Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Security Researcher Who Stopped WannaCry Outbreak Arrested in US (zdnet.com)

Posted by msmash on from the chaos-ensues dept.

Zack Whittaker, reporting for ZDNet: A security researcher who in May stopped an outbreak of the WannaCry ransomware has been arrested and detained after attending the Def Con conference in Las Vegas. Marcus Hutchins, 23, a British national, was arrested at Las Vegas airport on Wednesday by US Marshals, several close friends confirmed to ZDNet. A friend told ZDNet that he was "was pulled by Marshals at the lounge" after clearing security. He was briefly detained in a federal facility in Nevada until he was moved. "We went to see him this morning and we had already been moved," said the friend. Hutchins is now understood to be in custody at an FBI field office in the state. Motherboard first broke the story on Thursday. Update: A Motherboard reporter tweets, "Here's the indictment accusing @MalwareTechBlog of running the Kronos banking malware."
Update 2: New DOJ statement: Gregory J. Haanstad, United States Attorney for the Eastern District of Wisconsin, announced that on July 11, 2017, following a two-year long investigation, a federal grand jury returned a six-count indictment against Marcus Hutchins, also known as "Malwaretech," for his role in creating and distributing the Kronos banking Trojan.

100 of 176 comments (clear)

  1. What's what!? by Dutchmaan · · Score: 1

    He may have helped to stop it, but it begs the question.. Did he have a hand in spreading it in the first place, or is this an unrelated charge?

    1. Re:What's what!? by Anonymous Coward · · Score: 4, Insightful

      He may have helped to stop it, but it begs the question.. Did he have a hand in spreading it in the first place, or is this an unrelated charge?

      It doesn't beg that question any more than it begs the question of why anyone who is a high profile security researcher would be stupid enough to travel to the US.

    2. Re:What's what!? by iced_773 · · Score: 4, Informative

      Allegedly created Kronos. I'd like to see the actual indictment, so hopefully that will be up soon. http://money.cnn.com/2017/08/0...

    3. Re:What's what!? by the_skywise · · Score: 1

      I wonder if he played the Kronos slot machine while he was in Vegas. :p

    4. Re:What's what!? by fibonacci8 · · Score: 1

      I doesn't beg the question. Post hoc ergo propter hoc. Suspicion alone falls under unreasonable search and seizure. I hope those detaining Hutchins have a proper warrant for their actions against him. If they do not, I sincerely desire to see them dragged through court causing inconvenience in proportion with what they've caused him.

      --
      Inheritance is the sincerest form of nepotism.
    5. Re:What's what!? by PPH · · Score: 5, Interesting

      WannaCry was built on top of an NSA exploit that had been leaked. A part of that NSA package was the kill switch that Hutchins discovered and published. He may have had nothing to do with WannaCry's development or propagation. But he caused a TLA to lose one of it's fun toys. And for that, he will be punished.

      When agencies get this far out of control, it's time to shut them down.

      --
      Have gnu, will travel.
    6. Re:What's what!? by TechyImmigrant · · Score: 4, Informative

      He may have helped to stop it, but it begs the question.. Did he have a hand in spreading it in the first place, or is this an unrelated charge?

      It doesn't beg that question any more than it begs the question of why anyone who is a high profile security researcher would be stupid enough to travel to the US.

      No question was begged. It raises the question. Begging the question is something else entirely. https://en.wikipedia.org/wiki/...

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    7. Re:What's what!? by iced_773 · · Score: 5, Informative

      I'd like to see the actual indictment

      Aaaaand here it is.

    8. Re:What's what!? by Anonymous Coward · · Score: 1

      Here ya go:

      https://www.documentcloud.org/documents/3912520-Marcus-Hutchinson-Indictment.html

    9. Re:What's what!? by I'm+New+Around+Here · · Score: 4, Insightful

      Yes, but 'beg the question' is just a really bad translation of the original phrase. Let 'beg the question' have its new meaning, which makes linguistic sense, and come up with a new phrase for what is essentially circular logic.

      --
      If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
    10. Re:What's what!? by I'm+New+Around+Here · · Score: 1

      As I replied above, and many times before,

      Yes, but 'beg the question' is just a really bad translation of the original phrase. Let 'beg the question' have its new meaning, which makes linguistic sense, and come up with a new phrase for what is essentially circular logic.

