08:38, April 05 508 0 abajournal.com

2017-04-05 08:38:04
Programmer faces federal charges for creating software used by hackers

An Arkansas programmer who created software that is popular with hackers is facing federal charges of conspiracy, and aiding and abetting computer intrusions.

Taylor Huddleston created a remote administration tool called NanoCore that has been linked to computer hacks in at least 10 countries, the Daily Beast reports. The case raises a novel question, according to the article: When is a programmer criminally responsible for the actions of their users?

Huddleston, a high school dropout, developed the program in hopes that it could lift him out of poverty and get him out of a run-down trailer where he lived on his mother’s property. His hope, he said, was that his $25 program could be used by IT administrators, parents keeping track of their children’s online activity, and others who didn’t have a lot of money to spend on remote-access capability. He eventually bought a $60,000 home with proceeds from NanoCore and an anti-piracy program he created called Net Seal.

Prosecutors pointed out that Huddleston announced and supported NanoCore on HackForums.net. They raided his home in December, arrested him in February, and are seeking forfeiture of his home in Hot Springs, Arkansas.

“It would soon become clear,” the Daily Beast reports, that HackForums “was a terrible place to launch a legitimate remote administration tool. There aren’t a lot of corporate procurement officers on HackForums. Instead, many of Huddleston’s new customers had purely illicit uses for a slick remote-access tool. In short order, Huddleston found himself routinely admonishing people not to use his software for crime.”

Huddleston eventually removed his product’s capability to steal passwords and log keystrokes, and he would log in and disable the software when he discovered a buyer was using it for hacking. Unhappy hackers eventually distributed pirated versions of Huddleston’s software online. He eventually sold the NanoCore business to a HackForum member.

Huddleston sees a double standard. Hackers also have used remote-access software created by large corporations, he said. “NanoCore is abused in the same way that those are,” he told the Daily Beast. “The difference is I … go after these people and build security into the software to catch these people.”

Cornell law professor James Grimmelmann told the Daily Beast that the case could have a chilling effect on software developers whose technology could be adapted by criminals. He said the prosecution of Huddleston comports with a trend in online law enforcement in which prosecutors target defendants who can be identified in place of criminals who can’t be found.

“It’s kind of unusual to target a software developer, but I definitely feel that’s the way the winds are blowing,” Grimmelmann told the Daily Beast.

Hat tip to the Marshall Project.