The FBI's Hunt to Destroy a Hero Hacker

Drbleetman was in the emergency room ready for another steady day of life-saving routines but in an instant that Rhythm was shattered without warning the screens to critical computer systems flickered the hospital's digital infrastructure had been completely knocked offline they were under assault but the scale of which they had no idea within hours a virus infected more than 200,000 computers across 150 countries in Spain telecommunications are severed as one of the largest providers is compromised 5. 5 million daily train pass passengers in Germany are left stranded and bewildered as the display boards and ticket machines fall prey to the attack all anyone knows is this message which appears on screen demanding Bitcoin within 7 days to make it all go away or the machines will be left locked forever Mo on to the other developing story this morning the global Cyber attack experts are calling the W to cry virus the largest Cyber attack in history back in the UK Drbleetman was now trying to manage an emergency department with pen and paper to make matters worse major trauma stroke and heart attack centers across the National Health Service were deemed unsafe and had begun turning patients away so that was what was happening regionally loss of trauma loss of stroke and loss of heart attack this attack was already threatening the loss of life but then as quickly as the malware made its way through thousands of computers it grinds to a sudden stop a mysterious but very talented malware analyst and blogger known only by his cat profile picture had decompiled the virus and triggered a Kill switch he was an instant hero likely saved many lives but he wanted to remain anonymous gave an interview under his handle malware tech for media this was not good enough they were desperately combing through every post he had ever made in an attempt to find his real identity 2 days later he wakes up to his face plastered on a newspaper with a throng of reporters pitched outside his house this was bad his Newfound Fame quickly turned sour the FBI launched an investigation into his past unearthing a years old unspeakable crime one he had long feared would come to light this is the story of the man who single-handedly stopped the largest ransomware attack the world has ever seen from his bedroom and now he was going to be punished for it like most awful things it all started on Twitter see this virus was never meant to spread the NSA has a top secret collection called the ant catalog of sci-fi level cyber weapons think hacks exploits and ciber surveillance devices ready to be used at a moment's notice but one day in August 2016 someone made a tweet auctioning them off under the handle the shadow Brokers they're claiming to have hacked the equation group an elite cyber Espionage team who are widely suspected to be a branch of the United States National Security Agency and they're sharing images and samples of numerous cyber weapons they claimed to have stolen as proof these are sophisticated exploits and tools designed for highle cyber War Warfare between nations they shouldn't be for sale on Twitter hackers have been known to pay hundreds of thousands of dollars for such things but the shadow Brokers didn't seem to be good Brokers after all because they never found a buyer so 8 months later in a very uncommon twist they decided to post these exploits for free in a series of heavily politically charged posts cyber security experts were drooling over these but on April 14th 2017 they made what was dub by CNN as their most damaging release among this entire list of tools one stuck out in particular Eternal blue a remote code exploit the most dangerous type of exploit would allow someone to hack a system with zero user interaction and worse millions of computers running Windows were vulnerable to this the NSA had kept Eternal blue a secret for more than 5 years using it as part of their offensive cyber toolkit but the shadow broker's breach had forced their hand into alerting Microsoft just a month before this leak went Live Microsoft had actually published a security patch fixing the bug the trouble is organizations are rarely proactive in keeping their systems updated with the latest security fix the opportunity was unprecedented with cyber security reports drooling over this leak and its implications it was only a matter of time before a threat actor would take advantage in a big way less than a month later the world would come to understand exactly the danger these writers were trying to warn them a an unknown threat actor began working fast in secret to turn Eternal blue into a worm a self-propagating virus engineered to Traverse networks autonomously hunting for one vulnerable port in particular this doorway utilized by SMB stands for Server message block needs to be version one in specific it's a transport protocol facilitates remote services like printers and file sharing more importantly it's open to the internet but deep within the code a critical flaw lay waiting a flaw Microsoft thought they fixed in 2009 had posted this security update said they patched a vulnerability possibly allowing attacker to take complete control of a system in theory by sending specially crafted SMB packets little Network messages filled with malicious data glad we fixed that before anyone abused it they thought but the NSA wasn't so convinced had been searching for a zero day in Microsoft systems for years saw this Public Announcement as an opportunity wonder what if there was a workaround in 2012 they found it the same exploit done another way and now half a decade later their secret was public and this worm made to abuse it was but to claim its first unsuspecting computer but at first it was slow hunting for a vulnerable machine in a sea of millions hitting the subscribe button and passing on its search once found the worm injects its malicious Shell Code and executes its encrypted payload with elevated privileges now inside wcry. exe unpacks a password protected zip file harboring all the tools it needs for the Sinister task ahead using the torque client it opens Communications with these five hidden Services then it begins executing commands silently securing permissions to every file within the system's grasp before locking them behind an unbre able Fortress of encryption finally it begins probing the network for any other system