Massive ransomware infection hits computers in 99 countries
- Thread starter B00Mer
- Start date
I have a feeling this "Hero" might be more involved then we realize. I think he's involved with the original attack
Hacker who helped stop global cyberattack arrested
Ken Ritter And Matt O’Brien, THE ASSOCIATED PRESS
First posted: Thursday, August 03, 2017 07:47 PM EDT | Updated: Thursday, August 03, 2017 11:25 PM EDT
LAS VEGAS — Marcus Hutchins, a young British researcher credited with derailing a global cyberattack in May, was arrested for allegedly creating and distributing malicious software designed to collect bank-account passwords, U.S. authorities said Thursday.
News of Hutchins’ detention came as a shock to the cybersecurity community. Many had rallied behind the researcher whose quick thinking helped control the spread of the WannaCry ransomware attack that crippled thousands of computers.
Hutchins was detained in Las Vegas on his way back to Britain from an annual gathering of hackers and information security gurus. A grand jury indictment charged Hutchins with creating and distributing malware known as the Kronos banking Trojan.
Such malware infects web browsers, then captures usernames and passwords when an unsuspecting user visits a bank or other trusted location, enabling cybertheft.
The indictment, filed in a Wisconsin federal court last month, alleges that Hutchins and another defendant — whose name was redacted — conspired between July 2014 and July 2015 to advertise the availability of the Kronos malware on internet forums, sell the malware and profit from it. The indictment also accuses Hutchins of creating the malware.
Authorities said the malware was first made available in early 2014, and “marketed and distributed through AlphaBay, a hidden service on the Tor network.” The U.S. Department of Justice announced in July that the AlphaBay “darknet” marketplace was shut down after an international law enforcement effort.
Hutchins’ arraignment was postponed Thursday in U.S. District Court in Las Vegas by a magistrate judge who gave him until Friday afternoon to determine if he wants to hire his own lawyer.
Hutchins was in Las Vegas for Def Con, an annual cybersecurity conference that ended Sunday. On Wednesday, Hutchins made comments on Twitter that suggested he was at an airport getting ready to board a plane for a flight home. He never left Nevada.
Jake Williams, a respected cybersecurity researcher, said he found it difficult to believe Hutchins is guilty. The two men have worked on various projects, including training material for higher education for which the Briton declined payment.
“He’s a stand-up guy,” Williams said in a text chat. “I can’t reconcile the charges with what I know about him.”
A Justice Department spokesman confirmed the 22-year-old Hutchins was arrested Wednesday in Las Vegas. Officer Rodrigo Pena, a police spokesman in Henderson, near Las Vegas, said Hutchins spent the night in federal custody in the city lockup.
Andrew Mabbitt, a British digital security specialist who had been staying in Las Vegas with Hutchins, said he and his friends grew worried when they got “radio silence” from Hutchins for hours. The worries deepened when Hutchins’ mother called to tell him the young researcher hadn’t made his flight home.
Mabbitt said he eventually found Hutchins’ name on a detention centre website. News of his indictment Thursday left colleagues scrambling to understand what happened.
“We don’t know the evidence the FBI has against him, however we do have some circumstantial evidence that he was involved in that community at the time,” said computer security expert Rob Graham.
The big question is the identity of the co-defendant in the case, whose name is redacted in the indictment. Why was it blacked out? “Maybe the other guy testified against him,” said Graham.
The co-defendant allegedly advertised the malware online. Hutchins is accused of creating and transmitting the program.
Williams, the president of Rendition Infosec, speculated that the co-defendant might have been caught up in the takedown of AlphaBay and framed Hutchins in exchange for a plea deal.
The problem with software creation is that often a program includes code written by multiple programmers. Prosecutors might need to prove that Hutchins wrote code with specific targets.
Williams pointed to a July 13, 2014 tweet by Hutchins, whose moniker is @MalwareTechBlog, asking if anyone had a sample of Kronos to share.
