back to article WannaCry-killer Marcus Hutchins denies Feds' malware claims

Marcus Hutchins, the WannaCry ransomware killer and now suspected malware developer, was told by a Las Vegas court on Friday he can be released on bail. He also denied any wrongdoing. The British citizen was sensationally arrested and taken into custody on Wednesday by the FBI. The agents swooped as he was about to board a …

  1. Oh Homer
    Childcatcher

    Proportionality? We've heard of it.

    Yup, some white-hat hacker who stops serious malware outbreaks is clearly a major threat to national security, and must be shackled and jump-suited like a terrorist.

    Remember the engineer who was fined for having the audacity to suggest a better traffic lights timing algorithm?

    America is beyond insane. It's criminally deranged.

    1. Kaltern

      Re: Proportionality? We've heard of it.

      Unfortunately, those pulling the strings want things to be seen to be happening, and as per usual, they go after those who are the easy target, those who can be used as a scapegoat to avoid having to investigate (openly) those really involved with these attacks.

      Openly investigating a country is a risky business, and by arresting this guy, they can pretty much place the blame squarely on one man. Regardless of the damage it'll do to not just him, bu everyone who does what he does, it'll happen, Americans will swoon with delight, and the rest of the Western world will move on, like has happened countless times before.

      1. Anonymous Coward
        Anonymous Coward

        Re: Proportionality? We've heard of it.

        What makes you suppose Americans like what's happening here? This is what happens to a country after eight years of radical community organizing. Incompetent organizations and corrupt department heads. The bureaucrats now feel like they're our masters instead of our servants. Even a President won't be able to stand in their way if they manage to pull off this slow coup they're attempting against Trump.

        1. Aitor 1

          Re: Proportionality? We've heard of it.

          They keep voting the people who make these things happen. So they either like it or dont care.

        2. Anonymous Coward
          Anonymous Coward

          Re: Proportionality? We've heard of it.

          >is what happens to a country after eight years of radical community organizing

          Bet if you check his post history will find him complaining constantly about Obama blaming Bush but six months in everything is still Obama's and the Dems (in charge of nothing) fault. Unashamed breathtaking hypocrisy goes with the ideology (see complaining about one party passing legislation alone and then turning around and doing the same thing). The kind of poster that is the problem not the solution.

          1. DougS Silver badge

            Re: Proportionality? We've heard of it.

            Wow, Big John finds a way to blame everything on Obama. The government was fine until "that community organizer" came along, no abuses of power happen under republicans in Big John's alternative facts based world!

          2. John Brown (no body) Silver badge

            Re: Proportionality? We've heard of it.

            "find him complaining constantly about Obama blaming Bush but six months in everything is still Obama's and the Dems (in charge of nothing) fault."

            SOP. Labour, after 13 *years* in power, were blaming all the worlds woes on the Tories, right up to the infamous "there's no money left, we spent it" note. Likewise, the Tories, now in their second term, are still blaming Labour for all the worlds woes.

            1. Anonymous Coward
              Anonymous Coward

              Re: Proportionality? We've heard of it.

              >SOP. Labour, after 13 *years* in power, were blaming all the worlds woes on the Tories, right up to the infamous "there's no money left, we spent it" note. Likewise, the Tories, now in their second term, are still blaming Labour for all the worlds woes.

              Yes yes I am aware of how politics (human nature) works but I am not naive enough to actually believe its only the other guys that do it and my sacred world view is the only one that matters. Got enough jack wagons to fill a warehouse believing that as it is. Ole Big John is simply a drop who doesn't think he is responsible for the flood.

              1. DougS Silver badge

                @AC 'blaming those who came before'

                We're seeing an interesting variation of that in the US, as Trump and his supporters are taking full credit for unemployment being at 16 year lows. Yes, using the same supposedly "rigged" system of measurement used under Obama they claimed was hiding far higher "real" unemployment, and nevermind that the rate was more than cut in half from where it was a couple months into Obama's first term (the depth of the great recession)

                Somehow I think there would be no irony felt by Trump or his supporters if for example the economy soured next year and unemployment went back up. Somehow that would be Obama's fault, despite Obama getting none of the credit for the unemployment continuing the slow drop that begun within a few months of him taking office.

                Politicians know it is ridiculous, the problem is their partisan followers are all too eager to lap up bullshit that fits their biases so of course they capitalize on that. People love to blame a president they hate for high gas prices, even though presidents have almost zero influence on it. Conservatives everywhere blamed Obama for high gas prices, even though he had nothing to do with it. They gave him no credit when they were cut in half, but were right in that case because he had nothing to do with that, either.

                Presidents do have some influence on the unemployment rate, but only loosely - to the degree they can affect the economy, and it typically takes a few years for anything that affects it (like for example a change in tax rates) to work its way through the economy to the point where it affects companies decisions on whether to hire or fire.

        3. Oh Homer
          Paris Hilton

          Re: "years of radical community organizing"

          Really? I though it was due to years of neoliberal hegemony (or what we on this side of the pond like to refer to euphemistically as "deregulation"), resulting in (amongst many other things) a for-profit prison service, and subsequently the world's highest rate of incarceration.

          I'm not actually aware of any "community organizing" in America, and certainly none with any financial or political influence. I assumed that the entire concept of "communities" had been shunned by the prevailing isolationist mentality in America. I'd certainly be very interested to learn how any such community was somehow responsible for the authorities treating a benevolent geek tourist like a fucking terrorist.

          1. Anonymous Coward
            Anonymous Coward

            Re: "years of radical community organizing"

            ... resulting in (amongst many other things) a for-profit prison service, and subsequently the world's highest rate of incarceration.

            Not true, I am afraid. The modern USA prison population boom started in 1975. The first modern private prisons did not appear until a decade later, at which point the US incarceration rate already doubled compared to the first half of the 20th century. According to the ACLU, private prisons are presently accounting for 7% of state and 18% of federal prisoners. The rest (ie the vast majority) are held in the publicly-operated facilities.

            Whatever are the reasons for the Americans' enamourement with jails and incarceration, greed is at best a contributing factor, not the root cause.

          2. Anonymous Coward
            Anonymous Coward

            Re: "years of radical community organizing"

            "a for-profit prison service, and subsequently the world's highest rate of incarceration."

            That sounds good to me, next step anyone whose been on the dole for over a year.......

            Anyone who cant or wont make a contribution...

        4. strum Silver badge

          Re: Proportionality? We've heard of it.

          > This is what happens to a country after eight years of radical community organizing.

          The US "Justice" system was pants, long before Obama's election. Your derangement explains why.

      2. Matt Bryant Silver badge

        Re: Kaltern Re: Proportionality? - FAIL!

        "Unfortunately, those pulling the strings want things to be seen to be happening, and as per usual, they go after those who are the easy target, those who can be used as a scapegoat to avoid having to investigate (openly) those really involved with these attacks...." Wow, did you use a time-machine to go forward and carefully examine ALL the evidence, as will be presented in court, or did you just jump to that pat (and, frankly, paranoid) conclusion? I'm betting on the jumping like a frightened bunny option.

        It could be that parts of the code used for Kronos was written by Hutchins, either as an innocent act of stupid techno-bragging, or with a real intent to demonstrate rooting code (though that's a bit like claiming "hey, I taught that guy how to rape, but I never actually thought he'd do it"). Or it could be he had a mate sell the code so he could make some money and claim he had nothing to do with Kronos. The prosecutor will have to show Hutchins profited directly from Kronos to win. Wait until the court case and see.

        1. Domquark

          Re: Kaltern Proportionality? - FAIL!

          @ Matt Bryant

          Though that's a bit like claiming "hey, I taught that guy how to rape, but I never actually thought he'd do it"

          So a gun manufacturer could say "Hey, I mass produced millions of guns (a device designed to kill, maim or injure), sold them to millions of people, but never thought anyone use one to kill/maim/injure someone".*

          No, sorry, your argument doesn't work.

          The problem is that sharing such code is standard practice. What is done with it after sharing is beyond the original creators control. While I agree that we should wait for all the evidence, there are some serious issues with the case already.

          Firstly the mystery co-defendant.

          Secondly, his admission of guilt (without legal representation present) - although if all he did was share the code, he probably though he wouldn't need representation. So [the most likely secinario is that] he was honest and admitted that the code was originally his (before being used by someone else in Kronos).

          Thirdly the timing of his detention. If he was of such interest for so long, the FBI would have arrested him on entry, not exit. He would have been too much of a flight risk not to detain him on entry. Why do you think the FBI asked for him [in court at his indictment] to be detained without bail because they considered him to be a flight risk?

          Fourthly, the lack of evidence presented at his indictment. While not all evidence needs to be presented by the prosecution, enough evidence must be shown for detention. All that was presented were accusations, not evidence (so not following standard legal procedure).

          Fifthly, the extremely low level of bail set by the Judge. This is perhaps the most compelling, as it suggests that the total amount of evidence and it's quality (as seen by the Judge) is actually quite low (otherwise the bail would have been set in the millions, not tens of thousands).

          I'm (and many others here) are not saying that he is innocent. But there is a lot about this case that smells fishy.

          * US weapons manufacturers are all but immune from prosecution in such cases.

          1. Matt Bryant Silver badge
            FAIL

            Re: Domquark Re: Kaltern Proportionality? - FAIL! Fail again.

            ".....So a gun manufacturer could say "Hey, I mass produced millions of guns (a device designed to kill, maim or injure), sold them to millions of people, but never thought anyone use one to kill/maim/injure someone".*...." Actually the gun manufacturers expressly sell the weapons most commonly used in murders (handguns) in the hope they will be used to protect people. But of course, you don't know that because you never bothered to look at the gun companies, you simply took as gospel the line fed to you by the anti-gun crowd.

            "....The problem is that sharing such code is standard practice....." True, but that is not the issue. He is accused of not just sharing the code, but of co-operating in or instigating the design and sale of malware using some of his previously shared code. Try reading the article.

            ".....Secondly, his admission of guilt...." Yeah, more like he was shown his own blog and realised he'd look pretty stupid trying to deny it was his. Duh!

            "....Thirdly the timing of his detention....' He was on American soil for the first time since the Kronos issue arose, so the timing is not surprising, it's simply more convenient as the FBI didn't have to worry about trying to extradite him from the UK and then facing the same ridiculous shrieking as surrounded the Lauri Love and Gary McKinnon farces.

