Jump to content

FBI Arrests Researcher Who Found 'Kill-Switch' to Stop Wannacry Ransomware


tao

Recommended Posts



 

 

< Here >

 

[Extra: Indictment document is < here >.]

Link to comment
Share on other sites


  • Replies 43
  • Views 4.4k
  • Created
  • Last Reply

Just one issue to be added-clarified:

"ransomware" has been developed by NSA, so, apart from being embarrassed (for not finishing the job properly), they will force the guy to slave for them... :pope:

Link to comment
Share on other sites


knowledge-Spammer

  seems a good deal lol  joke

 

i think its not best people post this guys name as he helped stoped  hackers  now he will have problems for longtime  not smart

 

Link to comment
Share on other sites


knowledge-Spammer
On 8/3/2017 at 2:56 PM, 0bin said:

He will be relased soon, I don't think US want destroy relationship with UK so easy...

http://www.telegraph.co.uk/news/2017/05/14/revealed-22-year-old-expert-saved-world-ransomware-virus-lives/

IT expert who saved the world from ransomware virus is working with GCHQ to prevent repeat

is no way to prevent repeat

Link to comment
Share on other sites


knowledge-Spammer
On 8/3/2017 at 3:00 PM, 0bin said:

 

is working with gchq

 it not mean he can stop things  100%

ransomware  will just get updated like all ransomware  do its cat and mouse game

Link to comment
Share on other sites


Doesn't make any difference who he is working with.  He will be punished and after he serves any time he might get then the GCHQ is more than welcome to hire him.  We have a saying that goes, "No good deed goes unpunished."  We also say "One Aw-Shit wipes out ten Atta-Boys."  Hackers are really stupid if they leave their home countries, many of which have no extradition treaty with the US, and allow themselves to get nabbed by the authorities.  There may have been more undercover federal agents in Las Vegas this year than there were hackers, some I knew and others I could look at and knew what they really were.  About 10 years ago I was told to meet an FBI agent on a college campus, in the area called the quad, where literally hundreds of students hung out.  Though he was young and dressed just like them he was easy to pick out of the crowd and I walked right up to him and introduced myself.  Call it a sixth sense.

Link to comment
Share on other sites


6 minutes ago, straycat19 said:

Doesn't make any difference who he is working with.  He will be punished and after he serves any time he might get then the GCHQ is more than welcome to hire him.  We have a saying that goes, "No good deed goes unpunished."  We also say "One Aw-Shit wipes out ten Atta-Boys."  Hackers are really stupid if they leave their home countries, many of which have no extradition treaty with the US, and allow themselves to get nabbed by the authorities.  There may have been more undercover federal agents in Las Vegas this year than there were hackers, some I knew and others I could look at and knew what they really were.  About 10 years ago I was told to meet an FBI agent on a college campus, in the area called the quad, where literally hundreds of students hung out.  Though he was young and dressed just like them he was easy to pick out of the crowd and I walked right up to him and introduced myself.  Call it a sixth sense.

 

your sayings remind me of something, that they never take out their trained dogs. the reason why saddam hussein and bin laden are alive, safe and sound. your sixth sense didn't tell you that? ;) 

Link to comment
Share on other sites


knowledge-Spammer
On 8/3/2017 at 3:48 PM, 0bin said:

Anyway if they want him fall for them is easy to keep him there for many years, also without proofs, they can made them.

I think no one will want to go to defcon in us anymore...

 

https://www.computing.co.uk/ctg/news/3015091/marcus-hutchins-the-security-researcher-who-stopped-wannacry-arrested-and-charged-with-creating-and-selling-the-kronos-banking-trojan

We're sorry

 

The page you have requested may be outdated or is not available on our website!

You can try going back to the previous page, use the search option above or start again from the homepage

Link to comment
Share on other sites


12 hours ago, Atasas said:

"ransomware" has been developed by NSA,

so,

apart from being embarrassed (for not finishing the job properly),

they will force the guy to slave for them... 

