back to article British snoops at GCHQ knew FBI was going to arrest Marcus Hutchins

Secretive electronic spy agency GCHQ was aware that accused malware author Marcus Hutchins, aka MalwareTechBlog, was due to be arrested by US authorities when he travelled to United States for the DEF CON hacker conference, according to reports. The Sunday Times – the newspaper where the Brit government of the day usually …

Page:

  1. Ochib

    Let that be a lesson to all black/white hatters. Don't go the the USA. If you want to speak do it via Skype (other video conferencing software is available, your mileage may vary and IANAL

    1. Sir Runcible Spoon Silver badge

      "Let that be a lesson to all black/white hatters. Don't go the the USA."

      Also: Don't trust the spooks.

      Even if Hutchins is as guilty as sin, why would there be any need to extradite him? Why couldn't he be arrested and tried here in the UK - his home.

      Unless there isn't enough evidence for the UK courts and the spooks knew the CPS would just chuck the case out the door the moment it was presented.

      Talk about betrayal. Now the US doesn't even need to present flimsy evidence to secure a Brit for trial. Shady fucking bastards.

      1. streaky

        To be fair there was plenty of evidence in the McKinnon case and the brit police were incapable of prosecution. Entire thing was made worse by the fact they wouldn't extradite him because he had AS (people with AS do understand the difference between right and wrong and that law is a thing or they'd all be in secure mental units like Rampton when they commit crimes).

        In this specific case I don't really know, I'd like to believe that they have the wrong guy but all the best white hats learn their craft by having been black hats - it's entirely plausible that he is their guy. Until the trial starts and evidence arrives it's impossible to say.

        1. The_Idiot

          @streaky

          "I'd like to believe that they have the wrong guy..."

          And a small principle generally referred to as 'innocent until proven guilty' would suggest, to me at least, that that belief should be a starting point - but what do I know.

          "... but all the best white hats learn their craft by having been black hats..."

          If I may, a citation? Or were all the best police officers once criminals, by the same logic? Were all the best bodyguards once international hit-people?

          "... - it's entirely plausible that he is their guy."

          If you say so. It's not for me to comment, positively or negatively, on where you set your bar for 'plausibility'. But the fact that something is 'entirely possible' is hardly grounds for arrest, at least, so I would suggest. Or if it is, then the next time there is an apparent impulse burglary in your neighborhood, you should not be surprised if everyone within a given radius, including yourself, is arrested. After all, it's 'entirely possible' _anyone_ did it... no?

          1. Ian Michael Gumby
            Boffin

            @The idiot... you really don't get it...

            Reply Icon

            @streaky

            "I'd like to believe that they have the wrong guy..."

            And a small principle generally referred to as 'innocent until proven guilty' would suggest, to me at least, that that belief should be a starting point - but what do I know.

            Sorry mate, you really don't understand the meaning of the phrase innocent until proven guilty. So here's a quick lesson.

            The expression is meant to show that at trial, the burden of proof is for the DA to show guild beyond a reasonable doubt. So you're presumed innocent until they have shown enough evidence so that either a judge or the jury find you guilty.

            It has nothing to do with the court of public opinion.

            The real question is why does the FBI think this is their guy?

            1. The_Idiot

              Re: @The idiot... you really don't get it...

              @Ian Michael Gumby

              "you really don't get it"

              Sir, there are indeed many things in life I 'don't get'. And some I hope never to 'get' (medical science permitting (blush)). However, the point I was attempting to make, no doubt badly, was that a presumption of innocence, as opposed to a presumption of guilt, may be worth considering as a personal tenet as much as it is a legal one (in some jurisdictions). However, it was and is only a suggestion, as any decision regarding such a tenet is, of course, purely personal. Though I would rather live in a society where others hold that tenet than one in which nobody else does. Of course, I'm an Idiot... :-)

              1. Ian Michael Gumby
                Boffin

                @The idiot Re: @The idiot... you really don't get it...

                You still missed the point.

                There is no presumption of innocence in terms that you think you understand.

                The issue is one of the burden of proof.

                Does the defendant bear the burden to show his innocence or does the prosecution bear the burden to show that the person is guilty.

                Meaning if you can't prove you are innocent, you are therefore guilty,

                Or if the Prosecution can't prove that you guilty then you are therefore innocent.

                The concept of 'innocent until proven guilty' means that the prosecution must beyond a reasonable doubt prove that you are guilty.

                This has nothing to do with the state treating you like you are guilty and placing you in jail until the trial or you make bail. Even under bail, your freedoms are restricted.

                Here's an example....

                Your next door neighbor is found dead. His head was pounded in with a hammer that happens to have your finger prints all over it. You were questioned and you claimed to be asleep in your own bed at the time of the murder but you have no witnesses.

                You are charged with the crime.

                The prosecution will supply evidence that you could have done it.

                Your defense will try to discredit the prosecution. For example, your finger prints are at your neighbors house because you are friends and you hang out there. Your finger prints are on the hammer because its your hammer that he borrowed...

                At the end of the day, If the prosecution doesn't meet the burden, you should be found innocent.

                (Meaning you can raise doubt to the assertions made by the prosecution.)

                Now if they left out evidence... like security cam footage of a car driving up and then away while you claimed to be home and they didn't use it or tell your lawyer it existed, then you would be able to sue them for leaving out exculpatory evidence. It would be prosecutorial misconduct.

                Sorry for tossing that last bit in there.

                The point is that 'innocent until proven guilty' is misunderstood.

                Look at OJ. Do you really think he was innocent even though the prosecution failed to make their case?

            2. Scorchio!!
              Thumb Up

              Re: @The idiot... you really don't get it...

              Yes, correct, and you have more patience than me. As for the posts complaining that he should have been held and tried here, nonsense; he went to the US and the US is where he's a suspect. It is nothing to do with being sneaky. Had they not known would it have made any difference?

              1. Ian Michael Gumby
                Boffin

                @Scorchioli Re: @The idiot... you really don't get it...

                Hey Mate, long time no see.

                Yeah, I don't worry about the down votes. Most of the time its out of ignorance of the law and wishing things to be true that aren't. (Of course I do make mistakes so I can't complain there. )

                This guy got nabbed. Why?

                The FBI can be clueless at times, but not this clueless.

                Something isn't right.

                I mean what if he is innocent but the guys who did it used some code he wrote long ago?

                Or he did do it?

                I don't know and I'm not going to assume innocence or guilt, but that the Feds have to have something that ties him to the crime.

            3. Wayland Bronze badge

              Re: @The idiot... you really don't get it...

              "The real question is why does the FBI think this is their guy?"

              I expect they are annoyed he stopped the WannaCry and don't want hackers messing up their worms in future. Betraying him sends a message to hackers not to be white hackers. Easy to catch a white hat hacker when he's helping GCHQ. Not so easy to catch a black hat hacker.

              1. boltar Silver badge

                Re: @The idiot... you really don't get it...

                "Easy to catch a white hat hacker when he's helping GCHQ. Not so easy to catch a black hat hacker."

                You seem to think its either-or. Plenty of hackers are both depending on circumstances.

              2. Anonymous Coward
                Anonymous Coward

                Re: @The idiot... you really don't get it...

                Stopped wannacry, or told the world he stopped his own out of control experiment before it caused even more chaos...

                You wanted, hero become villan. I bet.

                1. Sir Runcible Spoon Silver badge
                  FAIL

                  Re: @The idiot... you really don't get it...

                  "Stopped wannacry, or told the world he stopped his own out of control experiment before it caused even more chaos..."

                  Whilst that has obviously cross some people's minds, there isn't any hint that this is the case. Nothing in the US case mentioned Wannacry - it's all about Kronos.

                2. Ian Michael Gumby

                  @AC ... Re: @The idiot... you really don't get it...

                  There was this guy named Morris who worked for the US Government. PhD in Computer Science.

                  He had a son who was getting his graduate degree in CS. He wrote a worm... maybe you heard about it? Maybe you were alive at the time?

                  He helped to stop his worm that he accidentally set free.

                  In this case, I don't know Hutchins or his innocence or guilt. I'm not judging.

                  I am being objective and I'm asking why would the Feds go after him without evidence?

                  I don't know the answer, or even pretend to know the answer. But I am going to give the Feds some benefit of the doubt.

                  Again, if they messed up, it could mean a payday for Hutchins and his lawyers.

              3. Ian Michael Gumby

                @Wayland ... Re: @The idiot... you really don't get it...

                Assume what you said was true.

                Then you've got a huge case for prosecutorial misconduct and he's going to be a rich man.

                Look back to the Duke Lacrosse team... alleged rape that didn't happen as an example.

            4. Doctor Syntax Silver badge

              Re: @The idiot... you really don't get it...

              "The real question is why does the FBI think this is their guy?"

              They need a guy so anyone will do?

              Oh, look, here's a bit of code he posted publicly that he then says was incorporated in Kronos. That'll do.

              Incidentally the author of this analysis https://blog.malwarebytes.com/cybercrime/2017/08/inside-kronos-malware/ suggests that the actual code has a longer pedigree than Hutchins publication and that the implementation is more sophisticated concluding "The level of precision lead us to the hypothesis, that Kronos is the work of a mature developer, rather than an experimenting youngster."

              1. Ian Michael Gumby

                @Dr. Syntax ... Re: @The idiot... you really don't get it...

                Suppose you are right that there's a piece of code that ties him to Kronos.

                That's not enough for an arrest warrant because he can explain that the code was posted and it was openly available.

                If that's the only piece of evidence, they wouldn't have arrested him. They would have hauled him in for questioning, but not enough for an arrest.

                That's why I am confused. Could there be more or is the FBI that clueless? I tend to give the FBI a bit more credit that that.

                Again, if he's truly innocent, IMHO he should fight it. Taking a plea deal would admit to a felony and that he was guilty of something he didn't do.

          2. Measurer

            ...Or all of you did it!

            1. Sir Runcible Spoon Silver badge
              Joke

              "

              ...Or all of you did it!"

              I'm Kronos, and so's my wife!

          3. Stevie Silver badge

            After all, it's 'entirely possible' _anyone_ did it... no?

            No. It's possible that someone else with the necessary skills did, which isn'tbthe same thing. There is enough evidence to start looking a him though, crummy take-down ploy situation notwithstanding.

            No skin in the game. No fish to fry on either side until the case is underway.

        2. nijam

          > all the best white hats learn their craft by having been black hats

          ... in exactly the same way that all the best people in the FBI used to be terrorists, etc, etc. Don't talk such nonsense.

      2. Unai Aznar

        Even if Hutchins is as guilty as sin, why would there be any need to extradite him? Why couldn't he be arrested and tried here in the UK - his home.

        Unless there isn't enough evidence for the UK courts and the spooks knew the CPS would just chuck the case out the door the moment it was presented.

        Talk about betrayal. Now the US doesn't even need to present flimsy evidence to secure a Brit for trial. Shady fucking bastards.

        Exactly THAT. This guy has been betrayed by his government. Even when he was HELPING them. Not that I think THAT is needed. It's just an extra.

        And it doesn't mind where are you from. If this statement is real, and I find it hard to think it's not: "Government sources told The Sunday Times that Hutchins' arrest in the US had freed the British government from the 'headache of an extradition battle' with the Americans."

        It makes me sick.

        Should this have happened in my country, I'd be very, VERY pissed. And showing it. Calmly, yes for I think it's better, and frightens them more. But firmly.

        And fuck it with the anonymous post or handles this time. That up there is my name.

        And this is my opinion.

        1. truloxmyth

          It’s a lot easier for the UK government to wash their hands of the entire thing until they find him innocent! I mean come on, how stupid do they think the cyber security community is?! It's already full of secretive, paranoid conspiracy theorists as it is. So, when something as flimsy as this case is presented, are we not going to call BULL SHIT on the entire thing?

