FROM HERO TO CRIM­I­NAL

Com­puter ex­pert who de­feated ‘Wan­nacry’ held for al­legedly cre­at­ing, sell­ing mal­ware

New Straits Times - - Business -

ASELF-TAUGHT com­puter-se­cu­rity re­searcher cred­ited with stop­ping a dev­as­tat­ing cy­ber­at­tack that crip­pled Bri­tish hos­pi­tals in May was ar­rested on charges that he cre­ated mal­ware used to hack bank­ing sys­tems in Canada and Europe, said United States au­thor­i­ties.

Mar­cus Hutchins, who started blog­ging un­der the pseu­do­nym Mal­wareTech when he was a teenager, was ar­rested in Las Ve­gas on Wed­nes­day, said the US Depart­ment of Jus­tice.

Court doc­u­ments un­sealed on Thurs­day showed he was in­dicted last month on sev­eral charges of com­puter mis­con­duct re­lat­ing to the cre­ation and dis­tri­bu­tion of the Kronos bank­ing Tro­jan, a type of ma­li­cious soft­ware that steals user­names and pass­words for bank­ing web­sites from in­fected ma­chines.

Hutchins’s ar­rest came as a shock to the cy­ber­se­cu­rity in­dus­try, which was com­ing off its big­gest week of the year at the Black Hat and Def Con con­fer­ences in Las Ve­gas, which Hutchins had at­tended.

Among white-hat se­cu­rity re­searchers, who hack tech­nolo­gies to find ways to fix them, Hutchins was a hero. They hailed his quick think­ing in neu­tral­is­ing the Wan­naCry ran­somware hours into a fast-spread­ing at­tack in May.

Wan­naCry in­fected about 300,000 com­put­ers in 150 coun­tries, lock­ing users out un­less they paid a ran­som in bit­coin. Vic­tims in­cluded the United King­dom’s Na­tional Health Ser­vice, whose hos­pi­tals were dis­rupted, as well as FedEx Corp, Nis­san Mo­tor Co and Re­nault.

Hutchins found a clever way to stop the at­tack by reg­is­ter­ing an In­ter­net do­main that served as a “kill switch” for the mal­ware.

Ac­cord­ing to fed­eral in­ves­ti­ga­tors, in 2014 and 2015, more than a year be­fore the Wan­naCry out­break, Hutchins wrote the Kronos mal­ware, ad­ver­tised it for sale in on­line hacker fo­rums and split thou­sands of dol­lars in prof­its with at least one other de­fen­dant, whose name was redacted in the in­dict­ment.

While Kronos is one of many widely used forms of bank­ing Tro­jans, Hutchins is ac­cused of be­ing a sup­plier, and not ac­tu­ally hack­ing peo­ple’s com­put­ers to in­stall the mal­ware.

Tor Eke­land, a US at­tor­ney who spe­cialises in cy­ber crime, told the BBC yes­ter­day that Hutchins faced six felony charges, with up to 40 years in jail.

“It seems to be sug­gest­ing that writ­ing soft­ware of this type is a felony, which is prob­lem­atic for the in­for­ma­tion soft­ware in­dus­try,” he said. Bloomberg

BLOOMBERG PIC

Mar­cus Hutchins, who neu­tralised the Wan­naCry ran­somware in May, has been ac­cused of de­vel­op­ing Kronos, a type of ma­li­cious soft­ware that steals user­names and pass­words for bank­ing web­sites from in­fected ma­chines in 2015.

Newspapers in English

Newspapers from Malaysia

© PressReader. All rights reserved.