THE BRITISH INFOSEC BOD credited with halting the WannaCry ransomware outbreak in May has been arrested by the FBI and indicted "for his role in creating and distributing the Kronos banking Trojan"
Marcus Hutchins, who works for works for security research outfit Kryptos Logic but is better known by his Twitter moniker @MalwareTechBlog, was arrested at the airport in Las Vegas as he sought to board a plane home from Def Con.
The Department of Justice (DoJ) confirmed: "The charges against Hutchins, and for which he was arrested, relate to alleged conduct that occurred between in or around July 2014 and July 2015."
The UK's National Cyber Security Centre is aware of the situation, according to the BBC, while a spokesman for the Foreign and Commonwealth Office told INQ: "We are in touch with local authorities in Las Vegas following reports of a British man being arrested."
The DoJ indictment is dated 12 July and claims that Hutchins created the Kronos banking Trojan and sold it over hacking internet forums, including the AlphaBay dark web market, which was shut down this summer.
Salim (CEO) has been as useful as a chocolate teapot. No help there.— Andrew Mabbitt (@MabbsSec) August 3, 2017
Hutchins, 23, is a self-taught 'white hat' hacker. Friends and acquaintances expressed surprise at the arrest and suggested that the FBI had made a colossal mistake.
Security architect Kevin Beaumont tweeted: "Kronos is a banking BOTNET. MalwareTech's business is *tracking* botnets," adding, "It looks like the US justice system has made a huge mistake."
This is Kronos builder, it looks like the US justice system has made a huge mistake. pic.twitter.com/2WGQVjFgED— Kevin Beaumont (@GossiTheDog) August 3, 2017
Beaumont also pointed out that Kronos was a Russian banking botnet, and it's unlikely that Hutchins is as proficient in Russian as he is at computing. However, the indictment also includes a conspirator whose identity has been redacted in the indictment.
Mabbitt, meanwhile, tweeted: "I refuse to believe the charges against @MalwareTechBlog, not the MT [MalwareTech] I know at all. He spent his career stopping malware, not writing it."
However, the indictment is quite clear in its accusations: "Defendant Marcus Hutchins created the Kronos malware… [and] in or around August 2014, on an internet forum, [the] defendant… offered to sell the ‘Kronos Banking Trojan' for $3,000."
It adds that he also advertised the availability of the Kronos malware on the AlphaBay market forum in April 2015, and sold a version of the malware for $2,000 "in digital currency" in June 2015. It also accuses Hutchins of offering "cryptying [sic] services for Kronos".
I refuse to believe the charges against @MalwareTechBlog, not the MT I know at all. He spent his career stopping malware, not writing it.— Andrew Mabbitt (@MabbsSec) August 3, 2017
The arrest was first reported by Motherboard, which suggested that he was taken to the Henderson Detention Center for questioning, before being moved.
An acquaintance of Hutchins, Andrew Mabbitt, founder of Fidus Information Security, subsequently confirmed the arrest and added that he was trying to hire a lawyer on his behalf, after locating him at the FBI's Las Vegas, Nevada field office. The CEO of Kryptos Logic, Hutchins' employer, he noted, had "been as useful as a chocolate teapot".
Security researcher Hutchins had brought the WannaCry ransomware to a halt after registering the domain of a URL that the malware was programmed to contact. A rudimentary means of ascertaining whether it was being examined in a ‘sand box', the registration caused the ransomware to shut down. µ
More wise words from Mountain View
Firm failed to say that launch prices were only an 'introductory offer'
We think we all have an airbag problem
Give us a break