November 1, 2023 • 56 mins
From a young age, Marcus Hutchins had a preternatural talent for code. As his online renown grew, he found himself at a series of ethical crossroads— and always on the right side of the law. Yet everything changed in 2017, when a US-created weapon went public: he was the only one who could stop the spread of the WannaCry virus. Doing so would require him to go public.
See omnystudio.com/listener for privacy information.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
From UFOs to psychic powers and government conspiracies. History is
riddled with unexplained events. You can turn back now or
learn this stuff they don't want you to know. A
production of iHeartRadio.
Speaker 2 (00:24):
Hello, and welcome back to the show. My name is
nol Our, buddy Matt is on adventure as Ben. You're Ben, and.
Speaker 1 (00:32):
Matt will be returning soon. They do call me Ben.
We're joined as always with our super producer Paul, Mission
Control decand most importantly, you are you. You are here,
and that makes this the stuff they don't want you
to know. Noel hacking, hacking?
Speaker 2 (00:52):
Can you hack it? Can you hack it?
Speaker 1 (00:56):
What's the uh what's the first thing you think of
when you think of hacking.
Speaker 2 (01:01):
I guess the term has become dare I say, a
bit hackneyed over time, just because it's like, yeah, it
conjures images of like bad nineties movie depictions of the Internet,
of someone with like a weird, like overly bespoke cased
laptop having a screen flashing access granted, you know, people
(01:21):
flying through vectors of like weird transparent buildings like pre matrix.
Maybe I'm mainly thinking of the movie Hackers, but it
was a trope for a while, right, Ben, does that?
Does that? Come? Does that? Though? Some of those things
come to mind for you too, You're right.
Speaker 1 (01:36):
No, I always love it in the nineteen nineties films
when someone reroutes the encryptions right right, the big that's
the big move. And and it's true that hacking is
a misrepresented concept in the world of film, Like, weird
not hackers, to be completely honest with everyone, right, Like,
(02:00):
we know a little bit of coding, we have phones,
we get it. But we're also aware that some hacks
like stucksnet can alter the course of history, and others
like WannaCry can sweep across the globe at a moment's notice.
The world of hackings pretty pretty invisible to most people.
(02:23):
But it's a dangerous world, and it's a very real
one with genuine potential for harm. And so tonight we
decided to explore the story of one hacker, in particular,
a guy named Marcus Hutchins, who accidentally, per his own account,
(02:45):
stopped a global conspiracy and saved the world. Here are
the facts. Who is this guy?
Speaker 2 (02:53):
Dang? Yeah? I mean, well, first of all, when we
think of hackers, we usually think of like some like
aim screen name type handle right, It's like, well, they
don't often even get elevated to the point where we
even like know their names. That's by design, because a
lot of these folks want to stay anonymous. But we
do know a thing or two about Marcus. He was
born in the nineties. Damn you child, nineteen ninety four
(03:16):
in the UKs. Sorry, whenever I see someone born in
the nineteen nineties, God forbid even the two thousands, I'm like,
I'm such an old But yes, I know they exist
there everywhere. Man, They're crawling out the woodwork, and they're
doing big stuff, no doubt. In the United Kingdom in
nineteen ninety four, Marcus already was when he came of age,
(03:37):
or at least to the point where he could, you know,
click clock on a computer, was already showing great promise
with computers and early kinds of programming. There's a story
apocryphal or no, that talks about how he was able
to bypass the computers at his school reroute the encryptions.
Dare we say bypass the school's computer. I guess let's
(03:57):
say locks, you know, protection systems, maybe something that would
not allow people to install outside software so that he
could install game software. You know some kids, what do
you think it was plaining? I guess in the nineties
it would have been what what? What was a PC game?
This is waypost Doom and like the ID software stuff.
(04:18):
What would maybe Minecraft?
Speaker 1 (04:21):
Maybe you're right, we came up on Oregon Trail. Let's
be honest, that's true.
Speaker 2 (04:25):
Yeah, And then I just remember, you know, with all
the ID software games, those were the ones where they
would send you the freeware discs in the mail, and
so that was something that everyone would have installed. But
in the I guess he would have been coming of age,
like in the early two thousands, so that might have
been Minecraft. That's my theory.
Speaker 1 (04:42):
Hmm, that's a solid one. I agree with you. We
we're getting a lot of his initial career and origin
story somewhat apocryphal, as you as you said from this
article by Andy Greenberg over Wired, and Marcus teaches himself
(05:02):
the ins and outs of coding. He starts hanging out
online right in these forums, in these Prereddit areas, or
Reddit was already around, or things like Reddit, things like
the chans, So it.
Speaker 2 (05:22):
Would have been more for these smaller communities. Definitely wouldn't
have been quite in the mainstream as much as it
is today.
Speaker 1 (05:28):
Yeah, he was specifically hanging out with the bad kids
of the Internet who wanted to flex on malware. Malware
is like software.
Speaker 2 (05:44):
It is.
Speaker 1 (05:46):
A genre definition of things, programs that are meant to
compromise other machines in some way. He's dare I say,
hacking at an early age, and he's very young at
this point still, yeah.
Speaker 2 (06:04):
I think he at around fourteen years old he comes
up with his first kind of little hack. I guess, uh,
it is funny that how hack has sort of become
more appropriated by the normies, like the idea of like
life hacks and stuff, But back in this day, it
was it was kind of literally figuring out a weakness,
you know, some sort of vulnerability and a piece of
software and then exploiting that. This would probably be one
(06:25):
of the more basic types of hacks. And he did
that with Internet Explorer, figuring out of that whole what
is it like autofill stuff where it like saves your info?
And I think back in those days it wasn't as
like authentication heavy as it is now, like even to
get access to certain autofill type things you have to
enter a password and use your name and maybe even
(06:45):
a fingerprints, you know, if you're using one of those
newer Mac laptops.
Speaker 1 (06:48):
But here's the text on your phone.
Speaker 2 (06:51):
That's right exactly, because a lot of times this stuff
will include credit card information. It couldn't even include you know,
that would not be the brightest thing in the world
to always have that stuff, you know, available for autofill
but it certainly is out there now and a little
more protective. But back then it would be for stuff
like addresses, you know, for shipping or whatever it might be.
And he used it to I guess, send a direct
(07:11):
line back to him, you know, from the computer with
the malware installed, to give people's passwords, and.
Speaker 1 (07:21):
He never used it to commit a crime. The forums
he was hanging out on were all about flexing. It's
like his version of a skate park, you know, where
people are doing their halfpipe tricks, right, And he gets
acceptance and approval online, and he hangs out more and
(07:42):
more often on these forums, and his teachers and his
parents notice that he's not doing so great at his
homework in school, yeah.
Speaker 2 (07:56):
The regular stuff now, because he's spending all his time
on those computer labs, and much like what happens when
hackers are convicted, you know, and sent away that a
lot of times one of the conditions of their release
are you can never go near a computer ever again,
which always seems so heartbreaking. But yeah, he was banned
(08:16):
from using any of the school's computers because the faculty
thought that he had hacked the entire school network, which
he did deny again and got some apocryphal tales in here,
which is always kind of the way it goes with
figures like this, But in the end, it was just
just the push over the cliff he needed to even
(08:36):
more reject kind of the stuff they were trying to
hopefully get him to do, to go deeper into in
terms of like normal homework and a career and all
of that stuff. So he stopped, basically stopped going to school.
Speaker 1 (08:50):
He can't blame him, you know.
Speaker 2 (08:52):
Oh yeah, tore a terrible move to really absolutely misguided
attempt to get someone to not do the thing that
they love.
Speaker 1 (09:00):
And so he gets pushed away from what we call it,
we're going to sound very old, his irl society in
real life society. He gets pushed away, and soon he
is hanging out full time on these Internet forums. And
(09:21):
you know these are forbes associated with what we call
pen testing, if we're being correct, penetration testing.
Speaker 2 (09:28):
Ah yeah, isn't familiar with that one. And it's like
you said, I mean a lot of it was sort
of flexes, like here's see what I can do, but
it wasn't necessarily these folks were colluding, you know, to
plan large scale Internet heists. But as we know, in
order to know what the bad guys are doing and
how to protect against what they're doing, you got to
(09:49):
kind of have the same bag of tricks. So this
really is kind of an interesting early, you know, kind
of entry point into what ultimately led to him being
as known as he became.
Speaker 1 (10:00):
Just so, and you know, at this point, if you're
hanging out with those bad kids on that Internet halfpipe,
the feds are gonna come shut you down. The squares
are gonna come in, and authorities will clamp down on
one site. But they're essentially playing whack them hole, which
means that the users of these forums will transfer to
(10:25):
another site. So the forum that our young friend Hutchens
hangs out at gets closed down, gets shut down, so
he moves to another spot it's cold in a burst
of creativity hack forums, no one well no, no one
will ever figure that one out.
Speaker 2 (10:45):
Well, how man, isn't the smarter move instead of like
cracking down and like tipping your hand just to kind
of lurk and see what you can see. I guess
they probably do that for a while and then get
to a point where they're like, Okay, we've exhausted this one.
We need to I just wonder it will be the
impetus for the cops coming in and breaking them up,
or learning these folks to their presence, or if it's
(11:05):
more like they overplayed their hand and the kids are like,
oh no, we've been made. We need to move on right.
Speaker 1 (11:13):
Right right. We've got a great quote from Wired from
our buddy Andy writing here, and he talks about you
know what this makes me think of. It makes me
think of walking into a hotel pool or something like that,
where you have the steps at first where you dip
(11:35):
your toes in, and our buddy Hutchins is walking in
deeper and deeper water. Wired describes hack forums in a
pretty interesting way.
Speaker 2 (11:48):
Yeah. He describes the members as being a shade more
advanced in their skills and a shade Murkier in their ethics.
A lord of the flies collection of young hackers seeking
to impress one another with nihilistic feats of exploitation. They're
in lies of the flex. We were talking about the minimum
table stakes to gain respect from the hack forums crowd
(12:10):
was possession of a botnet, a collection of hundreds of
thousands of malware infected computers that obey a hacker's commands,
capable of directing junk traffic at rivals to flood their
web servers and knock them offline. What's known as a
distributed denial of service or d DOS attack. Pretty common
technique we've heard that, you know, make the news plenty,
(12:31):
Like if I'm not mistaken, we were all just in
Las Vegas recently, and I think they were a victim
of a hack that I think involved at least in
part d DOS attacks. Because all of their servers were overloaded,
they couldn't talk to each other, the MGM hotels and
the lights wouldn't work in the room. And when you
have a system that's so interconnected like that, these things
(12:53):
can be crippling, right.
