FBI Arrests Researcher Who Found 'Kill-Switch' to Stop Wannacry Ransomware

[tao]

The 22-year-old British security researcher who gained fame for discovering the "kill switch" that stopped the outbreak of the WannaCry ransomware—has been reportedly arrested in the United States after attending the Def Con hacking conference in Las Vegas.

Marcus Hutchins, operates under the alias MalwareTech on Twitter, was detained by the FBI in the state of Nevada, a friend of Hutchins confirmed Motherboard.

At the time of writing, it is unclear why the Internet's 'accidental hero' has been detained by the FBI, but his arrest has sparked an endless debate in the security community.

Hutchins became famous over two months ago when the WannaCry ransomware began hitting businesses, organisations and individuals across the world, and he accidentally halted its global spread by registering a domain name hidden in the malware.

hxxp://www[.]iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea[.]com

The domain as mentioned above was responsible for keeping WannaCry ransomware propagating and spreading like a worm, and if the connection to this domain fails, the SMB worm proceeds to infect the system.

Fortunately, Hutchins registered this domain in question and created a sinkhole–tactic researchers use to redirect traffic from the infected machines to a self-controlled system.

Hutchins is quite active on Twitter, but from last 24 hours, we have not seen any tweet from his account, which suggests the reports are likely correct.

Andrew Mabbitt, Hutchins’s friend has confirmed that he has currently been detained at FBI’s field office in Las Vegas. His friend is also asking for some legal help.

"His friends Andrew Mabbitt, Finally located @MalwareTechBlog, he's in the Las Vegas FBI field office. Can anyone provide legal representation?" Mabbitt tweeted.

Just today, in a separate news we reported that the hackers behind WannaCry cashed out over $140,000 from their Bitcoins wallets, where victims were instructed to send ransom payments.

Since both news came on the same day, some people have started making conspiracy theories about the involvement of both the events, though nothing is clear at this moment.

WannaCry was really bad, as the nasty ransomware forced the British NHS (National Health Service) to shut down hospitals and doctor's surgeries, and infected a Spanish telecommunications company and Russian mobile operator, among much more.

Even a month after its outbreak, the WannaCry ransomware was found infecting systems at Honda Motor Company, forcing its Japan-based factory to shut down its production, and 55 speed and traffic light cameras in Victoria, Australia.

The British National Crime Agency has confirmed an arrest of a British citizen but hasn't confirmed it is Hutchins.

"We are aware a UK national has been arrested, but it’s a matter for the authorities in the US," an NCA's spokesperson told the publication.

Update: Marcus Hutchins Accused for Creating Banking Malware

According to a spokesperson from the U.S. Department of Justice Hutchins has been arrested by the FBI for "his role in creating and distributing the Kronos banking Trojan" between 2014-2015.

Kronos malware was distributed via emails with malicious attachments containing compromised Microsoft word documents and used to hijack credentials such as banking passwords to let attackers steal money with ease.

According to Hutchins indictment, shown below, he has been accused of six counts of hacking-related crimes along with another unnamed co-defendant allegedly involved in the development of Kronos malware.

In 2014, the Kronos banking malware was made available for purchase in a Russian underground forum for a price tag of $7,000, with even an option for users to test the malware for a week before buying it.

 

Last year researchers also discovered that this banking Trojan was used in 2015 campaign for distributing point-of-sale (POS) malware dubbed ScanPOS as the secondary payload.

 

< Here >

 

[Extra: Indictment document is < here >.]

[Atasas]

Just one issue to be added-clarified:

"ransomware" has been developed by NSA, so, apart from being embarrassed (for not finishing the job properly), they will force the guy to slave for them... 

[knowledge-Spammer]

was made available for purchase in a Russian underground forum for a price tag of $7,000, with even an option for users to test the malware for a week before buying it.  seems a good deal lol  joke

 

i think its not best people post this guys name as he helped stoped  hackers  now he will have problems for longtime  not smart

 

[knowledge-Spammer]

On 8/3/2017 at 2:56 PM, 0bin said:

He will be relased soon, I don't think US want destroy relationship with UK so easy...

http://www.telegraph.co.uk/news/2017/05/14/revealed-22-year-old-expert-saved-world-ransomware-virus-lives/

IT expert who saved the world from ransomware virus is working with GCHQ to prevent repeat

is no way to prevent repeat

[knowledge-Spammer]

On 8/3/2017 at 3:00 PM, 0bin said:

 

is working with gchq

 it not mean he can stop things  100%

ransomware  will just get updated like all ransomware  do its cat and mouse game

[Sylence]

Enjoy the democracy and freedom.

 

people should be sick of these..

[straycat19]

Doesn't make any difference who he is working with.  He will be punished and after he serves any time he might get then the GCHQ is more than welcome to hire him.  We have a saying that goes, "No good deed goes unpunished."  We also say "One Aw-Shit wipes out ten Atta-Boys."  Hackers are really stupid if they leave their home countries, many of which have no extradition treaty with the US, and allow themselves to get nabbed by the authorities.  There may have been more undercover federal agents in Las Vegas this year than there were hackers, some I knew and others I could look at and knew what they really were.  About 10 years ago I was told to meet an FBI agent on a college campus, in the area called the quad, where literally hundreds of students hung out.  Though he was young and dressed just like them he was easy to pick out of the crowd and I walked right up to him and introduced myself.  Call it a sixth sense.

[Sylence]

6 minutes ago, straycat19 said:

Doesn't make any difference who he is working with.  He will be punished and after he serves any time he might get then the GCHQ is more than welcome to hire him.  We have a saying that goes, "No good deed goes unpunished."  We also say "One Aw-Shit wipes out ten Atta-Boys."  Hackers are really stupid if they leave their home countries, many of which have no extradition treaty with the US, and allow themselves to get nabbed by the authorities.  There may have been more undercover federal agents in Las Vegas this year than there were hackers, some I knew and others I could look at and knew what they really were.  About 10 years ago I was told to meet an FBI agent on a college campus, in the area called the quad, where literally hundreds of students hung out.  Though he was young and dressed just like them he was easy to pick out of the crowd and I walked right up to him and introduced myself.  Call it a sixth sense.

 

your sayings remind me of something, that they never take out their trained dogs. the reason why saddam hussein and bin laden are alive, safe and sound. your sixth sense didn't tell you that?  

[knowledge-Spammer]

On 8/3/2017 at 3:48 PM, 0bin said:

Anyway if they want him fall for them is easy to keep him there for many years, also without proofs, they can made them.

I think no one will want to go to defcon in us anymore...

 

https://www.computing.co.uk/ctg/news/3015091/marcus-hutchins-the-security-researcher-who-stopped-wannacry-arrested-and-charged-with-creating-and-selling-the-kronos-banking-trojan

We're sorry

 

The page you have requested may be outdated or is not available on our website!

You can try going back to the previous page, use the search option above or start again from the homepage

[pc71520]

12 hours ago, Atasas said:

"ransomware" has been developed by NSA,

so,

apart from being embarrassed (for not finishing the job properly),

they will force the guy to slave for them... 

Point taken.

[Atasas]

40 years (THE threat)

http://www.telegraph.co.uk/technology/2017/08/03/fbi-arrests-wannacry-hero-marcus-hutchins-las-vegas-reports/

 

 

[knowledge-Spammer]

On 8/4/2017 at 3:26 AM, Atasas said:

40 years (THE threat)

http://www.telegraph.co.uk/technology/2017/08/03/fbi-arrests-wannacry-hero-marcus-hutchins-las-vegas-reports/

 

 

[knowledge-Spammer]

 

[steven36]

Quote

 

U.S. judge sets $30,000 bail for UK hacker who stopped 'WannaCry'

 

LAS VEGAS (Reuters) - A U.S. judge in Las Vegas set a $30,000 bail on Friday for a well-known British cyber security researcher accused of advertising and selling malicious code used to pilfer banking and credit card information.

