FBI Arrests Researcher Who Found 'Kill-Switch' to Stop Wannacry Ransomware

[tao]

Sarcasm is when someone makes an observation that isn’t intended to be mistaken for truth in order to draw attention to a ridiculous situation. It’s often a rather aggressive verbal tool, though it can be used as or disguised as humor. Sarcasm can be a way of mocking or teasing another person. Often, an indicator of sarcasm is a particular tone of voice which makes it difficult to call the person out for illogical thinking on this behavior.

 

"To these people, sarcasm is too vague"  

[steven36]

2 minutes ago, 0bin said:

One thing is for sure we all believe in money ..Money talks, BS  walks with money you can buy you're way out of anything .

[tao]

[steven36]

3 minutes ago, 0bin said:

In 1934, I was 20.

Man attempts to deposit million-dollar bill, gets busted for meth

http://www.siouxlandproud.com/news/local-news/sioux-city-man-arrested-for-meth-while-trying-to-deposit-million-dollar-bill/783369680

 

[tao]

5 minutes ago, 0bin said:

In 1934, I was 20.

... and I had a life that money couldn't save.  (That's couldn't buy from un-bargain-able death.) 

 

  "with money you can buy you're [sic] way out of anything." 

 

Yiddish proverb: Man plans and God laughs.

 

 

[Agent 86]

On 8/3/2017 at 6:00 PM, 0bin said:

rfd bnv wef

 

On 8/3/2017 at 6:09 PM, 0bin said:

bnh fvc bghn

sorry off topic but @0bin I cant understand what you say. It makes no sense to me. Regards

[Atasas]

"just chattin' on"

 

If you was the lad, that kinda altruistically saved the day- 1

 

possibly figured a way to channel funds his way from real virus spreader's-2

 

Was somewhat involved in distribution and reversed in goodie, once it didn't work well-3

 

Was set on (betrayed) by DNet community or set up by FBI-4

 

WHAT would you do?

(Considering we really do not know his memberships)?

 

AFAIK he had appeared in first Court hearing- details?

 

 

[steven36]

39 minutes ago, Atasas said:

"just chattin' on"

 

If you was the lad, that kinda altruistically saved the day- 1

 

possibly figured a way to channel funds his way from real virus spreader's-2

 

Was somewhat involved in distribution and reversed in goodie, once it didn't work well-3

 

Was set on (betrayed) by DNet community or set up by FBI-4

 

WHAT would you do?

(Considering we really do not know his memberships)?

 

AFAIK he had appeared in first Court hearing- details?

 

 

He's not went too court yet  , he just a got a bound hearing , and whoever they caught distributing the malware from the aplabay take down must of gave the state  of Wisconsin his name . If you're in the USA  it don't matter were you are at  they have a record of everyone who comes over here unless they sneak in . Even if you're a  resident  if you got stopped for any reason all they have too do is call it in and it checks all 50 states  and if you're name comes up anywhere they will arrest you  ..Ether you will make bail and go to court on you're own  or they extradite you too the state you're wanted in . Even if the guy wrote the malware there was no way he knew not too come over too the USA because the way indictment works  you  never know who they have on them  tell they come out.

[tao]

One more reason to have a merit-based entry (immigration) in the U.S. too.  

[Atasas]

2 hours ago, steven36 said:

He's not went too court yet  , he just a got a bound hearing , and whoever they caught distributing the malware from the aplabay take down must of gave the state  of Wisconsin his name . If you're in the USA  it don't matter were you are at  they have a record of everyone who comes over here unless they sneak in . Even if you're a  resident  if you got stopped for any reason all they have too do is call it in and it checks all 50 states  and if you're name comes up anywhere they will arrest you  ..Ether you will make bail and go to court on you're own  or they extradite you too the state you're wanted in . Even if the guy wrote the malware there was no way he knew not too come over too the USA because the way indictment works  you  never know who they have on them  tell they come out.

SOU(r)CE?

 

(just lazy)

[steven36]

1 hour ago, Atasas said:

SOU(r)CE?

 

(just lazy)

 

[steven36]

 

Quote

 

MalwareTech Arrested for Creating the Kronos Banking Trojan

 

On August 3, Motherboard published an indictment that pertained to an unexpected suspect. Even more unexpected once the realization that the suspect connected to the now-defunct Alphabay. Marcus Hutchins, the security researcher known as MalwareTech or MalwareTechBlog allegedly created and helped distribute the Kronos banking trojan.

Hutchins made a name for himself when he “accidentally” hindered the WannaCry ransomware from spreading. (The domain Hutchins bought that functioned as the WannaCry killswitch). His actual name gained publicity when reporters from The Sun, The Telegraph, and The Daily Mail hunted down and then published his personal information. “Camped out” in his front yard and chased down the man’s friends. Now, though, a grand jury indictment charged Hutchins for creating Kronos and helping another party distribute the banking trojan on a darknet market, along with internet forums.

 

 

The indictment only comes as a surprise to those who knew MalwareTech as MalwareTech or Marcus Hutchins, the self-described “Malware Researcher.” Others claimed that Hutchins had operated under pseudonyms at some point in time. The indictment contains nothing that connected Hutchins to other internet characters, like TouchMe or TouchMyMalware, but the theories run wild elsewhere. For many reasons, one of which being the blacked-out name in every paragraph, the indictment itself failed to render an accurate picture. The details are vague or nonexistent.

A co-defendant was named by the grand jury as well, although in the copy of the indictment published by the Department of Justice, the name had been redacted. Some speculate that the second entity informed on MalwareTech. At this point in time, all that exists—at least publicly—is conjecture. Some, however, seems only logical—if the indictment is accurate as well. “There it is – I’ll bet money @MalwareTechBlog’s snitch got caught up in AlphaBay arrests and ratted him out,” one Twitter user wrote.

 

 

The indictment named Hutchins in six out of six charges. It is worth remembering that grand juries do not require unanimous decisions to indict—simply ⅔ or ¾ majority. The “unidentified” (to the public) co-defendant was also named in all six counts.

Marcus Hutchins, aka Malwaretech, along with the unnamed co-defendant received a total of six charges each:

    one count of conspiracy to commit computer fraud and abuse;
    three counts of distributing and advertising an electronic communication interception device;
    one count of endeavoring to intercept electronic communications;
    one count of attempting to access a computer without authorization

The indictment points to a video allegedly created by MalwareTech that explained how to use the Kronos Banking Trojan, along with a host of other, majorly instructional, “crimes.” According to the indictments, all crimes occurred between July 2014 and July 2015. The Cyber Threat Insider blog reported first seeing Kronos advertised on Russian forums in June 2014, alongside the launch of the Kratos trojan. At the time, the Kronos pricing was strikingly high. “Kronos costs $7,000 (a special release price till July 18th is $5,000), and one-week trial is offered for $1,000, on your own domain,” the Cyber Threat blog reported.

 

 

 

The majority of the advertisements for Kronos explained the features as if the trojan was an upgraded version of Zeus. In many ways, it was one of Zeus’s many successors. Like the developers of the Floki Bot, the developers of Kronos claimed the trojan was more than Zeus with added features, even though Zeus and Kronos could effectively use the same .html injection files. Below is an early translation from a Russian forum:

“Introducing the Kronos, the only Actively supported 32 / 64bit rootkit banking trojan.

The Kronos Comes with a 64 and 32bit rootkit to provide you with the stealth and compatibility needed for all of your banking operations

Formgrabber: the Kronos has an advanced Formgrabber That does not use the publicly available Methods. It logs ALL POST requests and returns the data to the control panel.

Webinjects: the Zeus webinjects style with the Kronos style injection techniques. Inject forms and get additional information or automatically transfer funds with the use of Webinjects.

32-bit and 64-bit ring 3 a rootkit: the Kronos has a very advanced 32 and 64bit rootkit that helps hide and evade user and other bot detection . Great for stealthy operations and helping your botnet live longer.

Proactive Bypass: Kronos uses undetected injection techniques to work without triggering proactive antivirus protection.

Encrypted Communication: Communication between the bot and the panel is encrypted to help better secure data.

The Sandbox and Rootkit Usermode the bypass: the Kronos CAN the bypass the any hook mounted transmitter in the which the usermode allow it to be other by untouched by rootkits or sandboxes.”

“On or about July 13, 2014, a video showing the functionality of the Kronos banking trojan was posted to Youtube. [Unidentified co-defendant] used the video to demonstrate how Kronos worked,” authorities claimed. And then, “on or about about April 29, 2015,” the supposed “snitch” listed the Kronos banking trojan on AlphaBay. In June 2015, the same person sold a copy of the trojan $2,000 in “digital currency.”