      --
      If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
    11. Re:What's what!? by Anonymous Coward · · Score: 1

      Interesting that shibboleth has managed to retain its meaning for over 3000 years.

    12. Re: What's what!? by Anonymous Coward · · Score: 1

      Reading about all of these horrible things Trump is doing just makes me want to die.

    13. Re:What's what!? by Anonymous Coward · · Score: 1

      Allegedly created Kronos. I'd like to see the actual indictment, so hopefully that will be up soon. http://money.cnn.com/2017/08/0...

      Oh.. I thought you meant the other - like Kronos.com - that's even more wretched than PC malware.

    14. Re:What's what!? by Anonymous Coward · · Score: 5, Informative

      This is dumb and wrong. The NSA didn't create the malware, nor the kill switch within it.

      What the NSA did that is relevant to the issue being discussed is to know about the Windows SMBv1 vulnerability and not tell Microsoft, and created an exploit to use the vulnerability. The SMBv1 exploit is simply a tool used by the malware, and the malware itself was coded to have a kill switch, separate parts.

      If the NSA had disclosed the vulnerability after finding it, we probably wouldn't have had the WCry malware outbreak, because patches would have been out a lot sooner to plug the hole.

    15. Re:What's what!? by spun · · Score: 1

      Hardly. I used to be like you, but then i learned about the difference between descriptivism and prescriptivism and decided it just wasn't worth it to keep harping on the "begging the question" thing.

      --
      - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
    16. Re:What's what!? by gnick · · Score: 1

      No question was begged.

      When I see somebody use the phrase, "begs the question," I mentally substitute "begets the question." It settles my inner pedant.

      --
      He's getting rather old, but he's a good mouse.
    17. Re:What's what!? by EETech1 · · Score: 1

      Looking at the Care-O-Meter..

      That means you do care...
      At least a little...

      Gotta love Weird Al:)
      https://youtu.be/8Gv0H-vPoDc

      I know your joking, just plugging Weird Al.

    18. Re: What's what!? by desdinova+216 · · Score: 1

      I thought it was during the Bush Administration

    19. Re:What's what!? by no-body · · Score: 3, Insightful

      I'd like to see the actual indictment

      Aaaaand here it is.

      OK - looks he has some past and that's catching up with him now - bummer or ??? at least, he seemed to do some good on this WannaCry remedy.
      Who knows...

    20. Re:What's what!? by spun · · Score: 1

      Oh gramps, you so silly. Descriptivism is dead, long live prescriptivism. Language is not, nor should it be, static. Stasis is for losers who are too old to live with the fact that everything changes. Get with the times, old man. Or don't, you'll be dead soon enough anyhow.

      --
      - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
    21. Re:What's what!? by Baloroth · · Score: 3, Informative

      A part of that NSA package was the kill switch that Hutchins discovered and published.

      This is utterly, totally, and completely wrong. The kill-switch had nothing to do with the exploit or NSA at all. It was implemented separately by the malware developers, likely as a check if the system was a sandbox.

      But he caused a TLA to lose one of it's fun toys. And for that, he will be punished.

      No, he didn't. This is also totally and completely wrong. The EternalBlue exploit used by Wannacry was leaked a month before Wannacry came out by a group (presumably) entirely unrelated to Marcus, and even that didn't really effect the NSA, as MS had fixed the big a month before that.

      There's plenty of bad things the NSA has done to criticize, you don't need to create outright lies about them.

      --
      "None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
    22. Re:What's what!? by PPH · · Score: 3, Informative

      This is dumb and wrong. The NSA didn't create the malware,

      https://en.wikipedia.org/wiki/EternalBlue

      There's a theory that the kill switch was built into WannaCry to prevent it from being run in a sandbox environment. It checks for a non-existent URL and refuses to run if it gets a reply, figuring that the sandbox will reply to anything. But that is pretty simple-minded. It is trivially easy to get a decent sandbox to reply (or not) correctly based on actual DNS data. What viruses do (even scrip kiddie stuff) is to look for a correct response from a command and control network. And refuse to run (and be inspected) if a server replies but incorrectly.

      It's more likely that the dummy URL was created to keep EternalBlue payloads from propagating within 'friendly' environments like government and contractor intranets. Just load the URL into the DNS cache inside your firewall and your network is safe.

      --
      Have gnu, will travel.
    23. Re:What's what!? by TechyImmigrant · · Score: 1

      >Being pedantic does not change the facts or make you look intelligent.

      Or even being pernickety.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    24. Re:What's what!? by Anonymous Coward · · Score: 1

      The people who spread it in the first place arrested him and now have physical access to his devices in order to do whatever the hell they want to logs and drive contents alike.

      You do the math.

    25. Re:What's what!? by Anonymous Coward · · Score: 1

      A two-year investigation culminating in a grand-jury handing down 6 counts for prosecution?

      That is a lot more than suspicion. That is the US attorney convincing a grand-jury that there was enough evidence to warrant a full trial to evaluate the merits of six different charges.

    26. Re:What's what!? by PPH · · Score: 1

      No one puts kill switches in exploits - that's stupid.

      No, its not. You might not want the exploit to propagate the payload in certain environments. Like within your government or contractors' intranets. So you give them a domain name that they can resolve to something. That way, when an infected system (laptop, USB stick, etc.) is inadvertently brought to work, it won't spread.

      --
      Have gnu, will travel.
    27. Re:What's what!? by russotto · · Score: 1

      That is a lot more than suspicion. That is the US attorney convincing a grand-jury that there was enough evidence to warrant a full trial to evaluate the merits of six different charges.

      That's pretty much nothing, given the maxim that a grand jury will indict a ham sandwich if the prosecution wants them to.

    28. Re:What's what!? by Dread_ed · · Score: 1

      More like the government that secretly created and distributed WannaCry is looking for retribution against the person who stopped its spread.

      Vindictive bastards they are. Wouldn't put it past them.

      --
      When the only tool you have is a claw hammer every problem starts to look like the back of someone's skull.
    29. Re:What's what!? by dbIII · · Score: 2, Insightful

      It's kind of a bit odd though that the guy who stopped "Wannacry" is the only one involved in the entire thing from NSA to in the wild who has been arrested, especially given things like the situation where the "Stratfor" hack was carried out by one of the FBI's tame hackers/informants who is still wandering around free.
      I think it's looking more likely that this guy got in the way of someone's agenda at the FBI by limiting the damage of "Wannacry" and thus ruining a chance for extra "cybersecurity" funding.
      It will probably take years before we know either way.

    30. Re:What's what!? by dbIII · · Score: 1

      It doesn't have to be that sinister to still have vindictive bastards.
      No matter where "Wannacry" came from a massive spread of it would have resulted in lots of lovely "cybersecurity" money getting sent in the direction of the FBI and others. This guy got in the way of someone's empire building. Whether they acted and laid a false charge or took a close look and found something real is the question now IMHO.

    31. Re:What's what!? by thegarbz · · Score: 1

      Based on your own citation he did beg the question. Scroll down to the section "Modern Usage".

    32. Re:What's what!? by aiht · · Score: 1

      Descriptivism is dead... Language is not, nor should it be, static.

      Call me a prescriptivist, but I think the way you redefined the two terms 'descriptivism' and 'prescriptivism' to mean each other is bound to cause confusion and should be proscribed.



      In other news, I have now looked at words containing 'ivi' for long enough that all I can see is Roman numerals.

    33. Re:What's what!? by geekymachoman · · Score: 1

      > When agencies get this far out of control, it's time to shut them down.

      Right. They haven't even started yet.
      What you going to do, write a letter ?

    34. Re:What's what!? by Antique+Geekmeister · · Score: 2

      Who is the "blacked out" defendant in that indictment? Why is their name blacked out?

      It makes me wonder if the other defendant is a juvenile. I'm afraid it's not uncommon for the FBI to arrest a "small fish", to try to get them to turn in a "big fish" for leniency in sentencing. It was very common in their work against, and far too often with and for, organized crime. It's led to them protecting and even supporting smaller criminals in the hope of prosecuting "kingpins", and led to their sheltering of Kevin Mitnick while he continued to commit computer hacking crimes until he fled and had to be tracked down by a far more skilled hacker.

      I'm also sad to say that I've seen no constructive computer crime work by the FBI in the last decade. A great deal of smaller scale computer crime is directly referred to them and is never investigated or prosecuted. Cases with political implications, such as the Aaron Swartz attacks on JSTOR and Hillary Clinton's private email server, have been botched beyond belief.

    35. Re:What's what!? by Antique+Geekmeister · · Score: 1

      > The kill switch is part of wannacry, thus the NSA had no part in it. No one puts kill switches in exploits - that's stupid.

      From my personal security work, _of course_ one puts in a kill switch. The ability to disable malware to avoid detection, and re-activate it when the payload needs delivery, is fundamental to many DDOS attacks. Dormancy is a vital aspect of avoiding detection.

    36. Re:What's what!? by parkinglot777 · · Score: 2

      Who is the "blacked out" defendant in that indictment? Why is their name blacked out?

      It makes me wonder if the other defendant is a juvenile...

      It is call "redact" version where certain information needs to remain secret until it is the right time to release to public (or when all actors are indict). Thus the person doesn't need to be a juvenile but rather be kept as secret for now for some reasons. You shouldn't be over thinking yet when you don't really have enough information.

    37. Re:What's what!? by Kadin2048 · · Score: 1

      That doesn't make any sense and has no basis in fact.

      There are enough legitimate issues with the FBI / CIA and their handling of cybersecurity issues that creating conspiracy-theory narratives is both unnecessary and counterproductive. Frankly it just muddies the waters on the real issues.

      --
      "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
    38. Re: What's what!? by Anonymous Coward · · Score: 1

      It's a bit odd that someone who works with viruses and trojans might have something to do with authoring one? Really?

    39. Re:What's what!? by PlaynBass · · Score: 1

      I believe the term you intended to use is moot, yet another oft-misused English word so commonly butchered these days...

      /rant Has anyone else noticed the horrible lack of proof-reading skills exhibited by those who type in the captions and screen crawls for our so-called news shows? It seems that in our hi-tech world, simple rules of spelling and grammar have been ignored in the rush to "breaking news". /end rant

      --
      PlaynBass
    40. Re:What's what!? by Antique+Geekmeister · · Score: 1

      Who redacted it? And why? Those are important questions..As an interested member of the public, I may disagree with the reason that it "needs to remain secret". From observation, courts operate best when they are completely public. I'm also concerned that "you shouldn't be over thinking" is often a very dangerous policy.

      I'm also forced to see this case in terms of FBI history. The FBI has a long history of "turning" witnesses and granting clemency or even prosecutorial immunity for helping turn in the "big fish". Innocent people have repeatedly been convicted of crimes because of this practice, especially defendants who don't have the money or social resources to resist a prosecutor with fraudulent testimony. Worse, such testimony used to indict a second defendant may be "intepreted" or entirely concocted by the FBI agant. The FBI still refuses to electronically record the conversations they have with witnesses during the investigation, relying on the Form 302 submitted by an agent after the interview. This practice is described at https://en.wikipedia.org/wiki/.... And I'm afraid it _begs_ for fraud.

    41. Re:What's what!? by TechyImmigrant · · Score: 1

      Yes, but 'beg the question' is just a really bad translation of the original phrase. Let 'beg the question' have its new meaning, which makes linguistic sense, and come up with a new phrase for what is essentially circular logic.

      However, it's not some obscure corner of the English language. It's taught in school, by English teachers, to children. They learn and remember these things that add the semantics to the words they hear and say. The various types of logical argument and logical fallacy are taught. These things were even taught in school in the crappy mining and steel-works shithole that I grew up in.

      It's not hard. It's not inaccessible information. It's not like it doesn't get pointed out most times that people screw it up. This is because most people know how it works and it sounds very wrong to people when it's used wrongly. Just like conjugating wrong or engaging in Yoda speech. I'm happy that people like to boldly split infinitives. English accommodates that. It doesn't accommodate sentences of the form . It sounds ridiculous.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    42. Re:What's what!? by BrianMahoney1357 · · Score: 1

      More broadly, 'why anyone...would be stupid enough to travel to the US.' If common sense doesn't change the way things are, maybe the loss of tourist dollars will. Same for Mexico and dozens of other countries around the world.

  2. Loss of revenue by lsllll · · Score: 4, Insightful

    Don't they understand? Doing shit like this means we won't have DefCon in the U.S. any longer. Think of the hotels and all the revenue we'll be missing!!! Does Trump know about this?

    --
    Is that a roll of dimes in your pocket or are you happy to see me?
    1. Re:Loss of revenue by TechyImmigrant · · Score: 5, Interesting

      Don't they understand? Doing shit like this means we won't have DefCon in the U.S. any longer. Think of the hotels and all the revenue we'll be missing!!! Does Trump know about this?

