back to article British snoops at GCHQ knew FBI was going to arrest Marcus Hutchins

Secretive electronic spy agency GCHQ was aware that accused malware author Marcus Hutchins, aka MalwareTechBlog, was due to be arrested by US authorities when he travelled to United States for the DEF CON hacker conference, according to reports. The Sunday Times – the newspaper where the Brit government of the day usually …

  1. Ochib

    Let that be a lesson to all black/white hatters. Don't go the the USA. If you want to speak do it via Skype (other video conferencing software is available, your mileage may vary and IANAL

    1. Sir Runcible Spoon

      "Let that be a lesson to all black/white hatters. Don't go the the USA."

      Also: Don't trust the spooks.

      Even if Hutchins is as guilty as sin, why would there be any need to extradite him? Why couldn't he be arrested and tried here in the UK - his home.

      Unless there isn't enough evidence for the UK courts and the spooks knew the CPS would just chuck the case out the door the moment it was presented.

      Talk about betrayal. Now the US doesn't even need to present flimsy evidence to secure a Brit for trial. Shady fucking bastards.

      1. streaky

        To be fair there was plenty of evidence in the McKinnon case and the brit police were incapable of prosecution. Entire thing was made worse by the fact they wouldn't extradite him because he had AS (people with AS do understand the difference between right and wrong and that law is a thing or they'd all be in secure mental units like Rampton when they commit crimes).

        In this specific case I don't really know, I'd like to believe that they have the wrong guy but all the best white hats learn their craft by having been black hats - it's entirely plausible that he is their guy. Until the trial starts and evidence arrives it's impossible to say.

        1. The_Idiot

          @streaky

          "I'd like to believe that they have the wrong guy..."

          And a small principle generally referred to as 'innocent until proven guilty' would suggest, to me at least, that that belief should be a starting point - but what do I know.

          "... but all the best white hats learn their craft by having been black hats..."

          If I may, a citation? Or were all the best police officers once criminals, by the same logic? Were all the best bodyguards once international hit-people?

          "... - it's entirely plausible that he is their guy."

          If you say so. It's not for me to comment, positively or negatively, on where you set your bar for 'plausibility'. But the fact that something is 'entirely possible' is hardly grounds for arrest, at least, so I would suggest. Or if it is, then the next time there is an apparent impulse burglary in your neighborhood, you should not be surprised if everyone within a given radius, including yourself, is arrested. After all, it's 'entirely possible' _anyone_ did it... no?

          1. Ian Michael Gumby
            Boffin

            @The idiot... you really don't get it...

            Reply Icon

            @streaky

            "I'd like to believe that they have the wrong guy..."

            And a small principle generally referred to as 'innocent until proven guilty' would suggest, to me at least, that that belief should be a starting point - but what do I know.

            Sorry mate, you really don't understand the meaning of the phrase innocent until proven guilty. So here's a quick lesson.

            The expression is meant to show that at trial, the burden of proof is for the DA to show guild beyond a reasonable doubt. So you're presumed innocent until they have shown enough evidence so that either a judge or the jury find you guilty.

            It has nothing to do with the court of public opinion.

            The real question is why does the FBI think this is their guy?

            1. The_Idiot

              Re: @The idiot... you really don't get it...

              @Ian Michael Gumby

              "you really don't get it"

              Sir, there are indeed many things in life I 'don't get'. And some I hope never to 'get' (medical science permitting (blush)). However, the point I was attempting to make, no doubt badly, was that a presumption of innocence, as opposed to a presumption of guilt, may be worth considering as a personal tenet as much as it is a legal one (in some jurisdictions). However, it was and is only a suggestion, as any decision regarding such a tenet is, of course, purely personal. Though I would rather live in a society where others hold that tenet than one in which nobody else does. Of course, I'm an Idiot... :-)

              1. Ian Michael Gumby
                Boffin

                @The idiot Re: @The idiot... you really don't get it...

                You still missed the point.

                There is no presumption of innocence in terms that you think you understand.

                The issue is one of the burden of proof.

                Does the defendant bear the burden to show his innocence or does the prosecution bear the burden to show that the person is guilty.

                Meaning if you can't prove you are innocent, you are therefore guilty,

                Or if the Prosecution can't prove that you guilty then you are therefore innocent.

                The concept of 'innocent until proven guilty' means that the prosecution must beyond a reasonable doubt prove that you are guilty.

                This has nothing to do with the state treating you like you are guilty and placing you in jail until the trial or you make bail. Even under bail, your freedoms are restricted.

                Here's an example....

                Your next door neighbor is found dead. His head was pounded in with a hammer that happens to have your finger prints all over it. You were questioned and you claimed to be asleep in your own bed at the time of the murder but you have no witnesses.

                You are charged with the crime.

                The prosecution will supply evidence that you could have done it.

                Your defense will try to discredit the prosecution. For example, your finger prints are at your neighbors house because you are friends and you hang out there. Your finger prints are on the hammer because its your hammer that he borrowed...

                At the end of the day, If the prosecution doesn't meet the burden, you should be found innocent.

                (Meaning you can raise doubt to the assertions made by the prosecution.)

                Now if they left out evidence... like security cam footage of a car driving up and then away while you claimed to be home and they didn't use it or tell your lawyer it existed, then you would be able to sue them for leaving out exculpatory evidence. It would be prosecutorial misconduct.

                Sorry for tossing that last bit in there.

                The point is that 'innocent until proven guilty' is misunderstood.

                Look at OJ. Do you really think he was innocent even though the prosecution failed to make their case?

            2. Scorchio!!
              Thumb Up

              Re: @The idiot... you really don't get it...

              Yes, correct, and you have more patience than me. As for the posts complaining that he should have been held and tried here, nonsense; he went to the US and the US is where he's a suspect. It is nothing to do with being sneaky. Had they not known would it have made any difference?

              1. Ian Michael Gumby
                Boffin

                @Scorchioli Re: @The idiot... you really don't get it...

                Hey Mate, long time no see.

                Yeah, I don't worry about the down votes. Most of the time its out of ignorance of the law and wishing things to be true that aren't. (Of course I do make mistakes so I can't complain there. )

                This guy got nabbed. Why?

                The FBI can be clueless at times, but not this clueless.

                Something isn't right.

                I mean what if he is innocent but the guys who did it used some code he wrote long ago?

                Or he did do it?

                I don't know and I'm not going to assume innocence or guilt, but that the Feds have to have something that ties him to the crime.

            3. Wayland

              Re: @The idiot... you really don't get it...

              "The real question is why does the FBI think this is their guy?"

