'WANNACRY HERO' Marcus Hutchins is to face new charges alleging that he was behind a second malware tool and that he lied to the FBI.
The latest charges claim that Hutchins was responsible for coding the UPAS Kit malware and for selling sold the code to an associate with the alias VinnyK who, the prosecutors claim, was located in Wisconsin. It was subsequently advertised on Russian cybercrime forums as "an advanced rootkit" similar to SpyEye and Zeus, written in C++.
Among the 10 counts, it is also claimed that Hutchins lied to the FBI under questioning following his arrest in August. Hutchins has already suggested that he was not in a fit state to be questioned when he was arrested.
Hutchins, also known as MalwareTech, has described the charges as "bullshit". He tweeted: "Spend months and $100k+ fighting this case, then they go and reset the clock by adding even more bullshit charges like ‘lying to the FBI'."
However, the new charges are not only outside the usual five-year statute of limitations, Hutchins would have been a minor - under 18 - at the time.
In a blog post, civil liberties journalist Marcy Wheeler, who tweets under the moniker @emptywheel, described the new charges as an attempt by the FBI to rescue a flailing case.
"When last we checked in on the MalwareTech (Marcus Hutchins) case, both FBI agents involved in his arrest had shown different kinds of unreliability on the stand and in their written assertions…
"Hutchins' defence had raised a slew of legal challenges that, together, showed the government stretching to use wiretapping and CFAA [Computer Fraud and Abuse Act] statutes to encompass writing code so as to include Hutchins in the charges.
"It looked like the magistrate in the case, Nancy Joseph, might start throwing out some of the government's more expansive legal theories."
Wheeler adds that VinnyK, who is the source of the FBI's claims, is nevertheless not facing charges of any kind. He was intercepted by the organisation when he unknowingly sold copies of Kronos to an FBI agent.
The charges of lying to the FBI, meanwhile, relate to his denials about knowing that code that he had written had been incorporated into the Kronos malware, over which he was arrested in August.
Hutchins, meanwhile, has renewed his request for contributions to his legal defence fund, with the new charges effectively enabling the FBI to prosecute him a second time around.
His lawyer, meanwhile, described the new charges as "meritless", adding: "It only serves to highlight the prosecution's serious flaws. We expect [Hutchins] to be vindicated and then he can return to keeping us all safe from malicious software." µ
Chinese firm's week has somehow got worse
Software issue plagues early adopters
Security researcher makes good on her promise
Artificial artificial intelligence