Researcher Who Stopped WannaCry Arrested in US After Def Con...

Here's a tell Re:The Government's true aim in arresting Hutchins (help in nailing the co-defendant) and that Hutchins is cooperating:

"...Hutchins was originally denied access to a computer and the internet but his defense asked for the restriction to be lifted. The government agreed to the request, calling the case against Hutchins a historical one and acknowledging his work requires such access.

Hutchins will be able to use his computer and the internet, and his access will not be limited to work. The only restriction placed on his internet use is he will not be able to access the sinkhole he created to stop the spread of WannaCry..."

http://www.ibtimes.com/usa-v-hutchins-security-researcher-pleads-not-guilty-hacking-charges-2578270

 

Ahhh haha good catch hawki!
The plot thickens, we all never thought to discuss what the wannacry might have been trying to send to the unregistered domain, Hutchins discovered and registered!!
I bet that's what this is really all about, Hutchins owns their domain!!
I sure hope he was smart enough to lawyer up when they tried to make him give them access to it.

 

"Fundraiser For Marcus Hutchins Shuttered After Being Swamped With Fake Credit Card Numbers

Tor Ekeland, who hosted an online fundraiser to pay the legal bills of Marcus Hutchins, says hackers flooded the site with fake credit card numbers..."

https://www.buzzfeed.com/kevincolli...dit-card-fraud?utm_term=.esBroLK3V#.dxVodNa5Q

 

Actually, this might be what the FBI is really after. The data he captured.

 

"Payback is a bitch" isn't it.

 

https://www.forbes.com/sites/thomas...-of-choice-fighting-the-wannacry-heros-corner

 

https://arstechnica.com/information-technology/2017/08/code-chunk-in-kronos-malware-used-long-before-malwaretech-published-it/

 

Interesting stuff, so according to Malwarebytes, it's possible that the developer of Kronos took some ideas from Hutchins, but his code was much more mature, so it's likely that it's not developed by Hutchins.

https://blog.malwarebytes.com/cybercrime/2017/08/inside-kronos-malware/

 

"Researcher finds Marcus Hutchins' code that was used in malware...

In another tweet, Hasherezade said it looked like the creators of Kronos had simply stolen this code....

https://www.itwire.com/security/795...s-hutchins-code-that-was-used-in-malware.html

 

Here's the gist of the FBI's case against Hutchins in my opinion as referenced in the below Eset blog posting. Pentesters have been known to go to the Dark Web for malware. Unlike law enforcement and related gov. cyber agencies which have immunity from such activity, pentesters do not. As noted below, just a purchase of malware regardless of intended use is per se criminal activity.

https://www.welivesecurity.com/2017/08/18/cybercrime-arrests-darkmarket/

 

Some pigs are more equal than other pigs.

 

On that site I've also read that some believe that Hutchins was involved with the WannaCry attack.

 

"GCHQ was aware of FBI sting to arrest WannaCry 'hero' Marcus Hutchins

UK spies allowed Hutchins to fly 'to avoid extradition battle'...

'Officials at the intelligence agency knew that Marcus Hutchins, from Devon, who was hailed as a hero for helping the NHS, would be walking into a trap when he flew to the US in July for a cyber-conference,'..."

https://www.theinquirer.net/inquire...sting-to-arrest-wannacry-hero-marcus-hutchins

 

I don't think that theory is credible.

 

https://cybersecpolitics.blogspot.ro/2017/08/the-killswitch-story-feels-like-bullshit.html

 

That could be true but I don't see why anyone would consider it MORE likely to be the case.
Hutchins is a malware researcher that's what he does. So he tested a sample of wannacry and saw it attempt to make an internet connection.
If you were doing the same would you not be interested to find out more about that?
I know I would.
The next thing you would learn is that internet domain does not exist.
So what would you do?
A layman might say oh well and forget about it
Someone involved in malware research and is familiar with sinkholing might say let's register that domain so we can see what the malware sends to it.
The trouble is most people think like the layman because they ARE the layman and find it difficult to accept Hutchins could have thought of doing something they wouldn't have.
The other side to this is of course, the entire malware industry did not do what Hutchins did.
They don't want people asking WHY didn't they do that?
So just like in a witch hunt while the witch finder general brands the work of the innocent, heresy...
Those with something to hide start baying for his blood.

 

https://www.theregister.co.uk/2017/08/24/evidence_against_brit_security_whiz_hutchins/

 

https://krebsonsecurity.com/2017/09/who-is-marcus-hutchins/

 

Another example of "sometimes you're your own worst enemy." Also shows the guy really isn't that "smart." If he was, he would have definitely kept a "low profile" out of the public limelight. Problem is that the "ego" thing is probably more important to hackers than the monetary incentive:

 

He's 23 years old. Who can honestly say they wern't thier own worst enemy at 23?
Most Americans are still considered to be kids at that age, still living at home and being babied by mommy and daddy. Yet no one wants to give this guy a break.

 

I think there are a lot of people who believed he was totally innocent - caught up in a big net, as they say. On reading Krebs it appears that he is not so innocent after all. Being 23 years old is irrelevant. I do not believe that he should go to prison for 45 years as that is totally ludicrous. Community service and a fine is more appropriate and I hope he does not lose his job either.

We like to make an example of people who do stupid stuff (at any age) and that is OK as long as it actually achieves something. He chose to be a parasite. That has to be acknowledged. He has to acknowledge it.

If he decided on his own to change his attitude he deserves leniency. He has to pay in some way and maybe that can be as a white hat hacker and security analyst. Hopefully the Judge will see it as the best use of his talents. Prison is not always the best way.

 

I partly agree with you but I don't think its fair to brand someone a parasite because they got caught up in what would to a teenager appear to be the exciting world of computer hacking, he then changed his ways when he matured a little.
Did you know a very similar thing happened to Bill Gates? He started his career as a hacker and was found guilty of hacking into web server back in the day. He got a slap on the wrist punishment for it, banned from using computers for a year.
This guy today is clearly being victimised and the British Government should intervene on his behalf, but if they are still the spineless bunch of w*****s I always knew them to be, they probably won't.

 

Odd that you chose Gates as an example. He never changed his attitude even after being busted. Check out his testimony at the Microsoft antitrust hearings. He was lying, obstructive and arrogant. His philanthropy of late is a finger to the estate tax. I wish you had have chosen a more deserving individual. I get your point though - he hacked into a system but did no harm to others, so a slap on the wrist was appropriate.

I do not think we should conflate kids doing stupid pranks with serious hacking. Coding malware to defraud or deny access to public services (e.g. like a hospital) is usually undertaken by a person with a psychopathic personality whose behavior is antisocial, often criminal, and who lacks a sense of moral responsibility or social conscience. The majority of young people enjoy what computers have to offer through gaming, not hacking.

 

Y

Yes you're right, Bill Gates was not the ideal example but if this Marcus Hutchins had not dabbled in the malware world to begin with, there's a good chance he would not have become the malware tech he bacame later that saved a lot of people from having their data held to ransom.
We live in a very bipolar world right now and the ptb seem to do their worst to encourage that. Everything is one extreme or the other its black or its white, your either a neocon or a liberal your a blackhat or a whitehat. Its very unhealthy and self destructive but that's how so many people think. So this Marcus Hutchins is to them, not a "good guy" because he used to be a hacker so therefore he must be bad through and through, throw away the key.

 

Yes, we're talking jellyfish spineless ... and then some!