WHITE HAT, CYBER CRIMES?
Praised as hero for stopping WannaCry virus
THIS IS A VERY PROBLEMATIC PROSECUTION TO MY MIND.
When hackers let loose a malicious bit of “ransomware” code called WannaCry back in May, holding computers hostage until a payment was made, the attack was almost a global catastrophe. It threatened the operation of the British health system, major players in the European auto industry, and shipping giant FedEx.
But the actual damage was brief and limited, thanks to a clever young British hacker who found a “kill switch” buried in the code. He noticed that it mentioned an unregistered web address, so he registered it for himself on a hunch, which turned out to be the secret to stopping the attack.
That quick thinking made Marcus Hutchins, 23, better known online as MalwareTech, a star among “white hat” hackers, whose work is altruistic, designed to close rather than exploit gaps in cybersecurity, as opposed to malicious, criminal “black hats.”
Now, however, American authorities allege Hutchins is not so altruistic as he seems. He is in federal custody in Nevada, accused by the United States of creating and selling the very sort of “malware” that he is an expert in defeating.
His arrest is believed to be linked to an FBI investigation into a company on the dark web which was run by a Canadian who is alleged to have killed himself last month.
Shortly after attending two major hacker conventions this week in Las Vegas, Black Hat Briefings and DEF CON, Hutchins was pulled off a plane on Wednesday by the FBI at the airport in Las Vegas, and charged with six cybercrime offences that carry the possibility of decades in jail.
He is alleged to have cre- ated, maintained and distributed a type of malware known as Kronos.
“Defendant Marcus Hutchins created the Kronos malware,” reads the grand jury indictment in the eastern district court of Wisconsin.
Another person faces similar charges, but is unnamed in the document.
Kronos is a type of software called a banking Trojan, which works by in- fecting web browsers, which then skim a victim’s password when it is entered on a bank’s website.
The indictment alleges the pair “knowingly conspired and agreed with each other to commit an offence against the United States, namely, to knowingly cause the transmission of a program, information, code, and command and as a result of such conduct, intentionally cause damage without authorization, to 10 or more protected computers during a 1-year period.”
Other charges in the sixcount indictment, dated July 11, refer to the advertising and distribution of software whose purpose is to secretly intercept electronic com- munications, such as keystrokes.
Writing malware is not, by itself, a crime in the United States, but advertising or distributing it with the intention of using it can be.
Hutchins is alleged to have created Kronos, and the other person is alleged to have made and posted an explanatory video in the summer of 2014, then offered to sell it for $3,000.
The following February, Hutchins is alleged to have updated Kronos, after which the other person advertised it for sale on a popular dark web marketplace, eventually selling it for $2,000 in digital currency.
The Guardian newspaper reported Hutchins was represented at an initial court appearance by a public defender, who said Hutchins needed more time to hire his own counsel. He was held in custody.
The arrest is linked to the FBI’s recent work to close AlphaBay, a dark web market with as many as 200,000 users seeking to purchase illicit items such as drugs, weapons and stolen financial details. It was many times larger than its bet- ter known predecessor, Silk Road.
This is where Hutchins and the alleged conspirator are accused of offering the malware for sale.
The alleged founder of AlphaBay, Alexandre Cazes, 26, who is from Quebec but lived in Bangkok, was found dead earlier this month in a Thai jail cell, strangled by a towel in an apparent suicide, about a week after he was arrested on American charges of drug distribution, money laundering, and identity theft in connection with AlphaBay. He was facing possible extradition to the United States.
Hutchins arrest, and especially the suggestion in the indictment that he was not involved in the sale of Kronos, caused worry among digital rights activists.
Attorney Tor Ekeland told The Associated Press that the facts in the indictment fail to show intent.
“This is a very, very problematic prosecution to my mind, and I think it’s bizarre that the United States government has chosen to prosecute somebody who’s arguably their hero in the WannaCry malware attack and potentially saved lives and thousands, hundreds of thousands, if not millions, of dollars over the sale of alleged malware,” Ekeland said. “This is just bizarre, it creates a disincentive for anybody in the information security industry to co-operate with the government.”
The Electronic Frontier Foundation said it was deeply concerned and was trying to reach Hutchins.
The British National Cyber Security Centre said in a statement that it was aware of the arrest but declined further comment, as did the consulate in Los Angeles.
Hutchins’ Twitter account suggests he was already on board a plane when he was taken into custody. His last message was in response to a lighthearted conversation about priority boarding.
His final message includes the joke: “I drink on airplanes because the only thing better than jet lag is jet lag and a hangover.”