Arrest of WannaCry Researcher Sends Chill through Security Community

Megalith

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
It seems that anyone involved with WannaCry is running scared due to Marcus Hutchins’ recent arrest, who is facing charges over allegedly helping write and aide in the distribution of the Kronos banking malware in 2014. Security researchers, for instance, are fearing they could be implicated merely because they investigated the malicious code.

The issue, say lawyers and researchers following the case, is not a matter of Hutchins's guilt or innocence. Rather, it's the rollout of an indictment they say is short on facts, was aggressive in its application of computer law and ultimately left researchers confused over whether standard research practices are now being treated as prosecutable offenses. "We did a lot of work on WannaCry, too," said Jake Williams, founder of Rendition Infosec. "I had folks afraid that their own involvement in investigating WannaCry would get them arrested."
 
When you stop the biggest Virus outbreak on the planet (so far), you gotta be prepared for people to start digging up some dirt, I mean Jesus isn't the first person the Police usually investigate the person who 'called it in' or 'provided the tip'.....
 
It is not far fetched that someone who stopped one attack was involved in and wrote another.
15 min of fame can bite you in the behind if you don't have clean hands.
 
I did sort of damn him beforehand, but in reading their court filing it is a bit sketchy on what he actually did. It seems all the actual selling and hacking was done by other parties, but they tied Hutchins as the creator of the malware somehow.

Could it really be a case of him designing something and others just getting their hands on it and using it maliciously?
 
He wasn't arrested for wannacry, he had outstanding warrant for writing and selling malware (kronos) that targeted banks.
 
Last edited:
Research is fine to understand exploits. Releasing an exploit notification within a couple months of notifying the company is fine.

Releasing proof of concepts with actual code into the wild deserves to put your ass in jail. That's the equivalent of saying you found a way to make cheap heroin in your home using household chemicals then releasing the formulation + instructions.
 
Last edited by a moderator:
gordon152 said:
I did sort of damn him beforehand, but in reading their court filing it is a bit sketchy on what he actually did. It seems all the actual selling and hacking was done by other parties, but they tied Hutchins as the creator of the malware somehow.

Could it really be a case of him designing something and others just getting their hands on it and using it maliciously?
Click to expand...

All programs contain something called GUIDs Globally unique identifiers. They are quite common in code and microsoft embeds them into all code that uses their compiles. These GUIDs contain things like MAC addresses as a HASH and can be reverse compiled to the owners machine. This is how they caught the Melissa creator. Now if you don't register your visual studio compiler it makes it harder to find you, but not impossible.
 
Very nice! I hate malicious code writers, they should all go to jail.
 
So the government that couldn't crack a damn IPhone should be tasked with throwing people in jail willy nilly.

Okay.

No thank you.
Whether you like it or not, hackers are on the front line against corporations taking over every single aspect of our lives. Cheering for the spiral towards fascism is dumb.

It's not the corporations who wrote the shitty code with exploits, it's the hackers that are the real evil.

We are heading towards some dark dark times.
 
stealthballer123 said:
So the government that couldn't crack a damn IPhone should be tasked with throwing people in jail willy nilly.

Okay.

No thank you.
Whether you like it or not, hackers are on the front line against corporations taking over every single aspect of our lives. Cheering for the spiral towards fascism is dumb.

It's not the corporations who wrote the shitty code with exploits, it's the hackers that are the real evil.

We are heading towards some dark dark times.
Click to expand...

That's like saying "It's not the meth cookers who are at fault. It's the people who make the cough syrup who are responsible"

I don't care how defensive a programmer you are. I write bounds & pointer checks and assertion statements every 20 lines of code or so (For real) In my one project of about 10,000 lines of code I handed them back a manual with over 500 potential failure points and where they occur in code so our tech support staff can report it back. It was quite literally 15 pages. It doesn't mean it can't be hacked despite how many safety checks and recoveries you put in. (These are rough estimates, but I ran a code analyzer and those about the numbers it kicked out)
 
nyt said:
outstanding warrant
Click to expand...

the definitions of "outstanding" have been redefined: he was invited into the USA, passed border offices and was on public events for many days before the arrest. He is a Brit, if there was really an " outstanding" need to prosecute him, it could be done without the press circus.
 
