Student arrested for creating keylogger, and selling it to over 3,000 people infecting 16,000 systems
Zachary Shames, 21, a student hacker from Great Walls, Virginia, pleaded writing and selling custom spyware designed to monitor a victim’s keystrokes. He wrote a keylogger that recorded every single keystroke on a computer, and sold it to more than 3,000 people who infected more than 16,000 victims with it.
These details were revealed in a press release from the U.S. Department of Justice. Now, Shames has pleaded guilty to the charges of aiding and abetting computer intrusions. He will be sentenced on June 16 with a maximum penalty of 10 years, which is the maximum statutory sentence approved by Congress.
Currently, Shames is a student at James Madison University. He developed the first version of the spyware in 2013, when he was just a high school student in North Virginia. He then continued to improve and market the spyware from his “college dorm room”.
Shames’ LinkedIn profile states that he was also a “College Technical Intern” for Northrop Grumman Corporation in McLean from May 2015 – August 2016 where he says he worked on the FirstNet team and was responsible for coding front-end websites, back-end servers and managing a database there.
While the information regarding the actual malware referred to as “malicious keylogger software” provided by the feds is unclear, the malware appears to be actually called “Limitless Keylogger Pro,” according to Motherboard. Further, someone using the username Mephobia was marketing this software on Hack Forums since 14th March 2013. The seller asked for a $35-lifetime subscription and payment was requested via PayPal and bitcoins.