From UFOs to psychic powers and government conspiracies. History is riddled with unexplained events. You can turn back now or learn this stuff they don't want you to know. A production of iHeartRadio.
Hello, and welcome back to the show. My name is nol Our, buddy Matt is on adventure as Ben. You're Ben, and.
Matt will be returning soon. They do call me Ben. We're joined as always with our super producer Paul, Mission Control decand most importantly, you are you. You are here, and that makes this the stuff they don't want you to know. Noel hacking, hacking?
Can you hack it? Can you hack it?
What's the uh what's the first thing you think of when you think of hacking.
I guess the term has become dare I say, a bit hackneyed over time, just because it's like, yeah, it conjures images of like bad nineties movie depictions of the Internet, of someone with like a weird, like overly bespoke cased laptop having a screen flashing access granted, you know, people flying through vectors of like weird transparent buildings like pre matrix. Maybe I'm mainly thinking of the movie Hackers, but it was a trope for a while, right, Ben, does that?
Does that? Come? Does that? Though? Some of those things come to mind for you too, You're right.
No, I always love it in the nineteen nineties films when someone reroutes the encryptions right right, the big that's the big move. And and it's true that hacking is a misrepresented concept in the world of film, Like, weird not hackers, to be completely honest with everyone, right, Like, we know a little bit of coding, we have phones,
we get it. But we're also aware that some hacks like stucksnet can alter the course of history, and others like WannaCry can sweep across the globe at a moment's notice. The world of hackings pretty pretty invisible to most people. But it's a dangerous world, and it's a very real one with genuine potential for harm. And so tonight we decided to explore the story of one hacker, in particular, a guy named Marcus Hutchins, who accidentally, per his own account,
stopped a global conspiracy and saved the world. Here are the facts. Who is this guy?
Dang? Yeah? I mean, well, first of all, when we think of hackers, we usually think of like some like aim screen name type handle right, It's like, well, they don't often even get elevated to the point where we even like know their names. That's by design, because a lot of these folks want to stay anonymous. But we do know a thing or two about Marcus. He was born in the nineties. Damn you child, nineteen ninety four
in the UKs. Sorry, whenever I see someone born in the nineteen nineties, God forbid even the two thousands, I'm like, I'm such an old But yes, I know they exist there everywhere. Man, They're crawling out the woodwork, and they're doing big stuff, no doubt. In the United Kingdom in nineteen ninety four, Marcus already was when he came of age, or at least to the point where he could, you know, click clock on a computer, was already showing great promise
with computers and early kinds of programming. There's a story apocryphal or no, that talks about how he was able to bypass the computers at his school reroute the encryptions. Dare we say bypass the school's computer. I guess let's say locks, you know, protection systems, maybe something that would not allow people to install outside software so that he could install game software. You know some kids, what do you think it was plaining? I guess in the nineties
it would have been what what? What was a PC game? This is waypost Doom and like the ID software stuff. What would maybe Minecraft?
Maybe you're right, we came up on Oregon Trail. Let's be honest, that's true.
Yeah, And then I just remember, you know, with all the ID software games, those were the ones where they would send you the freeware discs in the mail, and so that was something that everyone would have installed. But in the I guess he would have been coming of age, like in the early two thousands, so that might have been Minecraft. That's my theory.
Hmm, that's a solid one. I agree with you. We we're getting a lot of his initial career and origin story somewhat apocryphal, as you as you said from this article by Andy Greenberg over Wired, and Marcus teaches himself the ins and outs of coding. He starts hanging out online right in these forums, in these Prereddit areas, or Reddit was already around, or things like Reddit, things like the chans, So it.
Would have been more for these smaller communities. Definitely wouldn't have been quite in the mainstream as much as it is today.
Yeah, he was specifically hanging out with the bad kids of the Internet who wanted to flex on malware. Malware is like software.
It is.
A genre definition of things, programs that are meant to compromise other machines in some way. He's dare I say, hacking at an early age, and he's very young at this point still, yeah.
I think he at around fourteen years old he comes up with his first kind of little hack. I guess, uh, it is funny that how hack has sort of become more appropriated by the normies, like the idea of like life hacks and stuff, But back in this day, it was it was kind of literally figuring out a weakness, you know, some sort of vulnerability and a piece of software and then exploiting that. This would probably be one
of the more basic types of hacks. And he did that with Internet Explorer, figuring out of that whole what is it like autofill stuff where it like saves your info? And I think back in those days it wasn't as like authentication heavy as it is now, like even to get access to certain autofill type things you have to enter a password and use your name and maybe even a fingerprints, you know, if you're using one of those newer Mac laptops.
