Marcus Hutchins' Code Used In Malware May Have Come From GitHub

troublemaker_23 quotes ITWire: A security researcher says code has been discovered that was written by British hacker Marcus Hutchins that was apparently 'borrowed' by the creator of the banking trojan Kronos. The researcher, known as Hasherezade, posted a tweet identifying the code that had been taken from Hutchins' repository on GitHub.
Hasherezade also found a 2015 tweet where a then-20-year-old Hutchins first announces he's discovered the hooking engine he wrote for his own blog -- being used in a malware sample. ("This is why we can't have nice things," Hutchins jokes.) Hasherezade analyzed Kronos's code and concluded "the author has a prior knowledge in implementing malware solutions... The level of precision lead us to the hypothesis, that Kronos is the work of a mature developer, rather than an experimenting youngster."

Monday on Twitter Hutchins posted that "I'm still on trial, still not allowed to go home, still on house arrest; but now I am allowed online. Will get my computers back soon."

Re:

[freeze128]

No, he's innocent until proven criminally negligent.

Re: Negligence

[Anonymous Coward]

Obviously you dont know what a hooking engine is. These pieces of code can be used in many things. It was not written for malware. Are we gonna say the creators of python programming language is responsible everytime someone sends malicious scripts to the interpreter?

Re:

[K. S. Kyosuke]

That makes zero sense. Criminally negligent on basis of what?

Re:

[Anonymous Coward]

Nothing.. Nothing but innocently writing potentially malicious code can get you in trouble. Welcome to "america"! Land of the (not so) free! (We beat all the world in jail population!!)

Re:

[stevez67]

Actually, what he did was more like planning the robbery, made that plan accessible to others, then acted surprised that someone used his plan to rob the bank.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[K. S. Kyosuke]

The whole thing goes waaay back. [wikipedia.org]

Re:

[Anonymous Coward]

or because someone robbed a bank and was able to get away from the police even after they used spike strips, because they used run flat tires, and then they charged the inventor of run flat tires with being the robber when they couldn't find the actual robber.

or suing the inventor of the pogo stick because someone used one to beat someone to death.

Re:

[F.Ultra]

Hardly, he designed a new bumper. Some one later built a car, used his design for the bumper and used the car in a robbery.

Re:

[gweihir]

Not in the least. This is hooking code, not attack code.

Re:

[gweihir]

Publishing hooking code (which is in no way, for or shape illegal and has perfectly legal uses). This is just the US police state thinking is does not even need to bother understanding the facts before trying to destroy somebodies life.

so

[symes]

Smith and Wesson have an awful lot to answer for then.

Re:

[burtosis]

Smith and Wesson have an awful lot to answer for then.

Absolutely not! They are a beloved company, a first class citizen. Not a second class 99% citizen nor a *shudders* European. My $0.02 is they fry him anyhow, facts be dammed.

Reasonable doubt

[Martin S.]

If the code existed before on a public resource, it clearly raises a reasonable doubt.

Re:

[Zero__Kelvin]

You put the word "Speculation" in the wrong spot in your post. It should have been at the beginning, preceded only by the word "fantastical".

Of course it was . . .

[sgt_doom]

This is the FBI, fer crissakes! The guys who were deeply, deeply penetrated by the Chinese military intelligence during the Clinton/Bush administrations (and are probably still in control). And then there is this: https://www.wired.com/2016/02/... [wired.com] http://www.cnn.com/2016/02/08/... [cnn.com] http://fortune.com/2016/02/09/... [fortune.com]

Intercept is the basis for all kinds of OS aids

[Anonymous Coward]

The code is code for a service intercept. Those can be tricky to get right, but are used in all manner of system enhancements, are not primarily useful for malware at all.
Intercept code I have used in the past:
* Added time, place, privilege level, and called-by-code conditions to file accesses
* Allowed file open to alter the running priority of processes
* Allowed failed access for some of the above to optionally open a different file, transparently
* Allowed files stored on backing storage (tape, network, disk, compressed files) to transparently appear local and present (or to be migrated to such storage)
* Allowed file extension or creation that would use space to trigger "get space" processes
* Allowed user mode undelete operations
* Allowed control of storage space use to minimize storage fragmentation
* Allowed controls based on access rate

These and more useful kinds of extensions are among things that can be implemented with an intercept. Not one of these has anything to do with malware.

So kindly stop and think a bit before claiming the code was done to help malware function.

Re:

[PmanAce]

If you have access to your code, why do you need to create a service intercept when you could change your own code? All that you have written is possible to write without an intercept service, unless you were modifying something not meant to be modified...

Re:

[gweihir]

We need to include every compiler maker, every coding teacher and, just to be safe, every make of OSes or computers here as well! They all contribute to making hacking possible, after all.

Terrorist == does security && ! governmen

[Anonymous Coward]

I'd love to go to America to visit yellow stone... but this kinda shit puts me off. Massive jails and anyone vaguely doing computer security is a criminal unless in top secret government 3 letter agency.

Finally!

[Gravis Zero]

It's about time we get some GPL'd malware! ;)

still not allowed to go home, still on house arres

[h33t l4x0r]

Wait, he's on house arrest in someone else's house?