Profile picture
, 24 tweets, 6 min read
My Authors
Read all threads
You may recall the Wannacry ransomware epidemic in 2017, when hospitals, businesses and governments were shutting down because their computers were being encrypted by malware that relied on a leaked NSA cyberweapon called Eternalblue to spread.

1/
The incidents were incredible, cinematic, even. Whole hospitals shutting down. The worm spreading like a pandemic. And then, one day, it all just...stopped.

Then we learned that an anonymous security researcher going by Malwaretech had found a "kill switch" to shut it down.

2/
That was wild, and what was wilder was HOW Malwaretech killed it. They'd noticed that infected computers were trying to reach a weird, random, nonexistent domain, …dp9ifjaposdfjhgosurijfaewrwergwea.com, and so they'd registered the domain and stood a server up there.

3/
They were hoping to intercept some of the comms between infected computers and their botmasters, but instead, they had "sinkholed" the system, turning off the infection in every affected computer in the world.

4/
No one's quite sure why Wannacry infections go dormant if …dp9ifjaposdfjhgosurijfaewrwergwea.com can be reached. A leading theory is that the malware's author wanted to prevent efforts to decompile and analyze their creation.

5/
The first step in such an operation is loading the worm into a virtual machine - a simulated computer inside a real computer, which the researcher can inspect and alter with a thoroughness that is harder to achieve on real computers .

6/
Malware in a VM is trapped inside The Matrix, a head in a jar. These VMs are often configured to answer all internet requests from the malware, in the hopes of intercepting traffic between infected systems and command-and-control servers.

7/
Canny malware authors can use this to their advantage, writing in a subroutine that goes, "Try to contact this nonexistent server. If it answers, you're in The Matrix, so go to sleep and don't wake up until that server disappears."

8/
So, the theory goes, by registering that server, Malwaretech had inadvertently scared every instance of the worm in the world into hibernation by convincing it that it was stuck in The Matrix, and in so doing, Malwaretech had saved the day.

9/
Then it got weirder. The press uncovered the identity of the anonymous researcher behind Malwaretech: a British hacker named Marcus Hutchins (many people sent me this thanks to Little Brother, whose hero is also called Marcus - "A hacker named Marcus saved the world!").

10/
Hutchins's other astounding feats of reverse engineering in service of hunting down and neutralizing other worms also gained publicity, and then he booked in to give a talk at that summer's Defcon, and that talk was hailed as a triumph by attendees.

11/
And then Hutchins was arrested by the FBI and accused of having written Kronos, a notorious banking trojan linked to ex-Soviet crime gangs. The community rallied around him: a person of color, a foreigner, a hero, trapped in America's meat-grinder of a justice system.

12/
They raised money, found him lawyers. @tarah cashed in her severance pay from Symantec and used it to bail him out (racing barefoot down Vegas streets to make it to the notary on time!) and she and @deviantollam helped get him set up with a place to stay.

13/
He got probono counsel from cyberlawyers like @marciahofmann - a former @EFF colleague of mine - and @brianeklein and settled in for a long legal battle. At first, he denied having anything to do with Kronos and criminal malware.

14/
Some of his teen activities - stuff hackers of the heroic era would call "youthful hijinx" - came to light. But then more and more evidence of Hutchins' involvement with Kronos emerged, and then he entered a guilty plea and posted a statement taking "full responsibility."

15/
And then, even more miraculously, his sentencing judge gave him time served and let him walk away, a free man.

It was an incredible ride for those of us following it from the outside.

16/
But the actual story of Marcus Hutchins is, if anything, more incredible. In the current @Wired, @a_greenberg turns in a 14000-word profile of Hutchins that tells the true, incredible tale of his life, his crimes, his adventures, and his vindication.

wired.com/story/confessi…

17/
Some details are straight out of the hacker canon, a kind of platonic Wargames ideal: brilliant kid, parents bought him a PC to stop him from disassembling theirs (but he had to build it out of parts), fought with school administrators, accused of hacking school system.

18/
Then there's Hutchins' path into petty crimes, driven in part by intellectual curiosity and in part by necessity (just like Woz and Jobs paying bills by selling Blue Boxes door to door in their dorm). And then, the Sneakers turn: getting sucked into some serious crime.

19/
Working for a guy called "Vinny" who cajoled and coerced Hutchins into making Kronos. Hutchins balks several times, gets sucked back in, ends up self-medicating with speed to deal with the depression and anxiety he's suffering.

20/
This sets up a toxic dynamic where his drug-impaired judgment gets him embroiled in more trouble, and the trouble heightens his anxiety, which drives him to self-medicate further. But then, at last, he breaks free and starts writing anonymous malware analysis.

21/
His astounding technical feats start landing him industry jobs and he has a very belated realization that not only doesn't (cyber)crime pay, but going legit pays REALLY well. His life turns around, he saves the world - and gets busted by the FBI.

22/
The coda is, if anything, the best part: when the judge who sentences him recognizes all of this, bringing a rare moment of nuance and compassion to the meatgrinder of the US justice system, and lets him walk away. It's the kind of happy ending you rarely get.

23/
It's a complicated story of someone who did some terrible and foolish things and some brilliant and brave things, and who paid a price but was not destroyed, and of the community that rallied around him. It's a brilliantly told story of a brilliant security researcher.

eof/
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Covered Dish People

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @doctorow see all

Profile picture
Covered Dish People
@doctorow
#ModernMonetaryTheory is an economic lens for understanding how money works. It starts from the commonsense assertion that national governments are money-issuers, and the rest of us are money users, and that money works differently when you are in charge of creating it.

1/
But this challenges accepted wisdom, like the idea that national deficits cause inflation and saddle our descendants with debt. If governments are the source of money, then they don't tax us in order to spend. They spend (which puts money into the economy) and then tax back.

2/
If the government runs a "balanced budget" that means it's taxing as much money of out existence as it is spending into existence, leaving behind no money for the rest of us to save or spend. Balanced budgets starve the private sector of the money it needs to operate.

3/
Read 15 tweets
Profile picture
Covered Dish People
@doctorow
There are good reasons to worry about Facebook's "fact checking" efforts, primarily that the company is a raging garbage fire that destroys everything it touches and only has two approaches to solving any problem:

1/
1. Make it fully automated in a way that guarantees that there will be innumerable false positives in which legitimate material is erroneously censored, with no effective means of appeal, even as dedicated trolls exploit the system's blind spot to carry on as normal;

2/
2. Hire boiler-rooms full of low-waged workers to review horrific materials and make judgment calls that require context they don't have and can't get, until they're so traumatized they literally develop PTSD and sue the company for psychiatric care.

theverge.com/2020/5/12/2125…

3/
Read 11 tweets
Profile picture
Covered Dish People
@doctorow
The "gig economy" companies are classic rentiers: in the guise of operating a "two-sided market" (restaurants on one side, delivery people on the other, say), they're actually just siphoning off everyone else's margin, slowly draining them dry.

pluralistic.net/2020/04/18/pol…

1/
But there's one thing the gig economy can't drain, and that's drivers' bladders.

Restaurateurs, legitimately angry at the third-party delivery apps that are destroying them through dirty tricks and rent-seeking, are denying drivers bathroom access.

vice.com/en_us/article/…

2/
It's a classic bit of misdirection, a game of "let's you and he fight." The delivery companies maintain the pretense that they're not employers and thus not required to provide bathrooms for their employees.

3/
Read 7 tweets

Embed code for your website

×
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!