The security researcher credited with stopping the WannaCry ransomware outbreak in May, Marcus Hutchins, also known as MalwareTech, has been arrested by the FBI and indicted "for his role in creating and distributing the Kronos banking Trojan", according to the US Department of Justice (DoJ).
Hutchins, who works for works for security research outfit Kryptos Logic but is better known by his Twitter moniker @MalwareTechBlog, was arrested at the airport in Las Vegas as he sought to board a plane home.
The DoJ statement continued: "The charges against Hutchins, and for which he was arrested, relate to alleged conduct that occurred between in or around July 2014 and July 2015."
The UK's National Cyber Security Centre is aware of the situation, according to the BBC, while a spokesman for the Foreign and Commonwealth Office told Computing: "We are in touch with local authorities in Las Vegas following reports of a British man being arrested."
The DoJ indictment is dated 12 July and claims that he created the Kronos banking Trojan and sold it over hacking internet forums, including the AlphaBay ‘dark web' market, which was shut down this summer.
Salim (CEO) has been as useful as a chocolate teapot. No help there.— Andrew Mabbitt (@MabbsSec) August 3, 2017
Hutchins, 23, is a self-taught ‘white hat' hacker. Friends and acquaintances expressed surprise at the arrest and suggested that the FBI had made a colossal mistake.
Security architect Kevin Beaumont tweeted: "Kronos is a banking BOTNET. MalwareTech's business is *tracking* botnets," adding, "It looks like the US justice system has made a huge mistake."
This is Kronos builder, it looks like the US justice system has made a huge mistake. pic.twitter.com/2WGQVjFgED— Kevin Beaumont (@GossiTheDog) August 3, 2017
Beaumont also pointed out that Kronos was a Russian banking botnet, and it's unlikely that Hutchins is as proficient in Russian as he is at computing. However, the indictment also includes a conspirator whose identity has been redacted in the indictment.
Mabbitt, meanwhile, tweeted: "I refuse to believe the charges against @MalwareTechBlog, not the MT [MalwareTech] I know at all. He spent his career stopping malware, not writing it."
However, the indictment is quite clear in its accusations: "Defendant Marcus Hutchins created the Kronos malware… [and] in or around August 2014, on an internet forum, [the] defendant… offered to sell the ‘Kronos Banking Trojan' for $3,000."
It adds that he also advertised the availability of the Kronos malware on the AlphaBay market forum in April 2015, and sold a version of the malware for $2,000 "in digital currency" in June 2015. It also accuses Hutchins of offering "cryptying [sic] services for Kronos".
I refuse to believe the charges against @MalwareTechBlog, not the MT I know at all. He spent his career stopping malware, not writing it.— Andrew Mabbitt (@MabbsSec) August 3, 2017
The arrest was first reported by the tech news website Motherboard, which suggested that he was taken to the Henderson Detention Center for questioning, before being moved.
An acquaintance of Hutchins, Andrew Mabbitt, founder of Fidus Information Security, subsequently confirmed the arrest and added that he was trying to hire a lawyer on his behalf, after locating him at the FBI's Las Vegas, Nevada field office. The CEO of Kryptos Logic, Hutchins' employer, he noted, had "been as useful as a chocolate teapot".
Security researcher Hutchins had brought the WannaCry ransomware to a halt after registering the domain of a URL that the malware was programmed to contact. A rudimentary means of ascertaining whether it was being examined in a ‘sand box', the registration caused the ransomware to shut down.
Computing will update the story as new information comes in.
Computing's DevOps Summit returns on 19 September. Attendance is free to qualifying IT leaders and other senior IT professionals, but places will go fast, so secure yours now.
Some parts of Atacama have not received rainfall for 500 years - but a sudden deluge of water upset the Desert's delicate biological balance
Spitzer Space Telescope could not spot Oumuamua, suggesting that it is actually pretty small
Greenland crater one of the 25 largest impact craters on Earth
This long-sought progenitor star was identified in an image captured by Hubble in 2007