DigitalGriffin said:
That's like saying "It's not the meth cookers who are at fault. It's the people who make the cough syrup who are responsible"

I don't care how defensive a programmer you are. I write bounds & pointer checks and assertion statements every 20 lines of code or so (For real) In my one project of about 10,000 lines of code I handed them back a manual with over 500 potential failure points and where they occur in code so our tech support staff can report it back. It was quite literally 15 pages. It doesn't mean it can't be hacked despite how many safety checks and recoveries you put in. (These are rough estimates, but I ran a code analyzer and those about the numbers it kicked out)
Click to expand...
So giant companies with unlimited resources should not be held responsible at all for their penny pinching they do that leads to problems?

We aren't talking about a guy in a garage coding, these are trillion dollar industries that literally hold our world economy in their hands.

Look it, the banks destroyed the world numerous times in our history. They are pretty much never held accountable for it. They are also financially rewarded on the front end and the back end.
This kid may or may not have contributing to code that cost those banks money.

Now the government is acting as the bank's enforcer after the kid decided to do the right thing. Did the government act as the public's enforcer when people were losing their houses?

Why would I want them to be swift with their justice for this kid?

The government being the police force for the banks instead of policing the banks isn't working.

Every time one of these big hacks happens it's like a whistle blower exposing corporations.
 
stealthballer123 said:
So giant companies with unlimited resources should not be held responsible at all for their penny pinching they do that leads to problems?

We aren't talking about a guy in a garage coding, these are trillion dollar industries that literally hold our world economy in their hands.

Look it, the banks destroyed the world numerous times in our history. They are pretty much never held accountable for it. They are also financially rewarded on the front end and the back end.
This kid may or may not have contributing to code that cost those banks money.

Now the government is acting as the bank's enforcer after the kid decided to do the right thing. Did the government act as the public's enforcer when people were losing their houses?

Why would I want them to be swift with their justice for this kid?

The government being the police force for the banks instead of policing the banks isn't working.

Every time one of these big hacks happens it's like a whistle blower exposing corporations.
Click to expand...

Whether you like it or not, most of those web facing programs are likely interfaced by maybe 30 engineers on one program. That's about 3,000,000 a year. That's a big chunk of change for one program. Even at mega corps the teams are small because getting larger than that makes it a logistics nightmare. And a team of 30 isn't going to catch everything. It's not their fault if the programmer doesn't think of everything.

And I have yet to see one of these big hacks as a result of a whistle blower.

Now take your conspiracy theorist libertarian ass to the 911 jet fuel can't melt steel beams forum. They could use your insightful theories there.
 
  • Like
Reactions: PaulP
like this
stealthballer123 said:
So giant companies with unlimited resources should not be held responsible at all for their penny pinching they do that leads to problems?

We aren't talking about a guy in a garage coding, these are trillion dollar industries that literally hold our world economy in their hands.

Look it, the banks destroyed the world numerous times in our history. They are pretty much never held accountable for it. They are also financially rewarded on the front end and the back end.
This kid may or may not have contributing to code that cost those banks money.

Now the government is acting as the bank's enforcer after the kid decided to do the right thing. Did the government act as the public's enforcer when people were losing their houses?

Why would I want them to be swift with their justice for this kid?

The government being the police force for the banks instead of policing the banks isn't working.

Every time one of these big hacks happens it's like a whistle blower exposing corporations.
Click to expand...
Nobody has unlimited resources, although the government comes the closest to that description. You obviously have no idea how software is designed and written. I've done it for both industry and government, and truthfully industry is much, much better at it than government. Please take all of your Marxist ramblings someplace else.
 
You know if this came to light in the process of his help, should have looked the other way. Seems investigators these days are about digging until they find some dirt they can burn someone with regardless of context or its relevance to the moment or going forward.
 
You must log in or register to reply here.
Back
Top