Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researcher Who Stopped WannaCry Pleads Not Guilty to Creating Banking Malware (vice.com)

Posted by msmash on from the courtroom-musings dept.

Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Monday, the well-known security researcher who became famous after helping to stop the destructive WannaCry ransomware outbreak pleaded "not guilty" to creating software that would later become banking malware. Marcus Hutchins -- better known by his online nickname MalwareTech -- was arrested in early August in Las Vegas after the hacking conference Def Con. The US government accuses Hutchins of writing software in 2014 that would later become the banking malware Kronos. After getting out on bail and traveling to Milwaukee, he stood in front a judge on Monday for his arraignment. Prosecutors also allege he helped a still unknown co-defendant market and sell Kronos. Hutchins's lawyer Brian Klein declared in a packed courtroom in Milwaukee that Hutchins was "not guilty" of six charges related to the alleged creation and distribution of malware. Hutchins will be allowed to travel to Los Angeles, where he will live while he awaits trial. He will also be represented by Marcia Hoffman, formerly of the Electronic Frontier Foundation. Under the terms of his release, Hutchins will be tracked by GPS but will be allowed full internet access so he can continue to work as a security researcher; the only restriction is he will no longer be allowed to access the WannaCry "sinkhole" he used to stop the outbreak of ransomware.

71 comments

  1. Fishy by Anonymous Coward · · Score: 3, Interesting

    This is very fishy.....

    1. Re:Fishy by courteaudotbiz · · Score: 1

      That's the first word I had in mind... And when it smells sh** and looks like sh**, chances are that it is sh**.

      Is WannaCry an inside job?

    2. Re:Fishy by Anonymous Coward · · Score: 0

      Sounds like it...

    3. Re:Fishy by Anonymous Coward · · Score: 0

      Best probability goes to:
      1) dude wrote it
      2) dude sold it
      3) dude got stiffed
      4) dude turned it off
      5) dude realized his reg exposed him
      6) dude plays hero

  2. travel to the USA... by johnjones · · Score: 2, Insightful

    get arrested, well thats a way to incentivise Canadian conferences...

    1. Re:travel to the USA... by borcharc · · Score: 0

      Sadly Canada takes a less the friendly view to American visitors. Something like 17-20% of Americana has been convicted of driving under the influence making them ineligible for entry into Canada. The overwhelming majority of these cases are misdemeanor offenses. Felony DUI is a fairly rare and serious crime, but Canada treats misdemeanor offenders of this type as ineligible felons. That is of course unless you pay a fine to Canada to demonstrate you have been rehabilitated. What amounts to international double jeopardy. Although I don't drink, I have been to enough security conferences to suspect higher representation in this category amoung attendees.

    2. Re:travel to the USA... by Anonymous Coward · · Score: 0

      Lol. DUI, whine about not being able to go to Canada? How about not drinking before getting into the car? And 17-20%? Man, the more I hear, the less inclined I become to ever visit the worlds largest outdoor loon bin / prison.

      I have to admit it's creative of the Canadians to actually provide an official way to bribe yourself into their country though... Maybe we should consider it an idiot-tax?

    3. Re:travel to the USA... by borcharc · · Score: 1

      You mock our insane criminal justice system but then go on to mock its victims

    4. Re:travel to the USA... by Mashiki · · Score: 1

      Felony DUI is a fairly rare and serious crime, but Canada treats misdemeanor offenders of this type as ineligible felons

      That's because in Canada it's considered an I/O or indictable offence, or felony for you americans. In canada only the feds can have felony law, and it's universally applied across the country. It's not double jepordy though, you were never tried under Canuck law.

      --
      Om, nomnomnom...
    5. Re:travel to the USA... by Anonymous Coward · · Score: 0

      I suggest you read the comment again.

      I'm mocking people who drink and drive, and then complain about other countries not letting them in... which I think is really backwards. Can't go to Canada? BFD. I've never heard of anyone dying from not being able to go to Canada, which is a fair bit more than can be said for getting run over because some blind drunk moron couldn't resist getting into his car. And if you don't think a judicial system which lets people in who would otherwise be excluded if they pay a legalised bribe and makes a bit of profit in the process doesn't deserve mocking, I don't know what does in your world.

