Skip to Content

Data Sheet—Saturday, August 5, 2017

Here we go again. The FBI arrested a prominent hacker in Las Vegas this week, and the Internet is in an uproar. There’s talk of malicious prosecution and fear the arrest will chill security research.

Well maybe. But first we should figure out what happened.

If you missed it, the hacker in question is a young Brit named Marcus Hutchins. He became famous this year after stopping a wave of ransomware, known as WannaCry, that was spreading across the globe. His action helped halt attacks that froze millions of computers, including those at schools and hospitals.

Hutchins is considered a hero for that. But here’s the thing: In 2014 and 2015, prior to his WannaCry heroics, the FBI says Hutchins created and sold a notorious piece of malware, known as Kronos, designed to steal people’s banking information. If the accusations are true, Hutchins engaged in some serious criminal behavior.

Nonetheless, many on Twitter and in the media see the arrest as a case of injustice. Some have pounced on a legal analysis of the indictment to say the charges are unfair or overreaching. Others allege this wouldn’t have happened if he was back in Britain. And so on.

All of this has a familiar ring to it, and stems in part from past injustice against hackers: Who can forget the Justice Department’s cruel prosecution of Aaron Swartz, which drove the young genius to suicide in 2013? Critics also rightfully worry about the feds’ use of vague and outdated hacking laws.

Unfortunately, the tech and hacker community is also quick to cry injustice every time a popular Internet figure is arrested—even if they’ve done very bad things. Examples include ongoing sympathy for Silk Road founder Ross Ulbricht (aka the Dread Pirate Roberts) and Kim Dotcom, a gangster-like figure who engaged in massive copyright theft and is attempting to use a cult-of-personality to avoid extradition.

In the case of Marcus Hutchins, it’s too soon to pass judgment. We don’t know all the facts yet. But just because he stopped WannaCry doesn’t give him a free pass to commit bank fraud (if that’s what he did) any more than a heroic deed will excuse a gunman from robbing a convenience store.

The hacker community needs to take a breath. Some prosecutions may be unjustified but that doesn’t mean hackers should never go to jail.

Jeff John Roberts

@jeffjohnroberts

jeff.roberts@fortune.com

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.

THREATS

“Like a drunken tattoo party”: That’s how one analyst described new technology to implement microchips into workers. This is a hot topic because a Wisconsin company did just did that, which will allow employees to buy snacks and more with a wave of their hand. The analyst is skeptical it will catch on—in no small part because of the “ick” factor. (Fortune)

Call me, maybe: The messaging app Signal is considered best in class when it comes to secure communications. But it has one major flaw: You have to provide a phone number to use it. This means that, even if Signal can keep the government out of your messages, it risks letting creeps into your personal life. Jillian York of the EFF offers a workaround—and a great suggestion for improving Signal. (Motherboard)

Say it ain’t Sony: A major hack of HBOs networks, which resulted in films and giant troves of corporate documents getting leaked online, has triggered obvious comparisons to the Sony debacle of late 2014. But while the HBO breach is grave, the comparison may be inapt: “simply looking at the sheer amount of data that hackers claim to have stolen is definitely the worst possible way to make any judgement.” (Variety)

Show me the Bitcoin Cash: The world’s most popular digital currency exchange, Coinbase, reversed course and said it will support withdrawals of a new offshoot of bitcoin. The decision comes after a bruising week for Coinbase in which customers threatened to sue to get hold of their share of the new Bitcoin Cash, which briefly hit prices of $700. (Fortune)

Finally, the boldness of some of the hackers out there reminds me of the “Crazy Nastyass Honey Badger“—still the funniest thing on the Internet IMO.

 

Share today’s Data Sheet with a friend:

http://fortune.com/newsletter/datasheet/

Looking for previous Data Sheets? Click here.

ACCESS GRANTED

When a crypto-currency “forks,” do custodians have a legal obligation to support the new coins? Internet law scholar Tim Wu shared some thoughts.

Wu added that common law property rules mean that the newly issued Bitcoin Cash belongs to the Coinbase customers in the same way a newborn calf belongs to the owner of a cow. Read more on Fortune.com.

FORTUNE RECON

 

WannaCry Ransoms Suddenly Leave Attackers’ Bitcoin Wallets, by David Meyer

Wikileaks Releases Emails from Macron Campaign, by Jeff Roberts

Apple Patent Points to an iPhone Privacy Boost, by David Meyer

Companies Can Now List Shareholders on a Blockchain, by Jeff Roberts

 

Game of Thrones’ Next Episode has Been Leaked Online, by Chris Morris

Hackers Turn Some Amazon Echoes Into Bugging Devices, by David Meyer

ONE MORE THING

Who you calling a moron? This is a nice palette cleanser: in a 2011 presentation, Canadian security officials marveled at the cloddish character of Russia’s cyber operations. The attacks, they said, were “designed by geniuses” but “implemented by morons”. (The Intercept)