FBI Arrests Researcher Who Found 'Kill-Switch' to Stop Wannacry Ransomware

L S

L S

Level 5
Thread author
Verified
Well-known
Jul 16, 2014
215
The 22-year-old British security researcher who gained fame for discovering the "kill switch" that stopped the outbreak of the WannaCry ransomware —has been reportedly arrested in the United States after attending the Def Con hacking conference in Las Vegas.

Marcus Hutchins, operates under the alias MalwareTech on Twitter, was detained by the FBI in the state of Nevada, a friend of Hutchins confirmed Motherboard.

At the time of writing, it is unclear why the Internet's 'accidental hero' has been detained by the FBI, but his arrest has sparked an endless debate in the security community.
Hutchins became famous over two months ago when the WannaCry ransomware began hitting businesses, organisations and individuals across the world, and he accidentally halted its global spread by registering a domain name hidden in the malware.

[edited]

The domain as mentioned above was responsible for keeping WannaCry ransomware propagating and spreading like a worm, and if the connection to this domain fails, the SMB worm proceeds to infect the system.

Fortunately, Hutchins registered this domain in question and created a sinkhole–tactic researchers use to redirect traffic from the infected machines to a self-controlled system.

Hutchins is quite active on Twitter, but from last 24 hours, we have not seen any tweet from his account, which suggests the reports are likely correct.

Andrew Mabbitt, Hutchins’s friend has confirmed that he has currently been detained at FBI’s field office in Las Vegas. His friend is also asking for some legal help.
Read more: FBI Arrests Researcher Who Found 'Kill-Switch' to Stop Wannacry Ransomware
 
Last edited by a moderator:
  • Like
Reactions: Handsome Recluse, ElectricSheep, Vasudev and 8 others
F

ForgottenSeer 58943

This brings up some important questions;

1) The British Govt. appears unwilling to help him - stating it's an issue for US Authorities. This potentially indicates the British Govt. themselves could have been aware of the US Govt. interest in him and possibly aided and abetted his detention. If the British Authorities didn't detain him themselves then they probably don't have any evidence of criminal intent. Which then begs the question - are British Authorities utilizing the US Govt. to process legal intent on a British Citizen since they probably didn't have any legal justification to do it themselves? Therefore utilizing the US Govt. as a proxy in the suppression of it's own citizens? Consider this - if the US Govt. wants to arrest, detain, harass a US Citizen without any evidence of criminal intent they legally can't do it. But if that citizen travels to say, Australia, they can utilize the AU govt. as a proxy for such actions.

That's a scary thought when you think about.

2) If there is no evidence of criminal intent then he is an illegally detained foreign national. In that case, he can simply choose not to answer any questions and reach out to the British Consulate. Eventually the US Govt. will either have to charge him or release him. Period. End of story.

3) If there is no evidence of criminal intent, the conspiracy minded may begin to ask why the govt. is so upset with him stopping the spread? Are they somehow involved with this outbreak? Was it a false flag? Staged event to orchestrate some sort of new mandate, law or regulation to further their intrusive agendas? That's certainly something to consider - however remote.

4) Honeypot comes to mind.. Maybe they convinced him to come to the US for this specific detainment. Possibly glorifying his heroic deed, working through plants and sources to get him excited, possibly even paying for his ticket. If he was smart, he'd start to trace how all of these amazing coincidences were put into his path to make his arrival on US Soil possible. A big setup. In intelligence the ego is often used as the manipulating factor. Shelve your ego and you are much safer from these fools.

He made an error in judgement leaving his country. I'm betting he didn't understand the forces levied against him. Once you come into radar range of ANY government you better be prepared to deal with them or better seek out people who can prepare you to deal with them. These govts. are parasitical thugs that will latch onto you like a pitbull. He'll be a marked man for possibly the next decade.
 
Last edited by a moderator:
  • Like
Reactions: Handsome Recluse, StriderHunterX, askmark and 10 others
F

ForgottenSeer 58943

News report state, he's being moved constantly. I assume this is the ploy used to keep an illegally detained subject away from legal counsel. I'd be willing to bet the first thing anyone he reaches out to tells him is to say nothing, do nothing, to sit tight. I'd put money on that being the agenda for quickly shuffling him around. Our govt. is so dirty it's a wonder they can even sleep at night.

