I'm late to the party and most of the articles I've seen so far focus more on the person and WannaCry as opposed to the 2013-2014 aspect.
This is function hooking code. It's useful when you need to change the behaviour of an application, by redirecting a function call to your own function.
Like any piece of code it has both legitimate and nefarious uses. However, function hooking is very basic stuff.
Anyone who has ever tried to learn how things work under the hood will have written function hooking code before.
The headline, while complimentary, makes sense as it identifies him in the way most folks would recognize.
Obviously, he hasn't been found guilty of anything, and you're entitled to argue that the evidence suggests he isn't. The only thing you can't reasonably argue is what you've tried to argue here, which is that we should judge this person by what they were previously best known for.
> This headline is editorialised.
You think during the OJ Simpson trial, we should never have talked about what the trial was for? Just kept talking about his football career and what a great athlete he was?
No, you are allowed to talk about the alleged crimes during a trial.
This tells me you may have misunderstood the intention of my comment. I am talking only about the headline. People are more likely to know who it is with the NHS mention, as he was not known at all for the Kronos allegations until his arrest. We will see the truth during trial, the only point I intended to make here was regarding the headline making perfect sense.
But why? Why can't other people judge him for him previously selling other malware similar to Kronos under the handles "Gone With The Wind" and "iarkey" on Hackforums?
Surely it's not for lack of evidence as anyone with access to google can easily verify this.
If he's being framed, we're talking about at least a 7 year long operation to do so: https://i.succ.in/CWcDhXxi.png
> The only thing you can't reasonably argue is what you've tried to argue here, which is that we should judge this person by what they were previously best known for.
I did not try to argue that at all, so I was clarifying my opinion. Nobody will stop you if you choose to judge him based on that allegation, I am choosing to wait on that due to the fact that it will get figured out (with actual evidence either way) in court.
Judge guilty, judge innocent, don't judge at all: all of those are reasonable options open to you.
The only option I am pushing back on is the one that says the only reasonable way to frame somebody is in terms of the good thing they're best known for. Because, of course, it is in the nature of criminal conspiracies to work hard not to be known for them.
Not only that, but the key parts of this dox from 2010 have been confirmed by the media and now the FBI.
What do you consider actual evidence? This is the kind of stuff they use every day in court, and there's lots of it if you bother to take 10 minutes to look on google. Courts aren't videogames, you don't win by outsmarting the computer.
I suppose it's also worth pointing out that the reputation system on that site isn't very useful, when you get banned the staff usually wipes out all of your positive reputation as happened to the poster I screenshotted.
The Anglo-US intelligence communities have a young talented individual on a spit over a slow fire. Odds are, he will be easy to turn. The UK isn't expending political capital on extracting him from his predicament. That doesn't mean that its functionaries don't care. It suggests that what they care about is providing Hutchins with future opportunities to serve the state.
Or to put it another way, Hutchins' resume seems like it might make him an attractive candidate to some firms in the security industry. That also makes Hutchins attractive to the intelligence communities. And though UK prisons are surely unpleasant, the US Federal system almost certainly can offer much less attractive options to incentivize cooperation.
Threatening someone with criminal prosecution is an incredibly shitty way to recruit them for security work. (But does play up to the ego of engineers. Multiple government agencies are willing to organize and carry out a massive conspiracy because they want the skills of someone like me!)
Also worth noting that no diplomatic goodwill is burned when you arrest and try a foreign national of a crime they committed against your citizens - when your actions qualify as a crime in both countries.
If I rob an American, I don't get an out of-jail free card just because I'm a Canadian in the US. Likewise, my government won't even issue a squeak of protest.
Prosecutors told a Las Vegas court on Friday that Mr
Hutchins had been caught in a sting operation when
undercover officers bought the code. They claimed the
software was sold for $2,000 in digital currency in
June 2015. 
Reading through the indictment , the conspiracy charge does not allege anything that isn't in the other charges. For the most part, the other charges allege "knowledge" that the software can be used for some purpose rather than actual use.
I don't know what you think the prosecution of an actual banking trojan operation would look like and so can't evaluate the implication of something seeming "more like an intelligence operation than a criminal operation". Maybe you could clarify. This isn't the first malware conspiracy case the DOJ has gone after.
Hutchins could have been arrested any time between June of 2015 and August of 2017. This includes:
1. Arrest in the UK. However, this would have required extradition and the expenditure of diplomatic capital given the relatively insubstantial ill gotten gains Hutchins is alleged to have received. The quid pro quo for $2000 in potentially illicit sales would expose a lot of very average people for a lot of very trifling offenses on both sides of the Atlantic.
2. Arrest when Hutchins first entered the US in association with Defcon. He could have been picked up at the airport upon arrival. Arrest in the US at the first opportunity seems the ordinary first alternative to extradition.
3. Arrest while Defcon was going on. Prosecutors argued at the bail hearing the Hutchins was a flight risk. Yet he was allowed to get all the way to the gate for his flight before he was detained.
Ok, extradition is a mess. But picking him up earliest opportunity is pretty standard. Waiting until he is about to board a flight suggests either ineptitude or surveillance or the grand jury passing down an indictment during Defcon. I don't really buy ineptitude due to it requiring multiple Federal agencies falling down in routine police work.
In a surveillance scenario, publicly arresting Hutchins puts any and all other targets of surveillance on notice. Without other arrests, that seems rather inept policing.
Late execution of the warrant suggests a high level agenda to prevent him from being arrested (or questioned) in the UK or detained at the port of entry in the normal manner. Another possibility is the grand jury did not issue a indictment until just prior to Hutchins arrest. This points to a high level agenda as well since presenting evidence to the grand jury between the time Hutchins arrived and attempted to depart would involve significant logistical effort...on a two year old sting operation.
To the degree that Hutchins is an attractive intelligence asset, a high level agenda is not implausible. Digging up a skeleton from his closet is not extraordinary spycraft. Letting him get to the airport before the arrest catches him at his most vulnerable and the transition from vacationing Los Vegas luxury to a concrete and stainless Clarke County jail cell is not going to strengthen most people's will.
Of course, I am just speculating. But the fundamental premise is that the people of the state level intelligence communities tend to be professionals and good at what they do.
In short, justice is what most other influential people deem just, not some universal measure of conduct.
Those responsible for the firebombing of Dresden never stood trial, because the victims belonged to the losing side. The "scientists" of Unit 731 never stood trial. Only 13 out of 24 directors of IG Farben were found guilty and all were released early.
The church effectively killed hundreds of thousands (very conservative guess) by telling people not to use condoms. No one was tried.
2 - https://en.wikipedia.org/wiki/IG_Farben#IG_Farben_Trial
Frankly, this sounds a lot like what people said during the advent of the Hans Reiser trial.
Believe it or not, "security researchers" are just as capable of committing crimes as everyone else is.
Not everyone in the US gets that luxury, but given the strong relationship between our two nations, I feel reasonably confident that Mr. Hutchins will receive as fair of a trial as anyone.
Concessions regarding past behavior are usually saved for the sentencing portion of the trial.