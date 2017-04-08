Should The FBI Have Arrested 'The Hacker Who Hacked No One'? (thedailybeast.com) 83
Last week The Daily Beast ran an article about the FBI's arrest of "the hacker who hacked no one." In December they'd arrested 26-year-old Taylor Huddleston, "the author of a remote administration tool, or RAT, called NanoCore that happens to be popular with hackers." It's been "linked to intrusions in at least 10 countries," reported Kevin Poulsen, but "as Huddleston sees it, he's a victim himself -- hackers have been pirating his program for years and using it to commit crimes."Mark Rumold, senior staff attorney at the EFF, tells Krebs "I don't read the government's complaint as making the case that selling some type of RAT is illegal, and if that were the case I think we would be very interested in this." Also skeptical is Allison Nixon, director of security research for New York City-based security firm Flashpoint. "Huddleston can claim the DRM is to prevent cybercrime, but realistically speaking the DRM is part of the payment system -- to prevent people from pirating the software or initiating a Paypal chargeback." Krebs writes:
The article quotes Huddleston's lawyer, as well as a Cornell law professor who warns of the "chilling effect" of its implications on programmers. But it also says security experts who examined the software are "inherently skeptical" of Huddleston's claim that the software was intended for legal use, since that's "a common claim amongst RAT authors." Security researcher Brian Krebs also sees "a more complex and nuanced picture" after "a closer look at the government's side of the story -- as well as public postings left behind by the accused and his alleged accomplices."
Nixon, a researcher who has spent countless hours profiling hackers and activities on Hackforums, said selling the NanoCore RAT on Hackforums and simultaneously scolding people for using it to illegally spy on people "could at best be seen as the actions of the most naive software developer on the Earth. In the greater context of his role as the money man for Limitless Keylogger, it does raise questions about how sincere his anti-cybercrime stance really is."
And of course, the FBI's complaint also notes that the software was promoted on HackForums.net. The Daily Beast says Huddleston eventually realized "it was a terrible place to launch a legitimate remote administration tool. There aren't a lot of corporate procurement officers on HackForums," adding that at first Huddleston handed off the business, "while continuing to develop the code as an 'advisor' in exchange for 60 percent of every sale."
Slashdot reader Highdude702 believes Huddleston's arrest "is an outrage, and is a push too far, also in the wrong direction," calling it "the story of a script kiddie gone big time...arrested for being an accomplice to a crime committed by people he had never met, let alone knew well enough to commit crimes with."
"I didn't murder someone" is a very commonly used claim among those who don't murder people. Would that "raise skepticism" and make one a target for a murder investigation? I don't think so. This is a chilling-effect arrest. They know this guy didn't hack someone, they're just trying to make the tool-makers lives harder because the tools can be used for no good.
Time to arrest the manufacturers of trucks that are used to plow into civilians, hey?
Almost every "hacking tool" has a beneficial use.
Exactly. It exposes known vulnerabilities (at least to the author). Shutting these people down is just another form of security through obscurity.
Do you arrest Glock cause someone was murdered with one of the pistols they made? What about Louisville Slugger cause someone was beaten with one of their baseball bats? How about Ford cause one of their cars was used to run someone down? Arresting the creator of a tool because of how it is being misused by others is highly questionable in any circumstance. I think most of the civilised world would agree that the responsibility for the use of such a tool in all the listed cases is on the person who used it
Do you arrest Glock cause someone was murdered with one of the pistols they made?
Yes, if Glock ran commercial ads stating their products were most and solely useful for murder and no other uses, they would likely be arrested or at least charged with crimes.
It would be difficult to make the claim that Glocks handgun products have any other purpose than injuring or killing people. Handguns are mostly worthless as a means of hunting either for food or sport. The simple fact is that handguns are made to kill. I think it is a perfect analogy to the tools this person made. Whether Glock advertises it that way or not, they are what they are.
Given that, I have to agree with the original sentiment. The maker of a tool, no matter how evil the perceived usages of the to
Handguns are mostly worthless as a means of hunting either for food or sport. The simple fact is that handguns are made to kill.
Some thoughts on the above:
1. Apparently "hunting" is not "killing" in your lexicon?
2. Some handguns (though none I can think of made by Glock) are indeed used for hunting. This is what cartridges like
.500S&W and .454Casull are for. I have friends who take deer or boar with them.
3. There are other shooting sports beside hunting. Glocks appear quite frequently in some of them.
4. Some handguns are made specifically for the purpose of punching holes in paper or knocking over steel plates, rather than f
Trafficking in circumvention measures is illegal (Score:3, Interesting)
Well.. as outrageous as the OP makes it sounds, you actually don't need to "hack" someone to break the law.
There are lots of laws out there. For starters, trafficking in software or devices which circumvent security measures is often illegal. "Using" said device isn't necessary to run afoul of the law.
The DMCA has strong anti-circumvention language for example. Other countries have similar laws.
That doesn't make it immoral. This is a case of opportunists making use of bad laws they likely lobbied for.
So if we prove gun makers true intentions they get to go to prison for murder?
Probably as an 'accessory to a crime' or 'aiding and abetting.' The legal system has been able to deal with this problem for a long time. If the bullet manufacturers intentions can be proven, they will likely go to jail, too.
Of course that's an unlikely scenario.
Sadly, as the song goes, "first they came for the murders, but I didn't say anything because I wasn't a murderer...",
Um, no actually, I actively cheer them on for catching murderers because I strongly believe murderers shouldn't be allowed free in society. I don't know what weird ideology you have that believes otherwise.