      This is becoming necessary. Similarly for more academic crypto conferences. They split their locations evenly between Europe, Asia and the US which in addition to sharing the travel pain, allows people to avoid countries that might try to prosecute them for being a security researcher. DefCon and BlackHat need to move about so they can be available to researcher that would otherwise be unable to travel there.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    2. Re:Loss of revenue by volodymyrbiryuk · · Score: 1

      I heard Switzerland is lovely this time of year.

      --
      sudo rm -r -f --no-preserve-root /
    3. Re:Loss of revenue by gatkinso · · Score: 1

      So we are supposed to let wanted criminals walk to keep a shitty conference in Vegas?

      Defcon really sucked this year - it seems to have jumped the shark awhile ago.

      --
      I am very small, utmostly microscopic.
    4. Re:Loss of revenue by John.Banister · · Score: 1

      So, would Toronto work, or do all the Five Eyes countries need to be avoided? The Adelaide Hotel in Toronto might enjoy hosting a conference like this one.

    5. Re:Loss of revenue by Kobun · · Score: 1, Insightful

      Switzerland is lovely throughout the year.

    6. Re:Loss of revenue by aberglas · · Score: 1

      They are no longer hacker conferences.

      They are business conferences that compete with RSA security. The Hacker element is just a bit of tinsel.

      And the corporate customers and IT companies are in the US.

    7. Re:Loss of revenue by Zemran · · Score: 1

      Everything needs to get out of the US not just DefCon. Even the UN end up having important people refused entry and how about that robotics competition when the girls from Afghanistan who should have been encouraged where refused entry. The US is the worst country in the world for just about anything.

      --
      I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
    8. Re:Loss of revenue by Kadin2048 · · Score: 1

      I doubt this has been lost on the DefCon organizers. Presumably they think that they'd lose more attendance by moving to Europe than by having people who can't safely travel to the US just not come, or attend/present via videoconference or something. And I suspect that's probably true -- very few people (in my experience) go to DefCon or similar conferences on their own dime; you go on your employer's money. And getting your employer to comp you a few hundred bucks for a flight to Vegas and a shitty hotel room (Vegas hotel rooms are notoriously cheap) is a heck of a lot easier than getting a company to cough up for a transatlantic ticket, hotel in Europe, etc. As long as the majority of the attendees are in the US, this is where the conferences are going to be.

      But coming here if you're involved in cybercrime is probably, uh, not a very smart idea. That Hutchins came at all suggests to me that he didn't know that the FBI was onto his alleged previous (pre-Wannacry) activities; the alternative is that he's dumb, and he doesn't seem dumb. (Though a fair number of very smart people are also arrogant and don't give other people credit for being able to figure things out, so that's also an option, I suppose.)

      There is a legitimate question as to whether there should be some sort of cyber amnesty program, though, given the number of mostly-legitimate "security researchers" who have shady backgrounds but seem to have moved on from them. I've got some mixed feelings on that. On one hand, getting blackhats and their knowledge out into the open so vulns can be remediated and the network in general made more robust is a Good Thing. But I don't know if it outweighs the message it would send, which is that you can basically play Computer Mafioso when you're young and then retire to a nice, secure, respectable position as "security researcher" without the threat of your prior activities coming back to bite you. That's not really how things work in the non-IT world; if you spend your 20s working for the Mob, and then retire to a respectable profession, that respectability is unlikely to protect you from getting a knock on your door sometime later, depending on the statue of limitations, for stuff you did earlier. Might make a judge or jury go easier on you, but it's not an ironclad defense.

      --
      "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  3. What was he arrested for? by Anonymous Coward · · Score: 1

    ... no one seems to know.

    So it's all very preliminary.

    Soon enough he'll appear in front of a judge to be charged and/or a bail hearing.

    1. Re:What was he arrested for? by almitydave · · Score: 2

      ... no one seems to know.

      So it's all very preliminary.

      Soon enough he'll appear in front of a judge to be charged and/or a bail hearing.

      Right, but that doesn't stop us from making wild assumptions and overreacting in the meantime.

      --
      my, your, his/her/its, our, your, their
      I'm, you're, he's/she's/it's, we're, you're, they're
    2. Re:What was he arrested for? by CanHasDIY · · Score: 1

      Generally, in the US, when a person is arrested, they're charged with something.

      So what has he been charged with? Anything? Or is this yet another 'parallel construction' situation?

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    3. Re:What was he arrested for? by b0bby · · Score: 1

      ... no one seems to know.

      Well, TFA gives a likely reason:

      A Justice Department spokesperson has confirmed on the phone that his arrest is in relation to his alleged role "in creating and distributing the Kronos banking Trojan."

    4. Re:What was he arrested for? by jfdavis668 · · Score: 2

      In the US, the person arrested is told of the charges. The charges will also be told to his legal representation. It is not broadcasted to the news.

    5. Re:What was he arrested for? by JoelKatz · · Score: 1

      I don't think it's illegal to create malware though. That seems to be the only overt act they accuse him of in the indictment. So, assuming he did in fact write it, it will come down to whether the government can prove that he conspired to sell and distribute it based on more than just accusations from his alleged co-conspirator.

      Imagine you wrote some malware and I took it from you and sold it. If I was arrested, I would offer to give up the person who created it in exchange for something. Then I'd point to you and swear up and down that I have an agreement with you, whether or not it's true.

      So, the big question: Assuming he wrote the malware, other than the word of his co-conspirator (who obviously wants someone to share the blame), is there any evidence he conspired to sell it?

    6. Re:What was he arrested for? by Dread_ed · · Score: 1

      None of those books are censored in the US now. Silly git.

      --
      When the only tool you have is a claw hammer every problem starts to look like the back of someone's skull.
    7. Re:What was he arrested for? by Megol · · Score: 1

      Take that parallel construction and shove it! Do you know what it describes? Do you understand that using it without a proper context and without any reason you sound like a conspiracy nut without a clue?

      Waited a while before posting the above. I'll not change anything as I stand by it but you shouldn't necessarily take it 100% seriously...

    8. Re:What was he arrested for? by Megol · · Score: 1

      Scarily no, that's not the case anymore. Guantanamo, secret courts and a lot of other crap new and old (like holding a person as suspect of something obviously false until a case can be built up) means the US legal system can't be trusted.

    9. Re:What was he arrested for? by CanHasDIY · · Score: 1

      Take that parallel construction and shove it! Do you know what it describes? Do you understand that using it without a proper context and without any reason you sound like a conspiracy nut without a clue?

      Waited a while before posting the above. I'll not change anything as I stand by it but you shouldn't necessarily take it 100% seriously...

      Meth is a hell of a drug.

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    10. Re:What was he arrested for? by CanHasDIY · · Score: 2

      As stated by an AC, criminal charges in the US are public information, unless the person charged is under the age of 18.

      So if he was charged with a crime, that information should be accessible by anyone.

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
  4. Re:get your big fake ass titties out of here by queazocotal · · Score: 1

    total sum?

  5. Recruiting by budsetr · · Score: 2

    They probably just recruited him to help thwart a Decepticon attack. Where did this boom-box come from?

  6. Re:What's what!? A tinfoil hat conspiracy! by amigabill · · Score: 1

    Allegedly did X. But the tinfoil hatters will say that he foiled the NSA/CIA/FBI/HS plan to both infiltrate everyone's computers and to make a few bucks in the process.

    Will be interesting reading either way...

  7. WannaCry was an Spook Sponsored Virus by DatbeDank · · Score: 2, Interesting

    The real reason he was arrested was because the security agencies were using the malware to actively try and discredit Bitcoin by dropping a massive software leak on the entire world. Had more people opted to "pay" the ransom, it would have offered proof to the powers that be that cryptocurrencies are dangerous and convertibility into real fiat should be banned.

    Will such proof stop bitcoin? No, but making it more difficult to convert from BTC to fiat will drive the price way down south.

    He was arrested because he foiled their plans.

    1. Re:WannaCry was an Spook Sponsored Virus by omnichad · · Score: 1

      That sounds so credible.

    2. Re:WannaCry was an Spook Sponsored Virus by Anonymous Coward · · Score: 1

      You might want to adjust your hat, the tinfoil is showing.

    3. Re:WannaCry was an Spook Sponsored Virus by dbIII · · Score: 2

      Something slightly more credible is that because there are so many fucking spooks on the payroll there's at least one vindictive bastard who saw the chaos of "Wannacry" as a way to get a bigger budget, and when the expected crisis didn't happen they decided to take it out on the guy who turned "Wannacry" into a non-event.
      You don't have to engineer a crisis to profit from it (as the cynical and expensive security theatre after 9/11 shows).

    4. Re:WannaCry was an Spook Sponsored Virus by Megol · · Score: 1

      I think I spot a logical hole there with a larger diameter than that of Mr. Goatse.cx, how about you run away and play with the other nuts at abovetopsecret?

