back to article Marcus Hutchins free for now as infosec world rallies around suspected banking malware dev

British security researcher Marcus Hutchins was released on Monday from a Nevada jail after posting bail. He is now on his way to Milwaukee to face charges of selling malware online. Hutchins, 23, who shot to fame after finding a way to kill off the WannaCry ransomware outbreak that crippled parts of Britain's National Health …

  1. Anonymous Coward
    Anonymous Coward

    Blind support

    I don't know if he's guilty or not but the FBI claims to have his admission to developing and selling the malware. If true, his arrest and charges are not unreasonable. There's a process and this is just the first step.

    Any reasonable person should shut up and see how this plays out before jumping to conclusions.

    1. Anonymous Coward
      Anonymous Coward

      Re: Blind support

      "The technology community has rallied around Hutchins"

      Er... not really. Some noisy, blind support without any new information or facts.

    2. shifty_powers

      Re: Blind support

      A confession seemingly gained during interrogation for up to 24 hours without a lawyer present? Thanks but I'll err on the side of innocent until proven guilty.

      1. Paul Crawford Silver badge

        Re: Blind support

        Please! It is "innocent unless proven guilty", you should not presume that an arrest will automatically lead to conviction as that is (or should be) the jury's decision.

        1. nematoad Silver badge
          Unhappy

          Re: Blind support

          It is "innocent unless proven guilty"

          You are right, of course. The trouble is that given all the hysteria over the "dark net", "cyber war" and so on I reckon the Feds will keep pushing this on and on and not take no for an answer until he is found guilty.

          Whether he is or not is immaterial, he's just going to be collateral damage in the war on "computer crime".

          "Something must be done."

        2. Jamie Jones Silver badge

          Re: Blind support

          Please! It is "innocent unless proven guilty", you should not presume that an arrest will automatically lead to conviction as that is (or should be) the jury's decision.

          Except it isn't.

          Article 11 of The Declaration of Human Rights clearly says until.

          Although it's pedantry: "until" in this context doesn't mean "they will be". It more or less means "unless" - blame the ambiguities of the English language for that one - but still, "innocent until proven guilty" is the correct phrase.

          1. Doctor Syntax Silver badge

            Re: Blind support

            "blame the ambiguities of the English language for that one"

            The original would have been stated in medieval French so anything else is a translation or restatement.

            1. Dave's Jubblies

              Re: Blind support

              Before lawyer present:

              "Your family don't know where you are, no one does, you've disappeared off the planet."

              "Admit you did it and we'll let you go"

              "....."

              "Admit you did it and we'll let you go"

              "....."

              "Admit you did it and we'll let you go"

              "....."

              "Admit you did it and we'll let you go"

              "ok, I did it."

              "HAHA!! We were only joking! Ok, let his lawyer in now, and tell his family where he's admitted to hacking"

        3. Adam 1 Silver badge

          Re: Blind support

          > innocent until proven guilty

          If you squint the right way that phrase is ok. The problem with it is that there is an indirect implication of guilt and the problem is simply proving that.

          > innocent unless proven guilty

          That phrasing is better but it still allows people (usually the shock jocks) to focus on the proven bit and not the innocent/guilty question. "We know t'was you what done it. We just aren't allowed to waterboard a confession (mutters something about partisan activist judges).

          I prefer something like "starts from the presumption of innocence". The exact legal principle we are talking about comes from the Latin

          "ei incumbit probatio qui dicit, non qui negat"

          The burden of proof is on the one who declares, not on one who denies

          It is based on the knowledge that our capabilities to investigate are limited by skills, resources, technology and environmental factors. Because of these limitations, sometimes we cannot know for sure one way or the other. Sometimes we might be 99% sure of innocence or 99.99% sure of guilt, but convicting an innocent person is much more abhorrent than wrongly releasing a guilty person.

          I'm proud of that legal tradition. It's a shame that our elected representatives so often come up with brain farts that counter this principle.

          So on this case, Hutchins denies the charge. He might be innocent. He might be guilty. Each and every reader of this comment is in one of those two categories for this crime. He has been charged (declared), so at least the authority there thinks that they have a case. Well fine, but theirs is the burden of proof, not him.

          1. Anonymous Coward
            Anonymous Coward

            Re: Blind support

            e.g. I'll continue to do this until hell freezes over.