The friend, who also works in the cyber security industry, said: "He was detained at McCarran airport yesterday. He checked into his flight and I think he was sitting in the Virgin upper class lounge. "He was escorted out of the airport and never made his flight." Around 20 hours after he went missing, Hutchins' parents told the friend he had been arrested.

After his arrest, Hutchins was taken to Henderson Detention Center in Nevada before being moved to the Las Vegas FBI field office. "I had been trying to get in contact with him for the past 20 hours," the friend told the Telegraph. "I finally located him this morning but they moved him before visiting hours. Now he's in the wind again."
 
  • Like
Reactions: Handsome Recluse, StriderHunterX, ElectricSheep and 6 others
K

kamla5abi

Level 4
Verified
May 15, 2017
178
maybe US govt thinks that him miraculously finding the kill switch domain and then registering it himself is too much of a coincidence? that theres more to the story?

But i can see US govt also being annoyed that he stopped the spread if US govt was linked to it somehow...ex: to set the stage for additional laws to be proposed and hopefully passed "in light of the recent digital outbreak".... Best way to get the public to do what you want is to manufacture a disaster that could have been averted if certain laws were in place...so to mitigate future attacks of this nature, we must approve these laws...blah blah blah... ;)

conspiracy theorists on both sides are going to have a field day with this lol

him being shuffled around to avoid him getting legal representation in the same room with him and to buy time for detaining him illegally past 24 hrs...sounds like an episode in one of those cop shows :p lol
 
  • Like
Reactions: Vasudev, brambedkar59, ravi prakash saini and 3 others
F

ForgottenSeer 58943

DeepWeb said:
What the actual hell. Yeah, I think this will definitely encourage people to avoid DefCon from now on.
Click to expand...

Funny, in the indictment paperwork it says 'knowing and having reason to know that the design of such device renders it primarily useful for the purpose of surreptitious interception of electronic communications in violation of Title 18, United States Code, Sections 2512(1)(s) and 2.

How about the pot calling the kettle black? We now know our govt. hordes exploits, creates malware, modifies malware, delivers malware. Modifies hardware and firmware to install malware. Backdoors hard drives, switches, computers, etc. All for the purpose of surreptitious interception of electronic communications in violation of Title 18, United States Code, Sections 2512(1)(s) and 2.

If anyone should be indicted, it would be our own intelligence people. How many hundreds of thousands of times have they violated Title 18? Pathetic.
 
  • Like
Reactions: Handsome Recluse, DJ Panda, DeepWeb and 1 other person
mekelek

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,661
ForgottenSeer 58943 said:
Funny, in the indictment paperwork it says 'knowing and having reason to know that the design of such device renders it primarily useful for the purpose of surreptitious interception of electronic communications in violation of Title 18, United States Code, Sections 2512(1)(s) and 2.

How about the pot calling the kettle black? We now know our govt. hordes exploits, creates malware, modifies malware, delivers malware. Modifies hardware and firmware to install malware. Backdoors hard drives, switches, computers, etc. All for the purpose of surreptitious interception of electronic communications in violation of Title 18, United States Code, Sections 2512(1)(s) and 2.

If anyone should be indicted, it would be our own intelligence people. How many hundreds of thousands of times have they violated Title 18? Pathetic.
Click to expand...
you're so all over the legal bs that you seem to miss the point that he got detained and indicted for running Kronos and has nothing to do with wannacry..
 
brambedkar59

brambedkar59

Level 29
Verified
Top Poster
Well-known
Apr 16, 2017
1,878
SHvFl said:
He is a suspect for the Kronos banking malware.

Marcus Hutchinson Indictment

EDIT: Doesn't make much sense but you never know who is the person behind an online id. For example we already know @rockstarrocks is a terrorist and doesn't want to be monitored. /s
Click to expand...
That's why I don't use any VPN or TOR, and use all the Google services cause it's best for your privacy.:p
BTW I think FBI/NSA/CIA will be more interested in a spam kitty than me.:D
 
Last edited:
  • Like
Reactions: Handsome Recluse, ElectricSheep, frogboy and 3 others
DeepWeb

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
ForgottenSeer 58943 said:
Funny, in the indictment paperwork it says 'knowing and having reason to know that the design of such device renders it primarily useful for the purpose of surreptitious interception of electronic communications in violation of Title 18, United States Code, Sections 2512(1)(s) and 2.

How about the pot calling the kettle black? We now know our govt. hordes exploits, creates malware, modifies malware, delivers malware. Modifies hardware and firmware to install malware. Backdoors hard drives, switches, computers, etc. All for the purpose of surreptitious interception of electronic communications in violation of Title 18, United States Code, Sections 2512(1)(s) and 2.