But here's the text on your phone.
That's right exactly, because a lot of times this stuff will include credit card information. It couldn't even include you know, that would not be the brightest thing in the world to always have that stuff, you know, available for autofill but it certainly is out there now and a little more protective. But back then it would be for stuff like addresses, you know, for shipping or whatever it might be.
And he used it to I guess, send a direct line back to him, you know, from the computer with the malware installed, to give people's passwords, and.
He never used it to commit a crime. The forums he was hanging out on were all about flexing. It's like his version of a skate park, you know, where people are doing their halfpipe tricks, right, And he gets acceptance and approval online, and he hangs out more and more often on these forums, and his teachers and his parents notice that he's not doing so great at his homework in school, yeah.
The regular stuff now, because he's spending all his time on those computer labs, and much like what happens when hackers are convicted, you know, and sent away that a lot of times one of the conditions of their release are you can never go near a computer ever again,
which always seems so heartbreaking. But yeah, he was banned from using any of the school's computers because the faculty thought that he had hacked the entire school network, which he did deny again and got some apocryphal tales in here, which is always kind of the way it goes with figures like this, But in the end, it was just just the push over the cliff he needed to even more reject kind of the stuff they were trying to hopefully get him to do, to go deeper into in
terms of like normal homework and a career and all of that stuff. So he stopped, basically stopped going to school.
He can't blame him, you know.
Oh yeah, tore a terrible move to really absolutely misguided attempt to get someone to not do the thing that they love.
And so he gets pushed away from what we call it, we're going to sound very old, his irl society in real life society. He gets pushed away, and soon he is hanging out full time on these Internet forums. And you know these are forbes associated with what we call pen testing, if we're being correct, penetration testing.
Ah yeah, isn't familiar with that one. And it's like you said, I mean a lot of it was sort of flexes, like here's see what I can do, but it wasn't necessarily these folks were colluding, you know, to plan large scale Internet heists. But as we know, in order to know what the bad guys are doing and how to protect against what they're doing, you got to
kind of have the same bag of tricks. So this really is kind of an interesting early, you know, kind of entry point into what ultimately led to him being as known as he became.
Just so, and you know, at this point, if you're hanging out with those bad kids on that Internet halfpipe, the feds are gonna come shut you down. The squares are gonna come in, and authorities will clamp down on one site. But they're essentially playing whack them hole, which means that the users of these forums will transfer to
another site. So the forum that our young friend Hutchens hangs out at gets closed down, gets shut down, so he moves to another spot it's cold in a burst of creativity hack forums, no one well no, no one will ever figure that one out.
Well, how man, isn't the smarter move instead of like cracking down and like tipping your hand just to kind of lurk and see what you can see. I guess they probably do that for a while and then get to a point where they're like, Okay, we've exhausted this one. We need to I just wonder it will be the impetus for the cops coming in and breaking them up, or learning these folks to their presence, or if it's more like they overplayed their hand and the kids are like,
oh no, we've been made. We need to move on right.
Right right. We've got a great quote from Wired from our buddy Andy writing here, and he talks about you know what this makes me think of. It makes me think of walking into a hotel pool or something like that, where you have the steps at first where you dip your toes in, and our buddy Hutchins is walking in deeper and deeper water. Wired describes hack forums in a pretty interesting way.
Yeah. He describes the members as being a shade more advanced in their skills and a shade Murkier in their ethics. A lord of the flies collection of young hackers seeking to impress one another with nihilistic feats of exploitation. They're
in lies of the flex. We were talking about the minimum table stakes to gain respect from the hack forums crowd was possession of a botnet, a collection of hundreds of thousands of malware infected computers that obey a hacker's commands, capable of directing junk traffic at rivals to flood their web servers and knock them offline. What's known as a
distributed denial of service or d DOS attack. Pretty common technique we've heard that, you know, make the news plenty, Like if I'm not mistaken, we were all just in Las Vegas recently, and I think they were a victim of a hack that I think involved at least in part d DOS attacks. Because all of their servers were overloaded, they couldn't talk to each other, the MGM hotels and
the lights wouldn't work in the room. And when you have a system that's so interconnected like that, these things can be crippling, right.
You nailed it, Yeah, absolutely, And it's said that Matt is on adventures, because that's one of the things, as you will call that he brought up to us before you and Paul and I traveled to Las Vegas. Matt was I'm not gonna do an impression of Matt because we all know.
It's not possible. He's too singular, that.
