The first spyware creator to be convicted in more than a decade has avoided prison time after pleading guilty to U.S. federal charges related to his management of his surveillance company.
Brian Fleming was sentenced Friday in San Diego federal court to a time-limited prison term and a $5,000 fine, a spokesperson for the U.S. Attorney’s Office for the Southern District of California, which prosecuted Fleming, confirmed.
Fleming admitted at a January plea hearing following a multi-year federal investigation into his spyware company, pcTattletale, that he created, sold and promoted spyware for illegal uses.
Prosecutors had previously asked the judge not to impose jail time or fines on Fleming.
Fleming’s conviction marks the first successful prosecution of a spyware maker by the U.S. Department of Justice since 2014, and may lead to the prosecution of others for illegal surveillance activities in the future.
Fleming’s attorney, Marcus Bourassa, did not respond to TechCrunch’s request for comment.
Investigators with Homeland Security Investigations (HSI), a division of U.S. Immigration and Customs Enforcement, indicted Fleming in 2025 as part of a broader investigation into the consumer spyware industry. Although many spyware operators operate from overseas, investigators told TechCrunch that Fleming came to the attention of federal officials by selling and promoting the use of spyware from the United States, making him within the purview of U.S. law enforcement.
Spyware apps like pcTattletale are called “stalkerware.” Paying customers often place surveillance software on other people’s devices, such as spouses, without their knowledge. Once planted, these apps secretly upload the contents of the victim’s device, including messages, photos, and real-time location information, making that data visible to the person planting the spyware.
In some cases, Fleming “intentionally assisted clients in spying on non-consenting non-employee adults,” according to an affidavit filed by federal agents who searched his home.
It’s unclear how many people pcTattletale spied on, but a 2024 data breach revealed some of the scale of the long-running operation.
According to a previous investigation by TechCrunch, a security researcher discovered a security flaw in pcTattletale that allowed the spyware to expose millions of screen captures taken from a victim’s device every few seconds to the open internet, allowing anyone to view the contents of someone else’s computer display. It included screenshots of check-in computers at several U.S. hotels where pcTattletale was installed, exposing hotel guests and reservation details.
Fleming did not respond to researchers or fix the security flaw.
A week after our report, Fleming shut down pcTattletale in 2024 following high-profile hacks, website defacements and data breaches that revealed more than 138,000 customers had paid the company to help spy on countless victims.
The hackers told TechCrunch that they exploited another security flaw and granted access to all files stored in pcTattletale’s cloud data storage account, including the victim’s files.
The exact number of people whose devices were compromised by pcTattletale is unknown, and Fleming did not notify customers or their victims of the data breach. The pcTattletale founder told TechCrunch at the time that he had “deleted everything” from his company’s servers following the breach.
pcTattletale is one of several stalkerware makers, including LetMeSpy, Cocospy, and Spyhide, that have been shut down or forced offline due to security flaws.
Source link
