Spot the Fed
August 3, 2017 4:15 PM Subscribe
Information security folk hero MalwareTech (a.k.a. Marcus Hutchins) was recently arrested by the FBI after attending DEF CON, the security and hacking conference in Las Vegas. MalwareTech is most famous for stopping the spread of the WannaCry ransomware attack by registering a "killswitch" web domain; however, he was scooped up by the FBI for his alleged role in developing the Kronos banking malware in 2014-15 (see the indictment here). While there are mixed reactions in the community about these events, this is definitely not the first time that tensions have run high around DEF CON.
Previously, Feds have been temporarily uninvited from the con after the Snowden revelations soured relationships. About a decade prior, a Russian researcher presenting on cracking e-book DRM was arrested for alleged violation of the DMCA.
Similar tensions between law enforcement and the computer security community have always been a background issue. One of the larger sticking points involves the many ways that security researchers can be prosecuted under current United States law. The Digital Millennium Copyright Act (or DMCA) has anti-circumvention provisions, which bans the circumvention of technical measures--like encryption--that prevent access to copyrighted material. (For instance, before 2015, someone could be theoretically charged for unlocking their phone.)
In addition, the sixth count charged against MalwareTech was brought under the Computer Fraud and Abuse Act, or CFAA. Many researchers of all stripes have called for reform of the CFAA due to its outdated and disproportionate penalties for unauthorized access to computer systems. Reform could put much of the community on more solid legal ground, removing worries about the legal basis for common practices like penetration testing.
Previously, Feds have been temporarily uninvited from the con after the Snowden revelations soured relationships. About a decade prior, a Russian researcher presenting on cracking e-book DRM was arrested for alleged violation of the DMCA.
Similar tensions between law enforcement and the computer security community have always been a background issue. One of the larger sticking points involves the many ways that security researchers can be prosecuted under current United States law. The Digital Millennium Copyright Act (or DMCA) has anti-circumvention provisions, which bans the circumvention of technical measures--like encryption--that prevent access to copyrighted material. (For instance, before 2015, someone could be theoretically charged for unlocking their phone.)
In addition, the sixth count charged against MalwareTech was brought under the Computer Fraud and Abuse Act, or CFAA. Many researchers of all stripes have called for reform of the CFAA due to its outdated and disproportionate penalties for unauthorized access to computer systems. Reform could put much of the community on more solid legal ground, removing worries about the legal basis for common practices like penetration testing.
Damn, and he didn't even win his Pwnie Award category this year either. I hope he pops up soon and is ok. I don't have a whole lot of sympathy for folks who make malware AND then use it for real, use it recklessly, or sell it to others. But it's not a reason to disappear people...
Funnily enough, I seem to recall Alex Stamos in his Black Hat keynote talk this year talking about the bad old days where they used to have lawyers on standby in the front row of Back Hat / Defcon talks to deal with this sort of thing, and the conference organizers used to have to rip out presentations by hand from printed materials when vendors called in the lawyers to sue speakers. Maybe Black Hat / Defcon need to start handing out emergency locator beacons for speakers that they can dispose of when they get safely back to their country of origin...
posted by inflatablekiwi at 4:51 PM on August 3, 2017 [4 favorites]
Funnily enough, I seem to recall Alex Stamos in his Black Hat keynote talk this year talking about the bad old days where they used to have lawyers on standby in the front row of Back Hat / Defcon talks to deal with this sort of thing, and the conference organizers used to have to rip out presentations by hand from printed materials when vendors called in the lawyers to sue speakers. Maybe Black Hat / Defcon need to start handing out emergency locator beacons for speakers that they can dispose of when they get safely back to their country of origin...
posted by inflatablekiwi at 4:51 PM on August 3, 2017 [4 favorites]
Did he actually do anything wrong? Not asking facetiously. I'm just trying to ascertain that the Feds didn't pick him up because some bank got their jocks in a twist over some security embarrassment.
posted by Talez at 5:09 PM on August 3, 2017 [3 favorites]
posted by Talez at 5:09 PM on August 3, 2017 [3 favorites]
Defcon, I went to a number of them, in my younger days. I went back, after an absence of a decade, and the young guns assumed I was a fed in the game of spot the fed. The old freaks remembered me from the blue box days, and the feds, well, they've never forgotten me. Back before 911, it was a lot safer to be openly defiant and dare them to come at you.
