British Security Researcher Who Helped Stop WannaCry Attack Arrested in Las Vegas

Marcus Hutchins, who is accused of creating and selling malware, was widely credited earlier this year with stopping the WannaCry attack that seized hundreds of thousands of computers.
Frank Augstein/Associated Press

A British security researcher, who became an internet hero after he was credited with stopping a malicious software attack this year, was arrested at the Las Vegas airport and charged in connection with a separate attack.

Marcus Hutchins, the researcher, was widely praised for identifying a way to disable the WannaCry malicious software, or malware, attack that seized hundreds of thousands of computers this year. Researchers credited Mr. Hutchins’s discovery of a so-called kill switch in the malware for stopping its spread and preventing the attack from infecting millions more computers.

According to an indictment filed in federal court in Milwaukee that was unsealed on Thursday, Mr. Hutchins, 23, and an unidentified accomplice conspired to create and sell malware intended to steal login information and other financial data from online banking sites.

Mr. Hutchins created the software and his accomplice offered to sell the program, known as the Kronos banking Trojan, for $3,000 on an internet forum, the indictment said. The accomplice sold a version of the Kronos malware for $2,000 in June 2015. The indictment did not include details on how widely that malware was used, or much specific evidence of Mr. Hutchins’s involvement.

The Justice Department said in a statement that a federal grand jury returned a six-count indictment against Mr. Hutchins last month after a two-year investigation. It said that the Kronos malware was built to “harvest and transfer” user names and passwords from banking websites from an infected computer. Kronos, according to the Justice Department’s statement, has been configured to strike banking systems in a number of countries, including Canada, Germany, Poland, France and the United Kingdom.

When the Kronos malware was first advertised in underground Russian forums in 2014, the asking price of $7,000 indicated that the selling of malware was a lucrative business. Kronos was promoted as a hacking tool that could retrieve data including user names and passwords, A.T.M. PINs, and personal information useful in cracking security questions.

Earlier on Thursday, Motherboard reported that Mr. Hutchins had been detained at the Las Vegas airport after a week of attending both the Black Hat and Defcon security conferences. He had been scheduled to fly back to his home in the United Kingdom.

Click here to read more.

SOURCE: NY Times, Daisuke Wakabayashi