Security researcher pleads guilty to malware writing



[ad_1]

Security researcher Marcus Hutchins pleaded guilty Wednesday for writing malicious software and helping to distribute it with the help of a partner.

Hutchins is best known for his crucial role in spreading WannaCry around the world and for his character online. MalwareTech where he interacts with the information security community by helping people get to the field, disseminating information about new threats and publishing tutorials on how to scan for malware .

Hutchins was arrested at the Las Vegas airport on August 2, 2017, as he was returning home to the UK after attending the Black Hat Conferences and DEF CON on security as a security researcher .

Possible prison and significant fines

Filed Friday, the guilty plea concerns counts one and two, out of a total of ten counts in a subsequent indictment by US prosecutors.

These refer to developing malware (banking Trojans UPAS-Kit and Kronos) and its distribution in partnership with a co-conspirator known as "Vinny", "VinnyK", "Aurora 123", "Gone with the Wind", Cocaine, "and" Jack of All Trades. "These activities took place between July 2012 and September 2015, according to court documents.

Each of the two charges carries a maximum penalty of five years imprisonment, a fine of up to $ 250,000, a year of probation and a special assessment of $ 100. In total, Hutchins faces 10 years in prison and a $ 500,000 fine. As a result of this plea agreement, the other charges will be referred to the court at the time of sentencing.

It should be noted that, regardless of the outcome of this agreement, Hutchins is not exempt from other civil or administrative actions by US or local authorities.

In a public statement on his blog, the researcher said he regretted his previous actions in his cybersecurity career and accepted full responsibility for his mistakes.

"Having grown up, I've been using the same skills that I used years ago for constructive purposes, and I'm going to spend all my time protecting people from malware attacks."

Support is always strong

Although they do not always openly admit it and for good reason, many security researchers are struggling with cybercrime. Often, there is a drop of blackhat in every professional wearing a white hat. This is especially true for previous generations of security experts, who did not have the current information resources; they also did so at a time when laws on cyber incidents were too vague or non-existent.

However, the internet today offers enough learning opportunities to reach expert levels without breaking the law and even for free. Hutchins agrees:

After his arrest, many researchers mobilized to help him. Even his local Conservative MP, Peter Heaton-Jones, and a dozen others sent letters of support on his behalf. Hutchins used crowdfunding to cover his legal costs.

Even now, Hutchins has a large crowd in his corner. A quick glance at the answers he got after tweeting his statement on the latest development of the case shows mostly positive comments; you would have to look harder to find a negative answer.

On closer inspection, it is clear that most of them belong to the field of computer security: trainers, malware researchers, penetration testers, reverse engineering, security consultants, nerds.

Redeem himself

After giving up criminal life, Hutchins devoted his skills to fighting malware threats and applied to the British intelligence agency, General Communications Headquarters (GCHQ), but got a better deal with the company. US cybersecurity expert Kryptos Logic, who recruited him to see his analysis of the Kelihos botnet).

Even before his candidacy, Hutchins had published technical articles that showed his reverse engineering skills, often revealing the tricks used in different strains of malware and their components; and offering details on how to fight them.

In a 2013 article on Carberp's imminent leak of source code for malware, Hutchins wrote:

"Nothing good stems from such leaks." Audiovisual companies receive a considerable number of infected users and "spin-offs" are usually created.[…] I imagine that we can only hope that leading antivirus vendors will be able to upgrade their software to deal with this threat, before further damage is caused. In addition, the first 5 people to ask me where to find the source will receive a virtual slap (all expenses will be paid) and my eternal disapproval. "

Even after his arrest, he continued to contribute to the fight against cybercrime: identify and understand the topology of command and control servers (Emotet), monitor botnets (Hide and Seek), examine a reverse engineering tool (GHIDRA NSA) and analyze security vulnerabilities.

All these efforts resulted in a community of supporters who not only offered him comforting words, but also gathered to pay his legal fees (after his arrest, he was denied the right to work for his employer).

This, with the time already served, can also count when the court pronounces the sentence, for which no date has been set for the moment.

[ad_2]

Source link