Yeah I fucked around with random internet-accessible systems (late 90s, early 2000s). However, I never wrote malware to steal credentials or the like. That strikes me as fairly targeted.
This is absolutely a problem. America has a system which incites prosecutors to "win" in court rather than actually trying to serve justice, because that is how they advance. Plea bargains are a perverse way to keep this up.
From the deal: "The government agrees to make no recommendation regarding the ultimate sentence to be imposed; however, the government remains free to take a position with respect to any fact or factor pertinent to the sentencing decision consistent with this agreement and to advise the court that the government's failure to make a sentencing recommendation should not be construed as a recommendation for leniency or severity."
What is it that you think that quote means? That's boilerplate language. The plea agreement is in fact very detailed and precise about the sentencing range Hutchins faces (it's relatively low).
Realistically, can they avoid criticism here? They offer a sentence -> they're only offering a high sentence/they are forcing him to accept a longer sentence. They don't offer him a sentence -> they should have offered him a sentence.
That's not how this works. The prosecution and the defendant can agree to about what they'll ask for, but it's ultimately up to the judge to sentence. Prosecutors can't "offer him a sentence".
The government absolutely does not have anything near unlimited resources. I've been listening to the Ken White podcast All the President's Lawyers and something he repeatedly says is just how shockingly few criminals, especially white collar criminals, actually get prosecuted because there's simply no budget to go after them.
That's kind of the point. When they go after someone they're going to spend the money. No point spreading resources so thinly that they can't prosecute anyone properly.
White collar crimes are very expensive to investigate, prosecute, and keep the attention of the jury. High-profile clients and attorneys invite a lot of red tape, expensive to cut through, so they don't bother unless conviction is certain. Failure is embarrassing and makes the State look weak.
But Ken White is living in a bubble if he thinks the State won't spend the money to go after any low-hanging fruit it can reach.
I don't know anything about this case but innocent people plead guilty all the time in the USA. It's a much safer choice than going to trial where the sentence may be much much longer.
I directly knew, from being in some IRC channels he and I frequented ages ago, that he was absolutely guilty of the charge. But I also knew (as far as I could tell) that he genuinely turned over a new leaf a while ago, left that life behind, and is trying to do good now. This is a pretty common story for whitehats; many of their hats weren't quite so white in their pasts, whether people around them are aware or not.
People make mistakes, and people can change. Don't feel too bad for contributing to his defense. He fucked up and is trying to make up for the damage he caused by sincerely helping people.
The plea agreement he signed says he was still selling malware until late 2015 at least, and was arrested in 2017. If he had turned over a new leaf, it wasnt for very long. I think he probably had stopped, but only because of the attention he received from the strings wannacry.exe thing.
So you're saying he continued to commit crimes up until May 2017? That's when WannaCry happened. His fame came on pretty quickly after that and it didn't take long for him to get arrested.
Edit: The source code leaked at some point so its hard to tell when he stopped selling it based on available malware samples. New variants were detected at least as late as 2018. He was accused of selling it in 2014 and 2015 though, so there's a decent chance that he stopped a couple of years before his arrest.
My general rule for judging adults is to not judge them based on dumb decisions they made while young. Young adults do dumb things and will continue to do so. If you're still doing dumb things 30+ then that's probably you.
Hutchins took a plea deal. It's well known that there is rampant abuse of the plea deal in the US justice system [1].
That's not to say he's totally innocent of everything but that him pleading guilty to this single count may not be as straight forward as the article would make it seem.
We don't know his actual sentence yet, do we? The article says "up to 10 years" but the actual duration will be suggested by the prosecution based on the plea, no?
His defense and the prosecutors have stipulated to two counts, each of which has a maximum sentence of 5 years. The norm is for like crimes to be sentenced concurrently, so "up to 10 years" does not seem accurate.
The plea agreement itself stipulates to the sentencing level. Assuming all charges group, the maximum proposed sentencing level is 13, with the caveat that the agreement allows prosecutors to argue for an adjustment of as many as 8 sentencing levels. With no previous criminal history, a level 13 offense is 12-18 months.
Late edit
I missed that he also loses 3 levels for accepting responsibility. At level 10, his guideline range would be 6-12 months.
For more detail on how this works, Google [popehat whale sushi].
Right; the probable sentence is much lower, but how much lower is to a large extent up to prosecutorial discretion (8 levels), no? Levels 2-8 (taking 2-8 levels off 10), with no priors, would be guideline 0-6 months, if I'm reading this table correctly.
Plea bargained. That's how its done in the USA folks. At least in over 90% of cases. The concept of having a fair trial and your day in court is a thing of the past. Amazing it took so long.
I've been following Marcus on Twitter for the last couple of years, and he's been sounding increasingly desperate lately. Regardless of whether he actually authored Kronos, I could easily see him taking the plea bargain as a way out.
I strongly feel that a malware researcher who stopped WannaCry and spends his free time making reverse engineering tutorials shouldn't go to prison because of a trojan he wrote as a teenager (assuming he really did write it).
He not only wrote the malware but personally sold it for $7000 per copy to botnet operators and other kinds of cybercriminals to facilitate bank account theft and fraud. He's changed now and is trying to be a force for good, but he definitely made mistakes in his past.
Not having grown up in the US, I listened in fascination to the first episodes of Serial season 3, “... Cleveland. Not for one extraordinary case; instead, Serial wanted to tackle the whole criminal justice system. To do that we figured we’d need to look at something different: ordinary cases.”
After a few episodes I had to take a break. It is so upsetting. Justice is not a reality.
““Charge stacking” is a process by which police and prosecutors create a case with numerous charges or numerous instances of the same charge to convince the defendant that the risk of not pleading guilty is intolerable. The defendant may be convinced to plead guilty to a few of the charges in return for not being prosecuted for the remaining charges.“
https://en.m.wikipedia.org/wiki/Courtroom_Workgroup
Hutchins had exceptionally talented representation (one of his lawyers, whose name appears on the plea agreement, is a nationally recognized authority). There is no chance that "charge stacking" intimidated him; his lawyers certainly would have informed him that the charges he faced would group, and that he'd in effect serve time based on the guideline range for the worst charge he was convicted of.
This is really good information, though I marvel at your certainty that Hutchins was unintimidated. I suspect few have the constitution you suggest to stay a rational actor when facing years behind jail.
It sounds like a sentencing date has not been announced:
"According to a copy of Hutchins’ plea agreement, both charges each carry a maximum of up to five years in prison, and up to a $250,000 fine, and up to one year of supervised release. However, those charges are likely to be substantially tempered by federal sentencing guidelines, and may take into account time already served in detention. It remains unclear when he will be sentenced."
https://krebsonsecurity.com/2019/04/marcus-malwaretech-hutch...
I'm not saying he was confident about the whole process. I'm saying that he was certainly informed as to how federal charges group in sentencing.
In federal sentencing, in general, and in particular with these charges, "like" counts group. In effect, you serve the time for the "worst" charge you're convicted of. You do not add the sentences for all the counts together to determine a sentencing.
As the article says, and as you'll find if you read the plea agreement and then consult the chart in the federal sentencing guidelines, he's not facing anything close to 5 years.
Wow tptacek, thank you for all the insights. It’s a shame then that Kreb uses softening language “likely to be” when there is such confidence that Hutchins will serve little time. Though I imagine all jail time is slow time. I’m only learning now how separate the federal prison system is and it appears to have somewhat better conditions.
In particular, there are CIs with online chat transcripts corroborating the accusations, and Hutchins offered a partial confession the day of his arrest.
Hutchins also had excellent representation, including Marcia Hofmann.
That's not the OPs point. The plea bargain system is principally unjust. If prosecutors had enough evidence of some crimes, then the accused should be tried for them and not go freely. If prosecutors don't have enough evidence for some of the alleged crimes they stack up, then the charges should be dropped and the accused should only be tried for the crimes for which there is sufficient evidence.
The please bargain system is nothing but institutionalized blackmail, and many innocent people have become its victims.
How exactly would Hutchins benefit from a system in which he was essentially required to take this case to trial? Stipulate that the FBI has him dead to rights, which it sure seems like they do. Then, in this case, the plea bargain system helped him: it enabled him to agree with prosecutors not to try him on all 10 counts, and to reduce his sentencing level, which prosecutors would not have an incentive to do otherwise.
The idea of justice is not to provide some benefits to people who where accused of some crimes. If someone has committed a crime, then justice system shouldn't help him. If on the other hand the person has not committed besaid crime, then the justice system ought to carefully prevent wrong accusations and ensure a fair trial.
I have argued that the plea bargain system is unjust in both cases, when the accused has committed the crime and when the accused has not committed the crime. There is no need for anyone to decide who has committed a crime for that argument to go through.
