FBI Arrests Creator Of Remote Access Tool, Rather Than Those Abusing It To Commit Crime

from the nice-work,-g-men! dept

The DOJ is attempting to prosecute the creator of a remote access software — not because he used it for nefarious purposes — but because it can (and has been) used by criminals. Kevin Poulsen has the whole bizarre story at The Daily Beast — one that involves a 26-year-old programmer and the remote administration tool (RAT) he created and sold.

Taylor Huddleston, creator of NanoCore, a RAT that has been linked to intrusions in ten countries, had his home raided by FBI agents on December 6th. The 14-page indictment paints Huddleston as a willing accomplice — someone who sold his product to bad people to do bad things.

But the facts of the case — things that can be proven with forum chat logs and Huddleston’s proactive efforts to prevent his RAT from being abused — disagree with the government’s narrative. NanoCore does all the things an administrative tool is expected to do, including keylogging and granting control to remote administrators. But Huddleston claims he created the tool to be a low-cost solution for cash-strapped businesses and small government agencies. His actions appear to back up the claims that he never intended this to be a plaything for criminal hackers.

While Huddleston did debut and offer his product for sale at HackForums — hardly the best marketplace if one wants to be seen as purely innocent — he took corrective actions and issued strict warnings about illegal deployment.

[H]uddleston found himself routinely admonishing people not to use his software for crime. “NanoCore does not permit illegal use,” he wrote in one post. In another, “NanoCore is NOT malware. It is intended to be used legitimately and I don’t want to see words like ‘slave’ and ‘infect.’” Huddleston backed his words with action. Whenever he saw evidence that a particular buyer was using the product to hack, he’d log in to Net Seal and disable that user’s copy, cutting the hacker off from his infected slaves.

Net Seal is another of Huddleston’s creations. It allows users to protect their IP by allowing them to shut down questionable copies of their software — like copies purchased with stolen credit cards. Oddly enough, this IP protection tool is also named in the indictment as more evidence of Huddleston’s criminal intent.

“Net Seal licensing software is licensing software for cybercriminals,” the indictment declares. For this surprising charge—remember, Huddleston use the licenses to fight crooks and pirates—the government leans on the conviction of a Virginia college student named Zachary Shames, who pleaded guilty in January to selling hackers a keystroke logging program called Limitless. Unlike Huddleston, Shames embraced malicious use of his code. And he used Net Seal to protect and distribute it.

That ridiculous claim shows how far the government is willing to go to pin the bad deeds of criminals it can’t catch on the creator of the software they’re abusing. But the government has to show Huddleston created the software with the intent that it be used for criminal activity. That’s going to be extremely tough to prove. So, it looks like the government’s hoping to turn Huddleston into a cooperative witness or pressure him into a plea deal that will prevent it from having to climb this evidentiary mountain.

One of the tools at the government’s disposal is particularly nefarious. Huddleston wrote and sold software to get his head above water financially. The small amount of money he made from selling Net Seal and NanoCore (he fully divested his ownership of the latter late last year for a whole $5,000) allowed him to purchase a very modest $60,000 house for him and his girlfriend. The government wants to seize the house, claiming it was purchased with the proceeds of illegal activity. But it has yet to prove the sale of these two tools was a criminal act in and of itself. The horrible thing about forfeiture is the government can uncouple this from the prosecution and file an administrative claim which would place Huddleston’s new home in its hands and shift the burden of proof to the indicted programmer.

The only way this case doesn’t blow up in the government’s face is if it can convince Huddleston not to go to trial. This placement of secondhand guilt on the creator of a remote administration tool is idiotic and disingenuous. No one’s going after Microsoft for building the same functionality into its operating system, even though it’s routinely abused by criminals and scam artists.

What this really boils down to is law enforcement laziness, which it commonly refers to as “efficiency.” It’s incredibly easy to find the creator of software abused by criminals because a creator who doesn’t feel he’s committed any criminal act isn’t going to do much of anything to cover his tracks or get off the grid. It’s punishment that only makes sense to misguided prosecutors and FBI officials who feel any successful bust is a good bust. And if they do succeed in putting Huddleston in prison, absolutely no one will be vindicated.

In the meantime, Huddleston has to fight back with his hands tied. He was released on bond but forbidden to use the internet. His arraignment takes place in a city 16 hours from where he lives. His recently-purchased home may not be his for much longer. And all the criminals misusing his product — the ones he actively fought back against — are still out there committing criminal acts.

