The author of a banking Trojan called Nuclear Bot — a teenager living in France — recently released the source code for his creation just months after the malware began showing up for sale in cybercrime forums. Now the young man’s father is trying to convince him not to act on a job offer in the United States, fearing it may be a trap set by law enforcement agents.
In December 2016, Arbor Networks released a writeup on Nuclear Bot (a.k.a. NukeBot) after researchers discovered the malware package for sale in the usual underground cybercrime forums for the price of USD $2,500.
The program’s author claimed the malware was written from scratch, but that it functioned similarly to the ZeuS banking trojan in that it could steal passwords and inject arbitrary content when victims visited banking Web sites.
Malware analysts at IBM’s X-Force research division also examined the code, primarily because the individual selling it claimed that Nuclear Bot could bypass Trusteer Rapport, an IBM security product that many banks offer customers to help blunt the effectiveness of banking trojans.
“These claims are unfounded and incorrect,” IBM’s researchers wrote. “Rapport detection and protection against the NukeBot malware are effective on all protection layers.”
But the malware’s original author — 18-year-old Augustin Inzirillo — begs to differ, saying he released the source code for the bot late last month in part because he wanted others be able to test his claims.
In an interview with KrebsOnSecurity, Inzirillo admits he wrote the Nuclear Bot trojan as a proof-of-concept to demonstrate a method he developed that he says bypasses Rapport. But he denies ever selling or marketing the malware, and maintains that this was done without his permission by an acquaintance with whom he shared the code privately.
“I’ve been interested in malware since I [was] a child, and I wanted to have a challenge,” Inzirillo said. “I was excited about this, and having nobody to share this with, I distributed the code to ‘friends’ who tried to profit off my work.”
After the source code for Nuclear Bot was released on Github, IBM followed up with a more in-depth examination of it, which argued that the author of the code appeared to release it in a failed bid to shore up his fragile ego.
According to IBM, a hacker calling himself “Gosya” tried to sell the malware in such a clumsy and inexperienced fashion that he managed to get himself banned from multiple cybercrime forums for violating specific rules about how such products should be sold.
“He did not have the malware tested and certified by forum admins, nor did he provide any test versions to members,” IBM researchers Limor Kessem and Ilya Kolmanovich wrote. “At the same time, he was attacked by existing competition, namely the FlokiBot vendor, who wanted to get down to the technical nitty gritty with him and find out if Gosya’s claims about his malware’s capabilities were indeed viable.”
The IBM authors continued:
“In posts where he replied to challenging questions, Gosya got nervous and defensive, raising suspicion among other forum members. This was likely a simple case of inexperience, but it cost him the trust of potential buyers.”
“For his next wrong move, Gosya started selling on additional forums under multiple monikers. When fraudsters realized that the same person was trying to vend under different names, they got even more suspicious that he was a ripper, misrepresenting or selling a product he does not possess. The issue got worse when Gosya changed the malware’s name to Micro Banking Trojan in one last attempt to buy it a new life.”
Inzirillo said the main reason he released his code was to prevent others from profiting off his creation. But now he says he regrets that decision as well.
“It was a big mistake, because now I know people will reuse my code to steal money from other people,” Inzirillo told KrebsOnSecurity in an online chat.
Inzirillo released the code on Github with a short note explaining his motivations, and included a contact email address at a domain (inzirillo.com) set up long ago by his father, Daniel Inzirillo.
KrebsOnSecurity also reached out to Augustin’s dad, and heard back from him roughly an hour before Augustin replied to requests for an interview. Inzirillo the elder said his son used the family domain name in his source code release as part of a misguided attempt to impress him.
“He didn’t do it for money,” said Daniel Inzirillo, whose CV shows he has built an impressive career in computer programming and working for various financial institutions. “He did it to spite all the cyber shitheads. The idea was that they wouldn’t be able to sell his software anymore because it was now free for grabs.”
Daniel Inzirillo said he’s worried because his son has expressed a strong interest in traveling to the United States after receiving a job offer from a supposed recruiter at a technology firm which said it was impressed by Augustin’s coding skills.
“I am very worried for him, because some technology company told him they wanted to fly him to the U.S. for a job interview as a result of him posting that online,” Daniel Inzirillo said. “There is a strong possibility that in one or two weeks he’s going to be flying to California, and I am concerned that maybe some guy in some law enforcement agency has his sights on him.”
Augustin’s dad said he had hoped his son might choose a different profession than his own.
“I didn’t want him to do software development, I always wanted him to do something else,” Daniel said. “He was introduced to programming by a math teacher at school. As soon as he learned about this it became a passion for him. But I was so pissed off about this. Even though I have been doing software all my life, I didn’t have a good opinion about this profession. I got a degree in software development as a kind of ‘Plan B,’ but I always felt there was something missing there, that it wasn’t intellectually satisfying.”
Nevertheless, Daniel said he is proud of his son’s intellectual abilities, noting that Augustin is completely self-taught in computer programming.
“I haven’t taught him anything, although sometimes he comes and he asks me some questions,” Daniel said. “He’s a self-made made man. In terms of software security and hacking, nearly everything he knows he learned by himself.”
Daniel said that after he and his wife divorced in 2012, his son went from being the first or second best student in his class to dropping out of school. After that, computers became an obsession for Augustin, he said.
Daniel said his son is extremely opinionated but not very emotionally intelligent, and he believes Augustin has strong misgivings about his chosen path. By way of example, he related a story about an incident in which Augustin was recently arrested after an altercation at a local establishment.
“When he got arrested, for no reason, he blurted out everything he was doing on his computer,” Daniel recalled. “The policemen couldn’t believe he was telling them that for no reason. I realized at that moment that he just wanted to get out. He didn’t want to continue doing what he was doing.”
Daniel said he’s deeply concerned for his kid’s future, but also recognizes that his son won’t listen to his counsel.
“He respects me, he admires me, and he knows in terms of software development I’m very good, and he wants to become like me but on the other hand he doesn’t want to listen to me,” Daniel said. “If my vision of things is written about, that might help him. But I’m also worried now that he might feel I have hijacked his notoriety. This is his story, his way of surpassing me, and he might hate me for being here.”
Augustin said he wasn’t interested in discussing his father or his family life, but he did confirm (without elaborating) that he recently was offered a job in the United States. He remains somewhat ambivalent about the opportunity, but indicated he is leaning toward accepting it.
“Well, I don’t think it’s fair that I would feel bad about getting a job because of this code, I just feel bad about having released the code,” he said. “If people want to offer me something interesting as a result, I don’t think it makes sense me saying no.”
He should definitely be worried that the job offer is a trap. It’s sounds like this young man is making a lot of bad decisions very early in his life. He seems to have a knack from programming, but it will probably be wasted in a jail cell.
When he lands at LAX it’s not the feds he should be worried about. it’s the TMZ film crew he should be concerned with
How old is this kid?
18. From the article, “But the malware’s original author — 18-year-old Augustin Inzirillo – …”
If it was a snake, it woulda bit me.
He can not be 18 years old if his CV states:
“1988 – Bachelor of Science, Physics, Honours Degree with Distinction (equivalent to UK First)”
That CV is not Augustin’s; it belongs to Augustin’s dad.
Evelyn Wood strikes again.
The Dad sounds pretty arrogant, did he come off as such during the interview?
No, he came across as genuinely concerned about and affectionate for his son.
From this description, father and son seem similarly flaky and inadequate. Is this a common feature of “software people”? Or is the sample way too small and skewed to leap to such a conclusion. Sadly, I fear sample limitations constrain my preferred hypothesis 🙂 .
Keep in mind that of these hacker types very very few are really what I would consider to be ‘software people’, pretty sure I wouldn’t hire 999/1000 based on their extreme lack of any real programming skills.
Look at the code for these tools… It’s far below the quality standards for most commercial software products. I honestly am skeptical when any of them are referred to as being talented because if you look at most of the source for this kind of stuff it’s a duct taped mess of copy and pasted crap and poorly organized code with idiotic naming. Copying 100 lines of code that exploits a vulnerability doesn’t make you a good programmer. Even the people who have made big name products in this industry wouldn’t land a junior dev job at a decent company.
Agree completely. If this hacker figured out a way to trick Rapport, that makes him a clever hacker coder, but it doesn’t make him a software developer.
He probably doesn’t know..
-coding standards
-project version control
-agile development (or any SDLC)
-collaborative coding
-defect tracking
… or a hundred other things that a real software developer needs to know.
I would he highly suspicious of a job offer based on hacker code.