          It’s an absolute JOKE how they think detaining someone for 48 hours, with relentless questioning is going to get the truth out of anyone. Watch how to make a murderer and the shit they put Avery’s nephew through. This has to be 100% indisputable evidence, of the lack of protection anyone has from these corrupted government officials if it treats a national, a child of low mental acuity like that. Then to add to it all Marcus isn’t a citizen of the US, how the hell is he to know the laws when you’re being questioned by the FBI for Christ’s sake!! That’s not something that just happens every day, is it?!

          I’m sorry to say it but America is NOT a nice place to be at this moment in time. Especially for non-white folks. When the supposed ‘leader of the free world’ is as unhinged as the dictators your country has demonised over the last 100 years. Then you have serious internal issues. So, when you have someone who is: 1) clever enough to stop and code malware, 2) is British and may sound like a bad guy, 3) they’re brown… Fuck me you’ve hit the trifecta there!! Shit, if he was a brown skinned Mexican Transgender coder then they wouldn’t have even bothered going to trial! Would have just disappeared off the face of the planet like Jimmy sodding Hoffa!!

          Maybe look at sorting things like this out before arresting someone who did the world a MASSIVE FAVOUR in stopping something that could have crippled ½ of the worlds Microsoft systems. If the NSA had either provided the information about the SMBv1 vulnerability to the public, so that we were aware of the issue and could force Microsoft to release the update. Or, just go to Microsoft with their findings and tell them they need to release the update for global security reasons. Then none of the WannaCry malware spread would have happened. It’s called the National Security Agency for fucks sake. And they didn’t think that SMBv1 was a big enough security threat to the Nation of America?

      3. Trigonoceps occipitalis

        "Why couldn't he be arrested and tried here in the UK - his home."

        In the UK there is an element of plea bargaining, for instance the prosecution may accept a guilty plea to manslaughter to avoid a lengthy murder trial that may just result in the same verdict. We also have a system of fixed penalties for minor criminal offences such as speeding (but not too fast).

        What we don't have is a way to offer a very low level punishment for a guilty plea against the possibility of 50-150 years imprisonment for an unsuccessful not guilty plea. The nominal discount for an early guilty plea is one third off the sentence. This case will be difficult to explain to a jury, the judge may not understand and the jury may just want to set him free because he "saved the NHS." The trial will take a long time and may not result in a conviction. However the US court system seems to think that, in order to get around this awkward situation, it is acceptable in a mature, liberal democracy to make on offer you can't refuse.

        1. Ian Michael Gumby

          @ Trigonoceps occipitalis Re: "Why couldn't he be arrested and tried here in the UK - his home."

          In the US there is also such a thing as plea bargaining.

          I believe there was an offer on the table that would have been a slap on the wrist, yet it would have meant he couldn't use a computer (including a smart phone) again.

          IMHO, that's either because someone in CGHQ called in some favors, or because they have a really weak case.

          Again, we don't know enough to really assess innocence or guilt.

          So what does the FBI know and why did they charge him?

          If he's really innocent, he won't take any plea deals.

          1. Trigonoceps occipitalis

            Re: @ Trigonoceps occipitalis "Why couldn't he be arrested and tried here in the UK - his home."

            "In the US there is also such a thing as plea bargaining.

            I believe there was an offer on the table that would have been a slap on the wrist, yet it would have meant he couldn't use a computer (including a smart phone) again."

            1. I didn't say there was a plea bargaining system in the US courts.

            2. An offer was made, even if the alternative was a pat on the back and an upgrade on the flight home, that quacks like a plea bargain.

      4. Diskcrash

        The reason to avoid trying him in the UK is that the penalties are lesser than in the US and the fact that the crime was committed in the US (allegedly). Also the fact that all British hackers seem to develop Asperger's with their mothers crying on the news that their baby will die if they go to the US makes it hard to take the UK judicial system as anything other than extremely lenient.

        The US judicial system is much more adversarial in nature not to mention expensive with harsher penalties and less likely mitigation of sentencing than then UK system but it does have some checks and balances and frequently the innocent do go free. But not always but then prisons are every where only have innocent people in them if you talk to the prisoners.

        1. Doctor Syntax Silver badge

          "the fact that the crime was committed in the US (allegedly)."

