![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Fmedia_attachments%2Ffiles%2F116%2F214%2F885%2F039%2F361%2F548%2Foriginal%2F51af03680fc2daa9.png\")
![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Fmedia_attachments%2Ffiles%2F116%2F214%2F885%2F037%2F108%2F488%2Foriginal%2Fb31ecbc1193baba5.png\")
![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Fmedia_attachments%2Ffiles%2F116%2F214%2F885%2F058%2F629%2F164%2Foriginal%2Fed396b5f8144aab3.png\")
\nAfter years of planning a potential collab, I finally got to sit down with fellow cybersecurity YouTuber David Bombal for an in person interview! Below you can check out the video from what will hopefully be the first of many more collaborations 😃 :
https://www.youtube.com/watch?v=KsXzTz5H2QQ
I'm convinced this technology was invented purely just to troll me
\n@c0coChannel I think you're probably right. I see similarly aggressive responses when talking about how VPNs don't protect you from surveillance. People seem to be uncomfortable with the idea that serious privacy is actually difficult and not just something you can buy
","url":"https://infosec.exchange/users/malwaretech/statuses/116200224472445803","date_published":"2026-03-09T16:45:14+00:00","author":{"name":"Marcus Hutchins :verified:","url":"https://infosec.exchange/@malwaretech","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Faccounts%2Favatars%2F109%2F288%2F606%2F962%2F694%2F558%2Foriginal%2F7d9f657c412f0031.jpg","_microblog":{"username":"malwaretech@infosec.exchange"}},"_microblog":{"date_relative":"2026-03-09 16:45","date_timestamp":1773074714,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"85811664","content_html":"@tobinbaker pretty sure it is
","url":"https://infosec.exchange/users/malwaretech/statuses/116198069339271768","date_published":"2026-03-09T07:37:09+00:00","author":{"name":"Marcus Hutchins :verified:","url":"https://infosec.exchange/@malwaretech","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Faccounts%2Favatars%2F109%2F288%2F606%2F962%2F694%2F558%2Foriginal%2F7d9f657c412f0031.jpg","_microblog":{"username":"malwaretech@infosec.exchange"}},"_microblog":{"date_relative":"2026-03-09 07:37","date_timestamp":1773041829,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"85811620","content_html":"@troed nah, it’s definitely not this one. My LinkedIn connections are actual domain expert not a bunch of “tech savvy” vpn fanboys
","url":"https://infosec.exchange/users/malwaretech/statuses/116198061859695769","date_published":"2026-03-09T07:35:15+00:00","author":{"name":"Marcus Hutchins :verified:","url":"https://infosec.exchange/@malwaretech","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Faccounts%2Favatars%2F109%2F288%2F606%2F962%2F694%2F558%2Foriginal%2F7d9f657c412f0031.jpg","_microblog":{"username":"malwaretech@infosec.exchange"}},"_microblog":{"date_relative":"2026-03-09 07:35","date_timestamp":1773041715,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"85807136","content_html":"lol, this post really brought out all the insufferable fanboys. I'm not gonna pretend like I didn't know which of the 3 platforms I posted this on would have a bunch of people deeply personally offended by criticism of a corporation
![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Fmedia_attachments%2Ffiles%2F116%2F197%2F505%2F970%2F823%2F704%2Foriginal%2Fdf915c7f1d605115.png\")
@unCoopervised ya'll fanboys are insufferable
","url":"https://infosec.exchange/users/malwaretech/statuses/116197476057736888","date_published":"2026-03-09T05:06:16+00:00","author":{"name":"Marcus Hutchins :verified:","url":"https://infosec.exchange/@malwaretech","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Faccounts%2Favatars%2F109%2F288%2F606%2F962%2F694%2F558%2Foriginal%2F7d9f657c412f0031.jpg","_microblog":{"username":"malwaretech@infosec.exchange"}},"_microblog":{"date_relative":"2026-03-09 05:06","date_timestamp":1773032776,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"85800931","content_html":"@james God, you're insufferable. Enjoy the block list.
","url":"https://infosec.exchange/users/malwaretech/statuses/116196769606118034","date_published":"2026-03-09T02:06:37+00:00","author":{"name":"Marcus Hutchins :verified:","url":"https://infosec.exchange/@malwaretech","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Faccounts%2Favatars%2F109%2F288%2F606%2F962%2F694%2F558%2Foriginal%2F7d9f657c412f0031.jpg","_microblog":{"username":"malwaretech@infosec.exchange"}},"_microblog":{"date_relative":"2026-03-09 02:06","date_timestamp":1773021997,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"85792155","content_html":"@AT1ST No, Apple just outright refused and has enough money to tie most of the federal government lawyers up in court for the rest of their careers
","url":"https://infosec.exchange/users/malwaretech/statuses/116196043771081208","date_published":"2026-03-08T23:02:01+00:00","author":{"name":"Marcus Hutchins :verified:","url":"https://infosec.exchange/@malwaretech","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Faccounts%2Favatars%2F109%2F288%2F606%2F962%2F694%2F558%2Foriginal%2F7d9f657c412f0031.jpg","_microblog":{"username":"malwaretech@infosec.exchange"}},"_microblog":{"date_relative":"2026-03-08 23:02","date_timestamp":1773010921,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":true}},{"id":"85791202","content_html":"It feels like Proton are being intentionally misleading in their statements. They know that most of their customers aren't familiar with how legal process actually works, so are happy to spread half-truths.
Under US law, a US law enforcement agency (LEA) typically has to apply for a subpoena or search warrant with a US court. The court is then responsible for deciding if the legal bar for search a request has been met, then either grants or denies it.
The problem is, if a company has no real US footprint (no US corporate entity, offices, servers, etc.), then a US court typically doesn't have the jurisdiction to compel the company to hand over customer data (except in some rare circumstances). Even if the court approved the warrant anyway, it wouldn't really be legally binding.
Which is why the Mutual Legal Assistance Treaty (MLAT) exists. MLAT enables law enforcement agencies in one company to send requests for information to law enforcement agencies in another. Switzerland has such a treaty with the US. This means that the FBI can request that Swiss authorities hand over a Swiss company's data on their behalf.
Any country requesting information held by a company in a foreign jurisdiction would typically do so via MLAT. Which means from Proton's perspective, the legal request would appear to originate from their local law enforcement, not the FBI. Which they clearly understand based on their Reddit post.
Saying \"we don't respond to legal requests from anywhere other than Swiss authorities\" seems very intentionally worded to give the impression that the company does not cooperate with foreign law enforcement. But since it'd be the Swiss authorities handling any such requests, they'd have to comply, since as they admitted, they have to comply with local laws.
There is, however, some useful (but more nuanced) information here:
Firstly, MLAT requests are handled by local law enforcement according to local law. So if there is a difference between the law of the sending and recipient country, that might mean the MLAT request is denied. That probably doesn't mean much, because if you're on the FBI's radar, the chances are you did something that is also massively illegal in Switzerland too.
Secondly, they are 100% correct in saying that no other service provider is going to do any better. They're all beholden to local laws, and the ones that think they're not tend to get their doors blown off by SWAT like CyberBunker did. The only exception is if the company resides in a country which does not cooperate with US law enforcement (which Proton does not).
But the part that's extremely disingenuous is that the \"we only respond to requests from the Swiss authorities\". That statement is likely intended to imply they don't cooperate with law enforcement in any other countries, which is simply not true. Switzerland has MLAT agreements with over 30 counties.
People really need to understand that no company is going to shield you from the FBI (or any reputable law enforcement agency). They'll use misleading statements to make it sounds like they don't cooperate with law enforcement, but they do. They have to.
![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Fmedia_attachments%2Ffiles%2F116%2F195%2F916%2F812%2F004%2F684%2Foriginal%2Fc9b267c29540586b.png\")
Great crowd at Zero Trust World today. Thanks for everyone who came to my keynote and for all the great hallway conversations! 😃
![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Fmedia_attachments%2Ffiles%2F116%2F177%2F906%2F849%2F825%2F840%2Foriginal%2Fa4da85095c482855.jpeg\")
To prove you’re not a robot, please select all the Mar-a-lago SCIFs
![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Fmedia_attachments%2Ffiles%2F116%2F159%2F877%2F899%2F578%2F499%2Foriginal%2F3a626656b7fa7d9a.jpeg\")
![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Fmedia_attachments%2Ffiles%2F116%2F159%2F877%2F890%2F164%2F232%2Foriginal%2Fadbeb2ca8060cd19.jpeg\")
![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Fmedia_attachments%2Ffiles%2F116%2F159%2F877%2F900%2F492%2F849%2Foriginal%2F130cb3068cc24998.jpeg\")
![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Fmedia_attachments%2Ffiles%2F116%2F159%2F877%2F896%2F966%2F692%2Foriginal%2F012fdd246ad1d72f.jpeg\")
\nWe plan to decrease operational costs for our AI model by building custom servers that are immune to cosmic radiation, then spending trillions of dollars launching them into space. Yes, our CFO did tech themselves math using ChatGPT, why do you ask?
