Hacker Who Stopped WannaCry Charged With Writing Banking Malware

Topic

New Reply

From https://www.wired.com/story/wannacry-malwaretech-arrest/:

“Just three short months ago, security researcher Marcus Hutchins entered the pantheon of hacker heroes for stopping the WannaCry ransomware attack that ripped through the internet and paralyzed hundreds of thousands of computers. Now he’s been arrested and charged with involvement in another mass hacking scheme—this time on the wrong side.”

4 users thanked author for this post.

Elly, ch100, woody, Fred

Reply | Quote

Replies

FBI arrests WannaCry’s ‘accidental hero’ in connection with Kronos banking trojan
#PlotTwist. FBI says it has been investigating case for two years.

by Graham Cluley | August 4, 2017

 
Of course, it’s right to presume that Hutchins is innocent unless later proven guilty. There is lots of speculation taking place online, and some amateur sleuths are hunting for “evidence” to support their suspicions one way or another.

Regardless of whether you are guilty or innocent, being held by law enforcement in a foreign country must be a chilling experience for any young man and his family.

What I can say is that if Hutchins is innocent, there will undoubtedly be many questions asked as to how the FBI could have got things so wrong, and the risk that damage will be done to the relationship between the computer security community and law enforcement.

If, on the other hand, Hutchins is found to be guilty…

Well… it’ll be one of the largest falls from hero to zero that the cybersecurity industry has ever seen. And we’ll all question what on earth he was thinking when he got on that plane to the United States.

 
Read the full blogpost here

3 users thanked author for this post.

Elly, Fred, ch100

Reply | Quote

Kevin Beaumont/@GossiTheDog has blogged “Regarding Marcus Hutchins aka MalwareTech”, detailing the background, and reaction among the cybersecurity community.

On a personal note, I am withdrawing from dealing with the NCSC and sharing all threat intelligence data and new techniques until this situation is resolved. This includes through Cyber Security Information Sharing Partnership. Many of us in the cyber security community openly and privately share information about new methods of attacks to ensure the security for all, and I do not wish to place myself in danger.

He notes that crowdfunding of @MalwareTech’s legal fees has begun. You can read the full blogpost here

2 users thanked author for this post.

Elly, Fred

Reply | Quote

If the 2015 allegation against Marcus Hutchins is true, that means he likes to research into all kinds of malware, eg WannaCry, Kronos, etc, and may later sell or deploy the malware himself after some modifications/improvements or sell his “security services” against those same malware to affected companies.

So, he might have accidentally stopped WannaCry with the kill-switch while he was researching into the WannaCry ransomware, ie he had no intention of helping affected corporations like the NHS.

Edited for content

Reply | Quote

anonymous wrote:

If the 2015 allegation against Marcus Hutchins is true, that means he likes to research into all kinds of malware, eg WannaCry, Kronos, etc, and may later sell or deploy the malware himself after some modifications/improvements or sell his “security services” against those same malware to affected companies. So, he might have accidentally stopped WannaCry with the kill-switch while he was researching into the WannaCry ransomware, ie he had no intention of helping affected corporations like the NHS. Edited for content

 

Wow, this answer looks and smells like politics, if there aren’t any people caring for the good and better :'(

* _ ... _ *

Reply | Quote

@ … fred,

From Merriam-Webster online, …

pol·i·tics
ˈpäləˌtiks/
noun
noun: politics

the activities associated with the governance of a country or other area, especially the debate or conflict among individuals or parties having or hoping to achieve power.
“the president’s relationship with Congress is vital to American politics”
synonyms: government, affairs of state, public affairs; diplomacy
“a career in politics”

the activities of governments concerning the political relations between countries.
plural noun: politics
“in the conduct of global politics, economic status must be backed by military capacity”

the academic study of government and the state.
“a politics lecturer”
synonyms: political science, civics, statecraft
“she studies politics”

The Kronos banking Trojan malware is more about commercial crimes and not about politics, unless the alleged criminal hacker, Marcus Hutchins, was secretly working for MI5 or the CIA/KGB.

Reply | Quote

I still do not know why the UK did not arrest him in July (specifically 7/11/2107) if they believed that he was the coder behind the Kronos cyber attack. He is a UK citizen and he was still in the UK at that time. If there was credible evidence that linked him to the Banking Trojan, they should have arrested him at that time. I can only assume that the UK found the evidence at that time inconclusive and chose not to act.

When he applied to visit the USA to speak at the Hacker Conference in Las Vegas, the UK would have been aware of the indictment in WI (USA), but he was not denied an ESTA and was granted the Visa waiver. Why did the UK not intervene at that time?

So why has the UK taken a back seat and given the lead to the US? Maybe they wanted to get into what is going on at Kryptos Logic, which is a US company that Hutchins worked for. The UK would not be able to do that and would have had to rely on the US to probe it legally. This company has US business contracts as well as US government contracts so you can understand the heightened concern.

Since July 11, it is interesting that Kryptos Logic has not been raided by the FBI (that we know of). Also there are no reports that the FBI have seized any of their servers or conducted a forensic analysis of Hutchin’s work. Interestingly there have been no reports that his workstation (or what ever he uses in his mom’s basement) has been seized for forensic analysis.

The mystery co-defendant in the indictment (WI, USA) is key to this story. He has spilled the beans and has obviously received some immunity from prosecution for doing so. The government has given the impression that Hutchins is playing both sides (according to the deposition the mystery guy gave). He could be lying, but the FBI seems content with his testimony. Hutchins has worked the dark web so he knows stuff. The FBI maybe playing him to extract what he knows. Does he know the true identities of the Shadow Brokers? The UK would like to nail these scumbags so maybe that is why they are cooperating with the FBI.

Reply | Quote

I hope Marcus did nothing wrong and it could be a Government ruse, but we don’t know…

—-

So if he and Unknown Alleged Conspirator can get accused and indicted for something like writing and distributing malware; Why couldn’t Microsoft (corporations are people now?) be charged with doing something similar with their GWX campaign as it affected businesses?

Is this question nonsense, is it about Microsoft’s intent when they launched GWX?

Reply | Quote

I am with you. I am hoping Marcus is just being played by the FBI and that he is innocent of the charges. Charges can get dropped or lessened if the accused co-operates with law enforcement. According to his lawyer he is co-operating. This could be just an FBI fishing exercise.

His problem is that his name has come up on the dark web as a contributor so he is going to not only have to explain his involvement but also offer proof that it was for research purposes.

*Coding malware and distributing it for sale or for free is not a crime. You have committed a crime if you knew beforehand the buyer’s intent, i.e. to do harm.

Is GWX malware? It was forced and trickery was used to get it on many consumer’s computers, so it behaved much like malware behaves. Coding malware, etc. (* see above). MS can claim they did it for the good (though an over-reach), but also provided a means to revert back/remove it.

Reply | Quote

The Wired has a follow-up article “Protect the White Hat Hackers“…

And to the anonym poster above re. “… is GWX malware”?

In my book, yes.

Intrusive, not invited at all, secretive, sneaky, dishonest…

I still need somewhere to send my bill for +20 wasted hours of work. First to get rid of that darn thing and then restoring files to get my Win 7 install back to its smooth running state again…

But of course my time has no value to Microsoft.

2 users thanked author for this post.

Elly, Cybertooth

Reply | Quote

Kronos Malware ‘Dealer’ On WannaCry Killer Charges: What Charges?
Thomas Fox-Brewster | Aug 6, 2017

 
A good background on the issue, which includes inter alia:

Tor Ekeland, a lawyer specializing in Computer Fraud and Abuse Act (CFAA) cases, described the charges as “a disaster”, claiming the government is trying to punish Hutchins for “non-alleged harms that other people may have committed with Kronos.” Hutchins is looking at two CFAA charges, one count of wiretapping and another three regarding the sale and advertisement of wiretapping devices.

“It’s like saying the gun manufacturer is now liable for the bank robbery or murder committed by a gun,” added Ekeland. “Who got killed with malware? No one, but it’s completely legal for someone to buy a gun and shoot their spouse or their kid or robs a bank.”

 
The full article can be read here

2 users thanked author for this post.

Elly, Fred

Reply | Quote

NHS cyber-defender Marcus Hutchins pleads not guilty in US | 14 August 2017

A British cyber-security researcher has pleaded “not guilty” to charges of creating and selling malware that snooped on victims’ banking logins.

 
Researcher Who Stopped WannaCry Pleads Not Guilty to Creating Banking Malware | August 15, 2017

“He is going to vigorously defend himself against these charges and when the evidence comes to light we are confident he will be fully vindicated.”

1 user thanked author for this post.

Fred

Reply | Quote

thanks @Kirsty for the ‘filtering’ and passing this news through

* _ ... _ *

1 user thanked author for this post.

Kirsty

Reply | Quote