Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Hacker Who Never Hacked Anyone Gets 33-Month Prison Sentence
#1
A hacker who was arrested and pleaded guilty last year—not because he hacked someone, but for creating and selling a remote access trojan that helped cyber criminals—has finally been sentenced to serve almost three years in prison.

Taylor Huddleston, 26, of Hot Springs, Arkansas, pleaded guilty in July 2017 to one charge of aiding and abetting computer intrusions by building and intentionally selling a remote access trojan (RAT), called NanoCore, to hackers for $25.

Huddleston was arrested in March, almost two months before the FBI raided his house in Hot Springs, Arkansas and left with his computers after 90 minutes, only to return eight weeks later with handcuffs.


This case is a rare example of the US Department of Justice (DOJ) charging someone not for actively using malware to hack victims' computers, but for developing and selling it to other cybercriminals.

Huddleston admitted to the court that he created his software knowing it would be used by other cybercriminals to break the law.

He initially started developing NanoCore in late 2012 with a motive to offer a low-budget remote management software for schools, IT-conscious businesses, and parents who desired to monitor their children's activities on the web.

However, Huddleston marketed and sold the NanoCore RAT for $25 in underground hacking forums that were extremely popular with cybercriminals around the world from January 2014 to February 2016. He then sold ownership of NanoCore to a third-party in 2016.

NanoCore RAT happens to be popular among cybercriminals on underground hacking forums and has been linked to intrusions in at least ten countries. Among the victims was a high-profile assault on Middle Eastern energy firms in 2015.


Huddleston also agreed with prosecutors that NanoCore RAT and available third-party plugins offered a full set of features including:
  • Stealing sensitive information from victim computers, such as passwords, emails, and instant messages.
  • Remotely activating and controlling connected webcams on the victims' computers in order to spy on them.
  • Ability to view, delete, and download files.
  • Locking infected PCs and holding them to ransom.
  • Using infected PCs to launch distributed denial of service (DDoS) attacks on websites and similar services.
In July plea, Huddleston also took responsibility for creating and operating a software licensing system called "Net Seal" that was used by another suspect, Zachary Shames, to sell thousands of copies of Limitless keylogger.

Shames used Net Seal to infect 3,000 people that were, in turn, used it to infect 16,000 computers, according to the DoJ.

In his guilty plea, Huddleston admitted that he intended his products to be used maliciously.

Besides the 33-month prison sentence handed down by judges on Friday, Huddleston also gets two years of supervised release.

By: Mohit Kumar
#2
Wow. This crazy story...
#3
America, the land of the free.
#4
I think he's not a real hacker, my brain exploded XD
#5
Nanocore got really well known as extremely malicious and the owner knew and used this to market it further more with the inbuilt features he clearly made the program and sold it for illegal purposes. The dude knew or at least accepted this could happen.
#6
he knows what he is doing, he just did not know that he will achieve so much success...
#7
Haha these crazy Americans...
#8
It's probably still available on HF but it's shit now lol
#9
America is a wierd country
#10
(03-01-2018, 10:35 PM)spanishcat Wrote:  It's probably still available on HF but it's shit now lol

tru, only true 31337s are on HF
#11
wait so he didn't even hack anyone? just created a software?
#12
(03-02-2018, 03:27 AM)SirTea Wrote:  wait so he didn't even hack anyone? just created a software?

Not just software, malicious software. It wasn't just software that people took and misused... it was developed for nefarious purposes. Imagine you create a bomb for someone and they set it off somewhere. You're not completely innocent just because you didn't physically set it off.

I could see a legitimate use for creating viruses, trojans, etc. in the context of research and contributing to the cyber security community. But you don't sell it, you do it in a way that the community can learn about the vulnerability you exploited so that people can patch it or do whatever to protect themselves.
 


Possibly Related Threads...
Thread Author Replies Views Last Post
  Japan's cyber-security minister has 'never used a computer' StLuis 18 1,065 Yesterday, 06:23 PM
Last Post: savus
  Apple hacked by 16 years old kid ChaosLelouch 34 2,247 Yesterday, 06:13 PM
Last Post: vsuv
  Real Identity of Hacker Who Sold LinkedIn, Dropbox Databases Revealed alixavi 5 274 12-10-2018, 07:10 PM
Last Post: utente088401
  16-Year-Old Teen Hacked Apple Servers, Stole 90GB of Secure Files BMT 38 2,964 12-06-2018, 03:09 AM
Last Post: xameleon
  Google Hacker Discloses New Linux Kernel Vulnerability and PoC Exploit lolmean 3 393 10-21-2018, 05:04 PM
Last Post: 6R1ff1N



Users browsing this thread: 1 Guest(s)