","summary":"","url":"https://infosec.exchange/@malwaretech/116129775470988127","date_published":"2026-02-25T06:09:07+00:00","author":{"name":"Marcus Hutchins :verified:","url":"https://infosec.exchange/@malwaretech","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Faccounts%2Favatars%2F109%2F288%2F606%2F962%2F694%2F558%2Foriginal%2F7d9f657c412f0031.jpg","_microblog":{"username":"malwaretech@infosec.exchange"}},"_microblog":{"date_relative":"2026-02-25 06:09","date_timestamp":1771999747,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":false,"note":"","syndication":[]}},{"id":"84951865","content_html":"Anthropic when Chinese companies use Claude to train their own AI models vs Anothropic when they’re stealing everyone’s data to train Claude
![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Fmedia_attachments%2Ffiles%2F116%2F127%2F585%2F108%2F948%2F125%2Foriginal%2Ff474ce1657d0aa13.jpeg\")
When the state sponsored threat actor has vibe coded their entire control server, all the login code is client-side, and they’ve infected themselves with their own malware.
![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Fmedia_attachments%2Ffiles%2F116%2F037%2F016%2F208%2F070%2F006%2Foriginal%2F211e71447c96776e.jpeg\")
I can’t believe we’re doing this again. It’s just a bot that generates the text you ask it for. If you put it in charge of critical decisions, it will kill people. Not because it’s secretly evil, but because it’s a word generator. It’s like putting your toaster in charge of air traffic control.
![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Fmedia_attachments%2Ffiles%2F116%2F004%2F940%2F386%2F328%2F628%2Foriginal%2F7d05413e7c3f2ac8.jpeg\")
Since the decline of peer-to-peer botnets it's been difficult to track malware infection externally. But smart contract based C2 infrastructure provided us with unique insights into this campaign.
https://expel.com/blog/clearfake-new-lotl-techniques/
![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Fmedia_attachments%2Ffiles%2F115%2F930%2F057%2F273%2F141%2F624%2Foriginal%2Fcd7828f8e4bd2c11.png\")
My latest blog post investigating a malware campaign which infects victims by utilizing only legitimate infrastructure. The malicious activity spans hundreds of hacked websites, the BSC blockchain, and a popular CDN.
https://expel.com/blog/clearfake-new-lotl-techniques/
","summary":"","url":"https://infosec.exchange/@malwaretech/115929493753547828","date_published":"2026-01-20T21:14:51+00:00","author":{"name":"Marcus Hutchins :verified:","url":"https://infosec.exchange/@malwaretech","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Faccounts%2Favatars%2F109%2F288%2F606%2F962%2F694%2F558%2Foriginal%2F7d9f657c412f0031.jpg","_microblog":{"username":"malwaretech@infosec.exchange"}},"_microblog":{"date_relative":"2026-01-20 21:14","date_timestamp":1768943691,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":true,"is_linkpost":false,"is_mention":false,"note":"","syndication":[]}},{"id":"82417704","content_html":"Just checking in on my investment portfolio, because apparently computers are appreciating assets now.
![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Fmedia_attachments%2Ffiles%2F115%2F923%2F991%2F975%2F311%2F652%2Foriginal%2F7ad2f28be58d8953.jpeg\")
I've been researching some malware that uses Blockchain Smart Contracts as Command-and-Control infrastructure. Since blockchain data is public, I was able to write code to track how many new systems the malware infects each day. Blog post coming next week.
![\"\"](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Fmedia_attachments%2Ffiles%2F115%2F908%2F370%2F393%2F956%2F542%2Foriginal%2Fc16b0d7d11059913.png\")
Highly recommend trying the mobile app. Very clean and easy to use.
