An Arkansas man has been sentenced to serve almost three years in federal prison for developing advanced malware that he knew would be used to steal passwords, surreptitiously turn on webcams, and conduct other unlawful actions on infected computers. Taylor Huddleston, 27, of Hot Springs, Arkansas, admitted in July that he was the developer of NanoCore, a remote-access trojan that he sold online, documents filed in federal court in Virginia show. In a statement of facts signed by Huddleston, the defendant confirmed that from 2012 to 2016 he marketed the malware on Hack Forums, a site that offers discussions on a wide range of topics including hacking. Huddleston's case gained national attention in March, 2017, when Daily Beast reporter Kevin Poulsen argued that the case against Huddleston was novel because it prosecuted the developer of "dual-use software" who had "hacked no one." Huddleston, the article reported, insisted he wrote the $25 program as a legitimate remote administration tool for administrators, tech-support professionals, and parents. Poulsen went on to suggest Huddleston was being held accountable for the crimes of crooks who pirated and abused the software.
In 2015, more than 500 websites inadvertently exposed their visitors to an attack that attempted to install NanoCore. Attackers pulled off the hack by compromising the account of an anti-adblocker service the sites used. The statement of facts made no mention of the incident. Huddleston also admitted he developed and sold a program called Net Seal to other developers, many of whom the defendant knew were using it to distribute their own malicious wares.
