FBI Arrests Creator Of Remote Access Tool, Rather Than Those Abusing It To Commit Crime
from the nice-work,-g-men! dept
The DOJ is attempting to prosecute the creator of a remote access software -- not because he used it for nefarious purposes -- but because it can (and has been) used by criminals. Kevin Poulsen has the whole bizarre story at The Daily Beast -- one that involves a 26-year-old programmer and the remote administration tool (RAT) he created and sold.
Taylor Huddleston, creator of NanoCore, a RAT that has been linked to intrusions in ten countries, had his home raided by FBI agents on December 6th. The 14-page indictment paints Huddleston as a willing accomplice -- someone who sold his product to bad people to do bad things.
But the facts of the case -- things that can be proven with forum chat logs and Huddleston's proactive efforts to prevent his RAT from being abused -- disagree with the government's narrative. NanoCore does all the things an administrative tool is expected to do, including keylogging and granting control to remote administrators. But Huddleston claims he created the tool to be a low-cost solution for cash-strapped businesses and small government agencies. His actions appear to back up the claims that he never intended this to be a plaything for criminal hackers.
While Huddleston did debut and offer his product for sale at HackForums -- hardly the best marketplace if one wants to be seen as purely innocent -- he took corrective actions and issued strict warnings about illegal deployment.
[H]uddleston found himself routinely admonishing people not to use his software for crime. “NanoCore does not permit illegal use,” he wrote in one post. In another, “NanoCore is NOT malware. It is intended to be used legitimately and I don’t want to see words like ‘slave’ and ‘infect.’” Huddleston backed his words with action. Whenever he saw evidence that a particular buyer was using the product to hack, he’d log in to Net Seal and disable that user’s copy, cutting the hacker off from his infected slaves.
Net Seal is another of Huddleston's creations. It allows users to protect their IP by allowing them to shut down questionable copies of their software -- like copies purchased with stolen credit cards. Oddly enough, this IP protection tool is also named in the indictment as more evidence of Huddleston's criminal intent.
“Net Seal licensing software is licensing software for cybercriminals,” the indictment declares. For this surprising charge—remember, Huddleston use the licenses to fight crooks and pirates—the government leans on the conviction of a Virginia college student named Zachary Shames, who pleaded guilty in January to selling hackers a keystroke logging program called Limitless. Unlike Huddleston, Shames embraced malicious use of his code. And he used Net Seal to protect and distribute it.
That ridiculous claim shows how far the government is willing to go to pin the bad deeds of criminals it can't catch on the creator of the software they're abusing. But the government has to show Huddleston created the software with the intent that it be used for criminal activity. That's going to be extremely tough to prove. So, it looks like the government's hoping to turn Huddleston into a cooperative witness or pressure him into a plea deal that will prevent it from having to climb this evidentiary mountain.
One of the tools at the government's disposal is particularly nefarious. Huddleston wrote and sold software to get his head above water financially. The small amount of money he made from selling Net Seal and NanoCore (he fully divested his ownership of the latter late last year for a whole $5,000) allowed him to purchase a very modest $60,000 house for him and his girlfriend. The government wants to seize the house, claiming it was purchased with the proceeds of illegal activity. But it has yet to prove the sale of these two tools was a criminal act in and of itself. The horrible thing about forfeiture is the government can uncouple this from the prosecution and file an administrative claim which would place Huddleston's new home in its hands and shift the burden of proof to the indicted programmer.
The only way this case doesn't blow up in the government's face is if it can convince Huddleston not to go to trial. This placement of secondhand guilt on the creator of a remote administration tool is idiotic and disingenuous. No one's going after Microsoft for building the same functionality into its operating system, even though it's routinely abused by criminals and scam artists.
What this really boils down to is law enforcement laziness, which it commonly refers to as "efficiency." It's incredibly easy to find the creator of software abused by criminals because a creator who doesn't feel he's committed any criminal act isn't going to do much of anything to cover his tracks or get off the grid. It's punishment that only makes sense to misguided prosecutors and FBI officials who feel any successful bust is a good bust. And if they do succeed in putting Huddleston in prison, absolutely no one will be vindicated.
In the meantime, Huddleston has to fight back with his hands tied. He was released on bond but forbidden to use the internet. His arraignment takes place in a city 16 hours from where he lives. His recently-purchased home may not be his for much longer. And all the criminals misusing his product -- the ones he actively fought back against -- are still out there committing criminal acts.