BS - This is thoughtcrime (Score:2)
If this person is guilty of developing a remote admin tool, then so are the developers of SSH, Citrix Desktop developers, Microsoft Remote Desktop developers, VMware developers, VNC developers, Oracle SGD developers, Apple remote control services, and any other remote admin tool or tool that could be used for remote admin. All of those tools are developed to avoid people seeing what you are doing, all are configurable ports to avoid detection, etc.. Ask any developer or security expert if those tools can
Like tax preparation software. (Score:1)
People like you are the reason big government inevitably becomes tyrannical.
I will put it upon you to read this [wikipedia.org] before reacting so hastily.
I'm not sure it matters. Such arguments are made quite a bit these days and deserve critical responses, if not for the benefit of the troll who likely knows better, then for those who read his comments.
I'm not sure it matters. Such arguments are made quite a bit these days and deserve critical responses, if not for the benefit of the troll who likely knows better, then for those who read his comments.
Be honest now - did you really think AC was trolling, rather than simply using sarcasm to make his point? Or did you just type so fast that your comment outpaced that whooshing sound?
Around here? I give it 50/50.
Hacking tools do not hack, it is people that hack. (Score:1)
I would be happy if he went to jail ONLY IF executives of arms manufacturing also went to jail for killing people. Otherwise hacking tools do not hack, it is people that hack.
It's an outrage... (Score:2, Informative)
...everytime the media kneejerkingly supports the bad guys!
.On or about November 21,2013, HUDDLESTON caused an activation email to be sent to a customer who had purchased the Limitless key logger, knowing that individual intended to use the Limitless key logger for the purpose of committing unlawful and unauthorized computer intrusions. 'The email contained the license serial code and instructions for how to download and activate the keylogger.
Guy is toast and rightly so.
Good post - insightful and informative.
Note that this is a different scenario than the hypothetical question asked in the article/summary. The key is "knowing that individual intended to use the Limitless key logger for the purpose of committing unlawful and unauthorized computer intrusions". This is the standard FBI quasi-entrapment operation.
In my opinion, no tool should be illegal to make or sell as long as some legal use is possible, however improbable. Selling it to someone after you know that they
And if your keylog session lasts for more than four hours seek immediate help from a legal professional?
This 'blame chain game' inevitably leads to unchecked witch hunting. Do we blame Toyota for bank robberies when one of their cars are used? No. Do we blame Intel when one of their cpus is used in a 'hacking' crime? No. This is no different.
It's a sad day when this kind of thing has to be explained to someone who reads a site like slashdot.
Stop embarrassing yourself and read the comment I replied to. RAT is not a bomb.
He even marketed his sofware to them directly, knowing for what purpose they intended to use it.
That's the central question, right? If the government can prove he knew, then he'll go to jail. If they can't, he'll probably go free.
So? Was he caught spearfishing with it? Someone still has to decide to and then use his tool unlawfully. Arrest those people. I'd rather these easy-to-use tools are made and distributed because they highlight the vulnerabilities (software and policy) required to get them installed. Software vendors and governments don't want them highlighted, the former because of image and the latter because they hoard them as munitions. Neither attitude is beneficial.
The last thing society should do is depend on law and
What are they charging him with? (Score:1)
“During the course of the conspiracy, Huddleston received over 25,000 payments via PayPal from Net Seal customers. As part of the conspiracy, Huddleston provided Shames with access to his Net Seal licensing software in order to assist Shames in the distribution of his Limitless keylogger. In exchange, Shames made at least one thousand payments via PayPal to Huddleston.”
Conspiring to commit a crime is not free speech..
simple answer (Score:4, Interesting)
Are gun manufacturers held responsible for deaths caused by their products ? I guess you know the answer now
Gun manufacturers are not guilty of the same crime as this person: the crime of not being wealthy.
Do gun manufacturers hang out on "home invaders" forums touting their wares...?
Overreaction... (Score:2)
Real vs. Imaginary Threats... (Score:1)
When I asserted my First and Second Amendment rights in a Slashdot discussion, some asshat went on and on and on for six weeks about how I threatened to shoot him. Never mind that neither amendment gave me a right to shoot him and I was using named account with a link to my website that even the dumbest FBI agent could figure out who I was. The asshat later claimed that I was bullying him by writing up a blog post and posting the link (see below) when he was just "joking" about the false accusation that I t
In fact your weird over-reaction is surely why the guy replies to you,,,
The blog post came a month after the asshat started hounding me on Slashdot. I think he stopped going after me because I kept posting my blog link to every comment he made to me — and thanking him for the increased ad revenues.
,,,just the way the weird kid in 9th grade gets made fun of too.
I graduated from the eighth grade, skipped high school, went to community college, and got kicked out of the university in my first year for playing too much Magic: The Gathering card game into the wee hours. So I don't know what happens in high school. Everyone in college beh
Why is his RAT necessary? (Score:2)
ssh/putty and RDP handle linux/unix/bsd and Windows remote administration perfectly well. The major difference is that you can't set up an sshd/putty/RDP server on your machine by clicking on an email attachment. Question... what legitimate use-cases are there which ssh/putty/RDP don't handle?
Pen testing is a legitimate use. If it's possible to create such a tool then it's necessary for security operatives to use such tools to treat the effects they would have when penetrating a particular network's security.
Ramp up the Volume (Score:1)
