Category Archives: Other

Who Is Marcus Hutchins?

September 5, 2017

In early August 2017, FBI agents in Las Vegas arrested 23-year-old U.K. resident Marcus Hutchins on suspicion of authoring and/or selling “Kronos,” a strain of malware designed to steal online banking credentials. Hutchins was virtually unknown to most in the security community until May 2017, when a British newspaper revealed him as the “accidental hero” who inadvertently halted the global spread of WannaCry, a ransomware contagion that had taken the world by storm just days before.

Relatively few knew it before his arrest, but Hutchins for many years authored the popular cybersecurity blog MalwareTech. When this fact became more widely known — combined with his hero status for halting Wannacry — a great many MalwareTech readers quickly leapt to his defense to denounce his arrest. They reasoned that the government was overstepping on flimsy evidence, noting that Hutchins has worked tirelessly to expose cybercriminals and their malicious tools. To date, some 226 supporters have donated more than $14,000 to his defense fund.

At first, I did not believe the charges against Hutchins would hold up under scrutiny. But as I began to dig deeper into the history tied to dozens of hacker forum pseudonyms, email addresses and domains he apparently used over the past decade, a very different picture began to emerge.

In this post, I will attempt to describe and illustrate more than three weeks’ worth of connecting the dots from what appear to be Hutchins’ earliest hacker forum accounts to his real-life identity. The clues suggest that Hutchins began developing and selling malware in his mid-teens — only to later develop a change of heart and earnestly endeavor to leave that part of his life squarely in the rearview mirror.

Twitter Bots Use Likes, RTs for Intimidation

August 30, 2017

I awoke this morning to find my account on Twitter (@briankrebs) had attracted almost 12,000 new followers overnight. Then I noticed I’d gained almost as many followers as the number of re-tweets (RTs) earned for a tweet I published on Tuesday. The… Read More »

Beware of Hurricane Harvey Relief Scams

August 29, 2017

U.S. federal agencies are warning citizens anxious to donate money for those victimized by Hurricane Harvey to be especially wary of scam artists. In years past we’ve seen shameless fraudsters stand up fake charities and other bogus relief efforts in a bid to capitalize on public concern over an ongoing disaster. Here are some tips to help ensure sure your aid dollars go directly to those most in need.

Tech Firms Team Up to Take Down ‘WireX’ Android DDoS Botnet

August 28, 2017

A half dozen technology and security companies — some of them competitors — issued the exact same press release today. This unusual level of cross-industry collaboration caps a successful effort to dismantle ‘WireX,’ an extraordinary new crime machine comprising tens of thousands of hacked Android mobile devices that was used this month to launch a series of massive cyber attacks.

Experts involved in the takedown warn that WireX marks the emergence of a new class of attack tools that are more challenging to defend against and thus require broader industry cooperation to defeat.

Why It’s Still A Bad Idea to Post or Trash Your Airline Boarding Pass

August 24, 2017

An October 2015 piece published here about the potential dangers of tossing out or posting online your airline boarding pass remains one of the most-read stories on this site. One reason may be that the advice remains timely and relevant: A talk recently given at a Czech security conference advances that research and offers several reminders of how being careless with your boarding pass could jeopardize your security or even cause trip disruptions down the road.

Dumping Data from Deep-Insert Skimmers

August 22, 2017

I recently heard from a police detective who was seeking help identifying some strange devices found on two Romanian men caught maxing out stolen credit cards at local retailers. Further inspection revealed the devices to be semi-flexible data transfer wands that thieves can use to extract stolen ATM card data from “deep-insert skimmers,” wafer-thin fraud devices made to be hidden inside of the card acceptance slot on a cash machine.

Carbon Emissions: Oversharing Bug Puts Security Vendor Back in Spotlight

August 18, 2017

Last week, security firm DirectDefense came under fire for over-hyping claims that Cb Response, a cybersecurity product sold by competitor Carbon Black, was leaking proprietary from customers who use it. Carbon Black responded that the bug identified by its competitor was a feature, and that customers were amply cautioned in advance about the potential privacy risks of using the feature. Now Carbon Black is warning that an internal review has revealed a wholly separate bug in Cb Response that could in fact result in certain customers unintentionally sharing sensitive files.