 

 

 

 

In 2016, an entity rebooted the Kronos banking trojan yet again. The trojan was marketed on Russian forums and advertisements spammed via jabber.

“Kronos refreshed and became better than before! Problems with the fall of chromium and the incorrectly working grabber and injections are solved. Fixed data collection and injection in FF. MS Edge supports data collection and injections. Some changes have been made to improve stability. Become a customer today and get discounts on modules (distribution via USB, SOCKS5 and hidden VNC) that will be developed.

The price is $ 3,000 (without bargaining), Payment through bitcoin. The transaction will receive useful contacts Contact: V***@****.im”

After hacking conferences in Nevada, US law enforcement arrested Hutchins before he boarded and prepared for the flight back to his home in the UK. On August 3, Motherboard confirmed that the 23-year-old had been detained at the Henderson Detention Center in Nevada. Hours later, Joseph Cox spoke with a friend of Hutchins who claimed US authorities had moved the alleged trojan creator. “I’ve spoken to the US Marshals again and they say they have no record of Marcus being in the system. At this point we’ve been trying to get in contact with Marcus for 18 hours and nobody knows where he’s been taken,” the friend told Motherboard. A spokesperson for the US Marshals reported that the case was an FBI matter.

 

 

Hutchins appeared before U.S. Judge Nancy Koppe on July 3. The court heard that Hutchins “had cooperated with the government prior to being charged.” Twitter users speculated this statement referred to his cooperation in the WannaCry ransomware outbreak—not that he had spoken to law enforcement regarding the immediate accusations. As some pointed out, this case has the potential to be far from ordinary.

 

https://www.deepdotweb.com/2017/08/05/malwaretech-arrested-creating-kronos-banking-trojan/

 

[Atasas]

Pickle indeed :/

[tao]

WannaCry hero heads into Tuesday hearing as the security community crowdfunds his defense

 

Over the weekend, the security community raised legal funds for Marcus Hutchins, the researcher famed for stopping the spread of the malware known as WannaCry. Hutchins, also known as MalwareTech, was arrested by the FBI last week for his alleged role in disseminating Kronos, a banking trojan that first wrought havoc in 2014.

 

With a hearing set for Tuesday in Wisconsin, Hutchins’ many supporters have rallied to donate toward covering his legal costs. The fund was set up by Symantec Cybersecurity Czar Tarah Wheeler and the tech law firm of Tor Ekeland.

 

“While we as a community do not know all the details about the charges against [Marcus Hutchins] (since few details have been published at this time), we acknowledge that all people have a right to legal defense and counsel in the United States when accused of a crime,” Wheeler wrote in a message that accompanies the donation page.

 

According to Ekeland, the LawPay-hosted fund was created as an alternative to GoFundMe. While the donation page was so popular that it crashed at one point, Hutchins’ supporters are working on a full accounting of donations.

 

“This was put together quickly over the weekend by our staff after Gofundme refused to handle the [legal defense fund] and we stepped in at the last minute,” Ekeland told TechCrunch. “It’s gotten a nice response, lots of people are donating, we just haven’t had a chance to go through it all.”

 

TechCrunch has reached out to GoFundMe for comment on its refusal to host Hutchins’ defense fund.

 

ED WI USAO says @MalwareTechBlog's court hearing is scheduled for 9:30A tomorrow August 8.

— emptywheel (@emptywheel) August 7, 2017

Hutchins faces an array of charges that include creating the Kronos code — sure to be legally murky territory — and offering it for sale on AlphaBay, the illicit online market shut down in a major bust last month. The young researcher pled not guilty to the charges in a Las Vegas court on Friday and is set to appear tomorrow in Wisconsin, the state where the charges were filed.

 

< Here >

[Pequi]

28 minutes ago, adi said:

Hutchins faces an array of charges that include creating the Kronos code — sure to be legally murky territory — and offering it for sale on AlphaBay, the illicit online market shut down in a major bust last month.

 

Everything he was accused of was the result of what an anonymous criminal "said".

Hutchins did not make the video, did not offer Kronos for sale,  did not advertize it, sell it or offer encryption services. That was all the anonymous guy. There is no proof Hutchins even coded Kronos.

 

Terrifying that you can end up in jail because of what a self confessed criminal "said". Zero proof.

Hutchins must have pissed someone off ......

[DKT27]

Some more posts removed. It's funny how you guys keep finding political arguments in a rather security specific news.

