That is the old address for Companies Made Simple: http://www.companiesmadesimple.com/
They handle all kinds of services for tens of thousands of companies in the UK, from registration, to registered address and mail forwarding.
I know this, because I used them for my startup to handle the registered address. This is because official mail has to go somewhere and the address is a matter of public record. We were in a co-working space at the time and knew that we would move on when the time came, it's an annoyance to go around updating the registered address and unprofessional to have a co-working space as one.
That Companies Made Simple is used by bad actors isn't going to be a surprise, bad actors use nearly all service providers.
They are the largest provider of registered address services in the UK, it's not a surprise that the address is in "common use". That ignores the fact that the number of legitimate businesses that use the address vastly outnumber the illegitimate.
I dislike Companies Made Simple having used them (they nearly shredded our investors SEIS certs because they didn't regard them as "official government communication"), but it's probably defamation to imply that companies using the address are not legitimate just because some small sample of them are not.
But even the source is incorrect. For registered address services you do have to verify company details.
It is only for generic mail forwarding services that you do not have to verify company details.
The difference being that the former is required to help disambiguate mail address to company officials from official government offices, and to ensure successful routing of mail to the correct person (failure to deliver mail from HMRC can result in substantial fines which would be a liability for Companies Made Simple).
The latter is no different from any mail box or mail forwarding service.
It seems that the anti-fraud organisation cited hasn't actually used the service and is unaware of the difference in proof required by them.
It's a trivially small fee and can be done online with Companies House in a very short amount of time and they will auto-notify HMRC in the same go.
For mail forwarding and registered office address... I honestly now think you should only consider one of three options:
1) Your work address if it is a sole-use mailbox and you know you will be there for more than a year.
2) Your accountants address (with their consent).
3) Your home address.
I would not now use a third party for the registered address, the risks are too high. There is no junk or spam mail sent to this address, it really is just actionable and important government communication from Companies House, HMRC, etc.
I was planning to open a Barclays bank account anyway, so the minimal processing fee (£30) was basically null when Barclays gave me £40 to open their account. I was referred to them by a well known city-based accounting firm.
Not going to defend shady businesses, but I dislike this knee jerk reaction without understanding the actual issue. I've seen software that encrypts (encrypts, not hashes) passwords for security™, but stores the secret in the database, too. Sure, technically they didn't store plaintext passwords, but practically they did.
What you could do to defend the passwords:
* hash them - doesn't work in this case, because it's not an authentication system
* symmetrically encrypt them - useless, the secret would be stored on the compromised server
* asymmetrically encrypt them - works, assuming the private key isn't stored on the server. Therefore, it's not possible to decrypt the passwords from within the application again
This provides the 'break in the case' but it's based on illegal activity. Just because a company is acting unethically doesn't give researchers a legal shield. (Especially considering a quick search led me to the probable identity of the author.)
>>>> the logo similarity convinced us beyond the shadow of a doubt that Mobisoft LTD is the development company behind mSpy
>>>> Why would mSpy move their data from Amazon ... Incidentally, in September 2014, the FBI has arrested a CEO of another spyware company called Stealth Genie ... Could the ease with which the US authorities were able to take down Stealth Genie has caused the Ukrainian company to move to an alternative infrastructure? We believe that the compelling answer to this question is obvious. Yes.
I wonder if rewriting this so that the ending leaves more of a mystery might help the piece. As it is, I got the feeling the author was trying to tell a story that just wasn't there. Great tone and style, though, and worth the read. This new brand of "Nerd Detective Novel" is really cool. Would love to see more of it.
I don't understand why that particular developer account caught their eye while browsing through a 13GB data set.
Proof: here’s a press release from Perion from June 2014 which announced that they partnered with Lenovo to create Browser Guard:
http://www.businesswire.com/news/home/20140618005930/en/Peri...
And here is a January 2014 press release that shows that Perion acquired Conduit's ClientConnect Services in 2014
http://www.businesswire.com/news/home/20140102005313/en/Peri...
Yes, they use all kinds of fake companies for whatever purposes, but there's really no need to entangle it all.
There's no pressure to stop such businesses, unless law enforcement do their thing properly. FBI and other gov't agencies have massive resources, why isn't more put on this sort of thing, instead of spying on the citizens illegally?
I understand that spyware makers are not good people, but that doesn't obviate the laws against this sort of thing.
