
FBI arrests author of NanoCore after it was pirated and abused by hackers - djug
http://www.thedailybeast.com/articles/2017/03/31/fbi-arrests-hacker-who-hacked-no-one.html
======
zaroth
I can only hope they actually find a smoking gun implicating Taylor as a true
conspirator in this case. Because the picture painted by the article puts a
whole new meaning on 'chilling effect'.

Did he pick the wrong place to advertise his code? HackForum could just have
easily been Hacker News. According to the article Taylor actively worked to
defend against malicious use of his software; deactivating accounts he found
were using the software to launch attacks, and eventually removing
functionality like password scraping and keylogging which ultimately proved
too alluring to black hats.

The tool has _obvious_ non-infringing use. That it can also be used
maliciously cannot be a factor. If NanoCore is a criminal conspiracy, I'd hate
to think what the FBI thinks of Metasploit or Tor.

The article puts forward a good theory for how the FBI might have found
themselves in this position. They are used to barging into these guys houses,
crawling through all their equipment, and finding actual evidence of collusion
with black hats. They are used to pressing these guys to turn state's witness
and in the past it's worked out great when a trusted malware provider landed
them 100 convictions. I am shocked, _shocked_ let me tell you, the FBI would,
upon not finding any real evidence of a conspiracy, press on with charges
against a sole developer with $60,000 to their name.

Taylor Huddleston might not exactly be Aaron Swartz, but if the truth is
anything like how The Daily Beast is telling it, Taylor is going to need a lot
of help and a lot of support to get through this, and I hope he gets it.

~~~
Strom
You say that _the tool has obvious non-infringing use_ and the article claims
that _security experts who have examined NanoCore say there’s nothing in the
code to disprove Huddleston’s claim that he intended it for lawful use_.

I looked at a youtube video of NanoCore [1] and it's immediately obvious that
all of the above is bullshit. This is just a modern version of Sub7. [2]

Some features that NanoCore offers:

* Disable webcam indicator light

* Lock computer with a password of your choosing and show a message on the computer. The youtuber says it's for ransom.

* Swap mouse button functions

* Open CD tray

* Keylogger

* Extract passwords of various applications

* Send SYN floods from all your controlled computers

What exactly is the legitimate use of disabling the webcam indicator remotely?
Combine this with the fact that NanoCore was originally launched on HackForums
and I'd say this is a slam dunk case of a tool being purpose built for illegal
activity.

Now whether someone should be held accountable for building such tools without
using it themselves is an interesting question. However please don't try to
act like this tool was built for anything other than malicious activity.

\--

[1]
[https://www.youtube.com/watch?v=J1uzu6hzSQQ](https://www.youtube.com/watch?v=J1uzu6hzSQQ)

[2] [https://en.wikipedia.org/wiki/Sub7](https://en.wikipedia.org/wiki/Sub7)

~~~
syshum
>>Disable webcam indicator light

Schools and corporation do this all the time for theft Reaction (take a photo
of the thief with out them knowing), it is a feature they want, Some Schools
have gotten in trouble for turning it on and catching children in the rooms

>Lock computer with a password of your choosing and show a message on the
computer. The youtuber says it's for ransom.

Again, legitimate Theft Reaction

> Swap mouse button functions ..Open CD tray

Is that malicious, really. Enough for jail time

>* Keylogger

Plenty of Corporations have keyloggers on their systems, some corporations
even go as far as 24/7 keylogging and screen recording while the system is on.

>>* Send SYN floods from all your controlled computers

That one you may have a case for... the rest all have legit purposes used
today by Enterprises worldwide

~~~
tptacek
Can you name a major corporation that does "24/7 keylogging"?

