Hacker Who Never Hacked Anyone Gets 33-Month Prison Sentence

Faybert

Level 24
Thread author
Verified
Top Poster
Well-known
Jan 8, 2017
1,318
A hacker who was arrested and pleaded guilty last year—not because he hacked someone, but for creating and selling a remote access trojan that helped cyber criminals—has finally been sentenced to serve almost three years in prison.

Taylor Huddleston, 26, of Hot Springs, Arkansas, pleaded guilty in July 2017 to one charge of aiding and abetting computer intrusions by building and intentionally selling a remote access trojan (RAT), called NanoCore, to hackers for $25.

Huddleston was arrested in March, almost two months before the FBI raided his house in Hot Springs, Arkansas and left with his computers after 90 minutes, only to return eight weeks later with handcuffs.
........................
........................
........................
 
D

Deleted member 65228

Pfffftttttt....

He was still an asset to the crimes if he sold the content to his buyers whilst knowing what it was going to be used for. Someone isn't just going to buy a 'Remote Access Trojan' for no reason, obviously they'd be engaging in criminal activity themselves and would be using it to target people; you could argue that someone might attempt to so they can use the source code as an educational resource but that argument doesn't really hold up considering there's lots of open-source code regarding software engineering, including for remote access technology.

Malwarebytes actually have an article about the NanoCore RAT for those interested in reading it: Latest Steam Malware Shows Signs of RAT Activity - Malwarebytes Labs

Charges against people violating the Computer Misuse Act is on the rise to set an example that the behaviour isn't acceptable. The logic behind it is that if a clear message that you won't be let off easy for your online crimes is made and sent across to people's minds, then online illegal activity will reduce. Personally I think that it is a good idea and that it will help reduce cyber-crime, but only time will tell.

A few years ago the now-sentenced RAT developer would have probably been handed a year sentence maximum, or none at all.
 

Bleak

Level 4
Verified
Well-known
Sep 5, 2017
149
I don't understand this charge to this specific developer (I don't even know him).. the amount of RATs available freely online is so much to the point that there are several ones open source available for everyone to build upon.

There are even RAT creators that are very active on social sites with a personal name and pictures. I even know someone who's already a member on here who has created probably one of the most popular RATs. (no disrespect meant; I actually do respect and appreciate his programming skills)
 
D

Deleted member 65228

I don't understand this charge to this specific developer (I don't even know him).. the amount of RATs available freely online is so much to the point that there are several ones open source available for everyone to build upon.

There are even RAT creators that are very active on social sites with a personal name and pictures. I even know someone who's already a member on here who has created probably one of the most popular RATs. (no disrespect meant; I actually do respect and appreciate his programming skills)
There's a huge difference between what the person who's been sentenced has done and what people developing open-source software have done (for whatever purpose).

The developer who's been sentenced due to developing malware was developing it with the intention of making a profit from it by selling it to other criminals. I know of NanoCore because I've seen it being used by criminals in wild (not recently though), and I'm sure that the developer of NanoCore was aware of how it was being used.

Open-source content is "free". You can audit the source code, and/or even use it yourself for free (however rules apply depending on the license). People developing open-source content aren't making a profit from it but are only demonstrating their programming skills and helping other people among the open-source community since then those in the community can audit and learn more.

Furthermore, Remote Access Tool's aren't illegal given they are used for good purpose and follow legal guidelines regarding data collection/usage, etc. If you're selling software which is designed to behave in a malicious manner and also selling it to others whilst knowing that they're intentions are malicious, then you're breaking the law.

If the developer of NanoCore didn't market it on bad places nor sell it to people who were obviously going to use it with malicious intent, then he wouldn't have been arrested at all nor sentenced for the crimes he was charged with.

If your friend on this forum who's been making RATs was doing it with malicious intent (e.g. the intent of selling it to other criminals) and pursued that malicious intent, then they'd be breaking the law as well depending on their location. Although I really doubt anyone here is developing RATs with malicious intent. I think I know who you're referring to though... The author of DarkComet? To be fair, the author of DarkComet did stop developing it in the end and as far as I am aware also tried to stop malicious usage, and moved into the security industry afterwards to help fight malware.

People make open-source malware all the time (and also document known vulnerabilities usually after a certain time-period so the vendor the vulnerability is present for has a reasonable amount of time to patch the vulnerability before public exposure) but the intention isn't to help other malware authors and a profit from currency isn't involved in the question. However, criminal groups setting up Ransomware-As-A-Service services would be breaking the law (for example).

Developing malware isn't a crime in itself - people do it all the time for educational purposes. It's when you use it yourself with malicious intent, or give it away/sell it to other people who have malicious intent (whilst knowing that they're intent is malicious), that it becomes a legal matter (in most countries at-least).
 

Bleak

Level 4
Verified
Well-known
Sep 5, 2017
149
@Opcode I appreciate your detailed post, but I probably wasn't clear enough with my comment, I wasn't talking exclusively about opensource RATs/malware... I meant that the web is full of those RATs that's being sold and also being distributed freely on blackhat/hacking forums, and I'm wondering what's so special about this specific NanoCoreRAT that it gets law attention among thousands of those tools that are sold/made for the sole purpose of doing malicious activities. In my personal experience I've seen some closed-source RATs go opensource after its developer give up on its development, it is still clearly used in malicious ways and even often only available on a very specific script kiddies communities/"hacking forums"..

If law shall strike such cases, why not arrest weapons manufacturer that sell weapons to public to stop this activity? -- why arrest the one who carries the weapon but not manufacturer that created this weapon?

Not defending the act of using/selling RAT, but imo, you either chase all RAT creators or don't...
 
D

Deleted member 65228

Not defending the act of using/selling RAT, but imo, you either chase all RAT creators or don't...
Oh okay.

Yes, I agree with you actually. I think that if they are going to chase one person for selling RAT source code, then they should chase all of them... You could argue that it is unfair of them to charge one person for doing it and not another 10 people standing next to him who were doing the same thing or worse.

I assume that they spend their time and resources chasing after big fish over small fish, and the size of the fish being based on how much damage has been done with the fishes content. I don't know how big NanoCore really was since I only encountered it a few times in the wild but it was irritating enough to get the sight of law enforcement so it must have been involved in something big somewhere down the line.

I guess it's a bit like everything else in the world when it comes to the law. You could be ticketed for speeding, whereas someone else could potentially get away with it.
 
  • Like
Reactions: upnorth and Bleak

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top