Slashdot Mirror

← Back to Stories (view on slashdot.org)

Marcus Hutchins' Code Used In Malware May Have Come From GitHub (itwire.com)

Posted by EditorDavid on from the grabbing-from-GitHub dept.

troublemaker_23 quotes ITWire: A security researcher says code has been discovered that was written by British hacker Marcus Hutchins that was apparently 'borrowed' by the creator of the banking trojan Kronos. The researcher, known as Hasherezade, posted a tweet identifying the code that had been taken from Hutchins' repository on GitHub.
Hasherezade also found a 2015 tweet where a then-20-year-old Hutchins first announces he's discovered the hooking engine he wrote for his own blog -- being used in a malware sample. ("This is why we can't have nice things," Hutchins jokes.) Hasherezade analyzed Kronos's code and concluded "the author has a prior knowledge in implementing malware solutions... The level of precision lead us to the hypothesis, that Kronos is the work of a mature developer, rather than an experimenting youngster."

Monday on Twitter Hutchins posted that "I'm still on trial, still not allowed to go home, still on house arrest; but now I am allowed online. Will get my computers back soon."

21 of 52 comments (clear)

  1. Re:Negligence by freeze128 · · Score: 2

    No, he's innocent until proven criminally negligent.

  2. Re:Negligence by K.+S.+Kyosuke · · Score: 1

    That makes zero sense. Criminally negligent on basis of what?

    --
    Ezekiel 23:20
  3. Re:Negligence by Anonymous Coward · · Score: 1

    Nothing.. Nothing but innocently writing potentially malicious code can get you in trouble. Welcome to "america"! Land of the (not so) free! (We beat all the world in jail population!!)

  4. Re:Negligence by stevez67 · · Score: 1

    Actually, what he did was more like planning the robbery, made that plan accessible to others, then acted surprised that someone used his plan to rob the bank.

  5. so by symes · · Score: 3

    Smith and Wesson have an awful lot to answer for then.

    1. Re:so by burtosis · · Score: 1

      Smith and Wesson have an awful lot to answer for then.

      Absolutely not! They are a beloved company, a first class citizen. Not a second class 99% citizen nor a *shudders* European. My $0.02 is they fry him anyhow, facts be dammed.

  6. Re:Negligence by svanheulen · · Score: 5, Interesting

    Not at all. There are plenty of legitimate uses for function hooking outside of malware. I know for a fact that the Windows driver for my audio card does it. And there are tons of examples of hooking code that predate his examples. Including Microsoft's own Detours: https://www.microsoft.com/en-us/research/project/detours/

  7. Reasonable doubt by Martin+S. · · Score: 3, Insightful

    If the code existed before on a public resource, it clearly raises a reasonable doubt.

    1. Re:Reasonable doubt by Zero__Kelvin · · Score: 1

      You put the word "Speculation" in the wrong spot in your post. It should have been at the beginning, preceded only by the word "fantastical".

      --
      Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  8. Of course it was . . . by sgt_doom · · Score: 1

    This is the FBI, fer crissakes! The guys who were deeply, deeply penetrated by the Chinese military intelligence during the Clinton/Bush administrations (and are probably still in control). And then there is this: https://www.wired.com/2016/02/... http://www.cnn.com/2016/02/08/... http://fortune.com/2016/02/09/...

  9. Intercept is the basis for all kinds of OS aids by Anonymous Coward · · Score: 4, Insightful

    The code is code for a service intercept. Those can be tricky to get right, but are used in all manner of system enhancements, are not primarily useful for malware at all.
    Intercept code I have used in the past:
    * Added time, place, privilege level, and called-by-code conditions to file accesses
    * Allowed file open to alter the running priority of processes
    * Allowed failed access for some of the above to optionally open a different file, transparently
    * Allowed files stored on backing storage (tape, network, disk, compressed files) to transparently appear local and present (or to be migrated to such storage)
    * Allowed file extension or creation that would use space to trigger "get space" processes
    * Allowed user mode undelete operations
    * Allowed control of storage space use to minimize storage fragmentation
    * Allowed controls based on access rate

    These and more useful kinds of extensions are among things that can be implemented with an intercept. Not one of these has anything to do with malware.

    So kindly stop and think a bit before claiming the code was done to help malware function.

    1. Re:Intercept is the basis for all kinds of OS aids by PmanAce · · Score: 1

      If you have access to your code, why do you need to create a service intercept when you could change your own code? All that you have written is possible to write without an intercept service, unless you were modifying something not meant to be modified...

      --
      Tired of my customary (Score:1)
  10. Re:Negligence by Anonymous Coward · · Score: 1

    or because someone robbed a bank and was able to get away from the police even after they used spike strips, because they used run flat tires, and then they charged the inventor of run flat tires with being the robber when they couldn't find the actual robber.

    or suing the inventor of the pogo stick because someone used one to beat someone to death.

  11. Re: Negligence by Anonymous Coward · · Score: 1

    Obviously you dont know what a hooking engine is. These pieces of code can be used in many things. It was not written for malware. Are we gonna say the creators of python programming language is responsible everytime someone sends malicious scripts to the interpreter?

  12. Terrorist == does security && ! governmen by Anonymous Coward · · Score: 1

    I'd love to go to America to visit yellow stone... but this kinda shit puts me off. Massive jails and anyone vaguely doing computer security is a criminal unless in top secret government 3 letter agency.

  13. Finally! by Gravis+Zero · · Score: 1

    It's about time we get some GPL'd malware! ;)

    --
    Anons need not reply. Questions end with a question mark.
  14. Re:Negligence by F.Ultra · · Score: 1

    Hardly, he designed a new bumper. Some one later built a car, used his design for the bumper and used the car in a robbery.

  15. still not allowed to go home, still on house arres by h33t+l4x0r · · Score: 1

    Wait, he's on house arrest in someone else's house?

  16. Re:Negligence by gweihir · · Score: 1

    Publishing hooking code (which is in no way, for or shape illegal and has perfectly legal uses). This is just the US police state thinking is does not even need to bother understanding the facts before trying to destroy somebodies life.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  17. Re:Negligence by gweihir · · Score: 1

    Not in the least. This is hooking code, not attack code.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  18. Re:Negligence by K.+S.+Kyosuke · · Score: 1

    The whole thing goes waaay back.

    --
    Ezekiel 23:20