‘I Made Bad Choices’

Nanocore Coder Pleads Guilty to Aiding and Abetting Hackers

Taylor Huddleston, an Arkansas programmer who once insisted the program he created was a legitimate remote administration tool, said he’s ready to accept responsibility Tuesday.

Kevin PoulsenKevin Poulsen

07.25.17 9:55 PM ET

Photo Illustration by Elizabeth Brockway/The Daily Beast

A self-taught Arkansas programmer pleaded guilty Tuesday to a federal charge of aiding and abetting computer intrusion for intentionally selling a remote access tool to malicious hackers.

Taylor Huddleston, 26, is the author of a program called Nanocore that’s been linked to intrusions in at least 10 countries, including an attack on Middle Eastern energy firms in 2015 and a massive phishing campaign last August in which the perpetrators posed as major oil and gas company.

Once installed on a Windows machine, Nanocore allows for remote control and monitoring of the computer. In interviews with The Daily Beast earlier this year, Huddleston insisted that he wrote the $25 program as a legitimate remote administration tool for budget-conscious school IT administrators, tech support firms, and parents keeping watch over their kids, and he suggested the FBI and federal prosecutors were targeting him unfairly.

“I’ve had a change of perspective,” he told The Daily Beast following his plea Tuesday. He admits now that he intended Nanocore to be a hacking tool. “I think I made all of these compromises, and ultimately I made bad choices, and it was used by malicious actors… I’m ready to accept responsibility and do what I can to make things right.”

In a statement of facts accompanying Tuesday’s plea, Huddleston stipulated that he “knowingly and intentionally aided and abetted thousands of unlawful computer intrusions” in selling the program to hackers and that he “acted with the purpose of furthering these unauthorized computer intrusions and causing them to occur.”

Huddleston also took responsibility for a software licensing system he operated that was used by another defendant, Zachary Shames, to sell thousands of copies of a covert keystroke logging program.

Under federal sentencing guidelines Huddleston faces anywhere from 10 months to 10 years incarceration, depending on the financial losses to victims, as well as forfeiture of a $60,000 home he bought in Hot Springs, Arkansas, with money from his software business.

Huddleston is scheduled for sentencing on Dec. 8 in Alexandria, Virginia.