            I'll continue farting in my bed until the police arrest me for it.

            Until the style-police take over, I'll continue to wear these shorts...

          2. roytrubshaw
            Headmaster

            Re: Blind support

            "So on this case, Hutchins denies the charge. He might be innocent. He might be guilty."

            <pedant>

            He is is definitely innocent, since he has not been proven guilty.

            That's what presumption of innocence means.

            It's why the verdict is either guilty or not guilty, since one is presumed to be innocent, there is no need to be declared 'innocent'

            </pedant>

            1. Adam 1 Silver badge

              Re: Blind support

              > He is is definitely innocent, since he has not been proven guilty

              He is not definitely innocent. Simply, no judgement about his innocence/guilt has occurred. He retains the same right to be treated as innocent as someone who has not been accused. By the way, my sentence you quoted is out of context without the one that followed pointing out that every person is in one of those categories.

              > since one is presumed to be innocent, there is no need to be declared 'innocent'

              Correct. I used declare in the context of the English translation of the Latin quote to tie it together. Basically, being accused of something doesn't imply anything about your guilt. Big problem is that it doesn't stop people inferring it, which is why reporting about it is such a difficult thing to get right.

        4. Anonymous Coward
          Anonymous Coward

          Re: Blind support

          >Please! It is "innocent unless proven guilty"

          Not here in the Land O' The Free!

          1. Sir Runcible Spoon Silver badge

            Re: Blind support

            "convicting an innocent person is much more abhorrent than wrongly releasing a guilty person."

            Whilst I agree with that statement, there are circumstances where it could be argued the other way. For example, if the guilty person you release goes on to murder a dozen innocent people, that's 12 people who have been killed plus all their family/friends etc. Detaining an innocent person affects one person + family/friends etc.

            Of course, they're not really linked in any way, so it's not really a fair comparison, but I could see some people arguing the case. The rebuttal is that if you convict an innocent person of a crime, the guilty goes free and he could be the one who goes on to murder a further 12 people.

            It all depends on whether the person arguing the case is prepared to think more deeply than surface effect - something which is distinctly lacking in these 'sound-byte' days of hell.

            1. Jamie Jones Silver badge

              Re: Blind support

              "convicting an innocent person is much more abhorrent than wrongly releasing a guilty person."

              Whilst I agree with that statement, there are circumstances where it could be argued the other way. For example, if the guilty person you release goes on to murder a dozen innocent people, that's 12 people who have been killed plus all their family/friends etc. Detaining an innocent person affects one person + family/friends etc.

              But it's not a simple numbers game. It's about "avoid punishing an innocent person at any cost" - which is why people go free who are "known" to be guilty.

              'better 10 (U.S. 100) guilty go free than an innocent person is convicted", or something like that.

              https://en.wikipedia.org/wiki/Blackstone%27s_formulation

            2. Ben Tasker Silver badge

              Re: Blind support

              . For example, if the guilty person you release goes on to murder a dozen innocent people, that's 12 people who have been killed plus all their family/friends etc.

              That, however, is likely the status quo if you hadn't caught them in the first place. Unpleasant, but still.

              Convicting and punishing an innocent person though isn't something that wouldn't have happened without your involvement, and therefore is arguably far more unjust.

      2. Anonymous Coward
        Anonymous Coward

        Re: Blind support

        Are you arguing he shouldn't have been charged based on what is publicly available?

      3. oiseau Silver badge
        Alert

        Re: Blind support

        "Thanks but I'll err on the side of innocent until proven guilty."

        Indeed ...

        As should everyone.

        *Including* the state.

      4. a_yank_lurker Silver badge

        Re: Blind support

        Homer Cummings refused to prosecute a confessed murderer in 1924 because the confession was coerced and made in a state of exhaustion. I suspect the feral bureau of incontinence/incompetence will find themselves wishing they had played straight up and above board.

    3. Anonymous Coward
      Anonymous Coward

      Re: Blind support

      Sorry but no, did you read the article and I quote,

      "Hutchins was nabbed by the Feds on Wednesday, and was held for more than 24 hours at an FBI field office without access to a lawyer or any contact with his family before the Department of Justice announced he'd been arrested."

      If you were taken for 24 hours without a lawyer you would probably admit to something.

