Let MalwareTech Surf! Status Report

There were several developments in the MalwareTech case late last week.

On Friday, there was a status hearing in his case. Before the hearing, the government submitted a status report revealing that they only provided the malware at issue in the case to Hutchins on October 2, two months after arresting him (the judge approved a protection order on August 21). The government provided five malware samples.

The most recent production was made on October 2, 2017, and contained five malware samples, among other things.

There was also a status hearing Friday. In it, the government revealed they have yet to turn over chat logs from an Internet forum — Hutchins will get that next week.

Govt. notes that there is one more disk to be produced – chats from internet forum on disk to be received from FBI next week.

These may be the ones where, the government claims, Hutchins discussed getting paid for the Kronos malware update. If so, it’s another key piece of potentially rebuttable evidence they’ve taken their time handing over to Hutchins.

The government also has discovery from some foreign country that it is not sure it’ll be able to obtain. This is really sketchy. First, as I’ve mentioned, there are no known US victims of this malware. The victims are in other countries. Is this victim related information? Is it information the government otherwise obtained under EO 12333 that it needs to parallel construct to introduce in this case? Is this from Hutchins’ own government?

There is still an amount of discovery from another country. It is unknown whether it can be obtained by the government. Any information obtained by the govt. will be given to the defense.

In any case, why is the government only now trying to get this evidence? They’ve had two months since the arrest, and three since his indictment.

Finally, an interesting piece of good news. The defense declined to commit to a briefing schedule for fear the government might file a superseding indictment. Given the allegations that Hutchins was involved in other stuff, I had feared the government might indict him on those crimes to further pressure him to plea. But in Friday’s hearing they said if they do file a superseding indictment, it’ll be based on the discovery they’ve already provided to Hutchins, meaning it’ll presumably be on the same alleged malware crime and not any unrelated charges.

The defense notes that it does have concerns regarding the possible filing of a Superseding Indictment and whether there will be more discovery in connection with it. The government has given no details as to the possible filing.

The govt. notes that, if it decides to file a Superseding Indictment, it will relate to discovery already produced or to be produced shortly.

Finally, Hutchins’ lawyers are using the earlier promises the judge made and the malfunction of Hutchins’ GPS tracker in a bid alter the conditions of bail to let Hutchins surf.

During Hutchins’ first hearing in Wisconsin, the judge suggested that after Hutchins had shown a period of compliance, pretrial services could consider lifting his GPS monitoring.

And it will be up to them to decide if — the time at which he’s been sufficiently compliant that they can — they feel comfortable lifting the GPS monitoring, but that will be up to them.

Hutchins’ lawyers reminded the judge of that, even while they provided proof that Hutchins would remain compliant without a curfew or GPS monitoring: Apparently, on a recent trip to the East Coast, his curfew was suspended and his GPS monitor failed, yet he didn’t flee.

Hutchins has continued to comply with his conditions of release, and he traveled to a major city on the East Coast for a few days in September. So that he could catch his early-morning flights, Pretrial Services and the government agreed, with this Court’s approval, that his curfew could be suspended for the duration of his travel. During that trip—through no fault of his own—Mr. Hutchins’ GPS unit refused to take a battery charge and as a result became non-functional. Pretrial Services was alerted to this issue. Mr. Hutchins, of course, did not attempt to flee the country when the GPS unit failed. He simply abided by the rest of his release conditions while on the trip and returned home to Los Angeles as scheduled, where he was fitted with a working GPS unit.

Hutchins’ lawyers argue that the GPS monitor is inconvenient both because it requires two hours each day to charge but also because CA’s GPS monitors can’t be brought on planes, so pretrial services has to swap out the CA GPS monitor for a Milwaukee one any time Hutchins needs to fly.

But the real inconvenience, they admit in a footnote, is that Hutchins lives close to glorious CA beaches but can’t swim or surf.

The GPS unit also cannot be submerged in water. This is relevant because Mr. Hutchins is an avid swimmer and surfer. Engaging in these activities would help him maintain a healthy lifestyle and manage the tremendous stress of his difficult situation.

Given the details on discovery released Friday, my suspicion is the government made this a complex case so they could stall on discovery. If they’re going to do that, by all means Hutchins should be able to enjoy his time in CA.

Update: The government has objected to this request, arguing (ignoring the trip to the East Coast) that there’s no new reason Hutchins is requesting this.

Update: Judge Duffin says Hutchins can surf! There’s a detail in the opinion the government may make hay about, but for the moment, Hutchins is off his GPS and curfew. If he doesn’t watch out he’s going to end up staying in LA forever, once he ditches this charge.

5 replies
  1. Indee One says:

    hope these bogus charges are dropped sooner rather than later.. they are dragging this on more than they need to. a bunch of poppykosh, bubkes, bs,

  2. orionATL says:

    wi-fi systems are windows without shades:


    time to redesign wireless device comms

    time to break up into seperate parts and redesign personal computer operating sysyems

    time to break up and seperate the collected mass data storage of mlions of individual data sets

    time to redesign internet communications harware and software

    time to put some serious legal and law enforcement teeth into punishing the stealing of information from computers.

  3. orionATL says:

    related to my comment above.

    in her post on the kaspersky hack emptywheel had this extrordinary comment about our porous internet security:

    “… Finally, one other thing that could be going on here: all these entities do piggyback hacks on each other, and in fact it’s the first thing most of their tools do when they breach targeted systems — look who else is already there so you can see what they’re stealing and usually take your own copy.

    Which means it’s possible that Russia found the NSA files by piggybacking on Israel. Or vice versa. Or, it could be nothing more complex than FSB taking the files it found while it responded to the Kaspersky hack and using them themselves… ”

    this would be comical if it were a movie plot rather than my data.

Comments are closed.