Point taken. ;)

Link to comment
Share on other sites


Quote

 

U.S. judge sets $30,000 bail for UK hacker who stopped 'WannaCry'

 

LAS VEGAS (Reuters) - A U.S. judge in Las Vegas set a $30,000 bail on Friday for a well-known British cyber security researcher accused of advertising and selling malicious code used to pilfer banking and credit card information.

Marcus Hutchins, 23, gained celebrity status within the hacker community in May when he was credited with neutralizing the global "WannaCry" ransomware attack.

His attorney, Adrian Lobo, told reporters Hutchins would not be released on Friday because the clerk's office for the court closed 30 minutes after his hearing concluded, leaving his defense team not enough time to post the bail.

Lobo told a local NBC affiliate that Hutchins would be released on Monday and that she expected him to be on a flight on Tuesday to Wisconsin, where a six-count indictment against him was filed in U.S. District Court. He was receiving support from a "variety of sources" around the world to post his bail, she said.

Judge Nancy Koppe dismissed a federal prosecutor's claim that Hutchins was a flight risk, though she did order him to surrender his passport. If released, Hutchins would be barred from computer use or internet access.

Hutchins, also known online as MalwareTech, was indicted along with an unnamed co-defendant on July 12. The case remained under seal until Thursday, a day after his arrest in Las Vegas, where he and tens of thousands of others flocked for the annual Black Hat and Def Con security conventions.

Hutchins allegedly advertised, distributed and profited from malware code known as "Kronos" between July 2014 and 2015, according to the indictment. If downloaded from email attachments, Kronos left victims' systems vulnerable to theft of banking and credit card credentials, which could have been used to siphon money from bank accounts.

He achieved overnight fame in May when he was credited with detecting a "kill switch" that effectively disabled the WannaCry worm, which infected hundreds of thousands of computers in May and caused disruptions at car factories, hospitals, shops and schools in more than 150 countries.

Hutchins was "doing well, considering what's gone on," Lobo, told reporters. She said Hutchins never expected to be in his current situation and that she did not know the identity of his co-defendant.

News of Hutchins' arrest on Wednesday shocked other researchers, many of whom rallied to his defense and said they did not believe he had ever engaged in cyber crime.

 

http://www.reuters.com/article/us-usa-cyber-arrest-hutchins-idUSKBN1AK2JW

 

Link to comment
Share on other sites


2 hours ago, knowledge said:

 

 

that's like an example for the rest of the people. they tell people: look what we do to good guys, we will do the same to y'all if you try to mess with us again. 

Link to comment
Share on other sites


Most likely the anonymous co-defendant snitched on him and  the police are protecting there identity.  A DA want file six indictments against someone unless they think they can win the case as in having loads of evidence . I had friends too do this too each other before.. one of them turned states evidence they walked with community service and the rest went too prison . Maybe if he's lucky his lawyer  can help him out. These were not indictments brought on by the federal courts.  these  indictments were served from the district court of the sate of Wisconsin and ICE napped him in Las Vegas .

Link to comment
Share on other sites


knowledge-Spammer

look what happen to Aaron Swartz

usa wanted to lock him up for downloading books

shame he  died as he cant take  what was happenin to him

Link to comment
Share on other sites


4 minutes ago, knowledge said:

look what happen to Aaron Swartz...

And he declined a plea bargain under which he would have served six months in federal prison.

Link to comment
Share on other sites


1 hour ago, knowledge said:

look what happen to Aaron Swartz

usa wanted to lock him up for downloading books

shame he  died as he cant take  what was happenin to him

It happens a lot  .. I didn't  know Aaron Swartz but I did know someone who killed themselves because  they didn't want go too prison or in Aaron Swartz's case for downloading books he most likely would just got fined  no one never goes too jail for just downloading in the USA only people who runs warez sites or uploads warez for a profit do.  He was unstable .  Id rather go too jail  than kill myself and Aaron Swartz was charged with more  than just downloading books.
 

Quote

 

In United States of America v. Aaron Swartz, Aaron Swartz, an American computer programmer, writer, political organizer and Internet activist, was prosecuted for many violations of the Computer Fraud and Abuse Act of 1986 (CFAA), after downloading a great many academic journal articles through the MIT computer network from a source (JSTOR) for which he had an account as a Harvard research fellow. Facing trial and the possibility of imprisonment, Swartz committed suicide, and the case was consequently dismissed.

 

https://en.wikipedia.org/wiki/United_States_v._Swartz
Quote

Criminal offenses under the Computer Fraud and Abuse Act of 1986

(a) Whoever—

    (1) having knowingly accessed a computer without authorization or exceeding authorized access, and by means of such conduct having obtained information that has been determined by the United States Government pursuant to an Executive order or statute to require protection against unauthorized disclosure for reasons of national defense or foreign relations, or any restricted data, as defined in paragraph y. of section 11 of the Atomic Energy Act of 1954, with reason to believe that such information so obtained could be used to the injury of the United States, or to the advantage of any foreign nation willfully communicates, delivers, transmits, or causes to be communicated, delivered, or transmitted, or attempts to communicate, deliver, transmit or cause to be communicated, delivered, or transmitted the same to any person not entitled to receive it, or willfully retains the same and fails to deliver it to the officer or employee of the United States entitled to receive it;
    (2) intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains—

        (A) information contained in a financial record of a financial institution, or of a card issuer as defined in section 1602 (n) [1] of title 15, or contained in a file of a consumer reporting agency on a consumer, as such terms are defined in the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.);
        (B) information from any department or agency of the United States; or
        (C) information from any protected computer;

    (3) intentionally, without authorization to access any nonpublic computer of a department or agency of the United States, accesses such a computer of that department or agency that is exclusively for the use of the Government of the United States or, in the case of a computer not exclusively for such use, is used by or for the Government of the United States and such conduct affects that use by or for the Government of the United States;

    (4) knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value, unless the object of the fraud and the thing obtained consists only of the use of the computer and the value of such use is not more than $5,000 in any 1-year period;

    (5)

        (A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
        (B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or
        (C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss.

    (6) knowingly and with intent to defraud traffics (as defined in section 1029) in any password or similar information through which a computer may be accessed without authorization, if—

        (A) such trafficking affects interstate or foreign commerce; or
        (B) such computer is used by or for the Government of the United States;

    (7) with intent to extort from any person any money or other thing of value, transmits in interstate or foreign commerce any communication containing any—

        (A) threat to cause damage to a protected computer;
        (B) threat to obtain information from a protected computer without authorization or in excess of authorization or to impair the confidentiality of information obtained from a protected computer without authorization or by exceeding authorized access; or
        (C) demand or request for money or other thing of value in relation to damage to a protected computer, where such damage was caused to facilitate the extortion

https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act

Sometimes in cases like these the police have no proof that will hold up in court  but know of certain crimes certain people commit and are just watching and waiting for them too screw up and will nab them on anything that will hold up in court. That's why it dont pay too be in the stoplight  and draw attention too yourself too the cops.  

 

People are in out of jail all the time because there just poor and victims of the system and some run and some end up dying from running are kill themselves due too depression of having too face jail time.   The scientific term is Carcerophobia

Quote

 

 

Carcerophobia (from Latin carcer meaning "prison, jail") is the fear of prison. Anybody can suffer this fear even though they done nothing illegal in their lives. Sufferers would usually have obsessive thoughts about what's the life is like in the prison. Many carcerophobes would feel worry about spending the rest of the life in the prison the most. Sufferers would do everything to stay out of trouble. They may be afraid for parents or other family member to call the police. If the sufferer did a little misbehaving thing or even did something bad accidentally, they may panic in terror, with symptoms like sweating, obsessive worries, rapid breathing, and sense of being trapped. Seeing the police officer or even seeing the police car from a distance may also cause them to panic.

 

http://phobia.wikia.com/wiki/Carcerophobia

Then i have some friends who like prison and have been in and out of jail every since we got out of school ..They cant make it on the outside world,  so when they get out they commit crimes to get locked back up .

Link to comment
Share on other sites


 

Quote

 

Black hat or white hat? Questions swirl around hero researcher's sudden arrest

 

The young security pro faces hacking and wiretapping charges



On Wednesday, a celebrated UK security researcher was stopped at the Las Vegas airport and taken into federal custody. According to law enforcement, Marcus Hutchins (better known as MalwareTech) was responsible for developing a major banking trojan — a serious allegation that could result in years of jail time. Hutchins most recently drew popular attention for his pivotal role in containing the WannaCry malware, a ransomware worm that locked up nearly 75,000 systems worldwide. Hutchins’ arrest came just days after he’d attended Defcon, the largest hacking conference in the world, where he had been riding high on his newfound reputation as a hero.

The allegations have stunned Hutchins’ friends and colleagues, but it’s still unclear how much evidence there is to support them. The indictment primarily focuses on a co-defendant whose name remains under seal, and the document throws very little light on Hutchins’ involvement. In the wake of the arrest, much of the security community has rallied to Hutchins’ defense, digging up circumstantial evidence surrounding the allegations. But the lack of information from the government combined with the unearthing of Hutchins’ less-than-savory activities as a teenager has thrown the community into a state of confusion.


White hat or black hat?

In the wake of the arrest, observers uncovered old IRC logs connected to Hutchins’ previous username. The logs paint the young Hutchins—who would have been about eighteen years old at the time—as a low-level black-hat hacker playing with bots and scripts. But although he implies pompously that he is involved with the market for malicious code, he never says explicitly that he sells any, nor are there any logs linking him to the banking trojan, Kronos.

The story of a young, immature black hat who turns legitimate over the years is hardly a new one. Kevin Mitnick, one of the earliest and most prominent targets of the Computer Fraud and Abuse Act, currently works as a security consultant. The idea that it’s natural for white hats to have started out as teenage black hats is prevalent in the community. The vague indictment and the unearthing of Hutchins’ past creates a kind of Rorschach blot for observers: in the absence of more facts, it’s just as easy to see Hutchins as a martyr as it is to see him as criminal.

In the days since his arrest, the 23-year-old Hutchins has been shuttled between a series of federal facilities in Las Vegas. On Friday, Hutchins’ bail was set at $30,000, with the condition that he surrender his passports, remain on house arrest, and not use the internet. Hutchins remained in jail over the weekend, although his bond is expected to be paid on Monday. Friends have already launched a crowd-funding campaign to raise money for his legal defense. Hutchins’ public defender noted in an earlier hearing that he had “cooperated with the government prior to being charged,” although it’s unclear exactly what that cooperation entailed.

Among Hutchins’ friends, the primary reaction has been disbelief. While Hutchins first drew popular attention for his pivotal role in containing the WannaCry malware, he had been a beloved figure in the security community for years, known for his curiosity and talent. Rendition Security’s Jake Williams worked with Hutchins during the same period of time named in the indictment, and says he finds it difficult to believe the young researcher could have been coordinating a criminal enterprise during those months.

“We traded malware samples and research,” Williams told The Verge. “He helped out with an educational program I was working with by providing some code. He wouldn't take any payment at the time, which is incongruous with the charges levied now.”

There’s little doubt that Kronos itself was malware. First spotted on Russian cybercrime forums in July 2014, the program was designed to harvest banking credentials — waiting until a target logged into a banking site and intercepting passwords in transit. Known as a banking trojan, that kind of malware has proven very popular among online criminals, and Kronos was far from the first or the largest. The program first emerged in the wake of the larger Zeus banking trojan, which authorities believe was as responsible for as much as $70 million in losses.

Kronos was widely cracked and re-distributed — and like most coding projects, it drew heavily on available code, making it difficult to tell exactly which elements Hutchins is believed to have developed. While broadly similar to Zeus, Kronos also drew on the leaked source code of a lesser-known program called Carberp, according to early Kaspersky research. It also included various desktop-sharing components that may have been originally developed for non-malicious use. If Hutchins was responsible for developing those systems, he may have coded together a malware component without knowing it.

“It's not clear which parts of Kronos he actually is accused of writing,” says Errata Security researcher Robert David Graham, who has worked on similar software components in the past. “Nobody builds an entire malware suite from scratch.”


The Indictment

Of course, this is all speculation, since the grand jury indictment is so thin on the details. The criminal complaint against Hutchins, which will present more detail on the charges, remains under seal. The only details the indictment provides are in Count 1, which alleges that Hutchins and his co-defendant engaged in a conspiracy to “knowingly cause the transmission” of code that would intentionally “cause damage without authorization” to over ten computers—a felony under the Computer Fraud and Abuse Act of 1986.

But that part of the indictment focuses mostly on overt acts by Hutchins’ co-defendant, whose name remains under seal. (“Overt acts” are facts necessary to support a conspiracy charge, and are meant to show the defendants’ participation in the conspiracy). Little is known at this time, but it may be an indication that the co-defendant is cooperating with the government, and has offered evidence of Hutchins’ involvement in the creation and sale of the Kronos malware.

The indictment alleges that on July 2014, the co-defendant used a video on a “publicly available website” to show how to use the “Kronos Banking trojan.” The following month, the co-defendant offered to sell the trojan on a internet forum for $3,000. In April 2015, the co-defendant advertised the malware on AlphaBay—the dark web marketplace that was recently seized by federal law enforcement. In June of that year, the co-defendant sold the Kronos malware for approximately $2,000 “in digital currency” and in July, also offered “crypting” services for Kronos—services that would help conceal the trojan on computer systems.

In that long list of overt acts, Hutchins is only accused of creating the Kronos software in 2014, and then updating the software later in 2015, after his unnamed co-defendant began to sell the malware.

As a result, some see Hutchins as collateral damage in a larger prosecution against a still-anonymous malware vendor. As Tor Ekeland, a defense attorney who frequently takes on Computer Fraud and Abuse Act cases, put it on Twitter, “[The Department of Justice] just arrested the guy who helped stop Wannacry because someone he allegedly worked with made $2,000 from the sale of malware.”

The prosecution is being brought in the eastern district of Wisconsin, a jurisdiction that is not particularly well-known for policing high-profile hacking cases—a possible indication that the mysterious co-defendant resides in Wisconsin. The mention of AlphaBay in the indictment also suggests that the co-defendant was swept up during the investigation into the marketplace that was made public last month. FBI agents took AlphaBay offline on July 4th, just seven days before the indictment against Hutchins and his co-defendant was filed under seal.

The co-defendant could have also been caught up in an investigation into the Zeus malware (the earlier variant of Kronos). In 2010, the FBI arrested 10 people in connection with Zeus, with dozens of other figures suspected of involvement. Posts on Hutchins’ blog show he was researching Zeus variants in late 2013, including variants compiled from the Carberp source code. The research was public and there seems to have been no effort to delete the posts after the fact.

Oddly, the list of overt acts in count 1 doesn’t specifically allege that Hutchins took a cut of the profits or sold the software directly, even though counts 2 and 4 in the indictment charge both Hutchins and his co-defendant with having advertised and sold a wiretapping device. (Although the Kronos software does log credentials, it’s not clear that from a legal standpoint, it counts as a “device.”)

    Anyone got a kronos sample?
    — MalwareTech (@MalwareTechBlog) July 13, 2014

In short, the indictment throws very little light on Hutchins’ involvement. Even if all of the specific allegations are taken as true, Hutchins could plausibly be a hapless creator whose code was sold with very little input from him— maybe even without any financial compensation. He could also, just as plausibly, be a sophisticated cybercriminal who profited off malware.


The Young Marcus Hutchins

In July 2014, around the time the indictment says his co-defendant began to sell the malware, Hutchins posted to Twitter asking if anyone had a sample of Kronos. Some say that since Hutchins was researching Kronos, it would make it unlikely that he had written it. But it’s just as possible that Hutchins read IBM’s initial report on the malware, wondered whether Kronos was the software he himself had written, and sought out a sample to test his hypothesis. Less likely—but still possible—is the hypothesis that he tweeted out a request for a Kronos sample to cover his tracks and give himself plausible deniability at the time.

Various people have also dug up old IRC logs, still available via the Internet Archive, connected to his previous username, TouchMe. The IRC logs depict Hutchins, who would have been about eighteen years old, as a low-level black-hat playing around with pieces of malicious code. But although he makes bragging references to the malware market, he never says in so many words that he actually sells bots.

    [16:14] <TouchMe> if your bot is good

    [16:14] <TouchMe> people will buy it

    [16:14] <TouchMe> you don't need a 20mb image with stupid f**king colors

Some in the security community have sought to minimize Hutchins’s early activities as mere youthful indiscretions. “MalwareTech had some fun when he was younger, we all did,” one security researcher wrote on Twitter. “Doesn't mean he actually wrote the Kronos bot.”

    The "TouchMe" on darkhook isn't me, please stop sending emails asking me about scriptkiddie stuff, thx.
    — MalwareTech (@MalwareTechBlog) November 8, 2013

While some are pointing to a tweet from 2013 to cast doubt on the reliability of the IRC logs and the identification of Hutchins as TouchMe, a person using the pseudonym of IPostYourInfo has claimed that they knew Hutchins through IRC. On Friday they published a blogpost containing fairly detailed and dense circumstantial evidence that links the TouchMe from those logs to Marcus Hutchins himself. But although IPostYourInfo links Hutchins to some unsavory behavior, they don’t allege that Hutchins wrote Kronos. And although they suspect that Hutchins peddled malware, they didn’t think at the time he actually wrote it himself.

“I would have expected him to be involved in selling betabot [a different piece of malware], not having the initiative and drive to code his own malware,” wrote IPostYourInfo.


A New Challenge to the CFAA

Even if Hutchins were directly involved in developing the code for Kronos, the legal case against him is far from airtight. Orin Kerr, a former federal prosecutor and a professor at George Washington University School of Law, thinks that prosecutors will face an uphill battle. Four of the six counts stem from an anti-wiretapping statute, the applicability of which, Kerr says, is questionable. And since Hutchins isn’t accused of using the tools himself, the charge on the basis of conspiracy to commit computer fraud and abuse is also shaky.

Despite those issues, prosecutors haven’t had trouble pinning similar charges on defendants faced with similar facts in the past. One recent example was the 2015 Blackshades case, which targeted a spyware-for-hire program. It’s common for malware developers to outsource actual hacking to smaller players, with new malware being marketed, analyzed and eventually pirated and reverse-engineered by the competition. As law enforcement takes on more cybercrime cases, the focus has shifted from botnets and distributors to the developers themselves, who often command a larger share of the profits. If these laws are, as Kerr theorizes, not suited to malware-developer prosecutions, it raises the question of how exactly prosecutors are expected to stem the tide of hacking in a time when the world has never been more dependent on interconnected, vulnerable computer systems.

Since most of these malware-developer cases have pled out instead of going to trial, the legal objections that Kerr has raised are untested. Few of those prosecutions have had to face a robust legal defense. Even with the security community in a confused uproar, Hutchins continues to be a very popular figure, and a legal fundraising effort is said to be under way. If Hutchins fights the charges, this could very well be the case that changes how malware development is prosecuted in the United States.

 

https://www.theverge.com/2017/8/5/16097946/marcus-hutchins-malware-tech-wannacry-arrest-cfaa-prosecution-charges

 

Link to comment
Share on other sites


22 minutes ago, 0bin said:

What is the white rabbit?

Refers to a waistcoat-wearing, pocket-watch-wielding white rabbit, hurrying along and muttering, "Oh dear! I shall be late!" in Lewis Carroll's Alice in Wonderland (1865), whom Alice follows down a rabbit hole into Wonderland.

Link to comment
Share on other sites


knowledge-Spammer
On 8/5/2017 at 3:53 PM, jbleck said:

this is what happens when u follow the white rabbit :P

if u follow the right white rabbit will take u to

 

 

Link to comment
Share on other sites


6 minutes ago, Atasas said:

Gowd it takes ever so little not to make derogatory inflammation and to have sensible conversation...

... and this happens in a friendly community;) 

 

So, either this is not true ;) or ours is not a friendly community:lol:

 

... and we -- collectively -- have the power to make it a friendly community in reality (not merely in words)!   :flowers:

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...