Creator of Nanocore RAT Sentenced to 33 Months in Prison

Authorities working for the American criminal justice system have sentenced Taylor Huddleston, 27, of Hot Springs, Arkansas to 33 months in prison and two years of supervised release for aiding and abetting hackers by creating and selling malware. Huddleston had already pleaded guilty in July 2017 and left it up to the courts to decide how much prison time he would serve. His guilty plea followed his arrest by the FBI earlier in 2017.

Huddleston’s case and subsequent sentencing is precedent setting because he was the first case where the author of a malware strain was arrested, despite not being accused of using the malware himself. This may not bode well for Marcus "MalwareTech" Hutchins as US authorities are pursuing a similar case against him. Hutchins rose to fame when he helped stop the WannaCry ransomware outbreak. In regard to Hutchins’ case, he is alleged to have created the Kronos banking trojan.

The Hutchins case is been followed rather closely by security researchers around the globe with many coming to Hutchins’ defense. As the case stands currently prosecutors allege that Hutchins confessed to creating Kronos during interrogation, but his lawyers filed a document on Friday outlining their argument that Hutchins' confession was coerced. They insist he was exhausted and intoxicated when authorities received his confession. Hutchins is currently on bail in Los Angeles, and no date for his trial in Wisconsin has yet been set.

Huddleston’s Case was dependant on Intent

According to Huddleston's position on sentencing and a statement of facts, his attorney argued that the suspect said he did not start out his life as a software engineer with any malicious intent. Rather, he got into software as a way to sustain himself as a teenager who lived in shabby conditions. He never met his biological father and moved countless of times during his youth.

Further, it was argued that Huddleston's first major application, Net Seal, wasn't even malicious with the application being used to secure applications against software piracy. While Net Seal was used in a number of other programs, it became incredibly popular with hackers who used the application to secure malware they put up for sale against scammers and crackers. It was the success experienced by Net Seal that drove Huddleston to actively market Net Seal on HackForums in an attempt to boost his income.

nanocore rat developer sentenced to prison

In time Huddleston buoyed by his initial success would create Nanocore RAT which was described and advertised as a “remote access tool ... designed to allow a computer hacker to take complete control of a victim’s computer for the purpose of performing [remote operations]” on HackForums. It was the selling of the RAT which would prove a decisive factor in the case. In his guilty plea, Huddleston admitted to knowing that some of his customers used Nanocore for malicious purposes. In the records of the court it was stated:

“Mr. Huddleston understands and accepts that he broke the law by marketing Net Seal and NanoCore on a website frequented by users who would likely use the programs for malicious purposes. [...] Mr. Huddleston knows that he has no one to blame but himself, and is prepared to serve the sentence this Court finds appropriate. His actions before and after his arrest illustrate his sincere remorse and dedication to using his talents to benefit society and make amends for his illegal conduct.”

Huddleston’s legal team asked that he receive a maximum sentence of six months in prison despite the maximum sentence being ten years. The court decided that 33 months would be in the best interests of justice.

Nanocore used in attacks targeting Businesses based in US, UK, and India

At the start of 2016 reports began to surface of attacks targeting small to medium businesses in the US, UK, and India. The attackers were using two known RATs namely Backdoor.Breut and Trojan.Nancrat, otherwise known as Nanocore. Researchers were able to determine that the attackers were operating with limited resources as they relied on social engineering tactics and the two RATs which were publicly available. Despite their limitations, the attackers were able to significant amounts of damage. One of the reasons for this was Nanocore’s ability to be used for multiple purposes.

When Nanocore could be bought, for the purchase price of 25 USD, it was clear that there were a number of factors that set it apart from other RATs which were leaked or been offered as Malware as a Service (MaaS). One of the major distinguishing features was the functionality and the ease of use. This made it incredibly appealing to novice hackers lacking technical skills that would naturally come with experience. Nanocore also boasted modular functionality and a rich base of plugin features which would have further made it desirable to the novice threat actor. Further, the base plugins that came with the initial purchase had everything necessary to perform a successful and potentially very damaging intrusion. It is these features which undoubtedly made the attacks conducted on US, UK, and Indian SMBs possible considering the limited resources the attackers had.

Moral and Legal Questions

The case involving Huddleston has raised some interesting moral and legal questions. One of those being if someone creates an application that is used by hackers to conduct criminally liable crimes, is the creator liable as well? The court in this instance looked at the intention of the accused. If the accused created a program knowing full well that the program will be used by hackers for use in criminal actions he does share some of the liability. In the Huddleston case, the plea of guilty confirmed the court's position. In looking at the morality of Huddleston’s actions one could argue that he would be equally found to be immoral based on the same yardstick. It will be interesting to see if intention will play such a significant role in the Hutchins case.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal