tool like Flexispy against them.

Flexispy was targeted by a vigilante hacker who wiped its servers and gave a copy of its database and business records to Motherboard.

Cox reports that Flexispy's founder and proprietor is Atir Raihan, an erratic, flashy Pakistani-born man with a British passport.

Raihan started out as a mobile app developer and struck gold when he hit on the strategy of making spyware for jealous spouses that could hijack their victims' phones' cameras, mics, keystrokes, and files. The first version was called Spyphone and ran on the Symbian platform for $50. Today, Flexispy reportedly grosses more than $400,000/month.

Cox, working with Flexispy's records and informants from the company, documents how the firm also works in the "lawful interception" industry, which sells similar tools to police forces. He also documents the network of national affiliates in countries all over the world who market Flexispy through deceptive sales techniques.

Raihan launders his earnings through the world's tax-havens, and did business with Mossack-Fonseca, the disgraced law-firm whose records were dumped one year ago this month in the Panama Papers scandal.

According to internal files, FlexiSpy has a sister company called Raysoft that deals with "lawful intercept sales," a common euphemism for government hacking. The company was incorporated in the Virgin Islands only a few years after FlexiSpy was created, in 2008. Several financial spreadsheets mark regular $45,000 deposits linked to the company throughout 2013 and 2014.

According to a 2011 document, FlexiSpy may have provided British-German company surveillance Gamma, known for its FinFisher spyware, with a piece of software called 'Cyclops', as part of Gamma's 'FinSpy' product. The software would have been related to Windows, Symbian, and BlackBerry platforms. The document also indicates that staff from the two companies may have physically worked on the same projects.

"The installation is officially executed by Gamma with specialists from FlexiSPY embedded into the installation team," the document reads, and adds that if Gamma was unable to solve a customer support question effectively, Gamma would contact FlexiSpy for assistance.

Meet FlexiSpy, The Company Getting Rich Selling 'Stalkerware' to Jealous Lovers [Joseph Cox/Motherboard]

Notable Replies

  1. Really? This seems like an enormous claim to make, and one that would be ridiculously difficult to verify. I followed the links in your posts but didn't see it in any of the linked articles. I'm curious where it came from.

  2. Yet another reason not to let cops/LEOs of any stripe get access to your devices. You don't know what they're copying from them or installing on them. There are enough stories of cops and government employees abusing the access they have to get information on people they want to target to be justifiably cautious.

  3. Money! Putting a number on human depravity since [historians, help me out here...]

  4. edit to add this quote for those in a hurry:

    NPR surveyed more than 70 shelters — not just in big coastal cities like New York and San Francisco, but also in smaller towns in the Midwest and the South.

    We found a trend: 85 percent of the shelters we surveyed say they're working directly with victims whose abusers tracked them using GPS. Seventy-five percent say they're working with victims whose abusers eavesdropped on their conversation remotely — using hidden mobile apps. And nearly half the shelters we surveyed have a policy against using Facebook on premises, because they are concerned a stalker can pinpoint location.

  5. Thanks! I don't think the correlation between the original claim and this data about shelters really connects (if 99% of doctors have worked with patients that committed insurance fraud, does that mean that 99% of patients commit insurance fraud?) but it's still a good thing to look out for.

Continue the discussion bbs.boingboing.net

8 more replies