Submitted by James Azar on Tue, 03/13/2018 - 09:07
The Hacker who never did it.
The Hacker who never did it.

We are all so used to hearing about hackers arrested for committing detailed and far reaching crimes spanning years, that this special case took the cybersecurity community by surprise. 

A hacker was convicted for 33 months in prison in Arkansas who has never conducted even a single cyber-attack. Taylor Huddleston, 26, was arrested in March last year and the FBI confiscated all his computers.

Two months later they returned and arrested him for selling dangerous software to cybercriminals. 

Huddleston never actually hacked anyone and he didn't set out to be a hacking mastermind. He created a piece of software called NanoCare back in 2012 with the intention to offer a cheap remote management system for schools, parents, and IT-conscious businesses. He spent two years (2014-2016) selling the software and then he sold the ownership and the rights of NanoCore to a third party.

[Cyberhub Summit Coming to Austin, Tx | May 3, 2018 - Cyber Security education for executives and business owners, Exclusive Dinner and Powerful Networking. | Get the latest from Cyberhub Summit by signing up for their newsletters. ]

But like so many in the lucrative Cyber market, the green-eyed monster got the best of Taylor. Huddleston started to sell the software for $25 apiece in Underground hacking forums, via the darknet and some big-time cybercriminals started stripping down and using NanoCare for all it was worth. 

Why was this program so popular?

NanoCare had all the functionality that hackers needed to conduct large operations. It could steal sensitive information from computers - such as passwords, emails, text messages and had the ability to remotely activate and control webcams and spy on people.

Not only that, but it could also begin the process on other cyber mischief like viewing, downloading and deleting your files. Noticeably there was a built-in revenue channel where the hackers could lock the infected PC and hold it to ransom.

Bottom line was, this software could do everything a hacker would need to get their career started and find their first "paying customer". 

What's really unique here, is how the FBI was able to find the hacker and find evidence that connected him to the software. They must have spent months investigating hacker rings, conducting talks with hackers behind closed doors and perfecting their Russian grammar. 

Tayler pleaded guilty and admitted to selling the software to cybercriminals and admitted that it could have potentially disastrous effects on enterprises around the world. 

He also admitted to creating and operating a software license system called "Net Seal" that was used by another hacker, Zachary Shames, to sell thousands of copies of another known hacking tool - Limitless keylogger.

Unlike Tayler, Shames did the heavy lifting. He used Net Seal to infect the computers of 3,000 people, spreading the virus to a total of 16,000 computers and causing massive damage. 

What we learn from this story is that even people that build the hacking software don't get off lightly. The US government is getting better and better at catching the originators of these illegal cyber tools and stopping them before the next epidemic happens.

Could Huddleston have predicted the consequences of his software? He claimed not, yet he is still paying the price. We can clearly see that this new direction of clamping down on software developers shows a new pre-emptive strike against cybercrime.