Researcher Who Stopped WannaCry Arrested in US After Def Con...

Hutchins has been released on bail.

"...Hutchins' lawyer has confirmed that he will be pleading not guilty to all charges, with the alleged offences taking place between July 2014 and July 2015..."

http://www.gizmodo.co.uk/2017/08/wannacry-hero-marcus-hutchins-has-been-released-on-bail/

 

Hutchins' arraignment postponed from today until Monday 8/14 at 10:00 AM.

It is then he will enter his formal plea of not-guilty.

http://www.reuters.com/article/us-usa-cyber-arrest-idUSKBN1AO1UZ

 

"...Despite the fact federal authorities distributed a redacted version of the indictment to news media last week, Hutchins' case remained under seal and inaccessible on the federal court system's online site until Tuesday..."

http://www.jsonline.com/story/news/...inst-british-cyber-security-expert/548771001/

 

"The WannaCry kill switch wasn't inserted to make someone a hero..."

https://www.virusbulletin.com/blog/2017/08/wannacry-kill-switch-wasnt-inserted-make-someone-hero/

 

Yes and its interesting the author makes the point that what Hutchins did was to use a known technique called sinkholing, to learn more about the malware, yet the media and the industry branded Hutchins intervention, a lucky accident.
Everything they say, has a reason and a purpose. The industry knows full well what Hutchins did was no accident he used an established known technique, but if the world knew that they might start asking awkward questions about THIER strange lack of action.

 

I'm probably missing the point because the "news" media seems to change its stories every five minutes. lol.

Too speculative for me, to be honest witcha--unless we can get a glimpse of those sealed documents (yes, right). Can you provide a more detailed explanation about why you feel WCry was a marketing tool and not an experimental test run? Recall NoPetya that followed; somehow, "marketing tool" doesn't fit there in my eyes.

Whether or not his arrest was prompted by a revenge narc is kind of immaterial, right? But crowd funding made his bail, he's out now.

 

Well you can either believe the official story that the entire tech industry, multi billion dollar corporations that were all over the media congratulating themselves on how they "watched" the ransomware infecting hundreds of thousands of computers by the hour across the world but only this one guy from England actually examined and tested it, saw it connecting to the internet and decided to check on what it was attempting to do.
Or you can say, that's bs.
Kinda like when Bruce Schneier said,

He was talking about the time Sony infected half a million computers in 165 countries with a rootkit and trojan it planted in it's music CDs.
He also said,

 

Thanks for your insight, it was interesting to read. So things are not looking good.

 

It might turn out like Kevin M. some jail time then probation and not being able to near a computer. Then start his own security business and write a book on social engineering.

 

If the mystery co-defendant is a known contributor on the dark side he knows too much, knows too many and too many may know him. Using a coded online identity is not enough to live a totally obscure life. With both law enforcement and his past associates, cohorts and customers interested in his whereabouts, he might be currently studying a survivalist's handbook in the Wisconsin Ranges.

Could he be the bigger fish that the FBI is interested in. Coconspirator applies more than just having contact though.

 

"WannaCry hero Marcus Hutchins 'prevented from working by US bail terms'...

...Marcus Hutchins, 23, of Ilfracombe, Devon, was banned from using the internet among the numerous conditions set for his release after he was charged with creating and selling a malware that harvests bank details...

Naomi Colvin, from civil liberties group Courage Foundation, said one move discussed was crowdfunding for his living costs as well as his legal fees, to allow him to fight the charges in Milwaukee, Wisconsin."

http://www.telegraph.co.uk/news/201...cus-hutchins-prevented-working-us-bail-terms/

 

Appears this is concerning working for his existing employer which would require and provide him with Internet access. I have never heard of bail terms preventing anyone from being gainfully employed. Also he would need a work permit to also be employed and getting one in his current status could be the problem.

 

Of course, yes, anything that benefits a large corporation is good, justified and excusable. Now everybody let's all say that together in unison.
An-y-thing-that-ben-e-fits....

The point is, an individual does it, he's a criminal, hang him out to dry, make him suffer in prison, deprive him of ten years of his life.
A corporation does it and the activity has the word "business" associated with it, then its good, then its moraly justified. Then its not malware its a product. Then its not a backdoor its a feature. Then its not a virus its a marketing tool. Then its not spying its telemetry.
That is what is so wrong and as long as everyone keeps buying into this BS and defending it, its only going to get worse.

 

"Marcus Hutchins: cybersecurity experts rally around arrested WannaCry 'hero'...