Filed Under: , , , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “FBI Arrests Creator Of Remote Access Tool, Rather Than Those Abusing It To Commit Crime”

Subscribe: RSS Leave a comment
btr1701 (profile) says:

Re: Re:

the judge ordered him to stay completely off the
> internet, whether by computer or smartphone

How does one “stay completely off the internet” in today’s world?

Merely making a telephone call on a landline or watching television involves use of the internet. Taking money out of an ATM or making a credit card purchase at Target involves using the internet. Driving a modern car involves use of the internet. Even driving an old car in one of the toll lanes in my city involves use of the internet. Hell, just riding the elevator in my building involves use of the internet.

Gwiz (profile) says:

Re: Re: Re:

Merely making a telephone call on a landline or watching television involves use of the internet.


Most bills are paid online nowadays too. This is like a judge ordering someone not to read their snail mail.

The UN has declared that internet access disruption is a human rights violation. Can a judge order you stop using electricity or water as condition of your bond? How is this different?

Roger Strong (profile) says:

Re: Re:

Would being forbidden from using the internet make running a crowdfunding campaign rather difficult?

Would the DOJ seize any money to be used for his defense as “proceeds of crime?”

If someone runs the campaign for him, would they prosecute him for “using the internet by proxy?”

Is this case designed to provoke rhetorical questions?

Roger Strong (profile) says:

Re: Re: Re: Re:

The argument has been made – by people who have had all their money seized – that it means they’ve been prevented from fighting an effective legal battle. (As opposed to a few minutes attention by an overworked public defender.)

If you also take away a programmer’s internet access and products – and his computers – you’re also denying him further income for living expenses, let alone a proper defense. Taking away his house and making him homeless is just the cherry on top.

That denying him legal representation is a felony is irrelevant, when that felony is committed by the very people responsible for prosecuting it.

Anonymous Coward says:

Ha! In this context -- defending an enabler of hackers -- you're even praising DRM: "Net Seal ... allows users to protect their IP".

This person appointed himself to police his products so clearly knew was at the margin of a slippery slope.

Whatever intentions were, now don’t matter. That’s just fact. You may think will escape because “legally” clear, but the Gestapo system doesn’t care beans once they can plausibly pin something on you.

Choose your battles. Stay away from the margins, kids: dangerous places. And don’t even defend those who knowingly take risks, they’ll just drag you down with them. — Instead promote the old straight-and-narrow so that you have firm place to stand when criticizing the Gestapo.

Bergman (profile) says:

Re: Ha! In this context -- defending an enabler of hackers -- you're even praising DRM: "Net Seal ... allows users to protect their IP".

And…so what? It only looks like a contradiction to you because you never understood Techdirt’s position in the first place.

Honestly, for those who do understand, you come off as a loony at best.

btr1701 (profile) says:

Re: Ha! In this context -- defending an enabler of hackers -- you're even praising DRM: "Net Seal ... allows users to protect their IP".

Whatever intentions were, now don’t matter.

Actually, his intentions are the very heart of the issue. Any time a product has dual-use capability (legal and illegal uses), the intent of the person is the key factor in the case.

So saying his intentions don’t matter couldn’t be a more wrong statement.

David says:

Isn't it obvious?

Huddleston used Net Seal for shutting down copies of his remote administration and keylogging software used for illegal purposes.

So the FBI locked him up, and he is now forbidden to use the Internet.

Apparently he disabled one too many copies of his software and they decided to put a stop to it.

NeghVar (profile) says:

Re: Re:

Back in the 2004, a co-worker was busted for hacking. Part of the bail was the he was forbidden to use any electronic devices. He challenged it because that forbids him from contacting his attorney (phones and cars) plus he also uses a hearing aid which he claimed would violate the Americans with Disabilities Act. Along with a few other things. The scope was narrowed, but I do not know the details. The internet is becoming so interwoven with our daily lives that being forbidden to use it is nearly impossible to comply with.

Roger Strong (profile) says:

Re: Re: Re:

For cable cutters – and there’s a good chance that includes this programmer – it wouldn’t even have to be “no electronic devices.” “No internet” means no phones and no TV.

In my case, not owning a car and having to reload my transit pass on the internet, it would even mean “no transportation.” And “no banking or paying utility bills.”

And being a programmer and supporting my software at several companies across the country, it means “no job and no income.”

Bergman (profile) says:

Re: Re: Re: Re:

You couldn’t even walk somewhere in a lot of places with an internet or electronics ban, since a lot of traffic signals and crosswalk signals are networked these days.

Smart meters on electric and gas utilities are networked — let’s hope your internet or electronics ban doesn’t coincide with a cold winter or it might become illegal for you to not freeze to death.

Refrigerators are sometimes networked, so are some pantry doors. Some food packages have RFID tags and auto-order software. Amazon sells these little button fobs that you stick to things like your dishwasher and clothes washer, to order more soap when you run low — those would be banned by this sort of order, but appearing in court in dirty clothes could get you jailed for contempt.

Given how many things are electronic and/or networked these days, even living off grid in a tent in the woods might indirectly violate the ban.

Matthew A. Sawtell (profile) says:

Operative Sentence from the Story...

“While Huddleston did debut and offer his product for sale at HackForums — hardly the best marketplace if one wants to be seen as purely innocent”

Have to give credit where credit is due to Tim when he wrote this article and put that issue upfront and center. Kinda gives a better tone for the rest of the article.

Matthew A. Sawtell (profile) says:

Re: Re: Operative Sentence from the Story...

More on the lines of stupidity on Huddleston’s part on which venue he attempted to sell his wares. To take your analogy, he was attempting to conduct a ‘trunk sale in the middle of the ghetto/barrio/trailer park’ versus going to a publicly advertised and legal market with the proper vendor licensing.

In nothing else, if said activities were brought to light in your analogy, legal customers would be a hard thing to come by, for fear of getting entangled any illicit activity.

btr1701 (profile) says:

Re: Operative Sentence from the Story...

Kinda gives a better tone for the rest of the article.

Despite its nefarious-sounding name, the site isn’t all about hacking. It has sections on legitimate coding, computer gaming, even financial investment strategies. There are long threads about PokeMon and how to craft a cool YouTube page.

The Wanderer (profile) says:

Re: Re: Operative Sentence from the Story...

Most of that sounds as if it fits quite well within the concept of hacking, in its original and proper sense. Computer gaming is a bit afield, but likely to have overlap with the interests of those whose hobbies include the other things, so it makes sense that it would also be accounted for.

I suspect both that you’re using the term “hacking” in its popular-culture sense, which is more properly called “cracking”, and that the site itself may not have been named with that sense of the term in mind. (The proper sense is, I believe, considered a superset of the other sense.)

Rekrul says:

I’m 100% on his side, although I firmly oppose the use of products like Net Seal. Copyright holders already have too much control over their products, the last thing we need is for software to have a remote killswitch. Taken to the next logical step, such software could be used to control where and when a particular piece of software is used. Maybe you’re not allowed to use it between midnight and 8AM. Maybe you can’t use it in the weekends, or from certain cities. What happens if a hacker obtains your license code and uses it for criminal purposes? What if the person sending the deactivation code makes a mistake and targets you by accident?

Do we really want that? Online activation is bad enough (and something I will never personally accept), but now companies can remotely disable your software? No thanks!

aerinai says:

Is EFF all over this?

I would hope that some organization like the EFF or ACLU would help this guy out. This is ridiculous.

Also, it seems like a waste of FBI resources… I mean, if he can ‘shut off’ copies of software used for nefarious purposes, wouldn’t it be in the FBI’s best interest to work with him to find the people who bought and were administrating these ‘infected’ machines?

So much for thinking…

That One Guy (profile) says:

Re: Is EFF all over this?

Also, it seems like a waste of FBI resources… I mean, if he can ‘shut off’ copies of software used for nefarious purposes, wouldn’t it be in the FBI’s best interest to work with him to find the people who bought and were administrating these ‘infected’ machines?

Keep in mind this is the FBI we’re talking about, an agency that prefers to manufacture their own ‘terrorists’ to bust rather than do anything about real threats.

The agency has an aversion to work, going after the actual guilty parties would require work, therefore it’s easier to go after this guy and score an easy plea deal after draining him of any resources to fight back.

David says:

Re: This is just a guess:

So they’ll just asset forfeit his source code. What a convenient tool in the hand of law enforcement. In the age of “intellectual property”, everything has a price, and everything that has a price can be grabbed by law enforcement if it’s connected with illegal activities. And everything is.

Anonymous Coward says:

Re: Re: This is just a guess:

I was thinking along the lines of them wanting to use it for themselves for their spying business… Who among us in here doubt that the government would be eager to destroy peoples lives in any way they could if it meant another toy for them to play with?
I still remember when watching movies about conspiracies as a youth… It was nice back then to be able to think of it as fiction.

Anonymous Coward says:

Another one of Techdirt's pet criminals goes to JAIL!

"Taylor Huddleston, of Arkansas, USA, pleaded guilty in July 2017 to one charge of aiding and abetting computer intrusions by building and peddling his $25 software nasty. In addition to the 33-month sentence handed down on Friday, he will also get two years of supervised release. He had faced a maximum of 10 years in prison."

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...