He's such a voice. Yeah, and uh, Matt, just who everyone knows. Matt was telling us before we went to Vegas about the hack. I think he was the first one who clocked it, and he was saying, guys, we gotta be careful. He asked us if we would bring burner phones, and uh, and be honest with you, I did not bring a burner phone. I used my real phone in Las Vegas.
But not your real name. You were assigned one by hotel management. Yeah, but it's crazy how effective some of these simpler kind of techniques can be. And I guess I didn't really understand the idea of this botnet, Like it's basically like these are these are these computers who don't know they've been had, who don't know they've been infected, and are now like under your sway like that you know, sorcerer's apprentice in the brooms kind of scenario. Right.
Yeah, and this kid, Marcus Hutchins is a child at this point, he's fifteen years old, he's all in. He creates a botnet, and what he does is he suckers people via fake files or misleading files uploaded to bit torrent sites. For those of us in a certain demographic, you might think of LimeWire or things like that.
Oh dude, but I mean bit torrent. You know, you would get it through like the Pirate Bay or whatever, or like there were other different ones. And the way BitTorrent files work is they're like broken up into all these little micro pieces that are then kind of reassembled. So I imagine this is a very smart way of using a technology that is a little bit you know, more underground internety. But it's also like, you know, we knew tons of people that weren't mega hacker, people that
were like using bittorn all the time. It was super mainstream. So it would make sense that he amassed a pretty significant bought army by exploiting these BitTorrent sites for sure.
And we all remember, let's be honest, whether you are a street laced NRO person or whether you have a little bit of r Maybe in your college days, you remember the old say they said, look, you're never gonna get caught if you're downloading the files. You're only in trouble if you're the one uploading them or sharing them, right and yeah, and so it's true.
For some of them. But like the bit torrent ones, just by participating you were sort of part of It was harder to track down individuals, I think because it was like by downloading the file, you were also participating in the upload. But I got a few of those Web Sheriff no no infringement notices back in the day. I sure did you know what?
It was?
Usually about HBO related content. It was usually about like Sopranos episodes or episodes of sixty And you'd get this like form letter directed at your ISP, and then they would come to you and it was like, hey, fly right, buddy, or things are going to go poorly for you. You can get banned from your ISP. At the very least, that's probably what happened.
Oh geez, well, this doesn't hit our boy, Hutchins, our young fifteen year old Hutchins. He has a bought army. It's like eight thousand computers and he starts setting up his own business. He has one called ghost Hosting. The first O is zero, get it because it's leaked to.
Speak, Yeah, very aim Internetti as well. This is a server kind of like web services deal, you know, kind of like we know now is like AWS Amazon web services for hosting sites, much smaller and much more niche This was specifically for hosting sites for hack forum members that allowed them to shield their IP addresses from anyone who would try to, you know, find where the root of such sites might be. But he had some caveats. He would allow people to post anything other than child
sexual abuse material. It's good on him for that, of course, because we know a lot of times these masked you know, web sites or servers. That's a big part of it. But what he was doing essentially was like sort of a smaller scale silk Road dark web thing, but I don't think you needed like a tour browser to access.
Think it wasn't like exactly dark Road silk Web, but it was in that vein the idea that you couldn't necessarily figure out where it was coming from, and maybe there was even a way for users to be encrypted so they couldn't be tracked either.
Yeah, it was all about anonymity, and he had these ethical lines. He kept evolving his skills. He learned how to analyze and improve other hackers software, especially their rootkits. Rootkits are a thing that will change the operating system of a computer such that it can hide itself. And people were massively impressed on these forums. And by the way, at this point, none of these folks on these forums know anything about each other. They're very careful with it.
And this guy, our guy Mark, he starts taking these gigs writing what the authorities will call malware, and he's picking up little side joints, you know, He's like, hey, I know how to turn a piece of code here, and that's where he meets someone calling themselves. Theny things turn dark. It eventually leads him to something terrible called Wanna Cry.
Yeah, it's interesting to kind of get the trajectory of this kid and his sort of like upbringing or like his rise in this kind of culture, because at this point he's like a teenager, you know, he's basically kind of like a snotty teenager who just kind of maybe wants to creak a little bit of chaos, you know, but he does seem to have a moral code, which I think is important. And I think what we're gonna see is a turn where he's like, Ooh, with great
power comes great responsibility kind of vibes, you know. And it just took him meeting the super villain kind of our story to make that realization. But maybe I'm over over stating the case. But it's a really interesting story.
You're one hundred percent correct, Noal, I propose we pause for a word from our sponsor, which will hopefully be a VPN company.