~~~
homulilly
I don't know about major corporations but smaller businesses or government
institutions (such as my old highschool) use stuff like this.

~~~
WillyOnWheels
I hope high schools like that keep getting sued.

Also really glad I'm not in high school anymore.

[http://www.pcmag.com/article2/0,2817,2386599,00.asp](http://www.pcmag.com/article2/0,2817,2386599,00.asp)

------
kriro
I generally think it's crazy to hold someone responsible for the software they
wrote, even if it has no theoretical "good use". The person using the software
should be responsible. That being said it's even crazier if there is a
legitimate use (network monitor etc.) which seems to be the case here. Where
exactly do you draw the line? If an attacker uses Windows or Linux...is that
evil software. If they phish with some mail-tool is that evil software etc.
etc.

~~~
soverance
I mean, there is such a thing as ethics. A programmer writing software with
malicious intent or with the explicit purpose to defraud, undermine, or
otherwise harm another person and/or their property should absolutely be held
responsible for the code they write.

~~~
clavalle
The code or the actions?

I'm all for holding people accountable for bad actions but I don't think that
writing code is enough of to show intent to harm.

~~~
emodendroket
I don't know if it's that simple -- if I print out fake dollar bills it'll
probably be treated differently if I sell them as movie props than if I sell
them as counterfeit money you could pass off as real.

~~~
kahrkunne
If the printed money is identical? No, you'd be treated the same for both.

If you're talking about different bills then your analogy obviously doesn't
apply.

~~~
emodendroket
Are you sure about that? [http://www.omaha.com/townnews/crime/prop-money-used-
in-movie...](http://www.omaha.com/townnews/crime/prop-money-used-in-movies-
among-counterfeit-bills-passed-
around/article_aa328426-e1c7-11e6-a011-7fa4f1f37370.html)

> Owning prop money in itself is not a crime. But it's a crime if people try
> to pass the prop bills off as real money, said Capt. Jim Duering of the
> Grand Island Police Department.

Seems like the same principle would apply if you were selling it for the
purpose of enabling fraud.

~~~
lawtguy
You're not allowed to print fake money that looks like too much like real
money. See [https://www.marketplace.org/2015/03/10/business/tricky-
busin...](https://www.marketplace.org/2015/03/10/business/tricky-business-
behind-fake-hollywood-money).

From the article: "Essentially what this law says is that bills must be either
75% smaller than or 150% larger than the size of a real bill and one color,
one side."

So printing fake money could be a crime even if you don't attempt to pass it
as real.

------
miduil
The tool he developed is called NanoCore. Licences were sold for $25. Below
[0] is the latest wayback mirror. Sadly the "Terms of Services" didn't got
archived.

Quote from the website, section "Remote Surveillance":

[...] remote surveillance via Remote Desktop, Remote Webcam, and Audio feeds.
[...] file and process surveillance.

I wonder how many legit use-cases for such a tool are out there. Not everyone
wants to use Teamviewer, and for example lthe feature with remote task manager
seem to be useful for debugging/support. Though, a google search for
"[https://nanocore.io/Download.rar"](https://nanocore.io/Download.rar")
reveals another picture [1]. Also why is the rar-archive "protected" with a
passphrase (hovering "Download" reveals "Password: NanoCore")?

[0]
[https://web.archive.org/web/20170315201655/https://nanocore....](https://web.archive.org/web/20170315201655/https://nanocore.io/)

[1]
[https://encrypted.google.com/search?hl=en&q=https%3A%2F%2Fna...](https://encrypted.google.com/search?hl=en&q=https%3A%2F%2Fnanocore.io%2FDownload.rar)

*Edit: Formatting

~~~
Mithaldu
> Also why is the rar-archive "protected" with a passphrase

Many AV suites recognize common and innocuous things in code as viruses (e.g.
compression, heavily used in demoscene production). Putting a password on
prevents the AV from scanning the file and blocking it outright.

~~~
theandrewbailey
I've lost count of how many 4k and 64k intros have disappeared from my
collection.

~~~
speeder
Once I made the mistake of using demo-related tools to craft my own gamedev
tools and engines... (for example using kkrunchy to pack my stuff).

One day I decided to isntall anti-virus and... whoooops, everything was nuked
(the AV deleted without asking permission, didn't even bothered with
quarantine).

And back then I had no source control...

------
eternalban
Congratulations to the FBI for borrowing a page from the handbook of the
mullocracy of Islamic Republic of Iran.

[https://en.wikipedia.org/wiki/Saeed_Malekpour](https://en.wikipedia.org/wiki/Saeed_Malekpour)

(Have you noted dear reader that thugs act and look the same no matter where
they are from?)

------
arca_vorago
Seeing how many people here are defending the FBI really makes me question if
HN is still the place it used to be and if it is a place that I want to
continue in. I have noticed a large increase here in apeasers of totalitarian
approaches to software and hardware over the last few years.

What ever happend to the hacker spirit of freedom of knowledge, information,
data, and the ability to write and read code as you see fit? I still see an
agreement on GPLv3 now and then, but HN is increasingly seeming more infected
by silicon valley business types who want to pretend to be hackers and don't
understand or subscribe to the core concepts that enabled the computing
revolution in the first place.

~~~
someguydave
There is definitely a spirit of "have the state come and rescue us from
ourselves" here in HN and it is getting worse.

------
jakobegger
“It’s like saying that if someone buys a handgun and uses it to rob a liquor
store, that the handgun manufacturer is complicit.”

I think that's a good analogy.

~~~
gingerbread-man
Gun manufacturers are _explicitly immune_ from liability for the actions of
their consumers, under the federal Protection of Lawful Commerce in Arms Act.

en.m.wikipedia.org/wiki/Protection_of_Lawful_Commerce_in_Arms_Act

~~~
degenerate
The only reason this became law is because so many people _tried_ going after
the gun manufacturers.

With all the terror attacks in Europe using trucks as weapons, people might
start going after the truck manufacturers. Then the EU will pass some law
saying truck manufacturers are not responsible for people using them as
weapons.

Cause and effect. It's sad, but some people try to blame the existence of the
weapons. As if anything can't be a weapon! You can pick up a rock and attack
with deadly force. Who do you sue then? God? This law exists because some
people will always try to shift the blame.

~~~
atemerev
The EU will not pass the truck-related law, because it is not how law works in
the EU.

In the US (common law) high-profile cases and precedents are the source of the
law. This brings more power to the people, but also makes the legal system
infinitely more complicated.

In the EU, we have civil law, which relies on first principles and lawmakers
authority to interpret existing laws, with much less attention given to
individual cases. This simplifies the law and filters away some insane legal
tests like this one, at the cost of giving more legal power to the government
and less to the people.

Both systems have their pros and cons, of course.

~~~
vsl
Right. That's why the Comission is already, after ONE case, proclaiming that
it is unacceptable that WhatsApp encrypted with no police access, and they are
going to prepare a directive to address it. Your view of EU is idealistic and
at odds with how it really works.

------
tyingq
Guess he should have marketed it to law enforcement and state spy agencies.
They buy this sort of stuff all the time.

------
iraklism
This is crazy. A vast majority of people working in my industry (infosec, most
of us write tools that can be used for good/bad) should be behind bars if you
follow that logic.

------
lwlml
So, when is the FBI going to arrest the distributors of Kali Linux or Linus
Torvalds, the head of a massive association of associates who create and
support the defacto operating system of hacking that Kali is built upon?

Sometimes I think it might be better to not be in the technology industry
where outsiders can only see what you do as magic and declare you "A Witch!"
and come at you with rakes, pitchforks and BearCats.

~~~
jmcdiesel
If Linus were advertising and supporting his software on a forum with a heavy
focus on non-ethical hacking, that might be an apt analogy.

He made the app for unethical purposes... his advertising in said forums is a
clear indicator of that. Lets not rally being people who are actively trying
to reduce security on the web...

~~~
SolarNet
Linux is advertised all the time on a site called Hacker News. This isn’t only
"hacking" in the innocent "innovative coding" sense of the word. The
participants in this particular forum regularly discuss computer intrusion,
some academically, others practically.

(sarcastic variation of a similar sentence from the article)

------
efdee
He's using vertical-align and flex-direction. Arrest him!

~~~
constantlm
Yay one other person saw that. :D

------
Sujan
If that's all that is to the story: Poor guy.

Could have been me, wouldn't I have gotten a slap on the wrist when I was 16.
That made me leave the "hacker forums" and go into another direction.

~~~
pgrote
What happened to you?

~~~
Sujan
Ahem... Spent too much time in these circles, doing what people do there. Some
of it not really legal. Authorities noticed, took my hardware and told me hat
I maybe should think hard about going back there. Got new hardware and changed
course.

~~~
smrtinsert
Mr. Anderson...

------
yAnonymous
We should mass-report RATs like TeamViewer to the FBI. It's not fair that some
get a taste of democracy and others don't.

~~~
TACIXAT
I used to do malware analysis. We should also report MS Office macro
functionality, AutoIT, Metasploit, and VNC. Maybe go after RSA too for crypto
used in ransom ware.

If this goes through it will set a horrible precedent. While I wouldn't be too
happy having certain software classified as cyber arms, if that's what needed
to happen to get the same protections as weapon manufacturers, so be it.

------
tptacek
Reprising a Lobste.rs comment:

I pulled the indictment from PACER. The story is oversimplifying the case.

The indictment is far more concerned with Huddleston’s affiliation with
Zachary Shames, who was convicted (apparently dead-to-rights) for selling a
keylogger called “Limitless”. The indictment mentions Limitless more than it
mentions NanoCore. Shames wasn’t very smart: the DOJ has records of him
providing tech support to users who were clearly using his keylogger to harm
people.

Huddleston has two big problems. The first is that he sold licensing software
to Shames for the Limitless keylogger. The second is that the DOJ apparently
has Huddleston and Shames in a Skype group together talking about this stuff.

The Beast article snarks about the indictment mentioning HackForums
repeatedly. But the Beast article doesn’t think it’s important for you to know
about the HackForums Skype group Huddleston and Shames shared; in fact, Shames
himself gets only a tiny sliver of the article, despite being the fulcrum of
the indictment.

RAT software theoretically has legitimate uses. But, obviously, we all know
that most RAT software isn’t legitimate. NanoCore sure wasn’t. It has a DDoS
botnet tab, for Christ’s sake. Huddleston’s attempts to position it as
legitimate software are about as compelling as the “no copyright claimed”
comments on a Youtube video.

But having said that: it’s unlikely Huddleston would be in the amount of
trouble he is in had he simply written a malicious RAT. His problems are his
connections to a criminal conspiracy that got busted.

~~~
kup0
Yes, I wish tech news organizations would actually have provided the whole
story. Thank you for this additional information (both in regards to Zachary
and the DDoS Botnet tab in NanoCore) as having those facts paints this
situation in a much different light.

------
tobltobs
This is a case where the German legislation did surpass US laws in stupidity.
In Germany there is the so called Hackerparagraph § 202c which provides for
the procurement and distribution of access codes to access protected data, as
well as the production and use of tools which are useful for this purpose as a
criminal offense.

I am astonished by the amount of comments here who do believe that this kind
of legal proceeding against software tools would help to improve security. Do
you really want to live in a world where you have to hide a nmap CD somewhere
in your backyard. And no, that is not another situation, as it impossible to
draw a line.

------
nichj
If this goes though, can we sure car, knife, and anything else manufacturers?
They sometimes use shady lots to sell cars, don't tell me everything about the
car, and I can run someone over. Many people die each year from cars! This
case might be precident...

~~~
dragonwriter
> If this goes though, can we sure car, knife, and anything else
> manufacturers?

Suing (and sometimes winning, more to the point) manufacturers and retailers
who profit from unlawful acts of their customers knowingly, and often with
reason that they should have known, is already possible under the law.

More than 20 years ago when I worked at Radio Shack the employee orientation
included a piece on this.

------
a_c
Reminds me sometime ago there was a post on HN from the author of
shadowsock[1] about being prosecuted/arrested by chinese authority.

Maybe one day one could be arrested by making keyboards or phone screen. Who
knows

[1] shadowsocks.org

~~~
madez
> Maybe one day one could be arrested by making keyboards or phone screen. Who
> knows

Only if the keyboards and screens don't send their data to the authorities.

------
beaconstudios
trying to sell dual-use RAT software on hack forums and calling it legitimate
business seems like riding the line. As the article says, you're not going to
find corporate IT managers on that site. Seems like the guy was knowingly
selling to hackers and then crying foul when he "discovered" they were using
it for hacking and disabling the license.

~~~
paulv
Not hard to imagine that a kid on a hacker forum grows up & gets a tech job.
Today's hack forum user is tomorrow's corporate IT professional.

~~~
beaconstudios
yeah, but once you're a corporate IT professional you don't go back to the
blackhat hacking and scamming forum to pick up some software for administering
your network. Suggesting that the majority of customers for such software on
such a forum are legitimate is a leap.

------
TazeTSchnitzel
> Hacker who hacked no-one

Okay, what did they do, then?

> Made software abused by hackers

Oh, that's unfortunate. It was just a legitimate exploit tool, right?

> RAT

Okay, that's a _potentially_ legitimate type of software—

> advertised on HackForums

…the case pretty much writes itself. Nobody who has heard of that site can
claim with a straight face that software marketed there has innocent intent.

The article is sympathetic and argues the author had innocent intentions.
Perhaps that's the case, but the problem is that it would be very difficult to
persuade people of that, given that someone who in truth did have malintent
might act exactly the same (e.g. the disclaimers attached to other such
hacking tools).

~~~
syshum
>>>The article is sympathetic and argues the author had innocent intentions.
Perhaps that's the case, but the problem is that it would be very difficult to
persuade people of that

So you support the idea of Guilty until proven innocent, combined with Guilt
by Association. What a terrible combo

Most people believe it is up to government (or anyone making the claim it was
not for legit use) to prove their claim, it is not up to the defendant to
prove they had innocent intentions.

~~~
TazeTSchnitzel
> So you support the idea of Guilty until proven innocent, combined with Guilt
> by Association.

Do I? I'm not saying they're automatically guilty.

~~~
syshum
No you say he has to prove he made the tool for legit purposes.. that is
guilty until proven innocent

You have assumed he has malicious intent, and have shifted the burden of proof
on to the defendant to disprove your claim

------
TehCorwiz
IBM participated in apartheid[0] in South Africa, providing hardware and
software to the government to run the passbook system which enabled widespread
racial profiling. They have yet to be held accountable[1], despite having
participated directly.

Say what you will about the author of NanoCore, he participated in the
supposed crimes less than IBM did in apartheid.

[0]: [http://www-cs-
students.stanford.edu/~cale/cs201/apartheid.co...](http://www-cs-
students.stanford.edu/~cale/cs201/apartheid.comp.html) [1]:
[http://hrp.law.harvard.edu/areas-of-focus/previous-areas-
of-...](http://hrp.law.harvard.edu/areas-of-focus/previous-areas-of-focus/in-
re-south-african-apartheid-litigation/)

------
dmix
This trial might be a good thing ultimately to set good laws. Similar to the
times they tried to sue tobacco companies and gun manufacturers for the deaths
of people. Those cases rightfully died in court and set precedents to block
future wasteful cases.

Even using the gun analogy this wasn't even selling a full gun just a part of
one - as this tool is useless in isolation in terms of hacking - and probably
one of the easiest parts of hacking. Getting access is typically the expensive
risky part.

There's a far better case against zero days being sold but even that has
plenty of legitimate use cases for red teaming. But it's still closer to
selling loaded guns and needs to be carefully sold, not so much with this
case, just from a social good perspective not even regulations (which I think
are a bad idea, such as the one regulating zero days in europe).

It's just too bad this guy has to go through hell for this cause. Hopefully he
sets up a legal donation page to get the best team he can. Gun/tobacco
companies typically have legal teams. This is just a small time ISV, so this
still makes me very upset it's being done to such a vulnerable person, which
could very likely create bad laws.

------
danschumann
The real question is: if someone makes a product that deliberately makes it
easier to break the law, is he guilty in breaking the law, or complicit?
Deliberate is the key word in this case. Complicity depends on knowledge of
what they're doing. I think perhaps criminal negligence is all he could be
charged with, but I don't know. Sounds like he wasn't an angel, but not
totally dubious either, based on how he advertised the product and what it
actually did.

Makes me wonder though, the software developed by pen-testers could be stolen
and used for nefarious purposes. Do the pen-testers get held responsible for
everything they do?

Or are we judging based on this individual's spirit? He wanted to make money,
so he enabled bad people to do bad things, advertising on bad sites. Even
though this article is framing it like he was an angel because SJWs need fake
news to feel like heroes?

~~~
Vendan
As a pen tester, I largely use open source and "nefarious derived" software...

------
jmcdiesel
Not to fault him for lying through his teeth... you gotta defend yourself...

But he is lying. He supported and advertised the software on an unethical
hacking site. Thats extremely clear intent, on his part... hes hosed, and he
deserves it. Why people here are standing up for unethical hacking is...
beyond me...

~~~
mindcrime
"unethical" <> "illegal". And even if he did violate some bogus statutory
bullshit posing as "law", hackers (of all stripes) should be supporting him
because of the precedent setting effect, and the chilling effect, of holding
software makers liable for the actions of downstream users of that software.
This is not a path we want to start down.

~~~
jmcdiesel
I want people who make software designed to do harm to be held accountable.
Since he promoted and supported it in a place focused on harmful hacking, his
intent was very clear. Him being held accountable is a good precedent to set.

~~~
mindcrime
_I want people who make software designed to do harm to be held accountable_

I don't. I want people who cause harm to be held accountable. I _might_ barely
buy your position IF the software had ONLY "non legitimate" uses, but that's
clearly not the case here.

------
hackermailman
The uT was sentenced to prison for writing software he didn't use either (TJ
Maxx theft), they just used chat logs to prove he was part of a conspiracy and
I'm sure FBI probably has similar PMs from this guy replying to potential
customers or informants "proving" conspiracy.

------
tomjen3
And at the same time, on this very website, we see social scientists saying
that "we are losing the information war". No wonder, when institutions behave
like that why should we have any trust in them?

Of course when you're used to people trusting and obeying you, it becomes so
natural that you stop thinking about it. That's a problem for you, and the
rest of us, the day it no longer happens.

That day is getting closer and closer, thanks to idiots like the FBI officers
in the article. For a lot of people it is already too late. In a world where
you can choose your news, people make up their minds at most once on a subject
and then they are set for life — and they will have an effect on the opinions
of their family and friends, which will do further harm to the trust in your
institution.

------
Jazgot
Just wondering when they will start arresting knife manufacturers?

~~~
jmcdiesel
If knife manufacturers are promoting and supporting their product on a forum
devoted to the illegal use of knives... they probably could (and should)

------
mekazu
Would it be illegal to write say an excellent grepping or sorting tool that I
really want someone to use as part of a criminal activity, even if it had
heaps of other uses?

~~~
Tepix
FBI is claiming if you sell your grep tool via a site called HackForums, it
is.

~~~
AndrewOMartin
Would HackerNews be an acceptably named place to drum up some publicity?
Politicians know that difference between Hacker and Cracker, right? ;)

~~~
uxp
Hacker News is operated by a VC firm, and most articles talk about new
technology and how to monetize it.

HackForums is a place to talk about cracking software, distributing unwanted
malware, and other generic "skiddie" stuff. Like the article says, it's shades
lighter than the "dark web", and there are probably dozens of legitimate
reasons to visit that place, but the vast majority of people there are looking
for means to circumvent permissions/licensing/trust on other computers or
someone else's software.

Hell, Ansible is a great RAT. It logs onto my servers, installs software,
reconfigures settings, restarts crashed services. It can handle a network of
thousands of boxes at a time. It's just not marketed as something that can
turn on the webcam of a user, hide from antivirus software, and silently let a
disgruntled creep keep tabs on their ex's bedroom.

------
wodencafe
So why isn't the FBI knocking at Bill Gates' door, for facilitating hacking,
spyware and botnets with the Windows Operating System?

~~~
salesguy222
Of course I'm assuming you asked this question rhetorically, but I really feel
the answer is worth stating explicitly :)

Bill Gates is an extremely rich and politically connected individual.
Technicalities rarely apply to them.

To be arrested as a massively wealthy individual, you need to be committing
crimes on the scale of Madoff, Enron, or murder with a weapon other than a
drone :)

~~~
wodencafe
Unfortunately this is true.

Massive wealth disparity has created different classes of people, including an
Elite class, the wealthiest, who are treated like royalty.

~~~
salesguy222
Couldn't agree more, my friend.

What will be even scarier and chilling is when they find a way to either fine,
imprison, sue us for libel, or impugn us for pointing out their crimes using
our freedom of speech! :)

------
woliveirajr
Remembers me some virus that existed back in 1998, more or less, that would
allow you to take control of some computer, see the screen, open CD-ROM, and
so on.

It was used as a base for some softwares that would replace VNC or some kind
of remote management for Windows (when Microsoft solution was too expensive or
too poor)

~~~
TorKlingberg
Are you thinking of NetBus?
[https://en.wikipedia.org/wiki/NetBus](https://en.wikipedia.org/wiki/NetBus)

~~~
woliveirajr
Perfect, I couldn't remember the name. Thanks!

Some people say that a management suite developed in Brazil was made by taking
the code and refactoring it. Indeed, some functions at that time were quite
similar.

And it was a great product, helped a lot at the company I worked at. Don't
know if it's still that good, but surely I would recomend it back those days.

------
joshstrange
> “It’s like saying that if someone buys a handgun and uses it to rob a liquor
> store, that the handgun manufacturer is complicit.”

Except it's really more like someone stealing a handgun and then using it to
rob a liquor store, and then blaming the handgun manufacturer.

------
danschumann
If someone uses a hammer to bludgeon, then is the hammer maker responsible?
No. I thought people suing gun companies solved this, saying the manufacturer
is NOT responsible!

------
mindcrime
This is so much bullshit. Here's hoping the EFF and others can come to his
aid. Anybody know if there's anywhere to contribute to his legal defense fund?

------
sGatling1788
Pirated implies proprietary software. Lesson: anything that is even remotely
related to security should be written as open source.

------
kutkloon7
This week in the US: stupidity keeps prevailing.

------
mankash666
I don't get it. Building a road doesn't make you an accomplice to crime, if a
criminal happens to drive on it

~~~
Strom
Intent matters. Roads aren't built with the intent of facilitating crime. A
firearm is a better comparsion, because it's built with the intent to kill.
Indeed this is the defense route that many are choosing here for this app.
However there's an additional problem, in that this app was originally
launched on HackForums, where the author also frequents. HackForums is a
cesspool of criminals, so while there are some legitimate use cases that can
be conjured up for this app, none of those legitimate users would visit
HackForums.

~~~
sGatling1788
The gun analogy is good but shouldn't there be more than just intent?
Otherwise, a gun-owner merely frequenting a section of town known for crime
activity would suffice as "intent".

------
binarynate
I like how the code included in the graphic is CSS, as if he is at large for
hideous styles.

------
kalekold
Do we hold manufacturers of guns responsible for the people who use them?

