Rant blog about CryptoTrooper ransomware, its history, legacy and MalwareTech case.
CryptoTrooper was the world's first Linux white-box ransomware for learning purpose.
However, I had to remove the code because, I was accused as a malware writer, whereas fewer (if none) had the intelligence of understanding what it really was and for what purpose. Besides, people compared it for an already known real open-source ransomware that caused some real damage, although the author wasn't expected that and the community just won't understand new ideas; and since, some mass media sources just copy each other, here you have the avalanche effecet.
Nonetheless, some gentle and quit clever people tryied to understand my work and explain it to the others.
Due to the arrest and court of @malwaretech, I had some thought about it all that I gladly will share with you (and that's how my git became a rant blog).
Summering our discussion that started after some time of my publication, where @malwaretech (and others) was less than polite and almost all his messages were insults (he even said that I'm a clown, but when you look at his face ... well, let's continue reading), which indicates the final stage of his (maybe unconsious) manipulation process (where you just have no arguments and about to lose a discussion), he (and others) claimed that "it's bad, it evil, it has to be killed, you're stupid", despite the fact that on the vote done by @2sec4u (actually "apologized for the drama", which is the only nice thing he said to me), it was split in the middle, almost half of the votes agreed that it can be a good idea, whereas the other half disagreed.
Although, I doubt that the general public should decide such ... touchy things, neither so claimed "researchers" (who are just analysts for most of the time) and "experts" (that have more diplomas and certificates then the grey matter). You know how it's in a tough neighborhood, one dog barks for no reason and other starts barking as well because, instincts ... perhaps human kind is devolutionazing, despite the fact that miscommunication was always the source of conflicts.
Anyway, then I proposed a crypto-challenge to get the code because, only the "enlightened" should study it. Saying the truth, my will was not forced by the opinions of idio... I mean, ideologists, but by the comprehension of the failed purpose and uselessness of my work.
To my keen regret, the only person, who was motivated by the research, is me. Thus, I provided an ultimate solution for any ransomware that was implemented (sort of) by Microsoft, inspired (or stolen) by my idea.
The irony is that the karma of "evil accusations" has returned to @malwaretech. Of course, few persons know the true reason behind his arrest, the second subject and all other details regarding this ... really strange and obscure story that already is viewed as a conspiracy (especially if you look at Wannacry transactions coincidences), but I'm not writing about that.
In My Hackish Opinion, the main difference is that, my code wasn't used by anyone for a malicious purpose (at least on my knowledge), not because it was a "simple PoC that can't be weaponized because I, the great emperor-king-ruler of all quarks believe and dictate so", but because I used mathematics for it (what a malware author (or analyst/researcher) would rather not learn).
Of course, there was some personal experience, logic, obfuscation and business-model study for such an achievement and as you may see, this project was published under deep ethical consideration and without any harmful purpose, regardless what one may think or say or write because, well you see, there is no code to use at all in fact; the heart mechanic itself isn't open-sourced and well hardened (but who reads code nowadays right?).
Thus, mathematics helped to me avoid harming anyone and perhaps saved me from prison (don't know about UTKUSEN though). Due to the code removal (which still can be found, I guess) and the fact that the "general audience won't understand the concept" (like Famous Bureaucratic Inrush), you just have to believe me or not. Shortly, the cipher itself was just a modified shell script from stackoverflow and the master key was encrypted by white-box cryptography binary (no source code) that had a mathematically weakened algorithm, backdoored and obfuscated as fuc... I mean, Fuchsia (oh, it's even purple, mystery color, what a coincidence).
The purpose was to show that ransomware is different from a classical malware, thus requires a different approach since, all the current solutions are bypassable and yes, CryptoTrooper was very different from all open-source or not ransomwares, too bad nobody realized it.
I, however, did realize what harm it could do and how much money I can make by selling a mathematically robust version of it that I of course didn't and won't do, this is not a purpose of my life. Interesting, to what extent one can rely on mathematics for freedom ...
Please note that I'm not saying that @malwaretech deserves it, but I found this situation rather ... interesting, sad and educational at the same time. Or perhaps my code is cursed, just like Joerg's Sprave dagger.
One should even argue whenever a good can be considered evil and vice-verca.
Did the Nazi atrocious experiments on humans? Yes. Did it help improve the medecine and save more lives? Yes.
Did the USSR training of dogs and dolphins for a bomb suicide? Yes. Did it save lives of numerous soldiers? Yes.
(one dog even found more then 7 thousand mines)
(an ironic note is that the freedom of USA is a merit of USSR "dictatorship"... although, according to Marx, communism is the opposite of dictatorship and thus cap... but let's not touch politics for this time)
So, is there good or/and evil? I'll let this question for another article. For now let's just say that good is empathy to others and evil is ego-centrism. Taking this in count, I tried to understand why @malwaretech spoke bad about my work with questions and explanations, whereas he just insulted me and insisted on his own ... so, who should be called good/evil in this case?
Oh, and we didn't discuss the laws, like a state can put you into jail if they consider you a threat, well, maybe on next occasion.
Although my research helped in the end perhaps, millions of people, I'm not saying that I'm an "accidental hero", I just try to share what I do and to make this world a more secure place for everyone, having no profit of it. Yet, I speak freely about myself and what I do because, I'm honest, respectful and have nothing to hide about it, while remaining open-minded about discussions and new ideas. I regret nothing in my life.
I sincerely hope that @malwaretech wouldn't be demoralized by his situation and that he will become better and smarter researcher/analyst (because, gingers have soul right?).
Lastly, here some final words, taken from my removed code:
The only way to defeat evil is to become its master
"Research is to see what everybody else has seen, and to think what nobody else has thought."
Albert Szent-Gyorgyi