23-year-old Marcus Hutchins, also known as the MalwareTech, is a British cyber security researcher best known for neutralizing the “WannaCry” ransomware attack. An employee of Kryptos Logic, a Los Angeles based company that fights against cyber attacks, he is also accused of selling malicious code used to hack banking and credit card information, crimes for which Hutchins was indicted on July 12. Hutchins was arrested at Las Vegas’ McCarran International Airport following the Black Hat and Def Con security conventions during a sting operation. Once behind bars at the Nevada Southern Detention Center, Las Vegas based U.S. Magistrate Judge Nancy Koppe set his bail at $30,000.
Despite a request from the prosecutor, Dan Cowhig, that Hutchins remain behind bars because he is a “danger to the public,” Hutchins’ attorney, Adrian Lobo, said her client has since been released to Wisconsin, where he will face a six-count indictment against him filed in U.S. District Court. Believing he was wrongfully accused, support for his bail was offered by friends and family, as well as individuals in the cyber community all around the world. Hutchins, of Ilfracombe, England, will be barred from computer use or Internet access and has had to surrender his passport. He will have to stay stateside and is being monitored by GPS.
Hutchins has specifically been accused of creating, advertising, distributing, and profiting from the “Kronos” malware code over a year-long span between July 2014 and 2015. Kronos was downloaded by unsuspecting computer users, leaving their systems open to banking and credit card theft. He also faces charges of attempting to intercept electronic communications and trying to access a computer without authorization. If found guilty, Hutchins could face decades in federal prison.
“He admitted he was the author of the code of Kronos malware and indicated he sold it,” Cowhig said, adding that other evidence includes chat logs between Hutchins and a still at-large co-defendant during which Hutchins discusses a transaction and how disappointed he was in the offer received for selling the malicious code. Prosecutors said Hutchins’ co-defendant successfully sold the software for 2,000 dollars in June 2015.
Lobos stated she and her client would fight the case and Hutchins would enter not guilty pleas to all the counts. She adds, “He has dedicated his life to researching malware, not trying to harm people. Use the internet for good is what he has done.” His mother, Janet, said it was “hugely unlikely” her son was involved in the alleged crimes, stating he spends much of his time trying to put a stop to malware attacks.
Hutchins gained overnight super stardom status in the hacking community when he discovered a way to disable the WannaCry worm which infected thousands of computers internationally in May, causing the networks of some very needed public services to crash, including hospitals and schools. After being praised for saving those affected in more than 150 countries, Hutchins was quoted as saying, “I’m definitely not a hero. I’m just someone doing my bit to stop botnets.”