Slashdot Mirror

← Back to Stories (view on slashdot.org)

Should The FBI Have Arrested 'The Hacker Who Hacked No One'? (thedailybeast.com)

Posted by EditorDavid on from the blaming-the-programmer dept.

Last week The Daily Beast ran an article about the FBI's arrest of "the hacker who hacked no one." In December they'd arrested 26-year-old Taylor Huddleston, "the author of a remote administration tool, or RAT, called NanoCore that happens to be popular with hackers." It's been "linked to intrusions in at least 10 countries," reported Kevin Poulsen, but "as Huddleston sees it, he's a victim himself -- hackers have been pirating his program for years and using it to commit crimes."

The article quotes Huddleston's lawyer, as well as a Cornell law professor who warns of the "chilling effect" of its implications on programmers. But it also says security experts who examined the software are "inherently skeptical" of Huddleston's claim that the software was intended for legal use, since that's "a common claim amongst RAT authors." Security researcher Brian Krebs also sees "a more complex and nuanced picture" after "a closer look at the government's side of the story -- as well as public postings left behind by the accused and his alleged accomplices."

Click through for the rest of the story.
Mark Rumold, senior staff attorney at the EFF, tells Krebs "I don't read the government's complaint as making the case that selling some type of RAT is illegal, and if that were the case I think we would be very interested in this." Also skeptical is Allison Nixon, director of security research for New York City-based security firm Flashpoint. "Huddleston can claim the DRM is to prevent cybercrime, but realistically speaking the DRM is part of the payment system -- to prevent people from pirating the software or initiating a Paypal chargeback." Krebs writes:

Nixon, a researcher who has spent countless hours profiling hackers and activities on Hackforums, said selling the NanoCore RAT on Hackforums and simultaneously scolding people for using it to illegally spy on people "could at best be seen as the actions of the most naive software developer on the Earth. In the greater context of his role as the money man for Limitless Keylogger, it does raise questions about how sincere his anti-cybercrime stance really is."

And of course, the FBI's complaint also notes that the software was promoted on HackForums.net. The Daily Beast says Huddleston eventually realized "it was a terrible place to launch a legitimate remote administration tool. There aren't a lot of corporate procurement officers on HackForums," adding that at first Huddleston handed off the business, "while continuing to develop the code as an 'advisor' in exchange for 60 percent of every sale."

Slashdot reader Highdude702 believes Huddleston's arrest "is an outrage, and is a push too far, also in the wrong direction," calling it "the story of a script kiddie gone big time...arrested for being an accomplice to a crime committed by people he had never met, let alone knew well enough to commit crimes with."

What do Slashdot's readers think?

17 of 227 comments (clear)

  1. commonly used claim? by Anonymous Coward · · Score: 5, Insightful

    "I didn't murder someone" is a very commonly used claim among those who don't murder people. Would that "raise skepticism" and make one a target for a murder investigation? I don't think so. This is a chilling-effect arrest. They know this guy didn't hack someone, they're just trying to make the tool-makers lives harder because the tools can be used for no good.

    1. Re: commonly used claim? by geoskd · · Score: 2, Informative

      Do you arrest Glock cause someone was murdered with one of the pistols they made?

      Yes, if Glock ran commercial ads stating their products were most and solely useful for murder and no other uses, they would likely be arrested or at least charged with crimes.

      It would be difficult to make the claim that Glocks handgun products have any other purpose than injuring or killing people. Handguns are mostly worthless as a means of hunting either for food or sport. The simple fact is that handguns are made to kill. I think it is a perfect analogy to the tools this person made. Whether Glock advertises it that way or not, they are what they are.

      Given that, I have to agree with the original sentiment. The maker of a tool, no matter how evil the perceived usages of the tool are, should not be accountable for how and when the tools are used. Even the most evil of tools can be put to good uses too. For example, if and when the "Armageddon/Deep Impact" scenario actually comes around, we will be very hard put to save ourselves without nuclear weapons, and the development of those tools lead directly to the development of nuclear power production, and it is entirely possible that this will be the only thing that prevents us from cooking our planet to death by way of AGW

      --
      I wish I had a good sig, but all the good ones are copyrighted
    2. Re: commonly used claim? by Zak3056 · · Score: 3, Insightful

      Handguns are mostly worthless as a means of hunting either for food or sport. The simple fact is that handguns are made to kill.

      Some thoughts on the above:

      1. Apparently "hunting" is not "killing" in your lexicon?

      2. Some handguns (though none I can think of made by Glock) are indeed used for hunting. This is what cartridges like .500S&W and .454Casull are for. I have friends who take deer or boar with them.

      3. There are other shooting sports beside hunting. Glocks appear quite frequently in some of them.

      4. Some handguns are made specifically for the purpose of punching holes in paper or knocking over steel plates, rather than for killing things. While they're capable of the latter, it would be akin to using a screwdriver as a hammer.

      Just saying.

      --
      What part of "shall not be infringed" is so hard to understand?
    3. Re: commonly used claim? by blindseer · · Score: 2

      2. Some handguns (though none I can think of made by Glock) are indeed used for hunting. This is what cartridges like .500S&W and .454Casull are for. I have friends who take deer or boar with them.

      I thought I'd get into deer hunting after talking to some of my friends that hunt. Along with their exciting tales of deer hunting I heard horror stories of hunting during what we call "shotgun season". You see around here it is legal to hunt with a shotgun that fires "slugs", which is a shotgun shell loaded with a single projectile. In this case the "shotgun" is really just a rifle with a big slow bullet, or what I call a "slug gun". Anyway, since just about anyone can hit a deer with a $300 "slug gun" all the good hunting spots fill up real quick with inexperienced hunters on the few days when "slug gun" hunting is allowed. This can lead to a dangerous and unpleasant hunting experience. Fortunately there is a handgun and bow season that opens before the "slug gun" crazies come out.

      To avoid this I thought I'd get a handgun to hunt deer. So I go to a local gun shop and look at guns suitable for hunting deer. I ask the guy behind the counter what would be a good gun to use. During that conversation I ask about using a semi-automatic handgun. He replies that while it is legal he said, "you'd look funny shooting deer with a Glock" and then brought me to the display case with the revolvers.

      There is nothing "wrong" with hunting with a Glock, mechanically or legally speaking. They are light handguns which make them suitable for carrying often and shooting little, but being light can mean a loss in accuracy. When hunting one wants something durable and accurate. Things where a Glock shines over a revolver, such as ammunition capacity, mean little while hunting.

      I also have not seen anyone use a Glock for hunting but that does not mean that no one does. A Glock chambered in .45ACP or .40S&W would be quite suited for hunting. The quite powerful 10mm is rare in Glocks, as I understand, but it is something used for bears, either hunting or protection from them. The .357SIG and .45GAP are good too, but not many cartridges in those calibers are suited for hunting.

      The point is that handgun hunting is quite popular, and I suspect that is true even for those that own Glocks.

      --
      I am armed because I am free. I am free because I am armed.
  2. Trafficking in circumvention measures is illegal by Anonymous Coward · · Score: 5, Interesting

    Well.. as outrageous as the OP makes it sounds, you actually don't need to "hack" someone to break the law.

    There are lots of laws out there. For starters, trafficking in software or devices which circumvent security measures is often illegal. "Using" said device isn't necessary to run afoul of the law.

    The DMCA has strong anti-circumvention language for example. Other countries have similar laws.

  3. Bullshit logic. by Anonymous Coward · · Score: 2, Insightful

    Time to arrest the manufacturers of trucks that are used to plow into civilians, hey?

    Almost every "hacking tool" has a beneficial use.

  4. It's an outrage... by Anonymous Coward · · Score: 3, Informative

    ...everytime the media kneejerkingly supports the bad guys!

    .On or about November 21,2013, HUDDLESTON caused an activation email to be sent to a customer who had purchased the Limitless key logger, knowing that individual intended to use the Limitless key logger for the purpose of committing unlawful and unauthorized computer intrusions. 'The email contained the license serial code and instructions for how to download and activate the keylogger.

    Guy is toast and rightly so.

    1. Re:It's an outrage... by Orgasmatron · · Score: 4, Insightful

      Good post - insightful and informative.

      Note that this is a different scenario than the hypothetical question asked in the article/summary. The key is "knowing that individual intended to use the Limitless key logger for the purpose of committing unlawful and unauthorized computer intrusions". This is the standard FBI quasi-entrapment operation.

      In my opinion, no tool should be illegal to make or sell as long as some legal use is possible, however improbable. Selling it to someone after you know that they intend to use it illegally, however, I'm willing to let law enforcement do their thing. (But I'd like to see some more public scrutiny of their methods, which smell like bullshit a bit more often than I'd like.)

      --
      See that "Preview" button?
  5. Re:Trafficking in circumvention measures is illega by epyT-R · · Score: 4, Insightful

    That doesn't make it immoral. This is a case of opportunists making use of bad laws they likely lobbied for.

  6. simple answer by jmccue · · Score: 3, Insightful

    Are gun manufacturers held responsible for deaths caused by their products ? I guess you know the answer now

    1. Re:simple answer by Richard_at_work · · Score: 3, Insightful

      Do gun manufacturers hang out on "home invaders" forums touting their wares...?

  7. Question of intent for the Jury by techesq · · Score: 3, Insightful

    Since we're operating under U.S. Federal law, our innocent until proven guilty developer will be able to force the prosecutors to prove their case and have a jury decide his fate. The government's case is this: if you're a developer of a legitimate remote admin tool and DRM tools, why are you marketing and supporting the product in a known criminally linked forum? What was your relationship with the convicted felon who distributed the Limitless keylogger tool? From the Krebs piece it appears he assisted (a prosecutor might say "conspired with") the developer of key logger crimeware to receive payments. This is a case of what did he know and when did he know it? This is not an easy case to prove, but there is probable cause to suspect something criminal was going on based on the totality of circumstances. The government will have its work cut out for it, but I think the "chilling" effect defense is weak. You're free to develop, market, and sell any type of RAT or DRM software you want. You cannot knowingly assist criminals commit cybercrime. Pretty simple in my book. If you think otherwise, hire a lobbying firm and buy your own legal exceptions to established laws like the gun lobby did ;)

  8. BS - This is thoughtcrime by s.petry · · Score: 4, Insightful

    If this person is guilty of developing a remote admin tool, then so are the developers of SSH, Citrix Desktop developers, Microsoft Remote Desktop developers, VMware developers, VNC developers, Oracle SGD developers, Apple remote control services, and any other remote admin tool or tool that could be used for remote admin. All of those tools are developed to avoid people seeing what you are doing, all are configurable ports to avoid detection, etc.. Ask any developer or security expert if those tools can be used for hacking, and the answer is "YES" across the board.

    The EFF should have stopped when they said it would have a chilling effect. It does, because this would make "not hacking" but developing a certain type of tool a crime.

    Now had the guy actually used the tools to commit a crime, he should be charged with a crime.

    This is no different than charging a gun manufacturer with murder because a gang member killed someone with a gun made by the manufacturer. This is tyrannical authoritarianism, plain and simple.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    1. Re:BS - This is thoughtcrime by Anonymous Coward · · Score: 2, Interesting

      No there is a distinct difference here. He wrote the tool explicitly to perform illegal activity and then sold it to those who intended to commit a crime. Just like a gun shop selling a gun isn't a crime, but if you sell a gun to a guy you know intends to go out and shoot people you are going to be fucked over majorly by the authorities and you will deserve it.

    2. Re:BS - This is thoughtcrime by gravewax · · Score: 2

      This is Slashdot, reality distortion is strong on here, especially if it is some poor innocent criminal that was just trying to make a living screwing over peoples security.

  9. What do Slashdot's readers think? by psykocrime · · Score: 3, Insightful

    > What do Slashdot's readers think?

    I think the FBI should fuck the hell off, along with the rest of the federal government. Their purpose isn't law enforcement, it's to violate our civil rights, instil fear, and keep the populace under the thumb of the elitists who run the government (for their own benefit).

    Seriously, we need to disband the FBI, the DHS (as Ron Paul said, "we fought World War II without a DHS"), ATF, TSA (a bunch of dumb-fucks who couldn't hack it at McDonalds), DEA, NSA, and pretty much the rest of the federal agencies. We don't need some massive, sprawling, byzantine, corrupt bureaucracy... we just need self-government.

    --
    // TODO: Insert Cool Sig
  10. There is historical precedent here by bombastinator · · Score: 2

    this situation reminds me very much of that man who published a book on how to cook methamphetamine at home. the book sold so well he became a multi millionaire though he made no meth. Of course using his book, hundreds of thousands died from addiction and explosions.

    was his an action of unmitigated evil for personal gain which ruined countless lives? YES

    Was it technically illegal when he did it? NO

    Is it reasonable to assume that anything not deemed actually specifically illegal should be accepted by society no matter how damaging it is? That appears to be the question. IMHO the answer is a resounding NO, but i am one man.