© 2023 Kansas City Public Radio
NPR in Kansas City
Play Live Radio
Next Up:
0:00 0:00
Available On Air Stations

Feds Arrest Man Credited With Helping To Stop Ransomware Attack

Marcus Hutchins, seen in May when he was credited with hobbling the WannaCry attack. Now, U.S. authorities have arrested him for allegedly creating and distributing banking malware.
Frank Augstein

Marcus Hutchins' Twitter account suddenly went quiet a day ago when the FBI took him into custody in Las Vegas on Wednesday. The 23-year-old British citizen — who was praised earlier this year when he was credited with helping to control a global ransomware attack — was in town attending the Black Hat and DefCon cybersecurity conferences.

According to a court document and a statement from the U.S. Department of Justice, he's accused of creating and distributing a malware program called Kronos. It's designed to steal banking log in information and other financial data from infected computers.

The Justice Department statement said "following a two-year long investigation, a federal grand jury returned a six-count indictment against Marcus Hutchins, also known as "Malwaretech," for his role in creating and distributing the Kronos banking Trojan." The indictments were handed down in the Eastern District of Wisconsin.

The British researcher is charged with one count of conspiracy to commit computer fraud and abuse, three counts of distributing and advertising an electronic communication interception device, one count of endeavoring to intercept electronic communications, and one count of attempting to access a computer without authorization.

The alleged crime happened between July 2014 and July 2015.

But Hutchins is known as a hacker whose career has been dedicated to stopping cyber attacks, not committing them.

He grew famous in May when he was credited with finding a "kill switch" on a malware program called WannaCry that threatened over 150 countries. The program would infect computers, lock them up and demand ransom to restore the information. The U.K.'s National Health Service was among the victims. Hutchins is a self-described "accidental hero" and fellow researchers expressed shock and disbelief at the accusations.

Andrew Mabbit, founder of cyber firm Fidus Information Security, said on Twitter that he was trying to find Hutchins a lawyer and would soon be crowdfunding cash for his legal representation.

"I refuse to believe the charges against @MalwareTechBlog," Mabbitt said, referring to Hutchins' Twitter handle. "He spent his career stopping malware, not writing it."

Mabbitt didn't respond to a request for comment.

Another researcher Kevin Beaumont tweeted that the Department of Justice had made a "huge mistake."

Beaumont tweeted that Hutchins' business is to infiltrate malware like Kronos, monitor them and sell that data to law enforcement.

Copyright 2020 NPR. To see more, visit https://www.npr.org.

Leila Fadel is a national correspondent for NPR based in Los Angeles, covering issues of culture, diversity, and race.
KCUR serves the Kansas City region with breaking news and powerful storytelling.
Your donation helps make nonprofit journalism available for everyone.