Marcus Hutchins, 23, gained celebrity status within the hacker community in May when he was credited with neutralizing the global "WannaCry" ransomware attack.

His attorney, Adrian Lobo, told reporters Hutchins would not be released on Friday because the clerk's office for the court closed 30 minutes after his hearing concluded, leaving his defense team not enough time to post the bail.

Lobo told a local NBC affiliate that Hutchins would be released on Monday and that she expected him to be on a flight on Tuesday to Wisconsin, where a six-count indictment against him was filed in U.S. District Court. He was receiving support from a "variety of sources" around the world to post his bail, she said.

Judge Nancy Koppe dismissed a federal prosecutor's claim that Hutchins was a flight risk, though she did order him to surrender his passport. If released, Hutchins would be barred from computer use or internet access.

Hutchins, also known online as MalwareTech, was indicted along with an unnamed co-defendant on July 12. The case remained under seal until Thursday, a day after his arrest in Las Vegas, where he and tens of thousands of others flocked for the annual Black Hat and Def Con security conventions.

Hutchins allegedly advertised, distributed and profited from malware code known as "Kronos" between July 2014 and 2015, according to the indictment. If downloaded from email attachments, Kronos left victims' systems vulnerable to theft of banking and credit card credentials, which could have been used to siphon money from bank accounts.

He achieved overnight fame in May when he was credited with detecting a "kill switch" that effectively disabled the WannaCry worm, which infected hundreds of thousands of computers in May and caused disruptions at car factories, hospitals, shops and schools in more than 150 countries.

Hutchins was "doing well, considering what's gone on," Lobo, told reporters. She said Hutchins never expected to be in his current situation and that she did not know the identity of his co-defendant.

News of Hutchins' arrest on Wednesday shocked other researchers, many of whom rallied to his defense and said they did not believe he had ever engaged in cyber crime.

 

http://www.reuters.com/article/us-usa-cyber-arrest-hutchins-idUSKBN1AK2JW

 

[Sylence]

2 hours ago, knowledge said:

 

 

that's like an example for the rest of the people. they tell people: look what we do to good guys, we will do the same to y'all if you try to mess with us again. 

[steven36]

Most likely the anonymous co-defendant snitched on him and  the police are protecting there identity.  A DA want file six indictments against someone unless they think they can win the case as in having loads of evidence . I had friends too do this too each other before.. one of them turned states evidence they walked with community service and the rest went too prison . Maybe if he's lucky his lawyer  can help him out. These were not indictments brought on by the federal courts.  these  indictments were served from the district court of the sate of Wisconsin and ICE napped him in Las Vegas .

[knowledge-Spammer]

look what happen to Aaron Swartz

usa wanted to lock him up for downloading books

shame he  died as he cant take  what was happenin to him

[tao]

4 minutes ago, knowledge said:

look what happen to Aaron Swartz...

And he declined a plea bargain under which he would have served six months in federal prison.

[steven36]

1 hour ago, knowledge said:

look what happen to Aaron Swartz

usa wanted to lock him up for downloading books

shame he  died as he cant take  what was happenin to him

It happens a lot  .. I didn't  know Aaron Swartz but I did know someone who killed themselves because  they didn't want go too prison or in Aaron Swartz's case for downloading books he most likely would just got fined  no one never goes too jail for just downloading in the USA only people who runs warez sites or uploads warez for a profit do.  He was unstable .  Id rather go too jail  than kill myself and Aaron Swartz was charged with more  than just downloading books.
 