            ".....Fourthly, the lack of evidence presented at his indictment...." The authorities presented enough to keep Hutchins where they wanted him - in the US and awaiting trial. There was no need for them to go into greater depth because the judge agreed with their presentation. Again, READ THE ARTICLE!

            ".....Fifthly, the extremely low level of bail set by the Judge....." And how did you come to the conclusion it was an abnormally low amount for such a case? Did you look at other fraud or embezzlement cases of similar amounts? No, you just leapt to a pat conclusion.

            "....I'm (and many others here) are not saying that he is innocent. But there is a lot about this case that smells fishy....." What you are saying is you desperately, desperately want to baaaaahlieve he is innocent simply because you harbour faddish anti-American baaaaaahliefs inherited from the socio-political bubble of like-minded baaaaaahlievers you choose to spend time with.

            1. Domquark

              Re: Domquark Kaltern Proportionality? - FAIL! Fail again.

              Oh dear.

              I think you need to pop out and clean your "Kill 'em all let God sort 'em out" and "God is a member of the NRA" bumper stickers........

              1. Matt Bryant Silver badge
                FAIL

                Re: Domquark Re: Domquark Kaltern Proportionality? - FAIL! Fail again. Again

                "....I think you need to pop out and clean your "Kill 'em all let God sort 'em out" and "God is a member of the NRA" bumper stickers........" Oh dear, I see that you have completely given up (not surprisingly) on countering the points raised, and have instead tryped (sic) some more bigoted remarks, this time assuming anyone pro-gun is a bible-thumper. Did you go to www.idiotsthatneedstereotypes.com for that one?

                Seriously, if you can't defend your position, at least try accepting your defeat with some grace.

    2. Flocke Kroes Silver badge

      Re: Guilty

      Saying anything other than "Lawyer please" and "no comment" during a police interview is a crime: "lying to the police". Even if you know what every law is, never broken any of them and answer truthfully, the officer can still fail to remember your exact words when he writes his interview report.

      The other fun part of being a foreigner released on bail in the US: no work permit. You will be stuck there for months waiting for a court date.

      1. John Brown (no body) Silver badge

        Re: Guilty

        "You will be stuck there for months waiting for a court date."

        Considering innocent unless proven guilty, I wonder how much his US employer is doing to help him?

        1. Prst. V.Jeltz Silver badge

          Re: Guilty

          "You will be stuck there for months waiting for a court date."

          Or in Kevin Mitnick's case ... a lot longer ... inside not outside on bail.

          (ok he was definitely guilty but that's beside the point)

      2. Matt Bryant Silver badge

        Re: Flocke Kroes Re: Guilty - FAIL!

        "....the officer can still fail to remember your exact words when he writes his interview report." Which is why interviews are taped. Please go lose the tinfoil.

        1. ciaran

          Re: Flocke Kroes Guilty - FAIL!

          The reason they are taped is because the police kept misreporting the interviews. For more US police fun, see this report on a bodycam showing a policeman planting evidence..

          https://www.theverge.com/2017/8/2/16084258/baltimore-police-body-bams-evidence

          Also current in the US, they have a law that lets the police steal anything valuable from you, and its up to you to sew the police force to get it back

          https://en.wikipedia.org/wiki/Civil_forfeiture_in_the_United_States

          So generally any protection a tinfoil hat can provide is worth the money.

          1. Matt Bryant Silver badge
            FAIL

            Re: Flocke Kroes Re: Flocke Kroes Guilty - FAIL!

            "The reason they are taped is because the police kept misreporting the interviews...." No, it was because people accused the police of fabricating confessions. Taping interviews (and videoing them) removes the chance that a criminal could get off by saying the police fabricated his confession. Strange, you now seem to recall the taping of interviews, you just want to pretend it somehow didn't apply to Hutchins?

            "....For more US police fun, see this report on a bodycam showing a policeman planting evidence...." <Yawn> Yes, try and divert attention from the fact you just had to admit your original post was stupidity of the highest order.

            "....Also current in the US, they have a law that lets the police steal anything valuable from you, and its up to you to sew the police force to get it back...." More diversion, only this time regurgitation of more anti-Yank boilerplate. The law in question states that items can only be confiscated when there is a real and demonstrated case that the items or money were the result of criminal activity, and happens in the EU also. Joe Blogs walking down the street is not going to have his clothing confiscated on some policeman's whim, but Jose Blogski - who does not have a job or visible means of support to justify his carrying large amounts of cash - walking out of a known drug-dealer's house with 5K Euros in cash is just as likely to have the cash seized. You really should read your own links before trying to cast unfounded aspersions on the US authorities.

            1. Anonymous Coward
              Anonymous Coward

              Re: Flocke Kroes Flocke Kroes Guilty - FAIL!

              "....Also current in the US, they have a law that lets the police steal anything valuable from you, and its up to you to sew the police force to get it back...."

              More diversion, only this time regurgitation of more anti-Yank boilerplate. The law in question states that items can only be confiscated when there is a real and demonstrated case that the items or money were the result of criminal activity

              Err, no. See, for instance, this report but there's plenty more out there. The problem with CAF is that there is no real control on abuse, and recovery from such abuse is exceedingly complicated. Add to this that the police forces directly benefit from CAF by being able to keep anything from a hefty percentage to all of it (or the proceeds of the sale of the seized assets) and it was not just possible that CAF would be abused, it was pretty much certain. It's almost as if it was written for that explicit use because the controls on this law would be laughable if the consequences for the population weren't so dramatic.

              Quite frankly, CAF turns a police force into licensed, armed thieves who will hit upon anyone who is unlikely to be able to jank the whole sorry gang in front of a judge and sue the living daylights out of them - it's a good thing the ACLU started to support cases but it should not have been needed.

              and happens in the EU also

              Tsk tsk, Matt, engaging in whataboutism? It's almost as if you don't have much confidence in your own arguments..

        2. CrazyOldCatMan Silver badge

          Re: Flocke Kroes Guilty - FAIL!

          Which is why interviews are taped

          "Err.. sorry yer honor, but we don't seem to have those tapes"

          Sotto voce

          Quick guys, go and make sure they are properly lost eh?

          /SV

    3. a_yank_lurker Silver badge

      Re: Proportionality? We've heard of it.

      Given the tragicomedy going on in DC with the donkeys in the House who apparently used a Pakistani mole for their IT administration and other assorted stupidities by the elephants as well we could use some criminals to run the country. At least they would be fairer to the proles.

      1. anonymous boring coward Silver badge

        Re: Proportionality? We've heard of it.

        "we could use some criminals to run the country"

        Not sure what you mean? You have some of the biggest ones running it right now...

    4. The Man Who Fell To Earth Silver badge
      FAIL

      My money is on this turning into another on of these fiascos for the Feds

      https://www.aps.org/publications/apsnews/updates/xicharges.cfm

    5. Tom Paine Silver badge

      Re: Proportionality? We've heard of it.

      America is beyond insane. It's criminally deranged.

      America's screwed, because all this insanity can be traced back to the Constitution in the end. Until they rip it up and start again from scratch, nothing will change. And obviously that won't happen until they've had one of the sort of events that have lead to European countries' constitutions being about 30 or 70 years old. You know the sort of thing: invasion, dictatorships, revolutions, invasions... in the case of the US it'll be a civil war. I could imagine Trump, as they perp walk him out of the White House in cuffs, yelling that it's a coup and patriots should rise up and revolt (or some such scenario). Or a scenario where escalating protests and civil disorder leads to police or army being ordered to open fire on crowds indiscriminately, or suchlike, and mutinying. Or maybe it won't happen for another 150 years, who knows? But sooner or later things are going to go very pear shaped.

      1. Anonymous Coward
        Anonymous Coward

        Re: Proportionality? We've heard of it.

        And I thought I was a cynic. And yes, we know civilizations rise and fall, but there's no need to get morbid about it.

      2. crob

        Re: Proportionality? We've heard of it.

        I live here. Been saying what you just said for some time. It's getting hotter and hotter every year. At some point, the dam will break.

    6. anonymous boring coward Silver badge

      Re: Proportionality? We've heard of it.

      "America is beyond insane. It's criminally deranged."

      Yes. Certain institutions (FBI, CIA, NSA) feel they have a monopoly on security research, and everyone else should never touch the stuff. America, World Police, here we come!

    7. Anonymous Coward
      Anonymous Coward

      Re: Proportionality? We've heard of it.

      Having been in the jumpsuit and shackles myself, I somewhat understand the other side of the coin.

      1) For the most part, they have to treat everyone the same, special circumstances withheld.

      2) It is for safety purposes. While a person may not have a documented history of violence, it in no way removes the possibility of a person doing violent things to other inmates as well as the law enforcement/court personnel.

      Basically it is for show so the people in the court system feel safe. Where I was, they simply ran a chain around your waist and looped through your handcuffs. If you ever so slightly extended your stomach, it provided you enough slack later on to actually wiggle the chain up over your head and free your arm movement. In the holding cell at the court house, the toilet was around a corner from the guard's desk. Almost everyone that went to take a leak freed themselves like this. Having a chain to swing around at people, or to choke them, certainly isn't safe. Within the jail itself, they used leather belts drawn real tight. I never understood why they used chains for transporting.

      On a side note; A yellow jumper where I was meant administrative segregation. That could mean a variety of things such as medical, mental health issues, disciplinary reasons, or protective custody.

      1. Oh Homer
        Childcatcher

        Re: "Basically it is for show"

        Well it's showing more than just the paranoid members of your court system, it's showing the entire world that America is a brutal regime that treats non-violent suspects no differently than terrorists.

        It's not just the fact that the nature of the alleged crime in this case clearly doesn't warrant such harsh treatment, it's also the fact that the suspect has not even been prosecuted, and is therefore supposed to still be presumed innocent, and yet is being shackled and caged like an animal, and forced to pay entirely non-refundable "fees" just for the privilege of being arrested.

        As bad as things are in the UK (and yes they are extremely bad), if we treated our non-violent suspects like that over here, there would be public outrage and criminal proceedings against the violators.

        1. Anonymous Coward
          Anonymous Coward

          Re: "Basically it is for show"

          I certainly don't disagree with your response to my comment. It's pure shit being locked up and already treated as guilty. It's a lot worse when you're set free, having never been proven guilty, and STILL are treated as guilty by society.

          Privatized prisons/jails are an epic failure of my country. Our criminal justice system is often a joke. But herein lies a problem. Who the hell is going to prioritize changing this system? They'll argue that 'most' of the people in prison/jail are guilty, that it's an acceptable failure rate to have a few innocent people caught up in the system. Besides, treating (suspected) criminals better isn't going to win you many votes. Just to make sure of that, felons are prohibited from running for public office and sometimes, even from voting.

          1. Sir Runcible Spoon Silver badge

            Re: "Basically it is for show"

            @Matt

            "The law in question states that items can only be confiscated when there is a real and demonstrated case that the items or money were the result of criminal activity"

            That would be fine, but that isn't the case is it? If a police officer *suspects* that the asset is the result of criminal activity, then they can just take it. It is then up to the previous owner of the asset to prove that it wasn't the result of illegal activity.

            Wide open to abuse, and it certainly has been. I didn't think even you could defend such an outrageously oppressive policy (unless you're trolling of course).

            1. Matt Bryant Silver badge
              Facepalm

              Sir Runcible Spoon Re: "Basically it is for show"

              ".... I didn't think even you could defend such an outrageously oppressive policy (unless you're trolling of course)." As I pointed out in my response, it is no different to the asset seizure laws enacted in the EU, so to try and imply they are an American-only "abuse" is to ignore their application in so-called "enlightened" countries. Are you saying you therefore disagree with the similar EU laws?

              As it stands, the US laws have previously been used to confiscate the loot of drug dealers for decades, with billions of the seized assets and cash having been used to compensate victims of crime. Eric Holder ramped down the seizures but did not eliminate them. It has gained more attention recently because Jeff Sessions said he planned to ramp it back up, and anything related to Trumpet's administration is immediately and hysterically targeted by the Left as being "bad". Are you suggesting that the cartels, responsible for thousands of gang-related deaths in Mexico alone every year, shouldn't have their assets targeted?

              1. Sir Runcible Spoon Silver badge

                Re: Sir Runcible Spoon "Basically it is for show"

                "Are you suggesting that the cartels, responsible for thousands of gang-related deaths in Mexico alone every year, shouldn't have their assets targeted?"

                Now, now, you know very well I was objecting to the abuse of such laws, mostly allowed by the lack of control over their use. In answer to your other question, yes, I would object to these types of laws being abused in Europe as well :P

  2. Mephistro Silver badge

    A question for some American lawyer

    If/when he's found not guilty, will the USA judiciary reimburse his expenses? (lawyers, lodging, ...)

    Because this accusation smells like a truckload of fresh poo.

    1. Jason Bloomberg Silver badge

      Re: A question for some American lawyer

      More likely get charged with wasting police time.

      Given his background; there's probably something the authorities can find which they can convince him an American court would find him guilty of and will have him agreeing to a plea bargain which will be used to justify his arrest, prosecution and persecution.

      1. Boo Radley

        Re: A question for some American lawyer

        The deck is stacked against him, he can either plead guilty for a lesser sentence or go to trial. 95% of defendants going to trial are found guilty.

        1. Baldrickk Silver badge

          Re: A question for some American lawyer

          that stat doesn't mean much. What were you expecting? 50% Typically, cases only go to court when they can be reasonably sure of getting the conviction. Waste of time and money otherwise.

    2. EveryTime Silver badge

      Re: A question for some American lawyer

      "If/when he's found not guilty, will the USA judiciary reimburse his expenses? (lawyers, lodging, ...)"

      Of course not.

      It's worse than you are imagining. For most people posting a $30K bail means going to the bail bondsman and paying them $3K to post a court-accepted bond for you. That's $3K that you'll never get back. Even if you are completely exonerated. Even if public officials were negligent or malicious. Effectively just being arrested resulted in a $3K fine.

      If you are released on bail, you'll typically have to pay for all expenses. That includes paying a high rate for a GPS tracker, paying administrative fees, and paying for a court or law enforcement official to check up on you. Again, none of this is recoverable if you are exonerated, and it keeps adding up until you agree to a plea bargain.

      1. Doctor Syntax Silver badge

        Re: A question for some American lawyer

        "Again, none of this is recoverable if you are exonerated"

        Sue back in the UK? After all if the US wants to reach the rest of the world with its legal system why shouldn't the rest of the world reach them?

      2. Infernoz Bronze badge
        Devil

        Re: A question for some American lawyer

        It sounds like the US 'law' (statute policy) enforcers should be sued for slander, libel, kidnapping, coercion, extortion etc. for this completely unfounded persecution and unfair process. Oh course the neo-con, criminal thug, infiltrated state will probably just say get lost.

        The UK should end all deportation agreements with the rogue corporation called the USA, because they take the piss with their deportation requests too!

        Non-US computer security people should blacklist the US as a place for meetups because the USA corporation can't be trusted not to arrest foreigners on flimsy and bogus evidence!

        Personally, I will never even consider visiting the US while they have their TSA thugs and unsafe human body scanners!

        1. This post has been deleted by its author

        2. Matt Bryant Silver badge

          Re: Infernoz Re: A question....

          Wow, IMHO, that was the most impressive troll snark EVER. The problem is it will float right over the Webkidz addled, paranoid heads, as it is a pretty exact parody of their tragi-comic "thought process". A shame they will never appreciate the true genius of your wit. Sir, I salute you.

          1. Prst. V.Jeltz Silver badge
            Paris Hilton

            Re: Infernoz A question....

            @ Matt Bryant

            re " that was the most impressive troll snark EVER"

            Who you talikin to? yours is the 10th reply to a post and due to the Regs rather limited threding I cant tell wether you replying to OP or to one of the replies. I did read and try to work it out from context , but inconclusively

            1. Glenturret Single Malt

              Re: Infernoz A question....

              Who you talikin to?

              The clue is in the title: "Infernoz....."

              Have a look back at the names of the ten or so posters you refer to.

      3. AlbertH

        Re: A question for some American lawyer

        I do know one guy (he's Dutch) who sued the State of Oregon for the refund of his Bail Bond, his legal expenses, lost earnings and even for the replacement air ticket he had to buy to get out of the country! It took over two years - and more expense - but he recovered the whole lot. It became an obsession, but he stuck it out and eventually won - from outside the USA.

        The US judicial system is really broken - particularly for foreign visitors. I certainly won't be going there again any time soon!!

        1. Sir Runcible Spoon Silver badge

          Re: A question for some American lawyer

          A brief risk analysis of the general attitude being shown by the US Justice system has resulted in a "Nope, never going there" result.

          A shame really, as there is still a lot about America, and Americans, that I like.

      4. Oh Homer
        Big Brother

        Re: "Effectively just being arrested resulted in a $3K fine"

        What an utter travesty, and sadly true.

        [B]ail bond fees,” the 10th Circuit judges wrote, “are administrative costs, rather than costs of prosecution, and therefore do not violate due process when imposed on a defendant who has been acquitted.
        Why am I suddenly reminded of Terry Gilliam's Brazil?

        American Freedumb® at its finest.

        1. John Brown (no body) Silver badge

          Re: "Effectively just being arrested resulted in a $3K fine"

          "administrative costs, rather than costs of prosecution, and therefore do not violate due process when imposed on a defendant who has been acquitted."

          That is just so wrong, and the sad thing is, they think it's right. In a civilised system, you simply cannot impose "administrative charges" on someone found not guilty. If the state mistakenly arrests someone without enough evidence, it';s on the state to pay for it, not the "not guilty" defendant.

          It's not as if it's not happened here in the UK either, sadly.

    3. TheElder

      Re: will the USA judiciary reimburse his expenses?

      Sure, maybe. It will take many years to wind through the system after he tries to sue them. Cost will be astronomical and must be paid in advance. Absolutely no guarantee he will win.

      I wonder about the little tracker. There must some way to hack it. I have an old GPS watch and I can fool it pretty easily. Radio reflects all sorts of ways. Metal buildings and Airports come to mind.

    4. veti Silver badge

      Re: A question for some American lawyer

      No. What will happen - best case - is that he'll be charged with overstaying his visa (because by then he'll have been in the USA, detained, for about two years), booted out and never allowed to visit again.

      If he's *really*I lucky, they may not even press the bill for his jail accommodation.

  3. Lion

    This is akin to treating a hornet's nest like a pinata. It can only end badly.

    1. TheElder

      It can only end badly.

      Not if you have a powerful vacuum cleaner. Just a random idea since I used a vacuum cleaner to clean a very big hornets nest once. I didn't store the hornets (no bag) but they cannot fly with wings ripped off.

      1. Mahhn

        Re: It can only end badly.

        I've done that also, worked great. The Kirby blades stopped the buzzing too.

    2. Anonymous Coward
      Anonymous Coward

      Interesting analogy

      USA as a Hornet Nest and traveling there - "treating it as a pinata".

      Maybe not far off. Though in the case of a hornet's nest, just walking past it close enough can get you the same response if they are feeling particularly paranoiac today.

      His mistake was traveling to the land of the free in the first place. Especially in the current climate. Even if he manages to walk free (quite difficult once the USA "justice system" has started piling up shite with a bulldozer up your driveway), it will cost him a gigantic sum of money.

      1. Uffish

        Re: "His mistake was..."

        Look up Russel's Teapot. The FBI's mistake is using brutal tactics on a fishing expedition. Way to go Goons.

  4. Florida1920 Silver badge
    Paris Hilton

    Let's make a deal

    Maybe the U.S. govt will swap him for Assange? Paris, because swapping.

    1. BongoJoe

      Re: Let's make a deal

      Maybe the U.S. govt will swap him for Assange?

      Tricky, as technically Assange isn't in Britain.

      1. jonfr

        Re: Let's make a deal

        @ BongoJoe, Technically, Assange is in Britain. Embassies are not considered to be on the soil of their home countries. They don't even fall under extra-territality rules that many military stations fall under.

        The only reason why UK hasn't gone and got Assanage is that they don't want to cause a diplomatic incident at the moment. That might not be the UK government few forever. Something is going to break one day for one reason and Assange might find him self arrested and in UK jail being extradited to the U.S.

        1. Anonymous Coward
          Anonymous Coward

          Re: Let's make a deal

          The only reason why UK hasn't gone and got Assanage is that they don't want to cause a diplomatic incident at the moment.

          Technically true. However, the "diplomatic incident" you are refering to would amount to abrogation by the UK of the Vienna convention on diplomatic relations. The consequences of such action could only be described as catastrophic for the UK diplomacy, as it wojld justify a similar invasion of any and all UK missions abroad.

