• Welcome to DOSBODS

    Please consider creating a free account to be able to access all the features of the DOSBODS community. It only takes 20 seconds!

Sign in to follow this  
spunko

Marcus Hutchins, darling of the media detained by FBI

Recommended Posts

(Sorry, this is probably too arcane for some)

Must admit I found this guy to be slightly odd at the time when he decided to go public with his claims of stopping a - likely - state sponsored attack affecting the Holy NHS. He worked in information security so he must have known that his actions would have pissed off powerful people. Most large scale malware nowadays is state sponsored. It's entirely possible to register an IP address and/or domain name with fake information, which he could have done, but he perhaps wanted the attention for his business. Can't blame him for wanting publicity I suppose.

Anyway, fast forward to now and he's been detained by the FBI for allegedly co-creating another piece of malware called Kronos. Obviously the British press are questioning this, almost completely united in their disbelief this guy isn't the saint they painted him out to be.

I spent a few hours yesterday and this morning investigating this guy, as it piqued my longstanding interest on infosec. Found out he supposedly ran a carding forum (very illegal) and allegedly touted malware before this. Uh oh. No idea if that is true or not but it looks like the FBI have had the warrant ready for months.

 

 

 

Share this post


Link to post
Share on other sites

Interesting. No doubt various states are up to their necks in this stuff, he probably should have guessed at what he might have been getting into. Keep us updated, though I imagine this will quietly be swept under the carpet once he has been sufficiently intimidated or co-opted into the fold...

Share this post


Link to post
Share on other sites

What is a carding forum? Never heard of them and can't work out what it might be?

Edit.  Never mind. Stolen credit card details.

Edited by NTB

Share this post


Link to post
Share on other sites

The other interesting development related to this was the AlphaBay guy who got lifted and then topped himself soon after, Alexandre Cazes. Not convinced by the conspiracy theories that thhe Thai police killed him, he probably just didn't want to be Ross Ulbricht 2.0 and be eligible for parole in 2200...  Can't blame him.

One of the other theories regarding this Marcus Hutchins guy is that when the FBI infiltrated AlphaBay they found a treasure trove of information on the sellers of malware on there - one of whom apparently was Hutchins.

Not saying I trust the FBI mind, their official version of how they uncovered Cazes' identity is quite suspect to say the least...

 

The whole thing stinks...

Share this post


Link to post
Share on other sites
34 minutes ago, LC1 said:

Interesting. No doubt various states are up to their necks in this stuff, he probably should have guessed at what he might have been getting into. Keep us updated, though I imagine this will quietly be swept under the carpet once he has been sufficiently intimidated or co-opted into the fold...

Few people seem to know that the WannaCry exploit that Hutchins stopped from ruining the Holy NHS was just a repackage of ETERNALBLUE - created almost definitely by the NSA... !

https://en.wikipedia.org/wiki/EternalBlue

Share this post


Link to post
Share on other sites
1 hour ago, spunko2010 said:

(Sorry, this is probably too arcane for some)

Must admit I found this guy to be slightly odd at the time when he decided to go public with his claims of stopping a - likely - state sponsored attack affecting the Holy NHS. He worked in information security so he must have known that his actions would have pissed off powerful people. Most large scale malware nowadays is state sponsored. It's entirely possible to register an IP address and/or domain name with fake information, which he could have done, but he perhaps wanted the attention for his business. Can't blame him for wanting publicity I suppose.

Anyway, fast forward to now and he's been detained by the FBI for allegedly co-creating another piece of malware called Kronos. Obviously the British press are questioning this, almost completely united in their disbelief this guy isn't the saint they painted him out to be.

I spent a few hours yesterday and this morning investigating this guy, as it piqued my longstanding interest on infosec. Found out he supposedly ran a carding forum (very illegal) and allegedly touted malware before this. Uh oh. No idea if that is true or not but it looks like the FBI have had the warrant ready for months.

 

 

 

Nope.

