On Wednesday 3rd August our friend and colleague @MalwareTechBlog was arrested by the FBI in Las Vegas after the Defcon/Blackhat security conventions.
Many know him for his integral role in helping analyse, explain and mitigate the WannaCry ransomware worm - particularly for registering the sinkhole domain which slowed the attack and saved upwards of millions of computers from infection and inestimable damages.
In the UK and possibly elsewhere, it is entirely plausible that his heroic contributions prevented loss or injury to human lives.
MalwareTech has been indicted by the US DOJ and faces charges relating to alleged involvement in the Kronos banking malware in 2014-2015. No evidence has been presented at this stage to substantiate the claims and under US and international law he is considered innocent until proven otherwise.
Understandable concern is being felt and important questions are raised regarding how a UK citizen and highly-regarded member of the security researcher community came to be arrested by US authorities. The possibility of decades of imprisonment due to the disproportionately harsh sentencing regime in the USA compared to the UK and the prevalence of coercive plea-bargaining give cause for significant alarm.
Within the community of information security researchers and practitioners the dangers of being criminalised for efforts to address malware and improve computer security are all-to-familiar. With the arrest of MalwareTech, especially after such conspicuous and laudable contributions in responding to cyberattacks, there is a serious risk that the already strained trust between the hacker community and law-enforcement and government authorities will be eroded further and significant "chilling effects" on the willingness of volunteers to assist with computer security will be felt at a time when their help is most needed.
We owe it to our friend and colleague, to his family and loved ones, to ourselves as a community and society at large to ensure that MalwareTech's rights are upheld, that his brilliant potential to contribute to our collective security is not squandered, and that relations between the hacker community and state authorities are not harmed for the common goal of maintaining internet and private computer security.
Please attend if you are able, or contribute remotely, so that we can respond together in an effective and responsible manner to resolving this situation in the best interests of everybody concerned.
133 Bethnal Green Rd, London E2 7DG, UK
An event page by 🏴 Lauri Love 🏴
Made with love in London
We ask for your email address so that we and the attendees have a way of contacting you.