Guess he upset a lot of bad guys stopping that attack...
WannaCry-slayer Marcus Hutchins 'built Kronos banking trojan' – FBI
Marcus Hutchins, the British malware researcher who killed off the WannaCry ransomware outbreak, was arrested in Las Vegas on Wednesday on suspicion of being a malware writer himself. Hutchins, aka MalwareTechBlog on Twitter, was collared after attending the DEF CON hacking conference in Nevada, US, last week. FBI agents …
COMMENTS
-
-
Thursday 3rd August 2017 21:10 GMT Anonymous Coward
Or he is responsible for wannacry and panicked, and cooked up a story about finding the kill switch - that he coded...
Sounds credible. He also posted diversionary post to Twitter about Kronos.....
I wonder how many other "security researcher" aren't what they appear, pretty much every other day we have a story from another unknown "expert"
-
-
Friday 4th August 2017 10:31 GMT FlamingDeath
Absurdity is not a measure of truth, as has been shown with the 9/11 commission, the Warren Commission, and many many other whitewashes in history.
What AC is suggesting makes a lot of sense to me. If I were an arsonist, surely the best cover I could have is that of a firefighter?
I'm not saying he is correct, just saying it sounds credible
-
Friday 4th August 2017 07:59 GMT Anonymous Coward
After reading the indictment, I kind of wonder if he's in touch with Snowden, and they are trying to get at Snowden through him. Or someone similar to Snowden.
Seems awfully easy to allege that people left digital footprints around the scene of a digital crime - especially a threat researcher whose JOB is to snoop around digital crimes. Of course his digital footprints are going to be all over digital crime scenes.
Either that or they've got him dead to rights. One or the other. But even if he did the crime, I wouldn't be shocked to find that this is an attempt to get him to roll over on someone like Snowden who is a bigger fish for them.
-
Friday 4th August 2017 20:36 GMT Anonymous Coward
I wouldn't be shocked to find that this is an attempt to get him to roll over on someone like Snowden who is a bigger fish for them.
Pardon my ignorance, but what is there to be had on Snowden? The world pretty much knowns what he had, and where he lives is also not so terribly protected that there would not be a way to get to him without too many problems.
By the way, the way the Russian relationships are deteriorating I would pardon Snowden right now before the Russians decide to consider him a sufficiently useful source of information to "invite" his cooperation.
-
-
-
Friday 4th August 2017 08:13 GMT Florida1920
Re: no good deed goes unpunished
sounds like my career
Join the club. I took over ownership of a popular site on Sunday. Atta-boy. Tonight I blew it up. Ooops. Fortunately, it's back up. Fortunately, it's doubtful the g-men noticed, and I'm far from home anyway. To really foul up in this business all you need is a laptop and wi-fi.
-
-
-
Thursday 3rd August 2017 20:42 GMT MattPi
Re: Also Wannacry?
"I've read the indictment, and it looks solid. It would be odd for a dedicated hacker-for-money to stumble over just the solution to another criminal exploit, let alone play 'save-the-day' hero. At least I can't recollect the like."
If I remember one of the interviews, he was investigating it and noticed it tried to contact a domain that didn't exist (as a measure for the malware to detect if there was a transparent proxy on the network watching it). He registered the domain to see what would happen and somewhat accidentally killed off the spread because all the new copies now thought they were being watched and shut down.
That seems like a pretty normal thing to do for someone who enjoys reverse-engineering code, or a way for a dedicated black hat to learn new tricks and keep up with the technology.
-
Thursday 3rd August 2017 20:52 GMT danR2
Re: Also Wannacry?
'...he was investigating it' reminds me of the time I stole a pocketknife from the store, buried it in the public right-of-way beside the road, and then went and told my mother about the knife I 'found'. She gave me an instantaneous, level-gazed, 'cool story' "Where did you get that knife, Danny?" reply and I was quickly sent off to return it to the store. With an apology.
-
Friday 4th August 2017 12:43 GMT Blotto
Re: Also Wannacry?