              I expect they are annoyed he stopped the WannaCry and don't want hackers messing up their worms in future. Betraying him sends a message to hackers not to be white hackers. Easy to catch a white hat hacker when he's helping GCHQ. Not so easy to catch a black hat hacker.

              1. Anonymous Coward
                Anonymous Coward

                Re: @The idiot... you really don't get it...

                "Easy to catch a white hat hacker when he's helping GCHQ. Not so easy to catch a black hat hacker."

                You seem to think its either-or. Plenty of hackers are both depending on circumstances.

              2. Anonymous Coward
                Anonymous Coward

                Re: @The idiot... you really don't get it...

                Stopped wannacry, or told the world he stopped his own out of control experiment before it caused even more chaos...

                You wanted, hero become villan. I bet.

                1. Sir Runcible Spoon
                  FAIL

                  Re: @The idiot... you really don't get it...

                  "Stopped wannacry, or told the world he stopped his own out of control experiment before it caused even more chaos..."

                  Whilst that has obviously cross some people's minds, there isn't any hint that this is the case. Nothing in the US case mentioned Wannacry - it's all about Kronos.

                2. Ian Michael Gumby

                  @AC ... Re: @The idiot... you really don't get it...

                  There was this guy named Morris who worked for the US Government. PhD in Computer Science.

                  He had a son who was getting his graduate degree in CS. He wrote a worm... maybe you heard about it? Maybe you were alive at the time?

                  He helped to stop his worm that he accidentally set free.

                  In this case, I don't know Hutchins or his innocence or guilt. I'm not judging.

                  I am being objective and I'm asking why would the Feds go after him without evidence?

                  I don't know the answer, or even pretend to know the answer. But I am going to give the Feds some benefit of the doubt.

                  Again, if they messed up, it could mean a payday for Hutchins and his lawyers.

              3. Ian Michael Gumby

                @Wayland ... Re: @The idiot... you really don't get it...

                Assume what you said was true.

                Then you've got a huge case for prosecutorial misconduct and he's going to be a rich man.

                Look back to the Duke Lacrosse team... alleged rape that didn't happen as an example.

            4. Doctor Syntax Silver badge

              Re: @The idiot... you really don't get it...

              "The real question is why does the FBI think this is their guy?"

              They need a guy so anyone will do?

              Oh, look, here's a bit of code he posted publicly that he then says was incorporated in Kronos. That'll do.

              Incidentally the author of this analysis https://blog.malwarebytes.com/cybercrime/2017/08/inside-kronos-malware/ suggests that the actual code has a longer pedigree than Hutchins publication and that the implementation is more sophisticated concluding "The level of precision lead us to the hypothesis, that Kronos is the work of a mature developer, rather than an experimenting youngster."

              1. Ian Michael Gumby

                @Dr. Syntax ... Re: @The idiot... you really don't get it...

                Suppose you are right that there's a piece of code that ties him to Kronos.

                That's not enough for an arrest warrant because he can explain that the code was posted and it was openly available.

                If that's the only piece of evidence, they wouldn't have arrested him. They would have hauled him in for questioning, but not enough for an arrest.

                That's why I am confused. Could there be more or is the FBI that clueless? I tend to give the FBI a bit more credit that that.

                Again, if he's truly innocent, IMHO he should fight it. Taking a plea deal would admit to a felony and that he was guilty of something he didn't do.

          2. Measurer

            ...Or all of you did it!

            1. Sir Runcible Spoon
              Joke

              "

              ...Or all of you did it!"

              I'm Kronos, and so's my wife!

          3. Stevie

            After all, it's 'entirely possible' _anyone_ did it... no?

            No. It's possible that someone else with the necessary skills did, which isn'tbthe same thing. There is enough evidence to start looking a him though, crummy take-down ploy situation notwithstanding.

            No skin in the game. No fish to fry on either side until the case is underway.

        2. nijam Silver badge

          > all the best white hats learn their craft by having been black hats

          ... in exactly the same way that all the best people in the FBI used to be terrorists, etc, etc. Don't talk such nonsense.

      2. Unai Aznar

        Even if Hutchins is as guilty as sin, why would there be any need to extradite him? Why couldn't he be arrested and tried here in the UK - his home.

        Unless there isn't enough evidence for the UK courts and the spooks knew the CPS would just chuck the case out the door the moment it was presented.

        Talk about betrayal. Now the US doesn't even need to present flimsy evidence to secure a Brit for trial. Shady fucking bastards.

        Exactly THAT. This guy has been betrayed by his government. Even when he was HELPING them. Not that I think THAT is needed. It's just an extra.

        And it doesn't mind where are you from. If this statement is real, and I find it hard to think it's not: "Government sources told The Sunday Times that Hutchins' arrest in the US had freed the British government from the 'headache of an extradition battle' with the Americans."

        It makes me sick.

        Should this have happened in my country, I'd be very, VERY pissed. And showing it. Calmly, yes for I think it's better, and frightens them more. But firmly.

        And fuck it with the anonymous post or handles this time. That up there is my name.

        And this is my opinion.

        1. truloxmyth

          It’s a lot easier for the UK government to wash their hands of the entire thing until they find him innocent! I mean come on, how stupid do they think the cyber security community is?! It's already full of secretive, paranoid conspiracy theorists as it is. So, when something as flimsy as this case is presented, are we not going to call BULL SHIT on the entire thing?

          It’s an absolute JOKE how they think detaining someone for 48 hours, with relentless questioning is going to get the truth out of anyone. Watch how to make a murderer and the shit they put Avery’s nephew through. This has to be 100% indisputable evidence, of the lack of protection anyone has from these corrupted government officials if it treats a national, a child of low mental acuity like that. Then to add to it all Marcus isn’t a citizen of the US, how the hell is he to know the laws when you’re being questioned by the FBI for Christ’s sake!! That’s not something that just happens every day, is it?!

          I’m sorry to say it but America is NOT a nice place to be at this moment in time. Especially for non-white folks. When the supposed ‘leader of the free world’ is as unhinged as the dictators your country has demonised over the last 100 years. Then you have serious internal issues. So, when you have someone who is: 1) clever enough to stop and code malware, 2) is British and may sound like a bad guy, 3) they’re brown… Fuck me you’ve hit the trifecta there!! Shit, if he was a brown skinned Mexican Transgender coder then they wouldn’t have even bothered going to trial! Would have just disappeared off the face of the planet like Jimmy sodding Hoffa!!

