Hacker News new | comments | show | ask | jobs | submit login
Marcus Hutchins pleads not guilty in US (bbc.co.uk)
59 points by 0xbadf00d on Aug 14, 2017 | hide | past | web | favorite | 52 comments

Does anyone have a technical breakdown of what code he admits to have written? TIA

I'm late to the party and most of the articles I've seen so far focus more on the person and WannaCry as opposed to the 2013-2014 aspect.

Apparently it's about this code: https://www.malwaretech.com/2015/01/inline-hooking-for-progr...

This is function hooking code. It's useful when you need to change the behaviour of an application, by redirecting a function call to your own function.

Like any piece of code it has both legitimate and nefarious uses. However, function hooking is very basic stuff.

Anyone who has ever tried to learn how things work under the hood will have written function hooking code before.

What's your source on that being the code in question?

Not OP and idk but do you think Rob[0] it referencing this hooking code or something else on his Github[1]



This headline is editorialised. Some basic OSINT will show he also sold a banking trojan previously, which is what he is facing charges for.

Ok, we can take the epithet out of the title. We do that anyway when someone's name is well known to the HN community.

That is an allegation which has not been proven without a doubt.

The headline, while complimentary, makes sense as it identifies him in the way most folks would recognize.

That's the point of a criminal conspiracy: to be well-known only for positive things, and for nobody to know about your involvement in negative things.

Obviously, he hasn't been found guilty of anything, and you're entitled to argue that the evidence suggests he isn't. The only thing you can't reasonably argue is what you've tried to argue here, which is that we should judge this person by what they were previously best known for.

The only judgement which should occur at this point is in the courtroom. I am making no argument beyond a reply to this part of the comment:

> This headline is editorialised.

If you are talking about someone's trial, it makes sense to describe them as a 'defendant accused of x'. You don't pretend they are just there for no reason.

You think during the OJ Simpson trial, we should never have talked about what the trial was for? Just kept talking about his football career and what a great athlete he was?

No, you are allowed to talk about the alleged crimes during a trial.

> You think during the OJ Simpson trial, we should never have talked about what the trial was for? Just kept talking about his football career and what a great athlete he was?

This tells me you may have misunderstood the intention of my comment. I am talking only about the headline. People are more likely to know who it is with the NHS mention, as he was not known at all for the Kronos allegations until his arrest. We will see the truth during trial, the only point I intended to make here was regarding the headline making perfect sense.

>The only judgement which should occur at this point is in the courtroom.

But why? Why can't other people judge him for him previously selling other malware similar to Kronos under the handles "Gone With The Wind" and "iarkey" on Hackforums?

Surely it's not for lack of evidence as anyone with access to google can easily verify this.

If he's being framed, we're talking about at least a 7 year long operation to do so: https://i.succ.in/CWcDhXxi.png

The context was:

> The only thing you can't reasonably argue is what you've tried to argue here, which is that we should judge this person by what they were previously best known for.

I did not try to argue that at all, so I was clarifying my opinion. Nobody will stop you if you choose to judge him based on that allegation, I am choosing to wait on that due to the fact that it will get figured out (with actual evidence either way) in court.

I don't think I wrote this clearly and so I don't blame you for misunderstanding what I'm saying.

Judge guilty, judge innocent, don't judge at all: all of those are reasonable options open to you.

The only option I am pushing back on is the one that says the only reasonable way to frame somebody is in terms of the good thing they're best known for. Because, of course, it is in the nature of criminal conspiracies to work hard not to be known for them.


I think we're pretty sure that ryanlol isn't weev, but personal nastiness will get you banned here, so please don't comment like this again.

Of course he isn't weev or hitler and that is so obvious - wait you did read the forum post didn't you? If not perhaps you should have done that before commenting but giving you the benefit of the doubt and just having some lack of comprehension - I was making the point that anyone can do that but it isn't evidence. There was no personal nastiness and but no 5 stars would definitely comment like that again thank you.

If you can't or won't stop posting unsubstantive comments to HN we're going to end up banning you, so please stop.