It is disturbing that Marcus is mia. It is disturbing when anyone goes missing after being picked up by feds. As fluid as things in security code are, I'm not willing to automatically believe the indictment, although I don't know Marcus or his work. I would hope that the British embassy could or would do something to find him and keep him in the light.
posted by SecretAgentSockpuppet at 5:12 PM on August 3, 2017 [14 favorites]
It is disturbing that Marcus is mia. It is disturbing when anyone goes missing after being picked up by feds. As fluid as things in security code are, I'm not willing to automatically believe the indictment, although I don't know Marcus or his work. I would hope that the British embassy could or would do something to find him and keep him in the light.
posted by SecretAgentSockpuppet at 5:12 PM on August 3, 2017 [14 favorites]
The Guardian article implies it's fallout from the AlphaBay bust. There are probably more arrests in the works.
posted by JoeZydeco at 5:39 PM on August 3, 2017
posted by JoeZydeco at 5:39 PM on August 3, 2017
Yeah, I'd love to understand: did this person legit create malicious malware? Obviously I think the FBI is terrible and I'm a prison abolitionist, but I still don't really get this person's role: is it fair to say he's probably a complicated character?
posted by latkes at 6:36 PM on August 3, 2017 [2 favorites]
posted by latkes at 6:36 PM on August 3, 2017 [2 favorites]
Do the feds try to flip people any more ?
posted by k5.user at 8:26 PM on August 3 [+] [!]
Why? Just hack or confiscate the server and load it up with trackware.
posted by Samizdata at 6:40 PM on August 3, 2017
posted by k5.user at 8:26 PM on August 3 [+] [!]
Why? Just hack or confiscate the server and load it up with trackware.
posted by Samizdata at 6:40 PM on August 3, 2017
not the arrest, but the disappearance
He was arrested yesterday and in front of a judge today. That doesn't seem unusual.
posted by jpe at 6:46 PM on August 3, 2017 [2 favorites]
He was arrested yesterday and in front of a judge today. That doesn't seem unusual.
posted by jpe at 6:46 PM on August 3, 2017 [2 favorites]
He was unlocatable for a while. He's located more or less for now.
posted by wotsac at 7:20 PM on August 3, 2017
posted by wotsac at 7:20 PM on August 3, 2017
He was not "unlocatable" at any point. That was hysterical nonsense.
It was started because an article quoted an anonymous friend as saying he called the U.S. Marshals who said they had no record of Hutchins...because they're not the agency that arrested him. He was in FBI custody undergoing routine processing and is now being arraigned.
posted by Sangermaine at 7:23 PM on August 3, 2017 [7 favorites]
It was started because an article quoted an anonymous friend as saying he called the U.S. Marshals who said they had no record of Hutchins...because they're not the agency that arrested him. He was in FBI custody undergoing routine processing and is now being arraigned.
posted by Sangermaine at 7:23 PM on August 3, 2017 [7 favorites]
The three WannaCry ransom bitcoint wallets were emptied starting late last night. I've seen some people say that the timing is suspicious. Hoping it's just a huge coincidence.
Hutchins was what 19 when the Kronos malware thing was happening? I wouldn't be surprised if he was involved in that for money and moved to more legit work once he was hired in the industry for real. Doesn't make it right, of course. I still think the way this whole thing went down was a bit weird. Reserving judgement until we know more, though.
posted by gemmy at 8:04 PM on August 3, 2017
Hutchins was what 19 when the Kronos malware thing was happening? I wouldn't be surprised if he was involved in that for money and moved to more legit work once he was hired in the industry for real. Doesn't make it right, of course. I still think the way this whole thing went down was a bit weird. Reserving judgement until we know more, though.
posted by gemmy at 8:04 PM on August 3, 2017
Orin Kerr discusses the indictment on Volokh Conspiracy.
posted by save alive nothing that breatheth at 8:24 PM on August 3, 2017 [2 favorites]
posted by save alive nothing that breatheth at 8:24 PM on August 3, 2017 [2 favorites]
Obviously I think the FBI is terrible
Why? I mean, they are just doing their jobs, they're pretty darn well respected and ethical as law enforcement agencies go. People break the law all the time, knowingly, and take the risk they won't get caught. It doesn't make law enforcement automatically the bad guy because they arrest someone. And the FBI usually has a pretty good case if they do.
posted by fshgrl at 9:40 PM on August 3, 2017 [1 favorite]
Why? I mean, they are just doing their jobs, they're pretty darn well respected and ethical as law enforcement agencies go. People break the law all the time, knowingly, and take the risk they won't get caught. It doesn't make law enforcement automatically the bad guy because they arrest someone. And the FBI usually has a pretty good case if they do.
posted by fshgrl at 9:40 PM on August 3, 2017 [1 favorite]
The charges center on Kronos, a malware designed to drain bank accounts & drop other malware. The claim is he sold it on various darknet markets & possibly wrote it.
posted by scalefree at 10:36 PM on August 3, 2017
posted by scalefree at 10:36 PM on August 3, 2017
What's also strange that a few days ago they robbed his wallet but left his phone. Was he being tracked?
posted by DreamerFi at 2:06 AM on August 4, 2017
posted by DreamerFi at 2:06 AM on August 4, 2017
Why? I mean, they are just doing their jobs, they're pretty darn well respected and ethical as law enforcement agencies go.
They are an unaccountable secret police with a history miles long of intimidation, blackmail and murder. Remember when Trump fired Comey, and how everyone suddenly had to confront that the FBI director is only personally accountable to the President? That's how the secret police in a dictatorship functions, not the federal law enforcement agency of a democracy.
posted by [expletive deleted] at 5:35 AM on August 4, 2017 [5 favorites]
They are an unaccountable secret police with a history miles long of intimidation, blackmail and murder. Remember when Trump fired Comey, and how everyone suddenly had to confront that the FBI director is only personally accountable to the President? That's how the secret police in a dictatorship functions, not the federal law enforcement agency of a democracy.
posted by [expletive deleted] at 5:35 AM on August 4, 2017 [5 favorites]
What's also strange that a few days ago they robbed his wallet but left his phone. Was he being tracked?
Who exactly is the "they" in this scenario?
posted by eponym at 6:37 AM on August 4, 2017
Who exactly is the "they" in this scenario?
posted by eponym at 6:37 AM on August 4, 2017
Yeah, I mean not for nothing, and I'm a big fan of conspiracies, but getting pickpocketed in Vegas doesn't strike me as improbable.
posted by SecretAgentSockpuppet at 8:02 AM on August 4, 2017
posted by SecretAgentSockpuppet at 8:02 AM on August 4, 2017
That's how the secret police in a dictatorship functions, not the federal law enforcement agency of a democracy.
That's an odd statement to make. The President is the democratically elected head of the government; the Director of the FBI is a bureaucrat appointed by him and confirmed by Congress. How is it undemocratic for the President to have this power? Congress could check this ability, if they wanted, but they haven't.
Are you suggesting only the legislature should have the power to fire the FBI Director? Is that how it works in other federal republics like Germany? Or other democracies like the UK? Can the UK Prime Minister, say, dismiss the head of Scotland Yard or must they get Parliament's approval first?
posted by Sangermaine at 9:58 AM on August 4, 2017 [2 favorites]
That's an odd statement to make. The President is the democratically elected head of the government; the Director of the FBI is a bureaucrat appointed by him and confirmed by Congress. How is it undemocratic for the President to have this power? Congress could check this ability, if they wanted, but they haven't.
