A British-based cyber security researcher praised for helping stop a global attack earlier this year has been arrested and charged in the United States over an unrelated hacking case.
Marcus Hutchins was detained in Las Vegas and has been accused of involvement with malware known as Kronos, which stole online banking details and credit card data.
The 23-year-old from Devon in southwest England was greeted as a hero for apparently helping to stop the WannaCry attack, which caused widespread disruption – including in the UK’s health service.
The charges filed in Wisconsin allege he created and sold Kronos on internet forums. A US District Court accused Hutchins of advertising, distributing and profiting from malware code. A statement from the US Justice Department said his alleged activity took place between July 2014 and July 2015.
The Briton was charged along with an unnamed co-defendant on July 12, but the case remained under seal until Thursday, a day after his arrest. Hutchins’ detention was first reported by the security website Motherboard.
Hutchins appeared in court in Las Vegas on Thursday and reportedly showed no emotion as the charges were read out. A federal public defender told the judge he “had cooperated with the government prior to being charged”. The hearing was scheduled to continue on Friday afternoon.
Known online as “MalwareTech”, Hutchins tweeted about Kronos shortly after it was revealed, asking “Anyone got a Kronos sample?”.
Within the cyber community, Hutchins was heralded as a folk hero for detecting a “kill switch” that effectively prevented the WannaCry cyber-attack from spreading. The outbreak in May infected computers in factories, hospitals, shops and schools in over 150 countries.
Other cyber researchers have reacted with surprise, disbelief and scepticism at his arrest and the charges which have followed. “The government needs to show intent to further a crime,” said Orin Kerr, a professor at George Washington University Law School and expert on computer crime. “Merely creating a selling malware, on its own, isn’t enough.”