
Confessions of Marcus Hutchins, the hacker who stopped the WannaCry attack - superwayne
https://www.wired.com/story/confessions-marcus-hutchins-hacker-who-saved-the-internet/
======
thoughtstheseus
Marcus - thanks for stopping WannaCry. Be well.

------
Aissen
It's a long piece, and quite interesting. Thanks for sharing @Malwaretech.

~~~
Twisell
Yeah this piece is especially long, interesting and nuanced.

If only people could take time to actually read it before reacting with
simplistic and pre-existing opinions that would be awesome.

------
WrtCdEvrydy
It's interesting to see how trusting another criminal with your address opens
you up to serious blackmail... maybe I should set up a PO Box for Bitcoin
business :)

------
korethr
I cringed when it came to describing how he'd try to tell the FBI half truth.
Even if they hadn't had enough evidence to get him for his involvement in the
Kronos malware, they'd still throw the lying to a Fed charge at him.

------
voska
If you fellow HN'ers feel as compelled to thank Marcus as much as I did, I
recommend supporting his Patreon:

[https://www.patreon.com/MalwareTech/](https://www.patreon.com/MalwareTech/)

------
seesawtron
This was a long and yet one of the most interesting reads from WIRED I have
seen in a long time.

------
killswitched
Why wouldn’t the wannacry malware writers register the domain first? Should be
possible to simply update the name servers or dns records should the kill
switch need to be engaged?

~~~
derrikcurran
Perhaps it wasn't a kill switch but rather a way to exempt certain
organizations or countries from the effects of the malware.

------
C1sc0cat
Ah that explains his tweet this morning

------
pfundstein
This is a bit over the top. He is not a master hacker who "saved the
Internet"; He _accidentally_ neutered WannaCry by registering a domain he
found in the binary, which as it turned out, acted as a kill switch.

~~~
DyslexicAtheist
> He accidentally neutered

he did not "accidentally neuter WannaCry". He stopped WannaCry by registering
the kill-switch domain. Nothing accidental about that.

> He is not a master hacker

he is a kid. what makes his experience interesting, and his story worth
listening to is that he had first-hand experience with the legal system as a
hacker that went too far (because he is/was a kid). that is worth more than
the arm-chair analysis of law (by wannabe skript kiddies and theoretical
security experts).

~~~
wizzwizz4
He didn't know it was the kill-switch domain. He expected it would _enable_
him to kill the malware, though, and was trying to figure out how to send the
kill command before it turned out that simply sitting a server behind the
domain was enough to kill it.

~~~
Jestar342
What a pointlessly flippant argument. Hutchins discovered, and engaged, the
WannaCry killswitch. Irrevocable fact.

~~~
newtypems
The question is, what would he have done if it wasn't a kill switch, but
happened to be a server that received bitcoin payments from ransomware
victims?

He was still selling banking trojans the year before, so who knows?

------
ausbah
cybersecurity professionals are the closest things to superheroes we have

~~~
koheripbal
There are a lot more grey-hats than the industry is generally willing to
admit.

~~~
C1sc0cat
Batman's pretty grey hat as a Super Hero as is Oliver Queen

------
rayuela
Hutchins was busted for committing bank fraud. Him doing one good thing does
not absolve him of having committed another crime...he's still a criminal.
Rather than protest him being arrested we should advocate for him getting a
reduced sentence for having at least done some good.

~~~
willis936
Shouldn’t the system be set up to reward the good thing more than the bad
thing when possible? If someone is in a position of power from doing bad
things, how could you expect them to stop of their own volition?

~~~
marcinzm
One problem with rewarding an action is that humans are very good at gaming
rules. For example, let's say I get X for donating to charity. I can for
example setup my own charity, donate to it, pay myself all its income as
salary and then just collect lot's of X.

The US tax system is a perfect example of this I'd say.

~~~
vmception
Not really any benefit from that

But the charity you setup would shelter your assets better than any prenup or
other asset planning (or lack thereof) when you divorce your spouse

~~~
gvjddbnvdrbv
I am not a lawyer but I'm guessing a judge would look pretty badly on doing
this too obviously.

~~~
vmception
One of the most useful monetary goals in life is being able to afford US
federal appeal's court. It's the only part of the system where arbiters of the
law actually begin to analyze the law. There is no dog and pony show for
jurors there, no instructions that a prosecutor can tell the judges and sway
them.

So it wouldn't matter what a single judge thought in lower court, if you were
compliant.

------
ngneer
Security is about control. Shame on the malware writers for having left a
single point of failure.

------
gowld
Title was intentionally misleading before mods updated it.

This is a very one-sided article meant to make Hutchins look good.

The valuable bit of the article is a a reminder of why it's important not to
start being criminal/evil, because it traps you in a postive-feedvack loop of
criminality as you feel a need to commit ever-greater criminal acts to cover
up past acts.

The only escape from this is to create a culture where criminals know that it
safer to turn themselves in and turn informant on their co-conspirators, than
to try to evade the authorities.

~~~
gizmo
I carefully read the entire article and I don't think it made Hutchins look
good. But it does describe, accurately in my view, the kind of
rationalizations people apply to cross line after line until they see no way
out.