      There's a reason we have laws to stop that happening however when in someone else's country they don't apply.

      1. Anonymous Coward
        Anonymous Coward

        Re: Blind support

        "The lawyer claimed there was evidence of chat logs between Mr Hutchins and an unnamed co-defendant - who has yet to be arrested - where the security researcher complained of not receiving a fair share of the money."

        http://www.bbc.com/news/technology-40833951

        Yes, innocent until proven guilty, but it appears there was enough here to arrest him and make charges.

        No one can say he is guilty yet.

        1. Doctor Syntax Silver badge

          Re: Blind support

          "Yes, innocent until proven guilty, but it appears there was enough here to arrest him and make charges."

          The one bit of solid evidence that's emerged seems to be that he wrote an explanatory post about some code which was then sent to a Github repository and subsequently incorporated in the trojan. If that's what the FBI mean by writing malware then I'm sure a lot of people who've pubished code on Github or elsewhere, answered questions on Stackexchange and the like should avoid visiting the US.

          We don't have much info on this chat exchange to put it in context or even determine whether it was Hutchins or some other person using the same handle.

          And the from some of the quotes in the article it rather sounds as if some of those who knew him fear it's a case of TPTB starting to shoot the messenger.

          In the meantime I can't help wondering why, if this is a true bill, why he would have gone anywhere near the US.

          If this ever gets to court it'll be interesting to hear a comparison between his contribution to Kronos and the NSA's contribution to Wannacry. I'm sure the defence would want to raise it.

          1. Anonymous Coward
            Anonymous Coward

            Re: Blind support

            Of course, because it's completely normal to haggle about being paid for a Github contribution?

        2. Anonymous Coward
          Anonymous Coward

          Re: Blind support

          The prosecution lawyer. Obviously they'll say stuff like that to aid their case even if untrue as they aren't in the court house under oath.

        3. Anonymous Coward
          Anonymous Coward

          Re: Blind support

          I would like to know how they've linked the chat logs to Hutchins. Seeing as we have such an unbalanced extradition treat with the US if they had any real evidence they would have attempted to extradite him.

          I'm sure they have logs between author and seller, but I imagine that nothing in the logs gives away the identity of the author. The claim that he's the author and his confession is going to be turn out to be that his blog post on hooking was used by the actual virus author. That this happened isn't secret as it's covered in the BBC article you linked to. I'm sure it will be presented by the prosecution as a buff to hide his actual role of (alleged) author.

      2. Frank Zuiderduin

        Re: Blind support

        Did YOU actually read the article? The bit about the proof-of-concept code? Which was well known, so how could he NOT admit to it?

        1. Anonymous Coward
          Anonymous Coward

          Re: Blind support

          Did you read the part that he was looking to get paid for that "proof of concept"?

          1. Chronos Silver badge
            Facepalm

            Re: Blind support

            He's a security researcher. How else is he supposed to make a living? Begging?

            In answer, though, yes I did read it. I don't necessarily believe it or ascribe the same motivations to it that you obviously do but then I have this a{rse|ss]hole thing I do called "thinking for myself" which is probably the next big thing to have "The War on" added to it. What we'll probably never see is The War on Wars on Things, which is a shame as it falls so prettily from the tongue...

          2. YetAnotherLocksmith

            Re: Blind support

            Someone wants to use your code for "commercial ends"? Then you kind of expect to get paid for it.

      3. Anonymous Coward
        Anonymous Coward

        Re: Blind support

        Not me - I've been nicked before and I tell them nothing. Only my name.

        This is standard procedure. They give up asking questions pretty quickly once they know you absolutely will not answer a single question, ever.

        I've done this without a lawyer - you don't need to pay a lawyer to tell you what you already know - say nothing.

        1. Prst. V.Jeltz Silver badge
          Boffin

          Re: Blind support

          you don't need to pay a lawyer to tell you what you already know - say nothing.

          Have you not heard the revised "you have the right to remain silent" speech?

          It now sounds like its been redesigned by a committee and goes like this:

          "You do not have to say anything, but it may harm your defence if you do not mention when questioned something which you later rely on in court. Anything you do say may be given in evidence."

          1. YetAnotherLocksmith

            Re: Blind support

            That's only in the UK. You can remain silent in the USA without dodgy inferences being made.

