Stay CLEAR of the USA
As usual, if you work in security, stay AWAY from USA (or Russia).
Marcus Hutchins, the unassuming Brit who found and activated the kill switch in the WannaCry ransomware, has been arrested by the FBI in America. Hutchins had been invited over to the States for the DEF CON hacking conference, held last week in Las Vegas, Nevada, and stayed on a few extra days to do the usual touristy things …
"Stay away from the USA for whatever reason, more like."
Very unfortunate that this is so.
But I'm afraid you're right.
I just would not feel at all safe travelling to a country where I stand a chance of abuse by a border guard on a whim, with no way to protect myself from his bad morning's foul humour.
Or be arrested without known cause with no available legal consel.
Not a chance I will cross that line again. It is a very bright red line in my mind. Race war is just one of the big problems. They recently approved concealed carry of weapons by university students. Major brain drain in action now. The center of the Bell curve skewing down the curve quickly.
"Is that a revolution to change the spelling of "colour" back to being correct?"
i don't know about you but over here we pronounce the word as "col or" or "col er"... not "col our" or "col hour" ;)
i won't mention the "colour" spelling being flagged as misspelled B)
Not sure why I'm bothered, but being in IT might make me a target for some reason
To be honest, the way things are going over there, being bothered is entirely sane. It's just not worth the potential hassle to travel over there, particularly if you're going somewhere that may raise your profile (like defcon).
There aren't many countries I'd outright refuse to travel to for work, but the US is currently top of that list. To be honest, I'm not convinced I'd be too pleased about travelling to the UK if I didn't already live here, but we are, at least a long way behind the US in the arresting-for-the-fuck-of-it stakes.
If I *had* to go, it'd be with burner phone, laptop etc with no credentials to access anything until they're communicated to me once I'm safely into the country (and deactivated before I leave). Even a few years ago that'd sound incredibly paranoid, and it's scary how increasingly rational it seems to have become
Fortunately, Trump doesn't get to set the funding. He gets to ask for funding, but Congress (specifically, the House) drafts the appropriations. This is why the news (yesterday) that the Customs and Border Patrol organization explicitly told their agents to stonewall members of Congress back when the Muslim Ban (v1) was enacted is so extraordinarily foolish.
Sure, Congress isn't going to defund CBP... this isn't how you get your stretch financing goals met!
Donald Trump doesn't matter much here, except as a catalyst, slowly clearing the mud from the heads of the thickos who get policies mixed up with identity and tribalism. The ascendancy of Donald Trump is just that event in history where they accidentally dropped the pretty stage background and the ugly machinery behind the whole performance becomes visible and obvious to all.
... The president by law only has his all intrusive and lethal God-Emporer Powers over Foreigners, those un-Americans, remember. What Obama's surveillance state was indeed slagged over, not over any 'right' or 'wrong' or - god forbid - principles and stuff.
Its pretty clear we know next to nothing about whats really going on with this.
Perhaps he was arrested at the request of OUR intelligence services for all we know?
All we know for certain right now is:
- he's been detained
- it occurred just after he attended a black hat convention
- it also occurred just as the wallets were emptied
- he's confessed previously to using a fake DoB to open a bank account
They might prefer him to be arrested by the very cruel US justice system rather than the relatively well-behaved British one. The Americans arrogantly give themselves the right to prosecute offences committed anywhere in the world.
Anonymous, because I prefer them not to arrest me next time I go over there.
I was going to make some comment about the Awan brothers and arrests in airports because they fall under different jurisdiction but thought I'd search the Reg for recent Awan Brothers or Wasserman Schultz info first and find there is virtually no coverage (from those searches anyway).
Seems I may have mistaken the type of site this is.
Seems I may have mistaken the type of site this is.
While "Media" - Either you Stay on The Message or you are a "Servant of Putin", "Alt Right Cookie", "Fringe" ... whatever sticks, that's what you will officially become, basically.
Once you are one of those agents of the deplorables, you can write just anything at all, because Freedom and Democracy. Maybe not for much money, maybe to not that great an audience, and "Media" has to pay rent / mortgages like we all do.
