My Authors
Read all threads
You may recall the Wannacry ransomware epidemic in 2017, when hospitals, businesses and governments were shutting down because their computers were being encrypted by malware that relied on a leaked NSA cyberweapon called Eternalblue to spread.

1/
The incidents were incredible, cinematic, even. Whole hospitals shutting down. The worm spreading like a pandemic. And then, one day, it all just...stopped.

Then we learned that an anonymous security researcher going by Malwaretech had found a "kill switch" to shut it down.

2/
That was wild, and what was wilder was HOW Malwaretech killed it. They'd noticed that infected computers were trying to reach a weird, random, nonexistent domain, …dp9ifjaposdfjhgosurijfaewrwergwea.com, and so they'd registered the domain and stood a server up there.

3/
They were hoping to intercept some of the comms between infected computers and their botmasters, but instead, they had "sinkholed" the system, turning off the infection in every affected computer in the world.

4/
No one's quite sure why Wannacry infections go dormant if …dp9ifjaposdfjhgosurijfaewrwergwea.com can be reached. A leading theory is that the malware's author wanted to prevent efforts to decompile and analyze their creation.

5/
The first step in such an operation is loading the worm into a virtual machine - a simulated computer inside a real computer, which the researcher can inspect and alter with a thoroughness that is harder to achieve on real computers .

6/
Malware in a VM is trapped inside The Matrix, a head in a jar. These VMs are often configured to answer all internet requests from the malware, in the hopes of intercepting traffic between infected systems and command-and-control servers.

7/
Canny malware authors can use this to their advantage, writing in a subroutine that goes, "Try to contact this nonexistent server. If it answers, you're in The Matrix, so go to sleep and don't wake up until that server disappears."

8/
So, the theory goes, by registering that server, Malwaretech had inadvertently scared every instance of the worm in the world into hibernation by convincing it that it was stuck in The Matrix, and in so doing, Malwaretech had saved the day.

9/
Then it got weirder. The press uncovered the identity of the anonymous researcher behind Malwaretech: a British hacker named Marcus Hutchins (many people sent me this thanks to Little Brother, whose hero is also called Marcus - "A hacker named Marcus saved the world!").

10/
Hutchins's other astounding feats of reverse engineering in service of hunting down and neutralizing other worms also gained publicity, and then he booked in to give a talk at that summer's Defcon, and that talk was hailed as a triumph by attendees.

11/
And then Hutchins was arrested by the FBI and accused of having written Kronos, a notorious banking trojan linked to ex-Soviet crime gangs. The community rallied around him: a person of color, a foreigner, a hero, trapped in America's meat-grinder of a justice system.

12/
They raised money, found him lawyers. @tarah cashed in her severance pay from Symantec and used it to bail him out (racing barefoot down Vegas streets to make it to the notary on time!) and she and @deviantollam helped get him set up with a place to stay.

13/
He got probono counsel from cyberlawyers like @marciahofmann - a former @EFF colleague of mine - and @brianeklein and settled in for a long legal battle. At first, he denied having anything to do with Kronos and criminal malware.

14/
Some of his teen activities - stuff hackers of the heroic era would call "youthful hijinx" - came to light. But then more and more evidence of Hutchins' involvement with Kronos emerged, and then he entered a guilty plea and posted a statement taking "full responsibility."

15/
And then, even more miraculously, his sentencing judge gave him time served and let him walk away, a free man.

It was an incredible ride for those of us following it from the outside.

16/
But the actual story of Marcus Hutchins is, if anything, more incredible. In the current @Wired, @a_greenberg turns in a 14000-word profile of Hutchins that tells the true, incredible tale of his life, his crimes, his adventures, and his vindication.

wired.com/story/confessi…

17/
Some details are straight out of the hacker canon, a kind of platonic Wargames ideal: brilliant kid, parents bought him a PC to stop him from disassembling theirs (but he had to build it out of parts), fought with school administrators, accused of hacking school system.

18/
Then there's Hutchins' path into petty crimes, driven in part by intellectual curiosity and in part by necessity (just like Woz and Jobs paying bills by selling Blue Boxes door to door in their dorm). And then, the Sneakers turn: getting sucked into some serious crime.

19/
Working for a guy called "Vinny" who cajoled and coerced Hutchins into making Kronos. Hutchins balks several times, gets sucked back in, ends up self-medicating with speed to deal with the depression and anxiety he's suffering.

20/
This sets up a toxic dynamic where his drug-impaired judgment gets him embroiled in more trouble, and the trouble heightens his anxiety, which drives him to self-medicate further. But then, at last, he breaks free and starts writing anonymous malware analysis.

21/
His astounding technical feats start landing him industry jobs and he has a very belated realization that not only doesn't (cyber)crime pay, but going legit pays REALLY well. His life turns around, he saves the world - and gets busted by the FBI.

22/
The coda is, if anything, the best part: when the judge who sentences him recognizes all of this, bringing a rare moment of nuance and compassion to the meatgrinder of the US justice system, and lets him walk away. It's the kind of happy ending you rarely get.

23/
It's a complicated story of someone who did some terrible and foolish things and some brilliant and brave things, and who paid a price but was not destroyed, and of the community that rallied around him. It's a brilliantly told story of a brilliant security researcher.

eof/
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Covered Dish People

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!