hacker:HUNTER - Wannacry: The Marcus Hutchins Story - All 3 Chapters

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] I think the FBI was trying to make an example of Marcus but I think we bit off more than the hit show so we're just gonna go through the entire thing if you don't mind [Music] [Music] the what I cry events became apparent within minutes of me pitching up for work on that date I went into the office to make a coffee and put my bag down and people out their computers showed me a screen we were talking about it everything had gone down within minutes we realized by talking to people and listening to the news that this was more than a local problem or something that was affecting a big part of the NHS 39 hospital trusts and GPS in Scotland and across England have had to cancel routine operations send patients home and divert ambulances all the computers have been stopped we're not sure whether the doctors can see you there's no appointments apart from emergency appointments I first heard about it actually when I said in the middle of my clinic and at that point that was about 4:00 p.m. I think 16 organisations have been affected by 11:00 a.m. I think we got some screenshots from the affected machines of famous red screen shots this ransomware takes over computers and demands $300 in Bitcoin for people to get access to their files again well the 12th of May 2017 were actually we're in the middle of a general election in the United Kingdom but coincidentally I had actual been trying to contact my own GP to make an appointment for my children and they were saying well we can't access the systems are the Hajus that are they've got problem locally and didn't really realize till later how serious this had been I've just shared Cobra to ensure that we have a cross government response to this virus attack there has been an international attack it's impacted 100 countries it looked at first like an attack just on hospitals in the UK but it's now becoming clear that this malicious software has run riot around the world we woke up on the East Coast's trying to scramble and understand what was going on we didn't really know what was happening what a crazy ability to spread itself is why it is so problematic unlike most malware it doesn't need you to click on an infected email it spreads using a vulnerability and outdated versions of Windows it just seemed like one day in May the Internet is suddenly on fire and there's this unstoppable worm infecting hundreds of thousands of computers and growing indiscriminately spreading from continent to continent with no signs of stopping getting worse by the hour in that moment was like oh crap what are we gonna do [Music] I was working from my parents home at the time in my bedroom and I checked some messages boards and seen all of this news about something targeting the NHS so obviously I was like mmm that sounds interesting because usually ransomware hits like one or two major targets but this was just hitting NHS hospitals all around the UK and it was so consistent that I thought like this could be a worm so I decided to jump in to kind of looking into it the internet had seen massive rapidly spreading worms before but not for years so I asked a friend if I could have a sample of the wanna cry well I noticed it made a web request to an unregistered website so I registered it and as time went on we noticed the infection count was steadily declining after a few hours of that been noticed a tweet by someone suggesting that the URL in fact was a kill switch that just disabled the malware so the ransomware itself wanna cry had this kill switch it was a domain name which when you registered that to mein name it would kill the ransomware deadness tracks usually these kill switches or or these mechanisms are built for the authors itself to make sure that they don't infect themselves I think that it was designed as a safeguard so they can stop the spreading of wanna cry if the need arises so I kind of went in and I looked for myself and sure enough this domain simply responding was enough to disable the malware itself it was the biggest hack attacked the world has ever seen but attempts to stop the virus spreading appear to be working and then suddenly was over with no warning with no explanation so I believe I woke up on I think Sunday morning to see my face across the two-page spread in the Daily Mail which is the biggest newspaper in the UK and after that things kind of just went off the rails no one really knew who he was or what his name was he went by this online handle malware attack and he would publish vulnerability research and reverse engineering blog posts and I finally knew his work but it was only after the ransom attack happened when the media essentially doxxed him and they published his name and photos and even his his home address online for anyone to find after that things kind of just went off the rails I had journalists turning up at my house to interview me I had all kinds of media queries in every inbox I had so I've had people sort of inundated me mess just thanking me saying I'm a hero I mean I saw just register this domain for tracking and I didn't intend for it to like sort of blow up and me to be all over the media I was just sort of doing my job and I don't really think that I'm a hero at all a lot of people in that security community are are private and so his personal life everything about him was exposed in that moment so while it was great he was a hero of the day I don't think he wanted that so yeah we're just pretty much business as usual except I have not had me sleep in three days so long as the domain isn't revoked this particular strain would no longer cause harm but patio systems as soon as possible as they will try again with a we'd actually stopped the malware there was a lot of other things that needed to be done we needed to like notify people that their networks were infected so I was working all week and I just kind of asked my mum to politely tell anyone who turns up the other door to go away [Music] still seeing more than 100,000 unique IPS per day connecting to us and coal even after Marcus registered this domain his work wasn't really over four weeks afterwards all manner of hackers were attacking the domain with distributed denial-of-service attacks that try to flood it with junk traffic and knock it off line who knows