Month: August 2017

WannaCry accidental hero MalwareTech arrested by FBI for role in Kronos Trojan

WannaCry accidental hero MalwareTech arrested by FBI for role in Kronos Trojan

The UK based Security Researcher who uses the handle @MalwareTechBlog, (aka Marcus Hutchins) and who became the self-professed accidental hero during the recent WannaCry outbreak that took place back in May has been arrested by the FBI for his involvement in the Kronos malware campaign that took place back in 2014-2015.

Yesterday, the FBI detained Marcus Hutchins after the DEF CON hacking conference in Las Vegas as he attempted to fly back home to London, where he works as a researcher for the Cyber Security firm Kryptos Logic. Shortly after his arrest, the Department of Justice unsealed an indictment against Marcus Hutchins. This indictment charges him for his involvement in creating the Kronos banking trojan, which was a piece of malware used to steal banking credentials in 2014 and 2015 and was designed to spread via emails, gathering financial details of the victims as it did. Furthermore included in the charge is that he was supposedly involved in the conspiracy to sell it for $3,000 on dark web markets like AlphaBay.

The news surrounding the arrest of Marcus Hutchins has shocked a lot of the Cyber Security community, after all Marcus is well known especially recently with his rise to fame in stopping the WannaCry outbreak, Marcus is a well respected person within the community and so this comes as quite damming news. It is not yet known exactly what evidence the FBI have on Marcus but it could have come from last month’s FBI and Europol seizure of the servers of AlphaBay, which happens to be the site mentioned in the indictment.

Friends of Marcus have reported he is currently located in the FBI’s Las Vegas field office, but the FBI is not releasing any comments at this time. As yet the evidence is unclear and judging by the indictment it seems the FBI believe Marcus built Kronos and an as yet unnamed co-conspirator released a video demo and sort to sell it, looking back we know that Marcus was researching Kronos around the time as he sought to get hold of a sample just as he did with WannaCry.

Lets face it the FBI has a history of incorrectly punishing security professionals who are doing good, so personally I am holding out on any judgment, and ultimately i want to know what evidence the FBI claim to have.

Microsoft Newly Launched $250,000 Bug Bounty

Microsoft Newly Launched $250,000 Bug Bounty

With major security flaws in the news more and more at present it may come as no surprise that technology companies are looking to invest in defensive technologies more and endeavour to maintain a high standard of security. Following this path Microsoft has now unveiled the new Windows Bounty Program. Including all features of the Windows Insider Program and further introducing a heightened focus on products such as Windows Defender and the Microsoft Edge Browser with the top bounty of $250,000 going to Hyper-V.

“Since 2013, we have launched multiple bounties for various Windows features, Security is always changing and we prioritize different types of vulnerabilities at different points in time. Microsoft strongly believes in the value of the bug bounties, and we trust that it serves to enhance our security capabilities.”

The program will pay out anywhere between $500 to $250,000 USD depending on the type of bug identified with the aim being to find any critical or important class remote code execution, elevation of privilege, or design flaws that could compromise a customer’s privacy and security.

Microsoft of not alone in enhancing its money incentives with the Facebook chief security officer Alex Stamos announcing earlier this week that Facebook is increasing its Internet Defense Prize to $1 Million USD, that’s a 10-times increase from what they were offering last year, when it awarded just $100,000 in prizes.