~~~
Jtsummers
Potentially, if they deliberately sold to criminals with knowledge (or a
situation where they _should_ have known) that the weapons would be used for
criminal activity (as a primary purpose).

However, this case seems a bit complex (though the article is pretty biased in
making its case, but I'll take it at face value). The guy was dumb (my
opinion) to sell it on the forum he did, but he did (apparently) make efforts
to prevent its use for criminal purposes. But selling on a forum where one of
the primary discussion channels is _about_ criminal hacking, it should've been
obvious that was a bad place to advertise this tool.

~~~
beardog
Not really disagreeing, but if I start a gun shop in a bad neighborhood (and
then naturally a higher % of my customers will be more criminal in nature)
does that make me liable?

~~~
Jtsummers
Potentially, if you have knowledge of their intended use for the weapons. You
likely won't know, or can put yourself in a position where you can plead
ignorance (meet at least the legal standards for sales with background checks
and such).

You have no obligation to sell in the first place. If a man comes in talking
about their intent to shoot up a place, and then comes to you at the counter
and asks to buy a gun, you can always turn him away. That's not likely to
happen, but that's essentially what happened on the forums. People discussed
how to (with malicious intent) hack other computers, and then purchased this
guy's software (or pirated it). Now, again per the article, he tried to
prevent that use (which is why I say in this case he seems to be just dumb),
but it's still a highly questionable group of people to sell _and advertise_
to.

------
ge96
Just a guy wearing a hoodie on a computer in a Starbucks. ha joking

------
barking
What's the legitimate use for remote keylogging?

~~~
soylentcola
Parents keeping an eye on their kids, schools monitoring students, small
offices keeping an eye on staff, etc.

That's my guess at least.

~~~
barking
Those uses of keylogging are about as legitimate as hidden cameras in hotel
bedrooms, imo.

~~~
clavalle
If the bedroom was in the middle of an office, maybe.

------
thweealc
Does anyone know if this kid has a defense fund?

------
puppycodes
scary... but also lol at the css in the background image

------
ykler
Whatever you think about this case, the article is written in a deceptive way.
For the first half of the article, you are told that he is being prosecuted
for making a tool that was used by hackers against his intentions. But then
you find out that that is just his side of the story. According to the feds,
his intention was to help people commit crimes. And they have a pretty good
reason to suspect that this was his intention in that he announced the
software on a site for hackers.

~~~
NotSammyHagar
Oh no, a website for hackers. is hacker news a website for hackers, how about
slashdot? If you are responsible for what people use your software for, even
when you actively tell people not to do that, then it should also be true for
guns, alchol (kids drink your bud beer, so arrest budweiser execs?).

This is one of those fundamental questions, similar to do you own physical
devices or just run the software on them, like the tractors. It should be you
aren't responsible for what people do with your software, if there is any
legimiate use. The prosecutorial power of the us govt is very large, and they
can coerce people to plead guilty to crimes where they weren't really
responsible.

~~~
paulajohnson
The article makes it pretty clear that this was "hack" in the criminal sense.
The nature of the forum is a question of fact, and it sounds like the
prosecution will have no difficulty in showing that lawbreaking was a major
topic of conversation. With "Hacker News" on the other hand the hypothetical
defense could easily demonstrate that it was for "hack" in the positive sense.
Dictionaries routinely list both senses of the word.

~~~
NotSammyHagar
Perhaps the forums he sold it in were focused on illegal activity, it was
mixed in the article. But lets get back to this forum - I am sure that there
is discussion of how to subvert drm on hacker news (search far enough and
you'll see it), and that's illegal. So if you were on trial and they used your
posting on hacker news against you, they'd definitely call it "evil scary bad
hacker news".

------
campuscodi
Oh. Look at the pretentious press trying to make a criminal look innocent.
This guy knew exactly what he was doing. Trust me.

