GCHQ Knew FBI Wanted To Arrest MalwareTech, Let Him Fly To The US To Be Arrested There
from the so-much-for-those-'flight-risk'-fears dept
It looks like the UK found an easy way to avoid another lengthy extradition battle. Its intelligence agency, GCHQ, knew something security research Marcus Hutchins didn't -- and certainly didn't feel obliged to tell him. Not only that, but it let a criminal suspect fly out of the country with zero pre-flight vetting. (Caution: registration wall ahead.)
Officials at the intelligence agency knew that Marcus Hutchins, from Devon, who was hailed as a hero for helping the NHS, would be walking into a trap when he flew to the US in July for a cyber-conference.
Hutchins’s arrest by the FBI on August 2 while he was returning from Las Vegas freed the British government from the “headache of an extradition battle” with their closest ally, say sources familiar with the case.
Certainly no one expected GCHQ to give Hutchins a heads-up on the legal troubles awaiting him on the other side of the pond, but there's something a bit mean-spirited about allowing a UK citizen to walk into custody in another country. And as for the "headache," too bad. That's just part of the deal when you make promises to other countries you'll ship them your citizens to face an uphill battle in an unfamiliar judicial system while facing charges for laws that may not apply the same way -- or as harshly -- at home.
This is even more disconcerting when it was Hutchins who was instrumental in killing off the WannaCry ransomware that wreaked havoc pretty much everywhere earlier this year. In gratitude for his efforts, a few publications outed the person behind the "MalwareTech" pseudonym, which probably made it a bit easier to tie Hutchins to various online personas.
As Marcy Wheeler pointed out on Twitter, it works out pretty well for the UK. It gets to outsource its prosecutions to a nation where punishments for malicious hacking are much, much higher. It also gets to dodge the publicity black eye of handing over its (inadvertent) WannaCry hero to the feds and their threat of a few decades in jail. It also suggests the Five Eyes partnership is paying off in questionable ways and, sooner or later, it's going to be an American citizen walking into the same sort of trap overseas.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: doj, extradition, fbi, gchq, malwaretech, marcus hutchins, uk
Reader Comments
Subscribe: RSS
View by: Time | Thread
I'm not sure what other options they had, that would neither constitute "giving Hitchens a heads-up" or "letting him walk into custody."
I mean, they could have arrested him themselves, but if he had neither committed a crime against the U.K., nor had the U.S. government asked that he be taken into custody for extradition, under what grounds would he have been arrested?
And sure, they could have refused to let him board the plane, but I think that they similarly lacked grounds to do so, and I'd also put it into the category of "giving him a heads-up about his legal troubles."
I mean, sure, they were probably way more glad to see him board a plane of his own accord than they should have been, knowing that one of their citizens would be arrested on the other side, but I'm genuinely curious: if you don't think that "giving him a heads-up" was a realistic expectation, what did you expect GCHQ to do other than let him board the plane?
[ link to this | view in chronology ]
Re:
So who says they shouldn't have given him a heads up?
[ link to this | view in chronology ]
Re: Re:
Perhaps they should have. I can definitely see an argument for actually pulling him aside and saying "Dude, if you get on that plane, you're going to get arrested by the FBI while you're in the States," for the same reason that extradition is more than just a rubber stamp: a government has the duty to protect its citizens, even or perhaps especially) from other governments.
But Tim himself says that "certainly no one expected" that they would do that.
So, my question is: if Option A would have been surprising, despite perhaps being the right thing to do, and Option B, which actually happened, is surprising (to the point of being considered "mean-spirited") because it wasn't the right thing to do, can Tim describe for me what Option C would have been, that wouldn't have been surprising?
[ link to this | view in chronology ]
Re: Re:
"Certainly no one expected GCHQ to give Hutchins a heads-up on the legal troubles awaiting him on the other side of the pond"
Actually, everyone SHOULD have expected his government to make him aware, that's part of the government's duty to protect its citizens. This is a massive failure, and Brits should be foaming at the mouth right now over this basic failure of duty from their government. If he had not attempted to leave his country, then sure, no need to bother him until demands are made for his arrest by the States. When he did decide to exit, he should have been warned and offered assistance, essentially detained for his own safety as a British Citizen and the ball begun rolling on extradition, which is a fancy way of saying the US has to prove its case to the Brits in court before they allow him to be detained and tried in the US.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
... Reading that, it sounds a lot worse than what I meant by it.
What I meant was, "If they're terror suspects and there is enough evidence to arrest them, then that arrest should be performed before they get on the plane, not after they land."
[ link to this | view in chronology ]
Re: Re: Re: Re:
A citizen suspected, but not proven, to be a terrorist should be warned, by his/her own government, that they're walking into potential arrest. Don't fall for the "suspicion = guilt" idiocy that our national cowards are bandying about. As others have said, one of the duties of government is to protect its own citizens, even (or especially?) from foreign governments.
If the US believes that they have enough to prove a foreigner guilty of terrorism, have them start extradition proceedings. Then the citizen's own government can observe the proper procedures. If the US doesn't have enough to prove guilt sufficient for extradition then that person is innocent, by our own principles.
[ link to this | view in chronology ]
Govt's vs Citizens
[ link to this | view in chronology ]
Re: Govt's vs Citizens
Think about it, if things keep heating up with North Korea you really think it is just going to be those in government that get killed? More likely than not the majority of casualties are going to be regular civilians who want nothing to do with this stupid fight.
[ link to this | view in chronology ]
Defenders' Script
[ link to this | view in chronology ]
I love it when people "think" they have one!
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
The US government has done worse
So I think the US would do this to one of its own citizens in a heartbeat. That doesn't excuse the GCHQ.
[ link to this | view in chronology ]
yes, it will and then shit will hit fan as you can bet your ass that the USA will condemn whichever country this happens in! as usual, the USA wants to bully everywhere else, have everyone arrested, regardless of where they are from and what they have/haven't done but dont like the same in reverse!
as for the UK, this is typical of the gutless government that's in power there! this isn't the first person that has been set up and it wont be the last! when you think of the punishment it introduced for copyright infringement, just to please Hollywood and the entertainment industries and the USA government. 10 years in jail! worse than the punishment for the majority of 'real' crimes! how the hell did we ever get to the point where 'make believe' is the most important thing on the Planet, so important that it is basically ruling it?? how can that make any sense at all??
[ link to this | view in chronology ]
Re:
Because the money behind it is certainly not make believe and your "rights" don't even register on the radar once someone hands over enough cash.
In short, you have rights until someone buys them from the government. Then you do what the buyer says, or else.
[ link to this | view in chronology ]
British Subject Sold Down the River by Crown
GCHQ Knew FBI Wanted To Arrest MalwareTech, Let Him Fly To The US To Be Arrested There
This is what special relationships are all about.
The Crown selling out it's subjects in order to curry favor with the world's sole hyper-power.
[ link to this | view in chronology ]
When "you" is the UK. I understand it's much easier when "you" is the USA (it's a one-sided treaty).
[ link to this | view in chronology ]
They found a piece of code matched it to a sample found onine & assumed since he wrote the code, he controls what happens to it. (If this were the case shouldn't be be arresting those Acronym Agencies idiots who leaked all the toys for what happened afterwards?)
We are "fighting" a war against the cyber, with people who think fax machines are magic boxes. There are researchers who discover flaws & get ignored when they try to responsibly report them. If publishing a bit of code online that someone else then does something horrible gets you arrested for having created it, much research will vanish from online & we'll be much worse off.
[ link to this | view in chronology ]
Re:
That's what they want.
The government wants your systems to be insecure. They are easier to monitor and conduct illegal searches on if they are insecure.
The corporations want your systems to be insecure. It's cheaper to develop, sell, and support products that have little to no security to deal with than it is to deal with secure systems.
Hollywood wants your systems to be insecure. They want to lock it down the system for them and keep you out.
Advertisers want your systems to be insecure. It's easier to collect info on you to sell if it's insecure.
Lawyers want your systems to be insecure. More leak lawsuits = more money for them.
About the only people who do want better security are those who either profit from it, (Computer Security Specialists) or individuals who want to keep the intruders above out. Given such large proponents of insecurity, it's no surprise that it's close to an illegal act to engage with it.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Spy agencies do NOT serve their respective governments
The only master of any bureaucracy is the bureaucracy itself. Every spy agency is a bureaucracy.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Extradition... expensive?
Extradition hearings are an expensive deal. The UK already has the spectre of Assange and his endlessly non-compliance to deal with. They don't need another guy holing up in an embassy to avoid extradition.
The UK made a wise choice here. There was no reason to get involved.
[ link to this | view in chronology ]
Re: Extradition... expensive?
[ link to this | view in chronology ]