Yeah and that’s not even mentioning the fact that they don’t have even a rudimentary understanding of programming concepts like Separation of Concerns or encapsulation. Not that I study malware source much but what I have seen has had very poor organization/project structure and a lack of meaningful type and variable names. I would guess most of them are copy/pasting code snippets then massaging that into what they need through trial and error while never having a very good understanding of what the code is actually doing.
And those are the people who are considered ‘talented’, the majority of these folks probably couldn’t even write FizzBuzz successfully.
I doubt he got this far without reading at least one book from his fathers closet in OE programming. Judgy….
Many in the hacking scene are doing it for fun and why would we know programming standards by default when we all learnt from hacking forums and sticking code together. People should be less quick to criticize this child and more open to embracing his creative and inquisitive nature. Nobody learns programming standards and patterns and how to use project version control or eloquently comment their code. It IS highly impressive . What he managed to achieve is make a marketable banking trojan. Stick and paste or not, whether that was his intention or not. One which circumvented current security software and browsers and over-reached beyond any of the current software available for sale. He’s an 18 year old young self taught programmer, and he should be given the highest of praise for elevating himself to a level which could be considered graduate all of his own volition. I take my hat off to him. And i wish him a great future on the right side of the law under mentors who have been academically schooled who can channel his energy and enthusiasm in a positive direction. His father sounds very nice and I wish them both all the best. m0z
^ Found Augustin’s dad
Software is a big tent. The kid might not fit into a usual development team, but he might make a crackerjack vulnerability researcher. I’d rather see him doing that than blundering his way to jail.
You and I read things very differently. Daniel’s comments came across to me as a concerned father and Augustin’s portrayal came across as a veery misguided youth. I started reading the story with the preconception that these two were attempting a PR move to sway the public and law enforcement into sympathy. By the end of the story, I was not so sure.
I am a software developer and have been for more than 35 years. We have flakey people, usually wanna-bes, in our industry. It is wrong and presumptuous to brand everyone in such broad strokes.
I also feel that this might be a law enforcement trap. Maybe the best thing for Augustin is to turn himself over and express contrition for his actions. At that time, hopefully he will be able to rebuild his life with a fresh start only on the right road. It sounds like he wants out and maybe he can turn himself into a White Hat instead.
This kid is going to get a black bag over his head as soon as he deplanes in SanFran and he’ll be dragged to prison, don’t pass go, don’t collect $200.
Sigh. I know everything about stubborn teenagers.
I think he should trust the FBI. He’s just a young man, and cops are auxiliary parents, here in the land of Norman Rockwell. (/s . . . just in case)
I hope the job offer in the US is a law enforcement sting, that the kid is arrested, convicted and sent to prison for developing software to steal from innocent people.
In russia and eastern europe many talented people live in big poverty..social system not even existing. Goverment officials simply stealing from people. my question is what can you do it with your skills and talent there ?? Nothing coz nobody don’t even care about. You can be so talented and skillful but still uou got no job there !! i think we all should undestood more about how things are really working and what is really going on.
we should find out why soneone is doing bad things…lets fix the problem and then we get to somwhere. Otherwise we still face with same issues over again. We should start fixing the very problem roots First. Coz yes its sad to see talented people going in to jail just coz of political games and big fishes are just using them as simple ” tankists” like did trotsky who was communist
who teached to be against capitalists…but same time its controlled from the same hand wich supporting you with money and equipments to fight against capitalist.
people do bad things when they been treated bad those people are tricked into traps.and this young talented guys here are victims of this corrupted system. coz if they do it in russia then russia feds will take all the money by force from them anyways.
at the end they will end up with nothing.
my opinion is just do legal work coz its not worted to be pawn in the chess board.
Anger issues? He didn’t develop the software to steal from people. He’s a kid and made a number of mistakes.
“Daniel (Inzirillo ) said his son is extremely opinionated but not very emotionally intelligent”
Does Augustin Inzirillo have autism ? They say a lot of hackers have autism.
+1
“…cyber sh1theads.” That describes a lot of people. That quote made the article (and made me smile).
And makes Dad sound not really arrogant, but pissed off, and rightly so, at the crowd of miscreants his son has fallen in with.
It would be a shame for a talented young guy like this to be arrested in a country like the US that doesn’t invest in reducing recividism. On the other hand, if he got a job with a decent company it could be a really great place for him to grow and learn how to someday use his talent for good.