          1. Voyna i Mor Silver badge

            Re: Let's make a deal

            "The consequences of such action could only be described as catastrophic for the UK diplomacy"

            I have not seen any evidence whatsoever that that would worry Boris Johnson for a moment. He does not strike me as having any concept of diplomacy whatsoever, unless nest-feathering is being diplomatic. On the other hand, keeping Assange in his present conditions and waiting for the embassy to kick him out acts as a warning to anybody else with the same ideas.

    2. Anonymous Coward
      Anonymous Coward

      Re: Let's make a deal

      A hacker in the hand is worth an assange in two bushes.

      1. Uffish

        Re: Let's make a deal

        Neatly put, but America deserves neither.

        Open comment to anyone parroting the phrase "Special Relationship" - Shut the fuck up with your inane blithering and deal with life as it is. Compared to where I live, life in the US is nasty, brutish and short. Sure, I've just had a nice little holiday in the US, but I wouldn't want to live there.

        1. staggers
          Joke

          Re: Let's make a deal

          'nasty, brutish and short.'

          Oh, you've met the wife?

      2. John Brown (no body) Silver badge
        Thumb Up

        Re: Let's make a deal

        "an assange in two bushes."

        LOL, well played sir!

  5. FSM

    If someone else took his proof-of-concept code and used it to create malware, that makes him no more of a malware writer than anyone who's ever posted code on a blog, or in an answer on StackOverflow.

    1. TheElder
      Black Helicopters

      that makes him no more of a malware writer than anyone who's ever posted code

      10 Format C:

      1. Anonymous Coward
        Anonymous Coward

        Re: that makes him no more of a malware writer than anyone who's ever posted code

        I take it the creators of the leaked NSA exploits will be given similar treatment when their code is used by criminals.

        1. Doctor Syntax Silver badge

          Re: that makes him no more of a malware writer than anyone who's ever posted code

          "I take it the creators of the leaked NSA exploits will be given similar treatment when their code is used by criminals."

          Now there's a thought. His defence could well be that what he did in posting an example openly is comparable with the NSA's actions although without the malicious intent. And who better to be able to present that, in detail, as a defence? Do the NSA really want their actions to be questions like this in court? It strikes me that with the NSA leaning on the FBI to keep it out of court he has a far better bargaining position than most.

          1. Anonymous Coward
            Anonymous Coward

            Re: that makes him no more of a malware writer than anyone who's ever posted code

            I suspect he'd be killed by a deranged inmate if he goes down some of those roads. The US penal system is used to house many, many people who should rather be receiving treatment for addiction and mental health issues, but it's a real profit maker for the private prison owners; especially, when combined with inmates required to work externally for pennies an hour.

            He is in real danger.

    2. TheElder

      ≡Ö≡

      1. TheElder

        Re: ☺

        What does FSM stand for?

        pasta monster

        ≡Ö≡

        1. davidp231

          Re: ☺

          All hail His noodly appendages.

          *FSM = Flying Spaghetti Monster

    3. Matt Bryant Silver badge

      "If someone else took his proof-of-concept code and used it to create malware...." True, but the operative word there is if. It could be the prosecution have evidence of complicity, such as Hutchins saying on some "secure" coms tool "Hey, Sergei, lets make some cash with that rootkit code I wrote...."

  6. Allan George Dyer Silver badge
    Big Brother

    Have they been reading Kafka?

    "can have no contact with his unnamed accused co-conspirator"

    Did they tell him who this accused co-conspirator is?

    1. a_yank_lurker Silver badge

      Re: Have they been reading Kafka?

      Franz was wide-eyed optimist. 'The Trial' would be an improvement over the current injustice system we have.

  7. Jamie 14

    America is mad!

    Some parts of America! One can seriously get nicked for collecting rainwater! A democracy!? My bum it is!

    1. BongoJoe

      Re: America is mad!

      An objections to his bail was that he visited a firing range.

      One could easily consider the whole of the country being a firing range, especially near any policeman.

      1. Anonymous Coward
        Anonymous Coward

        Re: America is mad!

        The large number of US cops recently gunned down execution style (by people who think like you) would ask you politely to shut your hole, Bongo Joe.

        1. BongoJoe

          Re: America is mad!

          At least unlike unarmed Australian ladies in their nightwear I still have the ability to shut my hole.

          She now has a lot more holes and none of them could be shut in time.

        2. Uffish

          Re: America is mad!

          There is too much emotion and not enough reason in your comment.

          The Washington Post reports that, so far, 594 people have been shot and killed by police in 2017.

          Everyone deplores the death of a police officer in the line of duty, everyone appreciates the bravery and grit of police officers, everyone deplores revenge killings of police officers. But we deplore the deaths of all innocent people and don't consider one killing justifies or 'explains', or mitigates another killing.

          Too much brutality in the USA.

        3. staggers

          Re: America is mad!

          Dear Big John

          You truly are a prick of the first order.

          I'm British, so you can imagine how it must have felt for me to get really rather cross.

          A few months ago on YouTube I saw a video of cop v. Black guy. The black guy was drunk out of his mind. He was being loud, aggressive, unarmed .... and very uncoordinated.

          The cop was alone. They were one on one.

          In the UK, the cop would have called for a few large people for backup. Maybe use a taser as a last resort. In the meantime, all he had to do was be like Ali and dance away out of reach.

          What did the US cop do? Well, he shot and killed him, naturally.

          America really is going to hell. I'm starting to think that the Chinese aren't so bad after all. Very friendly, Hong-Kong and Shangai are spectacular, and you won't get caught up in gun battles in the street.

          I know the US has a huge number of intelligent, good and wonderful people. It's just a terrible shame that none of them seem to want to be involved in politics. Can't blame them really. And I don't mean Hillary would have been any better than The Donald. A plague on both their houses.

          Don't mention the political system. Is the current US system much better?

          1. Anonymous Coward
            Anonymous Coward

            Re: America is mad!

            I'm British to, and I completely agree with you. You reminded me with your 3rd line of a piece attributed to one of our national treasures, John Cleese. Such a shame he didn't actually write it!

            https://starrgazr.wordpress.com/2008/02/15/john-cleeses-letter-to-america/

    2. PeterGriffin

      Re: America is mad!

      It is a democracy, for corporations and the wealthy. Look to see who the laws benefit most and you have found your true demographic.

      It amazes me we hold the US as the bastion of freedom and democracy.

      1. Anonymous Coward
        Anonymous Coward

        Re: America is mad!

        Re: It amazes me we hold the US as the bastion of freedom and democracy.

        We don't, it all self dellusion

      2. werdsmith Silver badge

        Re: America is mad!

        It amazes me we hold the US as the bastion of freedom and democracy.

        Do we?

        I'm reminded of the trouble I got into in Boston for crossing an empty road, where apparently I should not have crossed it.

        Of all the countries I've visited, the USA is the one where I have felt the least freedom. I think they are deluded about being the land of freedom because many of them haven't experienced the other nations where life is closer to real freedom.

        But on the whole, it's still a fantastic place for a couple of weeks visit.

        1. Matt Bryant Silver badge
          FAIL

          Re: werdsmith Re: America is mad! - A truly shocking FAIL

          "....I'm reminded of the trouble I got into in Boston for crossing an empty road, where apparently I should not have crossed it....." Wow, so you think America is the most in-free country in the World because of the local jaywalking laws? So if an American claimed the same about your country because he got stopped for turning right on a red light, you'd support his viewpoint? I bet not! Seriously, you can't have travelled very far afield if that I the biggest inhibitor of freedom you have ever experienced was American jaywalking! Try <a href="https://www.cato.org/human-freedom-index>reading some actual expert opinion</a> (I chose a left-leaning example so you don't go into shock). Massive and embarrassing fail of both bias and complete inexperience of the World.

          1. Sir Runcible Spoon Silver badge

            Re: werdsmith America is mad! - A truly shocking FAIL

            "Try <a href="https://www.cato.org/human-freedom-index>reading some actual expert opinion</a>"

            In which report the US appears 23rd in the table, just above Latvia and below Estonia. Wow, way to not make a point :)

            I'm pretty sure that the feeling of freedom (or lack of it) from the poster referring to the jaywalking was that in most places, crossing an empty road wouldn't have been prosecuted (unless it was a motorway, and even then a ticking off would suffice).

            It may be media bias, but I don't have the impression that the US Police use a lot of discretion, they act more like the biggest gang on the block and then they are vilified for it. Hardly surprising is it?

            1. Matt Bryant Silver badge
              Facepalm

              Re: Sir Runcible Spoon Re: werdsmith America is mad! - A truly shocking FAIL

              ".....In which report the US appears 23rd in the table...." I never said the US nor the report were perfect (for example, I have some Chinese friends that left Hong Kong, rated number 1 in the report, to live in the US, because they felt oppressed in HK). I did state I was using a Left-leaning source so as not to cause too much ideological shock to some of the posters. But the baaaaaahlief held so earnestly by said posters - that the US must be the World's worst offender when it comes to curbing freedoms - is shown up as false by even this report, as the US is not listed as coming 159th out of 159 countries. Indeed, it is a measure of the freedoms available in the US that you will find plenty of US-based and Left-leaning (and some ironically similar extreme Right) reports discussing the state of US freedoms, reports that would be suppressed in many other countries.

              "....I'm pretty sure that the feeling of freedom (or lack of it) from the poster referring to the jaywalking was that in most places, crossing an empty road wouldn't have been prosecuted (unless it was a motorway, and even then a ticking off would suffice)....." It's simply an American traffic law, just as quirky and arguably outdated as European traffic laws not allowing a right turn on a red light (which is permitted in the majority of US states). Other developed countries have traffic laws you might find just as baffling - for example, in Australia, you can be committing an offence if you cross a road diagonally!

    3. Anonymous Coward
      Anonymous Coward

      Re: America is mad! not only them, UK too : average-briton commits 32 crimes a year

      http://www.independent.co.uk/life-style/average-briton-commits-32-crimes-a-year-bt-tv-research-happy-birthday-restaurant-pub-drunk-a7859001.html

  8. Pascal Monett Silver badge
    Flame

    Congratulations, FBI

    Well done, really. I understand that you're trying to make up for not arresting the 9/11 terrists the CIA knew about before that fateful day, but this really takes the cake. I'm sure DEF CON is not going to have any issue next year in getting well-known, competent whitehats to expose their work in the US. No, none at all.

    And, of course, it is obvious that this guys' haircut is what tipped you off, right ? An understandable mistake. You can practically see the beard !

    What I really want to know is this : what heavy trail of Internet forensics did you gather up to justify this arrest ? How many phone records and Internet activity logs did you get from the NSA ? How many man-hours of FBI Internet sleuthing did you go through before getting to the decision that this was the guy to arrest ? And why is it that this obviously extensive investigation just happen to finish when DEF CON started ? How convenient that your suspect just happened to be on-hand !

    Or could it be none of that ? You were just going through the list of DEF CON speakers and someone on the team vaguely remembered reading that name in a hacker list and hi ho, hi ho, off to arrest you go ?

    The Internet is really complicated, FBI. There are good guys, bad guys, and plenty in-between, and all of them actually use keyboards ! I know, it's frightening. Maybe one day, when you're grown up, you'll understand. For now, you're just looking like a fool.

    1. Doctor Syntax Silver badge

      Re: Congratulations, FBI

      "How many phone records and Internet activity logs did you get from the NSA ?"

      NSA? They'll be shitting themselves with the thought that here's the very man to argue in court that if he goes to jail so should they.

      1. TheElder

        Re: Congratulations, FBI

        It makes me wonder what the convict will be doing in his spare time. GPS cannot detect typing...

        1. Sir Runcible Spoon Silver badge

          Re: Congratulations, FBI

          Whilst he might be innocent of the charges laid against him, breach of bail conditions is definitely a crime (no access to internet).

    2. TheElder
      Boffin

      Re: you're just looking like a fool.

      More like a Fool Tool.

  9. Anonymous Coward
    Anonymous Coward

    Hope he gets bail but not holding breath, didn't somebody at last years DEFCON do a talk on hacking GPS ankle bracelets?

    1. Tom Paine Silver badge

      Hope he gets bail but not holding breath

      He has got bail. Keep up! :)

      1. Anonymous Coward
        Anonymous Coward

        Lol But still behind bars for the weekend and if the FEDS come up with a new charge in the meantime he will be re-arrested at the prison gate and lucky if he tastes fresh air on Monday.

    2. TheElder

      GPS ankle bracelets

      As I already posted, I can fool my GPS watch just fine. I have the tools, unlike the Drooling Fool whose Uncool Tools also Drool...

      1. Ben Tasker Silver badge

        Re: GPS ankle bracelets

        > As I already posted, I can fool my GPS watch just fine. I have the tools, unlike the Drooling Fool whose Uncool Tools also Drool...

        It'd be spectacularly unwise to do so, unless combined with scarpering out of the country. Not only is it a breach of bail conditions (welcome back to prison), but they tend to use it as an excuse to charge you additional 'administrative fees'.

        The US is, for all intents and purposes, a corrupt state. As someone else noted above, many of the court ordered 'privileges' such as bail bracelets are non-optional and charged to you at extortionate rates (have a google for the racket involving drink drivers and in-car breathalysers). Even posting bail incurs (high) non-refundable costs.

        Most of it isn't so much justice as naked profiteering to the benefit of the Justice Dept's chosen suppliers. That's not justice, it's extortion with a judicial veneer. Of course, before you even reach that point you've got to contend with the cops taking what they please and calling it civil forfeiture.

        America, the country where bankruptcy can come as a result of getting ill, or having to defend false and flimst allegations in criminal court.

        There are things in the US I'd like to have seen, but they're very firmly on my Do Not Visit list, and it's hard to forsee a future where that might change.

  10. Anonymous Coward
    Anonymous Coward

    If they got it on tape with him admitting it and now he's trying to plead not guilty then I imagine he's pretty much screwed.

    I wonder if he will be stupid enough to try to get some sneaky internet access or tamper with his GPS tracker as well.

    Hopefully they'll keep in either under surveillance or locked up long enough to track what happened to the bitcoins as well.

    1. VinceH Silver badge

      "If they got it on tape with him admitting it and now he's trying to plead not guilty then I imagine he's pretty much screwed."

      I suspect that part of the interview went something like them showing him a print out of the blog post mentioned in the article, which included the proof of concept code, and asking him to confirm it's what he wrote (and what it was), and then asking him to confirm or deny if any of that code ended up in Kronos.

      These being true, he probably confirmed them - and that then got twisted into "he admitted to writing malware,"

      1. TheElder

        asking him to confirm or deny

        The law in the U.S. allows you to refuse to incriminate yourself. It is the Fifth Amendment .

        1. VinceH Silver badge
          Facepalm

          Re: asking him to confirm or deny

          Pointing out the Fifth Amendment isn't much help if he's already "admitted during interrogation, in which he did not have a lawyer, to writing malware," which is what the article states the prosecution are claiming.

        2. Matt Bryant Silver badge

          Re: The Elder Re: asking him....

          "The law in the U.S. allows you to refuse to incriminate yourself. It is the Fifth Amendment." True, but most non-Americans have no clue as to US laws or the US Constituition, as demonstrated by many of the posters here on a regular basis. I suspect Hutchins would have no awareness of such a defence.

          1. Adam 52 Silver badge

            Re: The Elder asking him....

            He's from Devon. They have a limited right to refuse to incriminate yourself there too.

            1. CrazyOldCatMan Silver badge

              Re: The Elder asking him....

              They have a limited right to refuse to incriminate yourself there too

              No sir, I've never seen that sheep before :-)

        3. Bernard M. Orwell Silver badge

          Re: asking him to confirm or deny

          "It is the Fifth Amendment ."

          5th amendment doesn't apply as he's a foreign national and not a US citizen. He has about the same level of rights as a Guantanamo in-mate. ie, none.

          1. Matt Bryant Silver badge
            Stop

            Re: Bernie Re: asking him to confirm or deny

            "5th amendment doesn't apply as he's a foreign national and not a US citizen. He has about the same level of rights as a Guantanamo in-mate. ie, none." Actually, that is incorrect. Whilst he is on US soil and charged in public court he has exactly the same rights (rights to silence and not to incriminate himself, in this case) as an US citizen because the US Constitution mainly deals with setting limits to the power of the government rather than spelling out the rights of US citizens. The only rights Hutchins would not have that are granted by the Constitution are those which are specifically granted only to US citizens, such as the right to vote in elections (though Democrats don't seem to understand that one either). The difference with Gitmo is the detainees are not on US soil, therefore they are not covered by US law or the Constitution.

            1. Bernard M. Orwell Silver badge

              Re: Bernie asking him to confirm or deny

              "Actually, that is incorrect. Whilst he is on US soil and charged in public court he has exactly the same rights."

              Wasn't there a recent change to US law that suspended constitutional rights within a specified range of the border? Such as at airports etc?

              Update: Further research would indicate that its the fourth amendment rather than the fifth that is often ignored, so your point is indeed taken. A judicial note on the fifth amendment indicates that it applied "in any criminal prosecution."

              https://www.aclu.org/other/constitution-100-mile-border-zone

              https://law.stackexchange.com/questions/238/how-does-the-us-constitution-apply-to-aliens

  11. TRT Silver badge

    Can't "use" the internet...

    what, in any way, shape or form? So presumably the GPS tagging system uses some mechanism which does not involve IP packets at any stage... and no Netflix for you boy. No Skype calls back to family either.

  12. Christoph Silver badge

    So where will DEF CON move to?

    Which country will the next DEF CON be in, since it is no longer viable for them to hold it in the US?

    Maybe Canada?

    1. Anonymous Coward
      Anonymous Coward

      Re: So where will DEF CON move to?

      Upvoted because that would be great, but keep in mind that 90-95% of the population of Canada lives within 300 km of the American border and that means that many International flights use American airspace. So, if there was anyone that American policing wanted to nab they could order that flight to land.

      1. Randy Hudson

        Re: So where will DEF CON move to?

        Wrong. Most flights to Europe would follow great circles, taking them close to the North Pole, not over the US

        1. Mark York 3 Silver badge
          Black Helicopters

          Re: So where will DEF CON move to?

          Calgary is approximately 300KM away from the Montana border.

          A safer bet would be Edmonton a further 290KM to the North, with 610KM to the same border & a very nice facility called the FantasyLand Hotel..

          Accomodations look like this...... http://fantasylandhotel.com/accommodations/

    2. This post has been deleted by its author

    3. Ben Tasker Silver badge

      Re: So where will DEF CON move to?

      They are apparently planning to hold one in Shanghai next year (as well as Vegas). Worrying that mainland China actually feels like a safer bet at the moment

  13. Commswonk Silver badge

    Oh dear... maybe

    Crucially, prosecutors are also claiming that Hutchins admitted during interrogation, in which he did not have a lawyer, to writing malware, and allege the Brit hinted he also sold software nasties. That sounds bad, however bear in mind that Hutchins, who goes by MalwareTechBlog on Twitter, has written and shared malware code online for research purposes.

    I am in no way defending the US policing or judicial systems but if the above is true then I would submit that Hutchins has been rather silly. He may well have "witten and shared malware code for research purposes" but it is perfectly fair to argue that he has to accept some responsibility if some of that code is subsequently used for malicious purposes.

    As a defence it will sound every bit as hollow as the claim that "I was looking at child porn for research purposes", which has been tried in the UK - without success IIRC. "Sharing online" is not a good way of discriminating between those with good intent and those with malicious intent so he may well be on a loser with that part of any indictment.

    I suppose he might be guilty of nothing more than naivety, but that might not be sufficient to keep him out of trouble.

    1. Doctor Syntax Silver badge

      Re: Oh dear... maybe

      He may well have "witten and shared malware code for research purposes" but it is perfectly fair to argue that he has to accept some responsibility if some of that code is subsequently used for malicious purposes.

      Maybe someone with experience of lowish level Windows programming could comment on the possible alternative uses of the code in the blog linked in the article. However, my immediate thought is where does this stop? If a code fragment from some random Github repository gets used in malware is the author guilty of writing the malware?

      1. This post has been deleted by its author

      2. Anonymous Coward
        Anonymous Coward

        Re: Oh dear... maybe

        >If a code fragment from some random Github repository gets used in malware is the author guilty of writing the malware?

        ...that depends on a random jury's ability to understand the code fragment and it's final context - good luck with that.

      3. John Brown (no body) Silver badge
        Coat

        Re: Oh dear... maybe

        "If a code fragment from some random Github repository gets used in malware is the author guilty of writing the malware?"

        You mean like the authors of the MS implementation of SMBv1?

