IT pro who helped stop vast cy­ber­at­tack ar­rested

Bri­tish re­searcher ac­cused of making, selling mal­ware.

Austin American-Statesman - - MORE OF TODAY’S TOP NEWS - By Ken Rit­ter and Matt O’Brien

Mar­cus Hutchins, a young Bri­tish re­searcher cred­ited with de­rail­ing a global cy­ber­at­tack in May, has been ar­rested for al­legedly cre­at­ing and dis­tribut­ing ma­li­cious soft­ware de­signed to col­lect bank-ac­count pass­words, U.S. au­thor­i­ties said Thurs­day.

Hutchins was de­tained in Las Ve­gas on his way back to Bri­tain from an an­nual gathering of hack­ers and in­for­ma­tion se­cu­rity gu­rus. A grand jury in­dict­ment charged Hutchins with cre­at­ing and dis­tribut­ing mal­ware known as the Kronos bank­ing Tro­jan.

Such mal­ware in­fects web browsers, then cap­tures user­names and pass­words when an un­sus­pect­ing user vis­its a bank or other trusted lo­ca­tion.

News of Hutchins’ de­ten­tion came as a shock to the cy­ber­se­cu­rity com­mu­nity. Many had ral­lied be­hind the re­searcher whose quick think­ing helped con­trol the spread of the Wan­naCry at­tack that crip­pled thou­sands of com­put­ers last May.

The in­dict­ment, filed in a Wis­con­sin fed­eral court last month, al­leges that Hutchins and an­other de­fen­dant — whose name is redacted — con­spired from July 2014 and July 2015 to ad­ver­tise the avail­abil­ity of the Kronos mal­ware on in­ter­net fo­rums, sell the mal­ware and make money off it. The in­dict­ment also ac­cuses Hutchins of cre­at­ing the mal­ware.

Au­thor­i­ties said the mal­ware was first made avail­able in early 2014, and “mar­keted and dis­trib­uted through Al­phaBay, a hidden ser­vice on the Tor net­work.” The U.S. Depart­ment of Jus­tice announced in July that the Al­phaBay “dark­net” mar­ket­place was shut down af­ter an in­ter­na­tional law en­force­ment ef­fort.

The Elec­tronic Fron­tier Foun­da­tion, a San Francisco-based dig­i­tal rights group, said it was “deeply con­cerned” about Hutchins’ ar­rest and was at­tempt­ing to reach him.

Hutchins re­cently at­tended Def Con, an an­nual cy­ber­se­cu­rity con­fer­ence in Las Ve­gas that ended Sun­day. On Wed­nes­day, Hutchins made some rou­tine com­ments on Twitter that sug­gested he was at an air­port get­ting ready to board a plane for a flight home. He never left Ne­vada.

A Jus­tice Depart­ment spokesman con­firmed the 22-year-old Hutchins was ar­rested Wed­nes­day in Las Ve­gas. Of­fi­cer Ro­drigo Pena, a po­lice spokesman in Hen­der­son, near Las Ve­gas, said Hutchins spent the night in fed­eral cus­tody in the city lockup.

An­drew Mab­bitt, a Bri­tish dig­i­tal se­cu­rity spe­cial­ist who had been stay­ing with Hutchins, said he and his friends grew wor­ried when they got “ra­dio si­lence” from Hutchins for hours.

Mab­bitt said he even­tu­ally found Hutchins’ name on a de­ten­tion center website.

One le­gal scholar who spe­cial­izes in study­ing com­puter crime said it’s un­usual, and prob­lem­atic, for pros­e­cu­tors to go af­ter some­one sim­ply for writ­ing or selling mal­ware — as op­posed to us­ing it to fur­ther a crime.

“This is the first case I know of where the gov­ern­ment is prose­cut­ing some­one for cre­at­ing or selling mal­ware but not ac­tu­ally us­ing it,” said Orin Kerr, a law pro­fes­sor at Ge­orge Wash­ing­ton Univer­sity.

FRANK AUG­STEIN / AS­SO­CI­ATED PRESS

Bri­tish IT ex­pert Mar­cus Hutchins was ar­rested Wed­nes­day in Las Ve­gas just be­fore he was to fly home to Eng­land. A fed­eral in­dict­ment ac­cuses him of making and selling mal­ware.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.