Funny how “crackers” love to discount IBM’s end point protection, but then on the other hand, they admit Rapport is a standard they would like to bust.
I feel vindicated for standing up for Rapport in the forums, once again! I always knew their claims of its vulnerabilities were greatly exaggerated! Not even to mention the fact that it is closely monitored and updated by IBM, and supported 100% as near as I can tell. It has always passed any test I have thrown at it. I also find it somewhat amusing, that the browser developers now try to keep ahead of IBM’s end point protection developments, instead of the other way around. If a browser seems to quit working with Rapport, I quit using the browser (even though tests show Rapport is still resident and operational) There is always one of the big three browsers that obviously cooperates with this protection scheme. They all eventually tow the line and work with Rapport literally in the end.
Like father, like son. In this case both complete idiots.
You sayin’ the sap don’t dribble far from the tree?
Brian,
Last night you asked me if you “could prevail on me to use” my comments, and I told you that I would only accept if I thought it would be beneficial to Augustin, that I needed to think about it and be told what you wanted to use. Then you used all my comments without my authorisation. In any case, it was clear that I was talking to you as a concerned father hoping that you could convince my son to not risk going to jail. It was clear that I was not talking to you as a journalist, so that you could make my thoughts public. Your excuse, that I only asked you to keep the conversation private after I had expressed my worries to you, and that by that time my comments were on the record, is very poor. It should be the other way around: you, and all your scooping colleagues, should tell your interlocutors at the beginning of the conversation that they are not talking to a human being but to a journalist, and that everything and anything they say may be made public. To say it euphemistically: You have deeply disappointed me.
I’m not sure you are helping your son – I thought Brian’s treatment of the subject was very humane and compassionate!
On the other hand, the 1st Amendment deems journalists also have a responsibility to freedom of speech, and to the public good. i think that outweighs anything else here.
Have your son read the comments in this article and point out how many of them think the job offer is legitimate. It is clearly an invitation to jail.
M. Inzirillo: Beyond your son actually heeding your advice, Brian’s article is quite likely the best thing that can happen for your son at this point, in my humble opinion. Brian has shined a father’s light onto this young man, and has shown his human side. This will, hopefully, lighten the yoke that others will wish to place upon him.
Personally, I too would be pensive about the alleged job offer in the states. Moreover, this is the US we’re talking about, and I am sure that if they want your son, they will have little difficulty in obtaining him. He is only in France, after all.
Daniel,
I know you are hurt by what you feel is an infraction by Brian. Being a father of four all I can do is offer empathy towards the situation. I think Brian presented your side with sincerity. With all do respect to your sons situation I suspect he IS quite brilliant, and with a caring father trying to be protective of your relationship with your son again I think Brian did a great job. If this article hurts the relationship, then it was meant to be I supposed however from my perspective it shows a fathers love for his son in a potentially bad situation. It shows the HUMAN side of this somewhat nasty business. I think that is part of what the intention was. Maybe like many of us I was reading too much into it. All I can say is Daniel its obvious to me you love your son. I hope he reads it and gets that from the article as well.
Brian is helping your son. I hope you realized that.
My advice is to tell Augustin that a job offer in the United States starts with a Skype interview. Actually, he should have multiple Skype interviews with managers and developers before he considers traveling for in-person interviews. He should get a complete idea of what they want and how he fits what they want. Otherwise, like you, I would question if the job offer is authentic.
This is actually really good advice. Any decent software org is going to do a team based interview with the candidate talking to probably a half dozen people over the course of a day. If you can’t conduct much of this via online video conferencing that should be a red flag that the job isn’t real or isn’t worth having.
Daniel,
Your son is definitely in danger of prosecution under US law, by my understanding. The US has very severe penalties for anyone who produces software designed to evade security measures, especially financial institutions. In the best case scenario, the job offer is legitimate. Even then, he will pass through the invasive background checks of US Customs & Immigration and they will easily find this information in their internet searches on his background. Especially if he flags himself as a potential job candidate for software development.
AT MINIMUM, you should be talking to a lawyer about this travel plan. You should review the relevant law yourself and look at what has happened to other “hackers”, even the benevolent ones who simply wanted to help companies improve their security. I am not a lawyer. I’ve just heard the horror stories and the current administration is even more zealous about background checks. He’s walking directly into a buzzsaw, and Trump will probably have a nice press conference about this ‘evil bank hacker’ his security team apprehended.
If I were you, I would do everything I could to convince him not to travel to the US without some legal assurances. Good luck.
Brian, I suspect what Mr. Inzirillo says is true and if it is you should remove anything he did not give you permission to publish. We all make mistakes, but it’s how we react to them that makes a difference.
Mr. Inzirillo called me. And we spent 45 minutes on the phone together, and only after our conversation ended did he intimate he wasn’t sure whether he wanted to be quoted at all. In any journalism book that is fair game for quoting.
Daniel,
Here is my advice. Take it or leave it. Tell your son to stay in France, go to college, study programming and learn the skills that “vb” mentioned in an earlier post. In a few years, after he has his degree, some internships, etc, he can apply for a job in the US. By then hopefully the statute of limitations will have taken its course, but even so, you should talk to an immigration lawyer (a good one) before boarding the plane. Good luck!
Brian, you mentioned in your article that the ‘claim to fame’ of this malware is that it would circumvent Trusteer Rapport protection. Was it ever shown to do that, or were those claims overblown? Thanks!
I don’t know. The code is now public, so ostensibly anyone could test the author’s claims about that. So far as I know, the only company to say the claims are bogus are the ones who own the product. I haven’t seen any other reviews.
Well, look at the youtube link he added on his github, he’s proving everything
Also, there may be more info here https://www.youtube.com/watch?v=co7T9CHxYZw
Thanks Brian. I’ve been curious since IBM took over how effective Rapport still was vs. the cost to deploy. I wonder if there are better solutions available now…
Thanks Brian. I’ve been wondering since IBM took over, how effective Rapport still is vs. the cost to deploy. Are there better solutions available now?
My understanding is that Rapport runs on both the user’s computer and the bank’s server. The concept is that it provides encryption of the actual keystrokes and makes a keystroke logger impossible to intercept unencrypted keystrokes. This encryption continues until the data gets to the bank, making a man-in-the middle attack useless as well. I would be surprised if you find anything else that works like that, especially if Rapport has patent protection.
In, I believe 96, key stroke loggers were shown to be in the BIOS, prior to OS involvement. Believe that was an Microsoft paper. Back in the DOS era. Shurly they have made improvements since then.
How many of you critics can write malware, especially a bot that brings such fear to IBM as to warrant IBM spending $ and directing resources to investigate the malware’s claims…at the age of EIGHTEEN!
I’m pretty sure if I chose write malware I would be one of the top non-state-actor authors on the scene because these people are pitifully incompetent at writing software. I also happen to be on a security team at an org that highly values security so I don’t think it would be much of a challenge for me to translate my mastery of REAL engineering into making these little toy programs.
I haven’t viewed a piece of source in malware that would even be allowed to be checked in anywhere I’ve worked… Like the bar is extraordinarily low. It’s all relative, ‘talent’ in this field seems roughly equivalent to unemployed in the job market I participate in.
You’re right that these are just one-off “toy” programs. But do you really believe that your conceptualization of REAL engineering matters one iota when it comes to designing malware? What the hell is REAL engineering supposed to mean, anyway? Maintainability/extensibility/reliability? No use at all to the sort of adversarial thinking required to find bugs and turn them into exploits. It’s a completely different skillset. If you think security is all about writing ENTERPRISE-grade, forward-looking, production-ready STIG implementations, you are woefully mistaken.
Don’t know if necessary ‘fear’, but just alert about the possibility of a new big threat. And he is reponsible for what he did (malware), nobody forced him to make it, he just have to face the consequences, there is a lot of ppl who are not inspired or helped by the family, and it does not make them forced to move to criminal life
Brian, your YouTube link is down. Also the GitHub posting with the source code was removed. This sh*#head kid for sure doesn’t know what he is doing.
I say, sure let him come to U.S.. I can’t imagine any sensible company offering him a job though. What I would offer him is 10 years for his work. How does that sound?
PS. And maybe his dad should’ve taught him something in programming instead of neglecting him.
I also steered my son away from programming. I did not want my son exposed to the Microsoft crap that always works better with the next bug fix. He’s an adult now, and working with Minecraft servers which use Java and Linux and I’m okay with that.
Very bad coding quality.
not good
I don’t know what is worst about this thread:
1) Programmer puffery about the kid’s lack of skills, despite which he created something beyond the ability of most of you (if it does work), and a lot of us (even if it doesn’t fully work).
2) Unfiltered hate towards a father and son that people don’t know and just feel they can pass judgment on.
Young Daniel needs to be told that he doesn’t have to come to the US – MANY programmers are hired remotely and NEVER visit the US. Given the controversy about his software I would say the level or risk is high. Even if the company offering the job is legit, government agencies may be monitoring the exchanges and pick him up before or after the job interview. He’s on the International stage now and needs to realize that unlike many obvious criminal hackers he would be an easy target for some agency to arrest to make themselves look like they are making progress.
Going to jail is more likely to push him into really being a criminal, where a “second chance” may scare him straight.
Finally, we all know that “hackers” don’t write corporate code. And we also know they can come up with some pretty amazing (albeit criminal and ofter very harmful) things. All you pros that disrespect what hackers do are just protecting YOUR egos. And that’s NOT professional, IMO.
Some good points yes. I don’t disrespect hackers, its “crackers” that I have disdain for. White hats – thumbs up – black hats – thumbs down.
I don’t know why they’d need to resort to tricking him to come to the US to arrest him, France (like most of western Europe) has an extradition treaty with the US.
Normally the US just tricks someone living in a country w/o an extradition treaty (e.g. Russia) into traveling to an area that has an extradition treaty (e.g. Guam, Spain, etc.).
Trey’re not required to extradite. France may not be willing to extradite him, like they have with Roman Polanski.
That was Switzerland.
I would suggest IBM hire him to fix the security holes in Rapport. Have any banks tested this out against Rapport ? The kid sounds like a genius to me. He should develop a security product – get millions in funding – and have signs at the airport marketing it like Cylance.
Can I just say that this comment section is absolutely disgusting? Not only poor kid got thrown into a spotlight for something stupid he has done (which, by the way, completely understandable in his age) but his father gets called names too.
Seriously, why?
(Excerpt from this article)
“In an interview with KrebsOnSecurity, Inzirillo admits he wrote the Nuclear Bot trojan as a proof-of-concept to demonstrate a method he developed that he says bypasses Rapport…”
The above would seem to indicate that this young man has not learned there are “appropriate” ways to present any ‘proof of concept’. Perhaps some enlightenment in this regard will aid him in any such future endeavors.
Augustin, you know how much smarter you are now than when you were, 16, and when you were 16 how much smarter you were than 12. Imagine how the 25 year old you will think of your 18 year old self… This is normal. The older version of you will happen, just make sure you don’t F life up for him.
The US job is obviously a trap. I live in the US, they love to put people in prison, it keeps the budgets up. We have the largest prison population in the world, and it’s not because they all deserve to be there, its a business, and a dirty one.
We are all victims of missed opportunities and mistakes, nobody gets it all right. You’ll be fine, just take your time and don’t be in a hurry. You may not want your dads advice, but he is likely the only person not trying to take advantage of you. Have fun.
I have to admit, malware interests me too, so much so that I think it would be fun to work in reverse-engineering for an anti-malware company. But I would never code something that can be used for crime and then release the source code, and follow up with some falsely remorseful statement implying that I had no idea someone would use it for illegal purposes. What do you expect when you make a program made to bypass security measures?
Hi brian i wanted to ask you if is any banking malware
A threat today like zeus
Mr. Robot script anybody??
““When he got arrested, for no reason, he blurted out everything he was doing on his computer,” Daniel recalled. “The policemen couldn’t believe he was telling them that for no reason. I realized at that moment that he just wanted to get out. He didn’t want to continue doing what he was doing.””
He should not come to the US. Once on US soil law enforcement can arrest. It makes no difference the reason for the visit.
You are entirely correct. He will get charged under Computer Misuse Use Act Section 36 the second they get the chance to give him a new set of stainless steel bracelets.
Hi Krebs,
I hope you do understand that Gosya=AlphaLeon. You know me from Lampeduza, we talked a lot, well me and your avatars/agents. That’s was up yo
Kid, just do your time or don’t complain/ask for advice.
It’s so desperated to see how fast you guys are believing a story… Father discovered his son’s activity on the internet, the Father gets in panic, he feels the Heat and brings this fairy tail in the World. Not only his son will be arrested by this stupid actions of the Father, the Father is trying to proof with the story he is not really guilty.
Father, why you panic so fast?