Guy Who Accidentally Stopped WannaCry Ransomware Detained After Defcon

from the and-thank-you-for-your-service dept

Update: He's been indicted for his alleged role in creating a different malware, Kronos. More below.

As you may recall, earlier this year, when the WannaCry ransomware was spreading like wildfire, it was accidentally stopped by a security researcher in the UK who was (mostly) known only by the pseudonym MalwareTech. He wrote about the whole experience after having tweeted about it earlier. Basically he spotted the domain that WannaCry was pinging and saw that it wasn't registered -- so he registered it, if just to track the spread of the malware. But, that process actually stopped WannaCry from spreading due to the way the ransomware was designed. The story of someone accidentally stopping a massive malware breakout was a good one and it was widely covered by the press. MalwareTech got lots of good press out of it... and as a thank you, at least one UK publication doxxed him and revealed his name, his age, some of his social media photos and even what he liked to eat. That wasn't very nice. Still, now it's known that Marcus Hutchens is MalwareTech, and people should be thanking him.

Anyway, like many security folks and hackers, MalwareTech made his way to Defcon and Black Hat this year... and got his second big "thank you." According to Motherboard, US authorities have detained him in an undisclosed location.

At the time of writing it is not clear what charges, if any, Hutchins may face. According to the now public indictment, Hutchins is accused of developing the Kronos malware that was a trojan that targeted banks. There's a second defendant, whose name and information is redacted (suggesting he hasn't been arrested just yet...) who then went out and appears to have promoted Kronos and tried to sell it.

So the specific charge includes:

MARCUS HUTCHINS, aka "Malwaretech" knowingly disseminated by electronic means an advertisement of any electronic, mechanical, or other device, knowing and having reason to know that the design of such device renders it primarily useful for the purpose of the surreptitious interception of electronic communications, knowing the content of the advertisement and having reason to know that such advertisement will be transported in interstate and foreign commerce.

In violation of Title 18, United States Code, Sections 2512(1)(c)(i), and 2.

There's also a conspiracy charge tying all of this together. As always, an indictment is just one side of the story, and at least from what's in there, the evidence isn't that strong (there may be a lot more evidence to come). There appears to be a lot more evidence against the other, unnamed, defendant who tried to sell Kronos. The only thing they say about Hutchins, really, is that he wrote it, and then the indictment tries to make it a conspiracy, claiming he conspired with the other defendant who tried to sell Kronos.

Needless to say this will be an interesting case to pay attention to.

On a separate note, in what hopefully is just a coincidence, the Bitcoin addresses that were connected to WannaCry (where they asked victims to send Bitcoins to decrypt their computers) were drained of all their money this morning...

Filed Under: defcon, detained, fbi, malwaretech, marcus hutchens, wannacry

Laura Poitras Sues US Government To Find Out Why She Was Detained Every Time She Flew

from the time-for-some-answers dept

These days, Laura Poitras is known as the Oscar-winning director of the Ed Snowden documentary CITIZENFOUR, and with it, one of the reporters who helped break Snowden's story in the first place. Pre-Snowden, she was a not-as-widely-known-but-still-celebrated documentary filmmaker, who also got some attention after her future colleague Glenn Greenwald wrote an article about how she was detained at the border every time she flew into the country (which was frequently, as she had made a documentary, My Country, My Country, concerning the Iraq War, along with The Oath, which reported on two Yemenis who had worked with Osama bin Laden). As Greenwald wrote back in 2012:

But Poitras’ work has been hampered, and continues to be hampered, by the constant harassment, invasive searches, and intimidation tactics to which she is routinely subjected whenever she re-enters her own country. Since the 2006 release of “My Country, My Country,” Poitras has left and re-entered the U.S. roughly 40 times. Virtually every time during that six-year-period that she has returned to the U.S., her plane has been met by DHS agents who stand at the airplane door or tarmac and inspect the passports of every de-planing passenger until they find her (on the handful of occasions where they did not meet her at the plane, agents were called when she arrived at immigration). Each time, they detain her, and then interrogate her at length about where she went and with whom she met or spoke. They have exhibited a particular interest in finding out for whom she works.

She has had her laptop, camera and cellphone seized, and not returned for weeks, with the contents presumably copied. On several occasions, her reporter’s notebooks were seized and their contents copied, even as she objected that doing so would invade her journalist-source relationship. Her credit cards and receipts have been copied on numerous occasions. In many instances, DHS agents also detain and interrogate her in the foreign airport before her return, on one trip telling her that she would be barred from boarding her flight back home, only to let her board at the last minute. When she arrived at JFK Airport on Thanksgiving weekend of 2010, she was told by one DHS agent — after she asserted her privileges as a journalist to refuse to answer questions about the individuals with whom she met on her trip — that he “finds it very suspicious that you’re not willing to help your country by answering our questions.” They sometimes keep her detained for three to four hours (all while telling her that she will be released more quickly if she answers all their questions and consents to full searches).

