If a public software is utilized by the criminal organization or foreign government, its maker definitely has partial responsibility for that. If the software make the criminal behavior possible, then it becomes part of the criminal behavior. When the software makers publish their work on the internet, they should consider its safety and take action to protect the privacy and security of its possible user. For example, if there is a effective encryption for the password of its users, the possibility of information stealing is smaller in this software. Also, the software maker should keep an eye on his or her software in order to check its operation and safety. If there is something wrong happening, they should notice it and take action in time, so that there won't be worse outcome.
Meanwhile, the user should be responsible for their privacy and security on the internet as well. If you choose a weak password and never change it, you can't blame it on others but yourself. Stealing information is taking the advance of both weak system of the software and the weak protective actions taken by the user. We can't stop all the criminal behaviors through the internet, but we could at least pay attention and put our effort into the protection of our own privacy. Therefore, both the software maker and user are responsible for what they have done on the internet, and both them should be more careful about protection of the private information.