      4. John Brown (no body) Silver badge

        Re: Blind support

        "There's a reason we have laws to stop that happening however when in someone else's country they don't apply."

        Based on my watching of various US TV crime dramas, once a lawyer is asked for there should be no further questioning. Any verbal evidence gathered once the request for a lawyer has been made is inadmissible unless it's clearly volunteered by the accused. IANAL etc. So is this just Hollywood wishful thinking or actual US law? I find it hard to believe he didn't ask for a lawyer over such a prolonged period of questioning.

    4. Pen-y-gors Silver badge

      Re: Blind support

      One has to question whether he 'admitted' anything to the Feds, given the lack of a lawyer, and whether they would even understand what he was saying. e.g. as a security researcher, writing a script to look for holes in banking systems is probably a reasonable thing to do. Writing a script to look for any vulnerability is what they do. Would the Feds describe that as 'malware'?

      I'd be more impressed if the Feds did something useful, like find the bastard (possibly in Israel) who hacked one of my servers via an ancient phpMyAdmin hole that the hosting providers hadn't fixed, and then deleted my databases! Obviously no sensitive info on it, but even so. Life in Sing-sing with Big Bubba as a cellmate is probably excessive, but staked out in the blazing sun on an antheap and smeared with honey would be okay.

    5. Anonymous Coward
      Anonymous Coward

      Re: Blind support

      On the other hand, when in court Hutchins pleaded "not guilty" to all charges, which does raise reasonable doubt about the veracity of the FBI's claims of what he told them when under FBI questioning behind closed doors without a lawyer present.

    6. Anonymous Coward
      Anonymous Coward

      Re: Blind support

      Or it's people who KNOW him or know someone who knows him and they know he's innocent. So NOT blind support.

      The FBI have balls up, 99% sure of that. Arresting him after the talks at Vegas was also their attempt to grab any info he got during that weekend during the talks where they don't like the feds being present for this very reason.

  2. Version 1.0 Silver badge

    Who hasn't written "malware" code?

    By the definitions that seem to float around the FBI, I believe that I need to turn myself in for having once supplied a small executable to a friend who slipped it into the hospital director's computer - whenever his boss turned his PC on, it displayed a dialog box "Do you have a small penis? Yes or No" and would move around the screen so that he could only ever click "Yes" with "No" always avoiding the cursor...

    I plead guilty.

    1. Pen-y-gors Silver badge

      Re: Who hasn't written "malware" code?

      Mildly entertaining, if it self-destructed before it got too irritating. But almost certainly malware within the meaning of the current law.

      Time to wander down to the local cop-shop and throw yourself on their mercy.

      1. Jamie Jones Silver badge

        Re: Who hasn't written "malware" code?

        You can't call that malware if he had no idea what the friend was going to do with it.

        He could have written it as a fun thing to put on his own PC as a sorta screenlock when he's away from his desk.

    2. Adam 1 Silver badge

      Re: Who hasn't written "malware" code?

      I once wrote a small service that ran on a colleague's machine. When issued a command from a client application running in my system tray, it would eject his CD ROM tray. Entertained us for the better part of a week. Now I'm older and wiser, I wish to publicly apologise for authoring botnet.beverageHolder

      1. werdsmith Silver badge

        Re: Who hasn't written "malware" code?

        Going back a few decades to early DOS PCs, I had endless fun writing Terminate and Stay Resident code that loaded from autoexec to play practical jokes on colleagues.

        Bad man.

        1. Teiwaz Silver badge

          Re: Who hasn't written "malware" code?

          Not since at school on BBC micros.

          A cute little bit of BASIC that faked the valid '>' prompt and spat out fake error messages to most commands and locked out break but otherwise piped some commands for normal output (like 'dir').

          Endless fun when you got to load it on the teachers machine when they stepped away from their machine for a moment, 'students' just gave up too quick to be any amusement.

          1. TonyJ Silver badge

            Re: Who hasn't written "malware" code?

            "... for normal output (like 'dir')..."

            Wouldn't that be *. (or *Cat if I recall the full command)?

            1. Anonymous Coward
              Anonymous Coward

              Re: Who hasn't written "malware" code?