He was messing aorund i nthe world of malware and the like.

Putting his head up after the NHS fuckup would have put him on the spooks and crooks radar.

Spooks would have looked into him, no theyve a name, address and IP address.

Crooks have a handy patsy to say they worked with if they get pulled in and need to plea bargain.

Id never bother putting my name out for this sort of stuff.

Bit then I avoid using windows, which gets you 99% protection from this sort of fuckwittery.

 

Share this post


Link to post
Share on other sites
18 minutes ago, 201p said:

The print media are so irrelevant. He posted all that to Twitter as he went along.

All short term rental stuff, so none of it actually that costly, or indicative of genuine wealth.

 

Share this post


Link to post
Share on other sites
1 hour ago, spygirl said:

Nope.

He was messing aorund i nthe world of malware and the like.

Putting his head up after the NHS fuckup would have put him on the spooks and crooks radar.

Spooks would have looked into him, no theyve a name, address and IP address.

Crooks have a handy patsy to say they worked with if they get pulled in and need to plea bargain.

Id never bother putting my name out for this sort of stuff.

Bit then I avoid using windows, which gets you 99% protection from this sort of fuckwittery.

 

It is the downfall of so many, going public - and I'm not just talking about the Lottery.  Once you start noticing it etc. In my line of work lots of people have "gone public" to try to make a name of themselves, flashed their success etc, ended up broke or crazy.

Share this post


Link to post
Share on other sites
Just now, spunko2010 said:

It is the downfall of so many, going public - and I'm not just talking about the Lottery.  Once you start noticing it etc. In my line of work lots of people have "gone public" to try to make a name of themselves, flashed their success etc, ended up broke or crazy.

Well yep.

Gives someone a usefull name to give in an terview.

'Ok, whos mr big?'

'Oh its that halfcaste ginger kid from Devon'

 

Share this post


Link to post
Share on other sites
19 hours ago, spunko2010 said:

Few people seem to know that the WannaCry exploit that Hutchins stopped from ruining the Holy NHS was just a repackage of ETERNALBLUE - created almost definitely by the NSA... !

https://en.wikipedia.org/wiki/EternalBlue

Could these attacks that expose vulnerabilities in Windows 98 be a 'state' mechanism to teach a lesson to people / orgs that are still running Windows 98? A lesson to frighten/stimulate a migration to a newer OS ? Are more recent version of the Windows operating system easier for the state to snoop upon, or to get employers to snoop upon employees?

At my last place of work (2015) I still ran Windows 98 systems on all my PCs simply because my IT support couldn't control my PC like it wished, I had a raft of legitimate excuses for keeping '98. Having said that, the majority of my computers run macOS and I'm much more familiar with that and UNIX. I still run 98 on the PCs for what it offers.

Edited by Hopeful

Share this post


Link to post
Share on other sites
58 minutes ago, Hopeful said:

Could these attacks that expose vulnerabilities in Windows 98 be a 'state' mechanism to teach a lesson to people / orgs that are still running Windows 98? A lesson to frighten/stimulate a migration to a newer OS ? Are more recent version of the Windows operating system easier for the state to snoop upon, or to get employers to snoop upon employees?

At my last place of work (2015) I still ran Windows 98 systems on all my PCs simply because my IT support couldn't control my PC like it wished, I had a raft of legitimate excuses for keeping '98. Having said that, the majority of my computers run macOS and I'm much more familiar with that and UNIX. I still run 98 on the PCs for what it offers.

I don't think so. If you look at the list of NSA exploits that we know of, majority of them are for later versions of Windows. Windows 98 has 0.01% of the market share nowadays: https://www.netmarketshare.com/report.aspx?qprid=11&qpaf=&qpcustom=Windows+98&qpcustomb=0

More likely they want you to upgrade, for similar reasons they want you to have the latest smartphone - as technology becomes more advanced, the more potential loopholes can be found (over simplying but generally this is true). There are 50 million lines of code in Windows 10, I don't know how many there are in Windows 98 but it'll be a lot less I suspect.

