Not so long ago, Marcus Hutchins, a 23-year-old British security researcher with the blog name “MalwareTech” became an ‘accidental hero’ when he discovered an effective kill switch to stop the biggest unprecedented WannaCry ransomware attack that had crippled thousands of computers. The ransomware spread to more than 300,000 computers across 150 countries around the world in May 2017.
However, this saviour was arrested this Wednesday at the Black Hat and Def Con cyber-security conference as part of an FBI investigation for his alleged involvement in an unrelated malware attack much before his WannaCry heroics, as first reported by Motherboard.
Apparently, Hutchins is involved in creating and distributing malicious software ‘Kronos’, a Russian banking Trojan, through emails with malicious attachments to steal user’s money using credentials such as internet banking passwords, the U.S. authorities said on Thursday.
According to an indictment released by the U.S. Department of Justice, Hutchins faces six counts of helping to create, spread and maintain the banking Trojan Kronos between 2014 and 2015. The indictment alleged that Hutchins “created the Kronos malware” and the other person, who was not named, later sold it for $2,000 online. The malware had been configured to access username and password information on banking websites and was used in Canada, Germany, Poland, France, the UK, and other countries.
“Marcus Hutchins… a citizen and resident of the United Kingdom, was arrested in the United States on 2 August, 2017, in Las Vegas, Nevada, after a grand jury in the Eastern District of Wisconsin returned a six-count indictment against Hutchins for his role in creating and distributing the Kronos banking Trojan,” the US Department of Justice (DoJ) said in a statement.
“The charges against Hutchins, and for which he was arrested, relate to alleged conduct that occurred between in or around July 2014 and July 2015.”
The malware was first made available in early 2014, and “marketed and distributed through AlphaBay, a hidden service on the Tor network,” said the authorities. However, the U.S. Department of Justice in July announced that the AlphaBay “darknet” marketplace was shut down after an international law enforcement effort.
The arrest of Hutchins has created shockwaves in the cyber world leaving many of them baffled. Jake Williams, a respected cybersecurity researcher, said he found it hard to believe Hutchins is guilty. Both of them have worked on various projects, including training material for higher education for which the Briton declined payment.
“He’s a stand-up guy,” Williams said in a text chat. “I can’t reconcile the charges with what I know about him.”
Hutchins was being held at the Henderson Detention Center in Nevada early on Thursday. However, according to a close personal friend, he was moved to another facility a few hours after.
His friend told Motherboard they “tried to visit him as soon as the detention centre opened but he had already been transferred out.”
“I’ve spoken to the US Marshals again and they say they have no record of Marcus being in the system. At this point we’ve been trying to get in contact with Marcus for 18 hours and nobody knows where he’s been taken,” the person added. “We still don’t know why Marcus has been arrested and now we have no idea where in the US he’s been taken to and we’re extremely concerned for his welfare.”
A U.S. Marshals spokesperson told Motherboard in an email, “my colleague in Las Vegas says this was an FBI arrest. Mr. Hutchins is not in U.S. Marshals custody.”
On the other hand, the UK Consulate in New York is “in touch with local authorities in Las Vegas” following Hutchin’s arrest. The UK’s National Cyber Security Center said that “We are aware of the situation. This is a law enforcement matter and it would be inappropriate to comment further.”