top | item 44501690

(no title)

From sqlmap

> Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program"

I don't know the legal footing these spyware apps stand on, but this blog post seems like exhibit A if Catwatchful ever decided to sue the author, or press criminal charges. Hacking, even for reasons that seem morally justified, is still illegal.

discuss

rendall|7 months ago

That would be an amusing exercise in self-incrimination & discovery pain for Catwatchful. They would also have to quantify business losses, which requires admitting the value of an illicit enterprise. But YOLO am I right? LFG!

nelgaard|7 months ago

As someone noted, there is the issue of jurisdiction.

But Daigle probably did consider being liable and what would be morally justified.

It must have been tempting to try to use the Catwatchful app to notify the victims that they are being stalked. E.g., by getting phone numbers or social media handles and then SMS/DM the victims (if the app reveals the victims handles in the recorded conversations)

Or getting the IMEI numbers and handing them over to network operators or local authorities who could do the notification.

It would probably help many victims, but it could go wrong in some cases.

SLWW|7 months ago

Considering that it the db isn't public and the disclosures are listed at the bottom, before the publication, this is mostly white hat and helps the company they target. More and more businesses are accepting the help when they are given it, such as their response to put a WAF in place. I do agree you shouldn't use your Christian name in these sorts of situations since priors have not been established with the targetted company; however Catwatchful has no impetuous to pursue meaningless charges for a stalker app as there are most likely no damages unless the service providers actually respond, which they most likely won't. Nothing ever happens to these people and do you think datacenters/hosts/providers really care about anything other than DMCA complaints? (report illicit/illegal content to a host provider that isn't copyright protected and wait.. you will be waiting long after your teeth have fallen out)

Do you really think that the users of a stalker app care if the app got "hacked" once or twice? Do you also think that the app makers themselves really want to remind the legal world that this stuff is legal when i bet you >50% of their users probably installed it on devices that aren't theirs? IDK, personally I would avoid the law at all costs if I released something this shady.

SahAssar|7 months ago

> Considering that it the db isn't public and the disclosures are listed at the bottom, before the publication, this is mostly white hat and helps the company they target

The never disclosed to the target company (not that I think they should have), this is definitely not white hat. This is essentially the grey-hat version of vigilantism.

They disclosed it to a journalist and now on their blog.

thunderfork|7 months ago

[deleted]

VWWHFSfQ|7 months ago

Yeah this whole exercise was completely illegal and I'm surprised this person publicly (and proudly) blogged about it like this.

They probably need to engage an attorney now.

rendall|7 months ago

Your theory is that Daigle is at risk of a Canadian prosecutor hauling him into court based on the criminal complaint of a Uruguayan purveyor of stalkerware? That's novel.

mtlynch|7 months ago

The server they compromised is essentially a command and control server for an illegal botnet.

Are there documented cases of botnet owners trying to sue or get law enforcement to prosecute someone for infiltrating their botnet?

I'd be more concerned about extralegal retaliation from people in the malware ecosystem.

pbhjpbhj|7 months ago

I'm interested people are talking about suing, unauthorised access of a computer system is usually illegal, you don't need to rely on tort. States like to be in control of who is allowed to access computer systems; a key component of projection of power.

SoftTalker|7 months ago

Author is in Canada, not sure if/how that changes things.

lawlessone|7 months ago

Class action lawsuit from a group of stalkers?

deadbabe|7 months ago

About half of hacking articles are just fake things people claim to have done but didn’t actually happen and no one checks on it, and conveniently by the time they publish the exploit was “fixed”. So you can’t verify for yourself anyway.

Without hard proof that the author did what they said they did, you have no real case. This particular story already sounds far fetched but makes good fantasy.

munchler|7 months ago

FWIW, this story has been verified by a reporter at TechCrunch, who says he used the dumped database to identify the spyware admin in Uruguay.

https://techcrunch.com/2025/07/02/data-breach-reveals-catwat...