If anyone should be indicted, it would be our own intelligence people. How many hundreds of thousands of times have they violated Title 18? Pathetic.
Click to expand...
This I believe is the main reason. A very convenient way to seize his laptop and take all the hacking tools that he created. ;)
 
  • Like
Reactions: ElectricSheep, frogboy and ZeroDay
D

Deleted member 178

When you create/release/update a malware for research purpose is ok, but allowing someone you personally knows to sell it, is highly questionable.
Real malware researchers/pentesters don't sell their findings, they share it for free on github or similar developers sites, not sell them on the darkweb which is being a cyber-criminal.
He reaped what he sow. Well deserved.
And anyway , you must be an total dumbass to brag about creating a malware and distributing it on the darkweb ! LOL.

Now does he really stop wannacry just by chance out of curiosity or he was looking at it to "use" it for his own benefit...?
 
  • Like
Reactions: L S, DJ Panda, OutOfBounds and 3 others
F

ForgottenSeer 58943

I wonder if it's all cooked up nonsense? His mistake may have been making the CIA angry perhaps? Good luck trying to convince old technically inept judges that still use flip phones that you are innocent. These people can't use a browser much less understand cybersecurity. It seems like working with the US Govt. on anything taints you forever these days.

Did the Man Who Saved the Internet From WannaCry Secretly Build Malware?
But some who’ve worked with Hutchins are convinced the FBI made a mistake. “I know Marcus,” wrote Kevin Beaumont, a Liverpool security architect, on Twitter. “He has a business which fights against exactly this (bot malware), it’s all he does. He feeds that info to U.S. law enforcement… The DoJ has seriously #####ed up.”

If the indictment is a result of a mix-up, it’s conceivable that Hutchins’ sinkhole server—the one he used to kill WannaCry—is what got him in trouble.
 
Last edited by a moderator:
  • Like
Reactions: ZeroDay
Fritz

Fritz

Level 11
Verified
Top Poster
Well-known
Sep 28, 2015
543
It does seem kinda fishy. Now I don't know the guy, but he supposedly compromised all of… "10 computers or more" :eek:

Law is sometimes funny in a way, so maybe there are only two levels available—either less than 10 or more—to dignify the charge legally, so it doesn't matter if it's 10.000 or a few million in the end. Otherwise the charge sounds rather minor. Hence, I really wonder why they dragged him out of the airport like the Mossad pulled nazis out of Argentina. Then moving the poor bastard all over the place to hinder counsel like in some bad movie… is there any proportionality I'm missing? o_O
 
  • Like
Reactions: Handsome Recluse and frogboy
F

ForgottenSeer 58943

Fritz said:
It does seem kinda fishy. Now I don't know the guy, but he supposedly compromised all of… "10 computers or more" :eek:

Law is sometimes funny in a way, so maybe there are only two levels available—either less than 10 or more—to dignify the charge legally, so it doesn't matter if it's 10.000 or a few million in the end. Otherwise the charge sounds rather minor. Hence, I really wonder why they dragged him out of the airport like the Mossad pulled nazis out of Argentina. Then moving the poor bastard all over the place to hinder counsel like in some bad movie… is there any proportionality I'm missing? o_O
Click to expand...

Proportionality may be missing because perhaps they want to use him to send a message. I'm still bewildered he didn't have the foresight and wisdom to understand the forces levied against him.

The govt. are masters at entrapment, planting evidence, goading people to do this or that going way beyond simple encouragement, etc. I wouldn't be surprised if there is a lot more to this. I've been told first hand accounts of the FBI using people to entrap others, even using people to supply free or cheap equipment which is later confiscated and used as evidence with that explicit purpose. Beware, they're skilled at creating villains to justify their power and big budgets. :p
 
  • Like
Reactions: Handsome Recluse and Fritz
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Applause
Security News French police arrests Russian suspect linked to Hive ransomware
Replies
0
Views
1,016
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Lymphocyte
    • Like
Security News LockBit ransomware affiliate gets four years in jail, to pay $860k
Replies
0
Views
716
Security News
Lymphocyte
Lymphocyte
cryogent
    • Like
    • +Reputation
RPC Firewall Dubbed 'Ransomware Kill Switch' Released to Open Source
Replies
2
Views
696
News Archive
Andy Ful
Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top