Computer law expert says British hacker arrest problematic

LONDON (AP) — A computer law expert describes the evidence behind the U.S. arrest of a notorious British cybersecurity researcher as being problematic — an indictment so flimsy that it would create a climate of distrust between the U.S. government and the community of software experts.

News of Marcus Hutchins’ arrest in the United States for allegedly creating and selling malicious software able to collect bank account passwords has shocked the cybersecurity community. Many had rallied behind the British hacker whose quick thinking helped control the spread of the WannaCry ransomware attack that crippled thousands of computers in May.

Attorney Tor Ekeland told The Associated Press that the facts in the indictment fail to show intent.

“This is a very, very problematic prosecution to my mind, and I think it’s bizarre that the United States government has chosen to prosecute somebody who’s arguably their hero in the WannaCry malware attack and potentially saved lives and thousands, hundreds of thousands, if not millions, of dollars over the sale of alleged malware for two thousand dollars,” Ekeland said. “This is just bizarre, it creates a disincentive for anybody in the information security industry to cooperate with the government.”

Most Read Stories

Unlimited Digital Access. $1 for 4 weeks.

Hutchins was detained in Las Vegas as he was returning to his home in southwest Britain from an annual gathering of hackers and information security gurus. A grand jury indictment charged Hutchins with creating and distributing malware known as the Kronos banking Trojan.

Such malware infects web browsers, then captures usernames and passwords when an unsuspecting user visits a bank or other trusted location, enabling cybertheft.

The indictment, filed in a Wisconsin federal court last month, alleges that Hutchins and another defendant — whose name was redacted — conspired between July 2014 and July 2015 to advertise the availability of the Kronos malware on internet forums, sell the malware and profit from it. The indictment also accuses Hutchins of creating the malware.

The problem with software creation, however, is that often a program can include code written by multiple programmers. Prosecutors might need to prove that Hutchins wrote code with specific targets.

Another big question is the identity of the co-defendant in the case, whose name is redacted in the indictment. The co-defendant allegedly…

Read the full article from the Source…

Leave a Reply

Your email address will not be published. Required fields are marked *