    2. Anonymous Coward
      Anonymous Coward

      Re: Oh dear... maybe

      Your comment is funny. I first noticed Hutchins in Twitter because I follow lot of security researchers work. And their work involves researching and finding security vulnerabilities in software. Once they find a security hole, they will notify the software vendor. But they will also share their finding publicly, sometimes before there is a patch from the vendor. And in any case before the whole world has patched their systems. They will also write "malware code" to prove their finding is valid. Reason for this is simple: all software has bugs. Bad guys are constantly finding bugs and using them for criminal purposes. Once there is knowledge that a certain software has a security problem, exploit code will be written almost instantly.

      In short: sharing code that can also be used for criminal purposes is part of the process of making software more safe and protecting everyone of us. Please don't try to spin it to look like it is equal to stealing money from other people's bank accounts.

      1. Commswonk Silver badge
        Facepalm

        Re: Oh dear... maybe

        An AC wrote: In short: sharing code that can also be used for criminal purposes is part of the process of making software more safe and protecting everyone of us. Please don't try to spin it to look like it is equal to stealing money from other people's bank accounts.

        Interesting logic there; it's OK to share code that can be used for criminal purposes because it can be used for legitimate purposes as well.

        And you accuse me of spin...

        No wonder you used an AC identity.

        1. Anonymous Coward
          Anonymous Coward

          Re: Oh dear... maybe

          and the name on your pay cheques, driver license etc...is Commswonk?

        2. Anonymous Coward
          Anonymous Coward

          Re: Oh dear... maybe

          It's not about some piece of code. One can opt to use pseudo-code or plain English sentences to explain one's findings. Online criminals share (and sell) information with each other. It's not possible to effectively fight them if everyone works in silos.

          Also, I assure your "Commswonk" identity is just as anonymous to me as I am to you.

          1. Ben Tasker Silver badge

            Re: Oh dear... maybe

            > It's not about some piece of code. One can opt to use pseudo-code or plain English sentences to explain one's findings.

            When explaining how a bug can be triggered/exploited, psuedo code is precisely fuck all use. And english explanation may not be sufficient to repro the issue, and if it is then the 'bad guys' can use that to build their own weaponised exploits.

            Your solution does nothing other than either prevent the sharing of information, or add a single step

        3. staggers

          Re: Oh dear... maybe

          'No wonder you used an AC identity.'

          What, Commswonk is your real name?

          That explains a lot.

        4. Roo
          Windows

          Re: Oh dear... maybe

          "Interesting logic there; it's OK to share code that can be used for criminal purposes because it can be used for legitimate purposes as well."

          Ordinary people have to live with the fact there are plenty of everyday things can be used legitimately but are also fairly frequently used for criminal purposes. Here's a few examples to help illustrate that 'interesting logic' for you:

          - knives, guns, explosives, cars, trucks, aeroplanes, diesel, battery acid, microbes etc...

          Sharing code seems fairly tame compared to folks speeding through a school crossing - which seems to happen fairly regularly around the world.

        5. Bernard M. Orwell Silver badge
          Facepalm

          Re: Oh dear... maybe

          " it's OK to share code that can be used for criminal purposes because it can be used for legitimate purposes as well."

          OMG! we'd best stop selling C# and C++ compilers immediately just in case they are used by evil people!

          1. CrazyOldCatMan Silver badge

            Re: Oh dear... maybe

            stop selling C# and C++ compilers immediately just in case they are used by evil people

            Prosecution: Yer Honour, I wish to bring to the attention of the court that a lot of the Windows OS is written using C++ and C#.

            The Court: Case proved! Send them daaaan.

    3. The_Idiot

      Re: Oh dear... maybe

      @Commswonk

      "He may well have "witten and shared malware code for research purposes" but it is perfectly fair to argue that he has to accept some responsibility if some of that code is subsequently used for malicious purposes."

      OK - while I do not necessarily agree or disagree with your view, and of course fully support your right to hold it, let's run with that argument a little.

      "Recently there have been a large number of road deaths associated with driving motor vehicles. While, of course, motor vehicle manufacturers do not intend for the vehicles they make and sell to be used to cause death, it is perfectly fair to argue that they have to accept some responsibility if some of those vehicles are subsequently used for malicious purposes."

      Hmmm. OK (er, again (blush)). So you say the vehicle thing is a bit of a stretch? Well, let's try again. "Recently there have been a large number of road deaths associated with gun possession (legal and otherwise) in the US. While, of course, gun manufacturers and suppliers do not intend for the guns they make and sell to be used to cause death, it is perfectly fair to argue that they have to accept some responsibility if some of those guns are subsequently used for malicious purposes."

      Would prefer a world where researchers do not research, and where research results are not shared because those results may be misused? Do you believe your world would be safer as a result of that lack of research, that lack of sharing, because people who could do the research don't, and even if they do then never tell anyone of their findings? I confess I do not - and wouldn't even try to think of the list of things we wouldn't have if researchers in many fields hadn't in fact researched and shared their findings. Of course - I'm an Idiot (blush).

    4. Uffish

      Re: " accept some responsibility"

      By your reasoning Messrs Smith, Wesson, Colt Glock, Kalashnikov etc etc etc etc etc should be clogging up the American courts on multiply counts of homicide, shareholders in car companies should examine their consciences and pigs should fly.

      1. newspuppy

        Re: " accept some responsibility" (guns)

        @uffish....

        Actually... in the United States... there was a law specifically passed in 2005 to insure gun makers: Protection of Lawful Commerce in Arms Act, or PLCAA.

        Lawmakers passed PLCAA in response to a spate of lawsuits that cities filed against the gun industry in the late 1990s and early 2000s. Those lawsuits often claimed gun-makers or sellers were engaging in "negligent marketing" or creating a "public nuisance."

        In 2000, for example, New York City joined 30 counties and cities in suing gun manufacturers, saying manufacturers should have been making their products safer and also better tracking where their products were sold. Manufacturers, one argument at the time went, should stop supplying stores that sell a lot of guns that end up being used in crimes.

        In response to these lawsuits, the NRA pushed for the law, which passed in 2005 with support from both Republicans and Democrats. Then-Sen. Clinton voted against it; her current Democratic opponent, Bernie Sanders, voted for it.

        The law, however, allows for specific cases in which dealers and manufacturers can be held responsible.

        Adam Winkler, professor of law at UCLA and author of Gunfight: The Battle Over the Right to Bear Arms in America, in an email to NPR. "The 2005 law does not prevent gun makers from being held liable for defects in their design. Like car makers, gun makers can be sued for selling a defective product. The problem is that gun violence victims often want to hold gun makers liable for the criminal misuse of a properly functioning product."

        In other words: If you aim and fire a gun at an attacker, it's doing what it was intended to do. If it explodes while you shoot and hurts you, though, then you can sue the manufacturer. Likewise, if you had told the gun-store owner you planned to commit a crime with that gun, your victim could potentially sue.

        At the time that the law passed, the NRA argued that the industry needed the protection, because — unlike carmakers, for example — it did not have the "deep pockets" necessary to fight a slew of lawsuits, as the New York Times reported.

        1. TheElder

          Re: " accept some responsibility" (guns)

          It is hard to sue when you are dead.

        2. Uffish

          Re: " accept some responsibility" (guns)

          That sounds like civil lawsuits not FBI stuff.

      2. Sherrie Ludwig

        Re: " accept some responsibility"

        "By your reasoning Messrs Smith, Wesson, Colt Glock, Kalashnikov etc etc etc etc etc should be clogging up the American courts on multiply counts of homicide, shareholders in car companies should examine their consciences"

        Well, yes. Except for your aerobatic bacon, yes.

    5. Matt Bryant Silver badge

      Re: Oh dear... maybe

      The prosecution would have to show he profited from the Kronos sales to prove their case. It is not illegal to write such code, nor is it illegal to share it for "research purposes", but it is a crime to incite others to use your code from criminal purposes, and a crime to sell your code if you have a reasonable expectation of realizing that the person you sold it to intended to use it for a crime. If the prosecution can link Hutchins to the seller of the Kronos kit then Hutchins is screwed - if not then he'll walk.

    6. anonymous boring coward Silver badge

      Re: Oh dear... maybe

      "I am in no way defending the US policing or judicial systems but if the above is true then I would submit that Hutchins has been rather silly."

      You don't seem to know anything about the programming community? Let alone the more specialised branches, such as security.

      Even I, not involved in security, actually read (I now realise) some of Hutchins' tutorial-oriented material in order to better understand some of the ways viruses can attack systems. These things aren't secrets -they are discussed openly, partly in order to encourage the OS vendors to improve their products (MS, looking at you there..)

      FBI should go after MS instead for leaving vulnerabilities open.

    7. Tom 7 Silver badge

      Re: Oh dear... maybe

      So the man responsible for inventing the switch should be in prison for allowing terrorists to set bombs off. Plonker.

  14. bexley

    hosting defcon in the US...

    ...seems a bit of an oversight by the organisers.

    Better to host in a more neutral country in future, one that is not prone to this sort of thing.

    1. Frumious Bandersnatch Silver badge

      Re: hosting defcon in the US...

      >...seems a bit of an oversight by the organisers.

      So, DEFGONE next year, then?

  15. Anonymous Coward
    Holmes

    I'll reserve judgement until more is revealed as to whether Inspector Lestrade and the flatfoots have made a mistake or Mr Hutchins has been a very naughty boy, in the meantime anything is just conjecture. If Mr Hutchins is innocent then I suggest he gets one of his relatives to 221 baker street and fast.

    1. Spanker

      It's not stopping the squealing from the anti-US left echo chamber here, is it?

      'Reserve judgement' is all we can do without looking pretty stupid.

    2. aregross

      221*b* Baker Street

  16. wiredrunner

    In a US Federal Court it's not a usual practice to stand before a Judge in leg irons or cuffs. 3 pm on a Friday though is pretty late in the day for an arraignment so maybe he went straight to the Court room and was never freed from bindings because it was going to be a fast turn around. It's also possible due to the day and time that he was arraigned in a local Nevada court where cuffs and shackles before a Judge is common practice.

    Also for someone who would automatically be considered a flight risk not being a US resident a $30k bond is pretty light but kudos to his attorneys for getting the bond that low. Just based on that it's unlikely there is much of a case against him.

    It's also not necessary to put up 10% cash if one has an asset that the Court could take as collateral. That type of paperwork however does take some time to process.

    1. Anonymous Coward
      Anonymous Coward

      Well, OK, but timing a court hearing so it's guaranteed to result in not getting to the bonds office in time is so routine that you find it as a default element of any cop show script - I can't see that being an accident.