Speaker 1 (12:54):
You nailed it, Yeah, absolutely, And it's said that Matt
is on adventures, because that's one of the things, as
you will call that he brought up to us before
you and Paul and I traveled to Las Vegas. Matt
was I'm not gonna do an impression of Matt because
(13:17):
we all know.
Speaker 2 (13:18):
It's not possible. He's too singular, that.
Speaker 1 (13:21):
He's such a voice. Yeah, and uh, Matt, just who
everyone knows. Matt was telling us before we went to
Vegas about the hack. I think he was the first
one who clocked it, and he was saying, guys, we
gotta be careful. He asked us if we would bring
(13:42):
burner phones, and uh, and be honest with you, I
did not bring a burner phone. I used my real
phone in Las Vegas.
Speaker 2 (13:52):
But not your real name. You were assigned one by
hotel management. Yeah, but it's crazy how effective some of
these simpler kind of techniques can be. And I guess
I didn't really understand the idea of this botnet, Like
it's basically like these are these are these computers who
don't know they've been had, who don't know they've been infected,
(14:14):
and are now like under your sway like that you know,
sorcerer's apprentice in the brooms kind of scenario. Right.
Speaker 1 (14:21):
Yeah, and this kid, Marcus Hutchins is a child at
this point, he's fifteen years old, he's all in. He
creates a botnet, and what he does is he suckers
people via fake files or misleading files uploaded to bit
(14:42):
torrent sites. For those of us in a certain demographic,
you might think of LimeWire or things like that.
Speaker 2 (14:53):
Oh dude, but I mean bit torrent. You know, you
would get it through like the Pirate Bay or whatever,
or like there were other different ones. And the way
BitTorrent files work is they're like broken up into all
these little micro pieces that are then kind of reassembled.
So I imagine this is a very smart way of
using a technology that is a little bit you know,
(15:14):
more underground internety. But it's also like, you know, we
knew tons of people that weren't mega hacker, people that
were like using bittorn all the time. It was super mainstream.
So it would make sense that he amassed a pretty
significant bought army by exploiting these BitTorrent sites for sure.
Speaker 1 (15:31):
And we all remember, let's be honest, whether you are
a street laced NRO person or whether you have a
little bit of r Maybe in your college days, you
remember the old say they said, look, you're never gonna
get caught if you're downloading the files. You're only in
(15:54):
trouble if you're the one uploading them or sharing them,
right and yeah, and so it's true.
Speaker 2 (16:01):
For some of them. But like the bit torrent ones,
just by participating you were sort of part of It
was harder to track down individuals, I think because it
was like by downloading the file, you were also participating
in the upload. But I got a few of those
Web Sheriff no no infringement notices back in the day.
I sure did you know what?
Speaker 1 (16:20):
It was?
Speaker 2 (16:21):
Usually about HBO related content. It was usually about like
Sopranos episodes or episodes of sixty And you'd get this
like form letter directed at your ISP, and then they
would come to you and it was like, hey, fly right, buddy,
or things are going to go poorly for you. You can
get banned from your ISP. At the very least, that's
probably what happened.
Speaker 1 (16:41):
Oh geez, well, this doesn't hit our boy, Hutchins, our
young fifteen year old Hutchins. He has a bought army.
It's like eight thousand computers and he starts setting up
his own business. He has one called ghost Hosting. The
first O is zero, get it because it's leaked to.
Speaker 2 (17:05):
Speak, Yeah, very aim Internetti as well. This is a
server kind of like web services deal, you know, kind
of like we know now is like AWS Amazon web
services for hosting sites, much smaller and much more niche
This was specifically for hosting sites for hack forum members
that allowed them to shield their IP addresses from anyone
(17:30):
who would try to, you know, find where the root
of such sites might be. But he had some caveats.
He would allow people to post anything other than child
sexual abuse material. It's good on him for that, of course,
because we know a lot of times these masked you know,
web sites or servers. That's a big part of it.
(17:50):
But what he was doing essentially was like sort of
a smaller scale silk Road dark web thing, but I
don't think you needed like a tour browser to access.
Think it wasn't like exactly dark Road silk Web, but
it was in that vein the idea that you couldn't
necessarily figure out where it was coming from, and maybe
there was even a way for users to be encrypted
so they couldn't be tracked either.
Speaker 1 (18:12):
Yeah, it was all about anonymity, and he had these
ethical lines. He kept evolving his skills. He learned how
to analyze and improve other hackers software, especially their rootkits.
Rootkits are a thing that will change the operating system
of a computer such that it can hide itself. And
(18:35):
people were massively impressed on these forums. And by the way,
at this point, none of these folks on these forums
know anything about each other. They're very careful with it.
And this guy, our guy Mark, he starts taking these
gigs writing what the authorities will call malware, and he's
(19:00):
picking up little side joints, you know, He's like, hey,
I know how to turn a piece of code here,
and that's where he meets someone calling themselves. Theny things
turn dark. It eventually leads him to something terrible called
(19:22):
Wanna Cry.
Speaker 2 (19:23):
Yeah, it's interesting to kind of get the trajectory of
this kid and his sort of like upbringing or like
his rise in this kind of culture, because at this
point he's like a teenager, you know, he's basically kind
of like a snotty teenager who just kind of maybe
wants to creak a little bit of chaos, you know,
but he does seem to have a moral code, which
(19:44):
I think is important. And I think what we're gonna
see is a turn where he's like, Ooh, with great
power comes great responsibility kind of vibes, you know. And
it just took him meeting the super villain kind of
our story to make that realization. But maybe I'm over
over stating the case. But it's a really interesting story.
Speaker 1 (20:04):
You're one hundred percent correct, Noal, I propose we pause
for a word from our sponsor, which will hopefully be
a VPN company.
Speaker 2 (20:12):
Yeah, no doubt.
Speaker 1 (20:20):
Here's where it gets crazy. So this guy Vinnie contacts Marcus.
Marcus is about sixteen at this point, and Vinnie is
a stranger on the Internet. Marcus does not know him
from a Canna paint. And Vinnie goes to Marcus and says,
(20:41):
I'll give you a job make a new rootkit for me, kiddo,
and I'll sell it all over the cool people Internet
and you will get fifty percent of the profits.
Speaker 2 (20:56):
Dude, sounds like a deal. I'm sixteen on I'm doing
this for fun largely anyway, and I'm starting to make
a little extra money, you know, proving the principle and
mom and dad wrong, you know, why wouldn't I hop
on this train? So a little more than halfway through
twenty twelve, they get this whole deal up and running
something called a upas kit, which I believe is named
(21:18):
after a poison tree. So maybe it's pronounced upus upus.
Speaker 1 (21:23):
Yeah. Look, I am also not one hundred percent on
the pronunciation, but you're right now. It is named after
a poisonous tree Antiaris toxicaria.
Speaker 2 (21:36):
Yeah that sounds scary mainly just cut has toxic in it,
but it's part of the mulberry family, which is a
very pleasant sounding tree. But so, yeah, this is their enterprise.
They've been working on for a bit now. And at
this point, Vinnie sends Hutchins like a bunch of drugs
for his birthday.
Speaker 1 (21:56):
Because he was so Mark was complaining to his internet
friend Vinnie about how difficult it was to find good
drugs in the United Kingdom.
Speaker 2 (22:13):
Okay, so this was not completely unsolicited then, like Marcus
is into these drugs, he wasn't just like because that
also seems like a flex too, where it's like I
know where you live and I'm sending you illegal stuff.
This would have been appreciated by young Marcus. I'm open,
we're not talking about crank or heroin here. Maybe just
some weed.
Speaker 1 (22:32):
Yeah, I think it was just saying I can't find
good weed in the United Kingdom, and Vinny comes through
with more than just cannabis.
Speaker 2 (22:45):
I see. So there is a little bit of a
little bit of a flex in there too, I think,
where it's almost like, you know, yeah, you're in deep
Because to your point, Ben, he'd always sort of just
ridden that line between doing stuff that was just a
little more anarchist and a little more just kind of
middle finger to the man and like square society, but
(23:07):
never things that would be considered fully morally reprehensible or
like felony level illegal, right.
Speaker 1 (23:15):
Right, Just so, the upus Upas sales had allowed Marcus
the ability to not go to school and to work
full time. He was supporting himself. He was one of
those kids who probably looked like, what do you call it,
(23:36):
hikiko mori, the kids who stay home guys?
Speaker 2 (23:40):
Yeah, in Japan for sure, or like in Spider Man,
he's like the guy in the chair, you know.
Speaker 1 (23:45):
Right, yeah, And he was increasingly living this double life.
He was a mild mannered young British man by day.
He was a master hacker by night. And here we
go back to Marcus's own admissions. He made a serious error,
just like you said, Noel, he had always stayed a
(24:08):
step away from actions he considered illegal or unethical or
morally reprehensible. And he said he knew of criminals, and
he knew of crimes they had committed, but he did
not consider himself a criminal. He always thought he was
(24:29):
just on the side of the law, exactly.
Speaker 2 (24:34):
And now he's starting to get an inkling that he's
starting to wade into some of those deeper waters, going
past the kiddie pool and into the you know, the
scary part of the pool where the monsters are they
really are you guys, be careful part where you can't
see the bottom. There's scary stuff down there. You ever
have that. I pretend there was Jaws was in the pool.
(24:56):
Maybe I'd just like to freak myself out when I
was a kid. But I think the metaphor holds true.
Speaker 1 (25:00):
The metaphor does hold true, and you are terrified of
open water.
Speaker 2 (25:05):
Yeah, it's just a thing that it's a recurring theme
for me in dreams where I can't see the bottom.
And it's not usually even things that I think are
going to murder me. It's just big things that you
can't see. And sometimes the big things that you can't see,
you don't really know whether they're good or bad. And
at this point you made a really good point in
(25:26):
the outline, Ben, we're not sure whether Marcus is living
a double life as a superhero or potentially a super
villain in the making.
Speaker 1 (25:36):
Ah, he's living two lives and he's not sure at
this point, right which is good or which is bad.
His buddy Vinnie ask him to write a new version
of this malware, of this program, and he asked Marcus
(26:00):
to write in some programming that would be a little
bit of an escalation, things like key logging, a couple
other specific bells and whistles. Nol, we know what key
logging is.
Speaker 2 (26:15):
Yeah, I think it's similar to the little hack you
as talking we were talking about earlier they did with
Internet Explorer, where it's using that auto fill stuff to
funnel information out of out of the person's individual computer.
So when you're typing something, somebody who has root access
to your machine can then get a copy of that
(26:35):
and they can access like things that you have input
manually into your computer, which oftentimes you know all the time,
really includes personal data and passwords and things that you
do not want people to have access to.
Speaker 1 (26:47):
And if you are hearing this on a work computer,
if you use a work laptop, it is completely legal
for your employer to do key law game programs.
