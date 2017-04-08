Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Should The FBI Have Arrested 'The Hacker Who Hacked No One'?

Posted by EditorDavid
Last week The Daily Beast ran an article about the FBI's arrest of "the hacker who hacked no one." In December they'd arrested 26-year-old Taylor Huddleston, "the author of a remote administration tool, or RAT, called NanoCore that happens to be popular with hackers." It's been "linked to intrusions in at least 10 countries," reported Kevin Poulsen, but "as Huddleston sees it, he's a victim himself -- hackers have been pirating his program for years and using it to commit crimes."

The article quotes Huddleston's lawyer, as well as a Cornell law professor who warns of the "chilling effect" of its implications on programmers. But it also says security experts who examined the software are "inherently skeptical" of Huddleston's claim that the software was intended for legal use, since that's "a common claim amongst RAT authors." Security researcher Brian Krebs also sees "a more complex and nuanced picture" after "a closer look at the government's side of the story -- as well as public postings left behind by the accused and his alleged accomplices."

Mark Rumold, senior staff attorney at the EFF, tells Krebs "I don't read the government's complaint as making the case that selling some type of RAT is illegal, and if that were the case I think we would be very interested in this." Also skeptical is Allison Nixon, director of security research for New York City-based security firm Flashpoint. "Huddleston can claim the DRM is to prevent cybercrime, but realistically speaking the DRM is part of the payment system -- to prevent people from pirating the software or initiating a Paypal chargeback." Krebs writes:

Nixon, a researcher who has spent countless hours profiling hackers and activities on Hackforums, said selling the NanoCore RAT on Hackforums and simultaneously scolding people for using it to illegally spy on people "could at best be seen as the actions of the most naive software developer on the Earth. In the greater context of his role as the money man for Limitless Keylogger, it does raise questions about how sincere his anti-cybercrime stance really is."

And of course, the FBI's complaint also notes that the software was promoted on HackForums.net. The Daily Beast says Huddleston eventually realized "it was a terrible place to launch a legitimate remote administration tool. There aren't a lot of corporate procurement officers on HackForums," adding that at first Huddleston handed off the business, "while continuing to develop the code as an 'advisor' in exchange for 60 percent of every sale."

Slashdot reader Highdude702 believes Huddleston's arrest "is an outrage, and is a push too far, also in the wrong direction," calling it "the story of a script kiddie gone big time...arrested for being an accomplice to a crime committed by people he had never met, let alone knew well enough to commit crimes with."

What do Slashdot's readers think?

  • commonly used claim? (Score:1)

    by Anonymous Coward

    "I didn't murder someone" is a very commonly used claim among those who don't murder people. Would that "raise skepticism" and make one a target for a murder investigation? I don't think so. This is a chilling-effect arrest. They know this guy didn't hack someone, they're just trying to make the tool-makers lives harder because the tools can be used for no good.

  • Trafficking in circumvention measures is illegal (Score:2, Interesting)

    by Anonymous Coward

    Well.. as outrageous as the OP makes it sounds, you actually don't need to "hack" someone to break the law.

    There are lots of laws out there. For starters, trafficking in software or devices which circumvent security measures is often illegal. "Using" said device isn't necessary to run afoul of the law.

    The DMCA has strong anti-circumvention language for example. Other countries have similar laws.

    • Re: (Score:3)

      by epyT-R ( 613989 )

      That doesn't make it immoral. This is a case of opportunists making use of bad laws they likely lobbied for.

  • RAT is just like TurboTax. Each has an intended purpose (Remote Administration / Tax Filing). Each can be used by criminals (unauthorized system administration for ransom / filing another person's taxes for refund). Poor business decisions about where to promote your product for maximum intended purpose sales is not a crime. Improper use of the product is a crime.

  • I would be happy if he went to jail ONLY IF executives of arms manufacturing also went to jail for killing people. Otherwise hacking tools do not hack, it is people that hack.

  • It's an outrage... (Score:1)

    by Anonymous Coward

    ...everytime the media kneejerkingly supports the bad guys!

    .On or about November 21,2013, HUDDLESTON caused an activation email to be sent to a customer who had purchased the Limitless key logger, knowing that individual intended to use the Limitless key logger for the purpose of committing unlawful and unauthorized computer intrusions. 'The email contained the license serial code and instructions for how to download and activate the keylogger.

    Guy is toast and rightly so.

  • This seems like an open and shut free speech case to me. Unless he gets a crap jury. I'd like to see us do away with those The occasional legit jury nullification isn't worth all the people wrongly convicted because they're not personable enough to stand in front of a jury

  • Are gun manufacturers held responsible for deaths caused by their products ? I guess you know the answer now

    • Gun manufacturers are not guilty of the same crime as this person: the crime of not being wealthy.

  • My first instinct was to say 'no' before I had even read the summary based on the argument that if this guy should be arrested for making a legal admin tool that's been misused by hackers then the CEO of Beechcraft should be arrested because his planes are used to run drugs as well as passengers and legal cargo. However, it then occurred to me that even the evil trinity of Donald Trump, Steve Bannon and Mitch McConnell could not have turned the FBI into the holy inquisition this quickly. There must be more

