FBI Arrests UK Security Researcher Who Found WannaCry Killswitch
Security researcher Marcus Hutchins, also known as @MalwareTechBlog, has been arrested by the FBI in Las Vegas for his alleged “role in creating and distributing the Kronos banking Trojan,” according to a spokesperson from the U.S. Department of Justice.
The 22-year old British citizen was in Nevada attending the DEF CON hacking conference, held last week in Las Vegas and was reportedly getting ready to head home when he was arrested.
The FBI’s charges are apparently related to actions occurring between July 2014 and July 2015, during which time Hutchins allegedly created the Kronos malware and aided in its spread online, according to a six-count indictment returned against Hutchins on July 12, 2017 by the Eastern District of Wisconsin. The indictment was unsealed at the time of his arrest.
Hutchins’ arrest was first reported by Motherboard.
Hutchins, who is a malware researcher at the Kryptos Logic security firm, became an overnight hero in May when he slowed WannaCry’s spread by accidentally activating a kill switch for the ransomware. Hutchins critically slowed the spread of the malware when he registered a domain for a DNS sinkhole found in the virus’s code.
Until that point, the WannaCry ransomware attack had spread like wildfire through vulnerable Windows machines across the globe late last week, infecting over 230,000 machines in 150 countries and blocking users from their data unless they agreed to pay approximately $300 in Bitcoin. Victims of the ransomware’s indiscriminate spread included Telefonica, a major Spanish telecom company, major parts of Britain’s National Health Service (NHS), FedEx, Deutsche Bank, and hundreds of targets in Russia and China.
Many of Hutchins’ fellow InfoSec professionals are incredulous about his arrest. Andrew Mabbitt, the founder of Fibus Information Security, who attended DEF CON with Hutchins, says he does not believe the charges against him.
I refuse to believe the charges against @MalwareTechBlog, not the MT I know at all. He spent his career stopping malware, not writing it.
— Andrew Mabbitt (@MabbsSec) August 3, 2017