Speaker 2 (27:02):
Just be aware. So anyway, anybody is it to measure
productivity sometimes like that's a thing, you know, they can
literally check your work, you know, not to make people
freak out or be paranoid, but that is important. Don't
fool yourself if you're using a work machine for things
that aren't work related. It's not like they're watching you
twenty four to seven, but that stuff is fair game
(27:24):
to just be warned, right, Yeah.
Speaker 1 (27:27):
Be aware. So Marcus is a very smart dude. He's
a kid at this point still, and he knows these
functionalities for exactly what they are. He says, look at this.
This will be a program specifically built to target financial institutions.
(27:48):
And in his mind, he says, if I do this,
I am committing crime. There's no way to rationalize it.
There's no way to call it a gray area. There
is no liminal space. I will not write this thing,
he tells his quote unquote pal Vinnie. And then Vinny
(28:12):
reveals there was a poison pill to that gift.
Speaker 2 (28:19):
Oh boy, could have Could I think that's what I
was maybe picking up on a little bit, whor it's like, yeah,
I've got something on you, a poison pill. Indeed, sending
that package of drugs meant that he had basically blackmail
level information on Marcus and could go about exposing, you know,
(28:40):
his kind of secret activities. So they came to a
bit of a compromise where Marcus made only a few
of the chair a handful of the changes and updates
that were being asked I in the key logging, and
then he then decided he would farm out the rest
of the things that Marcus would not willingly do you
know elsewhere.
Speaker 1 (29:02):
Yeah, Marcus agreed to make the key logging functionality and
dragged his feet a bit. By his own admission, you
can read his blog. Vinnie goes like you said, no,
he outsources and gets the other functions for this thing.
(29:23):
And this thing evolves, and by twenty fourteen, Venny quote
unquote Vinnie is selling a new program. It's called Kronos.
Marcus continues his regular life. He goes to community college,
he graduates. People have no idea that he is basically
(29:44):
neo in the matrix. Yeah, and things start to go
south in his online world, so we can, I think,
gloss over some of the the terrible things that happened there. Eventually,
(30:05):
Marcus takes on the name malware Tech, and nobody knows
that malware Tech is a guy in the United Kingdom
named Marcus Hutchins until twenty seventeen.
Speaker 2 (30:21):
Yeah, that's when the WannaCry ransomware attacks happen, and I
got my wires a little cross when we were talking
about the MGM stuff. While there may have been a
DDAs attack is part of that, Mainly what that whole
thing was about was ransomware. WannaCry was is a ransomware
(30:42):
crypto worm, which to.
Speaker 1 (30:44):
Your made up what is that on?
Speaker 2 (30:47):
All these words are great. I love it, Thank you
William Gibson. And by the way, that cyberpunk cartoon that
goes along with the game that's on Netflix, it's very good.
It's really really cool. It's called Cyberpunk some colon something,
but it's a pretty pretty cool and it does a
great job of carrying on the legacy of like William
Gibson and Philip K. Dick and a lot of the
kind of you know, fourbears of really interesting kind of
(31:10):
Internet culture and science fiction. But ransomware basically holds this
information or the information on your computer hostage by encrypting
the files like not to your benefit, right, like locking
you out essentially.
Speaker 1 (31:26):
Yeah, yeah, yeah, crypto ransomware, or by locking you out
of your computer entirely, which will be locker ransomware, which
we know. I have to pause for a moment and
on MAT's behalf also say thank you so much for
shouting out William Gibson, neuromancer, the author who saw it
(31:50):
all coming in ransomware. Ransomware is pretty nasty because it
will direct the victim to pay some sort of financial
thing right through a very specific set of instructions, usually
bitcoin nowadays or some sort of derivative of WannaCry is
(32:17):
even nastier because WannaCry will automatically propagate itself. It is
considered a network worm. When it hit the Internet, it
was May twelfth, twenty seventeen. It continued to May seventeenth.
(32:38):
During just that small amount of time, just those few days.
It hit over one hundred and fifty countries. It was nasty,
went so far because it was based on It was
based on some demonic stuff that Uncle Sam figured out out.
Speaker 2 (33:00):
And experts and you know, folks kind of watch watching
the events unfold began to advise to not pay the
ransom because there had not been any reliable information pointing
to people actually getting their stuff back.
Speaker 1 (33:14):
Yeah, and WannaCry was based on an exploit called Eternal Blue,
which was discovered Slash created Slash developed by the Essay.
About a month before WannaCry hit the world, there was
a group You're gonna love this, man, because I know
(33:36):
you love cyberpunk. There was a group of hackers named
the Shadow Brokers. Yeah, that's a real thing. How is
that a real thing?
Speaker 2 (33:45):
Yeah, it sounds like cyberpunk, but it also sounds like
Skyrim or something like much more Lord of the ringsy.
Speaker 1 (33:53):
Right, the I'm sure they love all of these things.
They might be playing Skyrim now. The Shatto Brokers stole
the Eternal Blue exploit from the Essay somehow, and they
leaked it to the world. And the Want to Cry
attack mainly worked on organizations that had not updated their software,
(34:18):
they had not applied patches from Microsoft, they were working
with older, outdated versions of operating systems. And at this
point we have to be honest, it is very very
easy to ignore all those things, all those little pop
ups you get that say update your software now, right, Like,
(34:42):
how many times have you ignored those today? Folks?
Speaker 2 (34:46):
Yeah? You know, I'm I run a lot of like
I use my personal computer for work and you know,
pro personal stuff when I'm at home, and then I
have my work laptop, but I oftentimes don't have auto
install on for those I updates from Mac because a
lot of the third party like audio things that I use,
they'll quickly get bricked if you do the wrong updates.
(35:08):
So sometimes you have to like wait like a year
for a new update to be fully tested. But then
there are also sort of like sub updates that are
more like security things. Those are the ones you do
want to make sure you do, even if you're not
doing the full updates. Always make sure that the security
patches are turned on, because that's the kind of stuff
that is protecting you from these sorts of things.
Speaker 1 (35:28):
Absolutely, I think it's very easy to ignore that routine maintenance, right,
that routine security, and especially if you're like us, if
you work with any cavalcade of idiosyncratic apps or platforms,
it's kind of like a house of cards, you know,
(35:48):
if you change one and then it changes everything else.
And that's what the hackers are counting on, and that
is why within just a few days a cry infected
hundreds of thousands of computers. The estimates of damage ranged
(36:08):
from hundreds of millions of dollars to literally billions of dollars.
And like you said, the experts told everyone, one, patch
your computer, and two, don't give in to the ransom.
Don't give in to the terrorists because they're not going
(36:29):
to give you your money back. No one knew what
to do until one day, our pal, Marcus Hutchins, walked
home from lunch and found out what was going on.
We're gonna pause for a word from our sponsor, and
then Noel maybe we talked about how this guy saved
(36:50):
the day absolutely, and.
Speaker 2 (36:58):
We're back talking about mild mannered Marcus Hutchins of the
Internet and also the United Kingdom, who had been through
kind of an emotional rollercoaster. At this point, I did
do a little extra reading and the package of drugs
that were sent to him. It wasn't just weed. It
was like amphetamines and psychedelics and hallucinogens. And apparently when
(37:23):
he started doing a lot of these kind of like
all night coding sessions once he stopped going to school,
he himself got addicted pretty badly to amphetamines. He used
to replace them, replace just you know, coffee with it.
So he was down a pretty dark path in more
ways than one. You know, he had basically been blackmailed
(37:43):
himself by this vinny character who threatened to turn the
information he had on him against him. This package of
drugs that he sent to him, he perhaps turned him
into the FBI or whatever, not to mention other stuff
that he likely had. Can you imagine, Ben, if you
were doing this and thinking you were like, you know,
King Shiit of fuc came out and then all of
(38:05):
a sudden, the person that has guided you into this
world turns on you, and now you feel like you're
sort of you're there botnet. You know, they've got control
of you.
Speaker 1 (38:16):
Oh that's good. Yeah, I mean it's evil, but that's
a great feeling. Yeah, that's the deep water you're talking about. Yeah,
And this is Hutchins has to struggle through this stuff.
He is by the time WannaCry hits, he is navigating
(38:39):
the brighter side of drug addiction, I think, and he
is working through what we would call white hat hacking,
which is, you know, we have def con here in
Las Vegas. It's where Yeah, it's where you where. Essentially
(39:00):
you are no longer paid to do malware programming. You
are paid by companies like a bounty hunter. You find
the exploits, the vulnerabilities in their software, and they give
you a ton of money if it works out. This
guy is working under the name malware Tech, and you
(39:25):
can find his blog as Marcus Hutchins. You can also
find malware Tech. He's not really on Twitter anymore, which
I know is a bummer for you know, because you
love Twitter so very much.
Speaker 2 (39:40):
I love it so much. Yeah, yes, gosh.
Speaker 1 (39:44):
Oh gosh, pardon me.
Speaker 2 (39:46):
You're You're right on the money, Ben, Even like the
emails that I get from them still say x formerly Twitter.
It's like it's not gonna happen elon. But yeah, he
he gets wind of this, I think, and much the
same way that the rest of the world does. But
he has more information that the rest of the world
doesn't have, so he knows what he's looking at. Hutchins
(40:07):
learn of want to cry. After he had some lunch
on May the twelfth, he saw networks across Britain's healthcare
system had been hit by the ransomware. So that's that's,
you know, and this is that kind of stuff that
that is the super dark side. You know, we were
talking about casinos. That sucks for business. You know, casinos
make a lot of money losing money, you know, inconvenicing
(40:29):
guests and all of that, and that sucks. That's no good.
But healthcare systems, people could die, you know, like like
not to mention like the if it's if it's interconnected
in the same way that the power stuff was, you know,
at at the MGM, A lot of these larger facilities,
they are going to have that level of interconnectedness. So
he sees reports of Britain's health system being hit by
(40:51):
these that's going to be things like records and you know,
all of that stuff. But he with the information that
he has, knowing this is likely an extension of the
thing that he participated in in some way, he starts
to get a little micro you know, looking into the
code and seeing what he can see.
Speaker 1 (41:07):
And as he is running in his digital fingers across
the carapace of this thing, he finds a chink in
the armor, a gap. He sees that there is a
part of the code that includes a web address. The
web address is not registered, so he registers the domain.
(41:32):
This is very in the weeds, but he registers the domain,
and and he's on record say this. He says, he
always says, like, I paid ten dollars and sixty nine
cents to get the domain address. And at the same time,
while he's doing this concurrently across the pond, there's another
(41:54):
guy who also deserves his flowers, a guy named Darien
huss He's twenty eight years old. He lives in the
United States, I think in the Michigan area. He is
a research engineer for a cybersecurity firm called proof Point.
And this guy's doing his own analysis. And this guy, Darien,
(42:17):
notices that whomever wrote this hardware left in a feature
called a kill switch. And so Darien sends a screenshot
of this to our buddy Hutchins, who is still at
this point anonymous online.
Speaker 2 (42:35):
So they go back and forth about this and realize
something really really important that registering the domain name and
redirecting the attacks to malware tech server had actually activated
the kill switch, which halted the basically neutralized the ransomware,
creating something that's known as in the packing parlance as
(42:59):
a sinkhole.
Speaker 1 (43:01):
Yeah. That means that the attacks with that current variant
of WannaCry will no longer execute successfully. And it's weird
how this stuff is like it's like covid. That's why
they call it a virus, right, because there could be
(43:22):
a new variant. One of the first things that malware
Tech does is say, look, you have to get all
of your operating systems patched immediately. And he has a
great crisis of faith here because to reveal this, to
save the Internet, he has to give up his anonymity.
(43:48):
And that's what he does. That's why we know malware
tech is cybersecurity consultant. Marcus Hutchints. You can find him today, folks,
Marcus Hutchins dot com. The guy literally saved the Internet.
He says he did it accidentally. He says he stumbled
(44:09):
upon it. And there's so much more to the story.
But I think we gotta I think we got to
give the guy the props where it's due Noel, would
our podcast exist if if wanna cry continued?
Speaker 2 (44:27):
Yeah, it's a good question. I mean, you got you
do have to kind of wonder, like it was so
insidious that it could have caused irreparable damage to large systems.
You know. This is also long enough ago that it's
almost like the way airports were before nine to eleven,
you know what I mean, Like, once something massive like
(44:47):
this happens that is so earth shattering, you know, then
things but things kind of turn a corner in terms
of like security, and maybe I'm maybe I'm off base there,
but it does feel like that's the case. Is like
he said the beginning of the show, this really was
something that shifted the course of technological events. So yeah,
I think it could have knocked things out. I always
(45:08):
think of the movie as bad as it is Escape
from La the sequel to Escape from New York, the
John Carpenter movie. The School is pretty bad overall, but
it has a pretty interesting foil or plot, I guess
device where it's this idea that like all electricity and
interconnected you know, machinery will will be killed, including batteries,
(45:30):
and they don't really explain how that makes sense in
that I.
Speaker 1 (45:33):
Remember that and I remember the soundtracks banging though.
Speaker 2 (45:36):
It's pretty good, but it does make me think of like,
is this some kind of like would this be a
fight club event? Like a project may set us back
to the Stone age type event. We don't know. Because
Hutchins did jump in, would it have been solved otherwise?
I don't know that either. What do you think, Ben?
A lot of this stuff is just based on boneheaded,
(45:56):
like exploitable flaws in saw where you know, with the
would the the Microsofts of the world have figured it
out first and figured out how to do something about it.
I kind of think, No, I.
Speaker 1 (46:09):
Kind of think you're right on that one, Noel, because
consider that Eternal Blue, which is the exploit Uncle Sam
figured out. Eternal Blue, was discovered by the United States government,
and they could have told Microsoft. They did not tell Microsoft.
(46:33):
They instead built a monster, right, and the monster got
out of its gauge and then became another thing. It
evolved like some sort of sinister evil Pokemon, and.
Speaker 2 (46:49):
In its final form, right.
Speaker 1 (46:51):
And Marcus Hutchins is the one person who said, hang
on a sec way to tick, you know, and and
did the right thing. The story continues. Of course, one
A Cry is largely suspected to be a creation of
the Deep Rcave the North Korean government. In full fairness,
(47:18):
the government of North Korea denies that it was them
in a stunning plot twist.
Speaker 2 (47:24):
So, I guess when when you're in this kind of world,
you know, and all these types of code, these pieces
of code, there's an open source ness to it. You know,
if you're in the community, you share and share like
and maybe something some group did you know, a small
close knit group of you know, hackers or coders might
end up in another attack, right, because this stuff is
(47:45):
kind of shared. So Hutchins, it's not like he directly
participated in making this. It was just something that the
experience that he had with Vinny led him to have
the know how to recognize what he was looking at.
Is that right?
Speaker 1 (48:00):
You're absolutely right, dude, because if you go to Marcus
Hutchins dot com right now, what you can see is
threat intelligence a lot of work. Basically. I guess if
you're if you're like this guy, you feel like you're
always telling people the same things. You're always saying, Hey,
(48:24):
update your browser, Hey, don't you know click on pop
ups or whatever for us knuckleheads in the crowd. And
we have a lot to thank this guy for because
he genuinely did stop a conspiracy. And no, you and
(48:44):
I talked about this off air. A lot of people
familiar with the situation are probably gonna say, Hey, Noel, Matt, Paul, Ben,
Doc Holliday, why are you acting like this guy should
get a statue in the square? Why are you acting
like he's a super perfect person. He got in trouble later, right.
Speaker 2 (49:08):
Well, you know, he was eventually kind of roped in
with the scheme or surrounding the scheme that Vinnie was
at the center of. And in twenty seventeen, he got
arrested by the FBI. He was brought up on hacking
charges or sir six hacking related federal charges in the
(49:29):
US District Court for Eastern District of Wisconsin related to
spreading that Chronos package. And he was asked to flip,
you know, on some of his fellow you know, hackers
or community members, including Vinnie. He did not have enough
information on Vinnie to actually give them anything actionable, so
(49:51):
he wasn't able to And then he refused to flip
on anybody else in the community. He did plead guilty
in twenty nineteen to two of the ten charges against him,
including wire fraud, distributing, selling, promoting, and advertising a device
used to intercept electronic communications. He basically just from sitting
in jail during a lot of these proceedings ended up
(50:14):
with time served and some fines, so he was punished,
you know, for some of this stuff, and then he
you know, presumably flipped it around into how can I
be legitimate and like use what I know to help
stop bad guys, whether or not that's just to benefit
like companies that can pay him. I don't think we're
saying necessarily this like White Night, but he did make
(50:36):
some good decisions along the way and did not turn
down what could have been a much darker, super villainous path.
Speaker 1 (50:43):
And the judge in his case sentenced him to time
served and one year of supervised release and said, you
have turned the corner. You stop using your skills for
criminal purpose. You made them a benefit to society well
(51:04):
before you ever went to court. So they said, like,
you made the right decision before you were forced into
doing so.
Speaker 2 (51:13):
That's right.
Speaker 1 (51:14):
Yeah, you like.
Speaker 2 (51:15):
To see that. I think that's important because a lot
of times, I think we think judges they don't look
at stuff like that or or that. It's it's really
hard to get to have a sense that there is
some redemption, you know that. But like, you know, he
made these choices on his own. We're talking about decisions
that he made all on the way where he could
(51:36):
have gone down this fork in the road and instead
he went down this one, and that all led to
I think what has ended up being a very thoughtful
and intelligent person that's using some skills that they have
for the betterment of of you know whatever, because you
can't fight fire with you know, jello. Maybe it's kind
(51:59):
of fun.
Speaker 1 (52:00):
It's like my favorite that's my favorite analogy you've ever done.
Speaker 2 (52:04):
Okay, I'm going to go I'm gonna put that on
on a shirt. But I just mean, like, you know,
when you're in these circles, these very elite circles, or
you have to earn your way in, those are the
people that really know how to stay on top of
what's going on because these are very fast moving developments
and technology and in like cybersecurity and threats. So it's
(52:24):
kind of whether he's a superhero or not. I'm glad
there are people like him out there hopefully keeping us
from getting escaped from la back into the stone age.
Speaker 1 (52:34):
So let's end on this. Maybe there's a great quote
from the judge. The judge says, it's going to take
individuals like yourself who have the skill set, even at
the tender age of twenty four or twenty five, to
come up with solutions. The judge, even in court implied
(52:57):
or argued that Marcus Hutchins should get a full pardon
while admitting that the current court did not have the
power to grant one, and was like, ah, you're good though.
You turned it around, and it's neat. It's neat to
(53:17):
hear this. Here's another line, it's neat to hear stuff
like this. There are just too many positives on the
other side of the ledger. The final call in the
case of Marcus Hutchins today is a sentence of time
served with a one year period of supervised release, which
is crazy. He's online now you can go.
Speaker 2 (53:40):
That's right. So like again, we talked about this at
the top of the show too. A lot of these
folks that maybe don't demonstrate this turning of the corner
are barred from ever touching a computer again for the
rest of their lives. And as we know someone who
that is like this is a passion for folks. They're
not always it's doing it. The money's part of it,
but it's like it is how they're rain's work and
(54:01):
like to be cut off from that would be the
greatest punishment of all, I think, And so good on
Marcus Man. Cool story, honestly, kind of a posy vibe story.
I'm I'm digging it, Ben, It's.
Speaker 1 (54:12):
Kind of cool, right, No, And we like the positive stories,
especially especially these kind of these empowered underdogs. Right this
is a David Goliath kind of story. There was one
guy who, with a little help from his friends, stopped
(54:35):
a global conspiracy midway. You know, that's pretty amazing. We
would love to hear more stories like that. What are
your favorite tales of people who successfully stopped a global catastrophe?
Please find us online, right, it's a little bit funny
(54:57):
to say.
Speaker 2 (54:59):
There are other way is if you don't want to
catch a worm, but you can hit us up at
the social media platform of your choosing, or we are
conspiracy stuff on Twitter, nay xxna, Twitter, whichever, YouTube and Facebook,
or we have a Facebook group. Here's where it gets crazy,
new YouTube content popping off every single week. We're a
(55:20):
conspiracy stuff show, however, on TikTok and Instagram.
Speaker 1 (55:26):
That we are. And as you said, Noel, if you
don't care to sip the social needs, have no fear.
You can call us directly one eight three three sdd WYTK.
You'll hear a brief message and then you'll hear a beep.
You got three minutes. Those are your minutes. Go nuts
(55:47):
with them. Yeah, give yourself a cool nickname. Tell us
what's on your mind. Most importantly, tell us if we
can use your name and or message on the air.
If you are saying I don't like social media, I
don't like votes. What I like is emails, then we
got your back there too. You can always drop us
(56:09):
a line anytime of day, any country you live in,
as long as you have an Internet connection. Send us
a good old fashioned letter at.
Speaker 2 (56:18):
The place where we read every single email that we
get conspiracy at iHeartRadio dot com.
Speaker 1 (56:42):
Stuff they don't want you to know is a production
of iHeartRadio. For more podcasts from iHeartRadio, visit the iHeartRadio app,
Apple Podcasts, or wherever you listen to your favorite shows,
From UFOs to psychic powers and government conspiracies. History is
riddled with unexplained events. You can turn back now or
learn this stuff they don't want you to know. A
production of iHeartRadio.
Speaker 2 (00:24):
Hello, and welcome back to the show. My name is
nol Our, buddy Matt is on adventure as Ben. You're Ben, and.
Speaker 1 (00:32):
Matt will be returning soon. They do call me Ben.
We're joined as always with our super producer Paul, Mission
Control decand most importantly, you are you. You are here,
and that makes this the stuff they don't want you
to know. Noel hacking, hacking?
Speaker 2 (00:52):
Can you hack it? Can you hack it?
Speaker 1 (00:56):
What's the uh what's the first thing you think of
when you think of hacking.
Speaker 2 (01:01):
I guess the term has become dare I say, a
bit hackneyed over time, just because it's like, yeah, it
conjures images of like bad nineties movie depictions of the Internet,
of someone with like a weird, like overly bespoke cased
laptop having a screen flashing access granted, you know, people
(01:21):
flying through vectors of like weird transparent buildings like pre matrix.
Maybe I'm mainly thinking of the movie Hackers, but it
was a trope for a while, right, Ben, does that?
Does that? Come? Does that? Though? Some of those things
come to mind for you too, You're right.
Speaker 1 (01:36):
No, I always love it in the nineteen nineties films
when someone reroutes the encryptions right right, the big that's
the big move. And and it's true that hacking is
a misrepresented concept in the world of film, Like, weird
not hackers, to be completely honest with everyone, right, Like,
(02:00):
we know a little bit of coding, we have phones,
we get it. But we're also aware that some hacks
like stucksnet can alter the course of history, and others
like WannaCry can sweep across the globe at a moment's notice.
The world of hackings pretty pretty invisible to most people.
(02:23):
But it's a dangerous world, and it's a very real
one with genuine potential for harm. And so tonight we
decided to explore the story of one hacker, in particular,
a guy named Marcus Hutchins, who accidentally, per his own account,
(02:45):
stopped a global conspiracy and saved the world. Here are
the facts. Who is this guy?
Speaker 2 (02:53):
Dang? Yeah? I mean, well, first of all, when we
think of hackers, we usually think of like some like
aim screen name type handle right, It's like, well, they
don't often even get elevated to the point where we
even like know their names. That's by design, because a
lot of these folks want to stay anonymous. But we
do know a thing or two about Marcus. He was
born in the nineties. Damn you child, nineteen ninety four
(03:16):
in the UKs. Sorry, whenever I see someone born in
the nineteen nineties, God forbid even the two thousands, I'm like,
I'm such an old But yes, I know they exist
there everywhere. Man, They're crawling out the woodwork, and they're
doing big stuff, no doubt. In the United Kingdom in
nineteen ninety four, Marcus already was when he came of age,
(03:37):
or at least to the point where he could, you know,
click clock on a computer, was already showing great promise
with computers and early kinds of programming. There's a story
apocryphal or no, that talks about how he was able
to bypass the computers at his school reroute the encryptions.
Dare we say bypass the school's computer. I guess let's
(03:57):
say locks, you know, protection systems, maybe something that would
not allow people to install outside software so that he
could install game software. You know some kids, what do
you think it was plaining? I guess in the nineties
it would have been what what? What was a PC game?
This is waypost Doom and like the ID software stuff.
(04:18):
What would maybe Minecraft?
Speaker 1 (04:21):
Maybe you're right, we came up on Oregon Trail. Let's
be honest, that's true.
Speaker 2 (04:25):
Yeah, And then I just remember, you know, with all
the ID software games, those were the ones where they
would send you the freeware discs in the mail, and
so that was something that everyone would have installed. But
in the I guess he would have been coming of age,
like in the early two thousands, so that might have
been Minecraft. That's my theory.
Speaker 1 (04:42):
Hmm, that's a solid one. I agree with you. We
we're getting a lot of his initial career and origin
story somewhat apocryphal, as you as you said from this
article by Andy Greenberg over Wired, and Marcus teaches himself
(05:02):
the ins and outs of coding. He starts hanging out
online right in these forums, in these Prereddit areas, or
Reddit was already around, or things like Reddit, things like
the chans, So it.
Speaker 2 (05:22):
Would have been more for these smaller communities. Definitely wouldn't
have been quite in the mainstream as much as it
is today.
Speaker 1 (05:28):
Yeah, he was specifically hanging out with the bad kids
of the Internet who wanted to flex on malware. Malware
is like software.
Speaker 2 (05:44):
It is.
Speaker 1 (05:46):
A genre definition of things, programs that are meant to
compromise other machines in some way. He's dare I say,
hacking at an early age, and he's very young at
this point still, yeah.
Speaker 2 (06:04):
I think he at around fourteen years old he comes
up with his first kind of little hack. I guess, uh,
it is funny that how hack has sort of become
more appropriated by the normies, like the idea of like
life hacks and stuff, But back in this day, it
was it was kind of literally figuring out a weakness,
you know, some sort of vulnerability and a piece of
software and then exploiting that. This would probably be one
(06:25):
of the more basic types of hacks. And he did
that with Internet Explorer, figuring out of that whole what
is it like autofill stuff where it like saves your info?
And I think back in those days it wasn't as
like authentication heavy as it is now, like even to
get access to certain autofill type things you have to
enter a password and use your name and maybe even
(06:45):
a fingerprints, you know, if you're using one of those
newer Mac laptops.
Speaker 1 (06:48):
But here's the text on your phone.
Speaker 2 (06:51):
That's right exactly, because a lot of times this stuff
will include credit card information. It couldn't even include you know,
that would not be the brightest thing in the world
to always have that stuff, you know, available for autofill
but it certainly is out there now and a little
more protective. But back then it would be for stuff
like addresses, you know, for shipping or whatever it might be.
And he used it to I guess, send a direct
(07:11):
line back to him, you know, from the computer with
the malware installed, to give people's passwords, and.
Speaker 1 (07:21):
He never used it to commit a crime. The forums
he was hanging out on were all about flexing. It's
like his version of a skate park, you know, where
people are doing their halfpipe tricks, right, And he gets
acceptance and approval online, and he hangs out more and
(07:42):
more often on these forums, and his teachers and his
parents notice that he's not doing so great at his
homework in school, yeah.
Speaker 2 (07:56):
The regular stuff now, because he's spending all his time
on those computer labs, and much like what happens when
hackers are convicted, you know, and sent away that a
lot of times one of the conditions of their release
are you can never go near a computer ever again,
which always seems so heartbreaking. But yeah, he was banned
(08:16):
from using any of the school's computers because the faculty
thought that he had hacked the entire school network, which
he did deny again and got some apocryphal tales in here,
which is always kind of the way it goes with
figures like this, But in the end, it was just
just the push over the cliff he needed to even
(08:36):
more reject kind of the stuff they were trying to
hopefully get him to do, to go deeper into in
terms of like normal homework and a career and all
of that stuff. So he stopped, basically stopped going to school.
Speaker 1 (08:50):
He can't blame him, you know.
Speaker 2 (08:52):
Oh yeah, tore a terrible move to really absolutely misguided
attempt to get someone to not do the thing that
they love.
Speaker 1 (09:00):
And so he gets pushed away from what we call it,
we're going to sound very old, his irl society in
real life society. He gets pushed away, and soon he
is hanging out full time on these Internet forums. And
(09:21):
you know these are forbes associated with what we call
pen testing, if we're being correct, penetration testing.
Speaker 2 (09:28):
Ah yeah, isn't familiar with that one. And it's like
you said, I mean a lot of it was sort
of flexes, like here's see what I can do, but
it wasn't necessarily these folks were colluding, you know, to
plan large scale Internet heists. But as we know, in
order to know what the bad guys are doing and
how to protect against what they're doing, you got to
(09:49):
kind of have the same bag of tricks. So this
really is kind of an interesting early, you know, kind
of entry point into what ultimately led to him being
as known as he became.
Speaker 1 (10:00):
Just so, and you know, at this point, if you're
hanging out with those bad kids on that Internet halfpipe,
the feds are gonna come shut you down. The squares
are gonna come in, and authorities will clamp down on
one site. But they're essentially playing whack them hole, which
means that the users of these forums will transfer to
(10:25):
another site. So the forum that our young friend Hutchens
hangs out at gets closed down, gets shut down, so
he moves to another spot it's cold in a burst
of creativity hack forums, no one well no, no one
will ever figure that one out.
Speaker 2 (10:45):
Well, how man, isn't the smarter move instead of like
cracking down and like tipping your hand just to kind
of lurk and see what you can see. I guess
they probably do that for a while and then get
to a point where they're like, Okay, we've exhausted this one.
We need to I just wonder it will be the
impetus for the cops coming in and breaking them up,
or learning these folks to their presence, or if it's
(11:05):
more like they overplayed their hand and the kids are like,
oh no, we've been made. We need to move on right.
Speaker 1 (11:13):
Right right. We've got a great quote from Wired from
our buddy Andy writing here, and he talks about you
know what this makes me think of. It makes me
think of walking into a hotel pool or something like that,
where you have the steps at first where you dip
(11:35):
your toes in, and our buddy Hutchins is walking in
deeper and deeper water. Wired describes hack forums in a
pretty interesting way.
Speaker 2 (11:48):
Yeah. He describes the members as being a shade more
advanced in their skills and a shade Murkier in their ethics.
A lord of the flies collection of young hackers seeking
to impress one another with nihilistic feats of exploitation. They're
in lies of the flex. We were talking about the minimum
table stakes to gain respect from the hack forums crowd
(12:10):
was possession of a botnet, a collection of hundreds of
thousands of malware infected computers that obey a hacker's commands,
capable of directing junk traffic at rivals to flood their
web servers and knock them offline. What's known as a
distributed denial of service or d DOS attack. Pretty common
technique we've heard that, you know, make the news plenty,
(12:31):
Like if I'm not mistaken, we were all just in
Las Vegas recently, and I think they were a victim
of a hack that I think involved at least in
part d DOS attacks. Because all of their servers were overloaded,
they couldn't talk to each other, the MGM hotels and
the lights wouldn't work in the room. And when you
have a system that's so interconnected like that, these things
(12:53):
can be crippling, right.
Speaker 1 (12:54):
You nailed it, Yeah, absolutely, And it's said that Matt
is on adventures, because that's one of the things, as
you will call that he brought up to us before
you and Paul and I traveled to Las Vegas. Matt
was I'm not gonna do an impression of Matt because
(13:17):
we all know.
Speaker 2 (13:18):
It's not possible. He's too singular, that.
