Marcus Hutchins, a Briton, and author of the popular blog Malware Tech who found the ‘kill-switch’ to halt the WannaCry ransomware in May this year was arrested by FBI in Las Vegas. He was there to attend the annual DefCon event of security researchers. Joseph Cox of the VICE first broke the news in an early morning Tweet on Aug 3.
Andrew Mabbitt, a hacker who was accompanying Marcus on their way to Vegas also tweeted.
Finally located @MalwareTechBlog, he's in the Las Vegas FBI field office. Can anyone provide legal representation?
— Andrew Mabbitt (@MabbsSec) August 3, 2017
According to the last reports, Andrew was trying to source letters of recommendation from cyber security colleagues to help Marcus be granted bail. He was also trying to set-up a crowdfunding campaign to post $30,000 bond to apply bail for Marcus. He’s also collecting legal defense donations for Marcus on LawPay.
How The Events Unfolded?
As per the Tweets and chronology of events, it seems that Marcus was arrested in the wee hours of Aug 3 in a sting operation by FBI. According to the prosecutor, Dan Cowhig, Marcus admitted having created Kronos, a malware that collects bank details.
“He admitted he was the author of the code of Kronos malware and indicated he sold it,” Mr. Cowhig said. It is alleged that FBI’s undercover cops bought the code of the malware.
July 2014 and July 2015
The sting operation that resulted in the detention of Marcus relates to charges against him that dates back to July 2014 and July 2015. As the charges were related to the two-years old time period, the District judge Nancy Koppe ordered that Marcus may be released on a $30K bond.
The next hearing for the case will take place on coming Tuesday. Marcus’s employer, Los Angeles-based computer security firm Kryptos Logic will also join the proceedings.
In May this year, we reported how Marcus, who also runs malware research blog ‘Malware Tech’, found the kill switch of WannaCry ransomware. The malware hit 100s of countries with U.K’s NHS being the hardest hit. The ransomware infected 48 of the 248 NHS trusts in England. If it was not for Marcus to notice the unregistered domain through which the malware was executed, things could have gone dirty for thousands of NHS hospitals and trusts.
While there’s another co-defendant with Marcus who’s been charged by the FBI, it seems that the security researcher will have to spend some time in the US to clear the case.
The cyber security researchers and the hacker community was surprised by FBI’s move to detain Marcus. There were a lot of speculations as to what Marcus (Malware Tech) was doing while on his trip to Vegas. The speculations were laid to rest when his colleague, Andrew, posted a note on his Twitter account stating that Marcus takes away a six-figure salary and wouldn’t need to sell 2,000 dollars (£1,522) worth of malware.
— Andrew Mabbitt (@MabbsSec) August 5, 2017
Note: The news regarding Marcus’s arrest will be updated on Wednesday when we’ll have the latest status on the outcome of his release on Monday, and the planned hearing on Tuesday.