It wasn't only at the border that she was subject to such searches. Often, even when flying domestically within the US, she was called out for further scrutiny and searches.

After Greenwald's article, a bunch of documentary filmmakers signed a petition protesting the treatment of Poitras, and between the press coverage and the petition, the harassment of Poitras suddenly stopped.

After this, she filed some FOIA requests to find out why she had been supposedly given a high threat rating in the DHS database, causing such detentions. Not surprisingly, the government refused to reveal any such information. And that brings us to the latest, where Poitras, with help from the EFF, has now sued the US government (specifically the Departments of Homeland Security and Justice) to get them to reveal why she was considered a threat.

As the filing itself explains, Poitras filed FOIA requests with basically every part of the government that might have information on her detentions, and basically got nothing in response from any of them, either by mostly ignoring the requests or rejecting them.

As the lawsuit also notes, Poitras took detailed records of her detentions (when she could -- in at least one instance she was denied the use of a pen to take notes after being told she might use it as a weapon). And the lawsuit includes some detailed descriptions. Here's just a snippet from a much longer list.

On or around August 22, 2006, while traveling from Sarajevo, the capital of Bosnia and Herzegovina, to John F. Kennedy International Airport (“JFK”) in New York City after attending the Sarajevo Film Festival, Plaintiff was paged to security while transiting through the Vienna International Airport in Vienna, Austria. Plaintiff was thereafter taken into a van and driven to a security inspection area. All of Plaintiff’s bags were searched and xrayed. The head of airport security at the Vienna International Airport told Plaintiff that her “Threat Score” was 400 out of 400 points. Plaintiff was eventually allowed to board a plane to the United States. Upon her arrival at JFK, CBP agents again met her at the gate. Plaintiff was thereafter escorted to a holding room, where she was detained and questioned for roughly two (2) hours, and where her bags were searched for a second time, before being allowed to enter the United States.

On or around November 26, 2006, while traveling from Paris, France to Newark on her way home from a vacation, Plaintiff was met by boarder agents upon her arrival at Newark. She was detained and questioned for 30 minutes.

On or around December 17, 2006, while traveling from Dubai, United Arab Emirates to JFK after attending the Dubai Film Festival, Plaintiff was met by border agents upon her arrival at JFK. She was again detained and questioned before being allowed entry into the United States. The CBP agents asked Plaintiff when she had last been to Atlanta, Georgia and told her that she had a criminal record, despite that she had never been arrested.

Unfortunately, the courts have been pretty deferential to the government concerning things like the "no fly" list and the terrorist database, which means this lawsuit might be a long shot. However, one hopes that a judge will see both the clear ridiculousness of the treatment and the rather obvious fact that it was designed to intimidate Poitras and chill her First Amendment rights, and consider forcing the government into releasing these documents.

Filed Under: border patrol, cbp, chilling effects, detained, dhs, laura poitras, travel, tsa
Companies: eff

Customs' Hamfisted Attempts To Intimidate Wikileaks Volunteers

from the witch-hunts dept

Computer security expert (and US citizen) Jacob Appelbaum, who is well known for his work on Tor, had been having some issues lately concerning his involvement as a volunteer with Wikileaks. He was among those who had their info requested by the Feds via Twitter. And he's been having issues traveling to and from the US lately. Last July, he was detained upon flying into the country and it looks like something similar has happened again, where he was detained, searched and questioned after flying into Seattle from a vacation in Icleand.

He was careful to travel with no computers or gadgets whatsoever, other than some USB keys with encrypted versions of the Bill of Rights. He noted that the initial customs agent, to whom he handed over the declaration form was friendly until she pulled up his account, and from there things went sour. He asked to speak to a lawyer, which was denied on the grounds that he wasn't being arrested.

Apparently he was told initially that he was pulled aside as part of a "random" search, which leads Appelbaum to joke about the actual randomness -- which was also shown to be false when one of the agents mentioned his pre-flight Twitter activity.. He also pointed out that those detaining him were disappointed that he wasn't traveling with computers or mobile phones, and that Iceland had plenty of computers, such that he didn't need to bring his own.

In the end, after about half an hour's detention and search, they did let him go. Some might consider that to not be that big of a deal, but it clearly has something of a chilling effect. He notes that the mental stress of being in such a situation is not at all enjoyable. This is unfortunate. If he's done something wrong, arrest him. If he has not, harassing him every time he crosses the border is just obnoxious.

Filed Under: customs, detained, jacob applebaum, searches
Companies: wikileaks