Yeah, no doubt.
Here's where it gets crazy. So this guy Vinnie contacts Marcus. Marcus is about sixteen at this point, and Vinnie is a stranger on the Internet. Marcus does not know him from a Canna paint. And Vinnie goes to Marcus and says, I'll give you a job make a new rootkit for me, kiddo, and I'll sell it all over the cool people Internet and you will get fifty percent of the profits.
Dude, sounds like a deal. I'm sixteen on I'm doing this for fun largely anyway, and I'm starting to make a little extra money, you know, proving the principle and mom and dad wrong, you know, why wouldn't I hop on this train? So a little more than halfway through twenty twelve, they get this whole deal up and running something called a upas kit, which I believe is named after a poison tree. So maybe it's pronounced upus upus.
Yeah. Look, I am also not one hundred percent on the pronunciation, but you're right now. It is named after a poisonous tree Antiaris toxicaria.
Yeah that sounds scary mainly just cut has toxic in it, but it's part of the mulberry family, which is a very pleasant sounding tree. But so, yeah, this is their enterprise. They've been working on for a bit now. And at this point, Vinnie sends Hutchins like a bunch of drugs for his birthday.
Because he was so Mark was complaining to his internet friend Vinnie about how difficult it was to find good drugs in the United Kingdom.
Okay, so this was not completely unsolicited then, like Marcus is into these drugs, he wasn't just like because that also seems like a flex too, where it's like I know where you live and I'm sending you illegal stuff. This would have been appreciated by young Marcus. I'm open, we're not talking about crank or heroin here. Maybe just some weed.
Yeah, I think it was just saying I can't find good weed in the United Kingdom, and Vinny comes through with more than just cannabis.
I see. So there is a little bit of a little bit of a flex in there too, I think, where it's almost like, you know, yeah, you're in deep Because to your point, Ben, he'd always sort of just ridden that line between doing stuff that was just a little more anarchist and a little more just kind of middle finger to the man and like square society, but never things that would be considered fully morally reprehensible or like felony level illegal, right.
Right, Just so, the upus Upas sales had allowed Marcus the ability to not go to school and to work full time. He was supporting himself. He was one of those kids who probably looked like, what do you call it, hikiko mori, the kids who stay home guys?
Yeah, in Japan for sure, or like in Spider Man, he's like the guy in the chair, you know.
Right, yeah, And he was increasingly living this double life. He was a mild mannered young British man by day. He was a master hacker by night. And here we go back to Marcus's own admissions. He made a serious error, just like you said, Noel, he had always stayed a step away from actions he considered illegal or unethical or morally reprehensible. And he said he knew of criminals, and he knew of crimes they had committed, but he did
not consider himself a criminal. He always thought he was just on the side of the law, exactly.
And now he's starting to get an inkling that he's starting to wade into some of those deeper waters, going past the kiddie pool and into the you know, the scary part of the pool where the monsters are they really are you guys, be careful part where you can't see the bottom. There's scary stuff down there. You ever have that. I pretend there was Jaws was in the pool. Maybe I'd just like to freak myself out when I was a kid. But I think the metaphor holds true.
The metaphor does hold true, and you are terrified of open water.
Yeah, it's just a thing that it's a recurring theme for me in dreams where I can't see the bottom. And it's not usually even things that I think are going to murder me. It's just big things that you can't see. And sometimes the big things that you can't see, you don't really know whether they're good or bad. And at this point you made a really good point in the outline, Ben, we're not sure whether Marcus is living a double life as a superhero or potentially a super villain in the making.
Ah, he's living two lives and he's not sure at this point, right which is good or which is bad. His buddy Vinnie ask him to write a new version of this malware, of this program, and he asked Marcus to write in some programming that would be a little bit of an escalation, things like key logging, a couple other specific bells and whistles. Nol, we know what key logging is.
Yeah, I think it's similar to the little hack you as talking we were talking about earlier they did with Internet Explorer, where it's using that auto fill stuff to funnel information out of out of the person's individual computer.
So when you're typing something, somebody who has root access to your machine can then get a copy of that and they can access like things that you have input manually into your computer, which oftentimes you know all the time, really includes personal data and passwords and things that you do not want people to have access to.
And if you are hearing this on a work computer, if you use a work laptop, it is completely legal for your employer to do key law game programs.
Just be aware. So anyway, anybody is it to measure productivity sometimes like that's a thing, you know, they can literally check your work, you know, not to make people freak out or be paranoid, but that is important. Don't fool yourself if you're using a work machine for things that aren't work related. It's not like they're watching you twenty four to seven, but that stuff is fair game to just be warned, right, Yeah.
Be aware. So Marcus is a very smart dude. He's a kid at this point still, and he knows these functionalities for exactly what they are. He says, look at this. This will be a program specifically built to target financial institutions. And in his mind, he says, if I do this, I am committing crime. There's no way to rationalize it. There's no way to call it a gray area. There is no liminal space. I will not write this thing,
he tells his quote unquote pal Vinnie. And then Vinny reveals there was a poison pill to that gift.
Oh boy, could have Could I think that's what I was maybe picking up on a little bit, whor it's like, yeah, I've got something on you, a poison pill. Indeed, sending that package of drugs meant that he had basically blackmail level information on Marcus and could go about exposing, you know,
his kind of secret activities. So they came to a bit of a compromise where Marcus made only a few of the chair a handful of the changes and updates that were being asked I in the key logging, and then he then decided he would farm out the rest of the things that Marcus would not willingly do you know elsewhere.
Yeah, Marcus agreed to make the key logging functionality and dragged his feet a bit. By his own admission, you can read his blog. Vinnie goes like you said, no, he outsources and gets the other functions for this thing. And this thing evolves, and by twenty fourteen, Venny quote unquote Vinnie is selling a new program. It's called Kronos. Marcus continues his regular life. He goes to community college, he graduates. People have no idea that he is basically
neo in the matrix. Yeah, and things start to go south in his online world, so we can, I think, gloss over some of the the terrible things that happened there. Eventually, Marcus takes on the name malware Tech, and nobody knows that malware Tech is a guy in the United Kingdom named Marcus Hutchins until twenty seventeen.
Yeah, that's when the WannaCry ransomware attacks happen, and I got my wires a little cross when we were talking about the MGM stuff. While there may have been a DDAs attack is part of that, Mainly what that whole thing was about was ransomware. WannaCry was is a ransomware crypto worm, which to.
Your made up what is that on?
All these words are great. I love it, Thank you William Gibson. And by the way, that cyberpunk cartoon that goes along with the game that's on Netflix, it's very good. It's really really cool. It's called Cyberpunk some colon something, but it's a pretty pretty cool and it does a great job of carrying on the legacy of like William Gibson and Philip K. Dick and a lot of the kind of you know, fourbears of really interesting kind of
Internet culture and science fiction. But ransomware basically holds this information or the information on your computer hostage by encrypting the files like not to your benefit, right, like locking you out essentially.
Yeah, yeah, yeah, crypto ransomware, or by locking you out of your computer entirely, which will be locker ransomware, which we know. I have to pause for a moment and on MAT's behalf also say thank you so much for shouting out William Gibson, neuromancer, the author who saw it
all coming in ransomware. Ransomware is pretty nasty because it will direct the victim to pay some sort of financial thing right through a very specific set of instructions, usually bitcoin nowadays or some sort of derivative of WannaCry is even nastier because WannaCry will automatically propagate itself. It is considered a network worm. When it hit the Internet, it was May twelfth, twenty seventeen. It continued to May seventeenth. During just that small amount of time, just those few days.
It hit over one hundred and fifty countries. It was nasty, went so far because it was based on It was based on some demonic stuff that Uncle Sam figured out out.
And experts and you know, folks kind of watch watching the events unfold began to advise to not pay the ransom because there had not been any reliable information pointing to people actually getting their stuff back.
Yeah, and WannaCry was based on an exploit called Eternal Blue, which was discovered Slash created Slash developed by the Essay. About a month before WannaCry hit the world, there was a group You're gonna love this, man, because I know you love cyberpunk. There was a group of hackers named the Shadow Brokers. Yeah, that's a real thing. How is that a real thing?
Yeah, it sounds like cyberpunk, but it also sounds like Skyrim or something like much more Lord of the ringsy.
Right, the I'm sure they love all of these things. They might be playing Skyrim now. The Shatto Brokers stole the Eternal Blue exploit from the Essay somehow, and they leaked it to the world. And the Want to Cry attack mainly worked on organizations that had not updated their software, they had not applied patches from Microsoft, they were working
with older, outdated versions of operating systems. And at this point we have to be honest, it is very very easy to ignore all those things, all those little pop ups you get that say update your software now, right, Like, how many times have you ignored those today? Folks?