I don;t mean to sound rude but to my mind and I did mention, it was obvious from my comment that I wasn't saying he was weev or hitler or polpot in fact that was exactly the whole point - 'anybody can say anybody is anybody in post in a place such as this and it doesn't make it true' - do you still not get that? How? And if by 'we' you mean ycombinator and are speaking on behalf of the ycombinator then I would point out that the only truly unsubstantive (sic) comments are the ones you have given succour to which are the libelous allegations against Marcus Hutchins. I would expect ycombinator to be asking members to desist from defaming him.

Are you suggesting someone has been actively trying to frame Marcus Hutchins for 7 years? I'm sorry but that sounds a bit too tinfoily for me without any evidence.

Not only that, but the key parts of this dox from 2010 have been confirmed by the media and now the FBI.

What do you consider actual evidence? This is the kind of stuff they use every day in court, and there's lots of it if you bother to take 10 minutes to look on google. Courts aren't videogames, you don't win by outsmarting the computer.

I suppose it's also worth pointing out that the reputation system on that site isn't very useful, when you get banned the staff usually wipes out all of your positive reputation as happened to the poster I screenshotted.

No I am not suggesting that. My subtle joke seems to have fooled you too unless you are... @dang (or maybe you really are @hitler)? The only reason for mentioning someone by name in this kind of forum would be a kind of 'I doxxed you/know where you live' pathetic threat - typical banned skid 'can u mak me a trojan/virus so I can hak mi skul cuz I am dumbasfuck'. What value do you place on the dox? He might have genuinely thought it was Marcus Hutchins but just because he says he is or I say you are @weev doesn't make it true. In any legal system that is not evidence unless they can get the guy who posted it and subpoena him to come and swear preferably with some actual evidence rather than his word. It is hearsay! It is entirely inadmissible! None of it has anything to do with @malwaretech and the guy it meant to be has already themselves posted on twitter and supplied samples of kronos. Google Detectives!

You don't prove that he isn't or need evidence to that effect. He doesn't prove the negative. A prosecutor and the only judge that counts should have to prove positive beyond reasonable doubt that he did something. Him - not somebody else, not a handle. With actual evidence. As for 'OSINT' aka 'google/twitter' I've seen a lot of chat logs and hearsay from rivals but not one shred of evidence. Certainly not enough even for an arrest warrant. I suspect somebody trying to make a name for themselves and see a lot of professional jealousy disappointingly. These and other forthright pronouncements are prejudicial to these sub-judicial proceedings. He has been tried already. Release @malwaretech.

You would think the UK government would help him out here, given what he did for us.

It would not surprise me if the UK government was using the US justice system as a tool to align Mr. Hutchins' interests more closely with those of its security and intelligence organs. To me, the story has unfolded smelling of a human asset acquisition operation.

The Anglo-US intelligence communities have a young talented individual on a spit over a slow fire. Odds are, he will be easy to turn. The UK isn't expending political capital on extracting him from his predicament. That doesn't mean that its functionaries don't care. It suggests that what they care about is providing Hutchins with future opportunities to serve the state.

Or, maybe the guy was just involved, perhaps peripherally and by accident or perhaps directly and culpably, in a banking trojan scheme.

Supposing that everything in the indictment is in fact true, the amounts of money involved relative to the bank robbery industry suggest that Hutchins is not a big time criminal in proportion to the publicity surrounding the case. The upside of going after Hutchins has to be worth the political cost of arresting someone considered a hero by many. And his abandonment by the UK government has to be worth it as well. The indictment suggests less money changed hands than does in the purchase of an AutoCad license...and we are talking about banking.

Or to put it another way, Hutchins' resume seems like it might make him an attractive candidate to some firms in the security industry. That also makes Hutchins attractive to the intelligence communities. And though UK prisons are surely unpleasant, the US Federal system almost certainly can offer much less attractive options to incentivize cooperation.

Threatening someone with criminal prosecution is a great way to get them to flip on their friends.

Threatening someone with criminal prosecution is an incredibly shitty way to recruit them for security work. (But does play up to the ego of engineers. Multiple government agencies are willing to organize and carry out a massive conspiracy because they want the skills of someone like me!)

Also worth noting that no diplomatic goodwill is burned when you arrest and try a foreign national of a crime they committed against your citizens - when your actions qualify as a crime in both countries.

If I rob an American, I don't get an out of-jail free card just because I'm a Canadian in the US. Likewise, my government won't even issue a squeak of protest.

I suspect that if cooperation cannot be secured with the threat of prison time, tying the conditions of actual imprisonment to the degree of cooperation provided would be the next object lesson regarding his career. On the other hand, it would not surprise me if Hutchins was predisposed to act in the interest of national and international intelligence and law enforcement agencies...they are certainly among the places doing the most interesting and most professional malware production and defense for causes that people can often get behind. And Hutchins is a young man who does not seem particularly inclined toward entrepreneurship.

  Prosecutors told a Las Vegas court on Friday that Mr 
  Hutchins had been caught in a sting operation when 
  undercover officers bought the code. They claimed the 
  software was sold for $2,000 in digital currency in 
  June 2015. [1]
Hutchins actions that brought him to fame suggest a willingness to act in the British national interests.

[1]: http://www.bbc.com/news/technology-40833951

I mean, I guess sometimes that's how we recruit people in the security industry? That and job ads on LinkedIn?

I was thinking of Frank Abagnale [1] mostly. And Sneakers a little.

[1]: https://en.wikipedia.org/wiki/Frank_Abagnale

You think the UK government would intervene to stop the trial of someone accused of operating a conspiracy to spread banking trojans? Why?

In the US prosecutorial system, conspiracy charges are regularly used as a tool to leverage and encourage plea negotiations because conspiracy is so broad and allows for broad interpretations of seemingly innocuous actions and trifling intents. As I've said elsewhere, this smells more like an intelligence operation than a criminal investigation.

Reading through the indictment [1], the conspiracy charge does not allege anything that isn't in the other charges. For the most part, the other charges allege "knowledge" that the software can be used for some purpose rather than actual use.

[1]: https://www.justice.gov/opa/press-release/file/986606/downlo...

I'm using "conspiracy" in the colloquial sense, not the legal sense. Obviously, he's charged with more than simply being a member of a conspiracy.

I don't know what you think the prosecution of an actual banking trojan operation would look like and so can't evaluate the implication of something seeming "more like an intelligence operation than a criminal operation". Maybe you could clarify. This isn't the first malware conspiracy case the DOJ has gone after.

From the bail hearing:

  Prosecutors told a Las Vegas court on Friday that Mr 
  Hutchins had been caught in a sting operation when 
  undercover officers bought the code. They claimed the 
  software was sold for $2,000 in digital currency in 
  June 2015. [1]
So he was caught in a sting involving beer money at age 21. As the parent of a young man who recently managed to puncture a hole in the gas tank of a Buick without a clear explanation, my general take is that like many if not most young men, Hutchins has done one or more stupid things prior to the full onset of adulthood (not to suggest that the full onset of adulthood is necessarily entirely effective).

Hutchins could have been arrested any time between June of 2015 and August of 2017. This includes:

1. Arrest in the UK. However, this would have required extradition and the expenditure of diplomatic capital given the relatively insubstantial ill gotten gains Hutchins is alleged to have received. The quid pro quo for $2000 in potentially illicit sales would expose a lot of very average people for a lot of very trifling offenses on both sides of the Atlantic.

2. Arrest when Hutchins first entered the US in association with Defcon. He could have been picked up at the airport upon arrival. Arrest in the US at the first opportunity seems the ordinary first alternative to extradition.

3. Arrest while Defcon was going on. Prosecutors argued at the bail hearing the Hutchins was a flight risk. Yet he was allowed to get all the way to the gate for his flight before he was detained.

Ok, extradition is a mess. But picking him up earliest opportunity is pretty standard. Waiting until he is about to board a flight suggests either ineptitude or surveillance or the grand jury passing down an indictment during Defcon. I don't really buy ineptitude due to it requiring multiple Federal agencies falling down in routine police work.

In a surveillance scenario, publicly arresting Hutchins puts any and all other targets of surveillance on notice. Without other arrests, that seems rather inept policing.

Late execution of the warrant suggests a high level agenda to prevent him from being arrested (or questioned) in the UK or detained at the port of entry in the normal manner. Another possibility is the grand jury did not issue a indictment until just prior to Hutchins arrest. This points to a high level agenda as well since presenting evidence to the grand jury between the time Hutchins arrived and attempted to depart would involve significant logistical effort...on a two year old sting operation.