              A have a disciplinary certificate for writing password capturing front end at college back in the dos / novell days.

              very proud :)

              1. Sir Runcible Spoon Silver badge

                Re: Who hasn't written "malware" code?

                Years ago myself and two colleagues were allowed to use our own build PC's at work - so we all had new kit and installed FreeBSD.

                Apart from a few teething troubles* it was great, but since we were all running 'X' and all on the same LAN one person thought it would be fun to run some little programs in the background - you know the kind of thing - ants running over the screen, googley-eyes popping up everywhere etc., so we all did it to each other - the goal being to see how many you could get to run before the target noticed (ants running over the desktop aren't easy to see when you have 20 windows open at a time!).

                Unfortunately, boys being boys it all escalated rather quickly, and I will have to admit I decided to employ The Art of War tactics on my fellows. Whilst they were busy tapping away and creating single key-press commands to inject programs onto my system, I decided to write a script to detect the source IP and then just run as many programs against that IP on port 6000 that my little CPU could handle.

                It was quite funny to see one of my colleagues sneak a glance at my screen to see if I would notice anything before starting to send over his little ants and father christmas's, closely followed by 'what the fuck' as his PC descended into background app hell :)

                Our manager decided to put a stop to it at that point, so I basically declared myself the winner :D

                1. Sir Runcible Spoon Silver badge

                  Re: Who hasn't written "malware" code?

                  *All three PC's were delivered with network cards that had cloned MAC addresses. One of us would be mid-build (we had backbone connections to Sun's servers hosting the files) and it would suddenly stop, whilst someone else was building theirs quite merrily. Took a while to figure that one out - never expected duplicate MAC addresses on three different PC's!

    3. Anonymous Coward
      Anonymous Coward

      Re: Who hasn't written "malware" code?

      I wrote a sort of keylogger back in the DOS days just to see if it would work. Written in Pascal from code found in the help file. Before going into Windows people would have to go to the network drive, I think it was H or something so:

      CD H:

      If I remember right. Then type "login" and then type "win". People would forget and type "login" while on the C drive. So I stuck my logger there. It would write user names and passwords to a file that you'd pick up later. File would be called something like assignment.doc because people would forget to save to floppy sometimes and because the PCs weren't cleaned, you had lots of student work lying around on the root of C.

      Trouble is, if someone found the assignment.doc file and opened it, it was then obvious what was going on and that there was a keylogger going around.

      I remember picking up the assignment.doc file one day and finding a few users and passwords in it. IT HAD WORKED!!!. One of the passwords I remember was "masterofpuppets". Logged into the users account but never did anything. Was just pleased it had worked as I was never a good programmer and had thought of the idea myself after seeing the help code in Pascal. Ideas never normally came to me without help :)

      A few years later my cousin asked me about it and I re-coded it for their Uni. This time I added very basic encryption I found in the 2600 magazine. So that if you found the assignment.doc it looked scrambled so hopefully you'd just ignore it. All the encryption did was lets say you type A. It would +25 to the ASCII number of A and then write the result back to the assignment.doc file. Then to decrypt, you used the decrypter that, obviously just -25 of whatever was in the assignment.doc.

      Fun.

  3. kmac499

    Legal Blasphemy.

    I've been trying to think of a way of describing the American attitude to breaches of their law.

    The closest parallel I can come up with is the way some other states regard blasphemy. The 'law' is an unchallengeable absolute, and the sin of transgression, whatever the alleged offence, is deemed so unpardonable that hostile popular opinion and the full powers of law enforcement are applied unthinkingly.

    Just follow the flame wars between the trump republicans and liberals where the sanctions being demanded against either for percieved crimes are extreme.

    Whether Marcus has a case to answer or not, now the machine has him his life is totally out of his control.

    With states requiring the skills of people like Marcus; I can think of no better way to alienate them than how the FBI et al has gone about his case.

    1. Matt Bryant Silver badge
      Boffin

      Re: kmac499 Re: Legal Blasphemy.

      "....The 'law' is an unchallengeable absolute, and the sin of transgression, whatever the alleged offence, is deemed so unpardonable that hostile popular opinion and the full powers of law enforcement are applied unthinkingly....." Actually the reality is completely the opposite. UK law is very prescriptive - "you cannot do X or you will be charged with offence Y which has punishment Z". That was why Assange's argument of "it wasn't really rape" was so quickly debunked as it was very easy for the CPS to show it fitted the UK's tight definition. The US legal system is a lot more ambiguous, which is why lawyers have become so rich in the States. There they can argue over definitions of a law with the jury (and the judge, who can direct the jury) then having to decide which legal argument has best merit.

      1. kmac499

        Re: kmac499 Legal Blasphemy.

        re Matt Bryant

        Your description may well be the situation when a case get's to court. I admit to having no legal knowledge.

        My point was purely about the initial almost reflex reaction in the US to anyone 'breaking the law' which is almost a bigger crime than the actual physical crime committed.

        (I believe the figure are; US population is about 320 million 5% of the worlds population but 25% of the worlds lawyers. with I think 2 million plus people behind bars. That's a big industry. )

      2. graeme leggett

        Re: kmac499 Legal Blasphemy.

        "you cannot do X or you will be charged with offence Y which has punishment Z.."

        Usually with a bit that says, "unless it's for V or W reason"

        Though opinion may vary as to whether V or W are valid reasons.

    2. oiseau Silver badge
      Alert

      Re: Legal Blasphemy.

      "With states requiring the skills of people like Marcus; I can think of no better way ..."

      To force them to work for you.

    3. Anonymous Coward
      Anonymous Coward

      Re: Legal Blasphemy.

      There's more people in prison in the United States that any other place in the world (or in the rest of history), so there's not much point in using it as a comparison with normal justice systems.

      You need to make a comparison with countries that don't regard incarceration as the sole reason for the existence of their security forces Even somewhere like Stalin's Russia wasn't as extreme (at least he wasn't trying to turn a profit from his GULags).

      Land of the free. lol :D

      1. nijam

        Re: Legal Blasphemy.

        > Even somewhere like Stalin's Russia wasn't as extreme (at least he wasn't trying to turn a profit from his GULags)

        This is the Stalin whose security services killed more Russians than Hitler's armies did?

  4. hellwig Silver badge

    You've fallen right into their hands

    "I am withdrawing from dealing with the NCSC [UK National Cyber Security Centre] and sharing all threat intelligence data and new techniques until this situation is resolved," said fellow UK researcher Kevin Beaumont.

    Maybe that's what the FBI wants. The whole intelligence community (at least in the US) has to have some egg on their face after the leak of some of their exploits (and the application of those exploits by various malware applications). Perhaps the FBI is bullying security folks on behalf of the CIA, NSA, etc... If nothing else, those agencies need some new vulnerabilities to exploit, and having a bunch of white hats find those vulns and report them to the public or the software manufacturers only makes their jobs harder.

    The enemy of the state is the free flow of information.

    1. John Brown (no body) Silver badge

      Re: You've fallen right into their hands

      "Perhaps the FBI is bullying security folks on behalf of the CIA, NSA,"

      Inter agency co-operation? Doesn't seem very likely, especially when it gives the FBI the chance to laugh at the NSA.

  5. Will Godfrey Silver badge
    Unhappy

    This Stinks

    That wasn't an 'interview', it was an aggressive interrogation.

    I'm reminded of that ancient quote from a certain Cardinal.

    1. Anonymous Coward
      Anonymous Coward

      Re: This Stinks

      I'm kinda wondering whether this is a case of some prosecutor / agent seeking to cash in on a bonus scheme that pays by results. Foreign guy, probably easily coerced, etc.

      This wouldn't be the first time US prosecutors have laid charges against a foreigner who has no idea there's even an indictment open on them. Ask all those businessmen running online gambling sites who by accepting custom from Americans fell foul of the US authorities citing laws that are themselves inconsistent with trade treaty obligations which the USA has signed up to.

    2. Adam 52 Silver badge

      Re: This Stinks

      Whilst it's very movie plot, I'm not entirely convinced that there wasn't a "we can make those Milwaukee charges go away if you just help us out here" conversation going on.

      The time gaps - and voluntary interview without lawyer - seem strange to my UK experience. If there's an arrest warrant in England it'd just get executed, certainly no conversation beforehand. Maybe the Americans work differently.

      Arresting when the court's not sitting so the suspect has to spend the weekend in the cells... that's standard procedure for police forces everywhere if they don't like you.

  6. Matt Bryant Silver badge
    Alert

    OMG, the horror!!!