why so he had an active role in protecting that and that put him in a heart situation so there was a lot of pressure if any of them had succeeded was one of these cyber attacks and that to me had gone offline that wanna crack could have restarted and begun infecting machines all over again it was so important to keep this domain active even to this day the moment that the domain name goes down and another outbreak will just happen again [Music] we are very pleased to welcome our illustrious team of witnesses here this afternoon how can you be sure that the virus has been eliminated from all the NHS systems well well I don't think we can guarantee that the threat has gone away we were very concerned to learn partly during the wanna cry incident and afters when we were looking at it that the NHS was really were fully under prepared none of the NHS organisations that were inspected had met the standards set by in it NHS digital that was dismayed to say the least can we guarantee future security new code just like if we other organisation cyber attacks and cyber crime all the fact of life I think that one akroy could have been so much worse we will go away with it relatively lightly compared with how serious it could have been had it not been for an individual who was able to switch off by you know good luck good skill and good fortune [Music] you I just like to go about my work I'm kind of a lone wolf when it comes to research so the fame really just added to stuff I didn't need I just felt like I would have preferred that the whole wanna cry fame never happened now you're internationally celebrated security researcher what's your what's your reception below it's been very positive I'm not really used to the sort of light the spotlight I've always been anonymous so it's very different but everyone has been very accommodating very nice I've enjoyed it a little bit after what a cry over I went on vacation in Vegas for a hacker conference DEFCON is basically one big week-long hacker party with some talks in between we actually spent a lot of time just out and around Vegas partying we rented some sports cars we went to some shooting ranges also a few of my friends had figured out that if we pulled all our money together we could get an entire mansion with 30 bedrooms and the biggest pool in Vegas towards the end of my week in Vegas as I was waiting for my flight home someone in CBP uniform approached me and asked me my name they led me to an interrogation room built into the airport and it turned out that the guy was actually an FBI agent at this point like I'm completely exhausted I have no idea what's going on anymore I've been drinking for days solid most interrogation it seemed like they were looking to leverage me to get to someone else something which I was not able or wanted to do they asked me a huge bunch of questions but it wasn't until about an hour interrogation that they actually told me what it was about and showed me an arrest Warren [Music] people weren't immediately quite sure why he had been arrested initially we thought that he got arrested because he understood they wanna cry the main it had caught me so off guard I still didn't really know what was happening or why I was just sat there in this haze it transpired that it was because of his work very much the price of mother crying they didn't have a cell for me so they handcuffed me to a chair so I spent most of the night trying to doze off and then getting woken up by the alarm that goes off every 20 minutes can you hear me hey I'm in jail okay I used to write now and they they pay me up for some old share have you got a lawyer yet no I don't have a lawyer they have the chat log me with some rubber guy I don't know how they got them look I'm gonna work on it you have a lawyer to know alright see a man I'll talk to you soon right that was my moment of I'm really actually in jail but after that I came to the conclusion that this is how my life is now I'm in jail I might as well get used to it [Music] he didn't take long for an indictment strop and he was accused of creating the Cronus malware that was very much a hope moment so the charges turn tonight he'll relate to something that I believe started around cut at the age of 17 to maybe like 19 or 20 in relation to writing a piece of malware called Chronos France malware is banking malware it essentially infects your computer and hooks into your web browser and tries to figure out your usernames and passwords for your banking login I don't think he's ever been behind the keyboard trying to steal credentials or trying to extract money out of bank accounts himself it was that person enabling somebody else through tools so it's a very kind of scientific kind of hobby interests kind of exploration I never had actually intended to write banking malware I had written malicious code in the past which I had not actually sold or given away but there came a point when I made the mistake of selling the code to someone this code was then incorporated with banking malware code that someone else had written to make a banking Trojan and kind of it was at that moment where I realized like there is no going back this is going to catch up with me at some point so the hearing today was to determine whether or not Marcus would be detained as a result of the charges and the indictment and if they judge agreed with me and saying that he is going to be released pending certain conditions that he has attached to the bond and that he has to post a thirty thousand dollar cash bond I started to look about how I would actually go about paying the bail but before I could get to that I found out that someone from the community had actually paid it for me I thought that like this was there I was going to be stuck in some prison for the foreseeable future and I had no idea all of these great people had to come together to support me [Music] I had mixed feelings about the case most of the issue I had personally is why now like why bring up this stuff from years in the past I think the FBI was trying to make an example of Marcus but I think they bit off more than they could chew [Music] I was born in the UK and I spent all of my life living there and other than a couple of conferences I had never really even been abroad lived in England got arrested while on vacation in Vegas was later moved to Milwaukee then to LA at this point I don't