Start prioritizing your online safety today with Guardio! Visit guard.io/crumb to get a 7-day free trial and save 20% off a premium plan by using my exclusive link. Don't miss out on this opportunity to enhance your internet security!
23:49 lmao imagine getting a fake message for a transference, who in the world would accept it are you for real? am l in another reality where people does this xD
@@Bob_Bob347There has been theories by content creators that say that if any words youtube doesn't like get put in the comments too much, then it can actually start to get the video put into adults only and get hit negatively by the algorithm. So while it may seem silly it might actually help the content creator. Of course there'd need to be more proof, I just found it interesting.
As someone who has survived a 100% blocked lower descending Aorta at a cardiac care unit.This guy is a real hero.Had they not been able to operate? I wouldn't be alive. He is an exemplary young man.He is a true hero!!
I don't know dude... How suspicious he just accidentally registered the kill switch or that there even was one CONSIDERING that the files didn't get decrypted when people paid, like... come on. For someone who does what this guy does, getting noticed is a huge factor in his ability to get a high ranking job. If I were him that's what I would have done, manufactured this problem, solved it, taken the BTC and the fame and used that to slingshot myself into a well paid position. NOT EVEN to mention that the media doxxed his house, his name and how even to get to his house lmfao. I think this guy wanted the attention but wasn't prepared for the backlash.
@@PhurPher I don't think he was behind it at all. I think that the Korean malware developers were actually really smart when they included that kill switch. It's something that the average common man wouldn't do. Only a malware researcher would register the domain visible after looking at the instructions the malware had. It's basically the best version of a "Debug" check or "VM" check. Once you have a malware researcher reversing your malware, it's the time you stop using it and move on. And on top of that, the kill switch wouldn't be done by them, it would automatically be activated by the malware researcher meaning they wouldn't be fucked by it.
@@blocksource4192That makes ... No sense whatsoever. Why would the malware creator want to shut down the virus after someone reverse engineered it? It's not like the malware was designed to self destruct after the Killswitch was activated, a copy of the executable is available to this day for people to download. The only thing the Killswitch does is exactly as advertised, it prevented the proliferation of the worm, which would bring him/her absolutely no benefit whatsoever (unless making money wasn't the primary goal, but moreso exposure). In that case, then a Killswitch like this makes perfect sense. If the creators were worried about getting caught, like you insinuated, then they likely would include at least some form of self destruction (which isn't hard to implement at all) to at least hide the evidence.
Why would a large UK newspaper post his home address? That is terrible, that should be illegal. He should be able to sue them for posting his home address.
Pretty sure it is illegal under our law, unfortunately most of our media, much like our politicians, are seemingly above the law and immune to any consequence.
I think this was during the time some UK newspapers were hacking into peoples devices for more information, theres still a few UK papers that literally doxx people.
The UK tabloids are notoriously unscrupulous about things such as privacy. Amy Winehouse kept telling people that her phone was being tapped and everyone thought that she was a drunken crackhead suffering from paranoid delusions, but after she died it was revealed that Rupert Murdock's gossip rags had, indeed, tapped the phones of dozens of celebrities and politicians.
This. Fucking journalists. Can't mind their own damn business and report something as anonymous. He could literally be killed for this because someone is not happy that he disrupted their plans. Brain dead. Absolute brain dead.
Their job is to investigate stories. For once, they investigated. His arrest is on those who arrested him who, in any case, would have found him without the media's assistance eventually.
@@aarondavis8943 ok, but you don't go out and straight up dox someone's location and personal information, especially when they do not want that information to be out there. It's incredibly dangerous and irresponsible for journalists to do this. Think about it, this guy just shutdown something that would have better BILLIONS more dollars to an individual or group of individuals. I can imagine they would not be all that pleased to lose out on said money
@@aarondavis8943 You can investigate a story without posting a persons FULL ADDRESS and a picture of where he lived, along with the name and contact info of his FAMILY in the newspaper. Thats ridiculous.
I don’t think people realize how many cyber security professionals got their start as hackers. Honestly the best ones do, it’s what makes them so good at what they do. It doesn’t cancel out the bad they did, but it happens all the time. And the good they do more than exceeds the bad they did. And to hold a man who’s very clearly turned a new leaf accountable for actions he did as a literal child is absurd.
For real this is bs. Most hackers start off in video games as kids exploiting and cheating, then they get into more serious stuff. You can’t hold people accountable for things they did that young.
@@Biggietalls779 Ditto. People are acting like 20 is child ages. It's not. That said, he was clearly trying to turn a leaf and it was evident, so jailing him would've been such a bad and dumb choice regardless.
Typically what happens is they usually “jail” people they want to hide, then shortly after they disappear and are usually hired. It’s a common method to make people forget
he still commited multiple crimes, not a good look for a government agency to hire a criminal with 0 punishments. Not that it hasnt happened before though.
It's kind of amazing that you can directly see that the existence of the FBI isn't to weed out malicious actors, but to feed malicious actors vulnerable people with threats of enforcement hanging over their heads.
The Judge's understanding of the weight of Marcus's contributions and potential contributions is outstanding. The speech they gave put chills down my spine.
yeah i really didn't expect that after the set up for the judge lol. this is the right way though and hes prolly being advised by people in the government(like NSA) that this kid is useful to US and allied interests. my understanding was that most of these hacker kids end up doing some small stint and working for white hat/ the government
when ironically it was the US Federal government that was the actual threat that created the bloody virus and because of their own lax security had a massive leak of extremely dangerous software.
The main issue is that he did actually get in the way of America... where do you think the malware came from 😂😂. Really does make me wonder why the FBI didnt want someone to stop that malware
@@phantomshitter and still the federal government hasn't found the leak... It's almost like the feds made him the focus so people wouldn't be asking the real question of how all those weapons got stolen.
Nice to see a video about someone who’s not a POS. I feel bad for the young kids that get roped into cybercrime. But clearly there’s still some who have a moral compass!
ok so i am from said small town in Devon, i know this guy and all i can say is he is lovely, honest, just a really nice bloke. we all have skeletons but he didn't deserve being sold out by his own government after literally saving their asses.
I have a degree in computer science, I mostly work on maintaining existing code in my codebase, or designing new bespoke software for clients. The amount of time it can take to comb through software reading it and actually understanding it, can take hours. Bravo to him stopping the Ransomware.
"a scapegoat for every tech related problem they were running into" oh yeah school was hell for me too, but all I did was debug wifi connectivity and fix dns issues, I never did anything awful, there werent even any real issues, I only gained administrative privileges (trivially) because the IT guy was literally just the boileroom guy and utility vehicle mechanic with zero knowledge of computers. Instead of just making me help out with things they saw my knowledge as dangerous and a challenge to school authority. Bosses hate me for having "passwords too difficult to remember" now but they just dont understand, I quit because my last boss called ma a "schizo conspiracy theorist" for thinking him yelling out his email password in earshot of a bunch of unvetted and unassociated people was not a good idea and that using the names of your kids in an easily guessable arrangement is really shitty password practice.
@@prelawnoob its like being a woman with knowledge of herblore in the medieval times, that fear of imagined power, call them a witch and now the scary person that knows something they don't is dealt with. It's pathetic but there are a lot of tendencies like that which date back to medieval witch hunts and even older that are still present today.
The problem is passwords. Look at alternatives for most cases. If users rarely enter a password and using it requires MFA, and changing associated non-password tools with it require manual human confirmation, then it’s ok for that password to be insanely secure.
The amount of scat I got from teachers in highschool for years after revealing that they left the command line exposed on the school computers, and by extension the easiest backdoor Windows has to administrative privileges... sheesh.
NEVER talk to law enforcement without an attorney. The guilty need an attorney, the innocent need one even more. The Sixth Amendment of the US Constitution guarantees the right to an attorney. Upon arrest or even when approached by law enforcement say “I want an attorney” and law enforcement must stop questioning you.
"You have a right to an attorney, you don't have the right to a specific attorney"" ~~ Judge Morty proceeding over State of Georgia VS Denver Rick Allen
I know this isn’t exactly related but my ex used to work for a prominent doctors office in the area. They were attacked with ransomware 3 times in 2 weeks, each time the ransom payments were higher, totaling around $100k, and the doctor just paid it, didn’t want to get the police involved, didn’t make waves about it, he just paid it from the company account. I didn’t think much of it then, but now this video reminded me of it and got me thinking maybe it was an inside job for embezzlement.
I doubt it. Remember crime is still very much a business, just an illegitimate one. If one does not follow through on either the carrot or the stick, then you can't run a business; the carrot being decryption and the stick being permanent encryption/deletion. The ransom becoming bigger is just the criminals seeing the doctors as "repeat customers". Another thing to keep in mind is that many businesses are notoriously bad at updating their computers nevermind good cybersecurity practices. More than likely the doctors didn't update their computers, had bad passwords or would open up emails with trojans, etc. More than likely he was just paying it because it was quicker and easier than say restoring from backups (assuming they had any). Restoring a computer isn't exactly a quick process, keeping in mind that they needed the computer at that moment as they were serving their patients.
I mean he would still have to launder that money somehow? And crypto is pretty easy to keep track of now days for the most part, so that’s not a fool proof plan by any means.. so I think if he actually was embezzling money he was causing more trouble than it was worth.. I’m sure he makes a decent amount of money so $100k isn’t that big of a deal, like I said it’s not like he could prevent himself from going into bankruptcy or buy a house or a car with it. It’s not that easy.
Sometimes it’s an image thing too; like for a medical practice to admit it would be admitting potentially incredibly sensitive medical information about patients had been compromised - Not paying it (if they didnt have a backup) would mean loss of that data too; which could lead to delays in patients getting treatment for things that are time sensitive
Glad the judge had the sense to recognise somebody eventually making the decision to do good, when his path to success as a criminal was ripe for the taking.
It was more than the judge. In the end, even the prosecution was lenient and did not recommend specific and warranted punishment. This, in the end allowed the judge to use a broad brush for sentencing.
This is why privacy is so important, and is exactly what Snowden warned us about. The government had access to all the data indicating the truth, and still used it to frame Marcus in a negative way. Creating malicious programs is exactly how cybersecurity is done, and it's unfortunate Marcus was blackmailed in this way.
@@c1ph3rpunkI'm not in cybersec so I'll admit I might have over exaggerated. But I do know that ethical hacking is crucial to identifying and understanding vulnerabilities, hell it's the entire reason Kali Linux was created. I'm sure you would agree that understanding how malicious code works and even creating it for things like pen testing, enhances understanding of network vulnerabilities, and where the problems lie.
I’m surprised and relieved that a US judge actually researched the case and worked to understand what was happening instead of just being mean and sentencing him to forever because the FBI was involved.
Organic oranges are actually yellow. They appear orange because they're colored to be more appealing. Also "a orange...." it's an orange. Terrible analogy. Also, the fact that Germany has a widespread train system to begin with is a blessing. In the states, it's often times a bus or your own vehicle.
@@stanf1253da fuq you one about? Oranges color depends on where jts grown. In subtropical temperate environments they grow orange, in warmer climates they grow green. The orange color comes from the chlorophyll dying off. The name for the color orange in the english language came from the fruit in the 1500s, they weren’t coloring them in back then. Typically any coloring done to it in the modern day is done by killing the chlorophyll to bring out its natural orange color.
I'm glad the judge was lenient but I'm genuinely baffled by the actions of the government. They clearly didn't think he was a big enough fish to fry (otherwise their original plea agreement wouldn't have involved no time) but at the same time they were willing to try and jail this guy (a guy that was by all accounts, "reformed" and working for the good guys) because he didn't want to be a rat? Smells of some official acting out of spite, like they didn't believe that someone would have the termerity to defy them.
gonna be honest, i'm baffled by the actions of UK government and everything else US did was pretty much in line with everything else they do, apart from malvaretech actually getting a good deal instead of serving 10 years IMO, marcus actually got out better than he got in because: - he made his reputation (everyone knows he's on a "good side" now, even if he wrote malware before) - he got no additional jail time - he's free from the sword of Kronos hanging over him for the past several years but i don't know what he had to endure during these years of uncertainty and awaiting trial so it's not for me to decide if it's better for him or not
One of the first things you learn in LE is that more often than not the feds are working for the criminals not the law. The few agents who actually stick to the law get treated like this guy either sent to a dead end desk job or fired for policy violation reasons. Sticking to the agency agenda is considered more important than sticking to the law and whistleblower protection laws are rarely recognized by the feds in practice.
I remember watching someone else's video on him. I've always felt sympathy for him. He was a teenager when he was blackmailed into committing those crimes, and now the world was demonising him for them, even though his actions against Wannacry alone should have shown them that he has learned from his bad choices.
The funny thing is without his intimate knowledge of EXACTLY how malware works from his own experiences he likely wouldn’t be nearly as effective in tracking, identifying, and dismantling it.
hacker here The reason that the killswitch exist in wannacry is because it's an method of sandbox detection basically an option antivirus has to to check an executable for a virus is to simulate a windows environment and just run the executable in it to see what it does. It can't actually connect to the internet is such an environment, so you have to fake any connection that is made. If the malware tests for this, it connects to a domain the author thinks doesn't exist, and if the connection is succesfull, it assumes it's sandboxed and doesn't do anything malicious. By registering that domain he accidently tricked every instance of wannacry that's connected to the internet that it's running in a sandbox.
So basicly if a virus could tell its in a lab and kill itself to prevent a cure? Andregistering the domain basicly triked all the viruses into thinking they were in labs and killed themselves?
complete nonsense, there is absolutely no need for a killswitch, sandboxed environment does not matter. Even if the malware is not run, it can be reverse engineered. The attack can be stopped if the Bitcoin transaction has enough confirmations to the attacker's address. A killswitch is complete nonsense
@@zer0dayexploit It wasn't mean to be a global killswitch Before you run a file your antivirus might try to sandbox it and see what it does. It's just antivirus evasion. Antivirus software has started employing sandbox strategies. If it's a file from an untrusted source, or it's in a secure corporate setting where antivirus checks all exe files before being run, the antivirus uses a sandbox to check what the executable does. If it acts suspiciously in the sandbox phase, it's not run for real. This malware checks for a sandbox by making a request to a non existing website with a long string for a name. If it gets an answer it concludes that it's being sandboxed and turns off. The hope is that it's not flagged malicious in the sandbox check. If it's not flagged as malicious by this and all other checks then it's run for real, where it can encrypt all the files and whatnot. However, since the malware used a hardcoded web domain , once someone actually registered that domain it concludes it's being sandboxed when it's actually running for real. This happens because the malware successfully connects to that domain which it used for the sandbox check. It could have been done better, if it didn't use a hardcoded domain to check against but just generated a new nonsense one every time, the global killswitch wouldn't have existed. Or in short: A check that made to bypass sandboxes accidently turned into global kill switch. Hope that clarifies things. If you need clarification I'll be happy to provide it.
So not one single person at the FBI and NSA said, "Let's register this domain name and see what happens"? They're more incompetent than we thought, and that's scary.
And what if the domain triggered a second stage of the malware that bricked every single machine it was on permanently. It could have taken down everything for a long time. It's not incompetence, it's proper scrutiny. He got super lucky that it was a killswitch.
@@bookender It depends on the motives of the creators. Ransomware is great for money and collecting information, but nationstate actors often have motives of disrupting other countries for the benefit of their country. In addition it's possible to set it up as a cover, so instead of leaving all the forensic evidence on the machines you go about deleting all of them instead. Because there was no attribution at the time and the malware hadn't been decompiled at that point there was no knowing what registering that domain was going to do. There was no more reason to include a killswitch than there is to have a second stage. The issue is that nobody knew anything at that point, he just did so with reckless abandon and happened to get lucky.
@@bookenderWhy are you attributing your rational onto others? Why wouldn't they? The answer to both is to never assume either... and answers the simple question of "Why didn't this agency just blindly do something without knowing what it did" when "one person who didn't think that far ahead has absolutely zero oversight or rules."
@@laynecardinal5587 Both trump and Biden suck, and when one of them dies, they will just be replaced by someone equally terrible. You think we don't have competent people? We do, they are just put aside by the corporate shadow oligarchy that runs America.
Never talk to law enforcement. That lying to the FBI charge is such bukllshit of an add on. If an agent comes up and asks how you are doing and you say, "fine" they will charge you with lying to the FBI and find someone to testify that you were in fact not fine.
While you may be somewhat correct, “in spirit”, you are, generally and practically, wrong. The truth is, you can lie to law enforcement(federal and/or state) all day long, except when law enforcement is acting in their official capacity, and/or in relation to a legitimate, official case/investigation(every agency can and many times will have their own internal jargon/lingo). If you are ever in doubt, always default to: I refuse to answer any question, as is my right, which is protected by the Fifth Amendment to the US Constitution(no US citizen has any “Constitutional Rights”, we have many rights, some of which are specifically enumerated and protected by, among other things, specific Amendments to the US Constitution. If our “rights” were provided by the US Constitution, they wouldn’t be rights; they would privileges, which can be taken away) and reaffirmed by, among other “caselaw”, Miranda v. Arizona(which is where the “Miranda Warning” originates from). I want my lawyer(amend all of that, as desired, to suit your needs…and then STFU(shut the fuck up). Also be aware that if you are ever arrested, law enforcement doesn’t have to “Mirandize”(read the “Miranda Warning” to you) you until just prior to any interrogating/interviewing/questioning. If you do or say anything prior to that, that will be admissible in court(such as a “voluntary utterance”, for example), unless law enforcement actively compels you to provide a comment/statement, or otherwise engaged you without “Mirandizing” you first. Everyone also needs to understand that you need to invoke your rights protected by the Fifth Amendment and Miranda v Arizona(which I disagree with and find reprehensible, but that doesn’t matter); invocation of your rights, at least in matters related to this, isn’t automatic. To be clear and fair, your first sentence is correct. I would add a bit to that comment: Never, ever, under any circumstances, talk to law enforcement. They cannot and will not(generally) help you. The only caveat to that is, if you are required to provide information by law(i.e. in Georgia, the state I live in, as written In the O.C.G.A.(Official Code Of Georgia Annotated, aka “state law”), a person may be compelled to provide their name and date of birth to law enforcement if, as an example, said person is witness to criminal acts and law enforcement wishes to include said person’s statement in their reports/supplemental reports). That does not mean that you have to provide any and/or all information demanded by law enforcement; you don’t have to necessarily do that. Learn, at the very least, some US and state(i.e. the state you live in and, preferably, any state you frequently visit) as ignorance of the law(at least under US Jurisprudence) is never an excuse.
