
Researcher Who Stopped WannaCry Pleads Not Guilty to Creating Banking Malware - runesoerensen
https://motherboard.vice.com/en_us/article/evvn8k/malwaretech-marcus-hutchins-not-guilty-plea
======
rhizome
A little additional insight from Emptywheel:
[https://www.emptywheel.net/2017/08/14/government-changes-
its...](https://www.emptywheel.net/2017/08/14/government-changes-its-tune-
about-malwaretech/)

------
unquietcode
The war against security researchers continues to dismay, and it always feels
like the boot of the man showing up to put the intellectuals in their place.

~~~
shallot_router
The US government doesn't have a good track record with security researchers,
but in this case the allegation is that he intentionally developed banking
malware and knowingly sold it to people who would use it to commit fraud.

This isn't exactly some Orwellian crackdown on anyone who dare play with
malware or malicious infrastructure. The allegation is far beyond what any
white or even gray hat researcher would ever do. Of course, the allegations
may be completely false, but let's at least make sure we're all talking about
the same thing.

~~~
jtl999
I doubt that if he was a serious criminal that created and USED said banking
malware for a fraud, and the FBI clearly had victim impact statements, that he
would get such a lenient set of bail conditions.

The longer this case goes on the stranger it gets.

My current working theory is that the FBI was investigating the Kronos
malware, caught one of the developers and/or sellers and they knew he was
working with someone, but not who, and this redacted person didn't like
MalwareTech for any myriad of reasons so he claimed, as an informant that the
other developer was MalwareTech.

Like I said, just a theory. I could be wrong and we haven't seen the FBI's
evidence.

~~~
eridius
> _On August 4, in a hearing in Las Vegas, the prosecution said that Hutchins
> had admitted "that he was the author of the code that became the Kronos
> malware" when he spoke to FBI agents._

~~~
jtl999
Admitted in what context?

Notice the "became the Kronos malware". It's entirely possible Kronos used
MalwareTech's open source PoC's of rootkits and other things, he knew, and was
asked about it and but without the guidance of a lawyer said: "Sure. I wrote
TinyXPB." or similar.

Concerning for sure.

~~~
eridius
Yeah, context is very important. I just posted that as a reply to

> _My current working theory is that the FBI was investigating the Kronos
> malware, caught one of the developers and /or sellers and they knew he was
> working with someone, but not who, and this redacted person didn't like
> MalwareTech for any myriad of reasons so he claimed, as an informant that
> the other developer was MalwareTech._

