It is more about the total package. nmap and ssh could be used to build a distributed SYN flood tool quite easily. But when you combine all of these features into one tool it shapes a picture of intent that gets harder and harder to argue about.
I have great concern as a person who has built and released software whose only real purpose is to perform MiTM on network traffic. On the other hand, my software isn't popular with criminals and I break software professionally. It would take a lot of effort to package most infosec and computer tools into easy to use hacking tools.
We tread a difficult line here, but at some point there is no charitable interpretation for a software package. I think at the end of the day I still lean in this guy's favor, but he makes it really hard. It was for profit software and I bet if we have the whole back story of evidence it will become even more difficult to defend the author. Intent matters, even with software.
What that sounds like to me is you would consider dozens of individual and potentially malicious packages to be benign, but when brought under one umbrella it is considered to be malicious?
Every feature I've read that is included in that software suite has a good use case with zero malicious intent, and often times can be very useful to white hat hackers and system administrators and security analysts alike. I still don't believe it is fault of the author that black hat hackers are pirating and abusing a useful software suite, especially when it isn't being advertised exclusively towards them and the author has in many ways attempted to mitigate or limit harmful uses and users.
Like a gun manufacturer who offers weapons as believer in home defense and the right to bear arms, only to have criminals steal merchandise and use it to rob a bank. Or the guy who invented dynamite which has great uses such as tunneling through mountains only to have it used for derailing and looting trains. You can kill a man with a pencil; that doesn't mean a 20-pack of pencils was produced with malicious intent. Dangerous use cases don't necessarily mean that is their purpose.
I agree it is a difficult line to tread, and, in my opinion it really boils down to his involvement in the criminal activity itself.
I liken this to weaponizing dynamite. It is a step beyond a simple tool. But still just a tool. The criminal activity matters. Also, this software was marketed toward the black hat community based on other threads here and my own understanding of how this software got its popularity.
I have great concern as a person who has built and released software whose only real purpose is to perform MiTM on network traffic. On the other hand, my software isn't popular with criminals and I break software professionally. It would take a lot of effort to package most infosec and computer tools into easy to use hacking tools.
We tread a difficult line here, but at some point there is no charitable interpretation for a software package. I think at the end of the day I still lean in this guy's favor, but he makes it really hard. It was for profit software and I bet if we have the whole back story of evidence it will become even more difficult to defend the author. Intent matters, even with software.