Yeah? You know, I'm I run a lot of like I use my personal computer for work and you know, pro personal stuff when I'm at home, and then I have my work laptop, but I oftentimes don't have auto install on for those I updates from Mac because a lot of the third party like audio things that I use, they'll quickly get bricked if you do the wrong updates. So sometimes you have to like wait like a year for a new update to be fully tested. But then there are also sort of like sub updates that are
more like security things. Those are the ones you do want to make sure you do, even if you're not doing the full updates. Always make sure that the security patches are turned on, because that's the kind of stuff that is protecting you from these sorts of things.
Absolutely, I think it's very easy to ignore that routine maintenance, right, that routine security, and especially if you're like us, if you work with any cavalcade of idiosyncratic apps or platforms, it's kind of like a house of cards, you know, if you change one and then it changes everything else. And that's what the hackers are counting on, and that is why within just a few days a cry infected
hundreds of thousands of computers. The estimates of damage ranged from hundreds of millions of dollars to literally billions of dollars. And like you said, the experts told everyone, one, patch your computer, and two, don't give in to the ransom. Don't give in to the terrorists because they're not going to give you your money back. No one knew what to do until one day, our pal, Marcus Hutchins, walked home from lunch and found out what was going on.
We're gonna pause for a word from our sponsor, and then Noel maybe we talked about how this guy saved the day absolutely, and.
We're back talking about mild mannered Marcus Hutchins of the Internet and also the United Kingdom, who had been through kind of an emotional rollercoaster. At this point, I did do a little extra reading and the package of drugs that were sent to him. It wasn't just weed. It was like amphetamines and psychedelics and hallucinogens. And apparently when he started doing a lot of these kind of like all night coding sessions once he stopped going to school,
he himself got addicted pretty badly to amphetamines. He used to replace them, replace just you know, coffee with it. So he was down a pretty dark path in more ways than one. You know, he had basically been blackmailed himself by this vinny character who threatened to turn the information he had on him against him. This package of drugs that he sent to him, he perhaps turned him into the FBI or whatever, not to mention other stuff
that he likely had. Can you imagine, Ben, if you were doing this and thinking you were like, you know, King Shiit of fuc came out and then all of a sudden, the person that has guided you into this world turns on you, and now you feel like you're sort of you're there botnet. You know, they've got control of you.
Oh that's good. Yeah, I mean it's evil, but that's a great feeling. Yeah, that's the deep water you're talking about. Yeah, And this is Hutchins has to struggle through this stuff. He is by the time WannaCry hits, he is navigating the brighter side of drug addiction, I think, and he is working through what we would call white hat hacking, which is, you know, we have def con here in Las Vegas. It's where Yeah, it's where you where. Essentially you are no longer paid to do malware programming. You
are paid by companies like a bounty hunter. You find the exploits, the vulnerabilities in their software, and they give you a ton of money if it works out. This guy is working under the name malware Tech, and you can find his blog as Marcus Hutchins. You can also find malware Tech. He's not really on Twitter anymore, which I know is a bummer for you know, because you love Twitter so very much.
I love it so much. Yeah, yes, gosh.
Oh gosh, pardon me.
You're You're right on the money, Ben, Even like the emails that I get from them still say x formerly Twitter. It's like it's not gonna happen elon. But yeah, he he gets wind of this, I think, and much the same way that the rest of the world does. But he has more information that the rest of the world doesn't have, so he knows what he's looking at. Hutchins learn of want to cry. After he had some lunch on May the twelfth, he saw networks across Britain's healthcare
system had been hit by the ransomware. So that's that's, you know, and this is that kind of stuff that that is the super dark side. You know, we were talking about casinos. That sucks for business. You know, casinos make a lot of money losing money, you know, inconvenicing guests and all of that, and that sucks. That's no good.
But healthcare systems, people could die, you know, like like not to mention like the if it's if it's interconnected in the same way that the power stuff was, you know, at at the MGM, A lot of these larger facilities, they are going to have that level of interconnectedness. So he sees reports of Britain's health system being hit by these that's going to be things like records and you know,
all of that stuff. But he with the information that he has, knowing this is likely an extension of the thing that he participated in in some way, he starts to get a little micro you know, looking into the code and seeing what he can see.
And as he is running in his digital fingers across the carapace of this thing, he finds a chink in the armor, a gap. He sees that there is a part of the code that includes a web address. The web address is not registered, so he registers the domain. This is very in the weeds, but he registers the domain, and and he's on record say this. He says, he always says, like, I paid ten dollars and sixty nine
cents to get the domain address. And at the same time, while he's doing this concurrently across the pond, there's another guy who also deserves his flowers, a guy named Darien huss He's twenty eight years old. He lives in the United States, I think in the Michigan area. He is a research engineer for a cybersecurity firm called proof Point. And this guy's doing his own analysis. And this guy, Darien, notices that whomever wrote this hardware left in a feature
called a kill switch. And so Darien sends a screenshot of this to our buddy Hutchins, who is still at this point anonymous online.
