The federal government is banning, fining and charging alleged cybercriminals and their enablers in aggressive new action from the Federal Trade Commission and Securities and Exchange Commission.
The alleged offenders include hackers who surveilled Americans’ phones, investment firms accused of exposing customers’ data, and a cryptocurrency lending platform engaged in an alleged multibillion-dollar fraud scheme.
The FTC on Wednesday banned the surveillance software maker SpyFone and its CEO from the surveillance industry and ordered the app to delete any information it illegally collected from users.
The FTC alleged that SpyFone sold “stalkerware apps” allowing purchasers to surreptitiously monitor text messages, web histories, physical locations, photos and other personal information on users’ phones.
“SpyFone is a brazen brand name for a surveillance business that helped stalkers steal private information,” said Samuel Levine, FTC bureau of consumer protection acting chief, in a statement. “The stalkerware was hidden from device owners, but was fully exposed to hackers who exploited the company’s slipshod security. This case is an important reminder that surveillance-based businesses pose a significant threat to our safety and security.”
Mr. Levine said the FTC intends to be aggressive in seeking surveillance bans on companies and executives that invade people’s privacy.
The SEC similarly took action on Wednesday against those allegedly exposing people’s personal information to hackers. The SEC fined eight firms, including broker dealers and investment advisers, over alleged cybersecurity failures that the SEC said allowed hackers to take over email accounts and exposed thousands of customers at each firm.
“It is not enough to write a policy requiring enhanced security measures if those requirements are not implemented or are only partially implemented, especially in the face of known attacks,” said Kristina Littman, SEC enforcement division’s cyber unit chief, in a statement.
The sanctioned firms included five groups organized as the Cetera Entities, Cambridge Investment Research and Cambridge Investment Research Advisors, and KMS Financial Services. None of the sanctioned groups admitted or denied the SEC’s allegations in agreeing to pay the imposed fines.
The Cetera Entities will pay $300,000, Cambridge will pay $250,000, and KMS will pay $200,000, according to the SEC.
The SEC also targeted a cryptocurrency lending platform allegedly involved in a multibillion-dollar fraud scheme on Wednesday. The SEC filed a complaint in the U.S. District Court for the Southern District of New York alleging that BitConnect defrauded retail investors out of $2 billion.
According to the SEC, instead of using a software trading bot to generate high returns for traders, BitConnect and its founder Satish Kumbhani siphoned off its investors’ funds and transferred them to digital wallets that they controlled.
BitConnect is now defunct, according to Cointelegraph. Glenn Arcaro, a promoter of BitConnect, pleaded guilty to his role in the alleged conspiracy and acknowledged using social media to mislead investors, according to the Justice Department.
While the federal actions signal that government regulators are getting more aggressive, some government officials want the government to do much more. For example, while the FTC voted unanimously to take action against SpyFone, FTC Commissioner Rohit Chopra wrote that he wanted others to pursue alleged violations of criminal laws.
“While this action was worthwhile, I am concerned that the FTC will be unable to meaningfully crack down on the underworld of stalking apps using our civil enforcement authorities,” Mr. Chopra said in a statement. “I hope that federal and state enforcers examine the applicability of criminal laws, including the Computer Fraud and Abuse Act, the Wiretap Act, and other criminal laws, to combat illegal surveillance, including the use of stalkerware.”
SpyFone now does business as Support King LLC, according to FTC. Support King did not immediately respond to request for comment.