If anyone pulled the same kind of stunts in one of those areas where "we" fly drones ... then there is one-size-fits all "solution" to that too.
'... there will be a push to move on other alternative media
that has nothing to do with Russia but that opposes US interventionist foreign policy: ZeroHedge, Lew Rockwell, Ron Paul Institute, ConsortiumNews, etc.
Crazy, you say? Don’t forget: this war against us already started last year when the Washington Post ran a front page article accusing all of the above of being Russian agents!
What would be next? Do you read any of these alternative news sites? Do you pass along articles that oppose US sanctions policy toward Russia? You are engaging in transactions. You will be subject to “sanctions” as described in the “Countering America’s Adversaries Through Sanctions Act,” which is now the law of the land.
This would never happen, you might say. The government would never compile, analyze, and target private news outlets just because they deviate from the official neocon Washington line.
Perhaps not yet. But some US government funded “non-governmental” organizations are already doing just that...The German Marshall Fund project monitors 600 Twitter accounts [that ] are “accounts that are involved in promoting Russian influence and disinformation goals.” Which accounts does this monitor? It won’t tell us. How does it choose which ones to monitor? It won’t tell us. To what end? Frighteningly, it won’t tell us.
How ironic that something called the German Marshall Fund is bringing Stasi-like tactics to silence alternative media and opinions in the United States!..'
-- Daniel McAdams,
Russia Sanctions and The Coming Crackdown on Americans
Ron Paul Institute
Russia Sanctions and The Coming Crackdown on Americans
.... and .... Once again the entire issue is reduced to "Bad American Policies applied to Americans, Oh The Horror". That is exactly why America truly deserves every inch of the rogering that Donald Trump will be giving them for the next 7 years.
So it's been, what, eighteen hours since anybody has heard from him? They took him and he's just vanished from communication? Poor sod - he's probably terrified. And with the USA's history of punishing people for being smarter than them, I wouldn't blame him.
Hope he's alright. I doubt he will be anywhere near as well-disposed to helping people or governments after this.
After a minor run in with the police and the law 17 years ago in a accidental I.T security thing at my school I'm never going to help them or anyone else again. It didn't land me in jail but it did come dam close it. What it did was cost me computer hardware + data and good amount of money (by 17 years ago standards).
He is going to feel the same way once this is over. He might work for a company in the security I.T field (or he might switch fields once he gets out from the U.S) if he feels up to it. That might not be the case in the long run. This type of things have terrible results on one mental personality.
Today, if I see a security flaw I let it be. The owner of it can deal with it on his own time and cost once everything has started to burn because if his own incompetence.
I just make sure my own gate is secure on my own systems. Everything else is treated as possible security risk.
If he's just gone missing, I wouldn't hold my breath. They could say he was abducted by aliens and no one would be any wiser (Maybe Gary McKinnon). I really hope our powers that be can intervene and get him the hell out of there. After he's been released and returned to the UK, then I suggest we take off and Nuke the site from orbit! It's the only way to be sure!
And from my recent experiences, conferences still in the US are seeing a lot fewer foreign attendees; a lot of people aren't attending because of the problems getting the necessary visas for the States (especially students from countries where the skin colour isn't in the approved range), and because of the general 'fuck you' attitude radiating from officialdom right now.
I've got a paper ready and I'd normally submit it to a US conference and then tack on a few days to see what has always been a fantastic place, but I think it'll end up going to a European conference purely because I might come back intact.
They used to call this Special Rendition but they just grabbed him when he was out of the country to save on jet fuel. They will still have to burn some fuel flying him to a country where they can torture him. I just hope he still gets the air miles.
The U.S. loves to demonize others (see, Aaron Swartz, Kim Dotcom, Ed Snowden, etc.) and use that to justify its atrocious behavior. The U.S. government plays a game of Machiavellian politics internally (states which seek government aid) and externally (countries that seek government aid). They've been doing this for nigh a hundred years. The only groups worse than the U.S. system are those who can't see that they're sheep being fleeced by the elites. Wake up people stop dealing with the Devil.
