GCHQ Knew FBI Wanted To Arrest MalwareTech, Let Him Fly To The US To Be Arrested There

from the so-much-for-those-'flight-risk'-fears dept

It looks like the UK found an easy way to avoid another lengthy extradition battle. Its intelligence agency, GCHQ, knew something security research Marcus Hutchins didn't -- and certainly didn't feel obliged to tell him. Not only that, but it let a criminal suspect fly out of the country with zero pre-flight vetting. (Caution: registration wall ahead.)

Officials at the intelligence agency knew that Marcus Hutchins, from Devon, who was hailed as a hero for helping the NHS, would be walking into a trap when he flew to the US in July for a cyber-conference. Hutchins’s arrest by the FBI on August 2 while he was returning from Las Vegas freed the British government from the “headache of an extradition battle” with their closest ally, say sources familiar with the case.

Certainly no one expected GCHQ to give Hutchins a heads-up on the legal troubles awaiting him on the other side of the pond, but there's something a bit mean-spirited about allowing a UK citizen to walk into custody in another country. And as for the "headache," too bad. That's just part of the deal when you make promises to other countries you'll ship them your citizens to face an uphill battle in an unfamiliar judicial system while facing charges for laws that may not apply the same way -- or as harshly -- at home.

This is even more disconcerting when it was Hutchins who was instrumental in killing off the WannaCry ransomware that wreaked havoc pretty much everywhere earlier this year. In gratitude for his efforts, a few publications outed the person behind the "MalwareTech" pseudonym, which probably made it a bit easier to tie Hutchins to various online personas.

As Marcy Wheeler pointed out on Twitter, it works out pretty well for the UK. It gets to outsource its prosecutions to a nation where punishments for malicious hacking are much, much higher. It also gets to dodge the publicity black eye of handing over its (inadvertent) WannaCry hero to the feds and their threat of a few decades in jail. It also suggests the Five Eyes partnership is paying off in questionable ways and, sooner or later, it's going to be an American citizen walking into the same sort of trap overseas.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: doj, extradition, fbi, gchq, malwaretech, marcus hutchins, uk