Imagine ACCIDENTALLY stumbling into the killswitch, and the guy who registered it just so happened to be a genius hacker. You can't make this stuff up.
@@Ring0-- you could have also popped it in ida at the time, looked at the domain in a strings dump, and then registered it. Dont need much more than that. Fuck it, strings command on mac or linux wouldve worked just as well.
The FBI has been using the same playbook for years: When you can't solve a crime, just pick someone who had the technical know how to commit the crime (usually someone consulting on the investigation) and arrest them so the general public doesn't realize you are completely incompetent.
People misunderstand, it's not the FBIs job to STOP dangerous and warped individuals and groups. It's their job to HELP or shield them in to further a narrative.
There are lots of guys out there like him-guys who either knowingly or unknowingly did something really awful, but who wound up using the entire rest of their lives to work towards undoing it and being better. I think that’s admirable.
I can’t believe you’ve only been doing these cybercrime videos for a year. Already watched them multiple times over and rushed to watch this after work. I can’t get enough of this content.
It's vile how criminals victimize people then blackmail them into working for them. The same happens with a lot of young girls. They meet some guy online who they think is their age, send questionable pics, then get told by the dude if they don't send even more explicit stuff, he's gonna tell all her friends and family what she's doing. The mindset of those who want to cause harm is absolutely gross. It's nice to know at least most people aren't like that, though the ones who are do a lot of damage on their way down. And by down I mean to hell.
37:01 He did not exonerate himself. He just faced the consequences of his past misdeeds and put them to rest. Exoneration would imply he was wrongly accused.
You could argue Kronos has hurt as much as stopping wannacry. In a way it was Marcus’s redemption arc. To further add, I’m impressed what this dude wrote as a teen is still being used to infiltrate banks today. It’s something that will probably never go away as people will continue to better it.
It was gonna happen sooner or later anyways, if it wasn’t him it would be someone else since the hackers found a way. I mean that’s why banks ask you million times before you send money
They caught him on old charges for selling malware, he did time served when he was on house arrest. Great job on both the FBI's side, and the Judge's side. Congratulations to Marcus on his success!!
I was working in the NHS when this happened. Our computers were still running in Windows XP and the IT techs were so inept it would take them 2 hours to set up a plug and play printer (not joking, I wasn't allowed access to do it myself and the guy they sent was clueless). I like many was not surprised.
Hey, I have tons of years of software development experience, done a bit of almost everything out there, C++, Assembly, Java, ruby.. but fuck me if I can get my printer working fine without pulling my hair out...
@@Morphexe lol I know what you mean. This was a simple zebra label printer tho. Unplug from current location, plug into new machine, clear printer job history so it doesn't print 100's of old failed jobs. IT had locked access to the file 🙄
I heard so much software ran on IE6 due to ActiveX controls they couldn't upgrade from XP. And the govt wouldn't pay Microsoft millions for custom support. So they left thousands of critical computers unprotected, even ones not directly online need SMB to store results and print. Hopefully nowadays they keep things updated.
I agree no good deed goes unpunished. At my college the computer system kept going down and they thought a student must be hacking it. One of the times it went down and I was speaking with a guy who worked in the computer room who told me they didn't know how to get it back up. I went into the system and got it running again. After this I was told they went around asking if there was anyone else besides me they thought had the skills to bring the system down and no other names came up. So next thing I knew I received a letter from the college informing me if the system went down again I would be expelled. I was very concerned with this. Fortunately it was found out before it went down again that the system was crashing itself; there was a bug in the software. Had this not been found I probably would have been kicked out and probably unable to enter and graduate at any other college as well
He’s someone who ended up in cyber crime without even realizing and had to continue it by being blackmailed. Then he did some good and saved 100s of company’s and countless lives. Then he gets arrested?
ON THE "saving lives" ummm these are the same "hospitals" that were forcing people on ventilator machines because they could not "breath" the best and that was an automanic DEATH... remember hospitals care more about $ than saving lives i mean why you think they won't "help" anyone without no medical insurance, BECAUSE PEOPLE WANNA GET PAID. ALSO. why you think the fbi will let hackers WORK FOR THEM that "tried" to hack into the system hmm, they will give that so called "hacker" a deal..... 15 years in prison or WORK FOR the cyber team, and most take the deal of what the fbi gave them.
It is good to see that the things he did (under threat of exposure) when he was young and naive were forgiven, and the judge was reasonable enough to see this as well. People make mistakes; it's what they do with and learn from those mistakes and the choices they make afterward that counts in my opinion.
@@marciaquispe4472 and made the conscious choice to never do so anymore. I am sorry that you feel that we should limit ourselves to only looking at the bad things that people did in the past and respectfully agree to disagree with you.
@@LilLottee woah, so it's okay if someone commits a crime and then make the conscious choice to never do so anymore? No punishment? You guys better be trolling at this point. I srsly cant believe I love in a world with people that are OK with a guy that made a HUGE mistake because "he's sorry okay?, it's le bad to look at the bad things people did in the past".
@@marciaquispe4472 Yep, that's exactly what I meant!!!! Let's forgive the worst murderers that never regretted anything they did ever and release them into society!!!! So glad you understood!!
I actually didn't know about the outcome and this was one of the most suspenseful things I have watched in years. Thank you for the excelant video! Amazing props to the judge who could apparently see the bigger picture and I suppose had an appreciation for the amazing good this young man seemed to want to do for the entire world.
what gets me so mad is that the kid didn't want his identity to be public but the news are that drooling for views will do anything to be famous and put his identity without consent Online, this generation might aswell be doomed nobody can save it anymore.
when he stopped wannacry he saved probably thousands of lives, thousands of depressions, and probably even thousands su1cid3 cases. if i got hacked i would be traumatized for life in a fear that someone might threaten me in a lot of ways. not only that but im a young programmer an i have lots of important files that i dont wanna lose. respect for this guy:)
Fear of what? The fck you afraid of? Jesus grow a pair. And if you lose your life man up and deal with it. We all die get over yourself. Fear of being broke. Eat 💩
Remember the golden rule if you can follow it for all your important files! Save on 3 different drives, in 3 different locations. I personally back up all my important stuff once a month, one goes to the cloud, one stays on my home PC, the other stays on a USB that I have in a storage locker.
I’m at the 6:47 minute of watching and I wanna say besides obviously great scenario and narrative, WHAT A MONTAGE!!! Every detail is carefully chosen. Effects, sounds, music, pace. WONDERFUL job 👌
Oh for sure. They're just people after all, and they have their egos bruised same as anyone. The problem is they have fragile egos and have a lot of power.
watched this video on one breath. thanks for making this video, it was truly amazing to watch! the part with the judge's words was the one when my watch alerted me about high heartrate; you did an AMAZING job at keeping the suspense up lmao
Crumb became one of my favorite channels when he was making RuneScape content, and I’ve never played RuneScape. I swear this guy could talk about anything and he would find a way to make it interesting. This video was super engaging and even tugged on my heart strings at the end, keep ‘em comin Crumb!
@@SinisterSkyler but they didn't shoot the footage, those are from newscasts. cinematography is about camera and lighting, not editing. the editing is amazing, by the way.
@@SinisterSkyler yup, that was editing. Just like actuallyhoudini said, the footage was taken from many sources. So the editor took that footages, and edit them out. Still need a lot of skills to do, but its not cinematography. This wasn't done by a skilled director, it was done by a very skilled editor.
Thanks for bringing that to my attention. "DR Bleetman" is probably just a fake name with a stock picture of a doctor and had absolutely nothing to do with the story at all. I'm now removing this guy from my feed.
Wait.... This is the ransomware i got when i was surfing on the internet on 2017 and just rid it by reformatting my laptop. I thought that was just because i surf too much on pirate bay, didn't know that was a massive issue. Damn
It’s only a massive issue if you have files on your system you need to keep. My gaming pc is literally just for gaming, if I got random ware on it I’d just wipe everything restart.
@@5000Seabass In most cases, at least when a friend of mine got bit by this, I just told them to e-mail the ransomer in person and tell them you aren't a business owner, nor do you have anything major of value, but that his worm locked and encrypted pictures of his kids and family and you'd like them back. Surprisingly, he did. Unsurprisingly, he got sent a decryption key. Didn't bother the hacker in the least, he isn't getting shit from some approaching middle age man, nor was that his target.