","summary":"","url":"https://infosec.exchange/@malwaretech/109306579942013661","date_published":"2022-11-08T05:40:46+00:00","author":{"name":"Marcus Hutchins :verified:","url":"https://infosec.exchange/@malwaretech","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Faccounts%2Favatars%2F109%2F288%2F606%2F962%2F694%2F558%2Foriginal%2F7d9f657c412f0031.jpg","_microblog":{"username":"malwaretech@infosec.exchange"}},"_microblog":{"date_relative":"2022-11-08 05:40","date_timestamp":1667886046,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":false,"is_linkpost":false,"is_mention":false,"note":"","syndication":[]}},{"id":"13805037","content_html":"Weirdly getting a similar number of interactions here despite my bird account having 50x more followers
","summary":"","url":"https://infosec.exchange/@malwaretech/109306219615199569","date_published":"2022-11-08T04:09:08+00:00","author":{"name":"Marcus Hutchins :verified:","url":"https://infosec.exchange/@malwaretech","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Faccounts%2Favatars%2F109%2F288%2F606%2F962%2F694%2F558%2Foriginal%2F7d9f657c412f0031.jpg","_microblog":{"username":"malwaretech@infosec.exchange"}},"_microblog":{"date_relative":"2022-11-08 04:09","date_timestamp":1667880548,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":false,"is_linkpost":false,"is_mention":false,"note":"","syndication":[]}},{"id":"13805036","content_html":"Recently realized there's not many chill cybersecurity focused message boards, so I made one. Come say hi :)
https://updatedsecurity.com/invites.html
Why Mastodon doesn't need to be better than Twitter to replace it
https://escapingtech.com/tech/opinions/we-may-be-approaching-critical-mastodon.html
I really like the way Mastodon can have instances centralized around common interests. It's like Twitter Topics but done right.
","summary":"","url":"https://infosec.exchange/@malwaretech/109299835375390624","date_published":"2022-11-07T01:05:32+00:00","author":{"name":"Marcus Hutchins :verified:","url":"https://infosec.exchange/@malwaretech","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Faccounts%2Favatars%2F109%2F288%2F606%2F962%2F694%2F558%2Foriginal%2F7d9f657c412f0031.jpg","_microblog":{"username":"malwaretech@infosec.exchange"}},"_microblog":{"date_relative":"2022-11-07 01:05","date_timestamp":1667783132,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":false,"is_linkpost":false,"is_mention":false,"note":"","syndication":[]}},{"id":"13805031","content_html":"I'm honestly pretty ok with Twitter imploding. It was a decent platform, but this provides a great opportunities for new and better platforms to fill the void.
","summary":"","url":"https://infosec.exchange/@malwaretech/109298862077872643","date_published":"2022-11-06T20:58:01+00:00","author":{"name":"Marcus Hutchins :verified:","url":"https://infosec.exchange/@malwaretech","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Faccounts%2Favatars%2F109%2F288%2F606%2F962%2F694%2F558%2Foriginal%2F7d9f657c412f0031.jpg","_microblog":{"username":"malwaretech@infosec.exchange"}},"_microblog":{"date_relative":"2022-11-06 20:58","date_timestamp":1667768281,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":false,"is_linkpost":false,"is_mention":false,"note":"","syndication":[]}},{"id":"13805018","content_html":"I keep getting rate limited from leaving the notification tab open 😆
![](\"https://cdn.micro.blog/photos/1000x/https%3A%2F%2Finfosec.exchange%2Fsystem%2Fmedia_attachments%2Ffiles%2F109%2F298%2F681%2F821%2F904%2F146%2Foriginal%2Fd37d8677d3887ddc.png\")
mastodon.social keeps crashing so I moved my profile here
","summary":"","url":"https://infosec.exchange/@malwaretech/109298420510407046","date_published":"2022-11-06T19:05:43+00:00","author":{"name":"Marcus Hutchins :verified:","url":"https://infosec.exchange/@malwaretech","avatar":"https://cdn.micro.blog/photos/96/https%3A%2F%2Fmedia.infosec.exchange%2Finfosec.exchange%2Faccounts%2Favatars%2F109%2F288%2F606%2F962%2F694%2F558%2Foriginal%2F7d9f657c412f0031.jpg","_microblog":{"username":"malwaretech@infosec.exchange"}},"_microblog":{"date_relative":"2022-11-06 19:05","date_timestamp":1667761543,"is_favorite":false,"is_bookmark":false,"is_deletable":false,"is_conversation":false,"is_linkpost":false,"is_mention":false,"note":"","syndication":[]}}]}