Dunno - I wouldn't hold my breath, he's only recently renounced his US citizenship.
But one story that didn't get much traction is that the NAACP has put out a travel advisory for Missouri warning black travellers about widespread racism, discrimination and intimidation by the police. That's an American civil rights organisation warning Americans about travelling in one part of America.
According to The Guardian, the US D o' J has issued an indictment accusing Hutchins of spreading the Kronos banking trojan sometime in 2014 or 2015.
For what it's worth.
I expect El Reg will update the story momentarily.
Addendum Oh, and when I write "accused" I do NOT mean that I accept that Hutchins is guilty of anything. An accusation can be nothing but a convenient excuse for harassment.
Hell of a piece of timing to suddenly get the evidence of him spreading the Kronos trojan just when he visits the USA!
Okay, obviously that was sarcasm. So the question is, if they had evidence already then why couldn't they share it with us before now. The alleged wrong-doing was a few years ago, wasn't it? So two possibilities - it's not enough to secure a conviction under UK or European law. Or they don't want to share the evidence with us and want to be able to convict him without presenting it. There are other possibilities including it's a pretext and it is to do with WannaCry. Wouldn't surprise me. But if it isn't these are the two that spring to mind.
I suppose it's possible he bragged to the wrong person and they got evidence at the conference itself, but that seems a long shot.
So the question is, if they had evidence already then why couldn't they share it with us before now.
Maybe that's not exactly how The System works?
If "they" are continuously casing everyone and everything, that would certainly be mass surveillance, which "their" lawyers always weasel about "them" not doing. Maybe it is even true too, the best lies are the truth with a few bits missing.
So, perhaps, it is only legal to for the surveillance system to case an individual, when the casing is based on quite specific criteria, such as a person entering the US?
On entry to the US, the "non-mass surveillance data" already stored on a person, "non-" because no-one looked at it yet as their lawyers has repeatedly stated, gets specifically selected and the whole package is slurped into an "AI" which then lists a range of possible crimes and their probabilities based on the data. If one or more probability exceeds a defined threshold, then the target will win a free trip to the appropriate processing facility.
And what better place for that than the return flight? There are only a few international airports, meaning flesh-bot resources are saved.
I seem to remember him Tweeting that various law enforcement agencies kept trying to shut down or seize the sinkhole server. It seems that a lot of agencies just didn't understand what was going on and were in their own little bubble.
Funnily enough, one of my bosses offered me a trip to Black Hat / Defcon. Didn't fancy the idea much then. Fancy it less now.
That server hosted the 'kill switch' for the underlying NSA toolkit upon which WannaCry was built. My guess is that it also inadvertently shut down a bunch of Five Eyes spyware as well.
Someone has to swing for the NSA's incompetence and it looks like it will be Hutchins.
I heard of bosses arranging pernicious outsourcing where you get someone to 'headhunt' a member of staff so they resign and loose all employment rights and then dont last long, if at all in the new post.
This is the logical extension where you perniciously outsink them to defcon and make up some shit for the FBI - I bet insurance would even cover your 'losses'!
.. is why I have no plans to visit the US in the future.
I have no desire to travel to a country where a decades long prioritisation of their second amendment over mental healthcare means that every idiot can carry a gun, where the mere fact that you're breathing seems to be enough for unjust lawsuits and where law enforcement has legalised state robbery via civil asset forfeiture and still operates as if Human Rights do not exist (for starters, the list of reasons is actually longer and worse, it still keeps growing).
It's sad to see so much potential just wasted.
Fair's fair: mental healthcare in the USA is better resourced and prioritised than it ever has been. Not too long ago, the deranged and dysfunctional were shunned by Society and forced to exist in cardboard boxes beneath railroad and highway bridges. Now, however, Society reaches out to such individuals and, in the case of the most severely incapacitated, provides attractive accommodation in Washington and a salary too.
"This is a side effect of people voting against their enlightened self interest."
THAT is the exact arrogance that got Trump elected. You or I have zero idea what the 'enlightened self-interest' of a Trump supporter is.. hell, THEY have no idea, though I may have a clue. They voted for the lesser of two evils and they voted for a change - regardless of how shitty and terrifying it is.
I voted Trump because, well fuck the Republicans. They are eating the shit-sandwich they've served to the working poor (of which I've been all my life and Trump changes ZERO aspects of the improvidence in it - and let's be real now.. the Democrats have in reality done fuck all themselves.) for decades and it's so fucking fun to watch the sorry old cocksuckers twist as Trump attacks everyone.
Bring on the chaos - it's what most poor in America have been dealing with for a long, long time. I think most of the Trump supporters are rather like myself.. just put in the worst candidate possible and watch Washington DC eat itself. (I know no one that actually thinks/thought he'd be a good president.. but pretty much most who voted for him knew he'd be a shitty one)
The Republicans getting the political fiasco they deserve? Couldn't happen to better people.. and it's a wondrous show. There is no self-interest left at this point, it's just schadenfreude, and it's delicious.
There is no self-interest left at this point, it's just schadenfreude, and it's delicious.
I cannot laugh at people being thrown into misery and poverty because they're stupid, however much that is the vogue. This is the potential of a whole country wasted by politicians and thieves (but I repeat myself), and I find it depressing. There is so much good the US could do it got its act together, but as far as I can tell, the politicians in Washington seem determined from letting that ever happen.
The problem with shaking things up by voting in Trump is that he got 4 full years to shake, and I fear that's too long. Shaking up is good, but doing it by earthquake was not a good idea. It's time to stop this, but also send a message to politicians of both sides: overcropping the land destroys future returns, you need to leave enough on the table to ensure the economy recovers.
I'll probably get downvoted for this but what the hell. I've been to the US countless times over the last 30 years both on business and vacations. I have never had any hassle from either the guys on immigration or the customs guys though I did once get asked a domain knowledge question by immigration related to the purpose of the visit. And I'll be going there soon on vacation. It's true that this time I'm taking a clean laptop rather than my normal one but that's the only concession I'm making to their increased paranoia. I would probably be more trepidacious if it were my first visit though, as they would have no previous history.
Having said all that, I hope the guy gets it sorted PDQ, though I wonder if there is more to this than 'security guy gets nabbed by the Feds for no apparent reason'
Isn't it sad how John shrugs off needing a fresh laptop as if it's understandable that someone would go through all your personal stuff without a warrant just because you are on holiday?
John, next time, take the usual family laptop, with all the photos of the wife and kids, and bank statements. etc. Then, refuse them access to said laptop without a warrant, then report back to us on your experience!
Terrorists my arse. If you had dodgy files to send to America, you wouldn't carry them on your laptop..
Having a Prof flying in with a very delicate item of research kit stopped, questioned for hours, told "I can deny you entry now, and for the rest of your life" by one of the goons was bad enough. I just wish I'd been there when his DARPA minder assisted by local law enforcement demanded access to him, having been waiting for him in the arrivals lounge for said number of hours plus 1. The goons tried and tried, but DARPA plus the DoD sending a senior officer and the threat of the Army being called in trumped them. He was escorted personally to the plane flying out, and warned to fly gray air (US Air Force) next time as the goons and their 'system' have long memories, fine for a research visit, a bit shite for holidays though... And that was during Obama's time.
Again, innocent until proven guilty and all
Not in the press :(. That said, I suspect their antennae went up when he was so quick to take WannaCry apart and stop it, I don't have enough facts to have an opinion either way.
Until there is more information I have to consider him innocent. I don't like newspapers calling him Wannacry "hero" because that clearly hints they're setting up a fall from grace story if a court finds him guilty, like buzzards circling a soon to be corps in the desert.
"Murkin" here: It's a conspiracy indictment, the guy is cooked. If he had lived as a silent member of a holy order, he could still be guilty in the US courts because he "associated" with others. Conspiracy seems to be the charge we file when you can't convict on any other facts, and only that you have "associated" with any other person is in itself the crime. You end up having to try to prove your innocence, sort of like the witch trials: if you drown, you were innocent, oh, too bad.
From the indictment, Marcus Hutchins is listed not as primary but subordinate to the other "conspirator". This tells me the Feds really want the guy who marketed and sold the malware. They want to pressure Marcus to identify the other "conspirator".
Marcus has something they want. Looks like leverage to me for a release.
But I really can't. I also wish I could blame Trump for this, but I really can't because it started well before he even thought about running.
Now it is possible this arrest is legitimate so I think there's a bit of 'rush to judgment' here, but regardless of that you have to accept that it is quite possible he's being arrested on bogus charges. Perhaps as a pretext to get some info they think he has, or because he wasn't properly cowed and submissive for the power mad TSA dweebs.
You can. Keep all of this in mind the next time you vote.
It's no joke: the country depends on people continuing to do the right thing in the face of abject stupidity and be vocal about the reasons why.
The US not the orange guy or his cronies. It's all the other people.
And who exactly would I vote for to make this change? Clinton and Trump are identical in this respect. I voted for neither, but unfortunately the third party candidates have no chance because the system is rigged for a two party system and the republicans and democrats will never support a constitutional amendment that would be required to fix this, because they would be hurt by it - they will present a united front in favor of the two party system.
The dilemma is the same for my congressman and senators.
Hell... I live here in the States and I'm sweating things and I'm not in "Security". It's a race or so it seems to the bottom. I'm wondering which country will lower the bar next... ?
Don't get too smug those of you in Blighty... I think the next step to the bottom in now for your leaders. We'll come up with something even more insane but then you'll get your shot again. Seems to be the way this race is going.
Sorry, not in this forum, it's off topic
I'm glad I waited to comment on the article, though. Sounds like the Feds may have some legit reason for questioning "our hero" (re: new article mentioned at the end in an update to this one)
but if you want more on capitalism, etc. there are smarter people than me who have done an excellent job of making this point. I suggest Prof. Walter Williams from George Mason University as a good start.
Easy - Debt is an Asset to the Lender. From the US perspective, their vastly superior economic policies just produce more of an asset that "The Market" wants to buy (must buy, if they want oil and like to not become "a regime", because everyone knows what happens to a regime, but, ... details ... proper people LIKE the USD).
Having a huge, ginourmous, debt is only a problem if you have to pay it back or service it. With ZIRP the service problem is finally fixed once and for all. With control of the issuing of the denomination currency, you can always print enough money to pay it back, which solves that problem.
So, given that we are the happy lenders, why should the US NOT run up as huge a debt as possible and blow it on nice things like natural resources, political influence, Ukrainian hookers and drugs?
It's the *rational* thing to do!
Can Big John or Bombastic Bob please explain to me how capitalism is superior to "lefty lunacy" or "liberalism" when the USA has the biggest national debt in the known universe.
If you have the right friends it's easier to fleece the peasants? Debt is not your problem because you can just move when things go wrong. In the left system you still have to fight off loonies that talk about sharing and common good as if that was ever the actual aim, that's never a problem with capitalism.
For the record and for the sarcasm impaired, I'm being sarcastic here.
New Trojan from the Russian Underground
While major players like Zeus, Gozi, Citadel and other advanced financial malware dominate the malware threat landscape, newcomers and challengers always try to get a share of the cyber crime market. One such new malware that was recently made available for purchase in a Russian underground forum is the Kronos malware. With a $7,000 price tag, this malware offers multiple modules for evading detection and analysis as well as an option to test the malware for a week prior to buying it.
Read a translation of the original text from Russian underground forum
I present you a new banking Trojan
Compatible with 64 and 32bit rootkit Trojan is equipped with the tools to give you successful banking actions.Formgrabber: Works on Chrome, IE, FF in latest versions. Works on the majority of older versions as well. Steals logs from each website Webinjects: Works on latest Chrome, IE, FF, latest and majority of older versions. Injections are in Zeus config format, so it’s easy to transfer the config from one another.32 and 64bit Ring3 rootkit: The Trojan also has a ring 3 rootkit that defends it from other Trojans.
