Man Called Cyberattack Hero Faces Charges He Created Malware

Man Called Cyberattack Hero Faces Charges He Created Malware
Fotolia

A self-taught computer-security researcher, credited with stopping a devastating cyberattack that crippled British hospitals in May, was arrested on charges that he created malware used to hack banking systems in Canada and Europe, according to Bloomberg.

Marcus Hutchins, who started blogging under the pseudonym MalwareTech when he was a teenager, was arrested in Las Vegas. He was indicted in July on several charges of computer misconduct relating to the creation and distribution of the Kronos banking Trojan. “We are aware of the situation. This is a law enforcement matter and it would be inappropriate to comment further,“ the U.K. National Cyber Security Centre said in a statement.

Hutchins’ arrest came as a shock to the cybersecurity industry, which was coming off its biggest week of the year at the Black Hat and Def Con conferences in Las Vegas, which Hutchins had attended. Among white-hat security researchers Hutchins was a hero. They hailed his quick thinking in neutralizing the WannaCry ransomware just hours into a fast-spreading attack in May that threatened not just computer systems but also potentially lives.

According to federal investigators, in 2014 and 2015, more than a year before the WannaCry outbreak, Hutchins wrote the Kronos malware, advertised it for sale in online hacker forums and split thousands of dollars in profits with at least one other defendant, whose name was redacted in the indictment. While Kronos is one of many widely used forms of banking Trojans, Hutchins is accused of being a supplier, and not actually hacking people’s computers to install the malware.

The arrest appears linked to the FBI’s shutdown of a notorious online criminal marketplace called AlphaBay, where Hutchins is accused of selling the Kronos malware. The Justice Department announced late last month that it had dismantled the site, which it said had 200,000 users and 40,000 sellers. The site had hundreds of thousands of listings for drugs, guns, fake IDs and hacker tools. The alleged founder, a 26-year-old Canadian living in Thailand named Alexandre Cazes, was found dead in his jail cell shortly after his arrest, in an apparent suicide.

His arrest coincides with a conclusion of sorts for the WannaCry attacks. On Thursday, three bitcoin wallets linked to the malware were emptied out, with the tokens divided into smaller amounts and sent to other bitcoin addresses. The wallets held a combined 52 BTC, or about $140,000.