To answer your question, not "we" would do that but that's what fair trials are intended for.
No, if that's how you read my post you should read it again. I personally believe he should have faced 3 years maximum and that sentences are way too high in the US, up to 10 times higher than elsewhere, but that wasn't the point.
I was laying out reasons why the plea bargain system is principally unjust. There are many more problems with the US justice system, of course.
As a technicality, he faces a 5-year maximum sentence (the sentencing judge could simply ignore the plea bargain and all the sentencing guidelines and Hutchins lack of criminal history and simply impute the maximum statutory sentence).
In reality, the guideline ranges stipulated in the plea bargain put him most likely under 2 years, and possibly as few as 6 months. Even with the maximum upward departure stipulated in the agreement, Hutchins would not be looking at 3 years.
The problem with the plea bargain system is that it helps the guilty and hurts the innocent. Suppose he was innocent but the prosecution had some coincidental but persuasive evidence. "You'll go to jail for ten years if you fight it and lose. Take a plea, do three months and pay a fine."
The guilty get the benefit of reduced sentences. The innocent have to face the bullying behavior where prosecutors stack up charges to make the potential punishment more frightening in order to coerce a plea.
Orin Kerr’s analysis suggests that the charges against him were fairly aggressive and may have strained the language of the laws themselves, it doesn’t appear to be straightforward. Additionally, I imagine a lawyer could well argue that the venue itself was inappropriate, the charges do not at all specify why the district they were filed in had jurisdiction to try his alleged crimes. I’m not familiar with this case, but prosecutors stacking every applicable crime they can to stretch the resources of the defendants seems to be standard operating procedure. This could well be the best outcome his attorney was able to guarantee with the resources he was able to spend on this case, but Orin Kerr raised a lot of questions that a more resources defendant may have wanted to take to trial.
This doesn't make the fundamental problem here go away: they arrested someone who was not in the United States when allegedly violated a law of the USA. The USA does not have jurisdiction over the entire world. If they thought they had a case, the right way to do this is to issue an arrest warrant and ask the UK to arrest and extradite him. If this was a thing, international travel would halt because you would need to countercheck everything you've ever done online with the laws of the country you are flying to.
Consider this fictionary tale: you fly to Budapest for a fun trip. You are jailed for posting the Soviet hammer and sickle on your Facebook two years ago -- it's a crime under Hungarian law to use that symbol. Do you think this is right?
Here's the law:
Any person who:
a) distributes,
b) uses before the public at large, or
c) publicly exhibits,
the swastika, the insignia of the SS, the arrow cross, the sickle and hammer, the five-pointed red star or any symbol
depicting the above so as to breach public peace - especially in a way to offend the dignity of victims of totalitarian regimes and their right to sanctity - is guilty of a misdemeanor punishable by custodial arrest, insofar as the did not result in a more serious criminal offense.
american global hegemony is a thing. fair or not, it exists. if you want out of the purview of the US you have to go to one of its enemy superstates, Russia or China. Even small neutral/hostile nations are not safe forever (eg Assange in Ecuador).
Assange was using Ecuador’s protection and resources for free. At that point you’re at the whim of the Ecuadorian people and their elections. Nothing is forever.
I'm okay with how the US handled this. The crime he pleaded guilty to caused innocent people real financial harm, and it's not like the US sent FBI agents over to the UK to pick him up. He flew here on his own, knowing (presumably) that he had committed a crime that could get him arrested here.
Kinda stupid to commit crimes against people in a country and then travel to that country before the statute of limitations has expired.
I might have a different opinion for victimless crimes, but it's irrelevant to this discussion.
FWIW his crimes didn't target any country specifically, so he could've faced trouble anywhere in the world.
There's not necessarily anything wrong with prosecuting him in the US, but presumably the US authorities could've just as well spared themselves the work and referred this to the UK authorities in whose jurisdiction the crimes were committed.
And that is fine, again, the so called Dread Pirate Roberts 2 was arrested and convincted in the UK mostly based on info the US handed to the UK. The problem is the US arresting someone who was. not. in. the. USA. when committing the crime (if he did).
If you hack a bunch of computers in China, and China figures it out, and then you visit China, bet that China will arrest and imprison you. I don't see what's out of the ordinary about the fact pattern we're talking about here.
That's only half true. Chinese authorities will generally just not let you out of the country again, if the crime isn't severe enough. Also as a foreigner you won't necessarily be notified that there is even a court case against you and you can be fined/sentenced in your absence.
>According to publically available information, since it was created, Kronos has been configured to exfiltrate user credentials associated with banking systems located in Canada, Germany, Poland, France, and the United Kingdom, among others countries.
Of course, given the nature of the malware it's very likely that at least someone in the US was affected.
>The problem is the US arresting someone who was. not. in. the. USA. when committing the crime (if he did).
How is this a problem? if you cause material damages to Americans and you then go to the US the country is going to come after you.
Why would the US not protect its citizens to the best of its ability and prosecute people who harmed them, even if they harmed them from a place that wasn't the US. We're talking about global financial crimes, they don't know any borders to begin with.
If you kill someone outside of the US, and then you travel to the US, I'd be concerned if you wouldn't get arrested
Not even that, he sold his malware, not to Americans specifically, or targeted at Americans at all, but he sold malware that someone subsequently used against US citizens.
I find it hard to believe anyone thinks it's reasonable "anywhere in the world" can keep prosecuting the guy until he dies.
Taken to the extreme with this logic he should be extradited across the globe for decades for any public prosecutor to go to town on, though I guess that type of fear is exactly the intended effect of witch trial justice.
The situation in reverse with a US citizen charged in a foreign country despite causing no harm to them is unlikely to garner the same response. American exceptionalism at it's finest.
> If this was a thing, international travel would halt because you would need to countercheck everything you've ever done online with the laws of the country you are flying to.
I mean, for many of us that’s already a problem, and has been for a long time. Ever mentioned your same-sex partner somewhere a Government might be able to find it? There’s now a whole bunch of countries you can’t visit or pass through without being at risk of imprisonment or worse, yay.
But -- while obviously I do not endorse such laws -- the difference is you are violating their law at that moment, where you stand by just being you. Once again: I fundamentally disagree with such laws but the situation is different.
Not really. They arrest you, when you arrive in their country, for being gay. It's not like they're extraditing people from other countries for being gay.
That's exactly what I said: according to their laws you being gay is a crime -- a crime committed at the time when you are in the country by simply being you. It has nothing to do with Hutchins' arrest which was for a crime committed in the past while being elsewhere.
For better or worse, the US is far from unique in this, e.g., this high-profile case here in the UK from the past few weeks: https://www.bbc.co.uk/news/uk-47847740
Your hypothetical "crime" would be immediately thrown out because you would not be able to prove damages. No crime was committed against a citizen of Hungary, and Facebook is not considered the public at large.
A more apt hypothetical would be if you were tricking people into distributing hate symbols from abroad. I think you could make a cogent argument for arrest in that case.
The victims of the malware were on American soil. If someone remotely takes control of your smart oven and burns your house down, you have standing to charge them with a crime. The difference is he violated a US law, against a US citizen, while that citizen was in the United States. If you do that and are currently in the US you should expect to be arrested.
>The USA does not have jurisdiction over the entire world.
Maybe not the whole world but the US has the hegemony over countries where the US military bases reside. All of those countries have signed their sovereignty away through various extradition and trade treaties which give the US DoJ a massive reach over the citizens of those countries.
In 2019, if you were to try to escape the long arm of US law, your options are extremely limited. I can't think of a country that would not hand you over to the US because of a massive pressure that the US State Department would put on the host country. Just look at Ecuador which sold Assange for billions in aid.
Its not like he's contributed to anything helpful afterwards - oh wait.
Lets be honest with ourselves - banks have a very specific role in the world economy, and have largely quit lending to businesses small enough to actually upset the market.
Sure VCs do what they do. But unless you're in something sexy or trendy? Good luck courting them.
From the contents of the "attachment A" it seems like the FBI (or whatever other US agency) "sat" on the code they indirectly purchased for 2-3 years (the UPAS) and for several months (the KRONOS), observing the behaviour of Hutchins and "Vinny" and collecting evidence against them.
Shouldn't they have somehow acted to prevent the spreading of the malwares?
94 comments
[ 3.9 ms ] story [ 159 ms ] threadLesson learned, I suppose.
Plea bargain here: https://www.documentcloud.org/documents/5972658-Marcus-Hutch...
From the deal: "The government agrees to make no recommendation regarding the ultimate sentence to be imposed; however, the government remains free to take a position with respect to any fact or factor pertinent to the sentencing decision consistent with this agreement and to advise the court that the government's failure to make a sentencing recommendation should not be construed as a recommendation for leniency or severity."
The guy got screwed.