Speaker 1 (13:21):
He's such a voice. Yeah, and uh, Matt, just who
everyone knows. Matt was telling us before we went to
Vegas about the hack. I think he was the first
one who clocked it, and he was saying, guys, we
gotta be careful. He asked us if we would bring
(13:42):
burner phones, and uh, and be honest with you, I
did not bring a burner phone. I used my real
phone in Las Vegas.
Speaker 2 (13:52):
But not your real name. You were assigned one by
hotel management. Yeah, but it's crazy how effective some of
these simpler kind of techniques can be. And I guess
I didn't really understand the idea of this botnet, Like
it's basically like these are these are these computers who
don't know they've been had, who don't know they've been infected,
(14:14):
and are now like under your sway like that you know,
sorcerer's apprentice in the brooms kind of scenario. Right.
Speaker 1 (14:21):
Yeah, and this kid, Marcus Hutchins is a child at
this point, he's fifteen years old, he's all in. He
creates a botnet, and what he does is he suckers
people via fake files or misleading files uploaded to bit
(14:42):
torrent sites. For those of us in a certain demographic,
you might think of LimeWire or things like that.
Speaker 2 (14:53):
Oh dude, but I mean bit torrent. You know, you
would get it through like the Pirate Bay or whatever,
or like there were other different ones. And the way
BitTorrent files work is they're like broken up into all
these little micro pieces that are then kind of reassembled.
So I imagine this is a very smart way of
using a technology that is a little bit you know,
(15:14):
more underground internety. But it's also like, you know, we
knew tons of people that weren't mega hacker, people that
were like using bittorn all the time. It was super mainstream.
So it would make sense that he amassed a pretty
significant bought army by exploiting these BitTorrent sites for sure.
Speaker 1 (15:31):
And we all remember, let's be honest, whether you are
a street laced NRO person or whether you have a
little bit of r Maybe in your college days, you
remember the old say they said, look, you're never gonna
get caught if you're downloading the files. You're only in
(15:54):
trouble if you're the one uploading them or sharing them,
right and yeah, and so it's true.
Speaker 2 (16:01):
For some of them. But like the bit torrent ones,
just by participating you were sort of part of It
was harder to track down individuals, I think because it
was like by downloading the file, you were also participating
in the upload. But I got a few of those
Web Sheriff no no infringement notices back in the day.
I sure did you know what?
Speaker 1 (16:20):
It was?
Speaker 2 (16:21):
Usually about HBO related content. It was usually about like
Sopranos episodes or episodes of sixty And you'd get this
like form letter directed at your ISP, and then they
would come to you and it was like, hey, fly right, buddy,
or things are going to go poorly for you. You can
get banned from your ISP. At the very least, that's
probably what happened.
Speaker 1 (16:41):
Oh geez, well, this doesn't hit our boy, Hutchins, our
young fifteen year old Hutchins. He has a bought army.
It's like eight thousand computers and he starts setting up
his own business. He has one called ghost Hosting. The
first O is zero, get it because it's leaked to.
Speaker 2 (17:05):
Speak, Yeah, very aim Internetti as well. This is a
server kind of like web services deal, you know, kind
of like we know now is like AWS Amazon web
services for hosting sites, much smaller and much more niche
This was specifically for hosting sites for hack forum members
that allowed them to shield their IP addresses from anyone
(17:30):
who would try to, you know, find where the root
of such sites might be. But he had some caveats.
He would allow people to post anything other than child
sexual abuse material. It's good on him for that, of course,
because we know a lot of times these masked you know,
web sites or servers. That's a big part of it.
(17:50):
But what he was doing essentially was like sort of
a smaller scale silk Road dark web thing, but I
don't think you needed like a tour browser to access.
Think it wasn't like exactly dark Road silk Web, but
it was in that vein the idea that you couldn't
necessarily figure out where it was coming from, and maybe
there was even a way for users to be encrypted
so they couldn't be tracked either.
Speaker 1 (18:12):
Yeah, it was all about anonymity, and he had these
ethical lines. He kept evolving his skills. He learned how
to analyze and improve other hackers software, especially their rootkits.
Rootkits are a thing that will change the operating system
of a computer such that it can hide itself. And
(18:35):
people were massively impressed on these forums. And by the way,
at this point, none of these folks on these forums
know anything about each other. They're very careful with it.
And this guy, our guy Mark, he starts taking these
gigs writing what the authorities will call malware, and he's
(19:00):
picking up little side joints, you know, He's like, hey,
I know how to turn a piece of code here,
and that's where he meets someone calling themselves. Theny things
turn dark. It eventually leads him to something terrible called
(19:22):
Wanna Cry.
Speaker 2 (19:23):
Yeah, it's interesting to kind of get the trajectory of
this kid and his sort of like upbringing or like
his rise in this kind of culture, because at this
point he's like a teenager, you know, he's basically kind
of like a snotty teenager who just kind of maybe
wants to creak a little bit of chaos, you know,
but he does seem to have a moral code, which
(19:44):
I think is important. And I think what we're gonna
see is a turn where he's like, Ooh, with great
power comes great responsibility kind of vibes, you know. And
it just took him meeting the super villain kind of
our story to make that realization. But maybe I'm over
over stating the case. But it's a really interesting story.
Speaker 1 (20:04):
You're one hundred percent correct, Noal, I propose we pause
for a word from our sponsor, which will hopefully be
a VPN company.
Speaker 2 (20:12):
Yeah, no doubt.
Speaker 1 (20:20):
Here's where it gets crazy. So this guy Vinnie contacts Marcus.
Marcus is about sixteen at this point, and Vinnie is
a stranger on the Internet. Marcus does not know him
from a Canna paint. And Vinnie goes to Marcus and says,
(20:41):
I'll give you a job make a new rootkit for me, kiddo,
and I'll sell it all over the cool people Internet
and you will get fifty percent of the profits.
Speaker 2 (20:56):
Dude, sounds like a deal. I'm sixteen on I'm doing
this for fun largely anyway, and I'm starting to make
a little extra money, you know, proving the principle and
mom and dad wrong, you know, why wouldn't I hop
on this train? So a little more than halfway through
twenty twelve, they get this whole deal up and running
something called a upas kit, which I believe is named
(21:18):
after a poison tree. So maybe it's pronounced upus upus.
Speaker 1 (21:23):
Yeah. Look, I am also not one hundred percent on
the pronunciation, but you're right now. It is named after
a poisonous tree Antiaris toxicaria.
Speaker 2 (21:36):
Yeah that sounds scary mainly just cut has toxic in it,
but it's part of the mulberry family, which is a
very pleasant sounding tree. But so, yeah, this is their enterprise.
They've been working on for a bit now. And at
this point, Vinnie sends Hutchins like a bunch of drugs
for his birthday.
Speaker 1 (21:56):
Because he was so Mark was complaining to his internet
friend Vinnie about how difficult it was to find good
drugs in the United Kingdom.
Speaker 2 (22:13):
Okay, so this was not completely unsolicited then, like Marcus
is into these drugs, he wasn't just like because that
also seems like a flex too, where it's like I
know where you live and I'm sending you illegal stuff.
This would have been appreciated by young Marcus. I'm open,
we're not talking about crank or heroin here. Maybe just
some weed.
Speaker 1 (22:32):
Yeah, I think it was just saying I can't find
good weed in the United Kingdom, and Vinny comes through
with more than just cannabis.
Speaker 2 (22:45):
I see. So there is a little bit of a
little bit of a flex in there too, I think,
where it's almost like, you know, yeah, you're in deep
Because to your point, Ben, he'd always sort of just
ridden that line between doing stuff that was just a
little more anarchist and a little more just kind of
middle finger to the man and like square society, but
(23:07):
never things that would be considered fully morally reprehensible or
like felony level illegal, right.
Speaker 1 (23:15):
Right, Just so, the upus Upas sales had allowed Marcus
the ability to not go to school and to work
full time. He was supporting himself. He was one of
those kids who probably looked like, what do you call it,
(23:36):
hikiko mori, the kids who stay home guys?
Speaker 2 (23:40):
Yeah, in Japan for sure, or like in Spider Man,
he's like the guy in the chair, you know.
Speaker 1 (23:45):
Right, yeah, And he was increasingly living this double life.
He was a mild mannered young British man by day.
He was a master hacker by night. And here we
go back to Marcus's own admissions. He made a serious error,
just like you said, Noel, he had always stayed a
(24:08):
step away from actions he considered illegal or unethical or
morally reprehensible. And he said he knew of criminals, and
he knew of crimes they had committed, but he did
not consider himself a criminal. He always thought he was
(24:29):
just on the side of the law, exactly.
Speaker 2 (24:34):
And now he's starting to get an inkling that he's
starting to wade into some of those deeper waters, going
past the kiddie pool and into the you know, the
scary part of the pool where the monsters are they
really are you guys, be careful part where you can't
see the bottom. There's scary stuff down there. You ever
have that. I pretend there was Jaws was in the pool.
(24:56):
Maybe I'd just like to freak myself out when I
was a kid. But I think the metaphor holds true.
Speaker 1 (25:00):
The metaphor does hold true, and you are terrified of
open water.
Speaker 2 (25:05):
Yeah, it's just a thing that it's a recurring theme
for me in dreams where I can't see the bottom.
And it's not usually even things that I think are
going to murder me. It's just big things that you
can't see. And sometimes the big things that you can't see,
you don't really know whether they're good or bad. And
at this point you made a really good point in
(25:26):
the outline, Ben, we're not sure whether Marcus is living
a double life as a superhero or potentially a super
villain in the making.
Speaker 1 (25:36):
Ah, he's living two lives and he's not sure at
this point, right which is good or which is bad.
His buddy Vinnie ask him to write a new version
of this malware, of this program, and he asked Marcus
(26:00):
to write in some programming that would be a little
bit of an escalation, things like key logging, a couple
other specific bells and whistles. Nol, we know what key
logging is.
Speaker 2 (26:15):
Yeah, I think it's similar to the little hack you
as talking we were talking about earlier they did with
Internet Explorer, where it's using that auto fill stuff to
funnel information out of out of the person's individual computer.
So when you're typing something, somebody who has root access
to your machine can then get a copy of that
(26:35):
and they can access like things that you have input
manually into your computer, which oftentimes you know all the time,
really includes personal data and passwords and things that you
do not want people to have access to.
Speaker 1 (26:47):
And if you are hearing this on a work computer,
if you use a work laptop, it is completely legal
for your employer to do key law game programs.
Speaker 2 (27:02):
Just be aware. So anyway, anybody is it to measure
productivity sometimes like that's a thing, you know, they can
literally check your work, you know, not to make people
freak out or be paranoid, but that is important. Don't
fool yourself if you're using a work machine for things
that aren't work related. It's not like they're watching you
twenty four to seven, but that stuff is fair game
(27:24):
to just be warned, right, Yeah.
