FBI Arrests Creator Of Remote Access Tool, Rather Than Those Abusing It To Commit Crime

from the nice-work,-g-men! dept

The DOJ is attempting to prosecute the creator of a remote access software -- not because he used it for nefarious purposes -- but because it can (and has been) used by criminals. Kevin Poulsen has the whole bizarre story at The Daily Beast -- one that involves a 26-year-old programmer and the remote administration tool (RAT) he created and sold.

Taylor Huddleston, creator of NanoCore, a RAT that has been linked to intrusions in ten countries, had his home raided by FBI agents on December 6th. The 14-page indictment paints Huddleston as a willing accomplice -- someone who sold his product to bad people to do bad things.

But the facts of the case -- things that can be proven with forum chat logs and Huddleston's proactive efforts to prevent his RAT from being abused -- disagree with the government's narrative. NanoCore does all the things an administrative tool is expected to do, including keylogging and granting control to remote administrators. But Huddleston claims he created the tool to be a low-cost solution for cash-strapped businesses and small government agencies. His actions appear to back up the claims that he never intended this to be a plaything for criminal hackers.

While Huddleston did debut and offer his product for sale at HackForums -- hardly the best marketplace if one wants to be seen as purely innocent -- he took corrective actions and issued strict warnings about illegal deployment.

[H]uddleston found himself routinely admonishing people not to use his software for crime. “NanoCore does not permit illegal use,” he wrote in one post. In another, “NanoCore is NOT malware. It is intended to be used legitimately and I don’t want to see words like ‘slave’ and ‘infect.’” Huddleston backed his words with action. Whenever he saw evidence that a particular buyer was using the product to hack, he’d log in to Net Seal and disable that user’s copy, cutting the hacker off from his infected slaves.

Net Seal is another of Huddleston's creations. It allows users to protect their IP by allowing them to shut down questionable copies of their software -- like copies purchased with stolen credit cards. Oddly enough, this IP protection tool is also named in the indictment as more evidence of Huddleston's criminal intent.

“Net Seal licensing software is licensing software for cybercriminals,” the indictment declares. For this surprising charge—remember, Huddleston use the licenses to fight crooks and pirates—the government leans on the conviction of a Virginia college student named Zachary Shames, who pleaded guilty in January to selling hackers a keystroke logging program called Limitless. Unlike Huddleston, Shames embraced malicious use of his code. And he used Net Seal to protect and distribute it.

That ridiculous claim shows how far the government is willing to go to pin the bad deeds of criminals it can't catch on the creator of the software they're abusing. But the government has to show Huddleston created the software with the intent that it be used for criminal activity. That's going to be extremely tough to prove. So, it looks like the government's hoping to turn Huddleston into a cooperative witness or pressure him into a plea deal that will prevent it from having to climb this evidentiary mountain.

One of the tools at the government's disposal is particularly nefarious. Huddleston wrote and sold software to get his head above water financially. The small amount of money he made from selling Net Seal and NanoCore (he fully divested his ownership of the latter late last year for a whole $5,000) allowed him to purchase a very modest $60,000 house for him and his girlfriend. The government wants to seize the house, claiming it was purchased with the proceeds of illegal activity. But it has yet to prove the sale of these two tools was a criminal act in and of itself. The horrible thing about forfeiture is the government can uncouple this from the prosecution and file an administrative claim which would place Huddleston's new home in its hands and shift the burden of proof to the indicted programmer.

The only way this case doesn't blow up in the government's face is if it can convince Huddleston not to go to trial. This placement of secondhand guilt on the creator of a remote administration tool is idiotic and disingenuous. No one's going after Microsoft for building the same functionality into its operating system, even though it's routinely abused by criminals and scam artists.

What this really boils down to is law enforcement laziness, which it commonly refers to as "efficiency." It's incredibly easy to find the creator of software abused by criminals because a creator who doesn't feel he's committed any criminal act isn't going to do much of anything to cover his tracks or get off the grid. It's punishment that only makes sense to misguided prosecutors and FBI officials who feel any successful bust is a good bust. And if they do succeed in putting Huddleston in prison, absolutely no one will be vindicated.