    Milwaukee?!?! That's cruel and unusual, even for someone from Ilfracombe!

    1. werdsmith Silver badge

      Re: OMG, the horror!!!

      I can't agree with you there. Where else in the world would he be able to call on the services of The Fonz?

    2. Stephen Wilkinson

      Re: OMG, the horror!!!

      I'm sure Milwaukee is probably just like Slade so okay in parts

      1. Anonymous Coward
        Anonymous Coward

        Re: OMG, the horror!!!

        My god, I didn't know Milwaukee only knew three chords...

  7. Jim Mitchell

    "A Sin City court granted Hutchins bail of $30,000 on Friday. However, the decision came at 3.30pm local time, and his attorney wasn't able to make it to the bail office to pay the money before it closed at 4pm."

    The one place I'd actually expect to find a 24-hour bail office is .... Las Vegas.

    1. Adam 1 Silver badge

      That is quite unjust. I get that bail offices need to close, particularly in smaller regions*, but given the probability** that the accused may turn out to be innocent, there has got to be a better way. Again, assuming that all is in place except the money, why can't they accept payments via bitcoin or direct transfer or PayPal or ...... Of course some of these won't work, but it's worth trying to make the process a bit fairer.

      * Not that this is the case here

      ** Even if it is small, it is definitely non-zero

      1. Blotto Bronze badge

        the state plays the same games with those that aren't famous too.

        Imagine your on holiday, about to come home and are misidentified as someone they are after, you'd get the same treatment too.

        The thing that bothers me the most is that if we heard of this behaviour in Russia, North Korea, China or some other country we have been brought up to expect poor treatment of their citizens, we'd all be moaning about how inhumane they are for treating their citizens in this way. If a foreign country had arrested a US citizen in this way, guilty or not, they'd be sending in the black hawks and parking the Reagan of the coast.

        the behaviour of the US towards its citizens and world neighbours over the last 17 years has been getting more and more questionable.

    2. Prst. V.Jeltz Silver badge

      "The one place I'd actually expect to find a 24-hour bail office is .... Las Vegas."

      I thought New York was the city that never sleeps?

  8. Anonymous Coward
    Anonymous Coward

    Let's see how long it'll take for the Feds...

    ... to discover how the NSA tools were stolen...

  9. gerdesj Silver badge

    Legal costs

    Given that he saved a lot of people from a major rogering I'm sure that his legal fees are covered.

    Perhaps the NHS could find a few 100K down the back of the sofa given he probably saved them several million or rather more.

  10. Sanctimonious Prick
    Black Helicopters

    Hey! What's The Bet...?

    What's the bet no U.S. law enforcement or three letter agency will arrest anyone in connection with any of the Wanna'Sploits!!!?

    No way! It leads back to the NSA. Everyone knows it.

    Everyone the world over knows the NSA harvested those exploits, and that it was the NSA who were ultimately responsible for, well, _not_ securing the code they wrote to take advantage of them!

    Who the fuck is gonna arrest them for writing malicious code that took down big networks like the NHS in the UK? WHO?

    [phew! chest. off.]

    (oh FFS, Chrome is blocking me from inserting a URL)

  11. wub

    Blaming the messenger?

    "Cybercrime remains a top priority for the FBI," said special agent in charge Justin Tolomeo. "Cybercriminals cost our economy billions in losses each year. The FBI will continue to work with our partners, both domestic and international, to bring offenders to justice."

    Don't over think what happened to Marcus. Sounds like someone offered his name, he's gotten famous enough to be easily tracked and "captured", and as a malware researcher he's always involved with dangerous code. The Feds need a pelt to nail to the side of the barn.

    Cops are lazy - I remember what happened to the rent-a-guard who found a bomb during the 1996 Summer Olympics in Atlanta (https://en.wikipedia.org/wiki/Centennial_Olympic_Park_bombing). Basically, when he reported finding a bomb, he got investigated for knowing the bomb was there. Simply doing the job he was hired to do made him a "person of interest", got his house turned over and nearly got him arrested. He certainly got pilloried in the press. At least he got his name cleared when the real bomber was eventually caught.

