Connect with us


Support King, banned by FTC, linked to new stalkerware operation



A year after it was banned by the Federal Trade Commission, a notorious phone surveillance company is back in all but name, a TechCrunch investigation has found.

A groundbreaking FTC order in 2021 banned the stalkerware app SpyFone, its parent company Support King, and its chief executive Scott Zuckerman from the surveillance industry. The order, unanimously approved by the regulator’s five sitting commissioners, also demanded that Support King delete the phone data it illegally collected and notify victims that its app was secretly installed on their device.

Stalkerware, or spouseware, are apps that are surreptitiously planted by someone with physical access to a person’s phone, often under the guise of family tracking or child monitoring, except that these apps are designed to stay hidden from home screens, all the while silently uploading the contents of a person’s phone, including their text messages, photos, browsing history, and granular location data.

But many stalkerware apps — like KidsGuard, TheTruthSpy and Xnspy — have security flaws that put thousands of people’s personal phone data at risk of further compromise.

That also includes SpyFone, whose unsecured cloud storage server spilled the personal data stolen from more than 2,000 victims’ phones, prompting the FTC to investigate and subsequently ban Support King and its CEO Zuckerman from offering, distributing, promoting, or otherwise assisting in the sale of surveillance apps.

Since then, TechCrunch has received further tranches of data, including from the internal servers of a stalkerware app called SpyTrac, which is run by developers with ties to Support King.

Meet Aztec Labs

With more than 1.3 million compromised devices, SpyTrac is one of the biggest known active Android stalkerware operations, surpassing the number of victims ensnared by TheTruthSpy more than threefold. Despite its vast international reach, U.S. visitors to SpyTrac’s website are blocked with an abrupt message stating that “your country is not supported.”

But SpyTrac is like any other stalkerware app, including its ability to stay hidden on a victim’s device. SpyTrac’s website also makes no mention of the individuals running the operation, likely to shield the developers from legal and reputational risks associated with running a stalkerware operation.

According to the data and other public records seen by TechCrunch, SpyTrac is managed by developers who work for both Support King and an outfit of developers called Aztec Labs, which builds and maintains the SpyTrac stalkerware operation. Aztec Labs also maintains a near-identical Spanish-language stalkerware app called Espía Móvil (which translates to “spy mobile”), and another clone stalkerware app called StealthX Pro, the data shows.

Some of the data found on SpyTrac’s server directly connects SpyTrac to Support King.

One of the server files contained a set of Amazon Web Services private keys that allow access to cloud storage associated with Support King and GovAssist, a website that claims to help immigrants obtain U.S. visas and permanent residency permits. The keys also allow access to cloud storage for OneClickMonitor, a clone stalkerware app that Support King shut down at the same time as SpyFone.

Both Support King and GovAssist are headed by chief executive Scott Zuckerman.

When reached by email, Zuckerman told TechCrunch: “We are investigating your claims that SpyTrac internal data was storing AWS keys that may be connected to S3 buckets relating to Support King, GovAssist, and OneClickMonitor. We take this very seriously and will comply with all provisions of the FTC Order.”

A redacted screenshot from a SpyTrac video, which references SpyFone, a Support King surveillance app banned by the FTC a year earlier. Image Credits: TechCrunch (screenshot)

Access logs seen by TechCrunch show at least two Aztec Labs developers logging in to SpyTrac’s servers using different sets of credentials, but each from the same IP addresses. Both of the developers logged in from IP addresses registered to a Bosnian residential broadband provider using credentials associated with Aztec Labs, SpyTrac, and Support King email addresses.

One of the developers is Aztec Labs’ technical lead, whose LinkedIn says he is based in Sarajevo. His other public freelance portfolios list his work as a program manager at Support King, a role that he describes as “managing the entire IT team.”

According to LinkedIn profiles and other work portfolios, the technical lead and other SpyTrac developers also work on Zuckerman’s latest venture, GovAssist.

The access logs also show a third developer logging in to SpyTrac’s servers, also from their home IP address in Sarajevo, using different sets of credentials associated with Support King, Aztec Labs, and GovAssist email addresses.

In response, Zuckerman told TechCrunch: “Neither I, nor any of my businesses, are affiliated with Aztec Labs, SpyTrac, or [the technical lead, who] worked as an independent contractor for Support King between June 2019 and October 2021. Nor do we have access to SpyTrac’s servers.”

The SpyFone connection

SpyFone, the stalkerware app banned by the FTC in September 2021, no longer operates.

The internal SpyTrac data we have seen shows that SpyFone issued its last customer license just days before it was banned by the FTC. SpyFone’s domain name was sold to another phone surveillance maker, SpyPhone. Customers trying to log in to SpyFone’s web dashboard, used for accessing a victim’s stolen data, were redirected to SpyPhone’s website instead.

The FTC’s 2021 order also demanded that Support King delete the data it had illegally collected from SpyFone. But the internal SpyTrac data seen by TechCrunch still contains thousands of records associated with SpyFone licenses assigned to the email addresses of buying customers.

