I won’t try to write about what those who are far better qualified * than me have already written ** or engage in debate about the pedigree of Marcus Hutchins ***. I am not a security researcher, I am not a hacker, I am not a programmer (anymore), and I am incredibly disinterested in trying to compete with far cleverer teenagers and young adults who would have me “pwned” in a matter of minutes.
The New Criminals
What many of the recently infamous hackers have in common, aside from being bright with little relevant experience which would make them capable of handling serious jail time, is that they do not know the way the world really works.
— Anonymous Chronic (@AnonymousCronic) August 7, 2017
They seem to be unfamiliar with cause and effect. Many of them unknowingly thread the thin line between legality and illegality. In the evolving landscape of cyber-crime legislation what was quasi-legal and unregulated yesterday may be highly illegal tomorrow.
Most “security researchers” stay on the right side of the street but even in doing so they inevitably rub shoulders with those who are not. Something that aspiring researchers should remember is that “ignorance” is never a defence in a court of law. If and when someone chooses to wander across to the shadier side of the street (knowingly or unknowingly) they find themselves way out of their depth.
There is a very big gulf of reality between facing down a virtual opponent in a chatroom and eyeballing a professional interrogator in an “interview suite”. I have sat on both sides of that particular table, sometimes in places that the most intrepid backpacker wouldn’t consider going, and it is not a place that you want to be.
These are kids with very adult problems.
Picture: Dmitry Bogatov
Welcome To The Jungle
Being a criminal or a member of an organized crime gang used to involve certain stages or rituals. It was a way of life sometimes forced on people as a result of their environment or poverty or family history or simply a conscious decision. Criminals are not always victims of circumstance.
For serious criminals it was an informed choice of sorts. It normally began with petty crime and graduated into more serious categories of crime as time passed. As the scale, sophistication, and seriousness of the crimes being committed grew so too did the tariff.
— Kimberly Crawley (@kim_crawley) August 7, 2017
But the career criminal was more or less aware of this and the risk-return ratio. Also, to be effective in crime at the levels where it potentially attracted a forty year prison term, one had to have a network, contacts, tools, “pedigree”, and lots of other stuff. Not any more.
Jail sentences of these types for these hackers are not jail sentences, they are death sentences. Warming a concrete mattress in a concrete cage for twice as long as you have already been on the planet leaves these people with few choices.
They find themselves sharing space with men who have committed all sorts of crimes that actually involve leaving their mothers house. All of the lobbying and strongly worded letters from the Electronic Frontier Foundation, Amnesty International, family run crowd funding efforts, and emotional tweet storms will not help them when that door closes.
The phenomenon of the new criminals is highly contradictory. We now see fresh faced “deer in the headlights” types facing the sort of time that would make harder men cry for their mother.
* Kimberly Crawley; 4th Aug 2017; “MalwareTechBlog and the Cybersecurity Community versus the FBI“; Peerlyst
** Kevin Beaumont; 5th Aug 2017; Regarding Marcus Hutchins aka MalwareTech; DoublePulsar
*** IPostYourInfo; 4th Aug 2017; The Marcus Hutchins I Knew; Medium