Slashdot Mirror
UK Security Researcher Who Stopped WannaCry Outbreak Arrested in US (zdnet.com)
Zack Whittaker, reporting for ZDNet: A security researcher who in May stopped an outbreak of the WannaCry ransomware has been arrested and detained after attending the Def Con conference in Las Vegas. Marcus Hutchins, 23, a British national, was arrested at Las Vegas airport on Wednesday by US Marshals, several close friends confirmed to ZDNet. A friend told ZDNet that he was "was pulled by Marshals at the lounge" after clearing security. He was briefly detained in a federal facility in Nevada until he was moved. "We went to see him this morning and we had already been moved," said the friend. Hutchins is now understood to be in custody at an FBI field office in the state. Motherboard first broke the story on Thursday. Update: A Motherboard reporter tweets, "Here's the indictment accusing @MalwareTechBlog of running the Kronos banking malware."
Update 2: New DOJ statement: Gregory J. Haanstad, United States Attorney for the Eastern District of Wisconsin, announced that on July 11, 2017, following a two-year long investigation, a federal grand jury returned a six-count indictment against Marcus Hutchins, also known as "Malwaretech," for his role in creating and distributing the Kronos banking Trojan.
Update 2: New DOJ statement: Gregory J. Haanstad, United States Attorney for the Eastern District of Wisconsin, announced that on July 11, 2017, following a two-year long investigation, a federal grand jury returned a six-count indictment against Marcus Hutchins, also known as "Malwaretech," for his role in creating and distributing the Kronos banking Trojan.
Don't they understand? Doing shit like this means we won't have DefCon in the U.S. any longer. Think of the hotels and all the revenue we'll be missing!!! Does Trump know about this?
Is that a roll of dimes in your pocket or are you happy to see me?
He may have helped to stop it, but it begs the question.. Did he have a hand in spreading it in the first place, or is this an unrelated charge?
It doesn't beg that question any more than it begs the question of why anyone who is a high profile security researcher would be stupid enough to travel to the US.
Allegedly created Kronos. I'd like to see the actual indictment, so hopefully that will be up soon. http://money.cnn.com/2017/08/0...
WannaCry was built on top of an NSA exploit that had been leaked. A part of that NSA package was the kill switch that Hutchins discovered and published. He may have had nothing to do with WannaCry's development or propagation. But he caused a TLA to lose one of it's fun toys. And for that, he will be punished.
When agencies get this far out of control, it's time to shut them down.
Have gnu, will travel.
He may have helped to stop it, but it begs the question.. Did he have a hand in spreading it in the first place, or is this an unrelated charge?
It doesn't beg that question any more than it begs the question of why anyone who is a high profile security researcher would be stupid enough to travel to the US.
No question was begged. It raises the question. Begging the question is something else entirely. https://en.wikipedia.org/wiki/...
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
I'd like to see the actual indictment
Aaaaand here it is.
Yes, but 'beg the question' is just a really bad translation of the original phrase. Let 'beg the question' have its new meaning, which makes linguistic sense, and come up with a new phrase for what is essentially circular logic.
If you think I voted for Trump because of this post, you're wrong. I voted for Dr. Jill Stein of the Green Party. Again.
This is dumb and wrong. The NSA didn't create the malware, nor the kill switch within it.
What the NSA did that is relevant to the issue being discussed is to know about the Windows SMBv1 vulnerability and not tell Microsoft, and created an exploit to use the vulnerability. The SMBv1 exploit is simply a tool used by the malware, and the malware itself was coded to have a kill switch, separate parts.
If the NSA had disclosed the vulnerability after finding it, we probably wouldn't have had the WCry malware outbreak, because patches would have been out a lot sooner to plug the hole.
"Begging the question" is a bad translation of petitio principii, which is itself a bad translation from Greek sources. Linguistically there isn't really a right answer here. The exact meaning is almost always clear from context, and the usage is very much moving away from the "scholarly" definition. Given that there's not an absolutely correct position on this issue, I think that it's best to avoid using the phrase oneself, and tolerate its use or misuse with others. And if the argument you are responding to does not directly hinge on a point of meaning, it's probably just as well to avoid raising the subject. Life is too short for needless semantic arguments.
Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
I'd like to see the actual indictment
Aaaaand here it is.
OK - looks he has some past and that's catching up with him now - bummer or ??? at least, he seemed to do some good on this WannaCry remedy.
Who knows...
A part of that NSA package was the kill switch that Hutchins discovered and published.
This is utterly, totally, and completely wrong. The kill-switch had nothing to do with the exploit or NSA at all. It was implemented separately by the malware developers, likely as a check if the system was a sandbox.
But he caused a TLA to lose one of it's fun toys. And for that, he will be punished.
No, he didn't. This is also totally and completely wrong. The EternalBlue exploit used by Wannacry was leaked a month before Wannacry came out by a group (presumably) entirely unrelated to Marcus, and even that didn't really effect the NSA, as MS had fixed the big a month before that.
There's plenty of bad things the NSA has done to criticize, you don't need to create outright lies about them.
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
This is dumb and wrong. The NSA didn't create the malware,
https://en.wikipedia.org/wiki/EternalBlue
There's a theory that the kill switch was built into WannaCry to prevent it from being run in a sandbox environment. It checks for a non-existent URL and refuses to run if it gets a reply, figuring that the sandbox will reply to anything. But that is pretty simple-minded. It is trivially easy to get a decent sandbox to reply (or not) correctly based on actual DNS data. What viruses do (even scrip kiddie stuff) is to look for a correct response from a command and control network. And refuse to run (and be inspected) if a server replies but incorrectly.
It's more likely that the dummy URL was created to keep EternalBlue payloads from propagating within 'friendly' environments like government and contractor intranets. Just load the URL into the DNS cache inside your firewall and your network is safe.
Have gnu, will travel.