WannaCry ‘hero’ arrested on malware charges
'MalwareTech' has been charged with creating malware
The cyber expert who managed to successfully stop the WannaCry ransomware attack on the British National Health Service (NHS) has been arrested in America on charges of being involved in crimes relating to Kronos malware.
Marcus Hutchins, who's from the UK and is known as 'Malware Tech' in the cyber security community, was in America for cyber defence conference Def Con.
The US department of justice has confirmed that Hutchins, aged 23, “was arrested in the United States on 2 August, 2017, in Las Vegas, Nevada, after a grand jury in the Eastern District of Wisconsin returned a six-count indictment against Hutchins for his role in creating and distributing the Kronos banking Trojan”.
Kronos was a malware that harvested people’s bank login details in order to steal money from their accounts. The malware was offered for purchase on cybercriminal forums in 2014 for the not-insignificant sum of $7,000 (£4,100 by the time’s conversion rates).
The true meaning of Trojan
Given Hutchins’ involvement in the cyber security community, this arrest has come as a surprise – particularly to his mother, who told the Press Association that she had been “frantically calling America” to try and contact her son.
As reported by The Guardian, Hutchins was revealed to be working out of his family home when he managed to stop the WannaCry malware attack on the NHS earlier this year.
At the time, there was something of an outcry in the cyber community that someone who was hailed as a hero was 'doxxed' (a term used to refer to the disclosure of personal information about a user) by the mainstream media who were commending him.
Get the best Black Friday deals direct to your inbox, plus news, reviews, and more.
Sign up to be the first to know about unmissable Black Friday deals on top tech, plus get all your favorite TechRadar content.
Hutchins managed to stop the attack by registering the domain that the malware was trying to contact. On his blog, where he details his actions during the attack, he posits that the URL was being used for the malware to establish whether it was being ‘sandboxed’ (a technique whereby elements of a computer system are kept siloed from other sections for safety).
According to Digital Trends: “A court hearing is expected to take place on Friday aimed at organizing his legal representation.”
- Enhance your security by nabbing the best Ultrabook
Andrew London is a writer at Velocity Partners. Prior to Velocity Partners, he was a staff writer at Future plc.