sharing the same vulnerability if found the cycle begins again by the time it has changed the computer's background it's already too late within hours it had spread worldwide an unprecedented worldwide Cyber attack at least five Australian businesses have been hit by the global Cyber attack since late last week malicious software has been taking computers hostage Britain has joined the United States in blaming North Korea for the Warner cry Cyber attack which a number of NHS organizations have reported that they have suffered from a ransomware attack this virus has impacted Germany's national rail system as well as FedEx here in the United States the malware encrypted and rendered useless hundreds of thousands of computers and hospitals schools businesses and homes in over 150 countries it looked at first like an attack just on hospitals in the UK but it's now becoming clear that this malicious software has run Riot around the world while victims receive Ransom demands paying those demands did not unlock their computers uh this was a careless and Reckless attack Russia the United States and many points in between have been hit by what's now a common form of cyber crime all around the world people are greeted with a simple message their most treasure files were no longer accessible and the only way they could get them back was by paying $300 in Bitcoin within 3 days if they didn't The Ransom would double let four more days slip by and their data would be lost forever to some it was a small price to pay on Twitter a bot gets set up tracking payments the blockchain is a public record after all in total 200 people paid 51 Bitcoins then worth $67,000 but they don't get their files decrypted it was another scam wry didn't make distinctions between the infection of individuals small companies or large organizations such as hospitals it was just infecting any vulnerable Windows computer it came across as the hours went by and more and more critical infrastructure around the world fell prey to the attack malware analysts were rushing to find out who was behind it and what could be done to minimize its damage before the day was up one analyst in particular would come out a hero but no good deed goes unpunished 39 Hospital trusts and GPS in Scotland and across England have had to cancel routine operations send patients home and divert ambulances while one to cry was wreaking havoc around the world in a small English seaside resort town a 22-year-old cyber security researcher known only by his cat profile picture makes this tweet malware Tech had made an accidental Discovery while analyzing the virus saw it was trying to connect to this seemingly random domain curious about its importance he registered it was hoping he could set up a server to track connection attempts to build a map of infected systems as he had done for many botn Nets in the past which he wrote about on his blog so I asked a friend if I could have a sample of the W cry worm I noticed it made a web request to an unregistered website so I registered it but before he could even get such a system set up he began reading chatter that registering this domain had killed the virus and this tweet was him seeking validation could it really be true he had just returned from lunch downloaded a sample of the worm from a friend and barely got to understanding its mechanics and now it seemed the threat was neutralized an hour later he retweeted this post from a researcher who had reverse engineered Wan cry code it showed that before encrypting files the malware first checked if it could access the Obscure web address if the connection failed it proceeded with the encryption however if the connection succeeded the malware halted the URL was a kill switch registering it had disabled the worm he had unintentionally stopped the malware and as time went on we noticed the infection count was steadily declining after a few hours of that we noticed a tweet by someone suggesting that the euro in fact was a kill switch that just disabled the malware but his real challenge was just beginning he needed to protect the kill switch domain he had registered which was under constant assault by hackers trying to take it offline potentially reactivating W cry moreover doubts linger not everyone was convinced by his Stroke of Luck the question remained who created it wry and why did it include this kill switch it was the biggest hack attack the world world has ever seen But attempts to stop the virus spreading appear to be working and then suddenly it was over with no warning with no explanation meanwhile the media was now in a frenzy desperately trying to uncover the real identity of their hero hiding behind a cat profile picture come Sunday morning Marcus Hutchins was surprised to find his face on the front page of the UK's most popular newspaper he took to Twitter to express his dismay I knew 5 minutes of fame would be horrible but honestly I misjudged just how horrible British tabloids are super invasive journalist doxed a friend then rang them offering money for my girlfriend's name and phone number one of the largest UK newspapers published a picture of my house full address in directions to get there now I have to move no one really knew who he was or what his name was but it was only after the ransomware attack happened when the media essentially doed boxed him and they published his name and photos and even his his home address online for anyone to find all the while he was still diligently working fighting off dos attacks and Gathering critical information of infected systems through the domain if it went down for even a minute wry would begin infecting more and more systems overwhelmed by The Continuous request for interviews he finally relented putting on a cheery face yes I've had people sort of inundating me messages thanking me saying that I'm a hero I mean I sort of just registered this domain for tracking and I didn't intend for it to like sort of blow up and me to be all over the media I was just sort of doing my job and I don't really think that I'm a hero at all yeah I mean it's completely this my name is out in the papers sort of my general location is so I don't think I'm ever going back to being the ma Tech that no one knew he's truly being too humble here and likewise most coverage of Marcus glosses over the fact that he was already a highly skilled and active counter malware researcher by the time