Hello folks,
We have an update from a case we talked about on TSB and blogged at the time called PC Tattletale. A gentleman, who is mentioned in the article was sentenced recently, but the sentencing really in my opinion and those who have read the article, doesn’t fit the crime.
First, let’s go back to Let’s check in with the Spyware industry, one more shut down which was written in 2024.
In that article blog post, I mentioned that we’ve talked about this and other Spyware tools, including those who may have turned from spyware to stalkerware.
Let’s define stalkerware.
“Stalkerware is software that allows someone to secretly spy on another person’s phone or computer without their knowledge. It can track location, read messages, record calls, monitor online activity, and even activate the microphone or camera—all while remaining hidden from the user. Although often marketed as ‘monitoring’ or ‘safety’ tools, stalkerware is widely associated with invasive surveillance and abuse, particularly when used to track partners or other individuals without consent.
Traditionally, spyware has been associated with broader monitoring, such as corporate tracking or malicious data collection, while stalkerware is typically used for targeted, personal surveillance—often without the victim’s knowledge or consent.
This type of software is often presented as legitimate in certain contexts, such as parental controls or employee monitoring, but the issue arises when it is used for covert surveillance without the knowledge or consent of the person being monitored. When you knowingly collect this kind of data, even if it is intended for the user of the software, it becomes a serious problem—especially when that data is not properly secured. Two different makers were mentioned within that 2024 piece if I remember correctly, and now, we learn the fate of the first prosecution of such a case since 2014.
A federal judge has sentenced the maker of stalkerware pcTattleTale, which went out of business after a data breach, to supervised release and a $5,000 fine.
Bryan Fleming pleaded guilty in January to a charge of intentionally manufacturing, possessing or selling a device with the knowledge that it would be primarily used for surreptitious interception of communications. On Friday, a judge handed down Fleming’s sentence.
It was the first stalkerware conviction since 2014, when the maker of StealthGenie, pled guilty and also didn’t serve prison time, instead receiving a $500,000 fine from the court.
According to Fleming’s plea agreement, his incriminating activity began as early as 2017, as the owner of Fleming Technologies LLC.
While pleading guilty was probably the right move, the fact that Bryan did not serve any jail time concerns me. He knowingly collected this data as well as everyone using the app, yet he was careless with it. Absolutely careless.
The article continues:
“Defendant’s software enabled buyers to covertly and remotely monitor a victim’s cellular telephone and computer activities, including, texts, emails, phone calls, geo-location, and web browsing,” the agreement states. “Defendant began directly advertising his spying software to persons wanting to spy on spouses or partners without their knowledge.”
Of course! This is exactly what they want you to believe. But this is not all.
It continued: “Defendant’s spying software covertly created a video every time a victim’s device was used, which captured any and all activity occurring on the device. The person monitoring the device could log into a remote dashboard and monitor the activity on the victim’s device.”
This paragraph is the whole goal of these types of software. Its job is to capture data and send it back to the person who got it installed in the first place!
Here’s the key paragraph.
pcTattletale went out of business in 2024 after suffering a data breach. Researchers have found that stalkerware apps often fail to protect personal information collected during their use.
They didn’t get shut down because the law finally caught up, they got shut down because of the disregard of keeping what they were collecting private or even secure for that matter.
Of course,
An attorney for Fleming didn’t immediately respond to a request for comment Monday morning.
Is that actually surprising?
Nicholas Jackson, contributor to The Security Box and occasional contributor to Throwback Saturday Night said to an Imessage group:
That sentence is an insult, and an absolute joke.
I can’t agree more.
The law, which has never really caught up with anything cybercrime related, will never catch up. When talking to Mr. Jackson by phone, we agree that more spyware makers will see this and know that nothing bad will happen.
Until that changes, I don’t see this ever changing.
The article is titled pcTattleTale stalkerware maker sentence includes fine, supervised release if you wish to read it.
If this is the consequence for years of surveillance and a massive data breach, it raises serious questions about whether current laws are enough to
deter the next company from doing the same thing.
I thought this should be good to blog, and I’m sure people will want to react to this. Let the comments begin.
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.
Shaun,
I’m not in disagreement with you here. But we’re talking about two different things here. You’re talking about those who use it for legitimate purposes, but the guy who got the sentence was collecting this data, and then himself got breached and all that data was out on the market. He shut down before the law or anyone can find outt what’s going on.
This is completely different than how employers and others may choose to use such software. They are, as far as we know, careful as they can with that type of data.
I’m also not saying that its 100 percent perfect, not at all. But we do see that this maker, and others, have closed their doors because of their activity.
Search the blog for spyware and you’ll be reminded of the various posts I’ve blogged on this blog throughout the years.
Great comment though, thanks for sharing!
I do wander though if you are a legit agency say a government spy agency wouldn’t you also be using this tactic.
Now our kids can get into strife and you moniter them obviously for safety.
In employment you are monitered and this is known, in fact you are encouraged not to run your personal lives on your company systems and many have gotten into trouble for this.
When bad actors come into place, it may undermine legit uses which we don’t want.
Anything can be used for evil, so we need to find the line.
That was hard when this started but with, the current situation in the us and everyone knows what that is so I don’t need to spell it out its just becoming more complex.
In fact an article I read yesterday states that due to the unpredictability of the top dog, that multiple spy agencies are if not stalling friendship openly are not sharing information because of the guy being all over the place in general and unsure if trusting that is a good idea.
What we don’t want to see here is a bann on something for x purpose.
Ie adult games on itch.io because they could be played by children.
Yes you can warn but they get through.
Banning the software isn’t going to hurt the children, or the guys that are bad, they will get it reguardless.
However it will effect those that legitimitely use the software and not the targeted people that don’t.