    6. Re:travel to the USA... by Zontar_Thing_From_Ve · · Score: 1

      Sadly Canada takes a less the friendly view to American visitors. Something like 17-20% of Americana has been convicted of driving under the influence making them ineligible for entry into Canada. The overwhelming majority of these cases are misdemeanor offenses. Felony DUI is a fairly rare and serious crime, but Canada treats misdemeanor offenders of this type as ineligible felons.

      The US is only marginally better. Official US government policy is that one DUI isn't a problem for visitors, but 2 or more can get your entry denied. Conviction on any drug offense is grounds for denying admission, although potential visitors do have the ability to ask for a waiver in advance. As always, there are no guarantees that a waiver will be given if applied for.

    7. Re:travel to the USA... by Anonymous Coward · · Score: 0

      I just wish my country wasn't run by pussI liberals. We let Mexican drug cartels in.

    8. Re:travel to the USA... by Anonymous Coward · · Score: 0

      I just wish my country wasn't run by pussI liberals. We let Mexican drug cartels in.

      Didn't know that Republicans in congress have been liberals! Anyway, both sides do the same thing. Don't finger pointing.

    9. Re:travel to the USA... by Anonymous Coward · · Score: 0

      Then you haven't been paying attention. R's talk a big conservative game, but once they actually get power...

    10. Re: travel to the USA... by KGIII · · Score: 1

      You can 'bribe' your way into any country, even with criminal convictions. You apply for a visa, ahead of time, and pay the applicable fees. Even murderers travel internationally, if they have the money. Depending on your past, they will just ask for more money.

      --
      "So long and thanks for all the fish."
    11. Re:travel to the USA... by Anonymous Coward · · Score: 0

      My situation exactly. Too bad Canada, missing my tourist $$$$.

      Equal rights, errr, double jeopardy, for cannabis victims!

    12. Re:travel to the USA... by Anonymous Coward · · Score: 0

      A surprisingly large number of Americans get dwu's for being passed out in their car with the engine off. Look at Tiger Woods recent case.

  3. Re:Now throw the book at him by xxxJonBoyxxx · · Score: 1

    >> Let's incarcerate them for the rest of their lives or put a few of them to death.

    Found the consultant working in Dubai.

  4. Expected regardless by s.petry · · Score: 4, Interesting

    I would have expected this plea regardless of facts. I can't wait to read more on this as it becomes available. Right now, we have speculation on one side and little except the indictment on the other.

    Needs way more information to start making informed opinions.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    1. Re: Expected regardless by Anonymous Coward · · Score: 2, Interesting

      More information is needed for an informed opinion but I'll still make a guess that the NSA is pissed that he stopped their malware from working.

    2. Re: Expected regardless by Anonymous Coward · · Score: 1

      I like your generic statement. You can pretty much post this anywhere involving a court case.

    3. Re: Expected regardless by Anonymous Coward · · Score: 0

      What would be their incentive for propagating ransomware ?

    4. Re: Expected regardless by Calydor · · Score: 2

      Who says they'd put up a way for the victims to unlock their machines?

      It becomes ransomware when the distributor wants to make money. It becomes a cyberweapon when the distributor wants to take someone down hard.

      --
      -=This sig has nothing to do with my comment. Move along now=-
    5. Re: Expected regardless by The123king · · Score: 1

      It makes it look less likely to be from a government agency. Stuxnet got traced back because it was clearly the work of a major intelligence agency. If you make it look like some idiot in his bedroom wrote it, chances are they'll believe some idiot in his bedroom wrote it.

      --
      If you gave me a choice between a printer and a giraffe with explosive diarrhoea, i'll get my ladder and my raincoat
    6. Re: Expected regardless by drinkypoo · · Score: 1

      It becomes ransomware when the distributor wants to make money. It becomes a cyberweapon when the distributor wants to take someone down hard.

      How is ransomware not a cyberweapon?

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    7. Re: Expected regardless by Anonymous Coward · · Score: 0

      Sometimes you need a good distraction to get the real job done.

    8. Re: Expected regardless by Anonymous Coward · · Score: 0

      See who asks for help, see who doesn't, and see what the chain of command is during an emergency

  5. Catch Me If You Can Sequel due in 2027 by Anonymous Coward · · Score: 0

    I'm looking forward to the sequel to "Catch Me If You Can" in 10 years after this guy helps the feds out. And why not use him in such a way? He seems to have at least some conscience that he's stopped a threat, so he can be marginally trusted.