actually feel like anywhere is home that 18 month period where Marcus was in this immigration black hole he wasn't able to leave the United States he wasn't able to work being stuck in the u.s. not legally allowed to work for money has made me realize I'm one of those weird people who just enjoys working regardless don't want to be rich just want an apartment food clothes and some travel [Music] I was based in the Venice area and I'd begin to love this area of LA [Music] I wasn't living with my parents I had my own place now I felt like it was more of a new life it didn't feel like at all like my old one the security community very much rallied around Marcus a lot of people weren't sure whether he had done the crimes that the government was alleging and some people were adamant that he was innocent and at that point he pleaded not guilty me and my team of three lawyers we were gonna fight a lot of the charges because most of them I did not agree with so I want to attach you go to trial and fire all of the charges Marcus Hutchins is a brilliant young man and a hero he is going to vigorously defend himself against these charges and when the evidence comes to light we're confident that he will be fully vindicated he has been voices in the community for him and let's say and against him but I think if we're honest and our whole community is made up of people on the good side of things and on the gray side of things and sometimes on the bad side of things I started out very young learning about the security and hacking aspect of technology and back then there wasn't a lot of the kind of good side around as with any skill being able to practice for thousands of hours on a certain thing can make you the best at what you do and so if you're a security researcher are you gonna have to practice and practice and practice before you're good enough to play in the big league I learned how to understand malware by making my own versions which at the time I wasn't actually using or releasing and there came a point where I got involved with a crowd of malware developers and other kinds of criminal hackers and that kind of led me down a path the ended up with me selling malicious code at one point it was when my code was added to the Chronos ranking malware I realized this is not what I want to be doing after I was arrested I got quite a lot of people privately reaching out to me to tell me like yeah I I did the same kind of things you did in your past but it never caught up to me so I got the impression that there was a good percentage of people in the industry who had had like a less than why pass [Music] Monday is the second year anniversary of one a cry a journalist asked me what I've done since wanna cry and I realized literally nothing of value I had had a lot of anxiety from the stress I had been not really sleeping at all for the years I've been in the u.s. at this point I was already considering giving out [Music] my first lawyer gave me an estimate of about 1 to 1.5 million dollars for the entire case I knew I could not fund that kind of legal defense and I just figured then I'm gonna just have to follow two months before trial died decided to take a plea deal it was really just too much uncertainty for me and I decided that it just was not worth the risk did not expect that did not expect that I II genuinely thought he was not guilty [Music] legitimately terrified but also looking forward to all of this being over at some point he's gonna be sentenced today for creating and selling the Chronos banking malware you know seeing him sent away to prison when he's got so much to offer it's gonna be quite a sad day heading into court now no matter what happens I love you all I appreciate the fact that one might view the ignoble conduct that underlies this case as against the backdrop of what some have described as the work of a hero it was a very tense situation that in courtroom I think there wasn't a single person in there who thought for a second that he was gonna be able to walk out that you could be 140 IQ and have all the requisite talent to do great things but commensurate with all of the ability to do those great things is the ability to acquire the most important of traits and that is the exercise of good judgment I was shaking I think I sweat through my t-shirt and threw my laser yeah I I did not know how to feel it just felt like kind of everything was coming to an end but not in not in a good way there have been millions of individuals whose credit ratings have been affected as a result of hacking of systems and it's going to take individuals like yourself to come up with solutions the judge understood every nuance of this case the judge took a very kind of broad view of the entire circumstances rather than just the case at hand he weighed up my past work helping security Marcus Hutchins turned the corner with - any further conduct that would be remotely connected to what led to the charges in this case ever occurring again we are thrilled that the judge today recognized Marcus's very important contributions to keeping the world safe and let him go home a free man today so Marcus was sentenced to time served he's been released he's a free man [Music] just is everyone who supports fate I'm the judge for him maybe if Marcus hadn't found the one Oh cry Killswitch he never would have come to the attention of the FBI he never would have been arrested he never would have faced this long legal ordeal about his past essentially cyber criminal acts but on the other hand saving the world from wanna cry is what allowed him to walk away free and the ants thanks to one judge who understood this series of events and the kind of ultimate equation that put him on top in terms of the good he'd done versus the harm he not only saved the world from water cry but he saved himself in a way I think today I share absolutely nothing in common with the me back then it feels almost like a completely different person it's only that once you grow older you realize what actually is right and wrong you [Music]

Info

Channel: Tomorrow Unlocked

Views: 1,401,558

Rating: 4.9135566 out of 5

Keywords: cyberattack, cyber attack documentary, wannacry, hacker, hacking, hacking documentary, cybercrime, legal system, nhs, ransomware, court drama

Id: vveLaA-z3-o

Channel Id: undefined

Length: 25min 11sec (1511 seconds)

Published: Fri Oct 25 2019