John* tapped out a simple text message to his wife in January 2016. "I love you," it read.But this wasn't the only message she saw. Unbeknownst to John, his wife had bugged his smart phone. She was spying on John, eavesdropping on all of his texts and multimedia messages, and tracking his every move through the device's GPS.
The breaches highlight how consumer surveillance technology, which shares some of the same capabilities and sometimes even the same code as spy software used by governments, has established itself with the everyday consumer. And it would appear no small number of people are willing to use this technology on their partners, spouses, or children.Read more: I Tracked Myself With $170 Smartphone Spyware that Anyone Can Buy
"I used the service to confirm that my ex gf [girlfriend] was cheating on me. It allowed me to get a remote audio recording of her…in the act."
A summary of the types of data the two hackers stole from FlexiSpy and Retina-X.
This business of spying on spouses is part of the reason the two hackers decided to target FlexiSpy and Retina-X. But the tens of thousands of accounts the pair provided to Motherboard only represent a slice of the consumer spyware market. A slew of other, similar companies exist, offering malware to anyone for a relatively cheap price. One of the largest, called mSpy, allegedly has around two million users. (Hackers reportedly targeted mSpy back in 2015.)"Unfortunately most domestic violence victims never know which surreptitious 'stalkerware' product is being used by their abuser to monitor their every move," Cindy Southworth, executive vice president of the National Network to End Domestic Violence, told Motherboard in an email.In the United States, intercepting someone's private communications is generally illegal, and a potential wiretapping crime unless the person doing it is a parent keeping tabs on their child, or an employer monitoring their employee's company-issued device. Installing spyware on someone's smartphone without consent can, and has led to prison—unless it's done by a law enforcement agent with a warrant."If I was going somewhere and I wasn't where I said I was going to be, he would text me: 'I see you.'"
The hacker behind the FlexiSpy breach went by the handle Leopard Boy, a reference to the 1995 cult film Hackers. Leopard Boy said that what FlexiSpy allows people to do is "fucking seedy and skin-crawlingly revolting.""I think they're a bunch of unethical assholes who prey on insecure people in order to line their own pockets," the hacker said. The goal of hacking FlexiSpy, Leopard Boy said, was to send a warning to this sort of industry as a whole."I think they're a bunch of unethical assholes who prey on insecure people in order to line their own pockets."
An error message displayed on PhoneSheriff's login portal after the hacker allegedly wiped the company's servers, removing all data from them, and causing a days-long outage.
Motherboard attempted to contact FlexiSpy's founder Atir Raihan. When reached by phone, a person on the other end identified as Raihan, but then claimed they were someone else when asked about FlexiSpy. No one replied to emails sent to FlexiSpy's press address. Apparent customers have noticed the disruption, however, and in reply to one comment on FlexiSpy's Facebook group, the company wrote on Tuesday, "FlexiSPY is currently experiencing a temporary technical issue, which means that you will not be able to login to access your portal. We expect this issue to be resolved within 48 hours."Retina-X did not immediately respond to a request for comment.These data breaches may not stop people from spying on their children or partners. But perhaps it will shine a light on just how common, and powerful, consumer spyware has become. Even in small-town southwestern United States.John's wife monitored his phone communications for around three months, according to the hacked data. And the SMS logs of their text messages play out in a way that suggests John didn't know his spouse was spying on him. To that I love you text he'd sent her in early 2016, his wife sent a reassuring response."I love you too," it read.*Some names have been changed to protect the person's privacy.If you are concerned that consumer spyware may have been installed on your phone, here is some basic advice on what to do next."Goodbye, Flexispy. Hello, Flexidie."