In the meantime, Huddleston has to fight back with his hands tied. He was released on bond but forbidden to use the internet. His arraignment takes place in a city 16 hours from where he lives. His recently-purchased home may not be his for much longer. And all the criminals misusing his product -- the ones he actively fought back against -- are still out there committing criminal acts.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    rw (profile), 3 Apr 2017 @ 8:51am

    Our government dollars at work...abusing the innocent while protecting the actual guilty.

    reply to this | link to this | view in chronology ]

    • icon
      btr1701 (profile), 3 Apr 2017 @ 2:58pm

      Re:

      > the judge ordered him to stay completely off the
      > internet, whether by computer or smartphone

      How does one "stay completely off the internet" in today's world?

      Merely making a telephone call on a landline or watching television involves use of the internet. Taking money out of an ATM or making a credit card purchase at Target involves using the internet. Driving a modern car involves use of the internet. Even driving an old car in one of the toll lanes in my city involves use of the internet. Hell, just riding the elevator in my building involves use of the internet.

      reply to this | link to this | view in chronology ]

      • icon
        Gwiz (profile), 4 Apr 2017 @ 2:16pm

        Re: Re:

        Merely making a telephone call on a landline or watching television involves use of the internet.

         

        Most bills are paid online nowadays too. This is like a judge ordering someone not to read their snail mail.

        The UN has declared that internet access disruption is a human rights violation. Can a judge order you stop using electricity or water as condition of your bond? How is this different?

        reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Apr 2017 @ 10:58pm

      Re:

      so, can we throw Bill Gates and the rest of his crew in prison for life without parole now?

      his software is the most widely deployed tactical attack platform ever, it is LITERALLY used to nuke stuff from Earth orbit.

      i'm speaking of MS Windows of course :p

      reply to this | link to this | view in chronology ]

  • icon
    Vidiot (profile), 3 Apr 2017 @ 9:10am

    Surprised he still has the house... there aren't too many cases these days in which the conviction precedes the seizure.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Apr 2017 @ 10:04am

      Re:

      I'm surprised too, but for a different reason. I'm surprised the house is still standing after an FBI raid on such an obviously dangerous individual.

      reply to this | link to this | view in chronology ]

    • identicon
      Yeah Sure, 3 Apr 2017 @ 11:30am

      Re: Rule by insanity

      Agreed. Or destroyed while being searched.

      FBII, acronym for Fucking Bunch off Idiots (with guns and attitude).

      Think of gun manufacturers Smith and Wesson, etc.

      reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 3 Apr 2017 @ 9:29am

    This need a lot of publicity to prevent the laziness from acquiring a very problematic precedent while skipping the courts. He needs financial help. Does he have some crowdfunding campaign?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Apr 2017 @ 9:56am

      Re:

      If he does, it better be managed by someone else - he's prohibited from using the internet.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Apr 2017 @ 9:59am

      Re:

      If he doesn't, you might want to step up and contact his attorney and potentially create one. I will contribute if I see a link later today or tomorrow.

      reply to this | link to this | view in chronology ]

    • icon
      Roger Strong (profile), 3 Apr 2017 @ 11:20am

      Re:

      Would being forbidden from using the internet make running a crowdfunding campaign rather difficult?

      Would the DOJ seize any money to be used for his defense as "proceeds of crime?"

      If someone runs the campaign for him, would they prosecute him for "using the internet by proxy?"

      Is this case designed to provoke rhetorical questions?

      reply to this | link to this | view in chronology ]

      • icon
        Ninja (profile), 3 Apr 2017 @ 11:44am

        Re: Re:

        Hope somebody has his ass covered. I'm not even in the US or I'd volunteer to manage a crowdfund campaign.

        reply to this | link to this | view in chronology ]

      • icon
        Bergman (profile), 3 Apr 2017 @ 2:22pm

        Re: Re:

        Well, denying him legal representation is also a felony.

        reply to this | link to this | view in chronology ]

        • icon
          Roger Strong (profile), 3 Apr 2017 @ 3:46pm

          Re: Re: Re:

          The argument has been made - by people who have had all their money seized - that it means they've been prevented from fighting an effective legal battle. (As opposed to a few minutes attention by an overworked public defender.)

          If you also take away a programmer's internet access and products - and his computers - you're also denying him further income for living expenses, let alone a proper defense. Taking away his house and making him homeless is just the cherry on top.

          That denying him legal representation is a felony is irrelevant, when that felony is committed by the very people responsible for prosecuting it.

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Apr 2017 @ 9:55am

    Ha! In this context -- defending an enabler of hackers -- you're even praising DRM: "Net Seal ... allows users to protect their IP".

    This person appointed himself to police his products so clearly knew was at the margin of a slippery slope.