    5. Re:WannaCry was an Spook Sponsored Virus by Megol · · Score: 1

      It's not tinfoil - it's his overconsumption of colloidal silver showing.

    6. Re:WannaCry was an Spook Sponsored Virus by Zemran · · Score: 1

      The exchange he was using had already closed his account so that ransom payments could not be made.

      --
      I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
  8. Re:Whoa by Anonymous Coward · · Score: 1

    mind blown, what is going on!?

    Sara said she wants to talk to me tomorrow night. Said she wants to get dinner, so I think she wants to be somewhere public when she leaves me. I hope she doesn't try to keep Schmitty. I'm sure the kids will go with her since courts never side with the dad.

    Aside from all that everything else is OK. I mean I'm healthy and my job is going OK.

    What is going on with you?

  9. Job offer. by WolfgangVL · · Score: 2

    He probably refused a job while in Vegas, and now they need to make good on the "or else" clause that came with it. I wonder what they are offering him now instead of what they offered before.

    --
    You are being ripped off every second of every day, so that advertisers can help rip you off even more tomorrow.
  10. Indicted for involvement with Kronos trojan by Anonymous Coward · · Score: 1

    https://www.documentcloud.org/documents/3912520-Marcus-Hutchinson-Indictment.html

  11. Re:get your big fake ass titties out of here by TechyImmigrant · · Score: 1

    The 3 WannaCry addresses used that held the Bitcoin from this exploit have been drained

    They have remained built up on these addresses until today.

    So which is it? They've been drained or they remain built up?

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  12. Re:Whoa by kwbauer · · Score: 1

    Nice one. Well done.

  13. Re:get your big fake ass titties out of here by Kaenneth · · Score: 1

    "Until Today"

  14. Re:get your big fake ass titties out of here by TechyImmigrant · · Score: 1

    >Do you not know how to read?

    I do, The ambiguity in the second sentence was clear to me.

    The built-up-ness did not remain at all, yet you said it did, You said it remained built up and left it to the reader to discern whether 'until today' means "It's still remaining built up today" or "the built-up-ness ceased today".

    Disambiguation for the Nation! Now!

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  15. Swordfish is a ridiculous movie by Anonymous Coward · · Score: 1

    But there was an insightful bit: The German/Finnish hacker who is initially hired to do the job is caught at the airport, and during the interrogation he is asked: Why would the number one hacker in the world risk life imprisonment by coming into the continental US?
    So that's the question I have. Why would a "security researcher" enter the United States of America? What is the expectation there?

  16. Snark is.. by s.petry · · Score: 1

    Lost on you...

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

  17. Re:get your big fake ass titties out of here by Cederic · · Score: 2

    While the second sentence allows a level of ambiguity that many readers may not even spot, when taken in context of the first sentence it becomes very clear and any ambiguity can only result from deliberate misinterpretation.

  18. Pedantry by Tenebrousedge · · Score: 5, Insightful

    "Begging the question" is a bad translation of petitio principii, which is itself a bad translation from Greek sources. Linguistically there isn't really a right answer here. The exact meaning is almost always clear from context, and the usage is very much moving away from the "scholarly" definition. Given that there's not an absolutely correct position on this issue, I think that it's best to avoid using the phrase oneself, and tolerate its use or misuse with others. And if the argument you are responding to does not directly hinge on a point of meaning, it's probably just as well to avoid raising the subject. Life is too short for needless semantic arguments.

    --
    Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
  19. No Extradition by simpz · · Score: 1

    Surely if the US authorities had enough evidence they would have requested (and got) his extradition from the UK ages ago. Why wait until he is in the US?

    1. Re:No Extradition by LostOne · · Score: 2

      Because it is significantly cheaper and easier to wait for someone to be on your own territory where your laws are sovereign than to try to get foreign state which has different laws to cooperate. Even a friendly foreign state. Extradition is often a complex mess and often requires, among other things, the party requesting extradition to demonstrate that the alleged crime actually is illegal in the juridiction being asked to extradite.

      --

      If it works in theory, try something else in practice.
    2. Re:No Extradition by simpz · · Score: 1

      I know extradition is hard but doing this doesn't say we are *that* bothered by his crime.

      He committed a crime so heinous that we aren't even going to try to extradite we are just going to brood over it on the off chance he enters the country.

    3. Re:No Extradition by Martin+S. · · Score: 1

      He can only be extradited from the UK to US if he has been charged.

      He cannot be extradited from the UK as a material witness or just a suspect just to face a grand jury. That would be considered an abuse of process.

    4. Re:No Extradition by coofercat · · Score: 1

      Aside from the legal hoops you'd have to jump through, it would alert him to their intent and allow him to build a case against them. Just because the US requests extradition doesn't mean it happens every single time (although I'll grant you, it's closer to a formality between the UK and US than it probably should be). This way, he didn't know a thing about it, and they've arrested him and have 100% control over him - the UK can piss right off.

      Right now, UK diplomats are talking to US diplomats about this. They're asking for a comfier prison cell, faster proceedings, lesser sentences, serve his time in the UK etc etc. The US is by far the larger of the negotiating parties and has probably said "okay, we'll send him another blanket, but that's all you're getting".

      Whatever their reasoning, they've got him and won't be letting go anytime soon. An example must be made, whether real or not. Someone must pay, ideally a foreigner, but under no circumstances must any responsibility be taken for any of it.

  20. Something fishy... by MotoRyan · · Score: 1

    This is crazy. Wonder if it is retaliation or if he was really involved? If he was involved, why did he go through all of the trouble to put himself in the public view? The guy did an AMA just 2 months ago: https://www.reddit.com/r/IAmA/... AND he attends Defcon? Something is fishy...

  21. Re:get your big fake ass titties out of here by Obfuscant · · Score: 2

    While the second sentence allows a level of ambiguity that many readers may not even spot,

    I don't spot it. "Remained ... until today ...". "Remained is past tense. "Doesn't remain anymore." Had the sentence been "remains ... until today", then there is still no ambiguity. Current tense means it still remains.

  22. More from the Register by Martin+S. · · Score: 2

    The Register reporting that asking for a sample of Kronos on twitter is the smoking gun for this grand jury indictment.

    https://www.theregister.co.uk/...

    1. Re:More from the Register by Martin+S. · · Score: 1

      The original offer for sale of Kronos was in Russian natural language so not machine translated. There is no evidence that Marcus speaks or writes Russian. Miss-direction is possible, but that doesn't fit with the relative lack of sophistication of Kronos.

  23. Language evolves by Martin+S. · · Score: 1

    The modern usage has evolved and clearly understood by most. Those complaining on that basis are demonstrating an inability to adapt.

    1. Re:Language evolves by Megol · · Score: 1

      Yes it's understood by most. The problem is that begging the question really means another thing than most think it does - a thing that is hard to describe without using the phrase. So the problem isn't one of a language evolving rather than devolving, the common use of the phrase now hinders the proper* use meaning it's harder to express the original meaning. And there's no reason as the phrase people really want to express already exist, is just one extra letter and is more logical (the use of "begs" needs some strange definition of the word to make it fit).

      (* well a language is a democratic thing so the proper use isn't decided by some language god somewhere...)

  24. Def Con Toronto by uvajed_ekil · · Score: 1

    No problem, we'll just hold Def Con in Toronto form now on if Vegas doesn't want us. Not the same casino scene, but literally everything else is better there.

    --
    This is a hacked account, for which the owner can not be held responsible.
  25. Re:What happens in Vegas by hattable · · Score: 1

    One night with Venus...

    --
    OMG facts!
  26. Grey hat? by LordWabbit2 · · Score: 2
    So he's a grey hat, not surprised, what's that saying again??? [Googles..]

    "He who fights with monsters should be careful lest he thereby become a monster. And if thou gaze long into an abyss, the abyss will also gaze into thee." - Nietzsche

    Maybe I should make that my sig?

    --
    There are three kinds of falsehood: the first is a 'fib,' the second is a downright lie, and the third is statistics.
  27. Re:get your big fake ass titties out of here by Cederic · · Score: 1

    Well, I was being generous about it.

  28. Re:No good deed goes unpunished by Kadin2048 · · Score: 1

    I think it's more like "one good deed today doesn't get you off the hook for the bad deed you did last week".

    In other words, if you're a blackhat who happens to take down another blackhat, that doesn't buy you a get-out-of-jail-free card that you can play when other things you may have done in the past surface.

    Or at least, not to an extent that stops you from getting indicted. It might play pretty well in court if the whole thing actually goes to trial, I'd imagine. Can't hurt anyway.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."