Quote

 

In United States of America v. Aaron Swartz, Aaron Swartz, an American computer programmer, writer, political organizer and Internet activist, was prosecuted for many violations of the Computer Fraud and Abuse Act of 1986 (CFAA), after downloading a great many academic journal articles through the MIT computer network from a source (JSTOR) for which he had an account as a Harvard research fellow. Facing trial and the possibility of imprisonment, Swartz committed suicide, and the case was consequently dismissed.

 

https://en.wikipedia.org/wiki/United_States_v._Swartz

Quote

Criminal offenses under the Computer Fraud and Abuse Act of 1986

(a) Whoever—

    (1) having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it;
    (2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains—

        (A) information contained in a financial record of a financial institution, or of a card issuer as defined in section 1602 (n) [1] of title 15, or contained in a file of a consumer reporting agency on a consumer, as such terms are defined in the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.);
        (B) information from any department or agency of the United States; or
        (C) information from any protected computer;

    (3) intentionally, without authorization to access any nonpublic computer of a department or agency of the United States, accesses such a computer of that department or agency that is exclusively for the use of the Government of the United States or, in the case of a computer not exclusively for such use, is used by or for the Government of the United States and such conduct affects that use by or for the Government of the United States;

    (4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period;

    (5)

        (A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
        (B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or
        (C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss.

    (6) knowingly and with intent to defraud traffics (as defined in section 1029) in any password or similar information through which a computer may be accessed without authorization, if—

        (A) such trafficking affects interstate or foreign commerce; or
        (B) such computer is used by or for the Government of the United States;

    (7) with intent to extort from any person any money or other thing of value, transmits in interstate or foreign commerce any communication containing any—

        (A) threat to cause damage to a protected computer;
        (B) threat to obtain information from a protected computer without authorization or in excess of authorization or to impair the confidentiality of information obtained from a protected computer without authorization or by exceeding authorized access; or
        (C) demand or request for money or other thing of value in relation to damage to a protected computer, where such damage was caused to facilitate the extortion

https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act

Sometimes in cases like these the police have no proof that will hold up in court  but know of certain crimes certain people commit and are just watching and waiting for them too screw up and will nab them on anything that will hold up in court. That's why it dont pay too be in the stoplight  and draw attention too yourself too the cops.  

 

People are in out of jail all the time because there just poor and victims of the system and some run and some end up dying from running are kill themselves due too depression of having too face jail time.   The scientific term is Carcerophobia

Quote

 

 

Carcerophobia (from Latin carcer meaning "prison, jail") is the fear of prison. Anybody can suffer this fear even though they done nothing illegal in their lives. Sufferers would usually have obsessive thoughts about what's the life is like in the prison. Many carcerophobes would feel worry about spending the rest of the life in the prison the most. Sufferers would do everything to stay out of trouble. They may be afraid for parents or other family member to call the police. If the sufferer did a little misbehaving thing or even did something bad accidentally, they may panic in terror, with symptoms like sweating, obsessive worries, rapid breathing, and sense of being trapped. Seeing the police officer or even seeing the police car from a distance may also cause them to panic.

 

http://phobia.wikia.com/wiki/Carcerophobia

Then i have some friends who like prison and have been in and out of jail every since we got out of school ..They cant make it on the outside world,  so when they get out they commit crimes to get locked back up .

[steven36]

 

Quote

 

Black hat or white hat? Questions swirl around hero researcher's sudden arrest

 

The young security pro faces hacking and wiretapping charges

On Wednesday, a celebrated UK security researcher was stopped at the Las Vegas airport and taken into federal custody. According to law enforcement, Marcus Hutchins (better known as MalwareTech) was responsible for developing a major banking trojan — a serious allegation that could result in years of jail time. Hutchins most recently drew popular attention for his pivotal role in containing the WannaCry malware, a ransomware worm that locked up nearly 75,000 systems worldwide. Hutchins’ arrest came just days after he’d attended Defcon, the largest hacking conference in the world, where he had been riding high on his newfound reputation as a hero.

