Hacker News new | comments | show | ask | jobs | submit login
Researcher Who Stopped WannaCry Pleads Not Guilty to Creating Banking Malware (vice.com)
56 points by runesoerensen 6 months ago | hide | past | web | favorite | 11 comments



A little additional insight from Emptywheel: https://www.emptywheel.net/2017/08/14/government-changes-its...


The war against security researchers continues to dismay, and it always feels like the boot of the man showing up to put the intellectuals in their place.


The US government doesn't have a good track record with security researchers, but in this case the allegation is that he intentionally developed banking malware and knowingly sold it to people who would use it to commit fraud.

This isn't exactly some Orwellian crackdown on anyone who dare play with malware or malicious infrastructure. The allegation is far beyond what any white or even gray hat researcher would ever do. Of course, the allegations may be completely false, but let's at least make sure we're all talking about the same thing.


The two aren't mutually exclusive. With laws as vague and broad as they are it's easy to conceive of a situation wherein charges are brought "after the fact" - as in, not because whatever occurred was significant enough to merit prosecution, but rather because the person was significant enough to merit prosecution.

In all cases (without exception) where that's the case, the result is legal, yet not something that can properly be called justice. The current circumstances sure look like this, but it is - of course - still a little to early to tell.

So did marcus plan and execute a serious crime, or did a series of events occur that happened to include hacking tools and sales to individuals that can be presented as criminal, such that a little creative cherry-picking can weave a nefarious tale?


I doubt that if he was a serious criminal that created and USED said banking malware for a fraud, and the FBI clearly had victim impact statements, that he would get such a lenient set of bail conditions.

The longer this case goes on the stranger it gets.

My current working theory is that the FBI was investigating the Kronos malware, caught one of the developers and/or sellers and they knew he was working with someone, but not who, and this redacted person didn't like MalwareTech for any myriad of reasons so he claimed, as an informant that the other developer was MalwareTech.

Like I said, just a theory. I could be wrong and we haven't seen the FBI's evidence.


> On August 4, in a hearing in Las Vegas, the prosecution said that Hutchins had admitted "that he was the author of the code that became the Kronos malware" when he spoke to FBI agents.


Admitted in what context?

Notice the "became the Kronos malware". It's entirely possible Kronos used MalwareTech's open source PoC's of rootkits and other things, he knew, and was asked about it and but without the guidance of a lawyer said: "Sure. I wrote TinyXPB." or similar.

Concerning for sure.


Yeah, context is very important. I just posted that as a reply to

> My current working theory is that the FBI was investigating the Kronos malware, caught one of the developers and/or sellers and they knew he was working with someone, but not who, and this redacted person didn't like MalwareTech for any myriad of reasons so he claimed, as an informant that the other developer was MalwareTech.


they are recruiting him.


"They're charging me with some serious shit! And there's stuff that I didn't even do. Like inserting some virus called Da Vinci?" --Phantom Phreak


"They're trashing our rights! Trashing! Trashing!!!!"




Applications are open for YC Summer 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: