Daily Bulletin


The Conversation

  • Written by David Glance, Director of UWA Centre for Software Practice, University of Western Australia
image

The 23 year old UK cybersecurity expert Marcus Hutchins who was involved in stopping the spread of the WannaCry ransomware attack has been arrested by the FBI in the US. Hutchins – also know as “MalwareTech” – had been attending the Defcon hacking conference in Las Vegas, and was about to board a plane back to the UK when he was taken away by law enforcement officials.

The indictment filed against Hutchins and another accomplice claims that he had been involved with the creation of a banking trojan malware called “Kronos”, and that both he and the other defendant were involved in the promotion and selling of the trojan through darknet markets and Russian hacking forums.

A friend of Hutchins, Andrew Mabbit who had travelled to Defcon with him, has been trying to coordinate legal aid and find out more details of where Hutchins is being held.

One of the claims of the indictment is that Hutchins’ co-defendant had created a YouTube video demonstrating how Kronos works. A video posted on the same date as that claimed in the indictment is still available on YouTube, as are other videos showing how to setup Kronos.

Interestingly, the darknet market that was allegedly used to sell Kronos was AlphaBay which was taken down recently through a global law enforcement operation. Methods of payments for the Kronos malware also included payments through the BTC-e.com cryptocurrency exchange that has also been shut down after being implicated in money laundering.

What is Kronos?

Kronos is a type of malware that, once installed on a victim’s computer, is able to alter forms from financial institutions and online sites to capture a user’s credit card or bank login details.

The malware came to researchers’ attention because of the relatively high price being asked for it: US$7,000.

In addition to being able to capture user details, Kronos comes with user interfaces and administration capabilities to manage the infected machines through its “command and control centre” software.

On an infected machine, Kronos tries to disable other malware that may be present, and hides itself from antivirus software and examination by cybersecurity investigators.

What will happen to Hutchins now?

Hutchins appeared before a US Judge in Las Vegas on Thursday, with the trial set to continue on Friday. Although the lawyer defending Hutchins claimed that he “had cooperated with the government prior to being charged”, it is unclear whether his other work helping the FBI and other countries to deal with WannaCry will be taken into consideration in sentencing him.

The dangers of travelling to the US

Arresting people when they are travelling outside of the protection of their home country is a popular tactic of the US authorities. So much so, that Russia issued a warning in 2013 that anyone who risked the attentions of the US authorities should not leave Russia. This followed the arrest in 2013 of Russian hacker Aleksander Panin, wanted for an online banking theft, when he was in the Dominican Republic. More recently, Russian Alexander Vinnik was arrested in Athens on behalf of US authorities for his part in laundering money through the BTC-e.com exchange.

Companies have even tried to lure hackers to the US with offers of an interview for a fake job. Games company Valve worked with the FBI in 2003 to lure Axel “Ago” Gembe from Germany to the US for his involvement in stealing and releasing the source code for the game Half Life 2.

It may have been simply serendipity that Hutchins was coming to the US a month after the indictment for his arrest had been filed and he would have faced arrest in the UK and then extradition. The FBI would certainly have wanted to avoid the complications of extradition, but it’s unclear whether there was cooperation with the UK’sNational Crime Agency in this arrest.

The distinction between White and Black Hat Hackers is often Grey

Many cybersecurity researchers and investigators often find themselves in a difficult position when it comes to dealing with cybersecurity. Pointing out vulnerabilities in a system can result in the person doing the reporting being charged themselves.

In 2011, an Australian pensions company, First State Superannuation reported security investigator Patrick Webster to police, and threatened to levy charges on him when he reported that he was able to access the accounts of other customers by modifying the web address details.

Investigating cybercriminals can sometimes require gaining their confidence by pretending to be a criminal. Whether something like this motivated Hutchins’ involvement in Kronos, or indeed whether the allegations are actually true, is yet to be determined.

Authors: David Glance, Director of UWA Centre for Software Practice, University of Western Australia

Read more http://theconversation.com/the-dangers-of-leaving-home-uk-wannacry-ransomware-hero-arrested-in-the-us-82084

Writers Wanted

Victoria and NSW are funding extra tutors to help struggling students. Here's what parents need to know about the schemes

arrow_forward

The mystery of the blue flower: nature's rare colour owes its existence to bee vision

arrow_forward

Curb population growth to tackle climate change: now that's a tough ask

arrow_forward

The Conversation
INTERWEBS DIGITAL AGENCY

Politics

Ray Hadley's interview with Scott Morrison

RAY HADLEY: Prime Minister, good morning.    PRIME MINISTER: G’day Ray.   HADLEY: I was just referring to this story from the Courier Mail, which you’ve probably caught up with today about t...

Ray Hadley & Scott Morrison - avatar Ray Hadley & Scott Morrison

Prime Minister's Remarks to Joint Party Room

PRIME MINISTER: Well, it is great to be back in the party room, the joint party room. It’s great to have everybody back here. It’s great to officially welcome Garth who joins us. Welcome, Garth...

Scott Morrison - avatar Scott Morrison

Prime Minister Interview with Ben Fordham, 2GB

BEN FORDHAM: Scott Morrison, good morning to you.    PRIME MINISTER: Good morning, Ben. How are you?    FORDHAM: Good. How many days have you got to go?   PRIME MINISTER: I've got another we...

Scott Morrison - avatar Scott Morrison

Business News

Tips to find the best plastic manufacturing supplier for your needs

Plastics are very much an important part of all of our lives, but they’re particularly valuable to a wide variety of industries that rely on their production for their operations. The industries, ...

News Co - avatar News Co

7 foolproof tips for bidding successfully at a property auction

Auctions can be beneficial for prospective buyers, as they are transparent and fair. If you reach the limit you are willing to pay, you can simply walk away. Another benefit of an auction is tha...

Dominique Grubisa - avatar Dominique Grubisa

Getting Ready to Code? These Popular and Easy Programming Languages Can Get You Started

According to HOLP (History Encyclopedia of Programing Languages), there are more than 8,000 programming languages, some dating as far back as the 18th century. Although there might be as many pr...

News Co - avatar News Co



News Co Media Group

Content & Technology Connecting Global Audiences

More Information - Less Opinion