          Maybe look at sorting things like this out before arresting someone who did the world a MASSIVE FAVOUR in stopping something that could have crippled ½ of the worlds Microsoft systems. If the NSA had either provided the information about the SMBv1 vulnerability to the public, so that we were aware of the issue and could force Microsoft to release the update. Or, just go to Microsoft with their findings and tell them they need to release the update for global security reasons. Then none of the WannaCry malware spread would have happened. It’s called the National Security Agency for fucks sake. And they didn’t think that SMBv1 was a big enough security threat to the Nation of America?

      3. Trigonoceps occipitalis

        "Why couldn't he be arrested and tried here in the UK - his home."

        In the UK there is an element of plea bargaining, for instance the prosecution may accept a guilty plea to manslaughter to avoid a lengthy murder trial that may just result in the same verdict. We also have a system of fixed penalties for minor criminal offences such as speeding (but not too fast).

        What we don't have is a way to offer a very low level punishment for a guilty plea against the possibility of 50-150 years imprisonment for an unsuccessful not guilty plea. The nominal discount for an early guilty plea is one third off the sentence. This case will be difficult to explain to a jury, the judge may not understand and the jury may just want to set him free because he "saved the NHS." The trial will take a long time and may not result in a conviction. However the US court system seems to think that, in order to get around this awkward situation, it is acceptable in a mature, liberal democracy to make on offer you can't refuse.

        1. Ian Michael Gumby

          @ Trigonoceps occipitalis Re: "Why couldn't he be arrested and tried here in the UK - his home."

          In the US there is also such a thing as plea bargaining.

          I believe there was an offer on the table that would have been a slap on the wrist, yet it would have meant he couldn't use a computer (including a smart phone) again.

          IMHO, that's either because someone in CGHQ called in some favors, or because they have a really weak case.

          Again, we don't know enough to really assess innocence or guilt.

          So what does the FBI know and why did they charge him?

          If he's really innocent, he won't take any plea deals.

          1. Trigonoceps occipitalis

            Re: @ Trigonoceps occipitalis "Why couldn't he be arrested and tried here in the UK - his home."

            "In the US there is also such a thing as plea bargaining.

            I believe there was an offer on the table that would have been a slap on the wrist, yet it would have meant he couldn't use a computer (including a smart phone) again."

            1. I didn't say there was a plea bargaining system in the US courts.

            2. An offer was made, even if the alternative was a pat on the back and an upgrade on the flight home, that quacks like a plea bargain.

      4. Diskcrash

        The reason to avoid trying him in the UK is that the penalties are lesser than in the US and the fact that the crime was committed in the US (allegedly). Also the fact that all British hackers seem to develop Asperger's with their mothers crying on the news that their baby will die if they go to the US makes it hard to take the UK judicial system as anything other than extremely lenient.

        The US judicial system is much more adversarial in nature not to mention expensive with harsher penalties and less likely mitigation of sentencing than then UK system but it does have some checks and balances and frequently the innocent do go free. But not always but then prisons are every where only have innocent people in them if you talk to the prisoners.

        1. Doctor Syntax Silver badge

          "the fact that the crime was committed in the US (allegedly)."

          Only in the sense of the US's extraterritorial extension of its criminal justice system. If he lived and worked in the UK it's likely that if he wrote Kronos (& see my response to Gumby) then he would have done so in the UK. However, the CPS would have required something like a proper prima facie case that they could present to a committal hearing. So far we've heard of nothing like that in this instance other than that he wrote an explanation of a technique which wasn't original, posted the code on Github and then, maybe naively, suggested that it had been the source of similar code in Kronos.

          TL;DR In the UK it'd have been laughed out of court had it got there.

      5. Anonymous Coward
        Anonymous Coward

        "Talk about betrayal. Now the US doesn't even need to present flimsy evidence to secure a Brit for trial. Shady fucking bastards."

        What betrayal? This isn't school where you don't snitch on your classmates to teacher, this is the adult world where if someone has potentially committed a crime they need to be investigated. The guy is on bail , not in prison. If there is evidence he did this then he'll do time, if not then he'll come home.

        1. Doctor Syntax Silver badge

          "this is the adult world where if someone has potentially committed a crime they need to be investigated."

          There's still the question of why, if there was a case to be investigated, it wasn't investigated in the UK where it would appear that the alleged act would have been committed.

          1. IsJustabloke
            Meh

            How do you know it wasn't?

            "There's still the question of why, if there was a case to be investigated, it wasn't investigated in the UK where it would appear that the alleged act would have been committed."

            See title...

            if the government really does feel it saved them a headache they may have well decided it also saved them a headache in not prosecuting him themselves.

        2. Sir Runcible Spoon

          "What betrayal? This isn't school where you don't snitch on your classmates to teacher, this is the adult world where if someone has potentially committed a crime they need to be investigated. The guy is on bail , not in prison. If there is evidence he did this then he'll do time, if not then he'll come home."

          Since he is a British subject, and GCHQ work for Her Majesty (via HM Government), then selling him out to the Americans is a betrayal (whatever justification they feel they might have) of one of the Queen's subjects, by one of her appointed agents, to a foreign government.

          If the crime turns out to be based on code written on a server hosted in the US then perhaps I could understand, but there is no mention of that. If anything, any *actual* evidence would be located on his systems at home, HERE IN THE UK.

          Tell me again about how this 'evidence' is to be found by the US investigators?

          1. anonymous boring coward Silver badge

            "Tell me again about how this 'evidence' is to be found by the US investigators?"

            The Americans will just order their poodles in the UK to retrieve it. Simples.

        3. anonymous boring coward Silver badge

          " If there is evidence he did this then he'll do time, if not then he'll come home."

          Did what, exactly?

          You do know that Americans invent crimes right, left and centre nowadays, don't you?

          Hell, you might not even be safe!

    2. Anonymous Coward
      Anonymous Coward

      Let that be a lesson to any self proclaimed security expert not too dabble on the dark side...

      Seems GCHQ knew what he was up to as well as the FBI....

      1. kirk_augustin@yahoo.com

        The "dark side" he dabbled on was working for the government. The government wants to suppress him revealing how to prevent hacking because the government is the biggest hacker of all.

    3. Ian Michael Gumby
      Boffin

      @Ochib

      Sorry, but this is a bit of a weird one.

      Why would the FBI suspect him of committing the crime?

      Here's the rub.

      Yes, they can go to a Grand Jury and present their evidence. Its taken under the assumption to be true thus if true, is there enough evidence to show that he committed the crime?

      They had to do that.

      But what happens if the evidence they proffer isn't correct and they know that the evidence is wrong, or that there's exculpatory evidence he didn't do it? (Meaning that while the facts presented may be true, there's another piece of evidence which show's his innocence was intentionally left out and ignored. )

      There's more, but if these guys did something underhanded, meaning he's completely innocent of the charges... they could be sued themselves for prosecutorial misconduct. On a Federal charge, that could mean a lot of money.

      The interesting thing... they piled on a threat because he went to a gun range in Vegas. All you Brits who hate owning guns end up going to the range to rent and fire a machine gun... IMHO that was a weak bit of evidence thrown in as a way to ask for tighter bail and restrictions. (Even the judge will see through that one.)

      But you still have to ask... why him?

  2. John Smith 19 Gold badge
    Unhappy

    Or maybe they still couldn't make a case against him even with Blairs extradition law

    And it's ridiculously low standards of proof from the US side.

    Be interesting to see if he trusts GCHQ ever again.

    1. Alister

      Re: Or maybe they still couldn't make a case against him even with Blairs extradition law

      Be interesting to see if he trusts GCHQ ever again.

      I'm not sure if he'll get the opportunity to try, sadly.

    2. Anonymous Coward
      Anonymous Coward

      "Be interesting to see if he trusts GCHQ ever again."

      Not only he. Those agencies may have the need to ask for help from those people, because what they pay, and the way they work, may not appeal to many people highly capable in this field, and they won't accept a job inside those organizations. Still, they may need those people, thus, helping to convict them but with big and sure evidences they committed a crime, may mean no one will trust them.

      In other countries it's much simpler, states close both eyes over criminal activities of their hacking group, and in exchange they ensure they will help state-lead activities when needed.

      Of course, democratic countries can't do that - but scaring security people with arrests made this way may create a division that will just make our security worse, not better.

      1. Anonymous Coward
        Anonymous Coward

        Re: "Be interesting to see if he trusts GCHQ ever again."

        Any Brit computer expert who trusts HMG after what happened to Alan Turing is an idiot.

        1. staggers

          Re: "Be interesting to see if he trusts GCHQ ever again."

          Quite.

          Given how important Turing had been, surely a string or two could have been pulled. I doubt if the public would have cared, not that they'd have known. But no, they let him sink.

          It's also hypocritical, given that there were standing orders never to arrest John Gielgud when he was caught at it.

          You truly never can trust the bastards.

      2. Wayland

        Re: "Be interesting to see if he trusts GCHQ ever again."

        "but scaring security people with arrests made this way may create a division that will just make our security worse" - if you believe the security services are smart people then scaring the white hat hackers is someone's intention.

    3. macjules

      Re: Or maybe they still couldn't make a case against him even with Blairs extradition law

      "Blairs extradition law"

      It isn't a law, it is simply: USA: "Can we have him?" UK: "Would you like him gift wrapped?"

      1. Scorchio!!

        Re: Or maybe they still couldn't make a case against him even with Blairs extradition law

        It's easy to agree with you, except it's more than gift wrapping; "would you like him roped to a barrel, ready lubed with a satsuma in his mouth?" (Anyone remember Steven Milligan?)

    4. Steve Davies 3 Silver badge

      Re: Be interesting to see if he trusts GCHQ ever again

      As he'll probably end up in a SuperMax prison for life + 100 years just to make an example of him I doubt it very much.

    5. Doctor Syntax Silver badge

      Re: Or maybe they still couldn't make a case against him even with Blairs extradition law

      "Be interesting to see if he trusts GCHQ ever again."

      Or whether anyone else does.

    6. Oh Homer
      Big Brother

      Re: "low standards of proof"

      That would be exactly zero, as the Sinister "Special" Relationship between our tyrannical rulers countries has produced an extradition treaty that requires absolutely no prima facie evidence whatsoever.

      As in none.

      At all.

      But only when the kidnap victim suspect is flying east to west, not in the other direction, for some mysterious reason...

      1. Anonymous Coward
        Anonymous Coward

        Re: "low standards of proof"

        "That would be exactly zero, as the Sinister "Special" Relationship between our tyrannical rulers countries has produced an extradition treaty that requires absolutely no prima facie evidence whatsoever."

        That treaty was used to extradite the NatWest Three, despite the fact that the US hadn't ratified it yet

        the NatWest three were extradited to the US under the US-UK Extradition Treaty 2003, even though that treaty had not been ratified in the US.

        NatWest Three

    7. Ian Michael Gumby
      Boffin

      Re: Or maybe they still couldn't make a case against him even with Blairs extradition law

      And it's ridiculously low standards of proof from the US side.

      And its not really that low.

      Seriously there's something wrong here.

      Either he was involved somehow...

      Or the FBI really screwed up and doubled down on it.

      No way of telling until there's a trial.

      1. Anonymous Coward
        Anonymous Coward

        Re: Or maybe they still couldn't make a case against him even with Blairs extradition law

        FBI have a history of inventing cases when they can't find enough real cases to justify the expanded budgets in certain areas. In this case it appears they need more funding for their cyber crime unit.

        1. anonymous boring coward Silver badge

          Re: Or maybe they still couldn't make a case against him even with Blairs extradition law

          Given that anyone with a brain would be working for the NSA, not the FBI, I'm not surprised if they are desperate.

          1. anonymous boring coward Silver badge

            Re: Or maybe they still couldn't make a case against him even with Blairs extradition law

            Looks like we have an FBI employee posting here!

        2. Ian Michael Gumby

          @AC Re: Or maybe they still couldn't make a case against him even with Blairs extradition law

          No.

          The stakes are high here.

          You're accusing a foreign national of a crime where he could potentially provide exculpatory evidence.

          Unless they have enough evidence to make a case beyond a prima facie case, they wouldn't do it.

          Too much is at stake.

    8. Anonymous Coward
      Anonymous Coward

      Re: Or maybe they still couldn't make a case against him even with Blairs extradition law

      "Be interesting to see if he trusts GCHQ ever again."

      I doubt they care. From what I've read the guy seems a fairly talentless plank anyway who just got lucky when he stopped wannacry. I wonder if he registered that web site in order to try and use the worm himself perhaps thinking it was a C&C address. No, wait, what am I thinking, he's a geek hero who was valiantly battling the evil forces of Black Hats and The Man.

    9. Alan Brown Silver badge

      Re: Or maybe they still couldn't make a case against him even with Blairs extradition law

      "Be interesting to see if anyone trusts GCHQ ever again."

      There, FTFY

    10. phuzz Silver badge

      Re: Or maybe they still couldn't make a case against him even with Blairs extradition law

      I imagine there's some folks inside GCHQ who are a bit ticked off with the FBI right now, as well as their own higher-ups for giving Hutchins to the FBI.

      Not only is he never going to trust them again, but other potential collaborators will think twice before offering to help out as well.

      The whole point of civilian contractors is that they can do things that the civil service aren't allowed to do, but now they're being thrown to the wolves.

