bwah
parent
67f6ab103d
commit
0893342d9b
|
|
@ -18,6 +18,8 @@ content_warnings:
|
||||||
- mentions of abuse/controlling behaviour
|
- mentions of abuse/controlling behaviour
|
||||||
---
|
---
|
||||||
|
|
||||||
|
*update: the data this reporting is based on is now available [via DDoSecrets](https://ddosecrets.com/wiki/MSpy) for secondary reporting, journalists interested in quotes or reproducing my research can [reach out to me](/contact)*
|
||||||
|
|
||||||
most stalkerware reporting focuses on private use by abusers, stalkers or parents, and it makes sense—besides monitoring employees, those tend to be the main people stalkerware companies advertise to, and the ever-increasing normalization of surveillance is an important social issue to shed a light on. but it's always been clear, at least in theory, that this hyperavailability of relatively cheap commercial spyware also enables completely different use-cases, be it [as part of fraud schemes](/posts/wyndham-defrauded/) or even by governments. during [every stalkerware leak i've analyzed so far](/posts/tagged/fuckstalkerware/), i've always been on the lookout for the latter, and in a lot of my articles i report on government employees i've found in the databases, but so far it has always been for either private or unclear use. thanks to an anonymous source who provided me with a complete dump of the mSpy helpdesk a week ago, however, this all changes today.
|
most stalkerware reporting focuses on private use by abusers, stalkers or parents, and it makes sense—besides monitoring employees, those tend to be the main people stalkerware companies advertise to, and the ever-increasing normalization of surveillance is an important social issue to shed a light on. but it's always been clear, at least in theory, that this hyperavailability of relatively cheap commercial spyware also enables completely different use-cases, be it [as part of fraud schemes](/posts/wyndham-defrauded/) or even by governments. during [every stalkerware leak i've analyzed so far](/posts/tagged/fuckstalkerware/), i've always been on the lookout for the latter, and in a lot of my articles i report on government employees i've found in the databases, but so far it has always been for either private or unclear use. thanks to an anonymous source who provided me with a complete dump of the mSpy helpdesk a week ago, however, this all changes today.
|
||||||
|
|
||||||
the dump is massive at over 150GB of plaintext files, made up of over 5 million tickets (with over 30 million total update events) created by 2.5 million users. i spent most of my first day after receiving the data just to set up a local database to make querying it easier. the helpdesk appears to be shared between all products operated by [Brainstack\_](https://www.brainstack.team/), the ukrainian company behind mSpy, which is by far their biggest venture and one of the biggest stalkerware providers in general; their other services include at least two other stalkerware brands which market to slightly different audiences—at least one of them focuses entirely on infidelity and spying on partners—as well as some of the largest {% footnoteref "phone-loc-scam", "all of these services are essentially scams; they trick you into an expensive monthly subscription and work by sending a text message with an ip grabber link to the target device" %}phone number localization services{% endfootnoteref %}, including scannero.io and localize.mobi, and a weight loss app called lasta.
|
the dump is massive at over 150GB of plaintext files, made up of over 5 million tickets (with over 30 million total update events) created by 2.5 million users. i spent most of my first day after receiving the data just to set up a local database to make querying it easier. the helpdesk appears to be shared between all products operated by [Brainstack\_](https://www.brainstack.team/), the ukrainian company behind mSpy, which is by far their biggest venture and one of the biggest stalkerware providers in general; their other services include at least two other stalkerware brands which market to slightly different audiences—at least one of them focuses entirely on infidelity and spying on partners—as well as some of the largest {% footnoteref "phone-loc-scam", "all of these services are essentially scams; they trick you into an expensive monthly subscription and work by sending a text message with an ip grabber link to the target device" %}phone number localization services{% endfootnoteref %}, including scannero.io and localize.mobi, and a weight loss app called lasta.
|
||||||
|
|
@ -32,6 +34,4 @@ while that's already a pretty wild lineup, that still only covers the private us
|
||||||
|
|
||||||
of course government agencies arent the only ones interested in software that collects a shitton of data off personal devices—after all, that's what the entirety of the modern advertising industry is built upon. this is evidenced by emails to mSpy sent by [Shafiq Rajani](https://www.linkedin.com/in/shafiqrajani/), vice president of [Mintel](https://en.wikipedia.org/wiki/Mintel), one of the largest market research companies in the world. Rajani attempted to buy data from mSpy to analyze the ads being shown by facebook and snapchat on devices with mSpy installed. a similar request was also made by [placer.ai](https://placer.ai), a location-based market research company, who instead wanted to buy all of mSpy's device location data to then sell this data primarily to retailers such as target and walmart. in a third instance, german company [umlaut](https://de.wikipedia.org/wiki/Umlaut_(Unternehmen)) (now owned by [accenture](https://en.wikipedia.org/wiki/Accenture)) tried to buy network coverage information from mSpy to provide analytics services to telecommunications providers. once again, i could not find any indication that mSpy actually sold any data to any of these companies; however, some of them claimed to already be working with companies similar to mSpy. this raises a lot of legal and privacy concerns, especially considering a significant portion of the data these companies were interested in buying would have been collected without consent or from devices owned by minors.
|
of course government agencies arent the only ones interested in software that collects a shitton of data off personal devices—after all, that's what the entirety of the modern advertising industry is built upon. this is evidenced by emails to mSpy sent by [Shafiq Rajani](https://www.linkedin.com/in/shafiqrajani/), vice president of [Mintel](https://en.wikipedia.org/wiki/Mintel), one of the largest market research companies in the world. Rajani attempted to buy data from mSpy to analyze the ads being shown by facebook and snapchat on devices with mSpy installed. a similar request was also made by [placer.ai](https://placer.ai), a location-based market research company, who instead wanted to buy all of mSpy's device location data to then sell this data primarily to retailers such as target and walmart. in a third instance, german company [umlaut](https://de.wikipedia.org/wiki/Umlaut_(Unternehmen)) (now owned by [accenture](https://en.wikipedia.org/wiki/Accenture)) tried to buy network coverage information from mSpy to provide analytics services to telecommunications providers. once again, i could not find any indication that mSpy actually sold any data to any of these companies; however, some of them claimed to already be working with companies similar to mSpy. this raises a lot of legal and privacy concerns, especially considering a significant portion of the data these companies were interested in buying would have been collected without consent or from devices owned by minors.
|
||||||
|
|
||||||
*if you have any data, insider info, vulnerabilities or any other tips related to stalkerware (or in general) you can securely [reach out to me](/contact), the same goes for any journalists wanting to do secondary reporting on this data.*
|
*if you have any data, insider info, vulnerabilities or any other tips related to stalkerware (or in general) you can securely [reach out to me](/contact), the same goes for any journalists wanting to do secondary reporting on this data.*
|
||||||
|
|
||||||
*update: the data this reporting is based on is now available [via DDoSecrets](https://ddosecrets.com/wiki/MSpy) for secondary reporting, journalists interested in reproducing my research or comments from me can [reach out to me](/contact)*
|
|
||||||
Loading…
Reference in New Issue