FROM HERO TO CRIMINAL
Computer expert who defeated ‘Wannacry’ held for allegedly creating, selling malware
ASELF-TAUGHT computer-security researcher credited with stopping a devastating cyberattack that crippled British hospitals in May was arrested on charges that he created malware used to hack banking systems in Canada and Europe, said United States authorities.
Marcus Hutchins, who started blogging under the pseudonym MalwareTech when he was a teenager, was arrested in Las Vegas on Wednesday, said the US Department of Justice.
Court documents unsealed on Thursday showed he was indicted last month on several charges of computer misconduct relating to the creation and distribution of the Kronos banking Trojan, a type of malicious software that steals usernames and passwords for banking websites from infected machines.
Hutchins’s arrest came as a shock to the cybersecurity industry, which was coming off its biggest week of the year at the Black Hat and Def Con conferences in Las Vegas, which Hutchins had attended.
Among white-hat security researchers, who hack technologies to find ways to fix them, Hutchins was a hero. They hailed his quick thinking in neutralising the WannaCry ransomware hours into a fast-spreading attack in May.
WannaCry infected about 300,000 computers in 150 countries, locking users out unless they paid a ransom in bitcoin. Victims included the United Kingdom’s National Health Service, whose hospitals were disrupted, as well as FedEx Corp, Nissan Motor Co and Renault.
Hutchins found a clever way to stop the attack by registering an Internet domain that served as a “kill switch” for the malware.
According to federal investigators, in 2014 and 2015, more than a year before the WannaCry outbreak, Hutchins wrote the Kronos malware, advertised it for sale in online hacker forums and split thousands of dollars in profits with at least one other defendant, whose name was redacted in the indictment.
While Kronos is one of many widely used forms of banking Trojans, Hutchins is accused of being a supplier, and not actually hacking people’s computers to install the malware.
Tor Ekeland, a US attorney who specialises in cyber crime, told the BBC yesterday that Hutchins faced six felony charges, with up to 40 years in jail.
“It seems to be suggesting that writing software of this type is a felony, which is problematic for the information software industry,” he said. Bloomberg
Marcus Hutchins, who neutralised the WannaCry ransomware in May, has been accused of developing Kronos, a type of malicious software that steals usernames and passwords for banking websites from infected machines in 2015.