Security Researcher who stopped Wannacry detained in the US

alias454alias454 Member Posts: 648 ■■■■□□□□□□
“I do not seek answers, but rather to understand the question.”

Comments

  • ITSec14ITSec14 Member Posts: 398 ■■■□□□□□□□
    "We would like to offer you a job at the FBI"
  • markulousmarkulous Member Posts: 2,394 ■■■■■■■■□□
    Yeah, I've followed him on Twitter for a while and he's had good info. He's not guilty yet, so I'll reserve judgement until I hear more.
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    I doubt it's to "offer him a job", there are far more effective methods recruiting talent. It may be entirely possible that he's analyzing malware by day and writing it by night. He will not be the first person that played both sides of the field.
    Still searching for the corner in a round room.
  • ITSec14ITSec14 Member Posts: 398 ■■■□□□□□□□
    TechGromit wrote: »
    I doubt it's to "offer him a job", there are far more effective methods recruiting talent. It may be entirely possible that he's analyzing malware by day and writing it by night. He will not be the first person that played both sides of the field.

    I'm not saying it's probable, but I'm also not saying it's improbable lol. China and North Korea have vast numbers of people trying to hack us everyday, why not capture a few of the baddies and convince them to work for our government? That movie Catch Me if You Can is a good example.
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    Read somewhere that it was related to him creating and spreading Kronos malware.


    Indictment here: https://www.documentcloud.org/documents/3912520-Marcus-Hutchinson-Indictment.html
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    cyberguypr wrote: »
    Read somewhere that it was related to him creating and spreading Kronos malware.

    Ha!, I called it. Just read it on CNN tech Page, seems like a pretty common situation. Ultra smart nerd gets into cyber crime, wises up get into business, gets nailed later for mistakes of the past.
    Still searching for the corner in a round room.
  • wastedtimewastedtime Member Posts: 586 ■■■■□□□□□□
    While I reserve judgement I would like to point out some information:

    - The indictment is related to Kronos malware and he was picked up yesterday.

    - Today between 1500 and 1515 today all three WannaCry bitcoin wallets were emptied. That is within 36 hours of when they picked him up.

    - The Indictment was written up on the 12th of July. WannaCry was still fairly new at that time and they wouldn't have been able to collect all the info by then. This looks like it may have been based mostly off of alphabay info which probably wouldn't have had anything about WannaCry.

    - WannaCry starts wrecking havoc and who is the first one on it?

    Again, not saying he did it but it doesn't look good to me.
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    I never suggested he had anything to do with Wannacry as far as creating / profiting from it. He may be a Wannacry hero, but that doesn't get him a get out of jail free card for creating less well known malware and releasing it to the world. I could write all the malware I want, or counterfeit currency for that matter, so long as I don't release it on the internet / networks i don't own, or try to exchange my counterfeit money for goods and services, than I didn't violate any laws.
    Still searching for the corner in a round room.
  • ITSec14ITSec14 Member Posts: 398 ■■■□□□□□□□
    TechGromit wrote: »
    I never suggested he had anything to do with Wannacry as far as creating / profiting from it. He may be a Wannacry hero, but that doesn't get him a get out of jail free card for creating less well known malware and releasing it to the world. I could write all the malware I want, or counterfeit currency for that matter, so long as I don't release it on the internet / networks i don't own, or try to exchange my counterfeit money for goods and services, than I didn't violate any laws.

    I wouldn't want to find out the possible consequences of that scenario lol. The way I see it...writing malicious code could be enough to charge someone with intent. It's probably not likely, but under this administration you never know.
  • BlucodexBlucodex Member Posts: 430 ■■■■□□□□□□
    Yikes. If he's innocent he's still doing 1+ years in jail awaiting trial.
  • BlucodexBlucodex Member Posts: 430 ■■■■□□□□□□
    ITSec14 wrote: »
    I wouldn't want to find out the possible consequences of that scenario lol. The way I see it...writing malicious code could be enough to charge someone with intent. It's probably not likely, but under this administration you never know.

    A security researcher writing malicious code, what are the oddds! Despite the injustices at the local level I would like to think the FBI only charges when they have some concrete evidence of intent.
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    Trusting FBI? Two words: Ruby Ridge.
  • blatiniblatini Member Posts: 285
    Blucodex wrote: »
    Yikes. If he's innocent he's still doing 1+ years in jail awaiting trial.