    2. TheElder

      10% cash if one has an asset that the Court could take as collateral.

      It seems that they already have that. How much was the code selling for?

    3. Boo Radley

      That asset would probably have to be physical property located in the US. If a bonding company is used, the $3,000 is non refundable.

  17. Destroy All Monsters Silver badge
    Facepalm

    "You wanted a miracle, I give you F.B.I.!"

    Agent Johnson and Special Agent Johnson will see you now.

    The usual stuff: someone in the entierly rotten hierarchy is doing a self-promoting Hunt for the Baddie and is misinterpreting or even misrepresenting technical stuff he/she heard to biggen up the catch before the annual performance review.

    Gotta laugh hollowly whenever complete idiots come out in articles and comments and claim the FBI is apolitical, transparent, impartial and somehow competent and we should trust what it says about Trump's Russian Ties (especially the red ones), the guys who did 9/11, or how a muslim guy with mental issues that an undercover inciter picked off the street is the biggest terrorist threat ever.

    1. staggers

      Re: "You wanted a miracle, I give you F.B.I.!"

      @ D. A. M.

      When I was a kid, we used to read about Scotland Yard, The Mounties, and the FBI. About how incorruptible they all were.

      I remember the genuine shock in the UK when there was some big scandal in the RCMP back in the 70s. As for the Yard, I'm from London, so no surprises there.

      In the 70s I found out about the fact that J. Edgar Hoover was gay, and living with his boyfriend at US government expense. And therefore a fucking hypocrite.

      But that seems to be the way of the world these days. They break every conceivable law, give a mealy-mouthed and grudging non-apology when found out, and then carry on. They never suffer any consequences.

      It really seems that the FBI is going insane at the top. Is it just because it's run by politicians now - apparently, or is the quality of the organisation itself actually going to hell?

      1. adam 40

        Re: "You wanted a miracle, I give you F.B.I.!"

        @Staggers

        Hypocrisy and corruption go right up to the top of the judiciary in the UK too, don't you know.

        If you don't believe me take a look at the "Party Wall etc. Act 1996".

        You might wonder why this demonstrates a corrupt judiciary, but look for the list of exclusions to where the Act applies. Section 18 Exception in case of Temples etc. http://www.legislation.gov.uk/ukpga/1996/40

        OOhh yes - m'learned friends made sure they weren't affected.

  18. Anonymous Coward
    Anonymous Coward

    He drilled through the coalface... into another seam run by the NSA.

    It sounds like he drilled through the coalface into the NSA's working coalface, (time is money as they say) met eye to eye and then tried to head back to his own but they said "Hold on there a minute - Son".

    In this line of work, there is a slither/seam of rock between legal and illegal here, in terms of coalface he was working*. Like Potholing, its easy to get over enthusiastic, look back and see a very dim light and wonder how you'll get out with the water rising around you.

    I think he forgot too, that American still arrest and ask questions later, just based on the colour of someone's skin, especially (it seems) in the post Trump era.

    I'd like to think we were a bit more tolerant in the UK, but given we've AGAIN chosen Notting HIll over the Chelsea Flower show to trial intrusive optical facial recognition cameras this year (which is then cross-referenced to Immigration/Border Control data), it's pretty obvious that discriminatory racial profiling is alive and well in the UK too.

    Trialling Facial Recognition software? I mean a face is a face right? Black or White - right?. The Chelsea Flower Shows seems to be the place it should have been trialed this year, if Notting Hill was the trial location last year.

    Unless of course, it has nothing to do with trialing this technology at all, more a case of "using it", with no legal/privacy constraints, under the guise of auspicious circumstances.

    This sort of stereotyping really doesn't encourage any bright individual (especially from a multi-racial background) to work for GCHQ/NSA, when Security Services act like this.

    These two organisations are joined at the hip, to say GCHQ didn't know of his impending arrest has to be utter lies. They let him go to the States, knowing full well he'd be arrested on this return. There is a total disregard showing here with regard to the intrinsic safety, towards UK Citizens by the UK Government.

    My worry is too, Iain Thomson might need to be more careful in future (has posted some very good past articles on this, with links to malware samples). It's not a good time to be a Journalist either, travelling between US and UK. Take care Iain.

    *(He should have taken some tips from "Telfon" Tony Blair). (he who can do no wrong in terms of the establishment)

  19. Roo
    Windows

    There could be a silver lining... If the Feds will carry this to it's logical conclusion and prosecute everyone involved in writing Windows while they are at it, after all their code has also been used in the attacks as well.

  20. This post has been deleted by a moderator

    1. Anonymous Coward
      Anonymous Coward

      FBI thickos

      Not speaking from experience here but I don't think I could determine the functions of a computer rammed up my jacksy. And I'm a genius!

      1. VinceH Silver badge
        Joke

        Re: FBI thickos

        "Not speaking from experience here but I don't think I could determine the functions of a computer rammed up my jacksy. And I'm a genius!"

        Does anyone here remember a naff Saturday night TV show from the mid-late 1980s called "You Bet!" ?

        1. TheElder

          Re: FBI thickos

          This how they usually operate: (this should be a new icon...)

          thickos

  21. Boris the Cockroach Silver badge
    Big Brother

    Perhaps

    he should name the NSA as co-defendant....... especially since they created the malware that wannacry exploited....

    More seriously, never share code on the internet is the lesson for us all now, especially if you travel to the US.

    After all, someone can take your code, combine it with someone else's , then stir in their own and bingo.. a key logging trojan.. that you can be collared for.

    And if you're unlucky enough to be collared in the US like this guy was , always remember one thing.

    Even though your an ebil thieving malware code slinger(in the cops view)... the bill of rights applies to you just as much as any US citizen.... so 5th amendment and make sure you have a lawyer when you're interviewed.

    Why else were terrorists waterboarded in cuba.... because it would have been illegal in the USA......

    1. Anonymous Coward
      Anonymous Coward

      Re: Perhaps

      This almost a case of badly presenting what he did.

      By the looks of it, the Powers that be didn't like his presentation. Combining Lamborghinis and firearms, and lavish houses (all somewhat acceptable in the mid-West, i.e. Wisconsin), with Malware disclosures via a blog.

      So can we guess that anyone that writes reference books on C++ encryption coding will be next in line? If you put coding examples in a hardback cover, published by Springer Publishing, is there any real difference to publishing it on a blog?

      Where is the line here?

      1. Doctor Syntax Silver badge

        Re: Perhaps

        "is there any real difference to publishing it on a blog?"

        Yup. Springer will charge a whole lot more for a copy.

  22. Anonymous Coward
    Anonymous Coward

    Given that seemingly any ITevent in the US is a honey pot

    Why go to the US or even involve them in anything?

    Clearly they believe that computers are just another weapon in their asenal and anyone who looks behind the screen is a danger.

  23. Anonymous Coward
    Anonymous Coward

    Cruel and unusual punishment.

    Hutchins will have to wear a GPS tag at all times, can't use the internet, and can have no contact with his unnamed accused co-conspirator. He's also confined to the US for the time being.

    OK, that's just wanton cruelness.

    There is, however, one positive aspect. I believe the fact that he has been arrested is an impediment of getting a US visa so that will automatically help preventing him from ever making that mistake again.

    1. Wensleydale Cheese

      Re: Cruel and unusual punishment.

      "Hutchins will have to wear a GPS tag at all times, can't use the internet "

      From a purely practical view, if he can't access his bank to pay bills and whatnot, he might get back home to find himself in a right financial mess.

  24. This post has been deleted by its author

  25. Tom Paine Silver badge
    Unhappy

    This is starting to look really bad

    If the facts are as reported, ie that he got the v& because some PoC code he posted got incorporated into Kronos without his permission or involvement, this case sucks golfballs through hosepipes. It would be the end of any non-American security researchers visiting the US and pretty much the end of security research. Even if they let him go with an apology this afternoon there will already be a massive chilling effect. We may have seen the last DC. Why would anyone who's released any original security research risk entering the US ever again? Come to that, given the casual insouciance with which the US regards the traditional notion of the limits of their jurisdiction, and the eagerness of the UK and other recent allies to cooperate with handing over their own nationals to the Feds, it's probably a pretty bad day for many, many researchers around the world.

    In short, it stinks.

    1. John Brown (no body) Silver badge

      Re: This is starting to look really bad

      pretty much the end of security research (in the USA)

      FTFY. I'm pretty sure security research will continue in the majority of the world which is outside US borders.

    2. Paranoid android

      Re: This is starting to look really bad

      This guy is a joke. If he were serious he would never have traveled to the US.

  26. Anonymous Coward
    Anonymous Coward

    Wait...

    I thought we all knew Kronos was written by the hideous Russin hackers. Natives might get wrong ideas, be careful.

  27. Anonymous Coward
    Anonymous Coward

    yes, it certainly makes me wonder if that isn't the point of this exercise.

  28. Anonymous Coward
    Anonymous Coward

    What if a powerful proof was taken from a backdoor?

    If Hutchins is using a modern CPU he could have been monitored through undocumented features of his Intel CPU, the dreaded IME or a similar tool in AMD, the PSP.

    If that's where the proof came from, then it won't be divulged and another alternative would be used, like posting your code in a blog would be the claim just to cover up the real source, which is the modern backdoors in CPU's.

  29. Paul Herber Silver badge

    @AnonymousCoward

    'post Trump era' ? Oooo, are we nearly there yet?

  30. BongoJoe
    WTF?

    Vetting?

    I understand that he was working with, or for, GCHQ.

    Don't they have any form of vetting?

  31. ITnoob

    Hello...Amber...are you there? Hello...Hello.....

  32. Anonymous Coward
    Anonymous Coward

    Why meet in the USA?

    One question though, why did DEF CON meet in the USA at all? Many conferences are avoiding the USA these days, and this case shows why.

    1. Anonymous Coward
      Anonymous Coward

      Re: Why meet in the USA?

      .. it's almost a showcase.

      /ducks quickly to avoid thrown rotten fruit

      :)

      Joking aside, I still think it's a bit too early for crying wolf. We MUST have a look at what they found on the guy before you can come to any conclusion, and so far, none of that has been produced and examined (AFAIK, I haven't actively followed this case). For the moment (and, to be honest, for the law), the guy is innocent until a jury finds otherwise and until then, any opinion is based on speculation.

      As for DEFCON being US, that has its origin in the fact that we started with most of the knowledge in the US. Thanks to efforts like there (harassing and even arresting researchers), you are indeed correct to ask if that location is still the right one. Like you, I am of the opinion that the time to hold events like DEFCON in the US has passed.

