USA TODAY International Edition
After saving Internet, his life got weird
Marcus Hutchins says media has been rougher on him than hackers
On May 12, a 22year- old security researcher in England inadvertently stopped a worldwide ransomware attack that had hit more than 230,000 computers. The next day, when he posted a blog account of what happened under his Twitter handle, MalwareTech, he was hailed a selfless hero.
Then the attacks came. Not from the hackers who’d launched the original malware but from newspapers and media outlets desperately trying to track down the researcher, later identified as Marcus Hutchins. He found himself having to climb over his back garden wall to avoid reporters staking out his house, his name and address exposed.
“I knew five minutes of fame would be horrible, but honestly I misjudged just how horrible.... British tabloids are super invasive,” he tweeted days later.
The unexpected limelight came from simply doing his job, which is to look for ways to track and potentially stop malware, he wrote in his blog post.
He began by giving extensive credit to others in the close- knit security community who found samples of the ransomware and shared it with him within hours of its appearance.
As he studied it, he realized as soon as the computer code installed itself on a new machine, it tried to send a message to an unregistered Internet address, or domain name. He promptly registered that domain to see what it was up to. The malware, it turned out, was written to ping an unregistered Web address. If it didn’t get back a message saying the address didn’t exist, it would turn itself off. While computers already infected with the ransomware weren’t protected, once the domain was registered, the ransomware stopped spreading.
Hutchins, like many who work in computer security, had strived to keep a low profile. Spending time in murky online precincts populated by Russian gangsters, Asian nation- state organizations and run- of- the- mill cybercriminals does not lend itself to wanting publicity.
Hutchins doesn’t include his name in his blog, and when he first wrote about stopping the WannaCry attack, his name or contact info was nowhere to be found, only his Twitter handle.
Two days after the attack, USA TODAY spoke with his boss at Kryptos Logic, CEO Salim Neino, who said he was doing his best to protect Hutchins’ identity and his health by getting him to sleep.
But the press, especially the British tabloid press, was determined to find him. They began tracking down everything they could find out about him, including showing up at friends’ houses, calling to try to get the name of his girlfriend and eventually turning up at his house.
Being “doxed,” meaning post- ing someone’s personal information online, isn’t an uncommon harassment technique in online circles, said Caleb Barlow, vice president for threat intelligence at IBM Security.
On Twitter, Hutchins wrote that he’d always thought it would be hackers who found and posted his name, address and other personal information, but it “turns out Journalists are 100x better at doxing.”
He eventually decided to give an interview to a London- based Associated Press reporter four days after the attack.
Though now that he’s given up on laying low, Hutchins seems to be open to speaking out. He’ll be giving a keynote address Wednesday at the Copenhagen CyberCrime Conference in Denmark.
“Journalists were definitely far more determined to find me than any hacker ever has been.” Marcus Hutchins