Marcus Hutchins, the British cyber security expert who helped stop the spread of WannaCry ransomware in May, has been arrested by the FBI for creating and distributing a malicious banking malware.
Marcus Hutchins was arrested in the U.S. after he attended the Black Hat and Def Con cyber-security conferences in Las Vegas.
Well-known for providing a code that helped save millions of computers across the world from the WannaCry ransomware, British malware researcher Marcus Hutchins was arrested by the FBI on Wednesday at the Las Vegas airport.
Hutchins was returning to the country after attending the Black Hat and Def Con cyber-security conferences in Las Vegas earlier this week. Both his family and researchers who were in touch with him have expressed shock over his indictment.
Hutchins' arrest follows a six-count indictment pronounced by a grand jury in the Eastern District of Wisconsin on his role in creating a banking trojan and abetting its spread. The UK's National Cyber Security Centre has refrained from commenting on his arrest but said it is aware of the situation.
Hutchins is accused of actively using and spreading Kronos, a malicious banking malware that was used between July 2014 and July 2015 by hackers to steal banking passwords and financial data. The malware can be injected into devices since it can disguise itself as a legitimate software, thereby avoiding malware detection mechanisms in various operating systems.
The charges against Marcus Hutchins include conspiracy to violate the Computer Fraud and Abuse Act, selling and advertising wiretapping devices, and aiding and abetting a hacking attempt. The indictment also says that he and his accomplice charged between $2,000 (£1,523) and $3,000 (£2,284) for Kronos malware samples.
"Marcus Hutchins... a citizen and resident of the United Kingdom, was arrested in the United States on 2 August, 2017, in Las Vegas, Nevada, after a grand jury in the Eastern District of Wisconsin returned a six-count indictment against Hutchins for his role in creating and distributing the Kronos banking Trojan. The charges against Hutchins, and for which he was arrested, relate to alleged conduct that occurred between in or around July 2014 and July 2015," said the U.S. Department of Justice.
Hutchins' mother has expressed 'outrage' over his indictment and said that she has no information on his whereabouts. She added that he was a dedicated malware researcher who spent enormous amounts of time in researching and combating malware attacks. Hutchins also garnered huge coverage from the press after the WannaCry ransomware was stopped.
NCA aims to pull back teenagers from engaging in cyber-crime
As of May, Hutchins was working for Kryptos Logic, a U.S.-based intelligence threat firm and also worked with British government agencies in detecting and containing various forms of malware. After he became a celebrity in May, he feared that he would be targeted some day since he was a security blogger.
'A security blogger had people send heroin to his house and try to frame him after his identity was leaked and he even had death threats. I've seen posts about the terrible things people have done to him and for me in future it could be the same things,' he told the Daily Mail.
The FBI also arrested another person who has been named as a co-defendant and is accused of putting the Kronos malware for sale on AlphaBay, a Dark Net marketplace that was recently taken down in a joint operation by the FBI, the Dutch Police and other European law enforcement agencies.
Proofpoint's security researcher Ryan Kalember believes that the FBI may have wrongly arrested Hutchins since it is possible that he became involved with hackers behind the banking trojan to gain more information about it.
"For a researcher looking into the world of banking hacks, sometimes you have to at least pretend to be selling something interesting to get people to trust you. It’s not an uncommon thing for researchers to do and I don’t know if the FBI could tell the difference,” he says. After the Kronos malware became popular in 2014, Hutchins sent out a public tweet requesting for a sample.