If he's a security guy and noticed it trying to get to a non existent domain he must have seen it do a dns lookup. The easiest and quickest way to determine what it would do would be to add an entry in his host file and point the domain to a webserver in his own LAN, not go to the lengths of paying for and registering a domain with an odd name then create an internet facing webserver and point the domain at it. Turns a 5 min job into a few hours at minimum and at some cost. If after testing in the home lab he discovered it rendered the attack null then great buy the domain, put your sever on it and tell the world.
There is something a little off with this.
-
Friday 4th August 2017 14:32 GMT Anonymous Coward
Re: Also Wannacry?
Or ...
You see it is trying to contact this oddly-named domain, so you check to see who that belongs to and discover it is unregistered.
Do you a) snap it up yourself because that might be fun / useful / lucrative or b) just leave it for someone else to find ?
And if you pick a) why not then use the real-world domain and capture all the traffic to it and not just whatever you have locally active (if you have anything locally active) is sending?
It doesn't seem all that off to me.
-
Friday 4th August 2017 16:14 GMT Midnight
Re: Also Wannacry?
"There is something a little off with this."
There sure is. I think you should look at changing the vendor you purchase domain names from, as it really shouldn't take "a few hours minimum" to sign in to a control panel, type or paste in a domain name, check the box that says "Yes please put this domain on the same domain name servers I always use" and then push a button to buy it. It's a five minute job at most, and that includes typing your password wrong four times and swearing a bit before you turn Caps Lock back off. And if you're concerned about the cost, which is less than the price of buying warm drinks for the entire team one time, you can typically 'return' the domain a few days later and end up paying nothing.
What you may be missing is that checking in with a mysteriously named domain is a fairly common technique for malware to use, and that it is not unusual to take control of expired, unregistered or cancelled domains to 'sinkhole' them, effectively shutting down an entire botnet by not only removing its central command and control facility but also redirecting the C&C traffic to a friendly site where you can keeps tabs on botnet infections and activity. The value isn't just in stopping a single infection on your local network, but also in seeing what every other infected host in the world is doing, so taking a few minutes to register a domain and point it to your existing sinkhole server is a reasonable thing to do.
This is exactly what MalwareTech described in his original write-up of WannaCrypt ( https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html ), and he includes some data he was able to collect on global and regional infection rates through the sinkholed domain.
It may seem odd if you're not familiar with modern botnet hunting, but what MalwareTech did wasn't that unusual.
-
-
-
-
Friday 4th August 2017 04:08 GMT GrapeBunch
Re: Also Wannacry?
I upvoted you, but I'm not sure. "clueless" ... "stupid" ... it could just be a nefarious way to get something they really want. And if the dates are right, they knew they wanted it before the Las Vegas convention, but after Marcus became an accidental hero. They'll certainly be looking for other things in any electronic equipment he might have been carrying (didn't we all agree last month not to carry equipment to USA?), or if there's no data, they could add it. His safest option was to have not been carrying any equipment.
So, are there any safe countries in which to reside--and be a hacker not employed by a government? Perhaps Russia, but maybe not, if you are the wrong flavour.
-
Friday 4th August 2017 08:41 GMT streaky
Re: Also Wannacry?
didn't we all agree last month not to carry equipment to USA?
We did indeed.
Re: stupid. I meant him - if you'd pulled that then decided to pootle about in the US at a hacker con you're just asking for threats of 10 lifetimes unless you confess.
It sounds unlikely. If you do this sort of thing you wouldn't be stupid enough to draw attention to yourself with either the malware cited or with wannacry, You just wouldn't. Unless you're a world class moron.
-
-
Friday 4th August 2017 15:13 GMT waldo kitty
Re: Also Wannacry?
"Given how clueless US agencies are [...]"
ummm... remember, all this so-called evidence is given to a/the Grand Jury... they are the ones that say "yay or nay" on these things... these folks are common every day john and jane does who likely don't have the first clue about these things to start with... just talk with some random on the street and see what kind of answers you get for the most common computer, internet and security related topics... clueless? yeah, to say the least... the GJ is definitely not a jury of peers... if this case goes to trial, it is highly doubtful that the court will even be able to find any true peers, peers that fully know and understand the aspects of so-called hacking and computer/internet security...
-
Monday 7th August 2017 12:57 GMT Aodhhan
Re: Also Wannacry?
Grand juries aren't a bunch of idiots. These are professionals with doctorate degrees who look at what evidence has been gathered so far to make a decision on prosecution.
The fact he's being held without bond is quite telling in itself... with monitoring technology today, this is rarely done even if there is a slight flight risk. Likely there is information and damages from this along with other items which have yet to be released and will likely have a closely monitored and quiet discovery process.
While he is innocent until proven guilty, it doesn't look good for him. What floors me, is the amount of people who come out defending him with very little knowledge of it. I wonder how liberal they'd be if he was responsible in any way of draining their bank account.
There are plenty of sick self-absorbed individuals who will write or in this case modify malware, let it run it's course, then come in and play hero of the day.
-
-
-
Friday 4th August 2017 19:26 GMT Anonymous Coward
Re: I've read the indictment, and it looks solid.
well reading his tweets for the last few days he had his wallet stolen including credit card in Las Vegas and commented that he wasn't sure why they only took a wallet with little cash and left the phones. Perhaps they needed access to his credit card data before arresting him? Just a thought.
-
-
This post has been deleted by its author
-
Friday 4th August 2017 15:34 GMT JohnG
Re: Also Wannacry?
"There is a real chance that years of this guy's life could be wasted in the US."
I predict he will be offered a plea bargain and threatened with years on remand, away from his homeland, his home and his family, if he doesnt comply. (As I understand it, he has not yet had access to a lawyer or contact with his family, so I guess the bullying is in progress). If they win, the FBI can then claim to have solved a major international crime by pinning it on johnny foreigner.
-
-
Friday 4th August 2017 06:43 GMT Anonymous Coward
Re: Also Wannacry?
I've read the indictment, and it looks solid. It would be odd for a dedicated hacker-for-money to stumble over just the solution to another criminal exploit, let alone play 'save-the-day' hero. At least I can't recollect the like.
Err, no. Those are statements, assertions. Until there is evidence to prove such assertions they are but noise, and the guy remains innocent until formally convicted by a judge.
Or, in other words, you can't judge this from the accusations. You need the facts and their context. It could be that the FBI simply found his IP address when he was researching malware and is trying to make this into all the evidence they need for a conviction, it could be that someone is seeking to deflect a crime onto him to get a reduced sentence themselves (which again requires solid evidence).
Until we see the actual facts that underpin this case, there should be no other assumption than innocence. That's how it works.
-
-
Saturday 5th August 2017 10:11 GMT Anonymous Coward
Re: Also Wannacry?
Thats what the outward story looked like at the time. Scratch below the surface, and its far more deliberate, Russinovich worked for Microsoft, who were battling with Sony and need the internet to start hating them. Cue shill, who "bought a CD" a blog post, and an army of Microsoft viral marketing hate..
If you believe this was an accidental discovery, then I have some magic beans to sell you....
-
-
-
-
-
Thursday 3rd August 2017 22:35 GMT Doctor Syntax
Re: Apparently he does other thing for a living as well.
"What I'm insinuating is a development from my presumption of the solidity of the indictment, which I've read at length."
Did your reading include any evidence? I didn't see any. We don't know why he's been fingered as the author of Kronos and until we do we can't work out whether it's a sensible chain of reasoning or has any supporting evidence. Until we get those details I'll carry on wondering why someone with that high a profile would go anywhere near the US if he actually the author of a banking trojan.
-
Friday 4th August 2017 06:46 GMT Anonymous Coward
Re: Apparently he does other thing for a living as well.
Until we get those details I'll carry on wondering why someone with that high a profile would go anywhere near the US if he actually the author of a banking trojan.
Yes, until any actual facts arrive it looks more like attempted forced enlisting - maybe his normal consultancy fees were a tad too high for the FBI? This way they don't need to apply for a H1B either..
-
-
Friday 4th August 2017 06:49 GMT Anonymous Coward
Re: Apparently he does other thing for a living as well.
What I'm insinuating is a development from my presumption of the solidity of the indictment, which I've read at length.
Yes, lovely long words. That still doesn't mean you have a clue - there isn't a single FACT in there. Until such time as there is evidence supplied to stands up to close scrutiny, the chap is to be deemed innocent.
-
-
Friday 4th August 2017 17:15 GMT JLV
Re: Or else he was trying to throw the dogs off the track.
>vice-versa
Agree. I'd also add that, if he is innocent, I hope he gets cleared relatively quickly and doesn't suffer huge financial losses and stress defending his innocence. That's probably an unrealistic hope, but still.
On the positive side, he has enough profile and goodwil that his trial will receive a lot of attention. If the G-men have a case they'll have to make it in full and won't be able to cut corners.
Remember though that Kronos itself is not a prank hack, like defacing whitehouse.gov or whatever. Whoever built it, whether Marcus or not, should burn. And that's another reason the FBI needs to make an airtight case: if an innocent man gets jailed, the real criminal gets away.
-
This post has been deleted by its author
-
-
-
-
-
-
Friday 4th August 2017 22:03 GMT tom dial
Incorrect in part. NSA hires contractors whose employees sometimes are untrustworthy, careless, and possibly clueless. In addition to Reality Leigh Winner, there also is the example of Harold Martin III, who is charged with taking home a half terabyte or so of classified program code. Neither provides a basis to disparage the code of what Martin took or that released through Shadow Brokers.
The WannaCry code, by various reports, was not well thought out including, but not limited to, the "kill switch."
-
-
-
Friday 4th August 2017 09:59 GMT phuzz
Well, Wannacry was written using some of the NSA exploits that had leaked earlier, so you're at least half right.
-
-
-
Friday 4th August 2017 15:20 GMT waldo kitty
Re: "I've read the indictment"
"it seems they may have thought that the accounts malwarertech (probably the bad guy) and malwarertechblog (the good guy) were the same, somehow."
ummm... they are... MalwareTech is a GoodGuy<tm> and MalwareTechBlog is his twitter account for his blog... same guy, two different twitter accounts... depending on what you want in your feed, you follow one or the other or both...
-
-
Thursday 3rd August 2017 22:15 GMT Anonymous Coward
This is how US justice works; they collar someone for a crime and then offer a deal on sentencing if they agree to plead guilty & testify against one or more "bigger" fish - irrespective of the guilt of said pescatorial victims. Benefits to everyone involved, other than any collateral damagees, but hey, eggs & omelettes..
-
-
-
-
-
-
-
Friday 4th August 2017 14:25 GMT Sir Runcible Spoon
Re: da ja vu!
Apart from the sheer crudity of the attempted humour (plus it's age) I think you'll find most people here won't find this amusing since many of us work in the field and the thought "but for the grace of God, there go I" springs to mind.
Even with all my security clearances I'm going nowhere near the US - who knows what they might conjure up just for shits and giggles. If there were any way to object and get legal representation etc. then it might be worth a risk - but this is the country where the Police are routinely stealing from tourists to fund their military hardware purchases and training.
Fuck No, thankyou very much.
-
Friday 4th August 2017 20:02 GMT Anonymous Coward
Re: da ja vu!
Even with all my security clearances I'm going nowhere near the US - who knows what they might conjure up just for shits and giggles.
It is exactly BECAUSE of my security clearances, rights of access and other fun things I've been up to that I will no longer consider any visit to the US. I take my duty of confidentiality very seriously, and because I know way to much about direct and indirect intercept there is no way I will place myself in a position where a border guard with a Hitler complex would steal data off me or try to plant anything subversive.
On the plus side, I must give them full marks for innovation. Surrounding the country with a ring of idiots as a barrier is not a bad idea, it keeps them both employed and out of the way.
It's just a shame they put one in the White House too :(.
-
-
Friday 4th August 2017 20:16 GMT Anonymous Coward
Re: da ja vu!
Havent we had this exact discussion before?
Yes, I had to look it up as well. I like to change sides every so often, just to keep things interesting.
Although I don't think rape is funny in any context (not just in prison), I think that no executive would worry about a jail time if it was the sort of locked down executive suite it is in some countries - they're used to be in an office anyway. However, the potential of being placed with an intimidating inmate who prefers a bit more direct physical benefits package is more likely to worry them.
So, do I like prison rape? No. Do I like suggesting it may happen to keep the fear potential of incarceration at a useful level? Oh yes. I want people who are thinking about inflicting misery on millions for personal gain from their high rise office to fear getting shipped to a place where dropping their soap in the shower is really not a good idea, so they they don't. There are still too many getting away with that as it stands.
-
-
-
-
-
-
-
-
Friday 4th August 2017 20:22 GMT Anonymous Coward
Re: Framed
Yes, I was wondering too if he was framed. On the other hand, there were a number of reports that he wasn't exactly happy with the attention that accompanied his accidental killing off of Wannacry.
I personally thought it stupid to broadcast the "mistake" made with the code because that made it certain that "feature" would be removed in the next iteration), but it could be his personal aversion to publicity that tipped off the Feds to take a look at him.
In that case I'm in trouble too - I don't like being in the news either, that's what got me into privacy in the first place. I work with a number of people who know the price of fame and you can keep it as far as I'm concerned.
-
-
-
-
-
-
Friday 4th August 2017 15:36 GMT waldo kitty
In America you apparently only have to glance at the person committing a crime to be generously provided with the same kind of jail sentence.
if you know what they are doing and you don't report it, you can be considered an accessory...
I don't recall what the fucked up legislation is called, but it's apparently there to fill all the privately owned
bank accountsprisons.the term you are looking for is "accessory after the fact" and it requires that you know that "the act" was illegal and you didn't report it...
there is also "accessory before the fact" which means that you knew about the act to be committed and you didn't report it... this one may also carry additional conspiracy charges if you participated...
-
-
-
-
Friday 4th August 2017 10:20 GMT cyclical
There is an in-depth analysis by the Washington Post here - https://www.washingtonpost.com/news/volokh-conspiracy/wp/2017/08/03/the-kronos-indictment-it-a-crime-to-create-and-sell-malware/?utm_term=.9b4ed7645cea
tldr version; possible, but they have to prove a lot of things that are hard to prove, i.e was Krono a 'device' capable of 'wiretapping', and a bunch of 'intent' type things.
-
-
-
Friday 4th August 2017 20:29 GMT Anonymous Coward
Re: What's that aroma?
I don't know. Despite all the noise I'm still inclined to believe that the FBI does at least its homework. Local cops, yes, I can see them playing stupid games but the FBI is supposed to be a better class of law enforcement.
They have an indictment which suggests there is data somewhere, but the whole purpose of taking him in is to see if their data indeed matches the facts. I just hope they're still man enough to admit they got it wrong if they find the guy was framed, because that's quite viable in the security world.
-
-
Friday 4th August 2017 02:57 GMT Amorous Cowherder
Hmmm....
I think it's a natural human instinct to want to see the downfall of a hero, sad but true facet of human nature is jealousy. We can speculate all we wish but in the end it's up a court of law of decide, hopefully in a fair and just way although this will be held in the US and the only way to secure a fair trial is to have very deep pockets.
I suspect, as another poster as said, this guy probably isn't guilty of much but has grubby fingers from poking in too many pies and the US gov wants to use him to nail some bigger fish, the only way to do that is to hold him long enough to pin something minor on him and get him to squeal a little. He'll probably end up with the equivalent of some 18 month suspended sentence and sent on his way in a year or two with a proviso to never enter the US again.
-
Friday 4th August 2017 05:45 GMT Steve Davies 3
This will end in one of two ways
1) He spends the next 300+ years locked up in so fed rathole
2) He spends the rest of his life helping the Feds write super unbreakable Wannacry/Kronos stuff.
The Feds will throw the book at him at the start and then his legal team (more likely a wet behind the ears public defender) will do a deal to get to 2).
There is a moral to this but it contains so many sweary words that I'd get banned for posting it.
Quite why he went to the USA in the first place is beyond me.
-
Friday 4th August 2017 06:14 GMT John Smith 19
Clearly guity as charged under the "All-furriners-are-up-to-something-cause-there-furrin" Act
Which is surely going through Con-gress as we speak. *
As others have point out where is the evidence?
*As soon as its sponsors run it through the clever backronym generator package they've just bought.
-
Friday 4th August 2017 07:13 GMT Anonymous Coward
Let's say for a minute he did write the kronos banking trojan.
Would he really go to America?
Would he really make himself known with regards to wannacry?
Would he work in the industry he does?
Also, as he is a foreigner why did they file in court to arrest him? I thought we had zero rights in America.
-
Friday 4th August 2017 08:36 GMT DasWezel
"Would he really make himself known with regards to wannacry?"
Let's be honest, he didn't. He got doxed by the Daily Torygraph. (https://esist.tech/2017/05/15/doxing-the-hero-who-stopped-wannacry-was-irresponsible-and-dumb/)
Who incidentally released this gem today with no sense of irony whatosever (http://www.telegraph.co.uk/news/2017/05/14/revealed-22-year-old-expert-saved-world-ransomware-virus-lives/)
Bastards.
-
-
-
-
Friday 4th August 2017 12:49 GMT Anonymous Coward
Re: What's the delay?
Bless. Have you seen that he now "diagnoses" murderers and not just hackers?
http://www.southwalesargus.co.uk/news/14950783.USK_MURDER_TRIAL__Accused__has_Asperger___s_syndrome_/
Because, not content with giving the impression that everybody with Asperger's is a paranoid hacker, he's now apparently happy to give the impression that they are all potential murderers as well.
-
-
-
-
Friday 4th August 2017 10:06 GMT phuzz
If they wanted him to work for them, they could have just waited until he got home to the UK and had GCHQ go round and have a quiet word (maybe commenting on how nice his mum's house is, and what a shame it would be if it was repossessed).
Or maybe that's the second part of the plan. The FBI scares him, and then when he eventually does get home, our security services have a quiet word, deploring the heavy-handedness of the cousins, and coincidentally offering him a job...
-
Friday 4th August 2017 15:26 GMT Anonymous Coward
@phuzz
phuzz wrote: "If they wanted him to work for them, they could have just waited until he got home to the UK and had GCHQ go round and have a quiet word (maybe commenting on how nice his mum's house is, and what a shame it would be if it was repossessed)."
But according to the Bloody Stupid Telegraph, (who doxxed him in the first place), under headline "IT expert who saved the world from ransomware virus is working with GCHQ to prevent repeat" claims he was already working with GCHQ ...
FWIW - I wonder if he would have quietly & safely returned to England had it not been for the Bloody Stupid Telegraph's Bloody Stupidity ... thanks to 'DasWezel" above for the excellent link, worth repeating https://esist.tech/2017/05/15/doxing-the-hero-who-stopped-wannacry-was-irresponsible-and-dumb/
I have not read the indictment, as this article also has excellent analysis, IMHO
https://www.washingtonpost.com/news/volokh-conspiracy/wp/2017/08/03/the-kronos-indictment-it-a-crime-to-create-and-sell-malware/?utm_term=.30c89d671f12
-
Friday 4th August 2017 16:19 GMT Doctor Syntax
Re: @phuzz
"I have not read the indictment, as this article also has excellent analysis, IMHO"
That analysis seems to be written on the lines of "assuming he can't prove he didn't do it this is the best line of defence". If he didn't do it I'm sure he wouldn't want to be forced to rely on that as it would pretty well end his career.
-
-
-
-
Friday 4th August 2017 07:33 GMT Slx
Proportionality ...
It’s a very strange case and the allegations do not seem to fit, when you consider his public spirit motivated shut down of WannaCry. I suppose we will start to hear the detail of the allegations in the coming days
My major concern is that if someone is convicted of something like this in the USA, the sentences are usually absolutely disproportionate and you can expect something that carries insane amounts of prison time, in what is one of the harshest regimes in the developed world.
It’s a very strange world at times!
Whatever happens, I hope he’s getting good legal support and backup from the UK Foreign Office and that they have not just capitulated to whatever it is the US asked for, based on the UK government’s desperation for a trade deal after shooting themselves in booth feet with Brexit.
-
Friday 4th August 2017 08:32 GMT RealBigAl
Re: Proportionality ...
"I hope he’s getting good legal support and backup from the UK Foreign Office and that they have not just capitulated to whatever it is the US asked for, based on the UK government’s desperation for a trade deal after shooting themselves in both feet with Brexit."
This'll be the best joke of the day, and it's early in the day.
-
Friday 4th August 2017 11:01 GMT Boris the Cockroach
Re: Proportionality ...
The reason for the huge sentences in the US are 2 fold
1. Is to get the perp to squeal in return for a reduced sentence
2. because the US still relies on the for profit prison industry to supply it with cheap labour... why else would over 2 million people be locked up in the 'free' USA
-
-
Friday 4th August 2017 08:04 GMT Mark M.
Arrested on way home?
I'm willing to bet here that he upset someone with senior fed connections at some point during the DEFCON and they told a pile of wild porkies to the FBI in order to ruin Hutchins' day and reputation. Why else would he be charged before he left the USA and not when he set foot on US soil.
-
-
-
Friday 4th August 2017 11:08 GMT Anonymous Coward
Re: Marcus Hutchinson indictment
Jury members identities might be kept secret for the duration of the case to avoid influences on the jury .
I suspect in the case of high profile IT related cases, the might be a concern at doxing or general harassment - as opposed to bribery or threats -among other things
-
-
-
Friday 4th August 2017 10:15 GMT Citizen99
UK-US extradition
" The manner of his arrest is also interesting. While Britain has an extremely favorable extradition treaty with the US – thanks to Tony Blair bending over backwards to accommodate his buddy George Bush – it appears the Feds decided not to go that route. "
Perhaps because Theresa May (Home Secretary at the time) grew some balls and refused to extradite McKinnon (I think it was) (?)
-
Friday 4th August 2017 11:27 GMT Anonymous Coward
Could be a new hiring tecnique
Get jailed or join our team. I remember from a tech news just a few years ago that powerful 3-letter-agencies are scouting talented malware writers and debuggers at black hat conferences. Maybe filing a case first to their prospective new hire would force the geek to join their secretive org without any package and benefits negotiations.
-
This post has been deleted by its author
-
Friday 4th August 2017 15:42 GMT CaitlinBestler
Why not wait and extradite?
What was so urgent that they had to arrest him at the airport?
Did they have any reason to doubt that Britain would extradite him after they issued a
throoughly vetted indictment?
This at the minimum suggests to me that the prosecutors are not confident in their case.
-
Friday 4th August 2017 16:32 GMT Claptrap314
Would it make sense to arrest him right before BlackHat or after? If you do it before, the arrest becomes a major topic of conversation at the conference. And there's already a serious long spoon relationship there.
Do you try him in the US or Britain? I seriously doubt that the FBI would proceed without a significant back-channel discussion with their equivalents. That depends on several things. Where are the witnesses? Which legal environment is better (for the prosecution)? Which team has evidence that they can disclose without compromising important secrets? Of course, if the real goal is simply to roll the guy, then certainly he can expect a warm reception when he returns home.
You only receive a public defender if you convince a judge that you lack the means to hire your own attorney. (Source: I've seen judges make that determination.) Unless they froze his bank accounts, that won't be an issue. And if they DID, there will be a gofundme that will do just fine.
I certainly agree that it is entirely possible that this is some sort of petulant behavior on behalf of one of our TLAs, or someone well-connected to them. OTOH, this case is going to have the attention of the entire security research industry. Thirty years ago, the five eyes probably could have blown this off. Not any more.
My wild speculation? If he strongly protests his innocence, then there will be a very large group of highly experienced and talented people looking to demonstrate that innocence by figuring out who the actual author is. And whoever succeeds gets a significant career boost. And makes the FBI look like chumps. The FBI knows this.
I expect that the FBI really believes that they have him. It's one thing to have a technically adversarial relationship with the security community. It's another to go to war.
-
Friday 4th August 2017 17:39 GMT Anonymous Coward
What a laugh...
I like the line in this story that alleges that Blighty willingly extradites crims to the U.S. Nothing could be further from the truth. In fact the real truth is that the UK is a sanctuary for digital crimes and Blighty is unwilling to extradite these digital crims to the U.S. as history has demonstrated.
It has been known for years that some so called "white hats" who fight digital crime during their day job may be found wearing a "black hat" when not at work to create malware. IMNHO this is akin to a "bad cop" who violates the law. Any rogue "white hat" that violates law should receive double the normal punishment for tarnishing their trade/industry rep while committing a crime or multiple crimes. If Hutchins is guilty of the alleged crimes, he'd get a slap on the wrist at the most in Blighty instead of 20+ years in prison and massive fines and mandated repayment to those who's funds were stolen.