The cybersecurity community, however, has rallied behind Hutchins, with many experts expressing disbelief that he would have knowingly been involved in a criminal conspiracy. The case is also driving a wedge between governments and the independent cybersecurity experts they often rely on, with one pledging that he will no longer collaborate with law enforcement....

As with most software, Kronos incorporated portions of code from other available tools including banking trojan Zeus, malware package that attempts to steal confidential information such as bank details from the compromised computer, and botnet creation kit Carberp. Some of the components of Kronos may have been originally developed for non-malicious purposes. This makes it hard to determine which parts of the malware, if any, Hutchins could be responsible for, despite the government’s allegations that he was its sole creator.

Even if Hutchins did create or adapt the Kronos malware, prosecutors have to show he sold malware with the intent to further someone else’s crime. Otherwise they run the risk of criminalizing the act of writing some kinds of software...

'If that’s the case half the industry is screwed,' said Tor Ekeland, a computer crime and technology lawyer who has extensive experience with the Computer Fraud and Abuse Act, the law under which Hutchins was detained..."

https://www.theguardian.com/technol...d-wannacry-kronos-cybersecurity-experts-react

 

Does make you wonder if what is going on here is a "precedent setting" prosecution against forensic penetration software development since many of those tools are currently being abused by malware developers.

 

They turn the law on its head whenever they feel like it so I wouldn't be surprised if its purpose is to set a precedent.
I hope the judge remembers its supposed to not be a crime to own a weapon, only a crime if you use it to attack someone.
I'm also wondering how he came to be at defcon in the first place, did he go there off his own back or was he "invited" they said it was a sting operation, sometimes they blur the line between that and entrapment.

 

There is in the law the concept of "Illegal Contraband."

 

I think creating computer programs should be considered freedom of expression under the first amendment, then criminal law should only apply to those who use a compiled program as a tool for criminal purposes.

 

"...For nearly 20 years in cases pioneered by EFF, the courts have recognized that writing computer code is protected by the First Amendment..."

http://time.com/4248928/code-is-free-speech/

 

"WannaCry Malware Hero Likely Considering Plea Deal On Hacking Charge...

Several factors surrounding Hutchins’s case indicate that prosecutors are likely offering or negotiating a plea deal, and that the U.S. is interested in using him to catch the real mastermind behind Kronos, according Boston University legal professor Ahmed Ghappour, a former defense lawyer and scholar of U.S. hacking laws.

'Hutchins is not the lead defendant. That’s pretty clear from the indictment,' Ghappour told BuzzFeed news. 'Typically, a prosecutor will try to flip a lower name defendant, provide them with an opportunity to plead to a less serious crime, and/or provide a recommendation for a lower sentence in exchange for info helpful to the government.'...

In Hutchins's initial court appearance Aug. 4, prosecutor Daniel Cowhig made it clear that the US is interested in capturing his alleged partner, saying that the other defendant 'is still at large.'...

'Given the public outcry, given Hutchins’s knowledge, given that the other suspect’s likely at large, the government’s likely giving him a golden opportunity here,' he said..."

https://www.buzzfeed.com/kevincolli...g-plea-deal-on?utm_term=.pqmJgYZJk#.lsLZEaAZ6

 

I don't see how a foreign citizen can be charged in the united states for actions he did in his own country.

 

Marcus Hutchins Pleads Not Guilty to Creating Banking Malware

"...Dressed in a blue button down shirt, dark pants and dark shoes, he declared in a packed courtroom in Milwaukee that he was "not guilty" of six charges related to the alleged creation and distribution of malware..."

https://motherboard.vice.com/en_us/article/evvn8k/malwaretech-marcus-hutchins-not-guilty-plea

 

The Kronos malware affected banks worldwide including those in the U.S..

As log as Hutchins remained in the U.K., the only way to prosecute him would be to extradite him to the U.S. which the U.K would have to agree to. Such is not the case when he is on U.S. soil.

 

Well, if creating malware is a crime in the US, surely you have to do it in the US for it to be under US jurisdiction?
I'm sure we all do things in own own countries all the time that are against the law in other countries but we wouldn't expect to be arrested years later for it when we visit one of those countries.

 

This case charges Hutchins with conspiring with the yet-to-be-named co-defendant to do far more than the act of creating the malware. In a conspiracy case, provided the prosecution can prove the elements of a conspiracy, the act of any one co-conspirator is also the act of all the other co-conspirators.

Prosecutors love conspiracy cases because they cast a wide net. One simple intentional, overt act in furtherance of the conspiracy is all that it takes.