Wannacry hacking hero admitted writing bank malware, says US
THE British computer expert who helped shut down the Wannacry cyber-attack on the NHS admitted once writing code that was used to harvest bank details, according to documents filed with a US court.
Marcus Hutchins is alleged to have said in a phone call from prison that he had written code as a teenager that was used to create malicious software for stealing banking details.
The 23-year-old from Ilfracombe, Devon, has been accused of creating and distributing malware known as Kronos. He denies all six charges brought against him but faces 40 years in prison if convicted. His lawyers argue that details of the phone call are inadmissible as evidence because he had been “coerced” by investigators.
Mr Hutchins was arrested by FBI agents in a first-class lounge at Mccarran International Airport in Las Vegas in August last year as he waited to fly back to the UK after attending a computer security conference. Documents lodged by US prosecutors on Tuesday contain a transcript of a telephone call made from jail hours after his arrest.
Mr Hutchins is alleged to have said: “So I wrote code for a guy a while back who then incorporated it into a banking malware, so they have logs of that, and essentially they want to know my part of the banking operation or if I just sold the code on to some guy... once they found I sold the code to someone, they wanted me to give them his name, and I don’t actually know anything about him.”
Logs of an online chat also reportedly showed he had given “compiled binary” to someone to repay a debt of “about five grand”. It arose from a software glitch that meant Hutchins had allegedly lost Bitcoins he was holding on behalf of another person.
It was Hutchins’s quick thinking in May last year that slowed the effects of the Wannacry virus that hit more than 300,000 computers in 150 countries, when he found a “kill-switch”.