    Whatever intentions were, now don't matter. That's just fact. You may think will escape because "legally" clear, but the Gestapo system doesn't care beans once they can plausibly pin something on you.

    Choose your battles. Stay away from the margins, kids: dangerous places. And don't even defend those who knowingly take risks, they'll just drag you down with them. -- Instead promote the old straight-and-narrow so that you have firm place to stand when criticizing the Gestapo.

    reply to this | link to this | view in chronology ]

    • icon
      Bergman (profile), 3 Apr 2017 @ 2:23pm

      Re: Ha! In this context -- defending an enabler of hackers -- you're even praising DRM: "Net Seal ... allows users to protect their IP".

      And...so what? It only looks like a contradiction to you because you never understood Techdirt's position in the first place.

      Honestly, for those who do understand, you come off as a loony at best.

      reply to this | link to this | view in chronology ]

    • icon
      btr1701 (profile), 3 Apr 2017 @ 3:01pm

      Re: Ha! In this context -- defending an enabler of hackers -- you're even praising DRM: "Net Seal ... allows users to protect their IP".

      > Whatever intentions were, now don't matter.

      Actually, his intentions are the very heart of the issue. Any time a product has dual-use capability (legal and illegal uses), the intent of the person is the key factor in the case.

      So saying his intentions don't matter couldn't be a more wrong statement.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Apr 2017 @ 10:00am

    So ummm, DRM is proof of him doing something illegal? If they push that too hard they might find themselves in a fun mess. There are plenty of us willing to wholeheartedly agree that DRM should be criminal.

    reply to this | link to this | view in chronology ]

    • icon
      Bergman (profile), 3 Apr 2017 @ 2:24pm

      Re:

      Yeah, that would be one hell of a legal precedent to set. I wonder, if someone were to point this out to the MAFIAA, would the FBI dogs be 'mysteriously' called off?

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Apr 2017 @ 10:04am

    Please tell me EFF is getting involved here!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Apr 2017 @ 10:05am

    Then they came for the software developers...

    reply to this | link to this | view in chronology ]

  • identicon
    David, 3 Apr 2017 @ 10:07am

    Isn't it obvious?

    Huddleston used Net Seal for shutting down copies of his remote administration and keylogging software used for illegal purposes.

    So the FBI locked him up, and he is now forbidden to use the Internet.

    Apparently he disabled one too many copies of his software and they decided to put a stop to it.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Apr 2017 @ 10:07am

    "He was released on bond but forbidden to use the internet"

    How is this legal?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Apr 2017 @ 10:19am

      Re:

      Because citizens keep voting in politicians that don't give a fucking shit! Followed by comments of "its not our fault for this", but oh fuck someone is trying to get rid of illegals, lets go protest.

      "Priorities"

      reply to this | link to this | view in chronology ]

    • icon
      JoeCool (profile), 3 Apr 2017 @ 10:19am

      Re:

      Judges can put almost ANY restriction on a person's release pending trial. The most common is a restriction on travel, but they can require virtually anything at all. If you don't like it, you can always go back to your cell until the trial. In some cases this is a good thing, and in others, a bad thing.

      reply to this | link to this | view in chronology ]

    • icon
      NeghVar (profile), 3 Apr 2017 @ 12:48pm

      Re:

      Back in the 2004, a co-worker was busted for hacking. Part of the bail was the he was forbidden to use any electronic devices. He challenged it because that forbids him from contacting his attorney (phones and cars) plus he also uses a hearing aid which he claimed would violate the Americans with Disabilities Act. Along with a few other things. The scope was narrowed, but I do not know the details. The internet is becoming so interwoven with our daily lives that being forbidden to use it is nearly impossible to comply with.

      reply to this | link to this | view in chronology ]

      • icon
        Roger Strong (profile), 3 Apr 2017 @ 1:01pm

        Re: Re:

        For cable cutters - and there's a good chance that includes this programmer - it wouldn't even have to be "no electronic devices." "No internet" means no phones and no TV.

        In my case, not owning a car and having to reload my transit pass on the internet, it would even mean "no transportation." And "no banking or paying utility bills."

        And being a programmer and supporting my software at several companies across the country, it means "no job and no income."

        reply to this | link to this | view in chronology ]

        • icon
          Bergman (profile), 3 Apr 2017 @ 2:30pm

          Re: Re: Re:

          You couldn't even walk somewhere in a lot of places with an internet or electronics ban, since a lot of traffic signals and crosswalk signals are networked these days.

