Marcus Hutchins, the British cybersecurity researcher credited with stopping a worldwide ransomware attack in May, pleaded not guilty Monday to unrelated federal charges of creating and distributing his own well-known banking malware.
Hutchins, 23, of Ilfracombe, England, better known by the alias MalwareTech, could face as many as 40 years in prison if he's convicted on all six counts in the federal indictment (PDF), which accuses him of having created the notorious banking malware Kronos and of having conspired with an unidentified co-defendant to commit computer fraud beginning in July 2014.
Prosecutors haven't explained why Hutchins is being prosecuted in Wisconsin, and the grand jury indictment doesn't clarify matters much further, saying only that some of the alleged offenses occurred in Wisconsin "and elsewhere."
Hutchins remains free on $30,000 bail pending his next scheduled court appearance on Oct. 17. U.S. Magistrate Judge William E. Duffin loosened some of Hutchins' bail restrictions, allowing him to relocate to Los Angeles, near his legal team, and to resume using computers for work. He had been barred from using internet-connected devices after he was arrested Aug. 2 in Las Vegas, where he was attending the Black Hat and Def Con hacking conferences.
Hutchins had no comment as he left court, telling reporters only, "Thank you." But he resumed tweeting Monday evening, noting drily that "a few more issues need sorting out" before he can resume his normal routine.
Hoping I will be able to get back to working soon, but still a few more issues need sorting out.— MalwareTech (@MalwareTechBlog) August 14, 2017
Marcia Hoffman, an attorney for Hutchins, told reporters after the hearing that her client "will be fully vindicated."
"Marcus Hutchins is a brilliant young man and a hero," she said.
Hutchins is considered a hero because he is "MalwareTech," the once-mysterious white-hat hacker who discovered a "kill switch" for the WannaCry ransomware attack, which swept the globe in May. The so-called cryptoworm paralyzed computers running older versions of Microsoft Windows by encrypting users' files and demanding $300 to $600 to release them.
But the indictment paints Hutchins as something else altogether, describing him as a black-hat hacker who personally created Kronos — which it said "recorded and exfiltrated user credentials and personally identifying information from protected computers."
In an analysis in 2014, IBM researchers said Kronos — which went for $7,000 on the Russian underground market — worked by stealing the usernames and passwords of online banking customers, which could then be used to break into their accounts. It also featured special code that would prompt users to type in other highly sensitive information, like PIN numbers and security questions and answers.