Reporters dox WannaCry ransomware kill switch guy

What kind of sickness causes publications to show gratitude by doxing the 'hero' responsible for stopping the WannaCry ransomware attack?

Current Job Listings

It is sickening when people prove “no good deed goes unpunished” to be true. I’m looking at you, British tabloids, because it was mean, stupid and very irresponsible to dox the guy who discovered the first WannaCry ransomware kill switch and thereby stopped thousands of old Windows machines from becoming infected.

He goes by MalwareTech on Twitter and has an avatar of a cat wearing sunglasses. If he wanted to use his real name and picture, then he would have. Clearly, he values privacy and tries to maintain at least some degree of anonymity.

Yet after being hailed as a hero for discovering a kill switch as WannaCry ransomware swept across globe, shady journalists doxed him. They dug into everything they could find online about MalwareTech, including trying to pry information from his friends.

It seems as if The Telegraph was the first publication to publish his name, photos, where he lives, what his parents do, that he has a sibling and that he likes pizza. What the hell has that got to do with him discovering a kill switch? How does this show any gratitude to a “hero” who stopped a massive cyberattack by accident? If you want to unmask someone, find the person behind the attack.

Not to be out-sleazed, other British and even Australian tabloids quickly regurgitated the report. Some used the same photos stolen from his account, while others poured over his digital footprint in search of any juicy tidbits. Maybe it started with The Telegraph trying to outdo the Daily Mail, which had published his picture on Saturday and dubbed him as a surfer dude.

After that happened, MalwareTech tweeted:

I refused to give out pics or personal info but their journalists are too good, they dug through a ton of OSINT and found me :X

He added that the Daily Mail got his name and location from a different publication, but it did go the extra mile by identifying a girl in a photo with him and showing up at her house to try to get the scoop on him. He’s not the cyberthug responsible for unleashing the WannaCry ransomware attack on the world, so why did the publication believe that was necessary?

Other publications tried to worm their way into a story by approaching his friends.

By being stupid and irresponsible, those publications have potentially put MalwareTech at risk—that is unless they believed the cybercriminals responsible for WannaCry would be perfectly happy about him putting his foot on the neck of their attack. Why stop there when a publication might get even more clicks—and further incite the person or people behind WannaCry—by weaving in an angle about him working with spooks?

To the latter, MalwareTech made it clear he’s not in bed with government spies. He tweeted:

Providing NCSC with data to notify infected companies is not the same as “working with spooks”, people really want to spin the spy story :(

MalwareTech says he doesn’t fear for his safety, but a person need look no further than some of the horrible things cyberthugs have done or tried to do to Brian Krebs for interrupting their operations. Hopefully MalwareTech won’t get even a taste of such retribution.

It’s bad enough when you write about a company—let’s use Microsoft as an example—and the very first thing that happens when you attempt to get the first quote is that the company starts trying to dig into who you are for a secret dossier. It’s not like you’ve done anything wrong or who you are should affect the company’s stance or quote on an issue. Like it or not, plenty of firms create dossiers on journalists.

MalwareTech didn’t write about a company; he stopped a wave of WannaCry ransomware that was crashing over old Windows PCs and halting business at hospitals and other organizations by registering a domain referenced by the WannaCry ransomware in a check to make sure it was unregistered. In thanks, he got doxed—not by the thugs responsible for the ransomware, but by tabloids seeking extra clicks.

MalwareTech may not be furious. But I—as someone else who truly values privacy—am outraged on his behalf. To those publications: Stay classy and be proud that you helped the bad guys by painting a bullseye target squarely on the back of a real person  you called a “hero.”

SUBSCRIBE! Get the best of CSO delivered to your email inbox.