  3. iron
    Black Helicopters

    Rules

    Rule #1: Never go to the USA.

    Rule #2: Never work for GCHQ, NCSC or any other branch of the UK government.

    Rule #3: Never do anything to prevent or curtail a malware outbreak, let the users burn.

    Nice set of rules you're teaching there guys, I guess you didn't want the help of white-hat security experts.

    1. Anonymous Coward
      Anonymous Coward

      Re: Rules

      Too true.

    2. theOtherJT Silver badge

      Re: Rules

      They're terrible rules. And they're exactly the rules I'd impose on myself if I worked in security and not the mundane world of devops. Of course it's messed up that people feel these are appropriate constraints for security researchers to place on themselves, but the reason it's messed up is that they actually ARE appropriate constraints in the current climate.

    3. Eugene Crosser

      Re: Rules

      >Nice set of rules you're teaching there guys

      Spooks (like any governmental organisation) fear the competition much more than the opposition...

    4. Anonymous Coward
      Anonymous Coward

      Re: Rules

      Rule #1: Never go to the USA.

      Rule #2: Never work for GCHQ, NCSC or any other branch of the UK government.

      Rule #3: Never do anything to prevent or curtail a malware outbreak, let the users burn.

      Rule #4: Do not trust anyone. For many (edit: make that "most") named in item #2, the days of honour are over and without it they have frankly f*ck all to offer.

      From that also follows #5: Don't trust anyone to actually do their job. That too got buried a long time ago in the thick layer of BS that seems to cover anything associated with politics. If the person you're dealing with talks more than types in their daily job, disengage.

    5. Tom Chiverton 1 Silver badge

      Re: Rules

      Everyone who upvoted: Your on The List now.

      1. Anonymous Coward
        Anonymous Coward

        Re: Rules

        Everyone who upvoted: Your on The List now ..

        .. of people who still cannot tell "you're" from "your". Grrr.

        1. Wayland

          Re: Rules

          ".. of people who still cannot tell "you're" from "your". Grrr."

          He did that to annoy GCHQ who have to read all this bollox.

          GCHQ hardly ever do anything though, watch this.

          I'm going to blow up GCHQ with my mini-nuke which I made with plans off the dark web.

          See, no black helicopters, they don't have the bottle, useless bunch of nosy parkers.

          1. anonymous boring coward Silver badge

            Re: Rules

            "See, no black helicopters, they don't have the bottle, useless bunch of nosy parkers."

            That's because GCHQ is British, so can distinguish a joke from a real threat. The US guys? Not so much...

            They can't even distinguish research form terrorism. Bit of an IQ deficit over there.

        2. hi_robb

          Re: Rules

          Yep, their very fucking stupid.

          1. staggers

            Re: Rules

            @Robb

            Saw what you did there!

          2. Anonymous Coward
            Anonymous Coward

            Re: Rules

            Your saying their stupid?

            Your saying, is their stupid!

            Cunt be more clearer than that!

          3. Anonymous Coward
            Anonymous Coward

            Re: Rules

            Yep, their very fucking stupid.

            LOL - you have a lot to learn about trolling properly. Hang around, we'll get you there.

            :)

      2. Wayland

        Re: Rules

        "Everyone who upvoted: Your on The List now."

        If I were worried that people might uncover my scam I'd want The Register's user list as a starting point for my own list.

        Of course we're on GCHQ's list. At least we know we have a captive audience.

    6. Anonymous Coward
      Anonymous Coward

      Re: Rules

      Rule 4#: Don't write malware. And if you do and fly to the USA then don't be surprised when you get arrested.

      Either the evidence stands up in court or it doesn't.

      1. Anonymous Coward
        Anonymous Coward

        Re: Rules

        Rule 4#: Don't write malware. And if you do and fly to the USA then don't be surprised when you get arrested

        I think that better starts as "don't write and publicly release proof of concepts" - the bad guys aren't stupid either and for law enforcement it's a quick win if they can get you into a country with a legal system about as honest as your average banana republic.

        1. Tom -1

          Re: Rules

          That's an unwarranted insult to the legal systems in the average banana republic, only below average banana republics have legal systems as dishonest as the USA.

      2. Alan Brown Silver badge

        Re: Rules

        "Either the evidence stands up in court or it doesn't."

        The way the US system works, they charges are trumped up to the max and you have to spend a fortune (which you don't have) defending yourself or take the plea bargain.

        Court-appointed lawyers will tell you to take the plea bargain because they aren't paid enough to run a competent defense.

        The vast majority of bankruptcies in the USA are due to a medical event (eg, innocent bystanders in various shootings ending up hundreds of thousands of dollars in debt) but a large number of people end up in the financial shitter after sucessfully defending a criminal or civil case too (and if you have no money to start with, expect to be railroaded)

  4. Haku

    It looks like they were quite desparate to pin something on him, judging by the last paragraph:

    "Previously, FBI agents had tried claiming Hutchins might try obtaining firearms to commit crimes, based solely on his having tweeted about visiting a shooting range in Las Vegas – a common tourist pastime in Sin City."

    Talk about clutching at straws!

    Hey if he tweets "Free this week, for quick gossip/prep before I go and destroy America.", will he get kicked out instead? You know, like those boneheads at Homeland Security did to some Brits a few years back - https://www.theregister.co.uk/2012/01/30/tweet_deportation/

    1. Kevin Johnston

      Re: It looks like they were quite desparate to pin something on him, judging by the last paragraph:

      I think that if you are trying to get in they refuse you but perversely if you are already in then you go directly to jail, do not pass go and never get back out

    2. Steve Evans

      Re: It looks like they were quite desparate to pin something on him, judging by the last paragraph:

      I wonder how many white collar criminals in the US are released on bail back to their house that already contains an entire gun cabinet?

      1. kain preacher

        Re: It looks like they were quite desparate to pin something on him, judging by the last paragraph:

        The answer is zero. When you are out on bail you are not allowed access to guns. But 30 seconds of using google you could of found that out.

        1. Andy Nugent

          Re: It looks like they were quite desparate to pin something on him, judging by the last paragraph:

          @kain preacher: So I tried Google and couldn't find an answer. What happens in the US if someone who legally owns one or more guns in charged with a crime and released on bail? Do they have to hand over their gun(s) to the police?

          1. Anonymous Coward
            Anonymous Coward

            Re: It looks like they were quite desparate to pin something on him, judging by the last paragraph:

            They are not allowed to carry firearms, or have firearms at their residence. Presumably, they can hire someone to put them into storage for them, until their sentence has been served, and they petition for rights restoration.