The allegations have stunned Hutchins’ friends and colleagues, but it’s still unclear how much evidence there is to support them. The indictment primarily focuses on a co-defendant whose name remains under seal, and the document throws very little light on Hutchins’ involvement. In the wake of the arrest, much of the security community has rallied to Hutchins’ defense, digging up circumstantial evidence surrounding the allegations. But the lack of information from the government combined with the unearthing of Hutchins’ less-than-savory activities as a teenager has thrown the community into a state of confusion.

White hat or black hat?

In the wake of the arrest, observers uncovered old IRC logs connected to Hutchins’ previous username. The logs paint the young Hutchins—who would have been about eighteen years old at the time—as a low-level black-hat hacker playing with bots and scripts. But although he implies pompously that he is involved with the market for malicious code, he never says explicitly that he sells any, nor are there any logs linking him to the banking trojan, Kronos.

The story of a young, immature black hat who turns legitimate over the years is hardly a new one. Kevin Mitnick, one of the earliest and most prominent targets of the Computer Fraud and Abuse Act, currently works as a security consultant. The idea that it’s natural for white hats to have started out as teenage black hats is prevalent in the community. The vague indictment and the unearthing of Hutchins’ past creates a kind of Rorschach blot for observers: in the absence of more facts, it’s just as easy to see Hutchins as a martyr as it is to see him as criminal.

In the days since his arrest, the 23-year-old Hutchins has been shuttled between a series of federal facilities in Las Vegas. On Friday, Hutchins’ bail was set at $30,000, with the condition that he surrender his passports, remain on house arrest, and not use the internet. Hutchins remained in jail over the weekend, although his bond is expected to be paid on Monday. Friends have already launched a crowd-funding campaign to raise money for his legal defense. Hutchins’ public defender noted in an earlier hearing that he had “cooperated with the government prior to being charged,” although it’s unclear exactly what that cooperation entailed.

Among Hutchins’ friends, the primary reaction has been disbelief. While Hutchins first drew popular attention for his pivotal role in containing the WannaCry malware, he had been a beloved figure in the security community for years, known for his curiosity and talent. Rendition Security’s Jake Williams worked with Hutchins during the same period of time named in the indictment, and says he finds it difficult to believe the young researcher could have been coordinating a criminal enterprise during those months.

“We traded malware samples and research,” Williams told The Verge. “He helped out with an educational program I was working with by providing some code. He wouldn't take any payment at the time, which is incongruous with the charges levied now.”

There’s little doubt that Kronos itself was malware. First spotted on Russian cybercrime forums in July 2014, the program was designed to harvest banking credentials — waiting until a target logged into a banking site and intercepting passwords in transit. Known as a banking trojan, that kind of malware has proven very popular among online criminals, and Kronos was far from the first or the largest. The program first emerged in the wake of the larger Zeus banking trojan, which authorities believe was as responsible for as much as $70 million in losses.

Kronos was widely cracked and re-distributed — and like most coding projects, it drew heavily on available code, making it difficult to tell exactly which elements Hutchins is believed to have developed. While broadly similar to Zeus, Kronos also drew on the leaked source code of a lesser-known program called Carberp, according to early Kaspersky research. It also included various desktop-sharing components that may have been originally developed for non-malicious use. If Hutchins was responsible for developing those systems, he may have coded together a malware component without knowing it.

“It's not clear which parts of Kronos he actually is accused of writing,” says Errata Security researcher Robert David Graham, who has worked on similar software components in the past. “Nobody builds an entire malware suite from scratch.”

The Indictment

Of course, this is all speculation, since the grand jury indictment is so thin on the details. The criminal complaint against Hutchins, which will present more detail on the charges, remains under seal. The only details the indictment provides are in Count 1, which alleges that Hutchins and his co-defendant engaged in a conspiracy to “knowingly cause the transmission” of code that would intentionally “cause damage without authorization” to over ten computers—a felony under the Computer Fraud and Abuse Act of 1986.

But that part of the indictment focuses mostly on overt acts by Hutchins’ co-defendant, whose name remains under seal. (“Overt acts” are facts necessary to support a conspiracy charge, and are meant to show the defendants’ participation in the conspiracy). Little is known at this time, but it may be an indication that the co-defendant is cooperating with the government, and has offered evidence of Hutchins’ involvement in the creation and sale of the Kronos malware.

The indictment alleges that on July 2014, the co-defendant used a video on a “publicly available website” to show how to use the “Kronos Banking trojan.” The following month, the co-defendant offered to sell the trojan on a internet forum for $3,000. In April 2015, the co-defendant advertised the malware on AlphaBay—the dark web marketplace that was recently seized by federal law enforcement. In June of that year, the co-defendant sold the Kronos malware for approximately $2,000 “in digital currency” and in July, also offered “crypting” services for Kronos—services that would help conceal the trojan on computer systems.

In that long list of overt acts, Hutchins is only accused of creating the Kronos software in 2014, and then updating the software later in 2015, after his unnamed co-defendant began to sell the malware.

As a result, some see Hutchins as collateral damage in a larger prosecution against a still-anonymous malware vendor. As Tor Ekeland, a defense attorney who frequently takes on Computer Fraud and Abuse Act cases, put it on Twitter, “[The Department of Justice] just arrested the guy who helped stop Wannacry because someone he allegedly worked with made $2,000 from the sale of malware.”

The prosecution is being brought in the eastern district of Wisconsin, a jurisdiction that is not particularly well-known for policing high-profile hacking cases—a possible indication that the mysterious co-defendant resides in Wisconsin. The mention of AlphaBay in the indictment also suggests that the co-defendant was swept up during the investigation into the marketplace that was made public last month. FBI agents took AlphaBay offline on July 4th, just seven days before the indictment against Hutchins and his co-defendant was filed under seal.

The co-defendant could have also been caught up in an investigation into the Zeus malware (the earlier variant of Kronos). In 2010, the FBI arrested 10 people in connection with Zeus, with dozens of other figures suspected of involvement. Posts on Hutchins’ blog show he was researching Zeus variants in late 2013, including variants compiled from the Carberp source code. The research was public and there seems to have been no effort to delete the posts after the fact.

Oddly, the list of overt acts in count 1 doesn’t specifically allege that Hutchins took a cut of the profits or sold the software directly, even though counts 2 and 4 in the indictment charge both Hutchins and his co-defendant with having advertised and sold a wiretapping device. (Although the Kronos software does log credentials, it’s not clear that from a legal standpoint, it counts as a “device.”)

    Anyone got a kronos sample?
    — MalwareTech (@MalwareTechBlog) July 13, 2014

In short, the indictment throws very little light on Hutchins’ involvement. Even if all of the specific allegations are taken as true, Hutchins could plausibly be a hapless creator whose code was sold with very little input from him— maybe even without any financial compensation. He could also, just as plausibly, be a sophisticated cybercriminal who profited off malware.

The Young Marcus Hutchins

In July 2014, around the time the indictment says his co-defendant began to sell the malware, Hutchins posted to Twitter asking if anyone had a sample of Kronos. Some say that since Hutchins was researching Kronos, it would make it unlikely that he had written it. But it’s just as possible that Hutchins read IBM’s initial report on the malware, wondered whether Kronos was the software he himself had written, and sought out a sample to test his hypothesis. Less likely—but still possible—is the hypothesis that he tweeted out a request for a Kronos sample to cover his tracks and give himself plausible deniability at the time.

Various people have also dug up old IRC logs, still available via the Internet Archive, connected to his previous username, TouchMe. The IRC logs depict Hutchins, who would have been about eighteen years old, as a low-level black-hat playing around with pieces of malicious code. But although he makes bragging references to the malware market, he never says in so many words that he actually sells bots.

