FBI Arrests Creator Of Remote Access Tool, Rather Than Those Abusing It To Commit Crime
from the nice-work,-g-men! dept
The DOJ is attempting to prosecute the creator of a remote access software -- not because he used it for nefarious purposes -- but because it can (and has been) used by criminals. Kevin Poulsen has the whole bizarre story at The Daily Beast -- one that involves a 26-year-old programmer and the remote administration tool (RAT) he created and sold.
Taylor Huddleston, creator of NanoCore, a RAT that has been linked to intrusions in ten countries, had his home raided by FBI agents on December 6th. The 14-page indictment paints Huddleston as a willing accomplice -- someone who sold his product to bad people to do bad things.
But the facts of the case -- things that can be proven with forum chat logs and Huddleston's proactive efforts to prevent his RAT from being abused -- disagree with the government's narrative. NanoCore does all the things an administrative tool is expected to do, including keylogging and granting control to remote administrators. But Huddleston claims he created the tool to be a low-cost solution for cash-strapped businesses and small government agencies. His actions appear to back up the claims that he never intended this to be a plaything for criminal hackers.
While Huddleston did debut and offer his product for sale at HackForums -- hardly the best marketplace if one wants to be seen as purely innocent -- he took corrective actions and issued strict warnings about illegal deployment.
[H]uddleston found himself routinely admonishing people not to use his software for crime. “NanoCore does not permit illegal use,” he wrote in one post. In another, “NanoCore is NOT malware. It is intended to be used legitimately and I don’t want to see words like ‘slave’ and ‘infect.’” Huddleston backed his words with action. Whenever he saw evidence that a particular buyer was using the product to hack, he’d log in to Net Seal and disable that user’s copy, cutting the hacker off from his infected slaves.
Net Seal is another of Huddleston's creations. It allows users to protect their IP by allowing them to shut down questionable copies of their software -- like copies purchased with stolen credit cards. Oddly enough, this IP protection tool is also named in the indictment as more evidence of Huddleston's criminal intent.
“Net Seal licensing software is licensing software for cybercriminals,” the indictment declares. For this surprising charge—remember, Huddleston use the licenses to fight crooks and pirates—the government leans on the conviction of a Virginia college student named Zachary Shames, who pleaded guilty in January to selling hackers a keystroke logging program called Limitless. Unlike Huddleston, Shames embraced malicious use of his code. And he used Net Seal to protect and distribute it.
That ridiculous claim shows how far the government is willing to go to pin the bad deeds of criminals it can't catch on the creator of the software they're abusing. But the government has to show Huddleston created the software with the intent that it be used for criminal activity. That's going to be extremely tough to prove. So, it looks like the government's hoping to turn Huddleston into a cooperative witness or pressure him into a plea deal that will prevent it from having to climb this evidentiary mountain.
One of the tools at the government's disposal is particularly nefarious. Huddleston wrote and sold software to get his head above water financially. The small amount of money he made from selling Net Seal and NanoCore (he fully divested his ownership of the latter late last year for a whole $5,000) allowed him to purchase a very modest $60,000 house for him and his girlfriend. The government wants to seize the house, claiming it was purchased with the proceeds of illegal activity. But it has yet to prove the sale of these two tools was a criminal act in and of itself. The horrible thing about forfeiture is the government can uncouple this from the prosecution and file an administrative claim which would place Huddleston's new home in its hands and shift the burden of proof to the indicted programmer.
The only way this case doesn't blow up in the government's face is if it can convince Huddleston not to go to trial. This placement of secondhand guilt on the creator of a remote administration tool is idiotic and disingenuous. No one's going after Microsoft for building the same functionality into its operating system, even though it's routinely abused by criminals and scam artists.
What this really boils down to is law enforcement laziness, which it commonly refers to as "efficiency." It's incredibly easy to find the creator of software abused by criminals because a creator who doesn't feel he's committed any criminal act isn't going to do much of anything to cover his tracks or get off the grid. It's punishment that only makes sense to misguided prosecutors and FBI officials who feel any successful bust is a good bust. And if they do succeed in putting Huddleston in prison, absolutely no one will be vindicated.
In the meantime, Huddleston has to fight back with his hands tied. He was released on bond but forbidden to use the internet. His arraignment takes place in a city 16 hours from where he lives. His recently-purchased home may not be his for much longer. And all the criminals misusing his product -- the ones he actively fought back against -- are still out there committing criminal acts.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: doj, fbi, liability, nanocore, net seal, rat, remote access, secondary liability, taylor huddleston
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
> internet, whether by computer or smartphone
How does one "stay completely off the internet" in today's world?
Merely making a telephone call on a landline or watching television involves use of the internet. Taking money out of an ATM or making a credit card purchase at Target involves using the internet. Driving a modern car involves use of the internet. Even driving an old car in one of the toll lanes in my city involves use of the internet. Hell, just riding the elevator in my building involves use of the internet.
[ link to this | view in chronology ]
Re: Re:
Most bills are paid online nowadays too. This is like a judge ordering someone not to read their snail mail.
The UN has declared that internet access disruption is a human rights violation. Can a judge order you stop using electricity or water as condition of your bond? How is this different?
[ link to this | view in chronology ]
Re:
his software is the most widely deployed tactical attack platform ever, it is LITERALLY used to nuke stuff from Earth orbit.
i'm speaking of MS Windows of course :p
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Rule by insanity
FBII, acronym for Fucking Bunch off Idiots (with guns and attitude).
Think of gun manufacturers Smith and Wesson, etc.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Would the DOJ seize any money to be used for his defense as "proceeds of crime?"
If someone runs the campaign for him, would they prosecute him for "using the internet by proxy?"
Is this case designed to provoke rhetorical questions?
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
If you also take away a programmer's internet access and products - and his computers - you're also denying him further income for living expenses, let alone a proper defense. Taking away his house and making him homeless is just the cherry on top.
That denying him legal representation is a felony is irrelevant, when that felony is committed by the very people responsible for prosecuting it.
[ link to this | view in chronology ]
Ha! In this context -- defending an enabler of hackers -- you're even praising DRM: "Net Seal ... allows users to protect their IP".
Whatever intentions were, now don't matter. That's just fact. You may think will escape because "legally" clear, but the Gestapo system doesn't care beans once they can plausibly pin something on you.
Choose your battles. Stay away from the margins, kids: dangerous places. And don't even defend those who knowingly take risks, they'll just drag you down with them. -- Instead promote the old straight-and-narrow so that you have firm place to stand when criticizing the Gestapo.
[ link to this | view in chronology ]
Re: Ha! In this context -- defending an enabler of hackers -- you're even praising DRM: "Net Seal ... allows users to protect their IP".
Honestly, for those who do understand, you come off as a loony at best.
[ link to this | view in chronology ]
Re: Re: Ha! In this context -- defending an enabler of hackers -- you're even praising DRM: "Net Seal ... allows users to protect their IP".
Yet I'm the loony, eh?
[ link to this | view in chronology ]
Re: Ha! In this context -- defending an enabler of hackers -- you're even praising DRM: "Net Seal ... allows users to protect their IP".
Actually, his intentions are the very heart of the issue. Any time a product has dual-use capability (legal and illegal uses), the intent of the person is the key factor in the case.
So saying his intentions don't matter couldn't be a more wrong statement.
[ link to this | view in chronology ]
Re: Re: Ha! In this context -- defending an enabler of hackers -- you're even praising DRM: "Net Seal ... allows users to protect their IP".
Nope, YOU ARE PROVED WRONG. He'll be doing 33 months in JAIL.
[ link to this | view in chronology ]
Re: Re: Re: Ha! In this context -- defending an enabler of hacke
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Isn't it obvious?
So the FBI locked him up, and he is now forbidden to use the Internet.
Apparently he disabled one too many copies of his software and they decided to put a stop to it.
[ link to this | view in chronology ]
Re: Isn't it obvious?
[ link to this | view in chronology ]
Re: Re: Isn't it obvious?
[ link to this | view in chronology ]
Re: Re: Re: Isn't it obvious?
[ link to this | view in chronology ]
Re: Re: Re: Re: Isn't it obvious?
[ link to this | view in chronology ]
Re: Re: Isn't it obvious?
I'd aim for the "Funny" award, but nobody gets my jokes either.
Sob.
[ link to this | view in chronology ]
Re: Re: Re: Isn't it obvious?
[ link to this | view in chronology ]
How is this legal?
[ link to this | view in chronology ]
Re:
"Priorities"
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
In my case, not owning a car and having to reload my transit pass on the internet, it would even mean "no transportation." And "no banking or paying utility bills."
And being a programmer and supporting my software at several companies across the country, it means "no job and no income."
[ link to this | view in chronology ]
Re: Re: Re:
Smart meters on electric and gas utilities are networked -- let's hope your internet or electronics ban doesn't coincide with a cold winter or it might become illegal for you to not freeze to death.
Refrigerators are sometimes networked, so are some pantry doors. Some food packages have RFID tags and auto-order software. Amazon sells these little button fobs that you stick to things like your dishwasher and clothes washer, to order more soap when you run low -- those would be banned by this sort of order, but appearing in court in dirty clothes could get you jailed for contempt.
Given how many things are electronic and/or networked these days, even living off grid in a tent in the woods might indirectly violate the ban.
[ link to this | view in chronology ]
Operative Sentence from the Story...
Have to give credit where credit is due to Tim when he wrote this article and put that issue upfront and center. Kinda gives a better tone for the rest of the article.
[ link to this | view in chronology ]
Re: Operative Sentence from the Story...
[ link to this | view in chronology ]
Re: Re: Operative Sentence from the Story...
~Most Americans and generally ALL stupid people that population planet earth.
(History is rife with guilty until proven innocent nations & cultures)
[ link to this | view in chronology ]
Re: Re: Re: Operative Sentence from the Story...
> population planet earth.
I love it when those who can't even put together a linguistically coherent sentence call other people stupid.
[ link to this | view in chronology ]
Re: Re: Operative Sentence from the Story...
After all, more people have been killed by maliciously applied knowledge of chemistry throughout history than have been killed by maliciously applied bullets.
[ link to this | view in chronology ]
Re: Re: Operative Sentence from the Story...
In nothing else, if said activities were brought to light in your analogy, legal customers would be a hard thing to come by, for fear of getting entangled any illicit activity.
[ link to this | view in chronology ]
Re: Operative Sentence from the Story...
Despite its nefarious-sounding name, the site isn't all about hacking. It has sections on legitimate coding, computer gaming, even financial investment strategies. There are long threads about PokeMon and how to craft a cool YouTube page.
[ link to this | view in chronology ]
Re: Re: Operative Sentence from the Story...
I suspect both that you're using the term "hacking" in its popular-culture sense, which is more properly called "cracking", and that the site itself may not have been named with that sense of the term in mind. (The proper sense is, I believe, considered a superset of the other sense.)
[ link to this | view in chronology ]
When will the FBI go after Dameware?
When will the Fibbies go after Dameware? It's probably 10x more effective than some shareware RAT.
[ link to this | view in chronology ]
Re: When will the FBI go after Dameware?
Remote Desktop products from Symantec's PCAnywhere and TeamViewer have long been used for similar crimes. The company that acquired Dameware is worth at least $4.5 billion.
To answer your question, "never." They have the resources to defend themselves. This guy doesn't.
[ link to this | view in chronology ]
Re: Re: When will the FBI go after Dameware?
[ link to this | view in chronology ]
Do we really want that? Online activation is bad enough (and something I will never personally accept), but now companies can remotely disable your software? No thanks!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Is EFF all over this?
Also, it seems like a waste of FBI resources... I mean, if he can 'shut off' copies of software used for nefarious purposes, wouldn't it be in the FBI's best interest to work with him to find the people who bought and were administrating these 'infected' machines?
So much for thinking...
[ link to this | view in chronology ]
Re: Is EFF all over this?
Also, it seems like a waste of FBI resources... I mean, if he can 'shut off' copies of software used for nefarious purposes, wouldn't it be in the FBI's best interest to work with him to find the people who bought and were administrating these 'infected' machines?
Keep in mind this is the FBI we're talking about, an agency that prefers to manufacture their own 'terrorists' to bust rather than do anything about real threats.
The agency has an aversion to work, going after the actual guilty parties would require work, therefore it's easier to go after this guy and score an easy plea deal after draining him of any resources to fight back.
[ link to this | view in chronology ]
Hammers
How many of these wicked devices have been used to Kill, Murder or maim innocent people or unexpecting law enforcement officers. And the children, OMG the Children!
Lock 'em up - all of them, Craftsman, Stanley, Husky, dewalt....no...lock them all up!
[ link to this | view in chronology ]
This is just a guess:
[ link to this | view in chronology ]
Re: This is just a guess:
[ link to this | view in chronology ]
Re: Re: This is just a guess:
I still remember when watching movies about conspiracies as a youth... It was nice back then to be able to think of it as fiction.
[ link to this | view in chronology ]
Revenge - Release source code
[ link to this | view in chronology ]
Third Party Liability
Who's next box manufacturers after some psyco burns someone in a cardboard bonfire? Really why go after the one who does wrongdoing when you can just cut off the material supply they use amirite?
[ link to this | view in chronology ]
In the hood...
[ link to this | view in chronology ]
FBI arrests math teachers.
[ link to this | view in chronology ]
Another one of Techdirt's pet criminals goes to JAIL!
"Taylor Huddleston, of Arkansas, USA, pleaded guilty in July 2017 to one charge of aiding and abetting computer intrusions by building and peddling his $25 software nasty. In addition to the 33-month sentence handed down on Friday, he will also get two years of supervised release. He had faced a maximum of 10 years in prison."
[ link to this | view in chronology ]