I think kudos to the judge for really considering both sides of the story more than anything else here. Yeah, timing always sucks but now he's vindicated from his past and can move forward. Your past can always slow your momentum even if it isn't noticeable by those around you
I suspect this was also a massive weight lifted in ways people may not realize. Assuming the video is true and sufficiently accurate... Marcus started as the kid who didn't fit in. Find a group of people to relate to, who were bad apples. Later unknowingly got into bad situation, which Marcus at his core being a good person, deeply regretted once he realized the wrongs had done. Only to be manipulated into continuing those wrongs. The process of being caught by the FBI and going through the court process, in addition to his contributions to stopping Wannacry, likely has cleared up a decade or two of regret and guilt sitting deep inside of him.
I worked in IT contracted for a very large international conglomerate. We were as proactive as possible and we saw no infections thankfully. Was not an easy time though
What an inspiring speech from the judge, if we're all to agree that we want our justice system to aid in making society better, that means having a justice system that strives for rehabilitation whenever possible. The judge clearly saw this man's personal journey, going from using his skills to hurt others to instead help save others. And not only that, but with a technology that more and more greatly affects our lives. There's no need for punishment when someone has corrected their ways, and is striving to help people. I'm so glad that the judge decided to allow Marcus to continue to do the good that he currently does, it's how the justice system should be.
A more appropriate description of this would be Reformed Blackhat Hacker Saves the World, then his Criminal Past Catches Up to Him. The FBI weren't trying to "destroy" him, they were investigating serious federal crimes that he actually committed. Fortunately the judge evaluated the totality of his history and granted him well deserved leniency. Super glad he got so much support from the community as well.
The FBI is a scum organization that only exists to pad its own pocket and justify its own existence. They willfully ignore elite crimes when ever it doesn't benefit them. They wanted a nice slam dunk case that would let them reap glory for doing little but someone better at their job took that from them. So they dug through his past to try to take him down.
Sooo… I waited 30 minutes to see what this had to do with RuneScape lmfao! 🤣 @Crumb, I see you are going a new route with your content & it’s working out well for you - Congratulations bro! 🙌
A true heroic story arc this man has. "The darkness is important to understand inside yourself. It's not always about being good, it's understanding why you're being good in the first place." Reggie Watts, A song about Apples
Good quote, he truly did have a heroic story arc. Starting out making hacks that hurt others, got blackmailed to make more, and finally stopped it and decided to fight for the opposite.
Start prioritizing your online safety today with Guardio! Visit guard.io/crumb to get a 7-day free trial and save 20% off a premium plan by using my exclusive link. Don't miss out on this opportunity to enhance your internet security!
Seed is a liar
First reply lol
e
@@SeedNo you weren’t seed
23:49 lmao imagine getting a fake message for a transference, who in the world would accept it are you for real? am l in another reality where people does this xD
At the end judge understood and saved someone who could do society more good being outside than in jail, thanks to everyone who took his side
my brain died reading this
What, your brain couldn’t process “could good society more good…”??
@@pooloftim8263 autocorrect
yes it couldnt@@pooloftim8263
@@trepz., if a simple mistake like that killed your brain, that tells us more about you than it does about OP.
That judge seemed to be a good man. I was extremely happy to hear that he did not receive any jail time. Great video as always man
refreshing judge honestly
Especially for a judge of that age to understand the kids pov
Did the government force an earlier retirement or did they unalive the judge?
@@ldaluis00 this isn't tiktok, you can say kill
@@Bob_Bob347There has been theories by content creators that say that if any words youtube doesn't like get put in the comments too much, then it can actually start to get the video put into adults only and get hit negatively by the algorithm. So while it may seem silly it might actually help the content creator. Of course there'd need to be more proof, I just found it interesting.
As someone who has survived a 100% blocked lower descending Aorta at a cardiac care unit.This guy is a real hero.Had they not been able to operate? I wouldn't be alive.
He is an exemplary young man.He is a true hero!!
I don't know dude... How suspicious he just accidentally registered the kill switch or that there even was one CONSIDERING that the files didn't get decrypted when people paid, like... come on. For someone who does what this guy does, getting noticed is a huge factor in his ability to get a high ranking job.
If I were him that's what I would have done, manufactured this problem, solved it, taken the BTC and the fame and used that to slingshot myself into a well paid position. NOT EVEN to mention that the media doxxed his house, his name and how even to get to his house lmfao. I think this guy wanted the attention but wasn't prepared for the backlash.
Could have said ..I was a coronary patient and am grateful for this hero's help.. no need for the health sob story.. no one cares
@@PhurPher I don't think he was behind it at all. I think that the Korean malware developers were actually really smart when they included that kill switch. It's something that the average common man wouldn't do. Only a malware researcher would register the domain visible after looking at the instructions the malware had. It's basically the best version of a "Debug" check or "VM" check. Once you have a malware researcher reversing your malware, it's the time you stop using it and move on. And on top of that, the kill switch wouldn't be done by them, it would automatically be activated by the malware researcher meaning they wouldn't be fucked by it.
We rarely ever hear of the heroes who have unfaltering moral integrity all throughout their life. It is too much of a handicap in our world.
@@blocksource4192That makes ... No sense whatsoever. Why would the malware creator want to shut down the virus after someone reverse engineered it? It's not like the malware was designed to self destruct after the Killswitch was activated, a copy of the executable is available to this day for people to download. The only thing the Killswitch does is exactly as advertised, it prevented the proliferation of the worm, which would bring him/her absolutely no benefit whatsoever (unless making money wasn't the primary goal, but moreso exposure). In that case, then a Killswitch like this makes perfect sense.
If the creators were worried about getting caught, like you insinuated, then they likely would include at least some form of self destruction (which isn't hard to implement at all) to at least hide the evidence.
Why would a large UK newspaper post his home address? That is terrible, that should be illegal. He should be able to sue them for posting his home address.
Pretty sure it is illegal under our law, unfortunately most of our media, much like our politicians, are seemingly above the law and immune to any consequence.
I think this was during the time some UK newspapers were hacking into peoples devices for more information, theres still a few UK papers that literally doxx people.
The British press are protected by the government that control the law so… going against the media here is like fighting a brick wall
The UK tabloids are notoriously unscrupulous about things such as privacy. Amy Winehouse kept telling people that her phone was being tapped and everyone thought that she was a drunken crackhead suffering from paranoid delusions, but after she died it was revealed that Rupert Murdock's gossip rags had, indeed, tapped the phones of dozens of celebrities and politicians.
They only do that if you're white.
It's kinda weird how helping people earns you a spot in jail. Crazy to think about.
How many subs did you get off those Fortnite videos with 70k
Bought account, @@KryptiksFN.
@@user-mg9hi5ln8nabsolutely. If I kill someone to save someone I still saved Someone.
@@user-mg9hi5ln8n Always. “The weak can never forgive. Forgiveness is the attribute of the strong.”
No good deed goes unpunished.
"Like most awful things it all started on twitter" The realest thing I've seen all day.
Twitter is 4chan of 2024
@@Phantogram2nah 4chan actually does some good stuff occasionally
Is no one talking about how most of his troubles started when the media literally doxxed him
This. Fucking journalists. Can't mind their own damn business and report something as anonymous. He could literally be killed for this because someone is not happy that he disrupted their plans. Brain dead. Absolute brain dead.
Their job is to investigate stories. For once, they investigated.
His arrest is on those who arrested him who, in any case, would have found him without the media's assistance eventually.
@@aarondavis8943 ok, but you don't go out and straight up dox someone's location and personal information, especially when they do not want that information to be out there. It's incredibly dangerous and irresponsible for journalists to do this. Think about it, this guy just shutdown something that would have better BILLIONS more dollars to an individual or group of individuals. I can imagine they would not be all that pleased to lose out on said money
@@aarondavis8943they ain't found me yet
@@aarondavis8943 You can investigate a story without posting a persons FULL ADDRESS and a picture of where he lived, along with the name and contact info of his FAMILY in the newspaper. Thats ridiculous.
I don’t think people realize how many cyber security professionals got their start as hackers. Honestly the best ones do, it’s what makes them so good at what they do. It doesn’t cancel out the bad they did, but it happens all the time. And the good they do more than exceeds the bad they did. And to hold a man who’s very clearly turned a new leaf accountable for actions he did as a literal child is absurd.
For real this is bs. Most hackers start off in video games as kids exploiting and cheating, then they get into more serious stuff. You can’t hold people accountable for things they did that young.
@@Illu-is1qbwhile I generally agree with the sentiment. He was 20 when he sent Randy the Kronos program.
@@Biggietalls779 Ditto. People are acting like 20 is child ages. It's not. That said, he was clearly trying to turn a leaf and it was evident, so jailing him would've been such a bad and dumb choice regardless.
Such people are traitors to their own kind cause they make job of other hackers higher.
Your comment made me think of the film Catch Me if You Can ... i know it is not about a hacker but it is the same thing..
The FBI heard the saying “no good deed goes unpunished” and thought it was an instruction for how to prioritise within their organisation.
Jesus loves yall, died for us, and rose again! Jesus calls for all of us to repent! He's coming back!!!
@@highestpeeqs9532 nuh uh
They also consider the Ruby Ridge incident a success for them.
yes
It's actually department policy for most police in the US and is an FBI mandate.
Let no good deed go unpunished.
The judge understood that such talent wasting away in prison would be the true crime.