Every SpyFone license was sold by a reseller with a Support King email address, the data showed.

SpyTrac also came to the attention of security researchers Vangelis Stykas and Felipe Solferini, whose months-long research identified common and easy-to-find security flaws in several stalkerware families, including SpyTrac. Their findings, which they presented at BSides London this month, involved decompiling the apps and mapping out their server infrastructure using public internet data. Their evidence links SpyTrac to Support King.

Zuckerman said in response: “Support King deleted all data in its servers connected with SpyFone and OneClickMonitor customers pursuant to the FTC Order.”

A short time after TechCrunch contacted Zuckerman for comment, SpyTrac’s website went offline with a message saying the “product is temporarily not available.” The websites for SpyTrac’s clone stalkerware apps, StealthX Pro and its Spanish-language clone Espía Móvil, also went offline. Aztec Labs’ website also stopped loading.

A screenshot of the FTC notice on Support King's website.

A screenshot of the FTC notice on Support King’s website. Image Credits: TechCrunch (screenshot)

Stalkerware is a difficult problem to combat. These operations are clandestine by design, making it difficult for regulators to investigate or know under whose jurisdiction they fall.

In 2020, the FTC took its first ever action against a stalkerware operator, Retina-X, which was hacked several times and later shut down. The FTC’s second action was against Support King a year later.

Companies that violate FTC orders can face considerable civil penalties. Earlier this year, Twitter was ordered to pay $150 million for violating an FTC order from 2011.

Instead, much of the effort against stalkerware and other commercial surveillance has been taken up by the tech industry, including device makers Apple and Google, which have banned stalkerware apps. In 2020, Google also banned ads in its search results that promote stalkerware. Anti-malware providers who are members of the Coalition Against Stalkerware, which launched in 2019 to support victims and survivors of stalkerware, collectively share signatures of known stalkerware apps and networks to block them from working on their customers’ phones.

A former FTC attorney, who reviewed our findings ahead of publication, told TechCrunch that the evidence points to a likely breach of the FTC’s ban. As to whether Support King broke its agreement with the FTC will ultimately be for the agency to decide.

When reached, a spokesperson for the FTC declined to comment.

If you or someone you know needs help, the National Domestic Violence Hotline (1-800-799-7233) provides 24/7 free, confidential support to victims of domestic abuse and violence. If you are in an emergency situation, call 911. The Coalition Against Stalkerware also has resources if you think your phone has been compromised by spyware. You can contact this reporter on Signal and WhatsApp at +1 646-755-8849 or by email.

Read more:


Tesla more than tripled its Austin gigafactory workforce in 2022



Tesla’s 2,500-acre manufacturing hub in Austin, Texas tripled its workforce last year, according to the company’s annual compliance report filed with county officials. Bloomberg first reported on the news.

The report filed with Travis County’s Economic Development Program shows that Tesla increased its Austin workforce from just 3,523 contingent and permanent employees in 2021 to 12,277 by the end of 2022. Bloomberg reports that just over half of Tesla’s workers reside in the county, with the average full-time employee earning a salary of at least $47,147. Outside of Tesla’s factory, the average salary of an Austin worker is $68,060, according to data from ZipRecruiter.

TechCrunch was unable to acquire a copy of the report, so it’s not clear if those workers are all full-time. If they are, Tesla has hired a far cry more full-time employees than it is contracted to do. According to the agreement between Tesla and Travis County, the company is obligated to create 5,001 new full-time jobs over the next four years.

The contract also states that Tesla must invest about $1.1 billion in the county over the next five years. Tesla’s compliance report shows that the automaker last year invested $5.81 billion in Gigafactory Texas, which officially launched a year ago at a “Cyber Rodeo” event. In January, Tesla notified regulators that it plans to invest another $770 million into an expansion of the factory to include a battery cell testing site and cathode and drive unit manufacturing site. With that investment will come more jobs.

Tesla’s choice to move its headquarters to Texas and build a gigafactory there has helped the state lead the nation in job growth. The automaker builds its Model Y crossover there and plans to build its Cybertruck in Texas, as well. Giga Texas will also be a model for sustainable manufacturing, CEO Elon Musk has said. Last year, Tesla completed the first phase of what will become “the largest rooftop solar installation in the world,” according to the report, per Bloomberg. Tesla has begun on the second phase of installation, but already there are reports of being able to see the rooftop from space. The goal is to generate 27 megawatts of power.

Musk has also promised to turn the site into an “ecological paradise,” complete with a boardwalk and a hiking/biking trail that will open to the public. There haven’t been many updates on that front, and locals have been concerned that the site is actually more of an environmental nightmare that has led to noise and water pollution. The site, located at the intersection of State Highway 130 and Harold Green Road, east of Austin, is along the Colorado River and could create a climate catastrophe if the river overflows.

The site of Tesla’s gigafactory has also historically been the home of low-income households and has a large population of Spanish-speaking residents. It’s not clear if the jobs at the factory reflect the demographic population of the community in which it resides.

