Marcus Hutchins arrest: Computer expert who ‘helped to end NHS cyber attack’ charged with malware offences in US

The 22-year-old computer expert is detained on charges of creating and distributing Trojan malware

Emily Shugerman
New York
Thursday 03 August 2017 19:50
comments
British IT expert Marcus Hutchins who has been branded a hero for slowing down the WannaCry global cyber attack, sits at his workstation during an interview in Ilfracombe, England
British IT expert Marcus Hutchins who has been branded a hero for slowing down the WannaCry global cyber attack, sits at his workstation during an interview in Ilfracombe, England

A British computer expert who helped shut down the WannaCry cyber attack that crippled the NHS has been arrested in the US for his alleged role in an unrelated malware attack.

Marcus Hutchins, also known as MalwareTech on social media, found a hidden “kill switch” in the WannaCry ransomware virus that hit more than 300,000 computers in 150 countries.

But the 22-year-old has now been charged in connection with a US cybercrime investigation that started long before his WannaCry heroics.

"Marcus Hutchins ... was arrested in the United States on August 2, 2017, in Las Vegas, Nevada, after a grand jury in the Eastern District of Wisconsin returned a six-count indictment against Hutchins for his role in creating and distributing the Kronos banking Trojan," DOJ spokesperson Wyn Hornbuckle said in a statement to The Independent.

The Kronos malware, which is spread through email attachments, is used to steal banking passwords from infected computers. According to the US Attorney for the Eastern District of Wisconsin, the malware has been configured to access credentials from banking systems in Canada, Germany, Poland, France, the UK, and other countries.

The States' Attorney classifies Kronos as an "ongoing threat to privacy and security".

In charges stemming from a two-year federal investigation, Mr Hutchins is accused of creating, selling, and maintaining the malware in collaboration with an unnamed codefendant. The collaborators are accused of spreading the malware via the Alphabay marketplace in the months between July 2014 and July 2015.

The 22-year-old Mr Hutchins was detained by the FBI after a trip to the Def Con hacking conference in Las Vegas, where he reportedly bragged to The Outline about staying in a local real estate mogul's mansion and renting high-end cars.

“Cybercrime remains a top priority for the FBI,” Special Agent in Charge Justin Tolomeo said in a statement. “Cybercriminals cost our economy billions in loses each year. The FBI will continue to work with our partners, both domestic and international, to bring offenders to justice.”

The UK's National Crime Agency confirmed on that a British citizen was being held in the US, but said it was "a matter for the authorities in the US".

Andrew Mabbitt, a cyber security company founder who travelled to the conference with Mr Hutchins, says he does not believe the charges against him.

"He spent his career stopping malware, not writing it," Mr Mabbitt tweeted on Thursday.

In an interview with the website MotherBoard, which first reported the story, friends described a frantic search for Mr Hutchins in the hours after his arrest. They claimed he had been detained at the Henderson Detention Centre in Nevada, and later moved to an undisclosed location.

The detention centre told The Independent it only kept records of current detainees.

“At this point we've been trying to get in contact with Marcus for 18 hours and nobody knows where he's been taken," one friend told MotherBoard. "We still don't know why Marcus has been arrested and now we have no idea where in the US he's been taken to and we're extremely concerned for his welfare."

The UK Foreign Office said they had been in touch with Las Vegas authorities, and were providing assistance to Mr Hutchins family.

Mr Hutchins became an unexpected celebrity after he caused major delays to the spread of the international ransomware attack that affected the NHS, as well as other targets around the world.

He first wrote about finding the Wannacry "kill switch" on his anonymous blog, using the name MalwareTech.

When his identity was revealed, however, the low-profile computer security worker was flooded by interview requests, and even had reporters stake out his house.

"I knew 5 minutes of fame would be horrible but honestly i misjudge just how horrible," he tweeted in May.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments