Andy Dean - Fotolia

WannaCry hero Marcus Hutchins under house arrest

Briton, 23, pleads not guilty to charges of writing and distributing malware

British security researcher Marcus Hutchins is under house arrest in the US after appearing in court in Milwaukee, Wisconsin, and pleading not guilty to six charges of helping to develop and maintain the password-stealing malware Kronos between July 2014 and July 2015.

The trial has been scheduled for October. Until then, Hutchins is not allowed to leave the US and is being monitored using a GPR tracking device.

While under house arrest, he is allowed to work and use the internet, but is not allowed to access the server that he used to stop the spread of the global WannaCry ransomware attacks in May 2017.

His first tweet @MalwareTechBlog since his arrest in Las Vegas on 3 August was a joke list of “things to do” while attending the Defcon security conference, including “Be indicted by the FBI” alongside “Attend parties” and “Visit red rock canyon”.

Hutchins, who lives in Ilfracombe, Devon but works for Los Angeles-based cyber security firm Kryptos Logic, then thanked his supporters and said that under the circumstances, his jokes are all he has.

After his arrest, the cyber security research community rallied to support Hutchins. In London, a small group of computer experts, students and campaigners gather on 9 August 2017 to discuss ways to support Hutchins, who, if convicted, faces a lengthy prison sentence.

“There’s a lot of people I’d like to thank for amazing support over the past 11 days, which I will do when I get a chance to publish my blog,” Hutchins tweeted.

“I’m still on trial, still not allowed to go home, still on house arrest; but now I am allowed online. Will get my computers back soon.

“For a change I’d actually like to not be making jokes, but I can’t talk about my case or what I’ve been through, so they’re all I got. :(.”

Read more about WannaCry

  • The National Crime Agency believes the recent WannaCry attacks represent a “signal moment” in terms of awareness of cyber attacks and their real-world impact.
  • Computers running Windows 7 accounted for the biggest proportion of machines infected with the WannaCry ransomware, while NHS suppliers are blamed for hampering patching by NHS trusts.
  • Security advisers are urging organisations to patch their Windows systems to avert a possible second wave of an unprecedented, indiscriminate ransomware attack.
  • A failure by many organisations to take cyber security seriously has long been blamed on the lack of a single significant event to shake things up.

A six-count indictment against Hutchins and another, as-yet unnamed, individual was filed on 12 July 2017, but made public only after his arrest, which comes after a two-year FBI investigation.

According to the indictment, Kronos was designed to steal online banking credentials to enable those behind the malware to drain victims’ bank accounts.

Since it was created, Kronos is thought to have stolen user credentials associated with banking systems in several countries, including the UK, Canada, Germany, Poland, France and India.

Hutchins was arrested at Las Vegas airport as he prepared to return to the UK after attending Defcon and other security conferences, and was released on $30,000 bail after spending the weekend in detention.

He faces one count of conspiracy to commit computer fraud and abuse, three counts of distributing and advertising an electronic communication interception device, one count of endeavouring to intercept electronic communications, and one count of attempting to access a computer without authorisation.

His arrest came just weeks after he was hailed as a hero for discovering that WannaCry was connecting to an unregistered domain, which he then registered and took control of to stop the ransomware worm from spreading.

“Marcus Hutchins is a brilliant young man and a hero,” Marcia Hoffman, one of his lawyers, said outside the court after the hearing, reports The Guardian. “He is going to vigorously defend himself against these charges and when the evidence comes to light, we are confident he will be fully vindicated.”

Supporters have set up a crowdfunding campaign to raise money for Hutchins’ legal fees. .......................................................................... ........................................................................................

Read more on Hackers and cybercrime prevention