GCHQ Knew FBI Wanted To Arrest MalwareTech, Let Him Fly To The US To Be Arrested There
from the so-much-for-those-'flight-risk'-fears dept
It looks like the UK found an easy way to avoid another lengthy extradition battle. Its intelligence agency, GCHQ, knew something security research Marcus Hutchins didn’t — and certainly didn’t feel obliged to tell him. Not only that, but it let a criminal suspect fly out of the country with zero pre-flight vetting. (Caution: registration wall ahead.)
Officials at the intelligence agency knew that Marcus Hutchins, from Devon, who was hailed as a hero for helping the NHS, would be walking into a trap when he flew to the US in July for a cyber-conference.
Hutchins’s arrest by the FBI on August 2 while he was returning from Las Vegas freed the British government from the “headache of an extradition battle” with their closest ally, say sources familiar with the case.
Certainly no one expected GCHQ to give Hutchins a heads-up on the legal troubles awaiting him on the other side of the pond, but there’s something a bit mean-spirited about allowing a UK citizen to walk into custody in another country. And as for the “headache,” too bad. That’s just part of the deal when you make promises to other countries you’ll ship them your citizens to face an uphill battle in an unfamiliar judicial system while facing charges for laws that may not apply the same way — or as harshly — at home.
This is even more disconcerting when it was Hutchins who was instrumental in killing off the WannaCry ransomware that wreaked havoc pretty much everywhere earlier this year. In gratitude for his efforts, a few publications outed the person behind the “MalwareTech” pseudonym, which probably made it a bit easier to tie Hutchins to various online personas.
As Marcy Wheeler pointed out on Twitter, it works out pretty well for the UK. It gets to outsource its prosecutions to a nation where punishments for malicious hacking are much, much higher. It also gets to dodge the publicity black eye of handing over its (inadvertent) WannaCry hero to the feds and their threat of a few decades in jail. It also suggests the Five Eyes partnership is paying off in questionable ways and, sooner or later, it’s going to be an American citizen walking into the same sort of trap overseas.
Filed Under: doj, extradition, fbi, gchq, malwaretech, marcus hutchins, uk
Comments on “GCHQ Knew FBI Wanted To Arrest MalwareTech, Let Him Fly To The US To Be Arrested There”
I’m not sure what other options they had, that would neither constitute "giving Hitchens a heads-up" or "letting him walk into custody."
I mean, they could have arrested him themselves, but if he had neither committed a crime against the U.K., nor had the U.S. government asked that he be taken into custody for extradition, under what grounds would he have been arrested?
And sure, they could have refused to let him board the plane, but I think that they similarly lacked grounds to do so, and I’d also put it into the category of "giving him a heads-up about his legal troubles."
I mean, sure, they were probably way more glad to see him board a plane of his own accord than they should have been, knowing that one of their citizens would be arrested on the other side, but I’m genuinely curious: if you don’t think that "giving him a heads-up" was a realistic expectation, what did you expect GCHQ to do other than let him board the plane?
Re: Re:
So who says they shouldn’t have given him a heads up?
Re: Re: Re:
Perhaps they should have. I can definitely see an argument for actually pulling him aside and saying "Dude, if you get on that plane, you’re going to get arrested by the FBI while you’re in the States," for the same reason that extradition is more than just a rubber stamp: a government has the duty to protect its citizens, even or perhaps especially) from other governments.
But Tim himself says that "certainly no one expected" that they would do that.
So, my question is: if Option A would have been surprising, despite perhaps being the right thing to do, and Option B, which actually happened, is surprising (to the point of being considered "mean-spirited") because it wasn’t the right thing to do, can Tim describe for me what Option C would have been, that wouldn’t have been surprising?
Re: Re: Re:
The article’s author.
“Certainly no one expected GCHQ to give Hutchins a heads-up on the legal troubles awaiting him on the other side of the pond”
Actually, everyone SHOULD have expected his government to make him aware, that’s part of the government’s duty to protect its citizens. This is a massive failure, and Brits should be foaming at the mouth right now over this basic failure of duty from their government. If he had not attempted to leave his country, then sure, no need to bother him until demands are made for his arrest by the States. When he did decide to exit, he should have been warned and offered assistance, essentially detained for his own safety as a British Citizen and the ball begun rolling on extradition, which is a fancy way of saying the US has to prove its case to the Brits in court before they allow him to be detained and tried in the US.
Re: Re: Re: Re:
By this reasoning the government should also warn terror suspects that heading to the US might end with them getting arrested.
Re: Re: Re:2 Re:
If they’re terror suspects, they should be arrested before they get on the plane, for the safety of the other passengers.
Re: Re: Re:3 Re:
… Reading that, it sounds a lot worse than what I meant by it.
What I meant was, "If they’re terror suspects and there is enough evidence to arrest them, then that arrest should be performed before they get on the plane, not after they land."
Re: Re: Re:2 Re:
A citizen suspected, but not proven, to be a terrorist should be warned, by his/her own government, that they’re walking into potential arrest. Don’t fall for the "suspicion = guilt" idiocy that our national cowards are bandying about. As others have said, one of the duties of government is to protect its own citizens, even (or especially?) from foreign governments.
If the US believes that they have enough to prove a foreigner guilty of terrorism, have them start extradition proceedings. Then the citizen’s own government can observe the proper procedures. If the US doesn’t have enough to prove guilt sufficient for extradition then that person is innocent, by our own principles.
Govt's vs Citizens
Often governments these days are more concerned with pleasing other governments than they are with protecting their own citizens. It seems like it’s the governments of the world against the citizens of the world.
Re: Govt's vs Citizens
Just to toss in a little more fun there are also the fights going on between the governments where innocent civilians are just getting caught in the fight.
Think about it, if things keep heating up with North Korea you really think it is just going to be those in government that get killed? More likely than not the majority of casualties are going to be regular civilians who want nothing to do with this stupid fight.
Defenders' Script
Ah, Five Eyes, Five Fingers. I get it now.
Fantastic “Democracy” you got there citizen!
I love it when people “think” they have one!
Re: Re:
I love it when people don’t know the difference between a democracy and a representative republic.
The US government has done worse
The US government has deliberately shipped people to countries able to perform tortures that the US is unable to perform.
So I think the US would do this to one of its own citizens in a heartbeat. That doesn’t excuse the GCHQ.
‘sooner or later, it’s going to be an American citizen walking into the same sort of trap overseas’
yes, it will and then shit will hit fan as you can bet your ass that the USA will condemn whichever country this happens in! as usual, the USA wants to bully everywhere else, have everyone arrested, regardless of where they are from and what they have/haven’t done but dont like the same in reverse!
as for the UK, this is typical of the gutless government that’s in power there! this isn’t the first person that has been set up and it wont be the last! when you think of the punishment it introduced for copyright infringement, just to please Hollywood and the entertainment industries and the USA government. 10 years in jail! worse than the punishment for the majority of ‘real’ crimes! how the hell did we ever get to the point where ‘make believe’ is the most important thing on the Planet, so important that it is basically ruling it?? how can that make any sense at all??
Re: Re:
Because the money behind it is certainly not make believe and your "rights" don’t even register on the radar once someone hands over enough cash.
In short, you have rights until someone buys them from the government. Then you do what the buyer says, or else.
British Subject Sold Down the River by Crown
GCHQ Knew FBI Wanted To Arrest MalwareTech, Let Him Fly To The US To Be Arrested There
This is what special relationships are all about.
The Crown selling out it’s subjects in order to curry favor with the world’s sole hyper-power.
When "you" is the UK. I understand it’s much easier when "you" is the USA (it’s a one-sided treaty).
How much egg will GCHQ have on their face when they discover that the US claims aren’t based in reality. That the claims are the crazed imaginings of someone who has never coded before in their life.
They found a piece of code matched it to a sample found onine & assumed since he wrote the code, he controls what happens to it. (If this were the case shouldn’t be be arresting those Acronym Agencies idiots who leaked all the toys for what happened afterwards?)
We are “fighting” a war against the cyber, with people who think fax machines are magic boxes. There are researchers who discover flaws & get ignored when they try to responsibly report them. If publishing a bit of code online that someone else then does something horrible gets you arrested for having created it, much research will vanish from online & we’ll be much worse off.
Re: Re:
That’s what they want.
The government wants your systems to be insecure. They are easier to monitor and conduct illegal searches on if they are insecure.
The corporations want your systems to be insecure. It’s cheaper to develop, sell, and support products that have little to no security to deal with than it is to deal with secure systems.
Hollywood wants your systems to be insecure. They want to lock it down the system for them and keep you out.
Advertisers want your systems to be insecure. It’s easier to collect info on you to sell if it’s insecure.
Lawyers want your systems to be insecure. More leak lawsuits = more money for them.
About the only people who do want better security are those who either profit from it, (Computer Security Specialists) or individuals who want to keep the intruders above out. Given such large proponents of insecurity, it’s no surprise that it’s close to an illegal act to engage with it.
Re: Re: Re:
Corporations want you systems to be under their control, so that they can decide when they will try to make you replace it.
Spy agencies do NOT serve their respective governments
As a former Australian spy put it, all spy agencies work together to serve their own interests not the interests of their respective governments or the citizens of their respective countries.
The only master of any bureaucracy is the bureaucracy itself. Every spy agency is a bureaucracy.
A number of researchers (particularly security researchers) already say they won’t travel to the US to attend conferences for fear they’ll be arrested. Looks like their fears are well-founded.
Extradition... expensive?
I don’t see where the UK is obligated to either tell him or arrest him, especially if no specific arrest warrant has been issued. Moreover, if they know the guy is going to walk into the other jurisdiction all by himself, why start something?
Extradition hearings are an expensive deal. The UK already has the spectre of Assange and his endlessly non-compliance to deal with. They don’t need another guy holing up in an embassy to avoid extradition.
The UK made a wise choice here. There was no reason to get involved.
Re: Extradition... expensive?
By your reasoning neither is there any reason for governments to warn their citizens about any other international travel dangers.