To the degree that Hutchins is an attractive intelligence asset, a high level agenda is not implausible. Digging up a skeleton from his closet is not extraordinary spycraft. Letting him get to the airport before the arrest catches him at his most vulnerable and the transition from vacationing Los Vegas luxury to a concrete and stainless Clarke County jail cell is not going to strengthen most people's will.

Of course, I am just speculating. But the fundamental premise is that the people of the state level intelligence communities tend to be professionals and good at what they do.

[1]: http://www.bbc.com/news/technology-40833951

Because that indictment was bare-bones and bullshit. I may be wrong here (and part of me hopes that I am), but this entire thing smells like the US flexing its power. Marcus gets picked up by the Feds, disappears without anybody knowing where he is for several days, and then suddenly we get an indictment with almost nothing in it claiming he wrote and sold Khronos based on some IRC logs? That just smells fishy to me.

Because he is a UK citizen, and the US Legal system corrupt, twisted and self aggrandizing.

I'd say the UK legal system (well, the legislation) isn't in great condition either. Currently you can be imprisoned for possessing certain pornographic drawings of fictional characters in England, Wales and NI. The Republic of Ireland has similar silly laws, such as how one can be convicted of possessing child pornography if the actors/acresses in the pornography are made to look as though they are underage (e.g through roleplaying or makeup).

Because he's not just a 'someone', he's a hero for stopping the disgusting attack on the NHS and letting doctors and nurses get on with their job of saving lives.

This doesn't make any sense. It's not how justice works. You can't do one useful thing to excuse a series of grave crimes.

I know this probably isn't what you meant, but it's actually often the case that doing useful things helps people get over the other things you did, see Francis Drake, any number of founders of post-colonial and early 20th century countries, conquistadors/founding fathers/revolutionaries, etc.

In short, justice is what most other influential people deem just, not some universal measure of conduct.

Those responsible for the firebombing of Dresden never stood trial, because the victims belonged to the losing side. The "scientists" of Unit 731 never stood trial.[1] Only 13 out of 24 directors of IG Farben were found guilty and all were released early.[2]

The church effectively killed hundreds of thousands (very conservative guess) by telling people not to use condoms. No one was tried.

1 - https://en.wikipedia.org/wiki/Unit_731#Surrender_and_immunit...

2 - https://en.wikipedia.org/wiki/IG_Farben#IG_Farben_Trial

Occasionally it does in the UK. A man who was videoed appealingly for calm during the London riots was let off I believe an assault charge. The magistrate told him something like 'we're even now '. However this was mitigation at sentencing following a trial.

Ok, so where is the arrests and trials for the people from the NSA, who designed the exploit that was stolen and became a key part of the WannaCry virus? The very same exploit that was used in a bunch of other viruses too, which has stolen tens of thousands of dollars to date?

Hero is a bit strong. He rashly decided to register a domain name without knowing how the malware would respond to that. By luck it de-activated itself when the domain became active. The malware could just as easily have decided to encrypt the victim's hdd and destroy the key.

And he was so effective at stopping the malware because he is himself a malware creator distributing competing malware.

Allegedly. Innocent until proven guilty.

Which we will find out if he gets a fair trial, but that doesn't mean he should be able to skip the trial because he helped the NHS.

No, he should skip the trial because of the chilling effect prosecuting a security researcher who allegedly wrote a banking trojan would have on legitimate security researchers.

What chilling effect would that be? I'm a security researcher, many of my friends are security researchers, none of us sell banking trojans (or write them; they're extremely boring as computer science projects) and none of us have changed what we're working on even a little bit as a result of this case.

Frankly, this sounds a lot like what people said during the advent of the Hans Reiser trial.

Believe it or not, "security researchers" are just as capable of committing crimes as everyone else is.

What? So if I am a security researcher, I am allowed to write and sell as much malware as I want, with no consequences? That is absurd.

The trial is necessary before you can deem him a legitimate security researcher and trojan authors should feel a chilling effect.

Or he saw a URL in the malware code, and decided to register it to see what would happen and isn't a malware selling mastermind.

I would guess the UK government is going to work with US officials to ensure he has a fair trial.

Not everyone in the US gets that luxury, but given the strong relationship between our two nations, I feel reasonably confident that Mr. Hutchins will receive as fair of a trial as anyone.

The question of whether he is guilty of this particular crime is what this particular trial is about.

Concessions regarding past behavior are usually saved for the sentencing portion of the trial.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact