weyo - Fotolia

GCHQ knew WannaCry hero risked arrests by travelling to the US

UK intelligence officials were reportedly aware that security researcher Marcus Hutchins risked arrest by travelling to the US to attend a series of cyber security conferences

Hutchins was arrested in Las Vegas on 2 August as he prepared to return home to Ilfracombe in Devon on charges of creating and distributing the banking malware Kronos.

The 23-year-old Brit rose to prominence just 11 weeks before and was hailed as a hero for working with GCHQ to halt the global WannaCry ransomware attack that heavily affected the NHS in the UK.

It has now emerged that GCHQ officials knew about the FBI investigation that led to the arrest before he travelled to the US and that the arrest effectively saved UK authorities from the “headache of an extradition battle” with their closest ally, according to the Sunday Times.

Hutchins, also known as MalwareTech, has no criminal history but now faces six charges related to the creation and distribution of the credential-stealing Kronos malware between July 2014 and July 2015, and up to 40 years in prison if convicted.

He is currently under house arrest and GPS monitoring after appearing in court in Milwaukee, Wisconsin on 14 August and pleading not guilty to all charges.

The trial has been scheduled for October. Until then, Hutchins will remain under house arrest, but will be allowed to work and use the internet. However, he is not allowed to access the server that he used to stop the spread of the global WannaCry ransomware attacks in May 2017.

Hutchins is reportedly expected to live in Los Angeles while awaiting his trial. Supporters have set up a crowdfunding campaign to raise money for Hutchins’ legal fees.

“Marcus Hutchins is a brilliant young man and a hero,” Marcia Hoffman, one of his lawyers, said outside the court after the hearing. “He is going to vigorously defend himself against these charges and, when the evidence comes to light, we are confident he will be fully vindicated.”

Hutchins’ arrest in the US appears to be a response to the failed attempts by the US to extradite Gary McKinnon to face charges of breaking into and damaging military computers.

Read more about WannaCry

  • The National Crime Agency believes the recent WannaCry attacks represent a “signal moment” in terms of awareness of cyber attacks and their real-world impact.
  • Computers running Windows 7 accounted for the biggest proportion of machines infected with the WannaCry ransomware, while NHS suppliers are blamed for hampering patching by NHS trusts.
  • Security advisers are urging organisations to patch their Windows systems to avert a possible second wave of an unprecedented, indiscriminate ransomware attack.
  • A failure by many organisations to take cyber security seriously has long been blamed on the lack of a single significant event to shake things up.

Glasgow-born McKinnon, now 51, had his extradition to the US blocked in October 2012 after a 10-year battle by Theresa May, then home secretary, on human rights grounds after medical reports said he was very likely to try to kill himself if extradited due to the vulnerable psychology caused by Asperger’s Syndrome, a form of autism.

Earlier this year, 32-year-old Laurie Love from Stradishall in Suffolk, who also has Asperger’s, won the right to appeal against his extradition to the US on hacking charges.  

Love is accused of hacking into key US institutions, including Nasa, the FBI and the Federal Reserve bank, as part of an online protest against the death of internet pioneer Aaron Swartz, following Swartz’s arrest and suicide in the US.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

This is truly one of the most disgusting stories I have heard in recent times involving GCHQ and HM Government.

If this man has actually committed an offence involving IT, then he has done so in the UK. It should not be surprising that we have legislation to deal with such offences here.   Why has Marcus Hutchins therefore been arrested in the US with apparent UK involvement? Why didn't our systems pick up the evidence that the Americans purport to have, and indicted this man using? Indeed, is there any evidence at all? 

Might it be that the US government is so embarrassed at their inability to keep their advanced cyber toy box under wraps, (thanks to the Shadow Brokers et al) that the US/NSA are now lashing out at anyone they can get their hands on?

Indeed, is it safe for anyone professionally involved in Cyber Security to even go to America now? Our government have proven themselves to be unreliable in such matters as the protection of UK citizens...but I suppose consular assistance in the USA would only be provided after our people have been incarcerated!
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close