    Sounds like what has happened before is destined to happen again. Admittedly, I have almost no information on which to reach my conclusion, but I do know human nature. This is all way too pat, getting famous made him a target, and got him arrested. He'll be extremely lucky to avoid doing serious time on this one. The best thing the security community can do for Marcus is to figure out who made Kronos. Just be careful while on the case!

    1. Sir Runcible Spoon Silver badge

      Re: Blaming the messenger?

      Shooting the messenger is the time-honoured method of reducing the number of messengers.

      Handy if you want to keep everyone uninformed.

  12. Andrew Barr

    Coincidence

    Now just to throw some petrol on the flames.

    The day he gets arrested all the wannacry bit coins get converted to another untraceable cryptocurrency.

    I wonder if finding the wannacry kill switch wasn't just found by decompiling the code,but he already new the url.

    1. Gotno iShit Wantno iShit

      Re: Coincidence

      Wow that's some outlandish poppycock right there. He didn't need to decompile the code to find the URL because he ran a sample and observed it trying to connect.

      1. YetAnotherLocksmith

        Re: Coincidence

        Indeed - anyone who runs it can see the connection attempt via burp or proxy or whatever. Marcus was just the "first to file".

        And the FBI did no work at all. Marcus was doxed by the UK newspapers!

  13. Andrew Taylor 1

    Am I the only one who made the Godfather connection..... I think it went something like this:

    Caller; "Don Vlad, someone in Britain has blocked with our internet extortion racket, can you do us a favour and teach him a lesson"

    Don Vlad.; "No problem, let me have a word with Donna Theresa and he will suffer"

    Caller; "But he's in America at present"

    Don Vlad; "In that case I'll talk to Don Don, he owes me a big favour"

    Don Vlad; "Don Don, remember that big favour I did you, well I need a little favour from you"

    Don Don; "Anything my friend"

    Don Vlad; "Well there's this British guy that's stopped some of my friends from making money on the internet and he needs teaching a lesson he will never forget and he's in America right now"

    Don Don; "No problem, our Justice Dept has record of blaming other countries citizens for our IT security cockups and trying to extradite them to cover up US messes, what's his name and Ill let my contact know"

    and so on

    Apollogies to Mario Puzo

  14. Halfmad Silver badge

    Something just fundamentally doesn't add up about the story.

    However as we don't know where the problem is, either with Marcus or the authorities I'm minded to side with him, innocent until proven guilty and the narrative we're getting from the authorities doesn't make a huge amount of sense for anyone in the infosec world.

    It's almost as if they are simply squeezing him for info for other cases, put pressure on him, prevent him leaving the country and see if he'll squeal on any contacts he has.

  15. Anonymous Coward
    Black Helicopters

    I'm Spartacus....

    I plead guilty too: I clearly remember writing malware like this on government computers:

    10 PRINT "Fuck off!"

    20 GOTO 10

    1. Version 1.0 Silver badge

      Re: I'm Spartacus....

      I would estimate that, if you were caught by the FBI, you would be charged with causing about a billion dollars of damage to government computers.

      10 GOTO 10

      There, fixed it for you - nothing to indicate that anything is happening but the CPU is at 100%, OMG, I've just written Malware!

  16. nijam

    > "Cybercrime remains a top priority for the FBI," said special agent in charge Justin Tolomeo.

    If Justin were literate, he might have said something like "Investigating cybercrime remains a top priority for the FBI". Instead, he effectively said "The FBI devotes most of its efforts to committing cybercrime."

    But now I come to think of it...

  17. poohbear

    From: GCHQ

    To: NSA

    Hi

    You have one of our assets.

    Please return him immediately.

    1. YetAnotherLocksmith

      That would be nice.

      n/t

  18. Mike Richards

    Poor bastard

    He's going to Milwaukee.

    1. kmac499

      Re: Poor bastard

      Milwaukee; home to Harleys and Beer. In different times that good be good holiday.

  19. CrazyOldCatMan Silver badge

    Economy

    Cybercriminals cost our economy billions in losses each year

    Much like bankers and people who gamble with the stock market. Strangely enough, you don't see them in GPS tags..

    1. steviebuk Silver badge

      Re: Economy

      And watching the film Infiltrator that was based in the 80s and based on a true story. You find out each year (either at that time or not) several trillion dollars is laundered every year. Not that it's right but, I assume without that illegal money the American economy would tank.

      Or am I not understanding economics right?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019