Bear in mind, this investigation into the Kronos malware allegedly by Hutchins was started in 2015 by Obama: https://www.justice.gov/opa/pr/man-charged-his-role-creating-kronos-banking-trojan- 2 years to investigate a 20 something Brit in his parents basement seems excessive. Must surely be something to do with the Alphabay bust, too coincidental surely.

 

The disbelief in the tech community that this guy has been wrongfully detained is looking stupider by the day. No fan of the NSA/GCHQ and state sanctioned spying but, inverse to what everyone else is saying, I have to give them credit for this - even if it's a bit premature, we'll find out for sure in a few months once the indictment is fully released.

*At least, we'll be given their version of events but they might not be true. The feds have used parallel construction many times.

Share this post


Link to post
Share on other sites
2 minutes ago, spunko2010 said:

I don't think so. If you look at the list of NSA exploits that we know of, majority of them are for later versions of Windows. Windows 98 has 0.01% of the market share nowadays: https://www.netmarketshare.com/report.aspx?qprid=11&qpaf=&qpcustom=Windows+98&qpcustomb=0

More likely they want you to upgrade, for similar reasons they want you to have the latest smartphone - as technology becomes more advanced, the more potential loopholes can be found (over simplying but generally this is true). There are 50 million lines of code in Windows 10, I don't know how many there are in Windows 98 but it'll be a lot less I suspect.

Bear in mind, this investigation into the Kronos malware allegedly by Hutchins was started in 2015 by Obama: https://www.justice.gov/opa/pr/man-charged-his-role-creating-kronos-banking-trojan

The disbelief in the tech community that this guy has been wrongfully detained is looking stupider by the day. No fan of the NSA/GCHQ and state sanctioned spying but, inverse to what everyone else is saying, I have to give them credit for this - even if it's a bit premature, we'll find out for sure in a few months once the indictment is fully released.

To me, the oddest thing about this current arrest is the seemingly rather casual response by the parents, compared to the usual outcry, but as I don't have a TV I might have missed quite a bit.

Share this post


Link to post
Share on other sites
Just now, Hopeful said:

To me, the oddest thing about this current arrest is the seemingly rather casual response by the parents, compared to the usual outcry, but as I don't have a TV I might have missed quite a bit.

Haven't seen the parents but I'd be amazed if Mr Hutchins isn't somewhere 'on the spectrum'.

Share this post


Link to post
Share on other sites
2 minutes ago, spunko2010 said:

Haven't seen the parents but I'd be amazed if Mr Hutchins isn't somewhere 'on the spectrum'.

Absolutely.

Or perhaps on the Amiga 500.

Share this post


Link to post
Share on other sites
1 hour ago, Hopeful said:

Could these attacks that expose vulnerabilities in Windows 98 be a 'state' mechanism to teach a lesson to people / orgs that are still running Windows 98? A lesson to frighten/stimulate a migration to a newer OS ? Are more recent version of the Windows operating system easier for the state to snoop upon, or to get employers to snoop upon employees?

No,  its got holes in it because its fucking shit, seriously this forum is reaching new heights of tin foil hattery. And anyway,  in order to attack any system behind any half decent modern firewall you generally need a user to perform a compromising action (installing something, clicking a browser dialogue, accepting file transfer via a messaging app, entering their login details where they shouldnt, opening an office document and allowing scripts to run, watching an infected media file, using internet explorer browser for pretty much anything etc) so that the attacker can get inside the network.

Edited by goldbug9999

Share this post


Link to post
Share on other sites
3 hours ago, goldbug9999 said:

No,  its got holes in it because its fucking shit, seriously this forum is reaching new heights of tin foil hattery. And anyway,  in order to attack any system behind any half decent modern firewall you generally need a user to perform a compromising action (installing something, clicking a browser dialogue, accepting file transfer via a messaging app, entering their login details where they shouldnt, opening an office document and allowing scripts to run, watching an infected media file, using internet explorer browser for pretty much anything etc) so that the attacker can get inside the network.

Heights... or depths?  xD

Share this post


Link to post
Share on other sites
5 hours ago, goldbug9999 said:

No,  its got holes in it because its fucking shit, seriously this forum is reaching new heights of tin foil hattery. And anyway,  in order to attack any system behind any half decent modern firewall you generally need a user to perform a compromising action (installing something, clicking a browser dialogue, accepting file transfer via a messaging app, entering their login details where they shouldnt, opening an office document and allowing scripts to run, watching an infected media file, using internet explorer browser for pretty much anything etc) so that the attacker can get inside the network.

Indeed, Windows has been stuffed with security vulnerabilities since the first day of its release. In fact the entire history of the OS has largely been defined by attempts to retrofit security often in a clunkingly inefficient and cackhanded manner onto a fundamentally insecure product that was never originally intended to be attached to a global IT network.

Edited by Flirtygirty

Share this post


Link to post
Share on other sites
7 hours ago, spunko2010 said:

Looks like I got it wrong and he wanted to remain anonymous after WannaCry but was outed. Makes more sense now.

http://www.bbc.co.uk/news/technology-40833951

Going by the content of that link it sounds as though, he's admitted to "the feds" that he wrote some (possibly/probably proof of concept) code, and that very same code has been incorporated into some malware.

It makes it sound like the case is that he knowingly added code to malware, and the defense is that he just wrote some code that someone else copied (and pasted...) into the software and released it. They've then linked the code back to him (possibly just decompiled?) as he's publicised the code in the public domain, and therefore saying it was all him.

Should probably make you think twice, if you were so inclined, before publishing potentially malicious code to the internet that could be attributed to you. Even if you were posting it purely for "educational reasons".

Share this post


Link to post
Share on other sites
5 hours ago, leggers said:

Going by the content of that link it sounds as though, he's admitted to "the feds" that he wrote some (possibly/probably proof of concept) code, and that very same code has been incorporated into some malware.

It makes it sound like the case is that he knowingly added code to malware, and the defense is that he just wrote some code that someone else copied (and pasted...) into the software and released it. They've then linked the code back to him (possibly just decompiled?) as he's publicised the code in the public domain, and therefore saying it was all him.

Should probably make you think twice, if you were so inclined, before publishing potentially malicious code to the internet that could be attributed to you. Even if you were posting it purely for "educational reasons".

That's Bill Gates fucked then.

Share this post


Link to post
Share on other sites
5 hours ago, leggers said:

It makes it sound like the case is that he knowingly added code to malware, and the defense is that he just wrote some code that someone else copied (and pasted...) into the software and released it. They've then linked the code back to him (possibly just decompiled?) as he's publicised the code in the public domain, and therefore saying it was all him.

They interviewed a guy on R4 who said exactly this.

He seemed to think that Hutchins discovered the vulnerability eventually exploited by Kronos ages ago and published on twitter saying he had notified the owner of the flawed software and they still hadn't patched it.

Later the code he had used to discover the flaw was obtained by a third party and integrated into Kronos and used maliciously. 

My suspicion is that,  having been at two hacking conferences which are known recruiting grounds by spooks..   he probably mouthed off about how he had written the code in Kronos in front of or directly to one of the spooks.  They took it at face value and shortly after the "tip off" he found himself sporting an orange jump suit.

All of the above allegedly of course (and accuracy subject to my own poor memory from the interview).

Share this post


Link to post
Share on other sites

Note that Hutchins halted the Wannacry Trojan by accident, he registered the associated domain name that halted it without apparently realising that would happen.

It was an accident that he Saved the NHS from Certain Death.

So not quite the white night that the press portrayed him as.

My guess is he a hacker simply to satisfy his curiousity, and published stuff on forums without considering the possible consequences.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.