          Only in the sense of the US's extraterritorial extension of its criminal justice system. If he lived and worked in the UK it's likely that if he wrote Kronos (& see my response to Gumby) then he would have done so in the UK. However, the CPS would have required something like a proper prima facie case that they could present to a committal hearing. So far we've heard of nothing like that in this instance other than that he wrote an explanation of a technique which wasn't original, posted the code on Github and then, maybe naively, suggested that it had been the source of similar code in Kronos.

          TL;DR In the UK it'd have been laughed out of court had it got there.

      5. boltar Silver badge

        "Talk about betrayal. Now the US doesn't even need to present flimsy evidence to secure a Brit for trial. Shady fucking bastards."

        What betrayal? This isn't school where you don't snitch on your classmates to teacher, this is the adult world where if someone has potentially committed a crime they need to be investigated. The guy is on bail , not in prison. If there is evidence he did this then he'll do time, if not then he'll come home.

        1. Doctor Syntax Silver badge

          "this is the adult world where if someone has potentially committed a crime they need to be investigated."

          There's still the question of why, if there was a case to be investigated, it wasn't investigated in the UK where it would appear that the alleged act would have been committed.

          1. IsJustabloke
            Meh

            How do you know it wasn't?

            "There's still the question of why, if there was a case to be investigated, it wasn't investigated in the UK where it would appear that the alleged act would have been committed."

            See title...

            if the government really does feel it saved them a headache they may have well decided it also saved them a headache in not prosecuting him themselves.

        2. Sir Runcible Spoon Silver badge

          "What betrayal? This isn't school where you don't snitch on your classmates to teacher, this is the adult world where if someone has potentially committed a crime they need to be investigated. The guy is on bail , not in prison. If there is evidence he did this then he'll do time, if not then he'll come home."

          Since he is a British subject, and GCHQ work for Her Majesty (via HM Government), then selling him out to the Americans is a betrayal (whatever justification they feel they might have) of one of the Queen's subjects, by one of her appointed agents, to a foreign government.

          If the crime turns out to be based on code written on a server hosted in the US then perhaps I could understand, but there is no mention of that. If anything, any *actual* evidence would be located on his systems at home, HERE IN THE UK.

          Tell me again about how this 'evidence' is to be found by the US investigators?

          1. anonymous boring coward Silver badge

            "Tell me again about how this 'evidence' is to be found by the US investigators?"

            The Americans will just order their poodles in the UK to retrieve it. Simples.

        3. anonymous boring coward Silver badge

          " If there is evidence he did this then he'll do time, if not then he'll come home."

          Did what, exactly?

          You do know that Americans invent crimes right, left and centre nowadays, don't you?

          Hell, you might not even be safe!

    2. Anonymous Coward
      Anonymous Coward

      Let that be a lesson to any self proclaimed security expert not too dabble on the dark side...

      Seems GCHQ knew what he was up to as well as the FBI....

      1. kirk_augustin@yahoo.com

        The "dark side" he dabbled on was working for the government. The government wants to suppress him revealing how to prevent hacking because the government is the biggest hacker of all.

    3. Ian Michael Gumby
      Boffin

      @Ochib

      Sorry, but this is a bit of a weird one.

      Why would the FBI suspect him of committing the crime?

      Here's the rub.

      Yes, they can go to a Grand Jury and present their evidence. Its taken under the assumption to be true thus if true, is there enough evidence to show that he committed the crime?

      They had to do that.

      But what happens if the evidence they proffer isn't correct and they know that the evidence is wrong, or that there's exculpatory evidence he didn't do it? (Meaning that while the facts presented may be true, there's another piece of evidence which show's his innocence was intentionally left out and ignored. )

      There's more, but if these guys did something underhanded, meaning he's completely innocent of the charges... they could be sued themselves for prosecutorial misconduct. On a Federal charge, that could mean a lot of money.

      The interesting thing... they piled on a threat because he went to a gun range in Vegas. All you Brits who hate owning guns end up going to the range to rent and fire a machine gun... IMHO that was a weak bit of evidence thrown in as a way to ask for tighter bail and restrictions. (Even the judge will see through that one.)

      But you still have to ask... why him?

  2. John Smith 19 Gold badge
    Unhappy

    Or maybe they still couldn't make a case against him even with Blairs extradition law

    And it's ridiculously low standards of proof from the US side.

    Be interesting to see if he trusts GCHQ ever again.

    1. Alister Silver badge

      Re: Or maybe they still couldn't make a case against him even with Blairs extradition law

      Be interesting to see if he trusts GCHQ ever again.

      I'm not sure if he'll get the opportunity to try, sadly.

    2. LDS Silver badge

      "Be interesting to see if he trusts GCHQ ever again."

      Not only he. Those agencies may have the need to ask for help from those people, because what they pay, and the way they work, may not appeal to many people highly capable in this field, and they won't accept a job inside those organizations. Still, they may need those people, thus, helping to convict them but with big and sure evidences they committed a crime, may mean no one will trust them.

      In other countries it's much simpler, states close both eyes over criminal activities of their hacking group, and in exchange they ensure they will help state-lead activities when needed.

      Of course, democratic countries can't do that - but scaring security people with arrests made this way may create a division that will just make our security worse, not better.

      1. Anonymous Coward
        Anonymous Coward

        Re: "Be interesting to see if he trusts GCHQ ever again."

        Any Brit computer expert who trusts HMG after what happened to Alan Turing is an idiot.

        1. staggers

          Re: "Be interesting to see if he trusts GCHQ ever again."

          Quite.

          Given how important Turing had been, surely a string or two could have been pulled. I doubt if the public would have cared, not that they'd have known. But no, they let him sink.

          It's also hypocritical, given that there were standing orders never to arrest John Gielgud when he was caught at it.

          You truly never can trust the bastards.

      2. Wayland Bronze badge

        Re: "Be interesting to see if he trusts GCHQ ever again."

        "but scaring security people with arrests made this way may create a division that will just make our security worse" - if you believe the security services are smart people then scaring the white hat hackers is someone's intention.

    3. macjules Silver badge

      Re: Or maybe they still couldn't make a case against him even with Blairs extradition law

      "Blairs extradition law"

      It isn't a law, it is simply: USA: "Can we have him?" UK: "Would you like him gift wrapped?"

      1. Scorchio!!

        Re: Or maybe they still couldn't make a case against him even with Blairs extradition law

        It's easy to agree with you, except it's more than gift wrapping; "would you like him roped to a barrel, ready lubed with a satsuma in his mouth?" (Anyone remember Steven Milligan?)

    4. Steve Davies 3 Silver badge

      Re: Be interesting to see if he trusts GCHQ ever again

      As he'll probably end up in a SuperMax prison for life + 100 years just to make an example of him I doubt it very much.

    5. Doctor Syntax Silver badge

      Re: Or maybe they still couldn't make a case against him even with Blairs extradition law

      "Be interesting to see if he trusts GCHQ ever again."

      Or whether anyone else does.

    6. Oh Homer
      Big Brother

      Re: "low standards of proof"

      That would be exactly zero, as the Sinister "Special" Relationship between our tyrannical rulers countries has produced an extradition treaty that requires absolutely no prima facie evidence whatsoever.

      As in none.

      At all.

      But only when the kidnap victim suspect is flying east to west, not in the other direction, for some mysterious reason...

      1. Anonymous Coward
        Anonymous Coward

        Re: "low standards of proof"

        "That would be exactly zero, as the Sinister "Special" Relationship between our tyrannical rulers countries has produced an extradition treaty that requires absolutely no prima facie evidence whatsoever."

        That treaty was used to extradite the NatWest Three, despite the fact that the US hadn't ratified it yet

        the NatWest three were extradited to the US under the US-UK Extradition Treaty 2003, even though that treaty had not been ratified in the US.

        NatWest Three

    7. Ian Michael Gumby
      Boffin

      Re: Or maybe they still couldn't make a case against him even with Blairs extradition law

      And it's ridiculously low standards of proof from the US side.

      And its not really that low.

      Seriously there's something wrong here.

      Either he was involved somehow...

      Or the FBI really screwed up and doubled down on it.

      No way of telling until there's a trial.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020