Corey Doctorow, BoingBoing: After DEFCON, the FBI arrested the UK national who stopped Wannacry
Was the FBI not aware of his reputation and his role? Or did he disrupt somebody’s sting? Or somebody’s cyberattack?
The worst part of it is that it could be either, and we continue to consider ourselves a democratic society.
The first requires explanation to people who respect him.
The second is a hazard of stings.
The third is probably a situation that governments would not have to admit.
Brave new world, just because someone asked what malevolent can I do with programming. Yet another technology to ask nations to forgo for the sake of normal life.
○ Dark Web: Hansa Market Seized by Dutch Police
The Guardian – in Briton who stopped WannaCry attack arrested over separate malware claims supplies more information.
Addresses one of your questions:
The takedown of AlphaBay was a really big deal.
Unless Hutchins had nothing to do with the Kronos software/malware, he’s in big trouble. Why would someone with a security researcher job at a cybersecurity firm create and sell such a product?
The DEFCON world straddles security and black hat technologies. It is hard to tell from news reports who actually is who.
The dark web is also where covert operations of nations pass through to cut-outs. And where insurgent movements operate. One suspects that operators there don’t like attention drawn to that space of the web.
A security researcher at a cybersecurity firm might have a contract from a government customer to create (and possibly even sell) such a product.The cybersecurity researcher or the firm either one might be in the side business of selling software for others to create fully-loaded malware.
It is also possible for the FBI to have the story not 100% correct.
Nonetheless the more interesting motive now becomes why he bothered to shut down Wannacry.
If so, that would mean that Hutchins’ employer, who has been working with the FBI, threw him under the bus. With the employer and/or the FBI doing so to protect others.
New technology and the cops are always a step or two behind the criminals. Eventually the tech and the cops manage to close most of the vulnerabilities and most of what get left are such small stuff that no respectable burglar or robber would have anything to do with it.
Or just like the “weev” … turned to work for the government …
○ Peter Smith Tapped Alt-Right to Access Dark Net
Charles C. Johnson said he also suggested that Smith get in touch with Andrew Auernheimer, a hacker who goes by the alias ‘Weev’ and has collaborated with Johnson in the past. Auernheimer–who was released from federal prison in 2014 after having a conviction for fraud and hacking offenses vacated [on appeal – May 2014] and subsequently moved to Ukraine.
More Ukrainian influence in U.S. Election 2016 …
○ The Trail of VP Alperovitch @CrowdStrike
○ The Evidence That Russia Hacked The DNC Is Collapsing by Tyler Durden via ZeroHedge
More to read in my earlier diaery …
○ Ukraine-Russia Proxy War and the U.S. Election
For decades a strong Ukrainian-American diaspora has been exploited by NGOs and U.S. government agencies (USAID) to intervene in the Ukraine. The Orange Revolution of 2004 has been well covered. Due to established corruption, all US supported candidates proved to be just as corrupt as their predecessors. Under the Obama administration the U.S. in collusion with the EU and NATO succeeded to overtrhow a democratically elected president.
The Ukraine Affair has been used by anti-Russian forces in right-wing conservative groups and political parties in the UK and the U.S. to force an economic separation with Russia. Ukraine to be used as a crowbar to push the EU and NATO to the border with the Kremlin and in the end to accomplish regime change in Russia. A “united” Europe has been split with Rumsfeld’s New Europe of the Visegrád group of nations.
In 2016 both Ukraine and Russia were active to intervene in the U.S. presidential election. Conveniently the efforts by the Ukraine got no attention in the West.
Ukraine-Russia, same thing right? Well to most voters, I guess.
Possibility. Life imitates Art.
Recalling the old TV series “Wiseguy”. Vinnie Terranova is sent to Newark Prison after a false trial to establish his bona fides to infiltrate the mob.
Part of a sting operation?
Some of the cases recently has seemed more like a form of impressment than voluntary participation in an informant or sting operation.
I don’t know what’s going on with this case, but when Corey Doctorow raises a case, it generally has something critical to do with the growing crapification of the internet and government reaching into limiting constitutional rights.
So much of the media framing is presumption of guilt for most everyone except the 1% like Jamie Dimon and Steve Mnuchin and whoever was driving the fraud at other banks.
Having been a government employee for half my life, I assure you that government much prefers the stick to the carrot. Why persuade when you can threaten. I don’t think I’ve ever received a document from the government that didn’t have a threat somewhere in it.
Carrots are nice though, just keep an eye aloft for the stick.
Ah, but they were just employees and the banks took the rap for that and paid the fines — because there’s no way to incarcerate a corporation.
However, there must be different rules when the executive isn’t an American: Volkswagen executive pleads guilty in emissions scandal
Although the DOJ let the banks off without any admission of guilt if they accepted the fine — so, that may be one of the differences. IOW — Holder and Obama didn’t go after them.
The narrative this reminds me of is an arsonist running into a burning building to rescue a baby and becomes a hero.
That is exactly what the prosecutor better have proof of. Otherwise the niggling questions about the government’s motives will remain with internet freedom advocates and cybersecurity professionals. Going rogue is a hazard of most professions. Only a few professions have consequences severe enough to merit prosecution. What makes this case one of them?
As I understand it, Kronos, the subject malware, was designed for a user to perpetrate financial fraud. Fraud is illegal. If Kronos has any other and legal use. sounds as if it would be incidental and wouldn’t be something people were willing to pay for.
Assuming that Huchins developed the app and released it to one or more persons to use, he’s in serious trouble. Selling it compounds his problem.
Not so sure about that. And if there is a law against selling it, that law may be unconstitutional. It’s like burglar tools, but even more nebulous because we are not talking about physical objects but knowledge. it’s like there was a law prohibiting selling plans for building an assault weapon. To that point, I remember long ago a graduate student arrested for publishing plans for a nuclear bomb that he had made up himself without access to classified material. I never heard how that case was resolved although the government itself in the 1950’s stated that any competent machine shop could make a nuclear bomb if they only had the U-235 or PU-239.
I guess die Gedanken sind nicht frei.
Possession of burglary tools with the intent to commit a crime is illegal. Both elements required. Two problems with your analogy. First such tools do have other lawful uses. Second, how many are single purpose — burglary — tools and if do exist, are any mass produced and sold? Don’t they tend to be modified for use by a person (or an associate) intent on burglary?
Something that security pros will never share with the general public are the details of a successful heist that can be replicated with such knowledge. What they do is advise potential victims of changes to implement that reduce the chances of such a heist in the future. (One thing I have never and will never disclose are any details of a significant burglary, robbery, or embezzlement that aren’t in the public domain. What is publicly disclosed isn’t necessarily always complete and/or totally accurate, and I won’t comment on that either.)
The first computer facilitated bank theft was at (iirc) the Dime Savings Bank in NY. In that case the theft and thief were identified, but they didn’t know how he did it and had to hire him to get the details. Rifkin thought he could get a similar deal.
check this out:
That was in place decades ago. Doubt that bankers haven’t long ago seen to it that similar laws were implemented to protect them.
>>device intended to avoid telephone toll charges
“black boxes” and “blue boxes”, they were called. LOL. I never personally used or made such a device, but friends did both. And my late father was FBI and spent some time investigating their use.
Yes. iirc, the public outrage over the small dollar value of this theft with these crude devices was greater than what is seen today over large dollar value thefts with sophisticated methods today. But standards of morality were much higher then. Government operated legal gambling — lotteries — failed ballot referendum.