Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
The Courts Crime Privacy Security United States

Researcher Who Stopped WannaCry Pleads Not Guilty to Creating Banking Malware (vice.com) 71

Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Monday, the well-known security researcher who became famous after helping to stop the destructive WannaCry ransomware outbreak pleaded "not guilty" to creating software that would later become banking malware. Marcus Hutchins -- better known by his online nickname MalwareTech -- was arrested in early August in Las Vegas after the hacking conference Def Con. The US government accuses Hutchins of writing software in 2014 that would later become the banking malware Kronos. After getting out on bail and traveling to Milwaukee, he stood in front a judge on Monday for his arraignment. Prosecutors also allege he helped a still unknown co-defendant market and sell Kronos. Hutchins's lawyer Brian Klein declared in a packed courtroom in Milwaukee that Hutchins was "not guilty" of six charges related to the alleged creation and distribution of malware. Hutchins will be allowed to travel to Los Angeles, where he will live while he awaits trial. He will also be represented by Marcia Hoffman, formerly of the Electronic Frontier Foundation. Under the terms of his release, Hutchins will be tracked by GPS but will be allowed full internet access so he can continue to work as a security researcher; the only restriction is he will no longer be allowed to access the WannaCry "sinkhole" he used to stop the outbreak of ransomware.
This discussion has been archived. No new comments can be posted.

Researcher Who Stopped WannaCry Pleads Not Guilty to Creating Banking Malware

Comments Filter:
  • Fishy (Score:3, Interesting)

    by Anonymous Coward on Monday August 14, 2017 @11:54AM (#55008615)

    This is very fishy.....

    • That's the first word I had in mind... And when it smells sh** and looks like sh**, chances are that it is sh**.

      Is WannaCry an inside job?
    • It was pretty suspicious that it was mostly affecting Russian banks. Seemed like a targetted attack against the Russians and now we have confirmation that the MAN has come down hard on this guy for interfering in an existing operation

  • by johnjones ( 14274 )

    get arrested, well thats a way to incentivise Canadian conferences...

    • by borcharc ( 56372 ) *

      Sadly Canada takes a less the friendly view to American visitors. Something like 17-20% of Americana has been convicted of driving under the influence making them ineligible for entry into Canada. The overwhelming majority of these cases are misdemeanor offenses. Felony DUI is a fairly rare and serious crime, but Canada treats misdemeanor offenders of this type as ineligible felons. That is of course unless you pay a fine to Canada to demonstrate you have been rehabilitated. What amounts to international do

      • by Mashiki ( 184564 )

        Felony DUI is a fairly rare and serious crime, but Canada treats misdemeanor offenders of this type as ineligible felons

        That's because in Canada it's considered an I/O or indictable offence, or felony for you americans. In canada only the feds can have felony law, and it's universally applied across the country. It's not double jepordy though, you were never tried under Canuck law.

      • Sadly Canada takes a less the friendly view to American visitors. Something like 17-20% of Americana has been convicted of driving under the influence making them ineligible for entry into Canada. The overwhelming majority of these cases are misdemeanor offenses. Felony DUI is a fairly rare and serious crime, but Canada treats misdemeanor offenders of this type as ineligible felons.

        The US is only marginally better. Official US government policy is that one DUI isn't a problem for visitors, but 2 or more can get your entry denied. Conviction on any drug offense is grounds for denying admission, although potential visitors do have the ability to ask for a waiver in advance. As always, there are no guarantees that a waiver will be given if applied for.

  • Expected regardless (Score:5, Interesting)

    by s.petry ( 762400 ) on Monday August 14, 2017 @11:58AM (#55008671)

    I would have expected this plea regardless of facts. I can't wait to read more on this as it becomes available. Right now, we have speculation on one side and little except the indictment on the other.

    Needs way more information to start making informed opinions.

    • by Anonymous Coward

      More information is needed for an informed opinion but I'll still make a guess that the NSA is pissed that he stopped their malware from working.

    • by Anonymous Coward

      I like your generic statement. You can pretty much post this anywhere involving a court case.

  • by Unknown User ( 4795349 ) on Monday August 14, 2017 @12:13PM (#55008815)
    This looks like one of those cases when someone was not fully willing to 'cooperate' with certain people and then the FBI is 'tipped off' with some very bogus evidence. I'm speculating, of course, but anyway that's how it looks to me.
    • It could well be true evidence, but something that was obtained illegally. We have the fruit of the poisonous vine/tree metaphor [wikipedia.org] that covers that a person could be completely guilty of something, but that the government had no legal cause to gather that evidence or acted outright illegally in obtaining it. Of course the government agencies are typically good enough at parallel construction so that this isn't always a problem. It will be interesting to follow, but I won't be surprised if he violated some str
  • by Anonymous Coward

    I wonder if he stopped or interfered with an NSA false-flag and is being pinned for it...

  • He should have taken a little drive north while he was in Milwaukee and then he could have fought extradition while living at home in the UK.

    • by LostOne ( 51301 )

      I doubt that would have worked out. That "little drive north" would be into Canada, which is most definitely not the UK. (Canada is an independent nation with its own laws and policies, believe it or not.) There's no guarantee he would be allowed in to Canada. (UK citizens are refused entry all the time.) If the CBSA folks are aware of the bail conditions, there's a good chance that would be reason to turn him back. Of course, he could try walking across the border and avoiding the border stations, but that

  • I can't believe he's being treated this way. You'd think that after what he did for THE WORLD by deactivating WCry, they'd let him go.. but nooooo they have to throw him in a courtroom and try to convict him of ... what? Writing malware that never touched an American computer and that he never executed? What is this shit?
    • Re: (Score:3, Interesting)

      by Anonymous Coward

      > What is this shit?
      You wrote it yourself just prior:
      > what he did for THE WORLD by deactivating WCry
      He messed with some probably very active NSA malware.