This was definitely not that. It is the very opposite of precise.
The PSR will be generated, and the judge will decide on the sentence, ranging from deportation without incarceration to 5 years.
If your doctor told you you had 0-5 years left to live, inclusive, you wouldn’t call that detailed and precise, would you?
Most don’t or won’t.
White collar crimes are very expensive to investigate, prosecute, and keep the attention of the jury. High-profile clients and attorneys invite a lot of red tape, expensive to cut through, so they don't bother unless conviction is certain. Failure is embarrassing and makes the State look weak.
But Ken White is living in a bubble if he thinks the State won't spend the money to go after any low-hanging fruit it can reach.
don't trust testimonies, don't trust statements, or at LEAST recognize their infallibility
just understand the decision tree and how they change the options available during the legal process
in this case, we have:
- duress
- a short remorseful statement that is hoping to get his sentence reduced or even nullified
- no room for appeals court due to the plea agreement
the saying goes "remorse is for the courts", and unfortunately this will be used against me if I am ever indicted for something
People make mistakes, and people can change. Don't feel too bad for contributing to his defense. He fucked up and is trying to make up for the damage he caused by sincerely helping people.
Edit: The source code leaked at some point so its hard to tell when he stopped selling it based on available malware samples. New variants were detected at least as late as 2018. He was accused of selling it in 2014 and 2015 though, so there's a decent chance that he stopped a couple of years before his arrest.
Hutchins took a plea deal. It's well known that there is rampant abuse of the plea deal in the US justice system [1].
That's not to say he's totally innocent of everything but that him pleading guilty to this single count may not be as straight forward as the article would make it seem.
[1] https://www.theatlantic.com/magazine/archive/2017/09/innocen...
The plea agreement itself stipulates to the sentencing level. Assuming all charges group, the maximum proposed sentencing level is 13, with the caveat that the agreement allows prosecutors to argue for an adjustment of as many as 8 sentencing levels. With no previous criminal history, a level 13 offense is 12-18 months.
Late edit
I missed that he also loses 3 levels for accepting responsibility. At level 10, his guideline range would be 6-12 months.
For more detail on how this works, Google [popehat whale sushi].
(I also read Popehat.)
https://www.boston.com/uncategorized/noprimarytagmatch/2013/...
I strongly feel that a malware researcher who stopped WannaCry and spends his free time making reverse engineering tutorials shouldn't go to prison because of a trojan he wrote as a teenager (assuming he really did write it).
After a few episodes I had to take a break. It is so upsetting. Justice is not a reality.
https://serialpodcast.org/season-three/about
““Charge stacking” is a process by which police and prosecutors create a case with numerous charges or numerous instances of the same charge to convince the defendant that the risk of not pleading guilty is intolerable. The defendant may be convinced to plead guilty to a few of the charges in return for not being prosecuted for the remaining charges.“ https://en.m.wikipedia.org/wiki/Courtroom_Workgroup
It sounds like a sentencing date has not been announced: "According to a copy of Hutchins’ plea agreement, both charges each carry a maximum of up to five years in prison, and up to a $250,000 fine, and up to one year of supervised release. However, those charges are likely to be substantially tempered by federal sentencing guidelines, and may take into account time already served in detention. It remains unclear when he will be sentenced." https://krebsonsecurity.com/2019/04/marcus-malwaretech-hutch...
In federal sentencing, in general, and in particular with these charges, "like" counts group. In effect, you serve the time for the "worst" charge you're convicted of. You do not add the sentences for all the counts together to determine a sentencing.
As the article says, and as you'll find if you read the plea agreement and then consult the chart in the federal sentencing guidelines, he's not facing anything close to 5 years.
https://www.courtlistener.com/recap/gov.uscourts.wied.77855/...
In particular, there are CIs with online chat transcripts corroborating the accusations, and Hutchins offered a partial confession the day of his arrest.
Hutchins also had excellent representation, including Marcia Hofmann.
The please bargain system is nothing but institutionalized blackmail, and many innocent people have become its victims.
The please bargain system does neither of that.
To answer your question, not "we" would do that but that's what fair trials are intended for.
I was laying out reasons why the plea bargain system is principally unjust. There are many more problems with the US justice system, of course.
In reality, the guideline ranges stipulated in the plea bargain put him most likely under 2 years, and possibly as few as 6 months. Even with the maximum upward departure stipulated in the agreement, Hutchins would not be looking at 3 years.
The guilty get the benefit of reduced sentences. The innocent have to face the bullying behavior where prosecutors stack up charges to make the potential punishment more frightening in order to coerce a plea.
https://www.washingtonpost.com/news/volokh-conspiracy/wp/201...
Consider this fictionary tale: you fly to Budapest for a fun trip. You are jailed for posting the Soviet hammer and sickle on your Facebook two years ago -- it's a crime under Hungarian law to use that symbol. Do you think this is right?
Here's the law:
Any person who: a) distributes, b) uses before the public at large, or c) publicly exhibits, the swastika, the insignia of the SS, the arrow cross, the sickle and hammer, the five-pointed red star or any symbol depicting the above so as to breach public peace - especially in a way to offend the dignity of victims of totalitarian regimes and their right to sanctity - is guilty of a misdemeanor punishable by custodial arrest, insofar as the did not result in a more serious criminal offense.
He was arrested in the US for his impact to people and companies inside the US.
Assange was using Ecuador’s protection and resources for free. At that point you’re at the whim of the Ecuadorian people and their elections. Nothing is forever.
Kinda stupid to commit crimes against people in a country and then travel to that country before the statute of limitations has expired.
I might have a different opinion for victimless crimes, but it's irrelevant to this discussion.
There's not necessarily anything wrong with prosecuting him in the US, but presumably the US authorities could've just as well spared themselves the work and referred this to the UK authorities in whose jurisdiction the crimes were committed.
Now that I'm thinking about it more, I'd be upset if they didn't arrest him while he were here.
In fact, the DOJ press release specifically names a bunch of countries that aren't the US https://www.justice.gov/usao-edwi/pr/man-charged-his-role-cr...
>According to publically available information, since it was created, Kronos has been configured to exfiltrate user credentials associated with banking systems located in Canada, Germany, Poland, France, and the United Kingdom, among others countries.
Of course, given the nature of the malware it's very likely that at least someone in the US was affected.
How is this a problem? if you cause material damages to Americans and you then go to the US the country is going to come after you.
Why would the US not protect its citizens to the best of its ability and prosecute people who harmed them, even if they harmed them from a place that wasn't the US. We're talking about global financial crimes, they don't know any borders to begin with.
If you kill someone outside of the US, and then you travel to the US, I'd be concerned if you wouldn't get arrested
I could be wrong, but I don't think the federal government has ever claimed that any Americans were infected with Kronos.
It's a stretch.
World police strikes again.
Taken to the extreme with this logic he should be extradited across the globe for decades for any public prosecutor to go to town on, though I guess that type of fear is exactly the intended effect of witch trial justice.
The situation in reverse with a US citizen charged in a foreign country despite causing no harm to them is unlikely to garner the same response. American exceptionalism at it's finest.
I mean, for many of us that’s already a problem, and has been for a long time. Ever mentioned your same-sex partner somewhere a Government might be able to find it? There’s now a whole bunch of countries you can’t visit or pass through without being at risk of imprisonment or worse, yay.
A more apt hypothetical would be if you were tricking people into distributing hate symbols from abroad. I think you could make a cogent argument for arrest in that case.
The victims of the malware were on American soil. If someone remotely takes control of your smart oven and burns your house down, you have standing to charge them with a crime. The difference is he violated a US law, against a US citizen, while that citizen was in the United States. If you do that and are currently in the US you should expect to be arrested.
Maybe not the whole world but the US has the hegemony over countries where the US military bases reside. All of those countries have signed their sovereignty away through various extradition and trade treaties which give the US DoJ a massive reach over the citizens of those countries.
In 2019, if you were to try to escape the long arm of US law, your options are extremely limited. I can't think of a country that would not hand you over to the US because of a massive pressure that the US State Department would put on the host country. Just look at Ecuador which sold Assange for billions in aid.
Nobody cares that he wasn’t in the US when he caused harm in the US.
Lets be honest with ourselves - banks have a very specific role in the world economy, and have largely quit lending to businesses small enough to actually upset the market.
Sure VCs do what they do. But unless you're in something sexy or trendy? Good luck courting them.
Can someone elaborate what that conspiracy is?
From the contents of the "attachment A" it seems like the FBI (or whatever other US agency) "sat" on the code they indirectly purchased for 2-3 years (the UPAS) and for several months (the KRONOS), observing the behaviour of Hutchins and "Vinny" and collecting evidence against them.
Shouldn't they have somehow acted to prevent the spreading of the malwares?