 

Any more politics on this thread and it will be closed.

 

About the man. It's sad to see such a good talent having involved in a such a famous badware - have heard about it many times before. I'm sure his good actions might be considered when he is facing the court and such.

[steven36]

16 hours ago, Pequi said:

Everything he was accused of was the result of what an anonymous criminal "said".

Hutchins did not make the video, did not offer Kronos for sale,  did not advertize it, sell it or offer encryption services. That was all the anonymous guy. There is no proof Hutchins even coded Kronos.

 

Terrifying that you can end up in jail because of what a self confessed criminal "said". Zero proof.

Hutchins must have pissed someone off ......

There is no way too know what they have on him tell he goes to trial . If they dont have no proof other than one persons testimony it won't never hold up in court ..And the Witness is convicted for the same thing he is so they will need more proof than just his word.   ..I doubt you will know anymore today than you knew before . The way the system works arraignment , trial and if  judged guilty they go back for  sentencing. Today he will have too plead Innocent or Guilty . They don't even really know if hes out on bail our was he extradited to Wisconsin. You just have too wait and see how it pans out before you assume what and what not anyone has. No need to play judge, jury and executioner ..

 

Quote

 The British cyber security expert accused of creating and selling malware that steals banking passwords has been released from a US prison, the jail has said.

Marcus Hutchins, the 23-year-old previously hailed a hero for derailing a global computer attack that wreaked havoc in the NHS, was held in Nevada Southern Detention Centre over the weekend.

Prison spokeswoman Kayla Gieni said he was ‘no longer at our facility’ yesterday (Monday) but was unable to say whether he had been released on bail as a judge had ordered on Friday.

Hutchins, of Ilfracombe, is due to appear in court in Milwaukee today (Tuesday), charged with six counts of creating and selling a malware known as Kronos.

His lawyer, Adrian Lobo, said they would fight the case and Hutchins would enter not guilty pleas to all the counts, which date between July 2014 and July 2015.

A prosecutor has said that Hutchins admitted to investigators after his arrest in Las Vegas last week that he wrote the code and hinted he sold it.

Strict bail conditions were set for Hutchins, who works for Los Angeles computer security firm Kryptos Logic, that include him having no access to the internet, surrendering his passport and being monitored by GPS.

Family, friends and cyber security colleagues had been trying to raise enough money to meet the 30,000-dollar (£23,000) bond to allow his release.

Hutchins was previously praised for for finding a ‘kill-switch’ that curbed the WannaCry ransomware that infected more than 300,000 computers in 150 countries in May.

The malicious software demanded a ransom from users so they could regain control of their machines.  

http://www.northdevongazette.co.uk/news/marcus-hutchins-ilfracombe-cyber-expert-released-1-5139642

 

[steven36]

 

Quote

 

Arraignment of UK security researcher Hutchins delayed to Monday

 

Milwaukee (Reuters) - U.S. authorities have postponed the arraignment of a British security researcher Marcus Hutchins, credited with neutralizing the global "WannaCry" ransomware attack, in an unrelated hacking case, the U.S. District Court in Milwaukee said on Tuesday.

Hutchins, 23, who was arrested last week at a Las Vegas airport, was due to be arraigned in Milwaukee on Tuesday on charges he advertised and sold malicious code that was used to steal banking and credit card information.

A clerk in the Milwaukee District Court said the arraignment has been postponed to Aug. 14.

A federal judge in Las Vegas on Friday set bail at $30,000, following Hutchins arrest prior to boarding a plane after attending the Def Con hacking convention.

Hutchins gained celebrity status within the hacker community in May when he was credited with neutralizing the "WannaCry" ransomware attack, which infected hundreds of thousands of computers and caused disruptions at car factories, hospitals, shops and schools in more than 150 countries.

His attorney, Adrian Lobo, told a Las Vegas NBC television station that Hutchins would be released on Monday and fly to Wisconsin on Tuesday to face the six-count indictment against him. He was receiving support from a "variety of sources" around the world to post his bail, she said.

 

https://www.reuters.com/article/us-usa-cyber-arrest-idUSKBN1AO1UZ

 

[Atasas]

On 8/7/2017 at 10:55 PM, Pequi said:

 

Hutchins must have pissed someone off ......

amen to that fella!

... oh wait! ransomware maker (NSA/FBI  etc) also is "the LAW" !