Everyday News Update

Kronos Malware Dealer On WannaCry Killer Charges: What Charges? – Forbes

Marcus Hutchins, digital security researcher for Kryptos Logic, is accused of creating the Kronos malware, which never took off in the cybercriminal world, say experts. Photographer: Chris Ratcliffe/Bloomberg

One of the known dealers of the Kronos banking malware – the password-pilfering software Marcus Hutchins, aka MalwareTech, is accused of creating – has told Forbes they weren’t even aware of his indictment, let alone anything to do with his involvement in the creation of the tool. Indeed, their bizarre comments only muddied the already murky waters around the U.S. government’s allegations about Hutchins, who’d only recently been hailed as a hero for stopping the WannaCry ransomware spreading.

Going under various names, including Passworded and B0tN3t, the malware seller said over encrypted chat that he first came across Kronos on the Exploit.in forum. He span a tale about a coder linked to the malicious software, who’d “ripped off” a customer for $22,000 and banned from the site. The dealer found out about the Kronos files, cracked them and took them for himself.

Complicating matters further, Passworded said Kronos samples “are almost in every security research forums [sic],” making it possible all kinds of underground personas are flogging the tool, which experts say was designed to steal banking logins and infect point-of-sale machines. The government complaint against Hutchins alleged he was the sole creator of Kronos, whilst an unnamed other party updated and sold the malicious tool with him.

Forbes first reached out to Passworded after Kevin Beaumont, a British security reporter who’s been vocal in his support for Hutchins on Twitter, posted a screenshot of Kronos in action, as well as contact details for its owner. Beaumont had suggested that the contact might know something about the creator of the malware, but Passworded denied they had coded it, telling Forbes in internet-speak: “To be honest am not the coder but i got the file and crack it.”

Passworded left the chat before answering Forbes’ other questions.

Searching across the web for the dealer’s activity, it was apparent he’d tried to sell Kronos for a reduced price of $600; previous research found it for sale as high as $7,000, while the indictment claimed an unnamed party flogged it for $2,000.

Kronos advert on the web

Forbes screenshot

The Kronos malware was recently on sale for $600 but researchers say the malware was never a big deal for cybercriminals.

They also set up a YouTube guide on how to run Kronos, not dissimilar to one described in the U.S. indictment.

Kronos and the damage done

The reduced price hints at another truth about Kronos: it was largely a failure amongst serious cybercriminals. There was early anticipation in 2014 it could go big, as prolific and profitable as one of its forbears, the banking malware known as Zeus. In an email to your reporter from RSA’s Daniel Cohen in 2014, he wrote: “Waiting to see whether Kronos turns into something. At this point it’s just a post on a forum, no sample or binary yet. It could be an interesting development if it does, as it would point to more movement away from the Zeus code.”

In the last 24 months, according to IBM global executive security advisor Limor Kessem, the Trojan emerged with a hefty $7,000 price tag in mid-2014, but actual attacks didn’t launch until the third and fourth quarter of 2015, when the company saw some Kronos malware campaigns hitting UK banks. “But after that timeframe, have not seen much more activity from the malware,” Kessem told Forbes.

“The very last time we saw Kronos activity was a small campaign in November 2016, when Kronos infected a very small number of machines mostly in Brazil, the UK, Japan, and Canada. At that particular time, we did not see fraudulent activity from Kronos, but rather, believe it was used a loader for other malware.

“It never really took off in the cybercrime arena. It’s possible this was due to its pricing, its functionality, or the reputation of the vendors that peddled it in the underground and dark web markets.”

This would indicate that while Kronos may have claimed some victims, it never became anything close to a serious criminal operation. If the government is correct in its claim Hutchins was its creator, they may have a job on their hands proving it caused harm as the indictment alleges.

Legally speaking, the damage done and the intent behind it is critical to the government’s case against Hutchins and another unnamed suspect. From a two-year investigation, the feds revealed only one alleged sale of $2,000, not by Hutchins, but by the unnamed party. The indictment also claims the pair intentionally caused damage to 10 or more “protected computers” without authorization over a one-year period, with little more detail.

Tor Ekeland, a lawyer specializing in Computer Fraud and Abuse Act (CFAA) cases, described the charges as “a disaster”, claiming the government is trying to punish Hutchins for “non-alleged harms that other people may have committed with Kronos.” Hutchins is looking at two CFAA charges, one count of wiretapping and another three regarding the sale and advertisement of wiretapping devices.

“It’s like saying the gun manufacturer is now liable for the bank robbery or murder committed by a gun,” added Ekeland. “Who got killed with malware? No one, but it’s completely legal for someone to buy a gun and shoot their spouse or their kid or robs a bank.”

Beaumont, a highly-regarded malware researcher who knows Hutchins, said despite working in network defence for 17 years across four multinational companies, all with more than a billion dollars in revenue, he’d never heard of Kronos.

“It’s quite surprising somebody has an indictment for a malware people don’t seem to know about talking about $2,000 in payment with potentially decades in jail.”

Got a tip? Email at TFox-Brewster@forbes.com or tbthomasbrewster@gmail.com for PGP mail. Get me on Signal on +447837496820 or use SecureDrop to tip anyone at Forbes.

Kronos Malware Dealer On WannaCry Killer Charges: What Charges? – Forbes

Leave a Reply

Featured Links

    Search Archive

    Search by Date
    Search by Category
    Search with Google

    Photo Gallery

    @2012 Designed By Quick News Update