So they go back and forth about this and realize something really really important that registering the domain name and redirecting the attacks to malware tech server had actually activated the kill switch, which halted the basically neutralized the ransomware, creating something that's known as in the packing parlance as a sinkhole.
Yeah. That means that the attacks with that current variant of WannaCry will no longer execute successfully. And it's weird how this stuff is like it's like covid. That's why they call it a virus, right, because there could be a new variant. One of the first things that malware Tech does is say, look, you have to get all of your operating systems patched immediately. And he has a great crisis of faith here because to reveal this, to save the Internet, he has to give up his anonymity.
And that's what he does. That's why we know malware tech is cybersecurity consultant. Marcus Hutchints. You can find him today, folks, Marcus Hutchins dot com. The guy literally saved the Internet. He says he did it accidentally. He says he stumbled upon it. And there's so much more to the story. But I think we gotta I think we got to give the guy the props where it's due Noel, would our podcast exist if if wanna cry continued?
Yeah, it's a good question. I mean, you got you do have to kind of wonder, like it was so insidious that it could have caused irreparable damage to large systems. You know. This is also long enough ago that it's almost like the way airports were before nine to eleven, you know what I mean, Like, once something massive like this happens that is so earth shattering, you know, then things but things kind of turn a corner in terms of like security, and maybe I'm maybe I'm off base there,
but it does feel like that's the case. Is like he said the beginning of the show, this really was something that shifted the course of technological events. So yeah, I think it could have knocked things out. I always think of the movie as bad as it is Escape from La the sequel to Escape from New York, the
John Carpenter movie. The School is pretty bad overall, but it has a pretty interesting foil or plot, I guess device where it's this idea that like all electricity and interconnected you know, machinery will will be killed, including batteries, and they don't really explain how that makes sense in that I.
Remember that and I remember the soundtracks banging though.
It's pretty good, but it does make me think of like, is this some kind of like would this be a fight club event? Like a project may set us back to the Stone age type event. We don't know. Because Hutchins did jump in, would it have been solved otherwise? I don't know that either. What do you think, Ben?
A lot of this stuff is just based on boneheaded, like exploitable flaws in saw where you know, with the would the the Microsofts of the world have figured it out first and figured out how to do something about it. I kind of think, No, I.
Kind of think you're right on that one, Noel, because consider that Eternal Blue, which is the exploit Uncle Sam figured out. Eternal Blue, was discovered by the United States government, and they could have told Microsoft. They did not tell Microsoft. They instead built a monster, right, and the monster got out of its gauge and then became another thing. It evolved like some sort of sinister evil Pokemon, and.
In its final form, right.
And Marcus Hutchins is the one person who said, hang on a sec way to tick, you know, and and did the right thing. The story continues. Of course, one A Cry is largely suspected to be a creation of the Deep Rcave the North Korean government. In full fairness, the government of North Korea denies that it was them in a stunning plot twist.
So, I guess when when you're in this kind of world, you know, and all these types of code, these pieces of code, there's an open source ness to it. You know, if you're in the community, you share and share like and maybe something some group did you know, a small close knit group of you know, hackers or coders might end up in another attack, right, because this stuff is kind of shared. So Hutchins, it's not like he directly
participated in making this. It was just something that the experience that he had with Vinny led him to have the know how to recognize what he was looking at. Is that right?
You're absolutely right, dude, because if you go to Marcus Hutchins dot com right now, what you can see is threat intelligence a lot of work. Basically. I guess if you're if you're like this guy, you feel like you're always telling people the same things. You're always saying, Hey, update your browser, Hey, don't you know click on pop ups or whatever for us knuckleheads in the crowd. And we have a lot to thank this guy for because he genuinely did stop a conspiracy. And no, you and
I talked about this off air. A lot of people familiar with the situation are probably gonna say, Hey, Noel, Matt, Paul, Ben, Doc Holliday, why are you acting like this guy should get a statue in the square? Why are you acting like he's a super perfect person. He got in trouble later, right.
Well, you know, he was eventually kind of roped in with the scheme or surrounding the scheme that Vinnie was at the center of. And in twenty seventeen, he got arrested by the FBI. He was brought up on hacking charges or sir six hacking related federal charges in the US District Court for Eastern District of Wisconsin related to spreading that Chronos package. And he was asked to flip, you know, on some of his fellow you know, hackers
or community members, including Vinnie. He did not have enough information on Vinnie to actually give them anything actionable, so he wasn't able to And then he refused to flip on anybody else in the community. He did plead guilty in twenty nineteen to two of the ten charges against him, including wire fraud, distributing, selling, promoting, and advertising a device
used to intercept electronic communications. He basically just from sitting in jail during a lot of these proceedings ended up with time served and some fines, so he was punished, you know, for some of this stuff, and then he you know, presumably flipped it around into how can I be legitimate and like use what I know to help stop bad guys, whether or not that's just to benefit
like companies that can pay him. I don't think we're saying necessarily this like White Night, but he did make some good decisions along the way and did not turn down what could have been a much darker, super villainous path.
And the judge in his case sentenced him to time served and one year of supervised release and said, you have turned the corner. You stop using your skills for criminal purpose. You made them a benefit to society well before you ever went to court. So they said, like, you made the right decision before you were forced into doing so.
That's right.
Yeah, you like.
To see that. I think that's important because a lot of times, I think we think judges they don't look at stuff like that or or that. It's it's really hard to get to have a sense that there is some redemption, you know that. But like, you know, he
made these choices on his own. We're talking about decisions that he made all on the way where he could have gone down this fork in the road and instead he went down this one, and that all led to I think what has ended up being a very thoughtful and intelligent person that's using some skills that they have for the betterment of of you know whatever, because you can't fight fire with you know, jello. Maybe it's kind of fun.
It's like my favorite that's my favorite analogy you've ever done.
Okay, I'm going to go I'm gonna put that on on a shirt. But I just mean, like, you know, when you're in these circles, these very elite circles, or you have to earn your way in, those are the people that really know how to stay on top of what's going on because these are very fast moving developments and technology and in like cybersecurity and threats. So it's
kind of whether he's a superhero or not. I'm glad there are people like him out there hopefully keeping us from getting escaped from la back into the stone age.
So let's end on this. Maybe there's a great quote from the judge. The judge says, it's going to take individuals like yourself who have the skill set, even at the tender age of twenty four or twenty five, to come up with solutions. The judge, even in court implied or argued that Marcus Hutchins should get a full pardon while admitting that the current court did not have the power to grant one, and was like, ah, you're good though. You turned it around, and it's neat. It's neat to
hear this. Here's another line, it's neat to hear stuff like this. There are just too many positives on the other side of the ledger. The final call in the case of Marcus Hutchins today is a sentence of time served with a one year period of supervised release, which is crazy. He's online now you can go.
That's right. So like again, we talked about this at the top of the show too. A lot of these folks that maybe don't demonstrate this turning of the corner are barred from ever touching a computer again for the rest of their lives. And as we know someone who that is like this is a passion for folks. They're not always it's doing it. The money's part of it, but it's like it is how they're rain's work and like to be cut off from that would be the greatest punishment of all, I think, And so good on
Marcus Man. Cool story, honestly, kind of a posy vibe story. I'm I'm digging it, Ben, It's.
Kind of cool, right, No, And we like the positive stories, especially especially these kind of these empowered underdogs. Right this is a David Goliath kind of story. There was one guy who, with a little help from his friends, stopped a global conspiracy midway. You know, that's pretty amazing. We would love to hear more stories like that. What are your favorite tales of people who successfully stopped a global catastrophe? Please find us online, right, it's a little bit funny to say.
There are other way is if you don't want to catch a worm, but you can hit us up at the social media platform of your choosing, or we are conspiracy stuff on Twitter, nay xxna, Twitter, whichever, YouTube and Facebook, or we have a Facebook group. Here's where it gets crazy, new YouTube content popping off every single week. We're a conspiracy stuff show, however, on TikTok and Instagram.
That we are. And as you said, Noel, if you don't care to sip the social needs, have no fear. You can call us directly one eight three three sdd WYTK. You'll hear a brief message and then you'll hear a beep. You got three minutes. Those are your minutes. Go nuts with them. Yeah, give yourself a cool nickname. Tell us what's on your mind. Most importantly, tell us if we can use your name and or message on the air. If you are saying I don't like social media, I
don't like votes. What I like is emails, then we got your back there too. You can always drop us a line anytime of day, any country you live in, as long as you have an Internet connection. Send us a good old fashioned letter at.
The place where we read every single email that we get conspiracy at iHeartRadio dot com.
Stuff they don't want you to know is a production of iHeartRadio. For more podcasts from iHeartRadio, visit the iHeartRadio app, Apple Podcasts, or wherever you listen to your favorite shows,