The FBI or NSA were responsible for the attack. He got in their way.
why didnt he mention the WannaCry twin that he created years before that also infected small amount of computers?
Jesus loves yall, died for us, and rose again! Jesus calls for all of us to repent! He's coming back!!!
@@highestpeeqs9532when? Y’all have said this for 2,000 years lol. Get a grip on reality mate.
@@lucasbrown2656u just replied to a bot bro
So instead of hiring him , they wanted to give him jail time? That’s so stupid
Likely after they threw him In jail, the feds would have "found" a report saying he started it, blaming him.
@@graywolf2694what
@@graywolf2694oof
Typically what happens is they usually “jail” people they want to hide, then shortly after they disappear and are usually hired. It’s a common method to make people forget
he still commited multiple crimes, not a good look for a government agency to hire a criminal with 0 punishments. Not that it hasnt happened before though.
It's kind of amazing that you can directly see that the existence of the FBI isn't to weed out malicious actors, but to feed malicious actors vulnerable people with threats of enforcement hanging over their heads.
The Judge's understanding of the weight of Marcus's contributions and potential contributions is outstanding. The speech they gave put chills down my spine.
@@bill_the_butcher they can be a singular pronoun. No chance you have your GED.
yeah i really didn't expect that after the set up for the judge lol. this is the right way though and hes prolly being advised by people in the government(like NSA) that this kid is useful to US and allied interests. my understanding was that most of these hacker kids end up doing some small stint and working for white hat/ the government
@@HanTheProphetyour understanding is entirely correct, that is the most common way people end up working in cybersec
Jesus loves yall, died for us, and rose again! Jesus calls for all of us to repent! He's coming back!!!
@bill,listen to @jonas. He would be correct!
"But his skills make him a threat to the u.s. public security!"
Same goes for you, FBI. Now hire him and be done with it.
And pay him 12 cents an hour too!
@@schrodingerscat2133 just like the fondling fathers intended. 😂
when ironically it was the US Federal government that was the actual threat that created the bloody virus and because of their own lax security had a massive leak of extremely dangerous software.
The main issue is that he did actually get in the way of America... where do you think the malware came from 😂😂. Really does make me wonder why the FBI didnt want someone to stop that malware
@@phantomshitter and still the federal government hasn't found the leak... It's almost like the feds made him the focus so people wouldn't be asking the real question of how all those weapons got stolen.
I'm ngl. When He said "chat logs" I stood up and said "not another PDF. FILE". Glad to see he's actually a great person
"GUYS THE GROUP CHAT GOT LEAKED"-ahh situation
Nice to see a video about someone who’s not a POS. I feel bad for the young kids that get roped into cybercrime. But clearly there’s still some who have a moral compass!
ok so i am from said small town in Devon, i know this guy and all i can say is he is lovely, honest, just a really nice bloke. we all have skeletons but he didn't deserve being sold out by his own government after literally saving their asses.
He was a POS. He was arrested for his conduct as a POS. Is he reformed? Probably. But he was a POS.
why didnt he mention the WannaCry twin that he created years before that also infected small amount of computers?
You are an NPC
@@damanOtsYou gave in to the mildly intrusive thoughts
I have a degree in computer science, I mostly work on maintaining existing code in my codebase, or designing new bespoke software for clients. The amount of time it can take to comb through software reading it and actually understanding it, can take hours. Bravo to him stopping the Ransomware.
Is this a resume??? No so, stfu.
Hours?
Worldwide malware hack: 😈
Some guy: lol, fixed it.
FBI: We will hunt you down to the ends of the earth.
About right.
He should have served time for all those people who lost their life savings with Kronos.
@georgewashington2930 I agree. I think many of these videos and articles downplay his former crimes. His guilt was just eating him alive nonsense.
Almost makes you think FBI is the culprit behind this virus.
Hope he is working for fbi, I mean I would do that if i was fbi just recruit big brain hackers.
"a scapegoat for every tech related problem they were running into" oh yeah school was hell for me too, but all I did was debug wifi connectivity and fix dns issues, I never did anything awful, there werent even any real issues, I only gained administrative privileges (trivially) because the IT guy was literally just the boileroom guy and utility vehicle mechanic with zero knowledge of computers. Instead of just making me help out with things they saw my knowledge as dangerous and a challenge to school authority.
Bosses hate me for having "passwords too difficult to remember" now but they just dont understand, I quit because my last boss called ma a "schizo conspiracy theorist" for thinking him yelling out his email password in earshot of a bunch of unvetted and unassociated people was not a good idea and that using the names of your kids in an easily guessable arrangement is really shitty password practice.
how weak and insecure they must be to think you can challenge them lmfao
@@prelawnoob its like being a woman with knowledge of herblore in the medieval times, that fear of imagined power, call them a witch and now the scary person that knows something they don't is dealt with. It's pathetic but there are a lot of tendencies like that which date back to medieval witch hunts and even older that are still present today.
The problem is passwords. Look at alternatives for most cases.
If users rarely enter a password and using it requires MFA, and changing associated non-password tools with it require manual human confirmation, then it’s ok for that password to be insanely secure.
I fear your power baby
The amount of scat I got from teachers in highschool for years after revealing that they left the command line exposed on the school computers, and by extension the easiest backdoor Windows has to administrative privileges... sheesh.
NEVER talk to law enforcement without an attorney. The guilty need an attorney, the innocent need one even more. The Sixth Amendment of the US Constitution guarantees the right to an attorney. Upon arrest or even when approached by law enforcement say “I want an attorney” and law enforcement must stop questioning you.
Yes. Word.
In the US anyways. This guy is from the UK.
Not the case in the uk, especially now but even back in 2017.
"You have a right to an attorney, you don't have the right to a specific attorney"" ~~ Judge Morty proceeding over State of Georgia VS Denver Rick Allen
@@Mario583a that was such a crazy case, lol. the guy threatened the judges kids, haha.
this is such a good redemption story. How is this not already a feature length film?
You want a 2 hr movie about him registering a domain
@@MrAttriti0n lmao
I know this isn’t exactly related but my ex used to work for a prominent doctors office in the area. They were attacked with ransomware 3 times in 2 weeks, each time the ransom payments were higher, totaling around $100k, and the doctor just paid it, didn’t want to get the police involved, didn’t make waves about it, he just paid it from the company account. I didn’t think much of it then, but now this video reminded me of it and got me thinking maybe it was an inside job for embezzlement.
isn't it still illegal to not report a crime though? so he was still breaking the law either way
Definitely was stealing the money lmao hindsight is crazy like that thinking about all the crimes you witnessed and didn’t even know.
I doubt it. Remember crime is still very much a business, just an illegitimate one. If one does not follow through on either the carrot or the stick, then you can't run a business; the carrot being decryption and the stick being permanent encryption/deletion. The ransom becoming bigger is just the criminals seeing the doctors as "repeat customers". Another thing to keep in mind is that many businesses are notoriously bad at updating their computers nevermind good cybersecurity practices. More than likely the doctors didn't update their computers, had bad passwords or would open up emails with trojans, etc. More than likely he was just paying it because it was quicker and easier than say restoring from backups (assuming they had any). Restoring a computer isn't exactly a quick process, keeping in mind that they needed the computer at that moment as they were serving their patients.
I mean he would still have to launder that money somehow? And crypto is pretty easy to keep track of now days for the most part, so that’s not a fool proof plan by any means.. so I think if he actually was embezzling money he was causing more trouble than it was worth.. I’m sure he makes a decent amount of money so $100k isn’t that big of a deal, like I said it’s not like he could prevent himself from going into bankruptcy or buy a house or a car with it. It’s not that easy.
Sometimes it’s an image thing too; like for a medical practice to admit it would be admitting potentially incredibly sensitive medical information about patients had been compromised - Not paying it (if they didnt have a backup) would mean loss of that data too; which could lead to delays in patients getting treatment for things that are time sensitive
Glad the judge had the sense to recognise somebody eventually making the decision to do good, when his path to success as a criminal was ripe for the taking.
It was more than the judge. In the end, even the prosecution was lenient and did not recommend specific and warranted punishment. This, in the end allowed the judge to use a broad brush for sentencing.
Sooo,a 10 yro kid hacks the FBI and they hire him,but this guy saves the world,and they want to arrest him? That's just crazy
This is why privacy is so important, and is exactly what Snowden warned us about. The government had access to all the data indicating the truth, and still used it to frame Marcus in a negative way. Creating malicious programs is exactly how cybersecurity is done, and it's unfortunate Marcus was blackmailed in this way.
I’m in security, that’s not how it’s done.
@@c1ph3rpunkI'm not in cybersec so I'll admit I might have over exaggerated. But I do know that ethical hacking is crucial to identifying and understanding vulnerabilities, hell it's the entire reason Kali Linux was created. I'm sure you would agree that understanding how malicious code works and even creating it for things like pen testing, enhances understanding of network vulnerabilities, and where the problems lie.
Making tools specifically targeting use for bank fraud and selling them is a bit different than pen testing tho
@@Mike0 obviously lol. But let's not forget he didn't start off by making those programs, those were his culmination as a troubled blackmailed child
@@destavin6694 troubled blackmailed child?? The hell He made many people Survive because of his skills so he did good and you did wrong..
I’m surprised and relieved that a US judge actually researched the case and worked to understand what was happening instead of just being mean and sentencing him to forever because the FBI was involved.
He still committed those crimes.
@@yc__ And yet the video said these things are more complicated than that.
@@yc__ the FBI was involved, so rest assured they were probably
A- wanting him to
B- Setting him up
C- Molesting kids
@@yc__this glows
@@yc__so?
Bro wrote the kill switch into it. He knew the people handling him were bad. What a good lad.
tbf saying the train doesnt work in germany is like saying a orange is orange
My one experience with a train in Germany is having a direct ride from Amsterdam to Berlin broken up into 7 stops because there was rail work lmfao
in germany no matter where you live no matter what kind of train it is its ALWAYS delayed @@Crumb
The trains work in Germany most of the time, don't they?
Organic oranges are actually yellow. They appear orange because they're colored to be more appealing. Also "a orange...." it's an orange. Terrible analogy. Also, the fact that Germany has a widespread train system to begin with is a blessing. In the states, it's often times a bus or your own vehicle.
@@stanf1253da fuq you one about? Oranges color depends on where jts grown. In subtropical temperate environments they grow orange, in warmer climates they grow green. The orange color comes from the chlorophyll dying off. The name for the color orange in the english language came from the fruit in the 1500s, they weren’t coloring them in back then. Typically any coloring done to it in the modern day is done by killing the chlorophyll to bring out its natural orange color.
I'm glad the judge was lenient but I'm genuinely baffled by the actions of the government. They clearly didn't think he was a big enough fish to fry (otherwise their original plea agreement wouldn't have involved no time) but at the same time they were willing to try and jail this guy (a guy that was by all accounts, "reformed" and working for the good guys) because he didn't want to be a rat? Smells of some official acting out of spite, like they didn't believe that someone would have the termerity to defy them.
Or "work for us or else..."
It's standard behaviour
gonna be honest, i'm baffled by the actions of UK government and everything else US did was pretty much in line with everything else they do, apart from malvaretech actually getting a good deal instead of serving 10 years
IMO, marcus actually got out better than he got in because:
- he made his reputation (everyone knows he's on a "good side" now, even if he wrote malware before)
- he got no additional jail time
- he's free from the sword of Kronos hanging over him for the past several years
but i don't know what he had to endure during these years of uncertainty and awaiting trial so it's not for me to decide if it's better for him or not
A crime is a crime brother, and he committed it, it’s a miracle he’s not in jail
One of the first things you learn in LE is that more often than not the feds are working for the criminals not the law. The few agents who actually stick to the law get treated like this guy either sent to a dead end desk job or fired for policy violation reasons. Sticking to the agency agenda is considered more important than sticking to the law and whistleblower protection laws are rarely recognized by the feds in practice.
A critical tale and well told. I am struck by the intensity and relevance.This is essential viewing. Many thanks for the good works.
I remember watching someone else's video on him. I've always felt sympathy for him. He was a teenager when he was blackmailed into committing those crimes, and now the world was demonising him for them, even though his actions against Wannacry alone should have shown them that he has learned from his bad choices.
The funny thing is without his intimate knowledge of EXACTLY how malware works from his own experiences he likely wouldn’t be nearly as effective in tracking, identifying, and dismantling it.
hacker here
The reason that the killswitch exist in wannacry is because it's an method of sandbox detection
basically an option antivirus has to to check an executable for a virus is to simulate a windows environment and just run the executable in it to see what it does. It can't actually connect to the internet is such an environment, so you have to fake any connection that is made. If the malware tests for this, it connects to a domain the author thinks doesn't exist, and if the connection is succesfull, it assumes it's sandboxed and doesn't do anything malicious. By registering that domain he accidently tricked every instance of wannacry that's connected to the internet that it's running in a sandbox.
So basicly if a virus could tell its in a lab and kill itself to prevent a cure? Andregistering the domain basicly triked all the viruses into thinking they were in labs and killed themselves?
Bro has a 101% grade on programming
complete nonsense, there is absolutely no need for a killswitch, sandboxed environment does not matter. Even if the malware is not run, it can be reverse engineered. The attack can be stopped if the Bitcoin transaction has enough confirmations to the attacker's address. A killswitch is complete nonsense
@@zer0dayexploit It wasn't mean to be a global killswitch
Before you run a file your antivirus might try to sandbox it and see what it does. It's just antivirus evasion. Antivirus software has started employing sandbox strategies. If it's a file from an untrusted source, or it's in a secure corporate setting where antivirus checks all exe files before being run, the antivirus uses a sandbox to check what the executable does. If it acts suspiciously in the sandbox phase, it's not run for real.
This malware checks for a sandbox by making a request to a non existing website with a long string for a name. If it gets an answer it concludes that it's being sandboxed and turns off. The hope is that it's not flagged malicious in the sandbox check. If it's not flagged as malicious by this and all other checks then it's run for real, where it can encrypt all the files and whatnot.
However, since the malware used a hardcoded web domain , once someone actually registered that domain it concludes it's being sandboxed when it's actually running for real. This happens because the malware successfully connects to that domain which it used for the sandbox check.
It could have been done better, if it didn't use a hardcoded domain to check against but just generated a new nonsense one every time, the global killswitch wouldn't have existed.
Or in short: A check that made to bypass sandboxes accidently turned into global kill switch.
Hope that clarifies things. If you need clarification I'll be happy to provide it.
So not one single person at the FBI and NSA said, "Let's register this domain name and see what happens"? They're more incompetent than we thought, and that's scary.
And what if the domain triggered a second stage of the malware that bricked every single machine it was on permanently. It could have taken down everything for a long time. It's not incompetence, it's proper scrutiny. He got super lucky that it was a killswitch.
@Osric250 not sure that quite adds up. If the worm had that capability, why would the hackers make it depend on a trigger?
@@bookender It depends on the motives of the creators. Ransomware is great for money and collecting information, but nationstate actors often have motives of disrupting other countries for the benefit of their country.
In addition it's possible to set it up as a cover, so instead of leaving all the forensic evidence on the machines you go about deleting all of them instead.
Because there was no attribution at the time and the malware hadn't been decompiled at that point there was no knowing what registering that domain was going to do. There was no more reason to include a killswitch than there is to have a second stage. The issue is that nobody knew anything at that point, he just did so with reckless abandon and happened to get lucky.
@@bookender Like stuxnet, some is for political motive. It can trigger a political hack after infecting every device, etc, etc.
@@bookenderWhy are you attributing your rational onto others? Why wouldn't they? The answer to both is to never assume either... and answers the simple question of "Why didn't this agency just blindly do something without knowing what it did" when "one person who didn't think that far ahead has absolutely zero oversight or rules."
That is a real judge, that made me cry.
"like most awful things, it all started on twitter" had me dying
right lol
Cap you just saying that for likes
And it started after trump was president. oh and he loved twitter.
@@-Goofy_Goober- I mean… it worked
@@laynecardinal5587 Both trump and Biden suck, and when one of them dies, they will just be replaced by someone equally terrible. You think we don't have competent people? We do, they are just put aside by the corporate shadow oligarchy that runs America.
Reasonable judge.
Kid fell down a rabbit hole of his hobby and got manipulated by some bad people.
Never talk to law enforcement. That lying to the FBI charge is such bukllshit of an add on. If an agent comes up and asks how you are doing and you say, "fine" they will charge you with lying to the FBI and find someone to testify that you were in fact not fine.
While you may be somewhat correct, “in spirit”, you are, generally and practically, wrong. The truth is, you can lie to law enforcement(federal and/or state) all day long, except when law enforcement is acting in their official capacity, and/or in relation to a legitimate, official case/investigation(every agency can and many times will have their own internal jargon/lingo). If you are ever in doubt, always default to: I refuse to answer any question, as is my right, which is protected by the Fifth Amendment to the US Constitution(no US citizen has any “Constitutional Rights”, we have many rights, some of which are specifically enumerated and protected by, among other things, specific Amendments to the US Constitution. If our “rights” were provided by the US Constitution, they wouldn’t be rights; they would privileges, which can be taken away) and reaffirmed by, among other “caselaw”, Miranda v. Arizona(which is where the “Miranda Warning” originates from). I want my lawyer(amend all of that, as desired, to suit your needs…and then STFU(shut the fuck up). Also be aware that if you are ever arrested, law enforcement doesn’t have to “Mirandize”(read the “Miranda Warning” to you) you until just prior to any interrogating/interviewing/questioning. If you do or say anything prior to that, that will be admissible in court(such as a “voluntary utterance”, for example), unless law enforcement actively compels you to provide a comment/statement, or otherwise engaged you without “Mirandizing” you first. Everyone also needs to understand that you need to invoke your rights protected by the Fifth Amendment and Miranda v Arizona(which I disagree with and find reprehensible, but that doesn’t matter); invocation of your rights, at least in matters related to this, isn’t automatic. To be clear and fair, your first sentence is correct.
