Subscribe to our free daily newsletters
. Military Space News .

Subscribe to our free daily newsletters

Arrest shines light on shadowy community of good, bad hackers
By Rob Lever
Washington (AFP) Aug 4, 2017

Cyber-security training center opens in Maryland
Washington (UPI) Aug 4, 2017 - Baltimore Cyber Range LLC and Elbit subsidiary Cyberbit Ltd., have opened a cyber-security training and simulation center in Maryland.

The center is powered by the Cyberbit Range Platform and provides simulation training in protecting national assets and infrastructure.

"I am very pleased to celebrate the opening of Baltimore Cyber Range," Maryland Gov. Larry Hogan said in a news release. "With our skilled workforce, world-class academic community, and proximity to the federal government, Maryland has truly become the cyber capital of the world.

"This state-of-art center will help ensure that even more Marylanders are fully trained and prepared to meet the demands of 21st century jobs," Hogan added.

Israel's Elbit Ltd, in announcing the opening of the center, referenced U.S. labor statistics that highlight a critical shortage of capable IT and cybersecurity professionals in the country -- 200,000 unfilled cyber-security jobs, a number that will increase to 1.5 million by 2019.

The Baltimore Cyber Center will help provide the cyber-security skills needed for employment in the sector, the company said.

The facility allows cyber-security practitioners the opportunity to experience the latest real-world cyber threats in a controlled and sequestered environment to improve their hands-on skills. It can simulate large-scale virtual networks and attacks based on real-world incidents, pinpoint system vulnerabilities and help users develop counter-measures.

Two months ago, Marcus Hutchins was an "accidental hero," a young computer whiz living with his parents in Britain who found the "kill switch" to the devastating WannaCry ransomware.

Today, the 23-year-old is in a US federal prison, charged with creating and distributing malicious software designed to attack the banking system.

His arrest this week stunned the computer security community and shines a light on the shadowy world of those who sometimes straddle the line between legal and illegal activities.

Hutchins' arrest following Def Con in Las Vegas, one of the world's largest gathering of hackers, delivered "an extreme shock," according to Gabriella Coleman, a McGill University professor who studies the hacker community.

"The community at Def Con would not admire a hacker who was doing hard-core criminal activity for profit or damage -- that is frowned upon," Coleman told AFP.

"But there are people who do security research... who understand that sometimes in order to improve security, you have to stick your nose in areas that may break the law. They don't want to hurt anyone but they are doing it for research."

Hackers are generally classified as "white hats" if they stay within the law and "black hats" if they cross the line.

At gatherings like Def Con, "you have people who dabble on both sides of the fence," said Rick Holland, vice president at the security firm Digital Shadows.

An indictment unsealed by US authorities charges Hutchins and a second individual -- whose name was redacted -- of making and distributing in 2014 and 2015 the Kronos "banking Trojan," a reference to malicious software designed to steal user names and passwords used at online banking sites.

- Hacker mindset -

James Scott, a senior fellow who follows cybersecurity at the Institute for Critical Infrastructure Technology, said it is sometimes difficult to separate the white hats from the black hats.

The hacker mindset includes "an insatiable need to satisfy their intellectual curiosity," Scott said.

"Hackers have that thing, they can't sleep. It's persistent and it's constant and it can drive you nuts."

Scott said he did not know details of the Hutchins case but that it is possible he wrote code that someone else "weaponized."

Rob Graham of Errata Security said he came to a similar conclusion, that Hutchins "wrote some code, but everything else was done by the other guy... As a writer of code sometimes used in viruses, this worries me."

Friends and collaborators of Hutchins -- known by his online moniker "Malwaretech" -- said they found the allegations hard to believe.

"He worked with me on a project in 2014 he refused payment for," said a tweet from Jake Williams of Rendition InfoSec. "This is incongruous with a black hat writing code for money at the same time."

Security researcher Andrew Mabbitt tweeted that Hutchins "spent his career stopping malware, not writing it."

- 'More circumspect' -

Regardless of the outcome of the case, some security professionals said the arrest could erode trust between the hacker community and law enforcement.

Coleman said hackers and researchers already tread carefully in light of the Computer Fraud and Abuse Act, a law that makes it illegal to access a computer system without authorization and has been roundly criticized by some security professionals.

"The statute is very broad and it can be wielded as a tool against researchers," Coleman said.

She noted that many in the hacker community are still reeling over the 2013 suicide of activist Aaron Swartz, who was charged under the same law for illegally downloading academic journals.

Hutchins' arrest "might actually drive certain security researchers further underground," said John Dickson of Denim Group, a security consultancy.

"I know several security researchers from Europe, whom I consider on the 'white hat' side of the house, who will no longer travel to the US to be on the safe side."

Holland of Digital Shadows added that the news "could make people more circumspect about who they may collaborate with."

Scott said the arrest may be counterproductive for cybersecurity because hackers like Hutchins help expose security flaws in order to fix them.

"The establishment needs hackers more than hackers need the establishment," he said.

Scott added that Hutchins' obvious talents could make him an asset for national security instead of a liability.

"I wouldn't be surprised if a federal agency made him an offer he can't refuse," Scott said.

"A guy like that should be at Fort Meade," he added, referring to the headquarters of the National Security Agency.

UK security researcher 'hero' accused of creating bank malware
San Francisco (AFP) Aug 3, 2017
A British computer security researcher hailed as a hero for thwarting the "WannaCry" ransomware onslaught was in US custody on Thursday after being indicted on charges of creating malware to attack banks. Marcus Hutchins, known by the alias "Malwaretech," was charged in an indictment dated July 12 and unsealed this week by federal authorities in Wisconsin. The US Justice Department said ... read more

Related Links
Cyberwar - Internet Security News - Systems and Policy Issues

Thanks for being here;
We need your help. The SpaceDaily news network continues to grow but revenues have never been harder to maintain.

With the rise of Ad Blockers, and Facebook - our traditional revenue sources via quality network advertising continues to decline. And unlike so many other news sites, we don't have a paywall - with those annoying usernames and passwords.

Our news coverage takes time and effort to publish 365 days a year.

If you find our news sites informative and useful then please consider becoming a regular supporter or for now make a one off contribution.

SpaceDaily Contributor
$5 Billed Once

credit card or paypal
SpaceDaily Monthly Supporter
$5 Billed Monthly

paypal only

Comment using your Disqus, Facebook, Google or Twitter login.

Share this article via these popular social media networks DiggDigg RedditReddit GoogleGoogle

US successfully tests missile intercept system

S. Korea speeds up US missile defence over North's missile test

Arleigh Burke-class destroyer Ralph Johnson completes builders trials

Yemeni rebel missile shot down near Mecca: Arab coalition

Lockheed receives $161.4M ATACMS missile life-extension contract

Pentagon alarm over Turkey plan to buy Russian missiles

Lockheed demos deck-launched variant of LRASM

Iran rules out halt to missile tests as tension with US rises

Northrop Grumman receives contract for MQ-4C Triton surveillance UAVs

The flying kettle

Insitu receives contract for Afghan ScanEagle UAS services

Special focus on formation control of unmanned systems

82nd Airborne tests in-flight communication system for paratroopers

North Dakota UAS Training Center Depends on IGC Satellite Connectivity

SES Government Solutions lands additional MEO Beam task order with DoD

New combat survival radio by General Dynamics

Blast at rebel Georgian arms depot injures 50: Russia media

LOC Performance receives $49.1 million Bradley upgrade contract

Canadian armed forces to receive new machine guns

Slovakia deploys Saab's Carl-Gustaf M4 weapon

BAE plans defense hub in Australia; as group profits soar

Japan's scandal-hit defence chief resigns

GAO report details sting operation that defrauded DOD surplus program for police

White House to issue executive order on defense industry sourcing

Wintershall warns U.S. against playing 'geopolitical football.'

China unmoved as Trump rails over North Korea

Turkey replaces land, air, naval forces commanders: official

Sky's the Limit for Joint Russian-Chinese Eurasian Air Defense Zone

New method promises easier nanoscale manufacturing

Nanoparticles could spur better LEDs, invisibility cloaks

New material resembling a metal nanosponge could reduce computer energy consumption

How do you build a metal nanoparticle?

Memory Foam Mattress Review
Newsletters :: SpaceDaily :: SpaceWar :: TerraDaily :: Energy Daily
XML Feeds :: Space News :: Earth News :: War News :: Solar Energy News

The content herein, unless otherwise known to be public domain, are Copyright 1995-2017 - Space Media Network. All websites are published in Australia and are solely subject to Australian law and governed by Fair Use principals for news reporting and research purposes. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA news reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. All articles labeled "by Staff Writers" include reports supplied to Space Media Network by industry news wires, PR agencies, corporate press officers and the like. Such articles are individually curated and edited by Space Media Network staff on the basis of the report's information value to our industry and professional readership. Advertising does not imply endorsement, agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. Privacy Statement