Are you suggesting only the legislature should have the power to fire the FBI Director? Is that how it works in other federal republics like Germany? Or other democracies like the UK? Can the UK Prime Minister, say, dismiss the head of Scotland Yard or must they get Parliament's approval first?
posted by Sangermaine at 9:58 AM on August 4, 2017 [2 favorites]
You can FOIA the FBI, try that on a secret police force. This is American guys, please don't try to pretend you are living in a real oppressive dictatorship.
posted by fshgrl at 11:17 AM on August 4, 2017 [1 favorite]
posted by fshgrl at 11:17 AM on August 4, 2017 [1 favorite]
You can FOIA the FBI, try that on a secret police force. This is American guys, please don't try to pretend you are living in a real oppressive dictatorship.
Ever heard of COINTELPRO?
posted by thedamnbees at 12:31 PM on August 4, 2017 [1 favorite]
Ever heard of COINTELPRO?
posted by thedamnbees at 12:31 PM on August 4, 2017 [1 favorite]
I'm not a fan of the FBI role in stifling progressive social change: from their relationship to HUAC to COINTELPRO - their covert and illegal campaign against progressive social movements in the 60s and 70s, to their siege on the Branch Davidians that burned dozens of people alive, to the way they deploy their anti "terrorism" units against contemporary movements like the water protectors at Standing Rock.
But hey, you're certainly free to groove on the FBI if you want to!
posted by latkes at 12:37 PM on August 4, 2017
But hey, you're certainly free to groove on the FBI if you want to!
posted by latkes at 12:37 PM on August 4, 2017
Who exactly is the "they" in this scenario?
Yeah, exactly. Weird, right?
Anyway, more news
His attorney is called Tor, but that's probably just a proxy for his real name...
posted by DreamerFi at 2:40 PM on August 4, 2017 [1 favorite]
Yeah, exactly. Weird, right?
Anyway, more news
His attorney is called Tor, but that's probably just a proxy for his real name...
posted by DreamerFi at 2:40 PM on August 4, 2017 [1 favorite]
His attorney is called Tor, but that's probably just a proxy for his real name...
ಠ_ಠ
posted by Cookiebastard at 3:39 PM on August 4, 2017 [2 favorites]
ಠ_ಠ
posted by Cookiebastard at 3:39 PM on August 4, 2017 [2 favorites]
I'm not convinced that what he's accused of doing is even illegal. They say he wrote a piece of software & sold it to people. Using it without authorization of the system owner would be a crime, sure. I use offensive software on a daily basis for my job, a mix of commercial & open source. All of it is suitable for breaking into computers, I just have my employer's explicit permission to use it on their systems. But writing it & selling it? What differentiates the software I use from what MalwareTech is accused of writing? This is going to get very very messy.
posted by scalefree at 1:25 PM on August 5, 2017 [1 favorite]
posted by scalefree at 1:25 PM on August 5, 2017 [1 favorite]
His comment today when there was a line to get into the courtroom everyone was waiting to get into the courtroom and the door was locked and someone said 'you can get in, you are important' was 'I'm not important'.
3 sketch artists - one from Chicago and the 2 dozen + people in the gallery when most cases see 0 people.....you matter.
posted by rough ashlar at 5:09 PM on August 14, 2017
3 sketch artists - one from Chicago and the 2 dozen + people in the gallery when most cases see 0 people.....you matter.
posted by rough ashlar at 5:09 PM on August 14, 2017
« Older Cheap, cheerful, and temporary: tropical mascots | “ — in sinks, tiles, altars, skyscraper lobbies... Newer »
This thread has been archived and is closed to new comments
posted by Abehammerb Lincoln at 4:29 PM on August 3, 2017 [14 favorites]