I would add a bit to that comment: Never, ever, under any circumstances, talk to law enforcement. They cannot and will not(generally) help you. The only caveat to that is, if you are required to provide information by law(i.e. in Georgia, the state I live in, as written In the O.C.G.A.(Official Code Of Georgia Annotated, aka “state law”), a person may be compelled to provide their name and date of birth to law enforcement if, as an example, said person is witness to criminal acts and law enforcement wishes to include said person’s statement in their reports/supplemental reports). That does not mean that you have to provide any and/or all information demanded by law enforcement; you don’t have to necessarily do that. Learn, at the very least, some US and state(i.e. the state you live in and, preferably, any state you frequently visit) as ignorance of the law(at least under US Jurisprudence) is never an excuse.
you got clowned by some random dude on the internet lmao
@@marciaquispe4472All you did was read the first sentence huh? The two comments are awfully close to agreeing with one another.
@@orppranator5230 No
HACKER: *[Helps people, saves lives]*
FBI: "...and I took that personally."
He did not help save any life.
@@Gearrion ok fed
@@Gearrionfed
@@Gearrion glowie spotted
@@Gearrion must be good to be dumb.... ignorance is bliss....kinda.....
Imagine ACCIDENTALLY stumbling into the killswitch, and the guy who registered it just so happened to be a genius hacker. You can't make this stuff up.
Talented kid. He used a sandbox and a packet sniffer. Not rocket surgery. I'll still buy him a few beers.
@@Ring0-- you could have also popped it in ida at the time, looked at the domain in a strings dump, and then registered it. Dont need much more than that. Fuck it, strings command on mac or linux wouldve worked just as well.
The FBI has been using the same playbook for years: When you can't solve a crime, just pick someone who had the technical know how to commit the crime (usually someone consulting on the investigation) and arrest them so the general public doesn't realize you are completely incompetent.
Jesus loves yall, died for us, and rose again! Jesus calls for all of us to repent! He's coming back!!!
@@highestpeeqs9532 Jesus has been crashing on my couch for 2 weeks now and won't leave.
@@jackgoff4859 I think it might just be a homeless guy, dude
@@jackgoff4859is he chill?
@@highestpeeqs9532Help jesus is banging on my grandma
People misunderstand, it's not the FBIs job to STOP dangerous and warped individuals and groups. It's their job to HELP or shield them in to further a narrative.
They themselves are one, since inception. Just read any good takedown of Hoover, like Kessler's biography
I’ve watched like 4+ hours of your videos today man. I’m absolutely hooked. Keep up the hard work!
32:03 "Marcus was relocated from Milwaukee to Wisconsin"
The man even hacked geography!
I was looking for this comment lol
I dont get it
It'd be like someone moving to Denver from Colorado @@TheBartholomewJinPing
@@TheBartholomewJinPing Milwaukee is in Wisconsin
@@TheBartholomewJinPingMilwaukee is a city in the state of Wisconsin
There are lots of guys out there like him-guys who either knowingly or unknowingly did something really awful, but who wound up using the entire rest of their lives to work towards undoing it and being better. I think that’s admirable.
Redemption is such a beatiful thing
lmao bro went above and beyond in editing, is just too funny, that video editing timeline has too look crazy af
Wow, what a story, this kid is a real life hero. Bless that judge's soul as well!
I can’t believe you’ve only been doing these cybercrime videos for a year. Already watched them multiple times over and rushed to watch this after work. I can’t get enough of this content.
Great video crumb you did great research on this
It's vile how criminals victimize people then blackmail them into working for them. The same happens with a lot of young girls. They meet some guy online who they think is their age, send questionable pics, then get told by the dude if they don't send even more explicit stuff, he's gonna tell all her friends and family what she's doing. The mindset of those who want to cause harm is absolutely gross. It's nice to know at least most people aren't like that, though the ones who are do a lot of damage on their way down. And by down I mean to hell.
Uhh is this related because that's what the government does
@@catsdogswoof3968 Vinny.
???
37:01 He did not exonerate himself. He just faced the consequences of his past misdeeds and put them to rest. Exoneration would imply he was wrongly accused.
Hollywood could make a movie on this story. Its a better redemption story then Catch me if you can.
dude, the quality of this is insane somebody give this guy a TV show
why would he want to degrade his quality by making a tv show? ;)
Great at making videos for the main stream. Cringy for us in cyber security.
@@Maydaymayday84 how so, I’m genuinely interested
Can you imagine him and Coffeezilla working on something for Netflix or Hulu together? It would be the #1 immediately.
@@Maydaymayday84 i worked cyber security for years. Wasn’t cringy in the least. Quit hiding behind your career to hate. Its weird.
You could argue Kronos has hurt as much as stopping wannacry. In a way it was Marcus’s redemption arc. To further add, I’m impressed what this dude wrote as a teen is still being used to infiltrate banks today. It’s something that will probably never go away as people will continue to better it.
It was gonna happen sooner or later anyways, if it wasn’t him it would be someone else since the hackers found a way. I mean that’s why banks ask you million times before you send money
They caught him on old charges for selling malware, he did time served when he was on house arrest. Great job on both the FBI's side, and the Judge's side. Congratulations to Marcus on his success!!
I was working in the NHS when this happened. Our computers were still running in Windows XP and the IT techs were so inept it would take them 2 hours to set up a plug and play printer (not joking, I wasn't allowed access to do it myself and the guy they sent was clueless). I like many was not surprised.
Hey, I have tons of years of software development experience, done a bit of almost everything out there, C++, Assembly, Java, ruby.. but fuck me if I can get my printer working fine without pulling my hair out...
@@Morphexe lol I know what you mean. This was a simple zebra label printer tho. Unplug from current location, plug into new machine, clear printer job history so it doesn't print 100's of old failed jobs. IT had locked access to the file 🙄
you dont know anything about IT if you think printers are plug and play especially on XP.@@robsant6582
I heard so much software ran on IE6 due to ActiveX controls they couldn't upgrade from XP. And the govt wouldn't pay Microsoft millions for custom support.
So they left thousands of critical computers unprotected, even ones not directly online need SMB to store results and print. Hopefully nowadays they keep things updated.
Setting up printer drivers on XP was no joke
the pros outweigh the cons here, really. thank god for the judge being empathetic, rare these days.
Where was this video when I wrote an essay on this topic a year ago? This is extremely high quality
Not existing. It was only released 4 months ago
@@VideoGameMontagination yeah that's what I'm saying, would have been useful for research
I agree no good deed goes unpunished. At my college the computer system kept going down and they thought a student must be hacking it. One of the times it went down and I was speaking with a guy who worked in the computer room who told me they didn't know how to get it back up. I went into the system and got it running again. After this I was told they went around asking if there was anyone else besides me they thought had the skills to bring the system down and no other names came up. So next thing I knew I received a letter from the college informing me if the system went down again I would be expelled. I was very concerned with this. Fortunately it was found out before it went down again that the system was crashing itself; there was a bug in the software. Had this not been found I probably would have been kicked out and probably unable to enter and graduate at any other college as well
i had requested compensation.
I would sue them
The editing on these is getting a lot better. Love your content man, peace from a fellow OSRS player that discovered you through that period.
The pigs felt scared that there might be a person doing their job better. They had to destroy him because their fee fee's were hurt.
He’s someone who ended up in cyber crime without even realizing and had to continue it by being blackmailed. Then he did some good and saved 100s of company’s and countless lives. Then he gets arrested?
that's a lie, what he did prior was a cyber crime. He just justified it to himself, until it got too far.
ON THE "saving lives" ummm these are the same "hospitals" that were forcing people on ventilator machines because they could not "breath" the best and that was an automanic DEATH... remember hospitals care more about $ than saving lives i mean why you think they won't "help" anyone without no medical insurance, BECAUSE PEOPLE WANNA GET PAID.
ALSO. why you think the fbi will let hackers WORK FOR THEM that "tried" to hack into the system hmm, they will give that so called "hacker" a deal..... 15 years in prison or WORK FOR the cyber team, and most take the deal of what the fbi gave them.
@@kaynkayn9870 bet the Vinny guy was actually the F.B.I.
Looks like his skin is a lil white... America wanted to keep him on his toes 💀
@@kaynkayn9870 then he made a 180 and hacked for good
It is good to see that the things he did (under threat of exposure) when he was young and naive were forgiven, and the judge was reasonable enough to see this as well. People make mistakes; it's what they do with and learn from those mistakes and the choices they make afterward that counts in my opinion.
It wasnt a common or a simple mistake,dude made a hack that another person used to scam lots of money. He is a criminal.
@@marciaquispe4472 and made the conscious choice to never do so anymore. I am sorry that you feel that we should limit ourselves to only looking at the bad things that people did in the past and respectfully agree to disagree with you.
@@LilLottee woah, so it's okay if someone commits a crime and then make the conscious choice to never do so anymore? No punishment?
You guys better be trolling at this point. I srsly cant believe I love in a world with people that are OK with a guy that made a HUGE mistake because "he's sorry okay?, it's le bad to look at the bad things people did in the past".
@@marciaquispe4472 Yep, that's exactly what I meant!!!! Let's forgive the worst murderers that never regretted anything they did ever and release them into society!!!! So glad you understood!!
@@LilLottee lmao, what a scrub
*Ransomware demands money* "Oh no..." *Reformats* "Anyway"
>Names OS software "Windows"
>Constantly has to make sure the Windows are closed.
Checks out.
I actually didn't know about the outcome and this was one of the most suspenseful things I have watched in years. Thank you for the excelant video! Amazing props to the judge who could apparently see the bigger picture and I suppose had an appreciation for the amazing good this young man seemed to want to do for the entire world.
I genuinely like how you slid that "hit the subscribe button" in there without being annoying.
Take this new subscriber my friend.
what gets me so mad is that the kid didn't want his identity to be public but the news are that drooling for views will do anything to be famous and put his identity without consent Online, this generation might aswell be doomed nobody can save it anymore.
when he stopped wannacry he saved probably thousands of lives, thousands of depressions, and probably even thousands su1cid3 cases. if i got hacked i would be traumatized for life in a fear that someone might threaten me in a lot of ways. not only that but im a young programmer an i have lots of important files that i dont wanna lose. respect for this guy:)
Fear of what?
The fck you afraid of?
Jesus grow a pair.
And if you lose your life man up and deal with it. We all die get over yourself.
Fear of being broke. Eat 💩
Remember the golden rule if you can follow it for all your important files! Save on 3 different drives, in 3 different locations. I personally back up all my important stuff once a month, one goes to the cloud, one stays on my home PC, the other stays on a USB that I have in a storage locker.
Thousands? This was a world wide issue it had to be at least millions.
@@spiralspark8523that would mean billions were affected
Would an external hard drive or memory stick not be enough?
I’m at the 6:47 minute of watching and I wanna say besides obviously great scenario and narrative, WHAT A MONTAGE!!! Every detail is carefully chosen. Effects, sounds, music, pace. WONDERFUL job 👌
@arthurvaletskiy3131
What’s the music?
The fucking “You wouldn’t DOWNLOAD a bear” got me
"You would DOWNLOAD a fancy bear" is what it says and I love it
Jesus loves yall, died for us, and rose again! Jesus calls for all of us to repent! He's coming back!!!
@@highestpeeqs9532 his ass is NOT coming back with the milk
5:13 Illuminaughtii's lawyers will be in touch
lol
I remember hearing about the Shadow Brokers, and never found news about it later. Thank you for finally telling the rest of the story
This is unrelated.
You know damn well the FBI was just butthurt he showed he was better than them at cleaning up their own messes.
Oh for sure. They're just people after all, and they have their egos bruised same as anyone. The problem is they have fragile egos and have a lot of power.
And in one day too
Or wannacry was actually a US glowie weapon and they went after him as a punishment for disabling it
Jesus loves yall, died for us, and rose again! Jesus calls for all of us to repent! He's coming back!!!
watched this video on one breath. thanks for making this video, it was truly amazing to watch!
the part with the judge's words was the one when my watch alerted me about high heartrate; you did an AMAZING job at keeping the suspense up lmao
32:05 "from Milwaukee to Wisconsin" 🤣🤣🤣
Lmaooo
Crumb became one of my favorite channels when he was making RuneScape content, and I’ve never played RuneScape. I swear this guy could talk about anything and he would find a way to make it interesting. This video was super engaging and even tugged on my heart strings at the end, keep ‘em comin Crumb!
Appreciate you man!
@@Crumb Right back at ya! I'm excited to keep watching your channel develop and grow.
Oh shit I didn't realize this was crumb, no wonder the guy in the discord chat has a rangers boots pfp
I thought of the wrong crumb 😅
Finally a judge who actually understands. Glad homie got time served.
This is why the NSA should not be allowed to withhold info from companies about exploits
the cinamatography in this is amazing!! nailed the 30 second hook :)
editing, cinematography is related to cameras, lenses and lighting.
think he more so meant the camera angles of the footage used was gripping@@ActuallyHoudini
@@SinisterSkyler but they didn't shoot the footage, those are from newscasts. cinematography is about camera and lighting, not editing. the editing is amazing, by the way.
@@SinisterSkyler yup, that was editing. Just like actuallyhoudini said, the footage was taken from many sources. So the editor took that footages, and edit them out. Still need a lot of skills to do, but its not cinematography. This wasn't done by a skilled director, it was done by a very skilled editor.
Thanks for bringing that to my attention. "DR Bleetman" is probably just a fake name with a stock picture of a doctor and had absolutely nothing to do with the story at all.
I'm now removing this guy from my feed.
They got to make a movie on these cyber attacks. Absolutely insane
Yeah, it’s called war games
Why would the government make a move on itself?
Hell yeah, thats awesome the judge saw him for who he truly is and not just some hacker.
Wait.... This is the ransomware i got when i was surfing on the internet on 2017 and just rid it by reformatting my laptop. I thought that was just because i surf too much on pirate bay, didn't know that was a massive issue. Damn
😂🤣 Nice. Ps... Just surfing pirate Bay.. 😂👍 Like we all did. Just looking around.. 😊
🌊🏄🌊
It’s only a massive issue if you have files on your system you need to keep.
My gaming pc is literally just for gaming, if I got random ware on it I’d just wipe everything restart.
@@5000Seabass In most cases, at least when a friend of mine got bit by this, I just told them to e-mail the ransomer in person and tell them you aren't a business owner, nor do you have anything major of value, but that his worm locked and encrypted pictures of his kids and family and you'd like them back. Surprisingly, he did. Unsurprisingly, he got sent a decryption key. Didn't bother the hacker in the least, he isn't getting shit from some approaching middle age man, nor was that his target.
Yea, locked files don't matter if you don't care about completely wiping things... lol
I think kudos to the judge for really considering both sides of the story more than anything else here. Yeah, timing always sucks but now he's vindicated from his past and can move forward. Your past can always slow your momentum even if it isn't noticeable by those around you
I suspect this was also a massive weight lifted in ways people may not realize.
Assuming the video is true and sufficiently accurate...
Marcus started as the kid who didn't fit in.
Find a group of people to relate to, who were bad apples.
Later unknowingly got into bad situation, which Marcus at his core being a good person, deeply regretted once he realized the wrongs had done.
Only to be manipulated into continuing those wrongs.
The process of being caught by the FBI and going through the court process, in addition to his contributions to stopping Wannacry, likely has cleared up a decade or two of regret and guilt sitting deep inside of him.
I worked in IT contracted for a very large international conglomerate. We were as proactive as possible and we saw no infections thankfully. Was not an easy time though
What an inspiring speech from the judge, if we're all to agree that we want our justice system to aid in making society better, that means having a justice system that strives for rehabilitation whenever possible. The judge clearly saw this man's personal journey, going from using his skills to hurt others to instead help save others. And not only that, but with a technology that more and more greatly affects our lives. There's no need for punishment when someone has corrected their ways, and is striving to help people. I'm so glad that the judge decided to allow Marcus to continue to do the good that he currently does, it's how the justice system should be.
Yeah bro that’s because the nsa probably wanted to work with him 😂
@@PWNAGE703 You're probably not wrong lol
I know zero about this subject, yet I still enjoyed your video all the way through to the end. Great job!
It's a shame that his own foolishnes almost got him payng full price for a crime he did not wanna commit, but i am glad that he's still amongst us
A more appropriate description of this would be Reformed Blackhat Hacker Saves the World, then his Criminal Past Catches Up to Him. The FBI weren't trying to "destroy" him, they were investigating serious federal crimes that he actually committed. Fortunately the judge evaluated the totality of his history and granted him well deserved leniency. Super glad he got so much support from the community as well.
The FBI is a scum organization that only exists to pad its own pocket and justify its own existence. They willfully ignore elite crimes when ever it doesn't benefit them. They wanted a nice slam dunk case that would let them reap glory for doing little but someone better at their job took that from them. So they dug through his past to try to take him down.
Brother your channel has grown so much! Super nice for you.
No good deed goes unpunished!! Perfect line.... for a lot o things.
Sooo… I waited 30 minutes to see what this had to do with RuneScape lmfao! 🤣 @Crumb, I see you are going a new route with your content & it’s working out well for you - Congratulations bro! 🙌
Dude I’m ten seconds in and the editing is unreal, is that After Effects? Beautiful already
After Effects & Premier pro, but I can't take any credit this one was edited by a pro :) Love your new edits btw, glad you're having fun with it!
21:06 "Cheese Pizza" is wild. You probably watched NTTS (No Text To Speech)! Awesome video btw! Loved it
The UK media needs to pay half of their yearly profits to him to make up for doxxing him
Shoutout to Spiritbox naming their album after Eternal Blue 💯
Your one of the only person I can watch each and every video full length
your videos are too captivating, I can't stop watching them!
A true heroic story arc this man has. "The darkness is important to understand inside yourself. It's not always about being good, it's understanding why you're being good in the first place." Reggie Watts, A song about Apples
Good quote, he truly did have a heroic story arc. Starting out making hacks that hurt others, got blackmailed to make more, and finally stopped it and decided to fight for the opposite.
BRO YOU'RE SO GOOD AT EDITING. Keep up the good work!11!1!!🔥