“I’ve written code that other people have injected malware into,” said Graham. “We know that large parts of Kronos were written by other people.”
One legal scholar who specializes in studying computer crime said it’s unusual, and problematic, for prosecutors to go after someone simply for writing or selling malware — as opposed to using it to further a crime.
“This is the first case I know of where the government is prosecuting someone for creating or selling malware but not actually using it,” said Orin Kerr, a law professor at George Washington University. Kerr said it will be difficult to prove criminal intent.
“It’s a constant issue in criminal law — the helping of people who are committing a crime,” Kerr said. “When is that itself a crime?”
O’Brien reported from Providence, R.I. Associated Press writers Raphael Satter in Paris and Frank Bajak in Houston contributed to this report.
Hacker who helped stop global cyberattack arrested | World | News | Toronto Sun
Ken Ritter And Matt O’Brien, THE ASSOCIATED PRESS
First posted: Thursday, August 03, 2017 07:47 PM EDT | Updated: Thursday, August 03, 2017 11:25 PM EDT
LAS VEGAS — Marcus Hutchins, a young British researcher credited with derailing a global cyberattack in May, was arrested for allegedly creating and distributing malicious software designed to collect bank-account passwords, U.S. authorities said Thursday.
News of Hutchins’ detention came as a shock to the cybersecurity community. Many had rallied behind the researcher whose quick thinking helped control the spread of the WannaCry ransomware attack that crippled thousands of computers.
Hutchins was detained in Las Vegas on his way back to Britain from an annual gathering of hackers and information security gurus. A grand jury indictment charged Hutchins with creating and distributing malware known as the Kronos banking Trojan.
Such malware infects web browsers, then captures usernames and passwords when an unsuspecting user visits a bank or other trusted location, enabling cybertheft.
The indictment, filed in a Wisconsin federal court last month, alleges that Hutchins and another defendant — whose name was redacted — conspired between July 2014 and July 2015 to advertise the availability of the Kronos malware on internet forums, sell the malware and profit from it. The indictment also accuses Hutchins of creating the malware.
Authorities said the malware was first made available in early 2014, and “marketed and distributed through AlphaBay, a hidden service on the Tor network.” The U.S. Department of Justice announced in July that the AlphaBay “darknet” marketplace was shut down after an international law enforcement effort.
Hutchins’ arraignment was postponed Thursday in U.S. District Court in Las Vegas by a magistrate judge who gave him until Friday afternoon to determine if he wants to hire his own lawyer.
Hutchins was in Las Vegas for Def Con, an annual cybersecurity conference that ended Sunday. On Wednesday, Hutchins made comments on Twitter that suggested he was at an airport getting ready to board a plane for a flight home. He never left Nevada.
Jake Williams, a respected cybersecurity researcher, said he found it difficult to believe Hutchins is guilty. The two men have worked on various projects, including training material for higher education for which the Briton declined payment.
“He’s a stand-up guy,” Williams said in a text chat. “I can’t reconcile the charges with what I know about him.”
A Justice Department spokesman confirmed the 22-year-old Hutchins was arrested Wednesday in Las Vegas. Officer Rodrigo Pena, a police spokesman in Henderson, near Las Vegas, said Hutchins spent the night in federal custody in the city lockup.
Andrew Mabbitt, a British digital security specialist who had been staying in Las Vegas with Hutchins, said he and his friends grew worried when they got “radio silence” from Hutchins for hours. The worries deepened when Hutchins’ mother called to tell him the young researcher hadn’t made his flight home.
Mabbitt said he eventually found Hutchins’ name on a detention centre website. News of his indictment Thursday left colleagues scrambling to understand what happened.
“We don’t know the evidence the FBI has against him, however we do have some circumstantial evidence that he was involved in that community at the time,” said computer security expert Rob Graham.
The big question is the identity of the co-defendant in the case, whose name is redacted in the indictment. Why was it blacked out? “Maybe the other guy testified against him,” said Graham.
