Cyber expert who stopped 'WannaCry' attack arrested in US on hacking charges

SAN FRANCISCO, Aug 3 (Reuters) - A cyber security researcher widely credited with helping to neutralize the global "WannaCry" ransomware attack earlier this year has been arrested on unrelated hacking charges, according to court documents unsealed on Thursday.

Marcus Hutchins, a British-based malware researcher who gained attention for detecting a "kill switch" that effectively disabled the WannaCry worm in May, was detained by the FBI in Las Vegas on Wednesday, a U.S. Justice Department spokesman said, just days after he and tens of thousands of hackers descended on the city for the annual Black Hat and Def Con conventions.

An indictment filed in a U.S. District Court in Wisconsin accused Hutchins, also known online as "MalwareTech," of advertising, distributing and profiting from malware code known as "Kronos" that stole online banking credentials and credit card data. Hutchins' alleged activity took place between July 2014 and July 2015, according to the indictment.

8 PHOTOS
Marcus Hutchins -- credited with helping to neutralize the 'WannaCry' ransomware attack
See Gallery
Marcus Hutchins -- credited with helping to neutralize the 'WannaCry' ransomware attack
Marcus Hutchins, digital security researcher for Kryptos Logic, poses for a photograph in front of his computer in his bedroom in Ilfracombe, U.K., on Tuesday, July 4, 2017. Hutchins, the 23-year-old who saved the world from a devastating cyberattack in May was asleep in his bed in the English seaside town of Ilfracombe last week after a night of partying when another online extortion campaign spread across the globe. Photographer: Chris Ratcliffe/Bloomberg via Getty Images
A screenshot shows a WannaCry ransomware demand, provided by cyber security firm Symantec, in Mountain View, California, U.S. May 15, 2017. Courtesy of Symantec/Handout via REUTERS ATTENTION EDITORS - THIS IMAGE WAS PROVIDED BY A THIRD PARTY. EDITORIAL USE ONLY. NO RESALES. NO ARCHIVE.?
Marcus Hutchins, digital security researcher for Kryptos Logic, poses for a photograph in front of his computer in his bedroom in Ilfracombe, U.K., on Tuesday, July 4, 2017. Hutchins, the 23-year-old who saved the world from a devastating cyberattack in May was asleep in his bed in the English seaside town of Ilfracombe last week after a night of partying when another online extortion campaign spread across the globe. Photographer: Chris Ratcliffe/Bloomberg via Getty Images
Marcus Hutchins, digital security researcher for Kryptos Logic, poses for a photograph on Tunnels Beaches in Ilfracombe, U.K., on Tuesday, July 4, 2017. Hutchins, the 23-year-old who saved the world from a devastating cyberattack in May was asleep in his bed in the English seaside town of Ilfracombe last week after a night of partying when another online extortion campaign spread across the globe. Photographer: Chris Ratcliffe/Bloomberg via Getty Images
Marcus Hutchins, digital security researcher for Kryptos Logic, works on a computer in his bedroom in Ilfracombe, U.K., on Tuesday, July 4, 2017. Hutchins, the 23-year-old who saved the world from a devastating cyberattack in May was asleep in his bed in the English seaside town of Ilfracombe last week after a night of partying when another online extortion campaign spread across the globe. Photographer: Chris Ratcliffe/Bloomberg via Getty Images
Marcus Hutchins, digital security researcher for Kryptos Logic, walks along Tunnels Beaches in Ilfracombe, U.K., on Tuesday, July 4, 2017. Hutchins, the 23-year-old who saved the world from a devastating cyberattack in May was asleep in his bed in the English seaside town of Ilfracombe last week after a night of partying when another online extortion campaign spread across the globe. Photographer: Chris Ratcliffe/Bloomberg via Getty Images
Marcus Hutchins, digital security researcher for Kryptos Logic, poses for a photograph in front of his computer in his bedroom in Ilfracombe, U.K., on Tuesday, July 4, 2017. Hutchins, the 23-year-old who saved the world from a devastating cyberattack in May was asleep in his bed in the English seaside town of Ilfracombe last week after a night of partying when another online extortion campaign spread across the globe. Photographer: Chris Ratcliffe/Bloomberg via Getty Images
HIDE CAPTION
SHOW CAPTION
of
SEE ALL
BACK TO SLIDE

Hutchins, who faces six counts related to Kronos, was indicted along with an unnamed co-defendant on July 12, but the case remained under seal until Thursday, a day after his arrest.

Kronos malware downloaded from email attachments left victims' systems vulnerable to theft of banking and credit card credentials, which could have been used to siphon money from bank accounts.

The indictment alleges that the unidentified co-defendant advertised the Kronos malware on AlphaBay, a dark web marketplace that international authorities took offline last month. Investigators said the site allowed anonymous users to facilitate global trade in drugs, firearms, hacking tools and other illicit goods.

The Justice Department said Kronos was used to steal banking systems credentials in Canada, Germany, Poland, France, the United Kingdom and other countries.

Within the cyber security community, Hutchins was heralded as a folk hero for his apparent role in stopping the WannaCry attack, which infected hundreds of thousands of computers and caused disruptions at car factories, hospitals, shops and schools in more than 150 countries.

A Justice Department official said his arrest was unrelated to WannaCry.

Reuters was unable to immediately reach Hutchins or an attorney representing him.

Andrew Mabbitt, founder of cyber firm Fidus Information Security, said on Twitter that he was working to obtain a lawyer for Hutchins because he lacked legal representation. Mabbitt did not respond to a request for further comment.

"I refuse to believe the charges against @MalwareTechBlog," Mabbitt said on Twitter.

"He spent his career stopping malware, not writing it."

Hutchins' arrest was first reported by the security website Motherboard.

(Reporting by Dustin Volz, additional reporting by Joseph Menn and Eric Auchard; editing by Steve Orlofsky and G Crosse)

Read Full Story