The spy who loved me: NASA, spyware, and online romance

It used to be the case that single men and women met down the pub, at pottery classes, or at the funfair just behind the dodgems. But today, with more and more people working longer hours, many – if not finding love in the workplace – are turning to internet dating websites for romance.

Such was the case with one young woman who was contacted in November 2006 by a prospective suitor via the dating website. The woman – who happened to work for the National Aeronautical and Space Administration (NASA) – was courted for some weeks by the gentleman, who claimed to be from Texas.

On November 21 2006, the man sent an email to the woman’s work address, claiming to contain his photograph. So far, so normal. An internet romance appears to be blossoming. Cupid’s bow and arrow are about to be sprung into action. Huzzah! But in this case, the email attachment was designed to spy on the recipient’s computer and the sender was not a Texan lothario but a 22-year-old cybercriminal from Nigeria.

Sign up to our free newsletter.
Security news, advice, and tips.

It took just over two weeks for NASA’s IT security team to determine that the woman’s computer had been secretly infiltrated by a commercial piece of spyware, which had successfully accessed her email, passwords, social security number, driving license information, home address and taken over 25,000 screenshots of whatever had been displayed on her screen.

Lagos State High Court in Nigeria found Akeem Adejumo guilty last week and sentenced to 18 months in prison for two counts of obtaining goods by false pretenses and forgery. The court heard that Adejumo, who also went by the name “Stephen Williams”, attempted to scam hundreds of different women, and had success with several, besides the NASA employee.

The good news is that the damage done to NASA appears to have been limited, but their female employee did have confidential personal information stolen from her computer.

“Fortunately, the victim did not have access to sensitive information,” a NASA official told the press. “Some of her work product was taken, [but] it was mostly her personal information.”

What this case really underlines is the important role all employees play in securing your business. If your users are not properly protected, and if you don’t police what they do on their computer and on the web, then criminals may find it all too easy to sneak through your corporate defences.

NASA and the international computer crime authorities did well to track down Adejumo and bring him to justice. One wonders, however, how many other lonely hearts are scouring the web for love and potentially putting business data at risk.

More information about the case can be found on the DOJ’s website and on the SophosLabs blog.

Picture credit: NASA

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.