            1. Allan George Dyer
              Holmes

              Re: It looks like they were quite desparate to pin something on him, judging by the last paragraph:

              "They are not allowed to carry firearms, or have firearms at their residence"

              So do criminals wanting to do burglaries and home invasions look down the lists of recently-bailed people to identify safe targets? If firearms are so effective at home defence and deterring those crimes, then it should be the criminals' natural response.

          2. kain preacher

            Re: It looks like they were quite desparate to pin something on him, judging by the last paragraph:

            Yes or prove that they access longer have them.

        2. John Smith 19 Gold badge
          Unhappy

          "The answer is zero. When you are out on bail you are not allowed access to guns."

          That may be the theory but as such a white collar criminal observed a long time ago "Rules are for the little people. "

        3. Rich 11 Silver badge

          Re: It looks like they were quite desparate to pin something on him, judging by the last paragraph:

          When you are out on bail you are not allowed access to guns

          It's America. In most states they have piss-easy access to guns, thanks to the sterling work of the wonderful NRA. If someone on bail decided to vanish, do you really think they couldn't also find a gun if they wanted to and had $250 spare?

        4. Anonymous Coward
          Anonymous Coward

          Re: It looks like they were quite desparate to pin something on him, judging by the last paragraph:

          " you could of"

          Back to school for you.

      2. W4YBO

        Re: It looks like they were quite desparate to pin something on him, judging by the last paragraph:

        "I wonder how many white collar criminals in the US are released on bail back to their house that already contains an entire gun cabinet?"

        It depends upon the state, but generally there are no restrictions, since they've only been arrested and not convicted (presumption of innocence). The above does not apply to domestic violence cases. An arrest for domestic violence gets your guns seized in every state, AFAIK.

        1. kain preacher

          Re: It looks like they were quite desparate to pin something on him, judging by the last paragraph:

          "but generally there are no restrictions, since they've only been arrested and not convicted"

          wrong when on bail they can impose all kinds of restrictions Such as no weapons, booze or access to the net.

  5. John Mangan

    So this is what the 'special relationship' amounts to, is it?

    It's good to know our government (UK) has our backs when a foreign power comes calling, not!

    1. Anonymous Coward
      Meh

      Special Relationship

      So this is what the 'special relationship' amounts to, is it?

      Many British people imagine there is Special Relationship between the UK and the US. It didn't originally mean that at all, it was a phrase from a speech by Winston Churchill accepting an honorary degree from an American college, where he talked about "a special relationship between the British Commonwealth and Empire and the United States", i.e. not just the UK, but the self-governing dominions of Canada, Australia, etc along with what was the Empire - India, Nigeria etc. But when the British talk about the Special Relationship they just mean with the UK. However, the US don't view that bit of misremembered history in quite the same way - to them the UK is just another client state.

    2. jumpyjoe

      And these are the people our government wants to do a trade deal with. Haven't they be stabbing us in the back since Lend Lease.

    3. Eugene Crosser

      Special Relationship

      Pretty much like here:

      The Sandbaggers S01E07 Special Relationship

      1. Anonymous Coward
        Anonymous Coward

        "The Sandbaggers S01E07 Special Relationship"

        I did not know this was online.

        I wonder if the phone number shown on the titles still gets through to MI6?

    4. John Smith 19 Gold badge
      Unhappy

      "So this is what the 'special relationship' amounts to, is it?"

      Yes, actually, that's exactly what it amounts too.

      WWII left the UK virtually bankrupt so they sent a team of academics to ask the USG for a bail out.

      Instead they got a $5Bn loan payable over about 50 years and a level of arrogance from the dept of prep school Aholes State Dept that sent the Foreign Secretary an enthusiastic supporter of the plan to build a UK A bomb :-(

      But the clusterf**k that turned the UK into America's permanent b**ch was something often forgotten today. The Suez Crisis of 1956.

      That said the UK has managed to barter some access into the US Intelligence and defense communities by virtually handing over it's specialist knowledge whenever they've requested it, including improving reentry warhead design and materials ("Gaslight"), helping them work out how the passive microwave bug found in the US Embassy in Moscow worked ("The Thing"), making speech channels work at 2400 bps with 1950's technology (in the 1950's) and a GCHQ researcher developing Public Key Cryptography before it was published in the open literature.

      History. If you don't know it, you'll probably repeat it, over and over again.

    5. Anonymous Coward
      Anonymous Coward

      So this is what the 'special relationship' amounts to, is it?

      Actually yes. For once the UK is getting what it wants.

      UK: Hello cousin I need you to stitch up a chap.

      US: How long?

      UK: as long as you. Oh by they way you need you to fabricate the evidence it that going to be a problem ?

      US: LMAO. Have you seen our track record ?

      If you don't think this was setup agreed to by the US for the UK you need your head examined

  6. wolfetone Silver badge

    "Queeg, I can see we've already cultivated a special understanding: I scratch your back and you stick a knife in mine."

    I'm not one to second guess people, but I'm sure GCHQ will get a Christmas card with that above quotation in it from Mr.Hutchins.

  7. Valdearg

    "One person familiar with the matter told the paper: "Our US partners aren't impressed that some people who they believe to have cases against [them] for computer-related offences have managed to avoid extradition.""

    Gee, I wonder why. Maybe because the US has a nice habit of making up evidence against our IT people.

    1. Dan 55 Silver badge
      Flame

      Where do we start?

      - Spineless government.

      - Crappy extradition treaty.

      - Guy contributed to stopping the entire NHS going up in smoke and acted in time before the US woke up, which is GCHQ's job, so it made them look bad too.

      I'm not asking him to be let off the hook, but is being tried on UK soil with a minimum case to answer for so he's not wasting years of his life fighting this case in the US or thrown in jail over there for something he possibly didn't do so much to ask for?

    2. kain preacher

      But why was the UK keen to just sit back and let him go. In Prior cases they at least tried to fight extradition

      1. Gordon 10

        Which prior cases are you suggesting where the UK Govt was challenged to prevent an extradition without being forced into it by the Extraditee?

        Its the Govt's job - agreed by shite treaty - to process US extradition requests in as timely manner as possible. The only time it shouldn't is if the US has failed to meet the requirements laid down by that Treaty (note not UK or EU law) unless the defendant can show (usually by multiple appeals) that they won't be treated in accordance with UK/EU law in the US.

      2. Dan 55 Silver badge

        The courts fought extradition. The government obviously didn't give a toss and only thought of the headlines and the special relationship...

        1. Adam 52 Silver badge

          McKinnon was blocked by one Theresa May. Very much government and not judiciary (I shudder at even thinking about the prospect).

          1. Dan 55 Silver badge

            Seems May wanted to block it to avoid flak from Labour and the Lib Dems, but could only block it on medical grounds, which she did.

            Teflon Theresa May defies expectations over McKinnon

            She then gave the courts the power to block extradition requests outside the EU in the interests of justice, washing her hands of future controversies like this.

            Gary McKinnon saved from extradition to US on hacking charges

            Now it seems the US isn't too happy about that.

    3. dcluley

      Of course it was different when we wanted to extradite IRA terrorists from the USA. Somehow their courts always found something wrong with the paperwork.

      1. Teiwaz

        U.s of Pimp

        Of course it was different when we wanted to extradite IRA terrorists from the USA. Somehow their courts always found something wrong with the paperwork.

        Of course, the U.S is like a pimp, where every 'world citizen' is a free access resource to exploit by fair means or foul, but U.S citizens are their bitches, no one touches them but the U.S.

    4. Warm Braw

      some people... have managed to avoid extradition

      And it appears we haven't attempt to extradite the NSA folk who managed to loose the EternalBlue exploit on the world - the one behind Petya and WannaCry. It would be interesting to see how far that got in a US court.

  8. ritey

    Of course GCHQ knew about it

    They've been hacking the US administration for years. Isn't there a wooden spoon icon?

    1. Anonymous Coward
      Anonymous Coward

      Re: Of course GCHQ knew about it

      They've been hacking the US administration for years

      You think our Civil Service bureaucrats have even that level of competence?

    2. Roland6 Silver badge

      Re: Of course GCHQ knew about it

      Well with this leak or admission, it would seem that GCHQ are volunteering to pay all Hutchins' US living expenses and legal costs...

  9. kain preacher

    Ok lets set aside any dislike you might of had for the US. Some things that popped up in my head. A. ) He did it and was passed his usefulness. B.)The real person works for the GCHQ and far to valuable and the GCHQ set his ass up.This just does not smell right from the UK end. It could just be that he really really pissed the wrong person of or the GCHQ believes he did some thing far worse and don't want the egg on their face for using him.

    1. Eugene Crosser

      Coercion?

      Well, this may sound like tinfoil hat talk, but it actually starts to look like one of two things:

      • Spooks (US or British) need to coerce him to do some job for them, or
      • They want to teach him (and maybe others) a lesson after he'd refused to do some job for them.

      It looks like all they have against him is the old blog post, some code from which was found in Kronos (which is no surprise), his tongue-in-the-cheek remark that "selling it would be illegal", and his visit to the shooting range. And as in the US this nonsense can get you in jail for many years, so it had to be on the US soil to be a convincing threat. Easy bail conditions that he got speak for the first option.

    2. Anonymous Coward
      Anonymous Coward

      "This just does not smell right from the UK end"

      Actually, wheras the US government will go out of its way to protect its citizens from foreign courts, even when they're looking as guilty as sin, the UK government are a pathetic bunch of third rate patsies, who'd always give in to the slightest pressure, regardless how dodgy the charges against a British citizen are. There's a series of cases where the UK government has happily extradited people to The Land Formerly Known As The Land of the Free, for things that either weren't an offence where they were allegedly committed, or where there were adequate statutes to allow prosecution in the UK for a UK offence.

      Sadly it won't happen, but if the US authorities are getting narked that we're not cooperating enough with them, I'd turn off all cooperation for a week or two, and tell them to stop being dicks, or the non-cooperation becomes permanent. In a further recent example of the contemptible arrogance the US authorities have for British cooperation, when our people shared confidential police photographs of a recent terrorist atrocity, they appeared in the New York Times the next day. At least the US TLA's now have the commander in chief they deserve!

      1. Anonymous Coward
        Anonymous Coward

        he UK government are a pathetic bunch of third rate patsies, who'd always give in to the slightest pressure, regardless how dodgy the charges against a British citizen are.

        Apart from Portugal, 2007.

        But hey, it's only the Portuguese justice system they interfered with...

    3. Doctor Syntax Silver badge

      @kain preacher

      C) FBI need to keep their numbers up and a foreign kid is a soft target if some sort of case can be cobbled up.

      1. kain preacher

        But why then did the UK just let him go ?

    4. Anonymous Coward
      Anonymous Coward

      "you might of"

      You sound like a smart guy.

  10. Anonymous Coward
    Anonymous Coward

    Blame

    Maybe it would be appropriate to blame the one person that was busted and pointed the finger at him?

    Since this anonymous person is the only reason he was indicated.

  11. Tim99 Silver badge
    Big Brother

    Perhaps, none of the above

    Do we really think that governments want to stop malware? The murk allows large players to hide along with the small criminals.

  12. Anonymous Coward
    Anonymous Coward

    British Intelligence

    If they knew the Americans were after him, why didn't they sneak him off to an undisclosed safehouse on some nice island somewhere? They just gave up?

    1. Anonymous Coward
      Anonymous Coward

      Re: British Intelligence

      If they knew the Americans were after him, why didn't they sneak him off to an undisclosed safehouse on some nice island somewhere? They just gave up?

      He just wasn't useful enough to them.

      1. allthecoolshortnamesweretaken

        Re: British Intelligence

        "He just wasn't useful enough to them."

        Depends how you look at it. He was useful enough as either a jeton or a scapegoat.

  13. EveryTime

    For me, the first tip-off that the case was weak was the inclusion of the shooting range visit in the bail opposition.

    It's pretty common that European visitors like to visit a shooting range. My experience might be a little biased by because I mostly know tech workers visiting for a conference or a brief work visit, but that's exactly the situation here. It doesn't mean that they are planning on becoming a serial killer, it's just an activity that is easier to do in the U.S. Pretty much like watching a cricket match when visiting England. You can see one in the U.S., but it's not convenient.

    1. klempie

      You can see one in the U.S., but it's not convenient.

      HAHAHAHA That made my day.

  14. amanfromMars 1 Silver badge

    Wannabe Air Guitar Heroes

    British snoops at GCHQ knew FBI was going to arrest Marcus Hutchins

    When you is second fiddle in the orchestra you don’t get to conduct anything nor perform anything of outstanding note. Aint that right, boys and girls of an ailing and failing second class state.

    1. Anonymous Coward
      Anonymous Coward

      Re: Wannabe Air Guitar Heroes

      Aint that right, boys and girls of an ailing and failing second class state.

      From the right side of the pond it it isn't that clear which is the state you're referring to.

      1. Brewster's Angle Grinder Silver badge
        Terminator

        The grasshopper enigma.

        "...it isn't that clear which is the state you're referring to."

        Well, in the case of amfM1, it's the state of being self-conscious.

    2. batfink

      Re: Wannabe Air Guitar Heroes

      Alright - which of you has hacked amanfrommars' account?

      That post made far too much sense to be from the man himself...

  15. Anonymous Coward
    Anonymous Coward

    Marcus is correct about Google maps sending you walking down California freeways

    I was on a bicycle, but it happened to me just last week. Google said there was a "freeway hike and bike trail" beside the freeway. There was no freeway hike and bike trail. There was just freeway. And me, hiking my bike over the tumbleweeds to try to get away from the freeway onramp that Google had sent me down.

  16. Lord Elpuss Silver badge

    "Previously, FBI agents had tried claiming Hutchins might try obtaining firearms to commit crimes, based solely on his having tweeted about visiting a shooting range in Las Vegas"

    Fuck you, Feds. Seriously. Fuck. You.

    1. Teiwaz

      America the Shooting Range

      "Previously, FBI agents had tried claiming Hutchins might try obtaining firearms to commit crimes, based solely on his having tweeted about visiting a shooting range in Las Vegas"

      Fuck you, Feds. Seriously. Fuck. You.

      Pretty standard straight line thinking from 'law enforcement' these days - It seems for certain charges* levelled they are prepared to assume the accused was planning anything and everything from eating babies and preparing to initiate World War III - Well, anything they think the public will buy into.

      But seriously, isn't going on a gun-toting rampage in the U.S not just considered 'teen angst' these days??

  17. John Smith 19 Gold badge
    Unhappy

    GCHQ is not worried. The new law will allow them to (essentially) conscript them.

    I thought the "The Rhesus Chart" was a thriller, not a f**king manual.

  18. Anonymous Coward
    Anonymous Coward

    "Secretive electronic spy agency GCHQ"

    Well yeah - I hope they are at least a bit secretive.

  19. ITnoob

    This will be used in years to come as the text-book example of stitching up like a kipper.

    If he ever returns to UK soil I would love to hear his opinions of the current UK Government.

    Genuine question - In his line of work is he likely to have anything incriminating he could use as leverage?

    1. anothercynic Silver badge

      'current government' is irrelevant. The spooks and mandarins don't change even if the government does. Therein lies the continuity (and the problem).

    2. Doctor Syntax Silver badge

      "Genuine question - In his line of work is he likely to have anything incriminating he could use as leverage?"

      Well, for one thing he could give evidence about the dangers of the malware the USG managed to lose.

  20. anothercynic Silver badge

    Just lovely...

    ... Note to self. Don't ever work for GCHQ or its tentacles. That was simply ice cold.

  21. Anonymous Coward
    Anonymous Coward

    Oh wait a second...

    There seriously seems to be people on all sides with a lot of money invested in both protecting and ensuring malware got onto systems (of varying sizes and companies/public firms). So any one, or more, of them could have framed or outed.

    Even though no bit coins were withdrawn, someone somewhere got egg on their face, and want this guy to "pay".

  22. M7S

    Is Machiavelli dead?

    "First look to your defences"

    A bit difficult if any citizen with the talent to help defend fellow citizens is left to the mercies of a foreign power.

    I'm not judging his guilt in this allegation, and don't understand the boundaries of Infosec research in any sense (legal, technical or practical) but he is a Brit, even if the only approach was a "Lord Vetinari" like 'quiet word' before he left these shores (or maybe not, after such a word) that would surely be in our national interest.

    I'm not sure how others will be encouraged, but I fear not in the best way for our long term well being.

    1. John G Imrie

      Re: Is Machiavelli dead?

      Vetinari never waisted talent if he could help it, the only words Vetinari would have said to Hutchens would be, 'Don't go'

  23. Anonymous Coward
    Anonymous Coward

    I seem to remember that USA kidnapping a Russian gentleman from the Seychelles on similar charges, and he was thrown in gaol on the flimsiest of evidence. There was no objection from the government of the Seychelles that foreign nationals were being kidnapped, which is rather shocking.

    So, be very very careful...

  24. Anonymous Coward
    Anonymous Coward

    Wannacry - who dunnit?

    Perhaps they are pissed off at him for stopping Wannacry before it achieved its target...

  25. Anonymous Coward
    Anonymous Coward

    With Boss Hogg and Rosco in charge of the USA

    It's a no go area.

    Avoid.

  26. stewwy

    NHS

    Just a theory, maybe the Current Lot of incompetents where pissed off that he stopped WanaCry 'Cause "OMFG the NHS has been hacked, better privatize it"

  27. mark l 2 Silver badge

    I am assuming the only reason he wasn't arrested in the UK and extradited was because the evidence was very thin on the ground and the authorities doubted they would win the case. I find it difficult to think you could successfully win a case where some sort of computer crime had occurred without doing a search of his residence for computer equipment and taking that as evidence.

    If i were him I would head directly to the US border with either Mexico or Canada and get out of that $hit hole to never return.

    1. Sir Runcible Spoon

      Unfortunately that *would * make him a criminal (breach of bail conditions).

  28. CAPS LOCK

    ...and with this revelation Hutchins is totally screwed...

    The British security services will now have to make sure he never comes back.

  29. Zippy's Sausage Factory

    Quick thought

    If the US government gets hold of his electronic devices, how much secret GCHQ information is there on them that the US government didn't have? And was that the US government's real target in the first place?

  30. Anonymous Coward
    Anonymous Coward

    freed the British government from the "headache of an extradition battle" with the Americans.

    this does inspire confidence in my own government! Not that I had high expectations, ever, but...

  31. Dan 10

    So, my understanding is that Marcus posted his PoC code showing some form of malware API hooks publicly, then a month later and much to Hutchins public surprise, it turns up in Kronos, heavily adapted to weaponize it and turn it into something useful. According to the Kronos analysis on malwarebytes:

    1. The API hooks had been shown previously, suggesting that both Hutchins and the Russian-speaking Kronos author had lifted the concept from elsewhere

    2. The other common factor was use of a particular lock instruction

    3. Kronos is quite different from Hutchins code, involving an extra layer of difficulty in using shellcode instead of a pe file, combined with some counter-surveillance and anti-detection techniques

    So, the FBI appear to be gambling a couple of decades of gradually-fostered goodwill between white-hats and the authorities on the use of a single command, to try and show intent of financial gain by a guy who donated his $10k wannacry bounty to charity. Uh yeah, good luck with that.

    Regardless of what happens, why would Hutchins collaborate with the NCSC again?

    Weirdly, malwarebytes goes so far as to patronise Hutchins by declaring that Kronos is the work of a 'mature malware author', rather than an 'experimenting youngster'. Sort of a backhanded exoneration, if you will.

  32. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like