    If he gets the trial in a year he would be very lucky.
  • BlucodexBlucodex Member Posts: 430 ■■■■□□□□□□
    cyberguypr wrote: »
    Trusting FBI? Two words: Ruby Ridge.

    Right, even if they were/are guilty to do all that over some shotguns 1" too short....
  • scaredoftestsscaredoftests Mod Posts: 2,780 Mod
    payback's a *****
    Never let your fear decide your fate....
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    Blucodex wrote: »
    Yikes. If he's innocent he's still doing 1+ years in jail awaiting trial.

    Don't see why he wouldn't make bail, just take his passport preventing him from leaving the country. With the type of job he has, he can work from anywhere, his employer can send him a password protected zip of potential malware to analyze.
    Still searching for the corner in a round room.
  • ITSec14ITSec14 Member Posts: 398 ■■■□□□□□□□
    Blucodex wrote: »
    A security researcher writing malicious code, what are the oddds! Despite the injustices at the local level I would like to think the FBI only charges when they have some concrete evidence of intent.

    We would all like to think that. I'm sure federal law enforcement does a lot of good, but they have crossed the line plenty of times too.
  • alias454alias454 Member Posts: 648 ■■■■□□□□□□
    It seems he will be able to post bail but will be required to live in some kind of halfway house in Wisconsin. His passport will be held and his use of computers is revoked until this is over.

    https://www.theregister.co.uk/2017/08/04/marcus_hutchins_wannacry_kronos_court_bail/
    https://www.facebook.com/jdcrunchman/posts/10155841447539416

    @cyberguypr I was expecting two different words ;)
    “I do not seek answers, but rather to understand the question.”
  • GeekyChickGeekyChick Member Posts: 323 ■■■■□□□□□□
    I imagine he will get out of prison time by securing a deal to work with the FBI. He's probably wishing he never came to the USA.
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    alias454 wrote: »
    .... his use of computers is revoked until this is over.

    Don't agree with this, how can they deny someone from making a living until the trial? Isn't he innocent until proven guilty? I can see restricting his use of computers if he's convicted, as part of parole after prison, but to deny someone access to computers when it's required to perform his job is unfair, what's he suppose to do get a job at Walmart till his trial date?
    Still searching for the corner in a round room.
  • thomas_thomas_ Member Posts: 1,012 ■■■■■■■■□□
    The article alias linked to said he wasn't supposed to use the internet. What the actual restriction is, I have no idea. I suppose he could bill himself out as a malware consultant without actually touching a computer. I think Kevin Mitnick had an assistant do all of his email for him when he was restricted from using computers.

    In practice everyone is guilty until proven innocent...

    Consulting/independent contracting might be the only legal way to gain employment. I don't think they have a special work visa for non-US citizens who have their passports revoked and are forced to stay in the country indefinitely or maybe they do...who knows?
  • EagerDinosaurEagerDinosaur Member Posts: 114
    The Kronos software is alleged to have been sold in 2015. Perhaps he's a bit of a poacher-turned-gamekeeper, but the poaching he did a couple of years ago is catching up with him. I imagine black-hat lifestyle rapidly becomes less attractive and more risky as a person moves from their teens into their twenties.
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    GeekyChick wrote: »
    I imagine he will get out of prison time by securing a deal to work with the FBI.

    The days of avoiding prison time by working for the FBI are long over when it comes to hacking. It was once possible to work out such a deal in the early days of computer crime, but there more than enough expertise now in the FBI, today, computer crime equals prison.
    Still searching for the corner in a round room.
  • DatabaseHeadDatabaseHead Member Posts: 2,754 ■■■■■■■■■■
    TechGromit wrote: »
    I doubt it's to "offer him a job", there are far more effective methods recruiting talent. It may be entirely possible that he's analyzing malware by day and writing it by night. He will not be the first person that played both sides of the field.

    Precisely

    Remember the old school fuzz busters made by Bell? Didn't they also make the radar guns themselves?
  • TheFORCETheFORCE Member Posts: 2,297 ■■■■■■■■□□
    Interesting investigation by Kerbs on Security tieing past activity on hack forums to real identity.

    https://krebsonsecurity.com/2017/09/who-is-marcus-hutchins/
Sign In or Register to comment.