FindLaw Blotter - The FindLaw Crime and Criminals Blog

Are Programmers Liable If Hackers Misuse Software?

In 2012, Taylor Huddleston created what is known as a remote management tool, a piece of software that allows users to remotely log keystrokes, download stored passwords, turn on the web cam, access files, and watch a computer screen in real time. Designed, he says, to help low-income users who couldn't afford more expensive remote-access programs monitor online activity for safety reasons, NanoCore was going to be Huddleston's ticket out of a trailer he lived in on his mother's property and into a real house.

And it worked -- Huddlestone sold NanoCore and another piece of software called Net Seal and was able to buy a $60,000 home. But FBI agents and police raided that home last December, and are now charging Huddlestone with conspiracy and aiding and abetting computer intrusions, for all the times hackers used NanoCore to commit crimes.

Illegal IT

So should Huddlestone be criminally liable if he didn't intend his software to be used for hacking? His attorney, Travis Morrissey, likens the case to firearms manufacturers: "Everybody seems to acknowledge that this software product had a legitimate purpose," he told the Daily Beast. "It's like saying that if someone buys a handgun and uses it to rob a liquor store, that the handgun manufacturer is complicit." Thus far, courts haven't held firearms makers liable for criminal acts committed with their products, but computer crimes laws are written a bit differently.

One factor might be where Huddlestone chose to market his software: HackForums.net. As the Daily Beast points out:

It would soon become clear that it was a terrible place to launch a legitimate remote administration tool. There aren't a lot of corporate procurement officers on HackForums. Instead, many of Huddleston's new customers had purely illicit uses for a slick remote access tool.

Illegal Intent?

Huddlestone quickly found out what his buyers were using the software tool for, and, to his credit, attempted to curb illegal activity using NanoCore:

In short order, Huddleston found himself routinely admonishing people not to use his software for crime. "NanoCore does not permit illegal use," he wrote in one post. In another, "NanoCore is NOT malware. It is intended to be used legitimately and I don't want to see words like 'slave' and 'infect.'" Huddleston backed his words with action. Whenever he saw evidence that a particular buyer was using the product to hack, he'd log in to Net Seal and disable that user's copy, cutting the hacker off from his infected slaves.

But these efforts may not be enough. By then the cat was out of the bag and hackers were trading in copies of NanoCore that bypassed Huddlestone's disabling efforts. Now, he's looking at jail time for making a product he thought would help people.

Related Resources: