Cyber community in shock as WannaCry ‘hero’ arrested

04 Aug 2017

1

A self-taught computer-security researcher credited with stopping a devastating WannaCry cyberattack that crippled British hospitals and spread across the globe in May has been arrested on charges that he created malware used to hack banking systems and collect passwords in Canada and Europe, US authorities said.

Marcus Hutchins was detained in Las Vegas on his way back to Britain from an annual gathering of hackers and information security gurus. A grand jury indictment charged Hutchins with creating and distributing malware known as the Kronos banking Trojan.

Hutchins, who started blogging under the pseudonym MalwareTech when he was a teenager, was arrested on Wednesday, the Justice Department said in a statement. Court documents unsealed on Thursday show he was indicted in July on several charges of computer misconduct relating to the creation and distribution of Kronos, a type of malicious program that steals usernames and passwords for banking websites from infected machines.

Such malware infects web browsers, then captures usernames and passwords when an unsuspecting user visits a bank or other trusted location.

Hutchins' arrest came as a shock to the cybersecurity industry, which was coming off its biggest week of the year at the Black Hat and Def Con conferences in Las Vegas, which Hutchins had attended. Among white-hat security researchers, who hack technologies to find ways to fix them, Hutchins was a hero. They hailed his quick thinking in neutralizing the WannaCry ransomware just hours into a fast-spreading attack in May that threatened not just computer systems but also potentially lives.

WannaCry infected about 300,000 computers in 150 countries, locking users out unless they paid a ransom in bitcoin. Victims included the UK's National Health Service, whose hospitals were disrupted, as well as FedEx Corp, Nissan Motor Co. and Renault. Hutchins found a clever way to stop the attack by registering an Internet domain that served as a 'kill switch' for the malware, a secret that was hidden in its code.

The indictment, filed in a Wisconsin federal court last month, alleges that Hutchins and another defendant, whose name is redacted, conspired between July 2014 and July 2015 to advertise the availability of the Kronos malware on internet forums, sell the malware and profit from it. The indictment also accuses Hutchins of creating the malware.

A court hearing was scheduled for Hutchins on Thursday afternoon in Las Vegas. It was not immediately clear if he has a lawyer.

Eva Galperin, director of cybersecurity for the Electronic Frontier Foundation, said Thursday the San Francisco-based legal advocacy group is trying to reach out to Hutchins.

 ''The EFF is deeply concerned about the arrest of Marcus Hutchins'' said Jeanne Carstensen, a spokeswoman for the group. ''We are looking into the matter, and are reaching out to Hutchins.''

According to federal investigators, in 2014 and 2015, more than a year before the WannaCry outbreak, Hutchins wrote the Kronos malware, advertised it for sale in online hacker forums and split thousands of dollars in profits with at least one other defendant, whose name was redacted in the indictment.

While Kronos is one of many widely used forms of banking Trojans, Hutchins is accused of being a supplier, and not actually hacking people's computers to install the malware.

The arrest appears linked to the FBI's shutdown of a notorious online criminal marketplace called AlphaBay, where Hutchins is accused of selling the Kronos malware. The Justice Department announced late last month that it had dismantled the site, which it said had 200,000 users and 40,000 sellers. The site had hundreds of thousands of listings for drugs, guns, fake IDs and hacker tools. The alleged founder, a 26-year-old Canadian living in Thailand named Alexandre Cazes, was found dead in his jail cell shortly after his arrest, in an apparent suicide.

The language in the indictment and timing of the allegations suggest that federal investigators used information they learned in the probe of AlphaBay to build the case against Hutchins, who became a reluctant celebrity after news outlets published his real name - 'doxing,' in hacker parlance - following his WannaCry intervention.

His arrest coincides with a conclusion of sorts for the WannaCry attacks. On Thursday, three bitcoin wallets linked to the malware were emptied out, with the tokens divided into smaller amounts and sent to other bitcoin addresses. The wallets held a combined 52 BTC, or about $140,000.

Business History Videos

History of hovercraft Part 3...

Today I shall talk a bit more about the military plans for ...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of hovercraft Part 2...

In this episode of our history of hovercraft, we shall exam...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of Hovercraft Part 1...

If you’ve been a James Bond movie fan, you may recall seein...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of Trams in India | ...

The video I am presenting to you is based on a script writt...

By Aniket Gupta | Presenter: Sheetal Gaikwad

view more