          Smart meters on electric and gas utilities are networked -- let's hope your internet or electronics ban doesn't coincide with a cold winter or it might become illegal for you to not freeze to death.

          Refrigerators are sometimes networked, so are some pantry doors. Some food packages have RFID tags and auto-order software. Amazon sells these little button fobs that you stick to things like your dishwasher and clothes washer, to order more soap when you run low -- those would be banned by this sort of order, but appearing in court in dirty clothes could get you jailed for contempt.

          Given how many things are electronic and/or networked these days, even living off grid in a tent in the woods might indirectly violate the ban.

          reply to this | link to this | view in chronology ]

  • identicon
    Matthew A. Sawtell, 3 Apr 2017 @ 10:15am

    Operative Sentence from the Story...

    "While Huddleston did debut and offer his product for sale at HackForums -- hardly the best marketplace if one wants to be seen as purely innocent"

    Have to give credit where credit is due to Tim when he wrote this article and put that issue upfront and center. Kinda gives a better tone for the rest of the article.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 3 Apr 2017 @ 10:21am

      Re: Operative Sentence from the Story...

      Does it really matter as long as the activity is legal? Should we presume guilt for sellers at gun shows or private sales?

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 3 Apr 2017 @ 10:37am

        Re: Re: Operative Sentence from the Story...

        Yes, yes we should...

        ~Most Americans and generally ALL stupid people that population planet earth.


        (History is rife with guilty until proven innocent nations & cultures)

        reply to this | link to this | view in chronology ]

        • icon
          btr1701 (profile), 3 Apr 2017 @ 3:06pm

          Re: Re: Re: Operative Sentence from the Story...

          > ~Most Americans and generally ALL stupid people that
          > population planet earth.

          I love it when those who can't even put together a linguistically coherent sentence call other people stupid.

          reply to this | link to this | view in chronology ]

      • icon
        Bergman (profile), 3 Apr 2017 @ 2:33pm

        Re: Re: Operative Sentence from the Story...

        We can add used book stores to that presumption of guilt.

        After all, more people have been killed by maliciously applied knowledge of chemistry throughout history than have been killed by maliciously applied bullets.

        reply to this | link to this | view in chronology ]

      • identicon
        Matthew A. Sawtell, 4 Apr 2017 @ 9:44am

        Re: Re: Operative Sentence from the Story...

        More on the lines of stupidity on Huddleston's part on which venue he attempted to sell his wares. To take your analogy, he was attempting to conduct a 'trunk sale in the middle of the ghetto/barrio/trailer park' versus going to a publicly advertised and legal market with the proper vendor licensing.

        In nothing else, if said activities were brought to light in your analogy, legal customers would be a hard thing to come by, for fear of getting entangled any illicit activity.

        reply to this | link to this | view in chronology ]

    • icon
      btr1701 (profile), 3 Apr 2017 @ 3:05pm

      Re: Operative Sentence from the Story...

      > Kinda gives a better tone for the rest of the article.

      Despite its nefarious-sounding name, the site isn't all about hacking. It has sections on legitimate coding, computer gaming, even financial investment strategies. There are long threads about PokeMon and how to craft a cool YouTube page.

      reply to this | link to this | view in chronology ]

      • icon
        The Wanderer (profile), 4 Apr 2017 @ 5:25am

        Re: Re: Operative Sentence from the Story...

        Most of that sounds as if it fits quite well within the concept of hacking, in its original and proper sense. Computer gaming is a bit afield, but likely to have overlap with the interests of those whose hobbies include the other things, so it makes sense that it would also be accounted for.

        I suspect both that you're using the term "hacking" in its popular-culture sense, which is more properly called "cracking", and that the site itself may not have been named with that sense of the term in mind. (The proper sense is, I believe, considered a superset of the other sense.)

        reply to this | link to this | view in chronology ]

  • identicon
    Median Wilfred, 3 Apr 2017 @ 10:43am

    When will the FBI go after Dameware?

    Anybody here have to use some coporate-owned computer with Dameware installed? Now, THAT'S a RAT.

    When will the Fibbies go after Dameware? It's probably 10x more effective than some shareware RAT.

    reply to this | link to this | view in chronology ]

    • icon
      Roger Strong (profile), 3 Apr 2017 @ 11:35am

      Re: When will the FBI go after Dameware?

      Remote Desktop products from Symantec's PCAnywhere and TeamViewer have long been used for similar crimes. The company that acquired Dameware is worth at least $4.5 billion.