he accidentally disabled W cry his blog posting tens of thousands of visitors showcased his unique ability to trace and reverse engineer botnets in a way that no one else seemed to be able to this skill hinted at a deeper more complex history with malware Marcus was not just a prodigy he possessed a wealth of experience that seemed to extend beyond conventional learning nevertheless his mom a nurse was immensely proud Marcus had become a real life superhero one a cry had caused an estimated $4 billion in Damages and it would have been a heck of a lot more had it not up and stopped so soon and as days turned into weeks I think Marcus started having a shift in how he felt about this Fame the normal world had forgotten as they always do but within the cyber security world he was revered had earned himself free drinks for life and better yet the largest hacker conference in the world was just around the [Music] corner after a grueling 15-hour flight Marcus landed in the United States ready to embark on a week-long well-earned vacation he was meeting many of his online friends colleagues and even boss for the first time in person better yet they pulled their money together to stay in a luxurious 30- bedroom mansion with the largest private pool in Las Vegas they rented sports cars had fun at clubs were truly living it up and best of all his role in stopping W to cry had earned him respect at Defcon he was invited to VIP hacker parties dined with journalists and took selfies with fans things truly could not get any better then on a quiet Wednesday after days of Relentless partying and drinking Marcus stepped out of the Mansion to collect a McDonald's order from an Uber e driver that's when he spotted a black SUV it reminded him of an FBI vehicle but in his inebriated State he brushed off the suspicion and returned inside to continue his indulgences rolled another spliff of that fine legal Nevada weed ate his burger and began packing for his return to the UK as he headed to the airport for his first class flight home the same SUV appeared to tail him overwhelmed in nursing a hangover Marcus again dismissed it as mere coincidence he thought it was odd when clearing security that the TSA agents told him not to take any of his three laptops out of his backpack before putting it through the scanner had showed up quite early and while waiting for his flight back to England sipping a Coke he writes on Twitter how excited he is to get back home to get back to work shares a photo of some nice shoes his boss had bought him he worked remotely for a company in the US kryptos logic building the sort of tools to fight off hackers that he had been sharing for free on his blog that's how he got the job in the first place paid well then he lamented about the stupidity of boarding priority he was getting restless but he never made the flight because shortly after this tweet he was approached by three men two in Customs and Border Protection uniforms and the other in plain clothes they escorted him to an interrogation room where another plain clothed man awaited alone with Marcus they disclosed their true identities FBI agents in a state of mental and physical exhaustion Marcus couldn't piece together why the FBI would be after him they bombarded him with question after question and he still had no idea what they wanted finally they gave him a print out of years old chat logs he had no idea how they got them they asked if he knew about Kronos at dawn on Marcus they weren't interested in W to cry and he wasn't going home at least not for a while speaking of the FBI hackers are lurking online waiting to steal your personal data luckily guardio is the sponsor of this video check this out I got an email about a copyright claim on my YouTube channel my heart skipped a beat but upon further inspection this is the sketchiest email of my life now let's say I did fall for this I'm scared for my Channel shivering in my boots I download the zip file extract it and I get copyright report.

doc oh a Microsoft Word file what what's the worst it could do except that's not what it is and I don't know why this isn't enabled by default but if you click on view then check file name extensions we can see this is actually a sccr file a screen saver file which is an executable in Disguise very cute this is a virus known as Redline stealer so you know how when you log into a website your browser will ask you to save your password it puts all those logins into a file on your computer and this virus takes that a bunch of other nasty stuff too here's a list of Bitcoin wallets it targets it also captures a screenshot of your desktop steals your Discord login token to spread the virus through your contacts heck maybe you've seen that happen to a friend I know I have it can even bypass two-factor authentication by stealing your browser cookies it's frightening stuff thankfully guardio offers comprehensive protection their email mon monitoring would have prevented me from ever seeing that fishing attack to begin with and if it slipped through their extension protection would have identified and neutralized it before it could do any harm Plus guardo's anti-ac account hijacking feature stops these viruses from accessing browser cookies and circumventing two Factor authentication guardio detects threats before they even reach your browser unlike traditional solutions that only address threats after they've infiltrated your device that's why over a million users trust it so if you want to safeguard against these cyber threats visit my link L guard. i/c chrum for a free security scan it only takes 30 seconds plus by using my link which is also in the description you'll get 20% off plus a 7-Day free trial to premium features like real-time threat removal that's an amazing deal by an amazing brand thank you guardio Kronos was part of marcus' past he had long feared would come to light always had a feeling it eventually would he grew up in rural Devon on a cattle farm never fit in much with the other kids when he was 6 years old he became fascinated with computers thought programming was like next level Lego a way to build anything he could dream of and more importantly share it with the world eventually he would stumble across a community of young hackers on MSN seeing them share their malicious inventions he was hooked had the reaction any curious kid would have wanted to be able to do the same at