    [16:14] <TouchMe> if your bot is good

    [16:14] <TouchMe> people will buy it

    [16:14] <TouchMe> you don't need a 20mb image with stupid f**king colors

Some in the security community have sought to minimize Hutchins’s early activities as mere youthful indiscretions. “MalwareTech had some fun when he was younger, we all did,” one security researcher wrote on Twitter. “Doesn't mean he actually wrote the Kronos bot.”

    The "TouchMe" on darkhook isn't me, please stop sending emails asking me about scriptkiddie stuff, thx.
    — MalwareTech (@MalwareTechBlog) November 8, 2013

While some are pointing to a tweet from 2013 to cast doubt on the reliability of the IRC logs and the identification of Hutchins as TouchMe, a person using the pseudonym of IPostYourInfo has claimed that they knew Hutchins through IRC. On Friday they published a blogpost containing fairly detailed and dense circumstantial evidence that links the TouchMe from those logs to Marcus Hutchins himself. But although IPostYourInfo links Hutchins to some unsavory behavior, they don’t allege that Hutchins wrote Kronos. And although they suspect that Hutchins peddled malware, they didn’t think at the time he actually wrote it himself.

“I would have expected him to be involved in selling betabot [a different piece of malware], not having the initiative and drive to code his own malware,” wrote IPostYourInfo.

A New Challenge to the CFAA

Even if Hutchins were directly involved in developing the code for Kronos, the legal case against him is far from airtight. Orin Kerr, a former federal prosecutor and a professor at George Washington University School of Law, thinks that prosecutors will face an uphill battle. Four of the six counts stem from an anti-wiretapping statute, the applicability of which, Kerr says, is questionable. And since Hutchins isn’t accused of using the tools himself, the charge on the basis of conspiracy to commit computer fraud and abuse is also shaky.

Despite those issues, prosecutors haven’t had trouble pinning similar charges on defendants faced with similar facts in the past. One recent example was the 2015 Blackshades case, which targeted a spyware-for-hire program. It’s common for malware developers to outsource actual hacking to smaller players, with new malware being marketed, analyzed and eventually pirated and reverse-engineered by the competition. As law enforcement takes on more cybercrime cases, the focus has shifted from botnets and distributors to the developers themselves, who often command a larger share of the profits. If these laws are, as Kerr theorizes, not suited to malware-developer prosecutions, it raises the question of how exactly prosecutors are expected to stem the tide of hacking in a time when the world has never been more dependent on interconnected, vulnerable computer systems.

Since most of these malware-developer cases have pled out instead of going to trial, the legal objections that Kerr has raised are untested. Few of those prosecutions have had to face a robust legal defense. Even with the security community in a confused uproar, Hutchins continues to be a very popular figure, and a legal fundraising effort is said to be under way. If Hutchins fights the charges, this could very well be the case that changes how malware development is prosecuted in the United States.

 

https://www.theverge.com/2017/8/5/16097946/marcus-hutchins-malware-tech-wannacry-arrest-cfaa-prosecution-charges

 

[jbleck]

this is what happens when u follow the white rabbit

[tao]

22 minutes ago, 0bin said:

What is the white rabbit?

Refers to a waistcoat-wearing, pocket-watch-wielding white rabbit, hurrying along and muttering, "Oh dear! I shall be late!" in Lewis Carroll's Alice in Wonderland (1865), whom Alice follows down a rabbit hole into Wonderland.

[knowledge-Spammer]

On 8/5/2017 at 3:53 PM, jbleck said:

this is what happens when u follow the white rabbit

if u follow the right white rabbit will take u to

RadiXX11

 

 

[tao]

6 minutes ago, Atasas said:

Gowd it takes ever so little not to make derogatory inflammation and to have sensible conversation...

... and this happens in a friendly community.   

 

So, either this is not true or ours is not a friendly community. 

 

... and we -- collectively -- have the power to make it a friendly community in reality (not merely in words)!  

[steven36]

@0bin,  seems some dont know what sarcasm is lol