    • Yep, I hope everyone's learned an important lesson here about doing the "right thing".

      Remember, no good deed ever goes unpunished.

      The next time you see malware about to destroy all of civilization, and you could deactivate it, don't. It's not worth it. You won't be helping yourself, and you'll end up being severely punished for your trouble.

  • by wonkey_monkey ( 2592601 ) on Monday August 14, 2017 @12:58PM (#55009281) Homepage

    Monday, the well-known security researcher

    I thought he was called Marcus.

  • by Anonymous Coward

    "Hutchins will be tracked by GPS but will be allowed full internet access so he can continue to work as a security researcher"

    Sounds like they don't have much of a case, otherwise they would be screeching about how he was a flight risk and a danger to society. I'm guessing their case is something like "he developed part of the tool that was eventually used in a bank heist". Which could be like charging the manufacturer of a large drill with conspiracy because one of their drills had been used in a physica

    • I'm guessing their case is something like "he developed part of the tool that was eventually used in a bank heist". Which could be like charging the manufacturer of a large drill with conspiracy because one of their drills had been used in a physical bank robbery even if they had never interacted with the actual robbers on any level.

      Very close. I think it's more like a guy buying a heavy-duty drill and hardened drill bits, and receiving generic advice about the best ways to drill through hardened steel from the owner of a hardware store, and then said guy breaks into a bank safe and robs it, and the government going after the hardware store owner as an accessory to the crime.

      And yes, I also believe Hutchins is being punished for interfering in a US TLA operation in which WCry was a part. Need to start doxing the top brass of US TLAs

  • Wait... what? (Score:4, Insightful)

    by mark-t ( 151149 ) <[moc.talfdren] [ta] [tkram]> on Monday August 14, 2017 @01:35PM (#55009685) Journal

    They are alleging that "he was the author of the code that became the Kronos malware"... even if this allegation were true, that should be entirely irrelevant if he neither authored the Kronos malware nor assisted in its distribution.... heck, by that reasoning, practically every computer programming language creator ever should be held accountable for "writing software that would eventually become malware" as well... because essentially, that's what would be amounted to by what they were saying.

    You can't justly hold an inventor of a technology accountable for how nefarious people might use it unless you can reasonably demonstrate that there was some kind of cooperation between the inventor and the people that committed the wrongdoing.

    Why not hold the parents responsible for breeding in the first place if their child grows up and becomes a murderer?

    Gawd, there are so many things wrong with this entire thing, I can barely believe that this trial is actually happening. It is just so fucked up that I don't have the words...

    • Usually it comes down to "intent" to distribute malware or cause harm. It's the magic legal word. In extreme cases "gross negligence" (bigly sloppy) comes into play, but usually carries rather short sentences.

      Hillary probably avoided "gross negligence" by not being given proper training by the Department. (The "briefing" was not a full training session; otherwise it would not be called a "briefing".) The issue there seemed to be a combination of "medium" negligence by many staff members, Hillary is just one

      • There was never an intent requirement in the classified information law. That was just special Clinton 'justice' applied by the Obama administration. Nobody else gets that.

    • The political / legal class is deathly scared of the wizards of IT hacking.

    • by slew ( 2918 )

      IANAL, but there is a legal thing called negligent culpability. If I sell you 2 tons of TNT, under dont-ask-dont-tell terms, and you blow up a school with it, I could be held to be negligent in my duty to attempt to determine that the customer had a legitimate use for it (even if they did end up using it to blow up a school).

      If, however, you gave me some evidence that you had a legitimate use (e.g., you wanted to ship it to a construction company that does demolition work and that company has a Dun/Bradstr

  • Conspiracy Theory (Score:5, Insightful)

    by Anonymous Coward on Monday August 14, 2017 @02:48PM (#55010329)

    "Hutchins will be tracked by GPS but will be allowed full internet access so he can continue to work as a security researcher; the only restriction is he will no longer be allowed to access the WannaCry "sinkhole" he used to stop the outbreak of ransomware."

    That tells you everything you need to know.

    1. WannaCry used the code from the leaked NSA software.
    2. WannaCry included code that looked to check if a specified domain had been registered. If it received a response from the domain, it shut down. If not, it continued to work.
    3. The "sinkhole" domain bricked the NSA software and interfered with ongoing ops.
    4. Tracking the traffic to the "sinkhole" domain might allow you to determine which traffic was from the NSA software and which one was from the WannaCry variant thus exposing ongoing NSA ops.

    'It's not paranoia when they are really out to get you'

    • by Anonymous Coward

      Just because you're paranoid, doesn't mean they're not out to get you.
      Basically I think that this is the most likely explanation.
      NSA is pissed that he fucked with their little exploit, and this is their way of taking revenge.
      The nice thing is that his government doesn't even step in to put an end to this madness.
      Really puts things in perspective.
      Researchers should never travel to the US.

  • Wouldn't be the first time someone wore both black and white hats during their career (or even both hats at the same time). Max Butler was responsible for stealing massive amounts of credit card and other personal data but was also at various points doing very much white-hat things.

  • Why travel to the US while there are good security conferences in Europe? Take Chaos Communication Congress [wikipedia.org] every December, or the Dutch and German summer camps that take place at around the same time as DEF CON. I've just been to SHA2017 [sha2017.org], it was large, lots of fun and some really interesting talks.

  • by Anonymous Coward

    The NSA was negligent in letting its tools be stolen, and they were used against banks.

Civilization, as we know it, will end sometime this evening. See SYSNOTE tomorrow for more information.

Working...