SURF DUDE WHO SAVED THE DAY
‘Half-Scottish’ self-taught web geek hailed a hero for foiling virus
A YOUNG computer expert living in a seaside town was hailed a hero last night for stopping the huge worldwide cyber ransom attack.
Working from his home on the south coast of England during a week’s holiday, it took the 22year-old just a few hours to find a critical weakness in the software that hit tens of thousands of PCs.
Completely self-taught, he used his technical skills to successfully stop the ransomware spreading any further and after announcing what he had done online he was inundated with messages of praise and thanks.
But last night he tried to play down his heroics, insisting he had only halted the cyber attack accidentally.
‘Saying I’ve saved lives is a bit drastic, but I’ve definitely saved a few people a pretty penny,’ he told The Mail on Sunday.
The man is only known publicly as Malware Tech, but his public messages on social network Twitter provide a revealing insight into his background.
Half-Scottish, one of his parents is a nurse and he was born in June 1994.
He now lives in a Victorian house in South-West England, where he has constructed an impressive array of computer screens and servers he uses to play the latest games as well as for work.
‘I’m not a graduate. I had planned to go to university but ended up getting offered a job in security a year prior, so I took it,’ he said. ‘I’m completely selftaught so in hindsight university would probably not have been worth the time or money.’
He started working for a ‘private intel threat firm’ based in Los Angeles a year ago, investigating the latest malicious computer software released by criminals and hackers.
But he still lives and works in Britain – partly because he likes being close to the sea.
‘I love to surf in my free time so that vastly limits where I’d like to live,’ he told a friend online last year. On another occasion, he posted a photo of the coastline and wrote: ‘I could move to a city, but where in a city would I get this view?’
Last summer, he travelled to the US for the first time to attend a ‘hacker convention’ called
Defcon in Las Vegas. ‘Supposedly it’s going to be 43C on the day I land in Vegas, but the melting point of British people is 30C,’ he joked online.
Malware Tech said he had been ‘super worried that I’m too nerdy for Vegas’ but ended up having ‘so much fun’. His friends posted Twitter photos of them drinking together at hotel room parties and sightseeing in a Ferrari and Lamborghini.
Then last week, he found himself at the forefront of attempts to stop the ransomware attack that crippled the NHS. Friday was ‘supposed to be part of my week off’, he wrote online, but after lunch with a friend he looked up a British cyber threatsharing platform and saw it had been ‘flooded’ with posts about NHS systems across the country being hit by ransomware – software that allows criminals to freeze a computer remotely then demand money to restore its data.
As security agencies, hospital IT managers and major companies around the world struggled to deal with the effects of the cyber attack known as WannaCrypt, Malware Tech calmly examined the computer code behind it. He discovered that it included an unusual reference to a website address that nobody owned, so he purchased the address for £8.30 and pointed it at a ‘sinkhole’ server in Los Angeles.
Online, he explained this is part of his ‘standard model’ to track the spread of a computer ‘infection’.
But, unexpectedly, his registration of the website ‘in fact prevented the spread of the ransomware and prevented it ransoming any new computer’.
It is possible criminals behind the malicious software included the website reference for testing, but forgot to remove it, leaving a fatal flaw that Malware Tech alone was able to exploit.
He added, however, that cyber criminals can easily correct the program and try it again.
‘Our sinkholing [redirecting traffic to a different website] only stops this sample and there is nothing stopping them removing the domain check and trying again, so it’s incredibly important that any unpatched systems are patched as quickly as possible.’