first it was just about getting around permissions on school computers to install video games like Counterstrike and Call of Duty but by the time he was 14 he made his first contribution a simple password stealer that was met with approval from the MSN group for the first time he felt like he belonged somewhere he didn't even Envision that it would be used for anything malicious he was more fascinated by the inner workings of The Thing by 15 he would start ignoring School his notorious reputation of getting around administrative privileges had spread among staff and they started using him as a scapegoat for every Tech related problem they were running into it was then that he began skipping classes Al together becoming fully nocturnal and spending every waking hour fully immersed in his computer according to Marcus he was so big his parents couldn't physically drag him to school in 2009 the MSN form Marcus was frequenting got shut down so he went searching for a new site land it on hack forms. net found it fascinating the hacks were light years ahead and the ethics much darker check this out his first post on the form where met with backlash he was made fun of had a lot to prove if he wanted to fit in here after some time learning how the website worked gaining more knowledge and out of fear of being called a skid again he made a botn net and infected over 8,000 computers by uploading files bound with malware to torrent websites with these infected machines under his control he could launch dos attacks send spam emails or much worse but Marcus didn't actually seem to care to do any of that he just wanted to brag about having it like a badge of honor it worked and leveraging his his Newfound reputation he set up a business renting out servers and web hosting to other members called it ghost hosting explicitly advertised it as a place where all illegal websites except cheese pizza were allowed but not even a year would pass before he grew bored of the botn Nets in the hosting he didn't like customer service very much so he decided to quit and focus on something he enjoyed a lot more perfecting his own malware still feeling several steps removed from any real cyber crime and after getting his practice by taking apart root kits and programs other hackers had coded he started posting Snippets of his own code on the form impressed hack fors members started reaching out to him for development services at first he developed a kind of anti- antivirus that would check whether certain antivirus engines could detect a hack malware that earned him a modest $200 and a repeat customer who paid a lot more Marcus envisioned an opportunity to make his first real money doing what he loved soon he earned himself a reputation as a talented Mal Ghost Rider by the age of 16 he was approached by a mysterious and Anonymous figure operating under the handle Vinnie Vinnie wanted Marcus to develop a root kit Marcus felt the time was right to move on to bigger Ventures and accepted the offer Vinnie was more professional and tight lip than the wannabes he had been dealing with so far he worked day and night for months on end in his room secretly turning Vinnie's idea into a reality once it was developed Vinnie began sending him shares of The Profit through Bitcoin the deal from now on was simple Marcus maintained it Vinnie sold it however as time went on and the two chat it more frequently Marcus being the naive kid he was slipped up he complained about the apparent lack of weed in a small town Vinnie being the cool partner he was asked for his address and birthday said he wanted to send him a present in a move Marcus would later regret he supplied both on his 17th birthday a package would arrive to his parents house inside a Showcase of exotic weed hallucinogenic mushrooms an ecstasy purchased on Silk Road as kind of a gesture as this might appear in its own Twisted way Vinnie leveraged it to the fullest see he had an idea upis kit V2 the same root kit with new capabilities such as key logging screen viewing and web injections a feature that could insert fake text entry fields and other content into pages that victims were seeing Marcus at that moment realized what the root kit would be using used for the tool was designed for bank fraud you see most banks require a second factor of authentication when making a transfer they sent a code via text to the user and ask them to enter it on a web page to verify their identity well web and Jacks are the standard way to defeat this measure a hacker initiates the bank transfer and when the bank asks the hacker for the confirmation code the hacker injects a fake message onto the victim's screen asking them for a routine reconfirmation of their identity via text message and once entered the hacker passes it onto the bank confirming the transfer out of the account no sim swapping no social engineering that allowed the hackers to drain a victim's account and there would be none the wiser Marcus now realized how far down the rabbit hole he was he had taken so many small steps down the world of hacking that he was a full-blown criminal it suddenly hit him this was morally wrong for the first time Marcus says he refused Vinnie's demand quote I'm not effing working on a banking Trojan Vinnie insisted reminding him that if their business this relationship ended he would share the information he had on Marcus with the FBI it was too late for Marcus to take back what he had done with no way out Marcus agreed to work on version 2 but still refused to write the web inject feature to his surprise Vinnie accepted this compromise on top of this Marcus had recently begun attending Community College and it was all too much the only way to realistically cope between College maintaining yupis fee1 and developing yupis V 2 was by buying amphetamines on the dark web and pulling all night coding sessions after 9 months of this crazy lifestyle it was ready yupis V to with had a webon jacked but Vinnie was one step ahead he Simply Hired another coder to add it and now he had a fully functional banking Trojan for Marcus this was horrible news he had ridden everything else it didn't matter whether he liked it or not he was now the author of a banking trojen Vinnie reminded him if he quit now he'd have done it all for nothing and the FBI was still just as likely to turn up at his door by June J une 2014 The Rook kit had hit the market on dark code exploit.