Continue Reading


Launch startup Stoke Space rolls out software tool for complex hardware development



Stoke Space, a company that’s developing a fully reusable rocket, has unveiled a new tool to let hardware companies track the design, testing and integration of parts. The new tool, Fusion, is targeting an unsexy but essential aspect of the hardware workflow.

It’s a solution born out of “ubiquitous pain in the industry,” Stoke CEO Andy Lapsa said in a recent interview. The current parts tracking status quo is marked by cumbersome, balkanized solutions built on piles of paperwork and spreadsheets. Many of the existing tools are not optimized “for boots on the ground,” but for finance or procurement teams, or even the C-suite, Lapsa explained.

In contrast, Fusion is designed to optimize simple inventory transactions and parts organization, and it will continue to track parts through their lifespan: as they are built into larger assemblies and go through testing. In an extreme example, such as hardware failures, Fusion will help teams connect anomalous data to the exact serial numbers of the parts involved.

Image credit: Stoke Space

“If you think about aerospace in general, there’s a need and a desire to be able to understand the part pedigree of every single part number and serial number that’s in an assembly,” Lapsa said. “So not only do you understand the configuration, you understand the history of all of those parts dating back to forever.”

While Lapsa clarified that Fusion is the result of an organic in-house need for better parts management – designing a fully reusable rocket is complicated, after all – turning it into a sell-able product was a decision that the Stoke team made early on. It’s a notable example of a rocket startup generating pathways for revenue while their vehicle is still under development.

Fusion offers particular relevance to startups. Many existing tools are designed for production runs – not the fast-moving research and development environment that many hardware startups find themselves, Lapsa added. In these environments, speed and accuracy are paramount.

Brent Bradbury, Stoke’s head of software, echoed these comments.

“The parts are changing, the people are changing, the processes are changing,” he said. “This lets us capture all that as it happens without a whole lot of extra work.”

Continue Reading


Amid a boom in AI accelerators, a UC Berkeley-focused outfit, House Fund, swings open its doors



Companies at the forefront of AI would naturally like to stay at the forefront, so it’s no surprise they want to stay close to smaller startups that are putting some of their newest advancements to work.

Last month, for example, Neo, a startup accelerator founded by Silicon Valley investor Ali Partovi, announced that OpenAI and Microsoft have offered to provide free software and advice to companies in a new track focused on artificial intelligence.

Now, another Bay Area outfit — House Fund, which invests in startups with ties to UC Berkeley — says it is launching an AI accelerator and that, similarly, OpenAI, Microsoft, Databricks, and Google’s Gradient Ventures are offering participating startups free and early access to tech from their companies, along with mentorship from top AI founders and executives at these companies.

We talked with House Fund founder Jeremy Fiance over the weekend to get a bit more color about the program, which will replace a broader-based accelerator program House Fund has run and whose alums include an additive manufacturing software company, Dyndrite, and the managed app development platform Chowbotics, whose most recent round in January brought the company’s total funding to more than $60 million.

For founders interested in learning more, the new AI accelerator program runs for two months, kicking off in early July and ending in early September. Six or so companies will be accepted, with the early application deadline coming up next week on April 13th. (The final application deadline is on June 1.) As for the time commitment involved across those two months, every startup could have a different experience, says Fiance. “We’re there when you need us, and we’re good at staying out of the way.”

There will be the requisite kickoff retreat to spark the program and founders to get to know one another. Candidates who are accepted will also have access to some of UC Berkeley’s renowned AI professors, including Michael Jordan, Ion Stoica, and Trevor Darrell. And they can opt into dinners and events in collaboration with these various constituents.

As for some of the financial dynamics, every startup that goes through the program will receive a $1 million investment on a $10 million post-money SAFE note. Importantly, too, as with the House Fund’s venture dollars, its AI accelerator is seeking startups that have at least one Berkeley-affiliated founder on the co-founding team. That includes alumni, faculty, PhDs, postdocs, staff, students, dropouts, and other affiliates.

There is no demo day. Instead, says Fiance, founders will receive “directed, personal introductions” to the VCs who best fit with their startups.

Given the buzz over AI, the new program could supercharge House Fund, the venture organization, which is already growing fast. Fiance launched it in 2016 with just $6 million and it now manages $300 million in assets, including on behalf of Berkeley Endowment Management Company and the University of California.

At the same time, the competition out there is fierce and growing more so by the day.

Though OpenAI has offered to partner with House Fund, for example, the San Francisco-based company announced its own accelerator back in November. Called Converge, the cohort was to be made up of 10 or so founders who received $1 million each and admission to five weeks of office hours, workshops and other events that ended and that received their funding from the OpenAI Startup Fund.

Y Combinator, the biggest accelerator in the world, is also oozing with AI startups right now, all of them part of a winter class that will be talking directly with investors this week via demo days that are taking place tomorrow, April 5th, and on Thursday.

Continue Reading