Proactive Bypass: The Trojan uses an undetected injection method to work in a secure process and bypass proactive anti-virus protections. Encrypted Communication: Connection between bot and panel is encrypted to protect against sniffers. Usermode Sandbox and rootkit bypass: The Trojan is able to bypass any hook in usermode functions which bypasses rootkits or sandboxes which use these hooks.
1000$ a week of testing. The server will be hosted only for you. You need just a domain or a payment including the domain fee. You’ll have full access to the C&C, without any limits or restrictions during test mode.7000$ Lifetime product license, free updates and bug removals. New modules will not be free , and you will need to pay additionally. We accept Perfect Money, Bitcoin, WMZ, BTC-E.comCurrently the Trojan is written in its fullest. Next week we will have tests and bug fixing, then release. Pre-ordering the Trojan will give you a discount.
Ok so firstly he definitely broke the law... you may not be aware of this but it's illegal to use a gun here in the USA unless you are at least a permanent resident aka green card holder even in a gun club / shooting range. I know as I tried once before I had a green card.
Secondly, poacher come game keeper game keeper come poacher who knows... innocent till proven guilty but there is due process here and as there are plenty of treaties between uk and USA I'm sure it will shake out.
I also think the paranoia about American madness is unnecessary, I seem to remember we've just gone through riots in Germany ? Anyone can pick wholes in any country because none of us are perfect.
"Anyone can pick wholes in any country because none of us are perfect."
I don't have the heart to Grammar-Nazi this, even though it's usually worth a bunch of upvotes.
Fully Completely is the title of a song and album by The Tragically Hip from 1992.
We all know about Assange and Snowden and Manning. But it *is* possible that the next whistle-blower will seek to contact an "untouchable" foreign hero to get the precious info out of the country. Or is that just in Hollywood movies?
"I also think the paranoia about American madness is unnecessary"
What state of mind should one have then regarding the American madness, in your opinion?
I agree that paranoia isn't correct, as it implies that the madness isn't real.
I, personally, feel more of a growing concern that the "free" aren't so free, and the "world leader" is only leading in greed and stupidity.
Care to share this using a firearm in the USA resident requirement statue? I can't find it anywhere. I've never heard of anything like it. It sounds downright unAmerican to me in fact. Especially on a private range. In Nevada you can fire fully automatic weapons on a range. Some 9 year old girl had some trouble with that there. So you are talking about a state that's handing 9 year old girls machine guns. That wasn't even the problem! It was who she ended up shooting that was. That occurred in Las Vegas. But if she hadn't hit anyone it'd have all been good then too. Now you're suggesting that a foreigner is going to have difficulties? Bud we'd let our dogs shoot here, if we could train them to.
I am a US citizen, yet when I recently attempted to purchase a small and compact firearm (for personal protection purposes), was met with a "Delayed" status from the FBI (background checks are mandatory btw), suggesting that I am something less than a law-abiding citizen. Upon further inquiry, my status has been upgraded to "Appeal" which to me indicates some further interest into my background. Aside from the compulsory DUI from 20 years ago (current age withheld), I have recently served overseas (read Middle East) and posses a SECRET security clearance, which is still valid as far as I know... so I'm thinking that there's some newbys in the AGENCY that are maybe trying to make a name for themselves... just sayin'... FFS???
So the paperwork says he committed the offence in Wisconsin and elsewhere sometime between July 2015 and July 2015 but the paperwork to detain him was only filed on the 12th of July this year? Not only is that remarkably vague but smacks of the US authorities knowing they had insufficient evidence to go for extradition, even with our (UK) lapdog approach to relations with the US, so they held off until he was in the country before filing papers. As in waited until he had little or no hope of avoiding arrest before accusing him of a crime.
he slept in the lobby because his phone was dead and his wallet had been stolen... while he slept, someone was kind enough to charge his phone for him... he took the phone with a 5% charge and called Uber to take him back to where he was staying... gotta wonder, now, who really stole his wallet... he'd been in Vegas for over a week driving high end rental cars, visiting shooting ranges, and doing other touristy things... if the FBI knew who he was, they could have nabbed him at any time before he was heading home... the whole thing reeks of shite...
Biting the hand that feeds IT © 1998–2019