Marcus Hutchins, the malware researcher who was indicted in the U.S. for creating and distributing a banking trojan, rented a $1,900 per night mansion, drove supercars, flew a helicopter and went clubbing with his friends shortly before his arrest.
Marcus Hutchins didn't go to university but set up his own servers and devoted all his time to live his dream as a cyber expert.
Aged just 22, Marcus Hutchins was a nobody until May when it turned out that he had activated a kill switch that ceased WannaCry ransomware operations across the world. Until then, he considered himself a cyber geek with a lot of passion towards malware detection as well as spending the rest of his time in the company of friends.
Following his discovery of the kill switch, Hutchins drew instant and widespread media attention and pictures of his bedroom, his friends, his pizzas and his computers flooded the Internet in no time.
Marcus hated all the attention and told reporters that he never wanted to become a celebrity. He even expressed fear that he would be targeted since he is now a popular security blogger.
'A security blogger had people send heroin to his house and try to frame him after his identity was leaked and he even had death threats. I've seen posts about the terrible things people have done to him and for me in future it could be the same things,' he told the Daily Mail.
However, despite his reservations about having a public profile, Hutchins partied as hard as he worked on his passion. His Twitter account is filled with pictures of clubs, pizzas, lots of drinks, beaches and fancy cars.
“Mostly what I do is tech but I also do surfing and a bit of travelling. I work as much as I want to work, essentially. I’m only a fan of pizza because I can ring and it turns up, whereas if I cook something I have to spend 20 minutes cooking,” he told the Mail.
Hutchins never went to university but turned his hobby of being a cyber expert into a profession. He is now working for Kryptos Logic, a U.S.-based intelligence threat firm and also works with the UK's National Cyber Security Centre in discovering and containing new strains of malware.
Late last night, Hutchins had his second brush with intense media attention but for an altogether different reason. While heading back to London from Las Vegas, he was arrested by the FBI after being indicted by a U.S. court for creating and distributing Kronos, a banking Trojan that is used by cyber criminals to steal banking passwords and other financial information.
The charges against Hutchins include conspiracy to violate the Computer Fraud and Abuse Act, selling and advertising wiretapping devices, and aiding and abetting a hacking attempt. The indictment also says that he and his accomplice charged between $2,000 (£1,523) and $3,000 (£2,284) for Kronos malware samples.
His arrest has come as a shock to his friends as well as security researchers who have worked with him. A number of his friends have said that his passion was to find malware and not to create one. His mother has expressed 'outrage' over his indictment and said that he was a dedicated malware researcher who spent enormous amounts of time in researching and combating malware attacks.
According to The Outline, even though Hutchins was in Las Vegas this week to attend two cyber security conferences in the city, he expressed no intention of attending the conferences when they spoke to him prior to his arrest. The publication added that all Hutchins wanted to do was to hang out with his friends before he returned.
In Las Vegas, Hutchins and seven of his friends rented a $5 million mansion which featured the largest private pool in the city and which cost them $1900 per night. He also rented supercars, flew a helicopter, went clubbing, and fired guns at a shooting range.
A number of cyber security experts are implying that Hutchins' arrest could be a result of mistaken identity. According to Ryan Kalember, a security researcher at Proofpoint, malware researchers have to dig deep and interact in malware-selling forums to find out what they need to know. As such, they end up leaving as much footprint as any other malware developer or seller.
“This could very easily be the FBI mistaking legitimate research activity with being in control of Kronos infrastructure. Lots of researchers like to log in to crimeware tools and interfaces and play around. It’s not an uncommon thing for researchers to do and I don’t know if the FBI could tell the difference,” he said.
The question of how involved Hutchins was with the creation and distribution of the Kronos banking Trojan will be answered once the FBI completes its investigation and a U.S. grand jury delivers its verdict.