The 23-year-old cybersecurity expert, Marcus Hutchins (@Malwaretech on Twitter), who made headlines for identifying the kill switch for the nasty WannaCry ransomware attack preventing it from further spread has been charged in the United States for creating Kronos banking malware.
In total, Hutchins has been charged with six counts of developing and distributing Kronos malware that stole banking credentials from users around the world including the United States between 2014 and 2015.
According to federal court documents seen by The Washington Post, hours after his arrest in August 2017, Hutchins called an unidentified individual from the jailhouse accepting he wrote the code that was later incorporated with the banking malware – The call was recorded and its transcript was part of the court documents.
“So I wrote code for a guy a while back who then incorporated it into a banking malware, so they have logs of that, and essentially they want to know my part of the banking operation or if I just sold the code onto some guy then they wanted me to, once then found I sold the code to someone, they wanted me to give them his name, and I don’t actually know anything about him,” said Hutchins in the call.
In the call, Hutchins also said that logs of an online chat showed he had given software called ‘compiled binary’ of the code to someone ‘to repay a debt’ of about $5,000 who later used the code for banking malware. This happened when the WannaCry hero was 18 years old.
On the other hand, Hutchins has denied all the charges meanwhile his defense lawyers maintain the call is inadmissible as evidence as he had been “coerced” by investigators.
Hutchins was arrested while visiting the United States in August 2017 to attend DefCon and BlackHat hacking conference in Las Vegas. On the day of his departure back to London, the Federal Bureau of Investigation (FBI) arrested and accused him of developing the Kronos malware.
Hutchins not only helped to halt the WannaCry ransomware attack but also identified its kill switch domain of the nasty attack that infected over 300,000 Windows-based computers in more than 150 countries.
Although Kronos malware and WannaCry attacks are unrelated The Sunday Times confirmed that British intelligence knew Hutchins would be arrested by the FBI.
Hutchins plans to appeal for the call transcript and post-arrest statements to be suppressed from legal proceedings at a hearing on Wednesday. However, if convicted of all charges Hutchins could face years in prison.
I will confess that I was unaware registering the domain would stop the malware until after i registered it, so initially it was accidental.
— MalwareTech (@MalwareTechBlog) May 13, 2017
At the moment he is living in California and is not allowed to return to the United Kingdom. He is also barred from accessing the “Kill Switch” he created to stop WannaCry ransomware.