Security Investigator Pleads Guilty to Malware Writing Accusations


Security researcher Marcus Hutchins pleaded guilty Wednesday to writing malware and helping with its distribution with the help of a partner.

Hutchins is best known for his key role in breaking the spread of WannaCry around the world and his person online MalwareTech where he interacts with the information security community, helping those who enter the field, disseminating information about new threats, and launching tutorials on how to analyze malware.

Hutchins was arrested at the Las Vegas airport on Aug. 2, 2017, on his way home to the UK after attending the Black Hat and DEF CON security conferences as a security researcher.

Possible arrest time and significant fines

Filed on Friday, the guilty plea agreement is for Count One and Count Two of a total of 10 charges provided on a prosecution for replacement of the American prosecutors.

They refer to the development of malware (UPAS-Kit and Kronos bank trojans) and help with their distribution in partnership with a co-conspirator known as "Vinny", "VinnyK", "Aurora 123", "And the Wind Took" , "Cocaine," and "Jack of All Trades." These activities occurred between July 2012 and September 2015, according to court documents.

Each of the two charges carries a maximum sentence of five years in prison, up to $ 250,000 in fines, a year of supervised release, and a special assessment of $ 100. In total, Hutchins is at risk of 10 years in prison and $ 500,000 in fines. After this agreement, the rest of the counts will be judged in the court after the sentence.

It should be noted that, irrespective of the outcome of this agreement, Hutchins is not exempt from other civil or administrative actions, from US or local governments.

In a public statement on his blog, the researcher says he regrets his actions before his career in the field of cyber security and takes full responsibility for his mistakes.

"Having grown up, I have since used the same skills that I have been using wrong for several years for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks."

Support is still strong

Although they do not always openly admit, and for good reason, many security researchers have enjoyed the cybercrime activity. Often, there is a drop of blackhat on all the professionals wearing a white hat. This is particularly true with the older generations of security experts who did not have current information resources; In addition, they did this at a time when laws for cyber incidents were too vague or nonexistent.

Today's internet, however, offers enough learning opportunities to reach expert levels without having to break the law and even for free. Hutchins agrees:

After his arrest, many researchers came together to help him. Even his local Conservative deputy, Peter Heaton-Jones, and a dozen more sent letters of support in his name. Hutchins has relied on crowdfunding to cover his legal fees.

Even now, Hutchins has a large crowd in his corner. A superficial look at the responses he received after tweeting his statement about the latest development of the case shows, most of the time, positive comments; you would have to look further to find a negative response.

Looking closer, it is clear that most of them are in the field of computer security: trainers, malware researchers, penetration testers, reverse engineering, security consultants, nerds.

Rescuing yourself

After giving up the criminal life, Hutchins devoted his skills to fighting malware threats and applied for a position at the British intelligence agency, General Communications Headquarters (GCHQ), but got a better deal with the US cyber security company Kryptos Logic, who recruited him later seeing his analysis of the botnet Kelihos).

Even before his entry, Hutchins published technical articles that showed his reverse engineering skills, often revealing the tricks used in various strains of malware and their components; and offering details on how to fight them.

In a post in 2013 on the imminent leak of source code for banking malware Carberp, Hutchins wrote the following:

"Nothing good comes from leaks like this. AV companies get a huge wave of infected users and spin-off bots are usually created.[…] I think we can only hope that leading anti-virus vendors can upgrade their software to deal with this threat before more damage is done. In addition, the first 5 people asking me where to get the source will receive a virtual slap (all expenses paid) and my eternal disapproval. "

Even after he was arrested, he continued to add inputs to combat cybercrime: identifying and understanding command and control server topology (Emotet), tracking botnets (Hide and Seek), reviewing a reverse engineering tool (NSA GHIDRA), and analyzing security vulnerabilities.

All this effort resulted in a community of supporters who not only offered words of comfort, but also met to pay his legal fees (after his arrest he was barred from working for his employer).

This, together with the time already served, can also count when the court gives the sentence, for which there is no date scheduled at the time.


Source link