  6. Maybe he says the truth by admin7087 · · Score: 3, Insightful

    This looks like one of those cases when someone was not fully willing to 'cooperate' with certain people and then the FBI is 'tipped off' with some very bogus evidence. I'm speculating, of course, but anyway that's how it looks to me.

    1. Re:Maybe he says the truth by alvinrod · · Score: 1

      It could well be true evidence, but something that was obtained illegally. We have the fruit of the poisonous vine/tree metaphor that covers that a person could be completely guilty of something, but that the government had no legal cause to gather that evidence or acted outright illegally in obtaining it. Of course the government agencies are typically good enough at parallel construction so that this isn't always a problem. It will be interesting to follow, but I won't be surprised if he violated some strict liability law which gives the law some justification for looking into him further, so of course it wasn't just a random tip from some other agency.

  7. WELCOME TO AMERICA! by Anonymous Coward · · Score: 0

    Please feel free to tour our luxurious private prisons!

    Stay awhile...

    STAY FOREVER!

  8. Things that make you go hmmm by Anonymous Coward · · Score: 2

    I wonder if he stopped or interfered with an NSA false-flag and is being pinned for it...

  9. Should have driven to Canada... by Jerrry · · Score: 1

    He should have taken a little drive north while he was in Milwaukee and then he could have fought extradition while living at home in the UK.

    1. Re:Should have driven to Canada... by LostOne · · Score: 1

      I doubt that would have worked out. That "little drive north" would be into Canada, which is most definitely not the UK. (Canada is an independent nation with its own laws and policies, believe it or not.) There's no guarantee he would be allowed in to Canada. (UK citizens are refused entry all the time.) If the CBSA folks are aware of the bail conditions, there's a good chance that would be reason to turn him back. Of course, he could try walking across the border and avoiding the border stations, but that's not as easy as it sounds.

      Then, if he did get across the border, he would have to travel on through Canada to get to the UK. At any point during that travel, he might be picked up in response to an extradition request (which would almost certainly be immediately granted in this case since it doesn't look like he has a case for requesting asylum nor is there any evidence that due process has been violated). The most likely places for that would be at the transportation hubs that have flights or ships to the UK.

      Alternatively, he can stay where he is, run things through the courts and find out just what the case against him is and defend it. At no point to date has there been any obvious violation of due process and he is out on bail with conditions that are not particularly onerous given that he is a foreign national.

      --

      If it works in theory, try something else in practice.
  10. Poor Marcus by Phusion · · Score: 1

    I can't believe he's being treated this way. You'd think that after what he did for THE WORLD by deactivating WCry, they'd let him go.. but nooooo they have to throw him in a courtroom and try to convict him of ... what? Writing malware that never touched an American computer and that he never executed? What is this shit?

    --
    640k ought to be enough for anyone.
    1. Re:Poor Marcus by Anonymous Coward · · Score: 3, Interesting

      > What is this shit?
      You wrote it yourself just prior:
      > what he did for THE WORLD by deactivating WCry
      He messed with some probably very active NSA malware.

    2. Re:Poor Marcus by Grishnakh · · Score: 2

      Yep, I hope everyone's learned an important lesson here about doing the "right thing".

      Remember, no good deed ever goes unpunished.

      The next time you see malware about to destroy all of civilization, and you could deactivate it, don't. It's not worth it. You won't be helping yourself, and you'll end up being severely punished for your trouble.

  11. "Hutchins will be tracked by GPS" by Anonymous Coward · · Score: 0

    Are we not all being tracked by GPS or other means?
    Why is this some sort of safety measure?

  12. His name's Monday? by wonkey_monkey · · Score: 4, Funny

    Monday, the well-known security researcher

    I thought he was called Marcus.

    --
    systemd is Roko's Basilisk.
  13. You can tell a lot from pretrial stuff by Anonymous Coward · · Score: 2, Insightful

    "Hutchins will be tracked by GPS but will be allowed full internet access so he can continue to work as a security researcher"

    Sounds like they don't have much of a case, otherwise they would be screeching about how he was a flight risk and a danger to society. I'm guessing their case is something like "he developed part of the tool that was eventually used in a bank heist". Which could be like charging the manufacturer of a large drill with conspiracy because one of their drills had been used in a physical bank robbery even if they had never interacted with the actual robbers on any level.

    1. Re:You can tell a lot from pretrial stuff by BlueStrat · · Score: 1

      I'm guessing their case is something like "he developed part of the tool that was eventually used in a bank heist". Which could be like charging the manufacturer of a large drill with conspiracy because one of their drills had been used in a physical bank robbery even if they had never interacted with the actual robbers on any level.

      Very close. I think it's more like a guy buying a heavy-duty drill and hardened drill bits, and receiving generic advice about the best ways to drill through hardened steel from the owner of a hardware store, and then said guy breaks into a bank safe and robs it, and the government going after the hardware store owner as an accessory to the crime.

      And yes, I also believe Hutchins is being punished for interfering in a US TLA operation in which WCry was a part. Need to start doxing the top brass of US TLAs & LEAs to restore at least some small measure of accountability that currently does not exist.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    2. Re:You can tell a lot from pretrial stuff by Anonymous Coward · · Score: 0

      I'm guessing their case is something like "he developed part of the tool that was eventually used in a bank heist". Which could be like charging the manufacturer of a large drill with conspiracy because one of their drills had been used in a physical bank robbery even if they had never interacted with the actual robbers on any level.

      Very close. I think it's more like a guy buying a heavy-duty drill and hardened drill bits, and receiving generic advice about the best ways to drill through hardened steel from the owner of a hardware store, and then said guy breaks into a bank safe and robs it, and the government going after the hardware store owner as an accessory to the crime.

      Or perhaps, instead of guy breaking into a bank safe and robbing it, for some consideration (maybe even cash) to one of his buddies on the side, the bank safe was left unlocked... Nobody knows, but that certainly is a plausible scenario as him putting into a bank safe (seems unlikely most folks puts source code in a bank safe even figuratively, for example, have you seen the number of AWS keys in github?). Then again, no reason to assume malice when simple incompetence can explain many actions...

      And yes, I also believe Hutchins is being punished for interfering in a US TLA operation in which WCry was a part. Need to start doxing the top brass of US TLAs & LEAs to restore at least some small measure of accountability that currently does not exist.

      Strat

      Perhaps even simpler likely conspiracy is that Wcry exploited some of the same vulnerabilities as a US TLA operation... But don't let me keep your from donning your tin foil hat...

    3. Re:You can tell a lot from pretrial stuff by BlueStrat · · Score: 1

      And yes, I also believe Hutchins is being punished for interfering in a US TLA operation in which WCry was a part.

      Perhaps even simpler likely conspiracy is that Wcry exploited some of the same vulnerabilities as a US TLA operation.

      Either/or. It's a distinction without much difference.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
  14. Wait... what? by mark-t · · Score: 3, Insightful

    They are alleging that "he was the author of the code that became the Kronos malware"... even if this allegation were true, that should be entirely irrelevant if he neither authored the Kronos malware nor assisted in its distribution.... heck, by that reasoning, practically every computer programming language creator ever should be held accountable for "writing software that would eventually become malware" as well... because essentially, that's what would be amounted to by what they were saying.

    You can't justly hold an inventor of a technology accountable for how nefarious people might use it unless you can reasonably demonstrate that there was some kind of cooperation between the inventor and the people that committed the wrongdoing.

    Why not hold the parents responsible for breeding in the first place if their child grows up and becomes a murderer?

    Gawd, there are so many things wrong with this entire thing, I can barely believe that this trial is actually happening. It is just so fucked up that I don't have the words...

    --
    File under 'M' for 'Manic ranting'
    1. Re:Wait... what? by Anonymous Coward · · Score: 0

      They're alleging accessory to computer fraud and conspiracy to commit computer fraud. That he sold software on known criminal hangouts specifically for the purpose of breaking the law.

      The trial isn't about 'writing software that would eventually become malware'. This is 'you took money from criminals knowing they'd break the law with what you sold them'.

    2. Re:Wait... what? by DigiShaman · · Score: 2

      The political / legal class is deathly scared of the wizards of IT hacking.

      --
      Life is not for the lazy.
    3. Re:Wait... what? by slew · · Score: 1

      IANAL, but there is a legal thing called negligent culpability. If I sell you 2 tons of TNT, under dont-ask-dont-tell terms, and you blow up a school with it, I could be held to be negligent in my duty to attempt to determine that the customer had a legitimate use for it (even if they did end up using it to blow up a school).

      If, however, you gave me some evidence that you had a legitimate use (e.g., you wanted to ship it to a construction company that does demolition work and that company has a Dun/Bradstreet credit report at the same address), that would go a long way to show that I wasn't negligent...

      Cooperation with the buyer doesn't need to be shown, only negligence on the part of the seller.

    4. Re:Wait... what? by Anonymous Coward · · Score: 0

      Just because you sold software on "criminal" forums does not mean you knew the person(s) were criminals. A bunch of other circumstances would have to be true. A conviction of the forum entity would be necessary to call it a criminal forum (if the forum remains up that probably isn't the case). Otherwise it's slander or libel to make this claim. Then the person in question would also have to tell you they were convicted of something in the past AND for you to be told by a convincing source they were working on or going to be working on something that was illegal or who would be using it for illegal activity of some kind. Otherwise you would not knowingly be assisting in criminal activity. Generally speaking developers don't warrant their software for any particular purpose. Assisting in development of remote control functionality is not assisting in criminal activity. Nor is assisting in development of an exploit in and of itself. You must combine other factors for the developer to be assisting in a crime. For example if your asked to assist in creating malware to be used in criminal activities such as stealing credit card numbers.

    5. Re:Wait... what? by swillden · · Score: 1

      Just because you sold software on "criminal" forums does not mean you knew the person(s) were criminals.

      The legal phrase is "knew or should have known". It's not necessary that you have actual knowledge of their criminal history or plans, only that a reasonable person in your place should have known. This isn't true for all criminal statutes that involve knowledge or intent, but it is true of most.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    6. Re:Wait... what? by mark-t · · Score: 1

      That was not my initial understanding, and if that is the case, I must alter my position... if he knew, or even if he reasonably *should* have known, that the people was selling stuff to had any criminal intent, he should have walked the other way immediately. However, if he really had no practical way to know what the people he was selling it to were going to do with it, then he should not be held accountable for the consequences that they produced.

      --
      File under 'M' for 'Manic ranting'
  15. "Intent" [Re:Wait... what?] by Tablizer · · Score: 1

    Usually it comes down to "intent" to distribute malware or cause harm. It's the magic legal word. In extreme cases "gross negligence" (bigly sloppy) comes into play, but usually carries rather short sentences.

    Hillary probably avoided "gross negligence" by not being given proper training by the Department. (The "briefing" was not a full training session; otherwise it would not be called a "briefing".) The issue there seemed to be a combination of "medium" negligence by many staff members, Hillary is just one. Bunches of people should have been at least slapped with a fine in my opinion.

    --
    Table-ized A.I.
    1. Re:"Intent" [Re:Wait... what?] by HornWumpus · · Score: 1

      There was never an intent requirement in the classified information law. That was just special Clinton 'justice' applied by the Obama administration. Nobody else gets that.

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    2. Re:"Intent" [Re:Wait... what?] by Tablizer · · Score: 0

      Yes there is. It basically requires "intent" OR "gross negligence". I don't know if the word they used is actually "intent", but it's synonymous, at least as I interpreted it.

      Your alleged party bias claim is bogus.

      --
      Table-ized A.I.
    3. Re:"Intent" [Re:Wait... what?] by Anonymous Coward · · Score: 0

      It bogus to claim party bias when Obama's heir is let off of charges she is clearly guilty of, by virtue of meeting the gross negligence part ("briefings" are what informative teaching sessions are called) of the law against mishandling classified information, through the decision of the Obama Department of Justice, headed by the Obama appointed Attorney General, at the recommendation of the same person that let the Clinton's off of the Mark Rich bribery charges, said same person publicly creating a brand new law that somehow requires intent and has no section on negligence, after an investigation that broke FBI policy in not recording any meetings AND by giving immunity to all interviewees BEFORE any of them gave testimony.

      In other words, a bunch of Obama-appoint and Obama friendly political figures gathered together to make up some new rules that apply to no one else in order to let Obama's heir off the hook. That's pretty textbook party bias and whitewash of a crime, buddy.
      If that isn't, what would it take to BE party bias?

    4. Re:"Intent" [Re:Wait... what?] by Tablizer · · Score: 1

      "briefings" are what informative teaching sessions are called

      You are making that up. And, it was singular. State Dept. confirmed there was no record she attended the FORMAL class.

      --
      Table-ized A.I.
    5. Re:"Intent" [Re:Wait... what?] by Tablizer · · Score: 1

      Here's a link.

      It doesn't explain why she missed the training course(s). Normally a CEO has assistants to make sure such appointments are scheduled and kept. I wouldn't expect a CEO or equivalent to micromanage such scheduling all themselves. Therefore, the failure was a team effort. Yes, she "should have" found a way, but "should have" is not the same as "gross negligence".

      --
      Table-ized A.I.
  16. Conspiracy Theory by Anonymous Coward · · Score: 5, Insightful

    "Hutchins will be tracked by GPS but will be allowed full internet access so he can continue to work as a security researcher; the only restriction is he will no longer be allowed to access the WannaCry "sinkhole" he used to stop the outbreak of ransomware."

    That tells you everything you need to know.

    1. WannaCry used the code from the leaked NSA software.
    2. WannaCry included code that looked to check if a specified domain had been registered. If it received a response from the domain, it shut down. If not, it continued to work.
    3. The "sinkhole" domain bricked the NSA software and interfered with ongoing ops.
    4. Tracking the traffic to the "sinkhole" domain might allow you to determine which traffic was from the NSA software and which one was from the WannaCry variant thus exposing ongoing NSA ops.

    'It's not paranoia when they are really out to get you'

    1. Re:Conspiracy Theory by Anonymous Coward · · Score: 1

      Just because you're paranoid, doesn't mean they're not out to get you.
      Basically I think that this is the most likely explanation.
      NSA is pissed that he fucked with their little exploit, and this is their way of taking revenge.
      The nice thing is that his government doesn't even step in to put an end to this madness.
      Really puts things in perspective.
      Researchers should never travel to the US.

  17. Bye, bye Stack Overflow... by Anonymous Coward · · Score: 0

    By that logic, we should all stop posting code on Stack Overflow because we would all be as guilty just for simply posting code there in the first place. :-(

  18. Seems Wannacry was NSA afterall by ghoul · · Score: 1

    It was pretty suspicious that it was mostly affecting Russian banks. Seemed like a targetted attack against the Russians and now we have confirmation that the MAN has come down hard on this guy for interfering in an existing operation

    --
    **Life is too short to be serious**
  19. Will the FBI arrest the NSA next? by Anonymous Coward · · Score: 0

    The NSA also wrote software that was later used in banking hacks.

  20. Re: Now throw the book at him by KGIII · · Score: 2

    How about we establish guilt, and then debate the penalty based on culpability?

    --
    "So long and thanks for all the fish."
  21. Re: Now throw the book at him by Anonymous Coward · · Score: 0

    Nahhh, that sounds like the right thing to do. Too much work. Hang the guilty fucker, then sue his family and ruin them for 3 generation. /s

  22. Suing Microsoft by Anonymous Coward · · Score: 0

    Should sue Microsoft for enabling malware throughout the world. The lost productivity when the system go down or forced to restart for updates.

  23. Maybe he is guilty of the banking thing... by jonwil · · Score: 1

    Wouldn't be the first time someone wore both black and white hats during their career (or even both hats at the same time). Max Butler was responsible for stealing massive amounts of credit card and other personal data but was also at various points doing very much white-hat things.

  24. Alternative conferences in Europe by Vadim+Makarov · · Score: 2

    Why travel to the US while there are good security conferences in Europe? Take Chaos Communication Congress every December, or the Dutch and German summer camps that take place at around the same time as DEF CON. I've just been to SHA2017, it was large, lots of fun and some really interesting talks.

    --
    17779 eligible voters in a district, 17779 'vote' as one. This is Russia.
  25. Why doesn't the FBI arrest the NSA? by Anonymous Coward · · Score: 1

    The NSA was negligent in letting its tools be stolen, and they were used against banks.

  26. Regardless of guilt or innocence... by Anonymous Coward · · Score: 0

    Everybody has been ignoring the real point of this arrest (for those that forgot Dmititry Skylarov's case back between Defcon VIII and XII was it?)

    Defcon is not a safe venue for real hackers, whichever color hat they don. Same with Blackhat the week before.

    Future hacking conventions need to be done in a country with both no laws against it, as well as strong local law enforcement to deter kidnapping of suspects from the convention.