Speaker 1 (27:27):
Be aware. So Marcus is a very smart dude. He's
a kid at this point still, and he knows these
functionalities for exactly what they are. He says, look at this.
This will be a program specifically built to target financial institutions.
(27:48):
And in his mind, he says, if I do this,
I am committing crime. There's no way to rationalize it.
There's no way to call it a gray area. There
is no liminal space. I will not write this thing,
he tells his quote unquote pal Vinnie. And then Vinny
(28:12):
reveals there was a poison pill to that gift.
Speaker 2 (28:19):
Oh boy, could have Could I think that's what I
was maybe picking up on a little bit, whor it's like, yeah,
I've got something on you, a poison pill. Indeed, sending
that package of drugs meant that he had basically blackmail
level information on Marcus and could go about exposing, you know,
(28:40):
his kind of secret activities. So they came to a
bit of a compromise where Marcus made only a few
of the chair a handful of the changes and updates
that were being asked I in the key logging, and
then he then decided he would farm out the rest
of the things that Marcus would not willingly do you
know elsewhere.
Speaker 1 (29:02):
Yeah, Marcus agreed to make the key logging functionality and
dragged his feet a bit. By his own admission, you
can read his blog. Vinnie goes like you said, no,
he outsources and gets the other functions for this thing.
(29:23):
And this thing evolves, and by twenty fourteen, Venny quote
unquote Vinnie is selling a new program. It's called Kronos.
Marcus continues his regular life. He goes to community college,
he graduates. People have no idea that he is basically
(29:44):
neo in the matrix. Yeah, and things start to go
south in his online world, so we can, I think,
gloss over some of the the terrible things that happened there. Eventually,
(30:05):
Marcus takes on the name malware Tech, and nobody knows
that malware Tech is a guy in the United Kingdom
named Marcus Hutchins until twenty seventeen.
Speaker 2 (30:21):
Yeah, that's when the WannaCry ransomware attacks happen, and I
got my wires a little cross when we were talking
about the MGM stuff. While there may have been a
DDAs attack is part of that, Mainly what that whole
thing was about was ransomware. WannaCry was is a ransomware
(30:42):
crypto worm, which to.
Speaker 1 (30:44):
Your made up what is that on?
Speaker 2 (30:47):
All these words are great. I love it, Thank you
William Gibson. And by the way, that cyberpunk cartoon that
goes along with the game that's on Netflix, it's very good.
It's really really cool. It's called Cyberpunk some colon something,
but it's a pretty pretty cool and it does a
great job of carrying on the legacy of like William
Gibson and Philip K. Dick and a lot of the
kind of you know, fourbears of really interesting kind of
(31:10):
Internet culture and science fiction. But ransomware basically holds this
information or the information on your computer hostage by encrypting
the files like not to your benefit, right, like locking
you out essentially.
Speaker 1 (31:26):
Yeah, yeah, yeah, crypto ransomware, or by locking you out
of your computer entirely, which will be locker ransomware, which
we know. I have to pause for a moment and
on MAT's behalf also say thank you so much for
shouting out William Gibson, neuromancer, the author who saw it
(31:50):
all coming in ransomware. Ransomware is pretty nasty because it
will direct the victim to pay some sort of financial
thing right through a very specific set of instructions, usually
bitcoin nowadays or some sort of derivative of WannaCry is
(32:17):
even nastier because WannaCry will automatically propagate itself. It is
considered a network worm. When it hit the Internet, it
was May twelfth, twenty seventeen. It continued to May seventeenth.
(32:38):
During just that small amount of time, just those few days.
It hit over one hundred and fifty countries. It was nasty,
went so far because it was based on It was
based on some demonic stuff that Uncle Sam figured out out.
Speaker 2 (33:00):
And experts and you know, folks kind of watch watching
the events unfold began to advise to not pay the
ransom because there had not been any reliable information pointing
to people actually getting their stuff back.
Speaker 1 (33:14):
Yeah, and WannaCry was based on an exploit called Eternal Blue,
which was discovered Slash created Slash developed by the Essay.
About a month before WannaCry hit the world, there was
a group You're gonna love this, man, because I know
(33:36):
you love cyberpunk. There was a group of hackers named
the Shadow Brokers. Yeah, that's a real thing. How is
that a real thing?
Speaker 2 (33:45):
Yeah, it sounds like cyberpunk, but it also sounds like
Skyrim or something like much more Lord of the ringsy.
Speaker 1 (33:53):
Right, the I'm sure they love all of these things.
They might be playing Skyrim now. The Shatto Brokers stole
the Eternal Blue exploit from the Essay somehow, and they
leaked it to the world. And the Want to Cry
attack mainly worked on organizations that had not updated their software,
(34:18):
they had not applied patches from Microsoft, they were working
with older, outdated versions of operating systems. And at this
point we have to be honest, it is very very
easy to ignore all those things, all those little pop
ups you get that say update your software now, right, Like,
(34:42):
how many times have you ignored those today? Folks?
Speaker 2 (34:46):
Yeah? You know, I'm I run a lot of like
I use my personal computer for work and you know,
pro personal stuff when I'm at home, and then I
have my work laptop, but I oftentimes don't have auto
install on for those I updates from Mac because a
lot of the third party like audio things that I use,
they'll quickly get bricked if you do the wrong updates.
(35:08):
So sometimes you have to like wait like a year
for a new update to be fully tested. But then
there are also sort of like sub updates that are
more like security things. Those are the ones you do
want to make sure you do, even if you're not
doing the full updates. Always make sure that the security
patches are turned on, because that's the kind of stuff
that is protecting you from these sorts of things.
Speaker 1 (35:28):
Absolutely, I think it's very easy to ignore that routine maintenance, right,
that routine security, and especially if you're like us, if
you work with any cavalcade of idiosyncratic apps or platforms,
it's kind of like a house of cards, you know,
(35:48):
if you change one and then it changes everything else.
And that's what the hackers are counting on, and that
is why within just a few days a cry infected
hundreds of thousands of computers. The estimates of damage ranged
(36:08):
from hundreds of millions of dollars to literally billions of dollars.
And like you said, the experts told everyone, one, patch
your computer, and two, don't give in to the ransom.
Don't give in to the terrorists because they're not going
(36:29):
to give you your money back. No one knew what
to do until one day, our pal, Marcus Hutchins, walked
home from lunch and found out what was going on.
We're gonna pause for a word from our sponsor, and
then Noel maybe we talked about how this guy saved
(36:50):
the day absolutely, and.
Speaker 2 (36:58):
We're back talking about mild mannered Marcus Hutchins of the
Internet and also the United Kingdom, who had been through
kind of an emotional rollercoaster. At this point, I did
do a little extra reading and the package of drugs
that were sent to him. It wasn't just weed. It
was like amphetamines and psychedelics and hallucinogens. And apparently when
(37:23):
he started doing a lot of these kind of like
all night coding sessions once he stopped going to school,
he himself got addicted pretty badly to amphetamines. He used
to replace them, replace just you know, coffee with it.
So he was down a pretty dark path in more
ways than one. You know, he had basically been blackmailed
(37:43):
himself by this vinny character who threatened to turn the
information he had on him against him. This package of
drugs that he sent to him, he perhaps turned him
into the FBI or whatever, not to mention other stuff
that he likely had. Can you imagine, Ben, if you
were doing this and thinking you were like, you know,
King Shiit of fuc came out and then all of
(38:05):
a sudden, the person that has guided you into this
world turns on you, and now you feel like you're
sort of you're there botnet. You know, they've got control
of you.
Speaker 1 (38:16):
Oh that's good. Yeah, I mean it's evil, but that's
a great feeling. Yeah, that's the deep water you're talking about. Yeah,
And this is Hutchins has to struggle through this stuff.
He is by the time WannaCry hits, he is navigating
(38:39):
the brighter side of drug addiction, I think, and he
is working through what we would call white hat hacking,
which is, you know, we have def con here in
Las Vegas. It's where Yeah, it's where you where. Essentially
(39:00):
you are no longer paid to do malware programming. You
are paid by companies like a bounty hunter. You find
the exploits, the vulnerabilities in their software, and they give
you a ton of money if it works out. This
guy is working under the name malware Tech, and you
(39:25):
can find his blog as Marcus Hutchins. You can also
find malware Tech. He's not really on Twitter anymore, which
I know is a bummer for you know, because you
love Twitter so very much.
Speaker 2 (39:40):
I love it so much. Yeah, yes, gosh.
Speaker 1 (39:44):
Oh gosh, pardon me.
Speaker 2 (39:46):
You're You're right on the money, Ben, Even like the
emails that I get from them still say x formerly Twitter.
It's like it's not gonna happen elon. But yeah, he
he gets wind of this, I think, and much the
same way that the rest of the world does. But
he has more information that the rest of the world
doesn't have, so he knows what he's looking at. Hutchins
(40:07):
learn of want to cry. After he had some lunch
on May the twelfth, he saw networks across Britain's healthcare
system had been hit by the ransomware. So that's that's,
you know, and this is that kind of stuff that
that is the super dark side. You know, we were
talking about casinos. That sucks for business. You know, casinos
make a lot of money losing money, you know, inconvenicing
(40:29):
guests and all of that, and that sucks. That's no good.
But healthcare systems, people could die, you know, like like
not to mention like the if it's if it's interconnected
in the same way that the power stuff was, you know,
at at the MGM, A lot of these larger facilities,
they are going to have that level of interconnectedness. So
he sees reports of Britain's health system being hit by
(40:51):
these that's going to be things like records and you know,
all of that stuff. But he with the information that
he has, knowing this is likely an extension of the
thing that he participated in in some way, he starts
to get a little micro you know, looking into the
code and seeing what he can see.
Speaker 1 (41:07):
And as he is running in his digital fingers across
the carapace of this thing, he finds a chink in
the armor, a gap. He sees that there is a
part of the code that includes a web address. The
web address is not registered, so he registers the domain.
(41:32):
This is very in the weeds, but he registers the domain,
and and he's on record say this. He says, he
always says, like, I paid ten dollars and sixty nine
cents to get the domain address. And at the same time,
while he's doing this concurrently across the pond, there's another
(41:54):
guy who also deserves his flowers, a guy named Darien
huss He's twenty eight years old. He lives in the
United States, I think in the Michigan area. He is
a research engineer for a cybersecurity firm called proof Point.
And this guy's doing his own analysis. And this guy, Darien,
(42:17):
notices that whomever wrote this hardware left in a feature
called a kill switch. And so Darien sends a screenshot
of this to our buddy Hutchins, who is still at
this point anonymous online.
Speaker 2 (42:35):
So they go back and forth about this and realize
something really really important that registering the domain name and
redirecting the attacks to malware tech server had actually activated
the kill switch, which halted the basically neutralized the ransomware,
creating something that's known as in the packing parlance as
(42:59):
a sinkhole.
Speaker 1 (43:01):
Yeah. That means that the attacks with that current variant
of WannaCry will no longer execute successfully. And it's weird
how this stuff is like it's like covid. That's why
they call it a virus, right, because there could be
(43:22):
a new variant. One of the first things that malware
Tech does is say, look, you have to get all
of your operating systems patched immediately. And he has a
great crisis of faith here because to reveal this, to
save the Internet, he has to give up his anonymity.
(43:48):
And that's what he does. That's why we know malware
tech is cybersecurity consultant. Marcus Hutchints. You can find him today, folks,
Marcus Hutchins dot com. The guy literally saved the Internet.
He says he did it accidentally. He says he stumbled
(44:09):
upon it. And there's so much more to the story.
But I think we gotta I think we got to
give the guy the props where it's due Noel, would
our podcast exist if if wanna cry continued?
Speaker 2 (44:27):
Yeah, it's a good question. I mean, you got you
do have to kind of wonder, like it was so
insidious that it could have caused irreparable damage to large systems.
You know. This is also long enough ago that it's
almost like the way airports were before nine to eleven,
you know what I mean, Like, once something massive like
(44:47):
this happens that is so earth shattering, you know, then
things but things kind of turn a corner in terms
of like security, and maybe I'm maybe I'm off base there,
but it does feel like that's the case. Is like
he said the beginning of the show, this really was
something that shifted the course of technological events. So yeah,
I think it could have knocked things out. I always
(45:08):
think of the movie as bad as it is Escape
from La the sequel to Escape from New York, the
John Carpenter movie. The School is pretty bad overall, but
it has a pretty interesting foil or plot, I guess
device where it's this idea that like all electricity and
interconnected you know, machinery will will be killed, including batteries,
(45:30):
and they don't really explain how that makes sense in
that I.
Speaker 1 (45:33):
Remember that and I remember the soundtracks banging though.
Speaker 2 (45:36):
It's pretty good, but it does make me think of like,
is this some kind of like would this be a
fight club event? Like a project may set us back
to the Stone age type event. We don't know. Because
Hutchins did jump in, would it have been solved otherwise?
I don't know that either. What do you think, Ben?
A lot of this stuff is just based on boneheaded,
(45:56):
like exploitable flaws in saw where you know, with the
would the the Microsofts of the world have figured it
out first and figured out how to do something about it.
I kind of think, No, I.
Speaker 1 (46:09):
Kind of think you're right on that one, Noel, because
consider that Eternal Blue, which is the exploit Uncle Sam
figured out. Eternal Blue, was discovered by the United States government,
and they could have told Microsoft. They did not tell Microsoft.
(46:33):
They instead built a monster, right, and the monster got
out of its gauge and then became another thing. It
evolved like some sort of sinister evil Pokemon, and.
Speaker 2 (46:49):
In its final form, right.
Speaker 1 (46:51):
And Marcus Hutchins is the one person who said, hang
on a sec way to tick, you know, and and
did the right thing. The story continues. Of course, one
A Cry is largely suspected to be a creation of
the Deep Rcave the North Korean government. In full fairness,
(47:18):
the government of North Korea denies that it was them
in a stunning plot twist.
Speaker 2 (47:24):
So, I guess when when you're in this kind of world,
you know, and all these types of code, these pieces
of code, there's an open source ness to it. You know,
if you're in the community, you share and share like
and maybe something some group did you know, a small
close knit group of you know, hackers or coders might
end up in another attack, right, because this stuff is
(47:45):
kind of shared. So Hutchins, it's not like he directly
participated in making this. It was just something that the
experience that he had with Vinny led him to have
the know how to recognize what he was looking at.
Is that right?
Speaker 1 (48:00):
You're absolutely right, dude, because if you go to Marcus
Hutchins dot com right now, what you can see is
threat intelligence a lot of work. Basically. I guess if
you're if you're like this guy, you feel like you're
always telling people the same things. You're always saying, Hey,
(48:24):
update your browser, Hey, don't you know click on pop
ups or whatever for us knuckleheads in the crowd. And
we have a lot to thank this guy for because
he genuinely did stop a conspiracy. And no, you and
(48:44):
I talked about this off air. A lot of people
familiar with the situation are probably gonna say, Hey, Noel, Matt, Paul, Ben,
Doc Holliday, why are you acting like this guy should
get a statue in the square? Why are you acting
like he's a super perfect person. He got in trouble later, right.
Speaker 2 (49:08):
Well, you know, he was eventually kind of roped in
with the scheme or surrounding the scheme that Vinnie was
at the center of. And in twenty seventeen, he got
arrested by the FBI. He was brought up on hacking
charges or sir six hacking related federal charges in the
(49:29):
US District Court for Eastern District of Wisconsin related to
spreading that Chronos package. And he was asked to flip,
you know, on some of his fellow you know, hackers
or community members, including Vinnie. He did not have enough
information on Vinnie to actually give them anything actionable, so
(49:51):
he wasn't able to And then he refused to flip
on anybody else in the community. He did plead guilty
in twenty nineteen to two of the ten charges against him,
including wire fraud, distributing, selling, promoting, and advertising a device
used to intercept electronic communications. He basically just from sitting
in jail during a lot of these proceedings ended up
(50:14):
with time served and some fines, so he was punished,
you know, for some of this stuff, and then he
you know, presumably flipped it around into how can I
be legitimate and like use what I know to help
stop bad guys, whether or not that's just to benefit
like companies that can pay him. I don't think we're
saying necessarily this like White Night, but he did make
(50:36):
some good decisions along the way and did not turn
down what could have been a much darker, super villainous path.
Speaker 1 (50:43):
And the judge in his case sentenced him to time
served and one year of supervised release and said, you
have turned the corner. You stop using your skills for
criminal purpose. You made them a benefit to society well
(51:04):
before you ever went to court. So they said, like,
you made the right decision before you were forced into
doing so.
Speaker 2 (51:13):
That's right.
Speaker 1 (51:14):
Yeah, you like.
Speaker 2 (51:15):
To see that. I think that's important because a lot
of times, I think we think judges they don't look
at stuff like that or or that. It's it's really
hard to get to have a sense that there is
some redemption, you know that. But like, you know, he
made these choices on his own. We're talking about decisions
that he made all on the way where he could
(51:36):
have gone down this fork in the road and instead
he went down this one, and that all led to
I think what has ended up being a very thoughtful
and intelligent person that's using some skills that they have
for the betterment of of you know whatever, because you
can't fight fire with you know, jello. Maybe it's kind
(51:59):
of fun.
Speaker 1 (52:00):
It's like my favorite that's my favorite analogy you've ever done.
Speaker 2 (52:04):
Okay, I'm going to go I'm gonna put that on
on a shirt. But I just mean, like, you know,
when you're in these circles, these very elite circles, or
you have to earn your way in, those are the
people that really know how to stay on top of
what's going on because these are very fast moving developments
and technology and in like cybersecurity and threats. So it's
(52:24):
kind of whether he's a superhero or not. I'm glad
there are people like him out there hopefully keeping us
from getting escaped from la back into the stone age.
Speaker 1 (52:34):
So let's end on this. Maybe there's a great quote
from the judge. The judge says, it's going to take
individuals like yourself who have the skill set, even at
the tender age of twenty four or twenty five, to
come up with solutions. The judge, even in court implied
(52:57):
or argued that Marcus Hutchins should get a full pardon
while admitting that the current court did not have the
power to grant one, and was like, ah, you're good though.
You turned it around, and it's neat. It's neat to
(53:17):
hear this. Here's another line, it's neat to hear stuff
like this. There are just too many positives on the
other side of the ledger. The final call in the
case of Marcus Hutchins today is a sentence of time
served with a one year period of supervised release, which
is crazy. He's online now you can go.
Speaker 2 (53:40):
That's right. So like again, we talked about this at
the top of the show too. A lot of these
folks that maybe don't demonstrate this turning of the corner
are barred from ever touching a computer again for the
rest of their lives. And as we know someone who
that is like this is a passion for folks. They're
not always it's doing it. The money's part of it,
but it's like it is how they're rain's work and
(54:01):
like to be cut off from that would be the
greatest punishment of all, I think, And so good on
Marcus Man. Cool story, honestly, kind of a posy vibe story.
I'm I'm digging it, Ben, It's.
Speaker 1 (54:12):
Kind of cool, right, No, And we like the positive stories,
especially especially these kind of these empowered underdogs. Right this
is a David Goliath kind of story. There was one
guy who, with a little help from his friends, stopped
(54:35):
a global conspiracy midway. You know, that's pretty amazing. We
would love to hear more stories like that. What are
your favorite tales of people who successfully stopped a global catastrophe?
Please find us online, right, it's a little bit funny
(54:57):
to say.
Speaker 2 (54:59):
There are other way is if you don't want to
catch a worm, but you can hit us up at
the social media platform of your choosing, or we are
conspiracy stuff on Twitter, nay xxna, Twitter, whichever, YouTube and Facebook,
or we have a Facebook group. Here's where it gets crazy,
new YouTube content popping off every single week. We're a
(55:20):
conspiracy stuff show, however, on TikTok and Instagram.
Speaker 1 (55:26):
That we are. And as you said, Noel, if you
don't care to sip the social needs, have no fear.
You can call us directly one eight three three sdd WYTK.
You'll hear a brief message and then you'll hear a beep.
You got three minutes. Those are your minutes. Go nuts
(55:47):
with them. Yeah, give yourself a cool nickname. Tell us
what's on your mind. Most importantly, tell us if we
can use your name and or message on the air.
If you are saying I don't like social media, I
don't like votes. What I like is emails, then we
got your back there too. You can always drop us
(56:09):
a line anytime of day, any country you live in,
as long as you have an Internet connection. Send us
a good old fashioned letter at.
Speaker 2 (56:18):
The place where we read every single email that we
get conspiracy at iHeartRadio dot com.
Speaker 1 (56:42):
Stuff they don't want you to know is a production
of iHeartRadio. For more podcasts from iHeartRadio, visit the iHeartRadio app,
Apple Podcasts, or wherever you listen to your favorite shows,
Stuff They Don't Want You To Know News
Hosts And Creators
Matt Frederick
Ben Bowlin
Noel Brown
Show Links
RSSStoreAboutLive ShowsPopular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Therapy Gecko
An unlicensed lizard psychologist travels the universe talking to strangers about absolutely nothing. TO CALL THE GECKO: follow me on https://www.twitch.tv/lyleforever to get a notification for when I am taking calls. I am usually live Mondays, Wednesdays, and Fridays but lately a lot of other times too. I am a gecko.