  33. scrubber
    WTF?

    I'm confused

    Wrote code in the UK, (allegedly) sold code in the UK, to Russians. Arrested in the USA.

    How does that work?

    1. Roo
      Windows

      Re: I'm confused

      "Wrote code in the UK, (allegedly) sold code in the UK, to Russians. Arrested in the USA.

      How does that work?"

      The UK was flogged to the US by Churchill, voting is mainly there to grant legitimacy to polices that have no rational basis.

    2. Anonymous Coward
      Anonymous Coward

      Re: I'm confused

      Wrote code in the UK, (allegedly) sold code in the UK, to Russians. Arrested in the USA.

      How does that work?

      Biggest political marketing budget and a total absence of legal protection for the plebs, especially if they're foreigners. He can thank his lucky stars he wasn't black or he could have been shot while "trying to escape", although efforts are underway to reduce the racial bias so they can just shoot anyone they like.

  34. Kev99 Bronze badge

    Welcome to wonder world of reactionary paranoia and persecution as foisted upon the US public, courtesy of our home grown King George. Reminds me of what was being done in central & eastern Europe during the forties the 1990s.

    1. Version 1.0 Silver badge

      If you remember, the UK got rid of the American founders because they were complete idiots ... hanging cats for catching mice on Sundays...

      1. Anonymous Coward
        Anonymous Coward

        Special relationship

        Actually, they rebelled for refusing to pay the taxes raised by the British to cover the costs of defeating the French in Northern America.

  35. aregross
    Thumb Up

    Yup, she's HOT!

    heh

  36. Nifty

    Will the next Defcon be held in the USA?

    1. Anonymous Coward
      Anonymous Coward

      Next DEFCON

      My money is on Russia.

  37. Domquark

    Has someone informed the NRA?

    Has someone informed the NRA that all their members are under threat from the FBI after this comment - "US Department of Justice prosecutors cited Hutchins' recent trip to a gun range as proof that he should be denied bail and kept in jail"

    All they have to do is change the name and this could apply to anyone and everyone who visits a range.

    1. Version 1.0 Silver badge

      Re: Has someone informed the NRA?

      At least he didn't visit a mosque as well.

  38. Iwasjustpassing

    Public posting of information for vulnerabilities has been agued over for many years

    I seem to recall that some years ago Microsoft tried to get the law changed so that posting information about security holes would become illegal. Their argument was that it could be used maliciously. The counter argument was that unless a vulnerability was in the public domain then people who are tasked with maintaining the security of systems would have much less information to go on. As well as this there would be less pressure on software creators to fix issues. Criminals could also find the information anyway and trade it regardless. I believe that Microsoft failed to gain enough support to get the law changed.

    I would also point to things like Google's project zero. Arguably project zero takes a better approach to handing vulnerabilities because Google first notifies the software vendor and gives them 90 days to issue a fix before Google makes the information public. Microsoft has on occasion been at odds with Google and complained that it did not have enough time to issue a fix. In all honesty 90 days should suffice if the severity of the issue is taken seriously.

    I am a software engineer and I would agree that pseudo code does not necessarily suffice. Even if it did suffice then the conversion to actual code would be so trivial that it makes no real difference. A pseudo version would need to closely match an actual implementation to prove the case. If anyone is good enough to use the code version they are most likely good enough to convert a decent pseudo version to code.

    So I don't believe that the prosecution has a case if it is solely based on the use of 'proof of concept' code put into the public domain by Huchins. I believe that proof of concept code is quite common. This gives rise to a few questions.

    Will a jury sufficiently understand the intricacies of the case? It will undoubtedly be complex.

    Will this case set a precedent about the legality of publicly posting security bugs with proof of concept? It will be a great shame if this occurs as he will have done nothing that many others have done and nothing that was not accepted practice.

    Is there more to this case that we currently know about? The prosecution has cited further proof, the extents and legitimacy of this remain to be seen.

    I will hazard a guess that the admission of guilt cited by the prosecution is an admission of being the author of the code in question. Not an admission of guilt in terms of being the creator of Kronos. Otherwise there would be no sense in contesting the case. The guy is obviously intelligent, although *potentially* a bit naive. He is only young.

    I hope that he is innocent because he did a great service to many people by halting wannacry. But that is no excuse if he actually happens to be guilty of selling malware.

    I am British but I really don't see that we should be criticising the the US too heavily over this issue, certainly not until all the facts are properly known. I admit I do see many things wrong with the US. I hope that some day gun use is less wide spread and Americans shoot each other less. But there are many things wrong with the UK and Europe too. So lets focus on the facts of the case, not the Americans.

    1. Anonymous Coward
      Anonymous Coward

      Re: Public posting of information for vulnerabilities has been agued over for many years

      I am British but I really don't see that we should be criticising the the US too heavily over this issue, certainly not until all the facts are properly known. I admit I do see many things wrong with the US. I hope that some day gun use is less wide spread and Americans shoot each other less. But there are many things wrong with the UK and Europe too. So lets focus on the facts of the case, not the Americans.

      Ordinarily I would have agreed with you, but you must admit that their timing sucks. Every attendee of DEFCON, especially anyone who presents there is in theory at risk of being at a minimum harassed by law enforcement hoping to score a few easy (i.e lazy) wins and that has been for a few years now. If they really wanted to collar this guy, why not straight at the airport? How did he even get a visa given the "risk" (assuming he was involved in crime) that they would lose him straight after coming in at the airport? Why not warn the UK authorities and get him arrested locally?

      I am very wary about all this damn political advertising that police forces now have to do - the sheer need for public wins is IMHO a risk to skewing law enforcement priorities.

      1. Iwasjustpassing

        Re: Public posting of information for vulnerabilities has been agued over for many years

        You do have a point, the circumstances do seem a bit dubious. To offer a weak argument, circumstantial evidence isn't conclusive. Maybe they listened to what he had to say at DEFCON and then decided to arrest him? If so that is unlikely to be correct. The bail terms are quite lenient in the circumstance which makes me question the validity of the prosecution's case.

        It is easy to bad mouth America or Europe or anywhere else. Ridiculously easy. Doing so just makes the debate so much nonsense. For many people commenting I'd like to say that other people (mostly rich people) are certainly in control of this stuff, live with it or sort it out. Get off your ass and engage in the systems, changing them from the inside is the is the only option. Moaning gets you nowhere.

  39. Version 1.0 Silver badge

    This sounds a lot like that case of Sergey Aleynikov back in 2012 who was arrested at the behest of Goldman Sachs after the FBI discovered that he had posted code to a “subversion repository” - The horror, the horror...

  40. anonymous boring coward Silver badge

    So pointless. There is no security in obscurity. Why is FBI trying to help Microsoft not having to fix Windows XP (or whatever version)? The means of breaking these OSs are well known, and trying to put the genie back into the bottle by arresting someone trying to help improve security is just madness.

    To put it another way: If XP is obsolete old crap (according to MS), why would the state go after people seeking to improve future operating systems? It's like arresting someone who shows how old obsolete safes work and how they can be opened using a stethoscope. Everyone knows they are not very secure, and everyone in the industry knows how to crack one, and if you have one, well, that's your problem.

  41. Syn3rg

    Gun range

    I'm curious, how many opportunities would he have in the UK to visit a gun range? I know there are three within five miles of my location here in the States.

    1. Matt Bryant Silver badge

      Re: Syn3rg Re: Gun range

      "....how many opportunities would he have in the UK to visit a gun range?...." There are plenty of gun clubs still running ranges in the UK (indeed, the Houses of Parliament has its own!), but the continuous and clueless shrieking of the anti-gun crowd has made clubs very wary about advertising their existence. If you want to (and can afford to), you can even go to specialist ranges and fire large caliber rifles such as the Barrett .50 types, something that is illegal in California! What is impossible to do (without a specialist license) is shoot handguns as they are illegal in the UK, which is probably what Hutchins did when he went to the range in the US. Most people I know from the UK that have visited US ranges have wanted to shoot the Glock or Berettas pistols that are illegal for the general public to own and shoot in the UK.

    2. Anonymous Coward
      Anonymous Coward

      Re: Gun range

      I've visited many and fired 9mm, 5.56mm, 7.62mm semi automatic and automatic weapons. Never had a cabby on a Browning 50 Cal MG sadly. Biggest things I've shot are 66mm, 84mm anti-tank and 81mm mortars. All military weapons. All used in an appropriate and controlled environment.

      Contrary to the view of those that'd see me as part of the "uneducated anti-gun lobby" I think that's where they should stay. There is no place in civilised society for weapons of that nature, least of all with the civilian Walts who occupy the evolutionary level of Airsofters. You could have someone's eye out.

      The ability to strip and assemble a SMG, SLR, GPMG, LMG and SA80 don't make it onto my CV. I want to work not scare people off.

  42. Aodhhan Bronze badge

    Wow, a bunch of screaming lunatics

    One of the funniest things I've seen is the ranting on this story.

    He's been indicted by a grand jury not a simple police investigation and also provided opportunity for bond (and small amount considering the indictment). No they don't reimburse lodging and expenses if found innocent. They provide this to him while he's waiting trial.. it's called jail.

    He hasn't been found guilty, he hasn't been sentenced. So quit screaming like a bunch of idiotic, uneducated 15 year olds. Doing this without complete knowledge of the crimes is just as bad as being falsely accused of anything. If your bank account was affected by these crimes, I'm sure you'd look at this differently.

    Just because he didn't have a lawyer around during questioning doesn't mean crap. He must agree to the questioning and he can stop it any time he wishes. Also, every moment is captured on video -- including the explanation of his rights before questioning begins.

    So, calm down... let the process work. If you're so convinced he's innocent, then open up your pocketbook and send him money for his defense and expenses. Don't worry, you won't feel too silly if he's found guilty.

    1. Anonymous Coward
      Anonymous Coward

      Re: Wow, a bunch of screaming lunatics

      Yes have some faith in America, World Police, because it never overreaches. Never!

  43. Marty McFly
    Holmes

    Gun range??

    OMG, a trip to the GUN RANGE!!! It is like he was in Vegas where they will pick you up in a Limo to take out out and go shooting. It is a novel experience for British subjects to get to shoot a gun when they are from an oppressive country that prevents gun ownership. It is almost like he was a tourist or something.

  44. Miss Lincolnshire

    He's shure got a Purdy mouth.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019