GCHQ Knew FBI Wanted To Arrest MalwareTech, Let Him Fly To The US To Be Arrested There

from the so-much-for-those-'flight-risk'-fears dept

It looks like the UK found an easy way to avoid another lengthy extradition battle. Its intelligence agency, GCHQ, knew something security research Marcus Hutchins didn’t — and certainly didn’t feel obliged to tell him. Not only that, but it let a criminal suspect fly out of the country with zero pre-flight vetting. (Caution: registration wall ahead.)

Officials at the intelligence agency knew that Marcus Hutchins, from Devon, who was hailed as a hero for helping the NHS, would be walking into a trap when he flew to the US in July for a cyber-conference.

Hutchins’s arrest by the FBI on August 2 while he was returning from Las Vegas freed the British government from the “headache of an extradition battle” with their closest ally, say sources familiar with the case.

Certainly no one expected GCHQ to give Hutchins a heads-up on the legal troubles awaiting him on the other side of the pond, but there’s something a bit mean-spirited about allowing a UK citizen to walk into custody in another country. And as for the “headache,” too bad. That’s just part of the deal when you make promises to other countries you’ll ship them your citizens to face an uphill battle in an unfamiliar judicial system while facing charges for laws that may not apply the same way — or as harshly — at home.

This is even more disconcerting when it was Hutchins who was instrumental in killing off the WannaCry ransomware that wreaked havoc pretty much everywhere earlier this year. In gratitude for his efforts, a few publications outed the person behind the “MalwareTech” pseudonym, which probably made it a bit easier to tie Hutchins to various online personas.

As Marcy Wheeler pointed out on Twitter, it works out pretty well for the UK. It gets to outsource its prosecutions to a nation where punishments for malicious hacking are much, much higher. It also gets to dodge the publicity black eye of handing over its (inadvertent) WannaCry hero to the feds and their threat of a few decades in jail. It also suggests the Five Eyes partnership is paying off in questionable ways and, sooner or later, it’s going to be an American citizen walking into the same sort of trap overseas.

Filed Under: , , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “GCHQ Knew FBI Wanted To Arrest MalwareTech, Let Him Fly To The US To Be Arrested There”

Subscribe: RSS Leave a comment
25 Comments
Anonymous Coward says:

Certainly no one expected GCHQ to give Hutchins a heads-up on the legal troubles awaiting him on the other side of the pond, but there’s something a bit mean-spirited about allowing a UK citizen to walk into custody in another country.

I’m not sure what other options they had, that would neither constitute "giving Hitchens a heads-up" or "letting him walk into custody."

I mean, they could have arrested him themselves, but if he had neither committed a crime against the U.K., nor had the U.S. government asked that he be taken into custody for extradition, under what grounds would he have been arrested?

And sure, they could have refused to let him board the plane, but I think that they similarly lacked grounds to do so, and I’d also put it into the category of "giving him a heads-up about his legal troubles."

I mean, sure, they were probably way more glad to see him board a plane of his own accord than they should have been, knowing that one of their citizens would be arrested on the other side, but I’m genuinely curious: if you don’t think that "giving him a heads-up" was a realistic expectation, what did you expect GCHQ to do other than let him board the plane?

Anonymous Coward says:

Re: Re: Re:

Perhaps they should have. I can definitely see an argument for actually pulling him aside and saying "Dude, if you get on that plane, you’re going to get arrested by the FBI while you’re in the States," for the same reason that extradition is more than just a rubber stamp: a government has the duty to protect its citizens, even or perhaps especially) from other governments.

But Tim himself says that "certainly no one expected" that they would do that.

So, my question is: if Option A would have been surprising, despite perhaps being the right thing to do, and Option B, which actually happened, is surprising (to the point of being considered "mean-spirited") because it wasn’t the right thing to do, can Tim describe for me what Option C would have been, that wouldn’t have been surprising?

Anonmylous says:

Re: Re: Re:

The article’s author.

“Certainly no one expected GCHQ to give Hutchins a heads-up on the legal troubles awaiting him on the other side of the pond”

Actually, everyone SHOULD have expected his government to make him aware, that’s part of the government’s duty to protect its citizens. This is a massive failure, and Brits should be foaming at the mouth right now over this basic failure of duty from their government. If he had not attempted to leave his country, then sure, no need to bother him until demands are made for his arrest by the States. When he did decide to exit, he should have been warned and offered assistance, essentially detained for his own safety as a British Citizen and the ball begun rolling on extradition, which is a fancy way of saying the US has to prove its case to the Brits in court before they allow him to be detained and tried in the US.

FamilyManFirst (profile) says:

Re: Re: Re:2 Re:

A citizen suspected, but not proven, to be a terrorist should be warned, by his/her own government, that they’re walking into potential arrest. Don’t fall for the "suspicion = guilt" idiocy that our national cowards are bandying about. As others have said, one of the duties of government is to protect its own citizens, even (or especially?) from foreign governments.

If the US believes that they have enough to prove a foreigner guilty of terrorism, have them start extradition proceedings. Then the citizen’s own government can observe the proper procedures. If the US doesn’t have enough to prove guilt sufficient for extradition then that person is innocent, by our own principles.

Machin Shin says:

Re: Govt's vs Citizens

Just to toss in a little more fun there are also the fights going on between the governments where innocent civilians are just getting caught in the fight.

Think about it, if things keep heating up with North Korea you really think it is just going to be those in government that get killed? More likely than not the majority of casualties are going to be regular civilians who want nothing to do with this stupid fight.

Anonymous Coward says:

‘sooner or later, it’s going to be an American citizen walking into the same sort of trap overseas’

yes, it will and then shit will hit fan as you can bet your ass that the USA will condemn whichever country this happens in! as usual, the USA wants to bully everywhere else, have everyone arrested, regardless of where they are from and what they have/haven’t done but dont like the same in reverse!
as for the UK, this is typical of the gutless government that’s in power there! this isn’t the first person that has been set up and it wont be the last! when you think of the punishment it introduced for copyright infringement, just to please Hollywood and the entertainment industries and the USA government. 10 years in jail! worse than the punishment for the majority of ‘real’ crimes! how the hell did we ever get to the point where ‘make believe’ is the most important thing on the Planet, so important that it is basically ruling it?? how can that make any sense at all??

Anonymous Coward says:

Re: Re:

how the hell did we ever get to the point where ‘make believe’ is the most important thing on the Planet, so important that it is basically ruling it?? how can that make any sense at all??

Because the money behind it is certainly not make believe and your "rights" don’t even register on the radar once someone hands over enough cash.

In short, you have rights until someone buys them from the government. Then you do what the buyer says, or else.

That Anonymous Coward (profile) says:

How much egg will GCHQ have on their face when they discover that the US claims aren’t based in reality. That the claims are the crazed imaginings of someone who has never coded before in their life.

They found a piece of code matched it to a sample found onine & assumed since he wrote the code, he controls what happens to it. (If this were the case shouldn’t be be arresting those Acronym Agencies idiots who leaked all the toys for what happened afterwards?)

We are “fighting” a war against the cyber, with people who think fax machines are magic boxes. There are researchers who discover flaws & get ignored when they try to responsibly report them. If publishing a bit of code online that someone else then does something horrible gets you arrested for having created it, much research will vanish from online & we’ll be much worse off.

Anonymous Coward says:

Re: Re:

research will vanish from online & we’ll be much worse off.

That’s what they want.

The government wants your systems to be insecure. They are easier to monitor and conduct illegal searches on if they are insecure.

The corporations want your systems to be insecure. It’s cheaper to develop, sell, and support products that have little to no security to deal with than it is to deal with secure systems.

Hollywood wants your systems to be insecure. They want to lock it down the system for them and keep you out.

Advertisers want your systems to be insecure. It’s easier to collect info on you to sell if it’s insecure.

Lawyers want your systems to be insecure. More leak lawsuits = more money for them.

About the only people who do want better security are those who either profit from it, (Computer Security Specialists) or individuals who want to keep the intruders above out. Given such large proponents of insecurity, it’s no surprise that it’s close to an illegal act to engage with it.

Anonymous Coward says:

Spy agencies do NOT serve their respective governments

As a former Australian spy put it, all spy agencies work together to serve their own interests not the interests of their respective governments or the citizens of their respective countries.

The only master of any bureaucracy is the bureaucracy itself. Every spy agency is a bureaucracy.

MyNameHere (profile) says:

Extradition... expensive?

I don’t see where the UK is obligated to either tell him or arrest him, especially if no specific arrest warrant has been issued. Moreover, if they know the guy is going to walk into the other jurisdiction all by himself, why start something?

Extradition hearings are an expensive deal. The UK already has the spectre of Assange and his endlessly non-compliance to deal with. They don’t need another guy holing up in an embassy to avoid extradition.

The UK made a wise choice here. There was no reason to get involved.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...