      To answer your question, "never." They have the resources to defend themselves. This guy doesn't.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 3 Apr 2017 @ 2:04pm

        Re: Re: When will the FBI go after Dameware?

        Exactly, they really do like to pick on the little guy. Which is why it is so important for rights and liberty to be taken far more seriously than they are.

        reply to this | link to this | view in chronology ]

  • identicon
    Rekrul, 3 Apr 2017 @ 11:33am

    I'm 100% on his side, although I firmly oppose the use of products like Net Seal. Copyright holders already have too much control over their products, the last thing we need is for software to have a remote killswitch. Taken to the next logical step, such software could be used to control where and when a particular piece of software is used. Maybe you're not allowed to use it between midnight and 8AM. Maybe you can't use it in the weekends, or from certain cities. What happens if a hacker obtains your license code and uses it for criminal purposes? What if the person sending the deactivation code makes a mistake and targets you by accident?

    Do we really want that? Online activation is bad enough (and something I will never personally accept), but now companies can remotely disable your software? No thanks!

    reply to this | link to this | view in chronology ]

  • icon
    HegemonicDistortion (profile), 3 Apr 2017 @ 11:46am

    But of course it's "see no evil" when it comes to Hacking Team, Gamma Group, NSO Group, etc.

    reply to this | link to this | view in chronology ]

  • icon
    aerinai (profile), 3 Apr 2017 @ 12:11pm

    Is EFF all over this?

    I would hope that some organization like the EFF or ACLU would help this guy out. This is ridiculous.

    Also, it seems like a waste of FBI resources... I mean, if he can 'shut off' copies of software used for nefarious purposes, wouldn't it be in the FBI's best interest to work with him to find the people who bought and were administrating these 'infected' machines?

    So much for thinking...

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 3 Apr 2017 @ 1:57pm

      Re: Is EFF all over this?

      Also, it seems like a waste of FBI resources... I mean, if he can 'shut off' copies of software used for nefarious purposes, wouldn't it be in the FBI's best interest to work with him to find the people who bought and were administrating these 'infected' machines?

      Keep in mind this is the FBI we're talking about, an agency that prefers to manufacture their own 'terrorists' to bust rather than do anything about real threats.

      The agency has an aversion to work, going after the actual guilty parties would require work, therefore it's easier to go after this guy and score an easy plea deal after draining him of any resources to fight back.

      reply to this | link to this | view in chronology ]

  • icon
    D.C. Pathogen (profile), 3 Apr 2017 @ 12:16pm

    Hammers

    Lock up all the hammer manufacturers!
    How many of these wicked devices have been used to Kill, Murder or maim innocent people or unexpecting law enforcement officers. And the children, OMG the Children!

    Lock 'em up - all of them, Craftsman, Stanley, Husky, dewalt....no...lock them all up!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Apr 2017 @ 1:01pm

    This is just a guess:

    He probably didn't want to give up his source code when the government came asking... so they stopped asking.

    reply to this | link to this | view in chronology ]

    • identicon
      David, 3 Apr 2017 @ 2:10pm

      Re: This is just a guess:

      So they'll just asset forfeit his source code. What a convenient tool in the hand of law enforcement. In the age of "intellectual property", everything has a price, and everything that has a price can be grabbed by law enforcement if it's connected with illegal activities. And everything is.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 4 Apr 2017 @ 7:42am

        Re: Re: This is just a guess:

        I was thinking along the lines of them wanting to use it for themselves for their spying business... Who among us in here doubt that the government would be eager to destroy peoples lives in any way they could if it meant another toy for them to play with?
        I still remember when watching movies about conspiracies as a youth... It was nice back then to be able to think of it as fiction.

        reply to this | link to this | view in chronology ]

  • identicon
    Châu, 3 Apr 2017 @ 8:06pm

    Revenge - Release source code

    Release source code GPL for every person.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 4 Apr 2017 @ 9:11am

    Third Party Liability

    This is why we can't have nice things.

    Who's next box manufacturers after some psyco burns someone in a cardboard bonfire? Really why go after the one who does wrongdoing when you can just cut off the material supply they use amirite?

    reply to this | link to this | view in chronology ]

  • icon
    Coyoty (profile), 4 Apr 2017 @ 10:31pm

    In the hood...

    When will they raid L.L. Bean for selling ski masks to potential robbers?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 23 Apr 2017 @ 5:45pm

    Without math there is no encryption.

    FBI arrests math teachers.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.