The co-defendant allegedly advertised the malware online. Hutchins is accused of creating and transmitting the program.
Williams, the president of Rendition Infosec, speculated that the co-defendant might have been caught up in the takedown of AlphaBay and framed Hutchins in exchange for a plea deal.
The problem with software creation is that often a program includes code written by multiple programmers. Prosecutors might need to prove that Hutchins wrote code with specific targets.
Williams pointed to a July 13, 2014 tweet by Hutchins, whose moniker is @MalwareTechBlog, asking if anyone had a sample of Kronos to share.
“I’ve written code that other people have injected malware into,” said Graham. “We know that large parts of Kronos were written by other people.”
One legal scholar who specializes in studying computer crime said it’s unusual, and problematic, for prosecutors to go after someone simply for writing or selling malware — as opposed to using it to further a crime.
“This is the first case I know of where the government is prosecuting someone for creating or selling malware but not actually using it,” said Orin Kerr, a law professor at George Washington University. Kerr said it will be difficult to prove criminal intent.
“It’s a constant issue in criminal law — the helping of people who are committing a crime,” Kerr said. “When is that itself a crime?”
O’Brien reported from Providence, R.I. Associated Press writers Raphael Satter in Paris and Frank Bajak in Houston contributed to this report.
Hacker who helped stop global cyberattack arrested | World | News | Toronto Sun
Judge sets $30K bail for UK researcher in malware case
Regina Garcia Cano, Matt O’Brien And Frank Bajak, THE ASSOCIATED PRESS
First posted: Friday, August 04, 2017 07:28 PM EDT | Updated: Friday, August 04, 2017 07:33 PM EDT
LAS VEGAS — A Las Vegas federal judge set bail of US$30,000 on Friday for a celebrated young British cybersecurity researcher accused by U.S. prosecutors of creating and distributing malicious software designed to steal banking passwords.
The attorney for Marcus Hutchins, who has broad support in the information-security community, said the 23-year-old hacker would contest the charges. She said he would not be released until Monday because there wasn’t enough time to post bail after Friday’s afternoon ruling.
Hutchins is due in federal court in Milwaukee on Tuesday.
The U.K. resident gained overnight fame with quick thinking in May when he helped curb the spread of the WannaCry ransomware attack that had crippled thousands of computers worldwide.
Much of the cybersecurity community rallied around Hutchins after his arrest Wednesday, calling him a principled, ethical hacker.
The conditions of his release came as a relief for his supporters.
“This is excellent news,” said Nicholas Weaver, a computer scientist at the University of California at Berkeley. “The indictment is remarkably shallow even by indictment standards, which is disappointing because it adds considerable uncertainty and fosters distrust with the general security community.”
Las Vegas-based attorney Adrian Lobo said money for Hutchins’ bond would come from a variety of supporters and family in the U.S. and abroad. The Electronic Frontier Foundation, a digital leading civil liberties non-profit, said it helped arrange Hutchins counsel and was working to find him an attorney to provide “the best possible defence.”
“Security researchers are vital to protecting the computers we rely upon every day,” EFF general counsel Kurt Opsahl said via email. “Mr. Hutchins’ arrest has unfortunately deepened the divide between the research community and the government.”
Weaver said federal prosecutors and the FBI were making a mistake by not providing more details about the crimes it alleges Hutchins committed. “Having more information would act to reassure the larger security community,” he said.
At the hearing, assistant U.S. attorney Dan Cowhig said Hutchins admitted to authorities in an interview following his arrest that he was the author of the malware code and sold it. He said the government has evidence of chat logs in which Hutchins discussed with an associate the sale of the Kronos banking Trojan.
Magistrate Judge Nancy Koppe said Hutchins is not a danger to the community and has sufficient community support to not be a flight risk.
She ordered him to surrender his passport and said he could fly to Wisconsin, where he was indicted last month, without identification.
“The most recent charge in the indictment is in July of 2015. That’s two years ago that the defendant has been free to roam the world during that period of time,” she said.
Hutchins did not enter a plea at Friday’s hearing. He was arrested while preparing to return home from the Def Con convention for computer security professionals.
He stands accused of creating and distributing malware known as the Kronos banking Trojan. Such malware infects web browsers, then captures usernames and passwords when an unsuspecting user visits a bank or other trusted location, enabling cybertheft.
Computer law expert Tor Ekeland described the evidence so in the case far as flimsy.
“This is a very, very problematic prosecution to my mind, and I think it’s bizarre that the United States government has chosen to prosecute somebody who’s arguably their hero in the WannaCry malware attack and potentially saved lives and thousands, hundreds of thousands, if not millions, of dollars over the sale of alleged malware,” Ekeland said.
The indictment alleges that Hutchins and another defendant — whose name was redacted — conspired between July 2014 and July 2015 to advertise the availability of the Kronos malware on internet forums, sell the malware and profit from it. The indictment also accuses Hutchins of creating the malware.
Programs, however, can often include code written by multiple programmers. Prosecutors might need to prove that Hutchins wrote code that targeted specific institutions.
U.S. Justice Department officials on Friday declined to answers questions about the case. The FBI’s Milwaukee field office, which led the 2-year investigation, didn’t return requests for comment.
Ekeland said that what is notable to him from the indictment is that it doesn’t allege any financial loss to any victims — or in any way identify them. Besides that, laws covering aspects of computer crime are unclear, often giving prosecutors broad discretion.
“The only money mentioned in this indictment is ... for the sale of the software,” he said.
Jake Williams, a respected cybersecurity researcher, said he found it difficult to believe Hutchins is guilty. The two men have worked together on various projects, including training material for higher education for which the Briton declined payment.
Hutchins lives with his family in the town of Ilfracombe, England, and worked out of his bedroom.
His mother, Janet, who has been frantically trying to reach her son, said she was “outraged” by the arrest and that it was “hugely unlikely” her son was involved because he spends much of his time combatting such attacks.
Back in May, the curly-haired computer whiz and surfing enthusiast discovered a so-called “kill switch” that slowed the unprecedented WannaCry outbreak.
He then spent the next three days fighting the worm that crippled Britain’s hospital network as well as factories, government agencies, banks and other businesses around the world.
Though he had always worked under the moniker of MalwareTech, cracking WannaCry led to the loss of his anonymity and propelled him to cyber stardom. There were appearances and a $10,000 prize for cracking WannaCry. He planned to donate the money to charity.
“I don’t think I’m ever going back to the MalwareTech that everyone knew,” he told The Associated Press at the time.
Judge sets $30K bail for UK researcher in malware case | WORLD | World | News |
Regina Garcia Cano, Matt O’Brien And Frank Bajak, THE ASSOCIATED PRESS
First posted: Friday, August 04, 2017 07:28 PM EDT | Updated: Friday, August 04, 2017 07:33 PM EDT
LAS VEGAS — A Las Vegas federal judge set bail of US$30,000 on Friday for a celebrated young British cybersecurity researcher accused by U.S. prosecutors of creating and distributing malicious software designed to steal banking passwords.
The attorney for Marcus Hutchins, who has broad support in the information-security community, said the 23-year-old hacker would contest the charges. She said he would not be released until Monday because there wasn’t enough time to post bail after Friday’s afternoon ruling.
Hutchins is due in federal court in Milwaukee on Tuesday.
The U.K. resident gained overnight fame with quick thinking in May when he helped curb the spread of the WannaCry ransomware attack that had crippled thousands of computers worldwide.
Much of the cybersecurity community rallied around Hutchins after his arrest Wednesday, calling him a principled, ethical hacker.
The conditions of his release came as a relief for his supporters.
“This is excellent news,” said Nicholas Weaver, a computer scientist at the University of California at Berkeley. “The indictment is remarkably shallow even by indictment standards, which is disappointing because it adds considerable uncertainty and fosters distrust with the general security community.”
Las Vegas-based attorney Adrian Lobo said money for Hutchins’ bond would come from a variety of supporters and family in the U.S. and abroad. The Electronic Frontier Foundation, a digital leading civil liberties non-profit, said it helped arrange Hutchins counsel and was working to find him an attorney to provide “the best possible defence.”
“Security researchers are vital to protecting the computers we rely upon every day,” EFF general counsel Kurt Opsahl said via email. “Mr. Hutchins’ arrest has unfortunately deepened the divide between the research community and the government.”
Weaver said federal prosecutors and the FBI were making a mistake by not providing more details about the crimes it alleges Hutchins committed. “Having more information would act to reassure the larger security community,” he said.
At the hearing, assistant U.S. attorney Dan Cowhig said Hutchins admitted to authorities in an interview following his arrest that he was the author of the malware code and sold it. He said the government has evidence of chat logs in which Hutchins discussed with an associate the sale of the Kronos banking Trojan.
Magistrate Judge Nancy Koppe said Hutchins is not a danger to the community and has sufficient community support to not be a flight risk.
She ordered him to surrender his passport and said he could fly to Wisconsin, where he was indicted last month, without identification.
“The most recent charge in the indictment is in July of 2015. That’s two years ago that the defendant has been free to roam the world during that period of time,” she said.
Hutchins did not enter a plea at Friday’s hearing. He was arrested while preparing to return home from the Def Con convention for computer security professionals.
He stands accused of creating and distributing malware known as the Kronos banking Trojan. Such malware infects web browsers, then captures usernames and passwords when an unsuspecting user visits a bank or other trusted location, enabling cybertheft.
Computer law expert Tor Ekeland described the evidence so in the case far as flimsy.
“This is a very, very problematic prosecution to my mind, and I think it’s bizarre that the United States government has chosen to prosecute somebody who’s arguably their hero in the WannaCry malware attack and potentially saved lives and thousands, hundreds of thousands, if not millions, of dollars over the sale of alleged malware,” Ekeland said.
The indictment alleges that Hutchins and another defendant — whose name was redacted — conspired between July 2014 and July 2015 to advertise the availability of the Kronos malware on internet forums, sell the malware and profit from it. The indictment also accuses Hutchins of creating the malware.
Programs, however, can often include code written by multiple programmers. Prosecutors might need to prove that Hutchins wrote code that targeted specific institutions.
U.S. Justice Department officials on Friday declined to answers questions about the case. The FBI’s Milwaukee field office, which led the 2-year investigation, didn’t return requests for comment.
Ekeland said that what is notable to him from the indictment is that it doesn’t allege any financial loss to any victims — or in any way identify them. Besides that, laws covering aspects of computer crime are unclear, often giving prosecutors broad discretion.
“The only money mentioned in this indictment is ... for the sale of the software,” he said.
Jake Williams, a respected cybersecurity researcher, said he found it difficult to believe Hutchins is guilty. The two men have worked together on various projects, including training material for higher education for which the Briton declined payment.
Hutchins lives with his family in the town of Ilfracombe, England, and worked out of his bedroom.
His mother, Janet, who has been frantically trying to reach her son, said she was “outraged” by the arrest and that it was “hugely unlikely” her son was involved because he spends much of his time combatting such attacks.
Back in May, the curly-haired computer whiz and surfing enthusiast discovered a so-called “kill switch” that slowed the unprecedented WannaCry outbreak.
He then spent the next three days fighting the worm that crippled Britain’s hospital network as well as factories, government agencies, banks and other businesses around the world.
Though he had always worked under the moniker of MalwareTech, cracking WannaCry led to the loss of his anonymity and propelled him to cyber stardom. There were appearances and a $10,000 prize for cracking WannaCry. He planned to donate the money to charity.
“I don’t think I’m ever going back to the MalwareTech that everyone knew,” he told The Associated Press at the time.
Judge sets $30K bail for UK researcher in malware case | WORLD | World | News |