Expert who disabled ‘WannaCry’ cyber attack indicted over bank malware ‘Kronos’
On Thursday an indictment filed in the US District Court in Wisconsin accused Marcus Hutchins, 23, of advertising, distributing and profiting from a malware code called “Kronos.” The indictment states that Hutchins allegedly took part in the illegal activity from July 2014 to July 2015.
Hutchins, also known as “MalwareTech” online, gained prominence in May for finding a "kill switch" which disabled the WannaCry bug. He was detained by the FBI in Las Vegas Wednesday.
Hutchins faces six counts, including conspiracy to commit offense or to defraud US; fraud and related activity in connection with computers; interception and disclosure of wire,oral, or electronic communications prohibited; manufacture, distribution, possession and advertising of wire, oral, or communication intercepting devices prohibited.
He was indicted with an unnamed co-defendant on July 12. However, the case remained under seal until Thursday, according to a US Justice Department spokesman and reported by Reuters.
Hutchins was detained just days after he and thousands of others made their way to Las Vegas for the annual hacker Black Hat and Def Con conventions. He was being held at the Henderson Detention Center in Nevada early Thursday. A few hours later, he was moved to another facility, an unnamed friend of Hutchins told Motherboard.
“We still don't know why Marcus has been arrested and now we have no idea where in the US he's been taken to and we're extremely concerned for his welfare,” the friend said.
The Kronos malware is downloaded from email attachments, causing victims’ systems to be vulnerable to theft relating to their banking and credit card credentials. Kronos was used to steal banking information in Canada, Germany, Poland, France, the United Kingdom and other countries.
Allegations in the indictment state that an unidentified co-defendant in the case advertised the Kronos malware on AlphaBay, a dark web marketplace which authorities took offline last month. Investigators stated that the site allowed anonymous users to participate in the global trade of drugs, firearms, hacking tools and other illegal goods.
The founder of the cyber firm, Fidus Information Security, Andrew Mabbit, who went to the conference in Las Vegas with Hutchins, said on Twitter that he was working on acquiring a lawyer for Hutchins because he does not currently have one.
“I refuse to believe the charges against @MalwareTechBlog,” Mabbit tweeted. “He spent his career stopping malware, not writing it.”
In the cyber community, Hutchins was hailed as a hero after he apparently stopped the WannaCry attack that caused disruptions to car factories, hospitals, shops and schools in more than 150 countries and infected hundreds of thousands of computers.