Slashdot Mirror
UK Security Researcher Who Stopped WannaCry Outbreak Arrested in US (zdnet.com)
Zack Whittaker, reporting for ZDNet: A security researcher who in May stopped an outbreak of the WannaCry ransomware has been arrested and detained after attending the Def Con conference in Las Vegas. Marcus Hutchins, 23, a British national, was arrested at Las Vegas airport on Wednesday by US Marshals, several close friends confirmed to ZDNet. A friend told ZDNet that he was "was pulled by Marshals at the lounge" after clearing security. He was briefly detained in a federal facility in Nevada until he was moved. "We went to see him this morning and we had already been moved," said the friend. Hutchins is now understood to be in custody at an FBI field office in the state. Motherboard first broke the story on Thursday. Update: A Motherboard reporter tweets, "Here's the indictment accusing @MalwareTechBlog of running the Kronos banking malware."
Update 2: New DOJ statement: Gregory J. Haanstad, United States Attorney for the Eastern District of Wisconsin, announced that on July 11, 2017, following a two-year long investigation, a federal grand jury returned a six-count indictment against Marcus Hutchins, also known as "Malwaretech," for his role in creating and distributing the Kronos banking Trojan.
Update 2: New DOJ statement: Gregory J. Haanstad, United States Attorney for the Eastern District of Wisconsin, announced that on July 11, 2017, following a two-year long investigation, a federal grand jury returned a six-count indictment against Marcus Hutchins, also known as "Malwaretech," for his role in creating and distributing the Kronos banking Trojan.
Don't they understand? Doing shit like this means we won't have DefCon in the U.S. any longer. Think of the hotels and all the revenue we'll be missing!!! Does Trump know about this?
Is that a roll of dimes in your pocket or are you happy to see me?
... no one seems to know.
So it's all very preliminary.
Soon enough he'll appear in front of a judge to be charged and/or a bail hearing.
Right, but that doesn't stop us from making wild assumptions and overreacting in the meantime.
my, your, his/her/its, our, your, their
I'm, you're, he's/she's/it's, we're, you're, they're
He may have helped to stop it, but it begs the question.. Did he have a hand in spreading it in the first place, or is this an unrelated charge?
It doesn't beg that question any more than it begs the question of why anyone who is a high profile security researcher would be stupid enough to travel to the US.
Allegedly created Kronos. I'd like to see the actual indictment, so hopefully that will be up soon. http://money.cnn.com/2017/08/0...
They probably just recruited him to help thwart a Decepticon attack. Where did this boom-box come from?
The real reason he was arrested was because the security agencies were using the malware to actively try and discredit Bitcoin by dropping a massive software leak on the entire world. Had more people opted to "pay" the ransom, it would have offered proof to the powers that be that cryptocurrencies are dangerous and convertibility into real fiat should be banned.
Will such proof stop bitcoin? No, but making it more difficult to convert from BTC to fiat will drive the price way down south.
He was arrested because he foiled their plans.
WannaCry was built on top of an NSA exploit that had been leaked. A part of that NSA package was the kill switch that Hutchins discovered and published. He may have had nothing to do with WannaCry's development or propagation. But he caused a TLA to lose one of it's fun toys. And for that, he will be punished.
When agencies get this far out of control, it's time to shut them down.
Have gnu, will travel.
He may have helped to stop it, but it begs the question.. Did he have a hand in spreading it in the first place, or is this an unrelated charge?
It doesn't beg that question any more than it begs the question of why anyone who is a high profile security researcher would be stupid enough to travel to the US.
No question was begged. It raises the question. Begging the question is something else entirely. https://en.wikipedia.org/wiki/...
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
In the US, the person arrested is told of the charges. The charges will also be told to his legal representation. It is not broadcasted to the news.
He probably refused a job while in Vegas, and now they need to make good on the "or else" clause that came with it. I wonder what they are offering him now instead of what they offered before.
You are being ripped off every second of every day, so that advertisers can help rip you off even more tomorrow.
I'd like to see the actual indictment
Aaaaand here it is.
Yes, but 'beg the question' is just a really bad translation of the original phrase. Let 'beg the question' have its new meaning, which makes linguistic sense, and come up with a new phrase for what is essentially circular logic.
If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
This is dumb and wrong. The NSA didn't create the malware, nor the kill switch within it.
What the NSA did that is relevant to the issue being discussed is to know about the Windows SMBv1 vulnerability and not tell Microsoft, and created an exploit to use the vulnerability. The SMBv1 exploit is simply a tool used by the malware, and the malware itself was coded to have a kill switch, separate parts.
If the NSA had disclosed the vulnerability after finding it, we probably wouldn't have had the WCry malware outbreak, because patches would have been out a lot sooner to plug the hole.
While the second sentence allows a level of ambiguity that many readers may not even spot, when taken in context of the first sentence it becomes very clear and any ambiguity can only result from deliberate misinterpretation.
"Begging the question" is a bad translation of petitio principii, which is itself a bad translation from Greek sources. Linguistically there isn't really a right answer here. The exact meaning is almost always clear from context, and the usage is very much moving away from the "scholarly" definition. Given that there's not an absolutely correct position on this issue, I think that it's best to avoid using the phrase oneself, and tolerate its use or misuse with others. And if the argument you are responding to does not directly hinge on a point of meaning, it's probably just as well to avoid raising the subject. Life is too short for needless semantic arguments.
Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
I'd like to see the actual indictment
Aaaaand here it is.
OK - looks he has some past and that's catching up with him now - bummer or ??? at least, he seemed to do some good on this WannaCry remedy.
Who knows...
A part of that NSA package was the kill switch that Hutchins discovered and published.
This is utterly, totally, and completely wrong. The kill-switch had nothing to do with the exploit or NSA at all. It was implemented separately by the malware developers, likely as a check if the system was a sandbox.
But he caused a TLA to lose one of it's fun toys. And for that, he will be punished.
No, he didn't. This is also totally and completely wrong. The EternalBlue exploit used by Wannacry was leaked a month before Wannacry came out by a group (presumably) entirely unrelated to Marcus, and even that didn't really effect the NSA, as MS had fixed the big a month before that.
There's plenty of bad things the NSA has done to criticize, you don't need to create outright lies about them.
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
This is dumb and wrong. The NSA didn't create the malware,
https://en.wikipedia.org/wiki/EternalBlue
There's a theory that the kill switch was built into WannaCry to prevent it from being run in a sandbox environment. It checks for a non-existent URL and refuses to run if it gets a reply, figuring that the sandbox will reply to anything. But that is pretty simple-minded. It is trivially easy to get a decent sandbox to reply (or not) correctly based on actual DNS data. What viruses do (even scrip kiddie stuff) is to look for a correct response from a command and control network. And refuse to run (and be inspected) if a server replies but incorrectly.
It's more likely that the dummy URL was created to keep EternalBlue payloads from propagating within 'friendly' environments like government and contractor intranets. Just load the URL into the DNS cache inside your firewall and your network is safe.
Have gnu, will travel.
Because it is significantly cheaper and easier to wait for someone to be on your own territory where your laws are sovereign than to try to get foreign state which has different laws to cooperate. Even a friendly foreign state. Extradition is often a complex mess and often requires, among other things, the party requesting extradition to demonstrate that the alleged crime actually is illegal in the juridiction being asked to extradite.
If it works in theory, try something else in practice.
It's kind of a bit odd though that the guy who stopped "Wannacry" is the only one involved in the entire thing from NSA to in the wild who has been arrested, especially given things like the situation where the "Stratfor" hack was carried out by one of the FBI's tame hackers/informants who is still wandering around free.
I think it's looking more likely that this guy got in the way of someone's agenda at the FBI by limiting the damage of "Wannacry" and thus ruining a chance for extra "cybersecurity" funding.
It will probably take years before we know either way.
While the second sentence allows a level of ambiguity that many readers may not even spot,
I don't spot it. "Remained ... until today ...". "Remained is past tense. "Doesn't remain anymore." Had the sentence been "remains ... until today", then there is still no ambiguity. Current tense means it still remains.
The Register reporting that asking for a sample of Kronos on twitter is the smoking gun for this grand jury indictment.
https://www.theregister.co.uk/...
Maybe I should make that my sig?
There are three kinds of falsehood: the first is a 'fib,' the second is a downright lie, and the third is statistics.
Who is the "blacked out" defendant in that indictment? Why is their name blacked out?
It makes me wonder if the other defendant is a juvenile. I'm afraid it's not uncommon for the FBI to arrest a "small fish", to try to get them to turn in a "big fish" for leniency in sentencing. It was very common in their work against, and far too often with and for, organized crime. It's led to them protecting and even supporting smaller criminals in the hope of prosecuting "kingpins", and led to their sheltering of Kevin Mitnick while he continued to commit computer hacking crimes until he fled and had to be tracked down by a far more skilled hacker.
I'm also sad to say that I've seen no constructive computer crime work by the FBI in the last decade. A great deal of smaller scale computer crime is directly referred to them and is never investigated or prosecuted. Cases with political implications, such as the Aaron Swartz attacks on JSTOR and Hillary Clinton's private email server, have been botched beyond belief.
Who is the "blacked out" defendant in that indictment? Why is their name blacked out?
It makes me wonder if the other defendant is a juvenile...
It is call "redact" version where certain information needs to remain secret until it is the right time to release to public (or when all actors are indict). Thus the person doesn't need to be a juvenile but rather be kept as secret for now for some reasons. You shouldn't be over thinking yet when you don't really have enough information.
As stated by an AC, criminal charges in the US are public information, unless the person charged is under the age of 18.
So if he was charged with a crime, that information should be accessible by anyone.
An enigma, wrapped in a riddle, shrouded in bacon and cheese