Over a year ago there was a lot of concern about this piece of malware that had not only a flashy, user-friendly interface, but also the ability to monitor audio and video on Android devices. Even worse, it was able to slip past the automated checking used by Google at the time. Technically, it was really a software toolkit to make it easier to package malware APKs and then do malicious things with them.
At long last, Morgan Culbertson was arrested last month after being charged with creating the software. Tuesday, Culbertson pleaded guilty in federal court, telling the judge "I committed the crime" when asked why he was entering the plea. He also apologized for those whose privacy may have been compromised due to his efforts.
Some online sleuthing has revealed that Culbertson was an intern at one of the USA's top security firms when he wrote the program, leading some to question whether he used their resources and know-how. Likewise, he was a student at Carnegie Mellon University, home to some of the strongest computer science and software engineering programs in the world. For their part, the security firm says he will never be considered for employment there. CMU was unable to figure out if committing felonies is against school policy when asked by local newspapers, so maybe he'll get to go back there one day.
The plea may have come in the hope for securing a gentler sentence. He could face a maximum of 10 years in prison and a $250,000 fine, but it is unlikely he feels the full force of the law. Culbertson is now 20 years old and told the District Court judge that he wanted to use his talents for good, not evil, from now on. It is not unusual for the punishment associated with crimes like these to involve bans from internet and computer use.
Culbertson will have to wait until December to learn his fate.
- Pittsburgh Post-Gazette
- Ars Technica