Tech whizz who helped to stop NHS hackers could face 40 years in US jail
THE British IT expert arrested by the FBI months after halting a global cyber-attack that hit the NHS may have been framed, it was claimed yesterday.
Marcus Hutchins faces up to 40 years in jail for allegedly creating software used to raid bank accounts that was sold online for £1,500.
The 23-year- old was hailed a hero in May when he found a way to shut down the WannaCry ‘ransomware’ virus that crippled the NHS and hit more than 300,000 computers in 150 countries.
He was arrested at Las Vegas airport on Wednesday after he left a hacking conference and faces trial for allegedly making a program that infects web browsers and captures computer users’ passwords and personal information.
Computer security experts said yesterday that a co-defendant in the conspiracy between July 2014 and July 2015, whose name has been redacted from the six- count indictment, may have framed the keen surfer from Ilfracombe, Devon.
Mr Hutchins is accused of creating and transmitting the program called Kronos. His co-defendant is accused of advertising and selling it on the dark web marketplace AlphaBay, which was shut down last month.
Jake Williams, a cybersecurity researcher and the president of Rendition Infosec, speculated that the co-defendant might have framed Mr Hutchins in exchange for a plea deal.
And computer security expert Rob Graham questioned why the co- defendant’s name has been redacted. ‘Maybe the other guy testified against him,’ he said. Mr Hutchins’s mother Janet has said it is ‘hugely unlikely’ her son was involved because he had spent ‘enormous amounts of time’ combating the kind of attack of which he is accused.
Yesterday she said she has been advised by the Foreign Office to avoid making any statements.
‘I can’t say anything because anything I say could hinder my son’s chances in court and it could be used against him,’ she said.
Mr Hutchins – who is known online by the name MalwareTech – works for Los Angeles-based computer security firm Kryptos Logic where he watches for attacks and works to thwart them.
He had been partying before his arrest and had posted photos on Twitter of an orange Lamborghini and a red Corvette sports car that he rented for £460 a day.
Yesterday an attorney who specialises in computer crime ques- tioned the decision to prosecute him. Tor Ekeland said: ‘I think it’s bizarre that the United States government has chosen to prosecute somebody who’s arguably their hero in the WannaCry malware attack and potentially saved lives and hundreds of thousands, if not millions, of dollars, over the sale of alleged malware for two thousand dollars.
‘This creates a disincentive for anybody in the information security industry to co- operate with the government.’
Naomi Colvin, from civil liberties campaign group Courage, warned: ‘The US treats hackers far worse than other countries do, with much longer prison sentences, a dearth of vital health care and rampant solitary confinement.’
Praising Mr Hutchins for stopping the WannaCry attack, she added: ‘The malware closed hospitals in the UK, becoming the first ransomware attack to represent an actual threat to life.
‘ In halting the spread of WannaCry before the US woke up, MalwareTech did the world an enormous service – and to American businesses in particular.’
‘This creates a disincentive’