Author Topic: Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con  (Read 974 times)

0 Members and 1 Guest are viewing this topic.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 18339
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
First report from Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con - Motherboard

Quote
On Wednesday, US authorities detained a researcher who goes by the handle MalwareTech, best known for stopping the spread of the WannaCry ransomware virus.

Kronos Indictment R

NHS cyber-defender Marcus Hutchins arrested in US - BBC News

Story plus indictment at ZDNet:  UK researcher who stopped WannaCry outbreak arrested over Kronos malware | ZDNet


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 18339
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con
« Reply #1 on: August 03, 2017, 08:57:15 PM »
Bleeping Computer's article includes links to Twitter feeds to a number of members of the infosec industry discussing working with MalwareTech as well as his friend who had been trying to locate him.  It appears from that discussion EFF (Electronic Frontier Foundation) may be coming to his aid (https://twitter.com/MabbsSec/status/893166585736724481).

Bleeping Computer:  MalwareTech Arrested by the FBI on Charges of Creating Kronos Banking Trojan


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 18339
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Paddy

  • LandzDown Team
  • Hero Member
  • *****
  • Posts: 1509
    • View Profile
Re: Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con
« Reply #3 on: August 04, 2017, 11:08:08 AM »
And from this side ofthe pond..

http://www.bbc.co.uk/news/uk-england-40820837


Paddy...
This is one race of people for whom psychoanalysis is of no use whatsoever - Sigmund Freud (about the Irish)

Never argue with a fool, they will lower you to their level and then beat you with experience.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 18339
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con
« Reply #4 on: August 04, 2017, 04:03:42 PM »
Analysis of the indictment by Orin Kerr at The Kronos indictment: Is it a crime to create and sell malware? - The Washington Post.  Kerr is described as follows:

Quote
Orin Kerr is the Fred C. Stevenson Research Professor at The George Washington University Law School, where he has taught since 2001. He teaches and writes in the area of criminal procedure and computer crime law.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline techie

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 505
    • View Profile
Re: Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con
« Reply #5 on: August 04, 2017, 05:36:47 PM »
In my opinion, if you wrote it you own it. He may have stopped it, but it wouldn't have been used if he didn't sell it or develop it.

Sorry, but it's on him.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 18339
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con
« Reply #6 on: August 04, 2017, 06:00:23 PM »
It was WannaCry that he stopped and Kronos that he allegedly created and the unnamed accomplice sold.  From what I've been reading, members of the infosec community are not convinced he created Kronos but that doesn't mean they are right. 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline techie

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 505
    • View Profile
Re: Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con
« Reply #7 on: August 04, 2017, 06:13:34 PM »
It was WannaCry that he stopped and Kronos that he allegedly created and the unnamed accomplice sold.  From what I've been reading, members of the infosec community are not convinced he created Kronos but that doesn't mean they are right.

I missed that it was two separate things. If he did write it then he owns it regardless. If it was sold for a profit, then it is malicious intent. How it was distributed, doesn't make any difference.

That's if he wrote it?

One is ransom ware (format and reinstall, hope you have a good backup). The Kronos however is even worse that it can steal directly from your personal banking accounts, etc. once evoked.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 18339
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con
« Reply #8 on: August 04, 2017, 11:39:47 PM »
Judge sets $30K bail in banking malware case for hacker who helped stop WannaCry attack - Chicago Tribune

For those who use Facebook, interview with his attorney:  https://www.facebook.com/ChristyNews3LV/videos/1746478715365613/ and a correction of some of the information from the interview/press, An update on @MalwareTechBlog and some clarification on misreported facts at https://twitter.com/MabbsSec/status/893624617142759425 posted by Andrew Mabbitt, Founder / Hacker @ Fidus Information Security.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 18339
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con
« Reply #9 on: August 05, 2017, 12:40:29 AM »
Then we have conflicting information in Hacker Marcus Hutchins 'admits' role in malware:

Quote
Earlier, a prosecutor told the court that Hutchins had admitted in a police interview that he created the code for the malware.

and

Quote
After the hearing, Hutchins's lawyer Adrian Lobo denied her client was the author of the code.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline plodr

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 850
    • View Profile
Re: Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con
« Reply #10 on: August 05, 2017, 01:13:34 PM »
This will be interesting. Suppose he didn't write the original ransomware but did write the antidote and gets convicted for that.
Does that mean a) other individuals will stop trying to find antidotes for the new ransomware that will appear in the future to avoid prosecution and b) will people who write code for companies like malwarebytes (just an example) be exempt because they work for a company?

There are no black and white answers to any of those questions!

No one is supposed to reverse-engineer code so does that mean we all bury our heads in the sand and pretend ransomware can't be looked at to find a solution?

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 18339
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con
« Reply #11 on: August 05, 2017, 02:11:12 PM »
It doesn't mean that others in the infosec community will stop their attempts.  Rather, they will stop sharing the information they find with government agencies.  One example by Kevin Beaumont, Regarding Marcus Hutchins aka MalwareTech – DoublePulsar:

Quote
On a personal note, I am withdrawing from dealing with the NCSC and sharing all threat intelligence data and new techniques until this situation is resolved. This includes through Cyber Security Information Sharing Partnership. Many of us in the cyber security community openly and privately share information about new methods of attacks to ensure the security for all, and I do not wish to place myself in danger.

As to reverse engineering, that applies to licensed software.  Security researchers need to essentially tear apart malware in order to determine how it is able to work and then provide security updates to protect from the malware.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 18339
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con
« Reply #12 on: August 14, 2017, 09:59:22 PM »
Marcus Hutchins, aka MalwareTech, will be tracked by GPS but will be allowed full internet access so he can continue to work as a security researcher.

Researcher Who Stopped WannaCry Pleads Not Guilty to Creating Banking Malware - Motherboard

Quote
Uncertainty surrounds Hutchins case. Legal experts questioned the government's charges,  arguing that it's unclear that simply writing software—and not actively  participating in using it to hack anyone—is a crime at all. Moreover, as well-known security blogger Marcy Wheeler noted, why is a British researcher being indicted in the United States for a malware that apparently had no American victims?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.