@MalwareTech Arrested — why America will lose the Cyberwar

WannaCry Hero Marcus Hutchins

Every year, shortly before or after DefCon, it seems that the government likes to surprise the black/white/grey-hat community with a yearly bust.

This year, it was WannaCry Hero also known as @MalwareTech, for allegedly creating the Kronos Banking Trojan. This charge immediately raised eye-brows across Twitter.

This isn’t the first time the Government has charged a hacker on flimsy grounds. You may remember hackers such as Aaron Schwartz and Weev, the former of which committed suicide, while the latter came out of prison a neo-nazi.

Weev post-prison.

Aaron was a talented software engineer who helped created RSS and Reddit. Weev was a talented hacker who went to jail over a simple IDOR vulnerability. At the time of his sentencing, Weev received more jail-time than the Steubenville Rapists . He now rants about white supremacy, and denies the existence of nuclear weapons.

“I have never been counter signaled so much, when I insulted anime and said that nuclear weapons aren’t real”

The Bigger Picture

The bigger picture is that the relationship between hackers and the US Government is a story of ‘two steps forward, one step back’. The feelings from the tech community can be best summarized in this Hacker News comment:

Obama and his DoJ instead go to SXSW and give insulting, condescending talks about how we should stop working on “cat apps” and come be a drone for Uncle Sam. Why? So you can demand all our expertise but trust none of our judgement? So you can underpay us, give us no voice at the table, but then insult our intelligence by acting like serving these crooks is some noble cause? Lawyers run the country, Congress is all lawyers and no engineers. But then they run into problems related to technology and they say “bring in the nerds”. Well, the word you’re looking for is experts, and they’re in the West Coast making way more money and building real technology instead of bureaucratic bullshit and illegal authoritarian tools of oppression. And maybe smoking recreational marijuana without having to bullshit their way through some bogus polygraph (not that those even work). I can’t imagine anyone but the most naive would work for the NSA, FBI, or CIA if they had any other options.

If nothing changes, we will lose the cyberwar.

America is the only player to treat their talent pool with such disdain, disregard, and disrespect. How do the other players treat their talent pool?

Iran pays their hackers $100,000/month, they’re one of the most active players and actively recruit from within and abroad.
Israel recruits anyone with an ounce of competence once they start their military service. Do you know why you never seen Israeli hackers in the black-hat community? They’re all working in Unit 8200 or in the private sector. Israel fully utilizes their InfoSec talent.
Russia has a don’t shit where you eat policy, as long as you’re not targeting Russians, they will turn a blind eye. Russian hacking forums also dominate the underground community.
China has both military, civilian, and semi-civilian(whatever that means) groups that are very active. Has anyone ever heard of China arrested a single hacker?
India absolutely loves their hackers. Need to target some pesky journalists? No problem, just go to your local police station. They know a guy who knows a guy. Even your hacking gigs are being outsourced to India.

One thing is clear, drastic political, cultural, and policy changes need to happen before it’s too late.