FBI arrests 'WannaCry' accidental hero

11:14 am on 4 August 2017

The researcher credited with disabling the "WannaCry" global cyber attack has been arrested by the FBI on unrelated charges of conspiring to advertise and sell malicious software.

cyber attack

cyber attack Photo: 123RF

Marcus Hutchins, a Britain-based malware researcher who gained attention for detecting a "kill switch" that effectively disabled the WannaCry virus in May, was detained by the FBI in Las Vegas on Wednesday, a US Justice Department spokesman said.

That was just days after he and tens of thousands of hackers descended on the city for the annual Black Hat and Def Con conventions.

An indictment filed in a US District Court in Wisconsin accused Mr Hutchins, known online as MalwareTech, of advertising, distributing and profiting from malware code known as Kronos that stole online banking credentials and credit card data.

Mr Hutchins' alleged activity took place between July 2014 and July 2015, according to the indictment unsealed on Thursday.

He faces six counts related to Kronos, and was indicted along with an unnamed co-defendant on 12 July, but the case remained under seal until Thursday - a day after his arrest.

Kronos malware downloaded from email attachments left victims' systems vulnerable to theft of banking and credit card credentials, which could have been used to siphon money from bank accounts.

The indictment alleges that the unidentified co-defendant advertised the Kronos malware on AlphaBay, a dark web marketplace that international authorities took offline last month.

Investigators said the site allowed anonymous users to trade globally in drugs, firearms, hacking tools and other illicit goods.

The Justice Department said Kronos was used to steal banking systems credentials in Canada, Germany, Poland, France, the United Kingdom and other countries.

The WannaCry virus locked up more than 460,000 computers in more than 150 countries, including the UK's National Health Service, offering to unlock them in exchange for Bitcoin payments.

Mr Hutchins said he had accidentally managed to temporarily halt the spread of the virus, after he noticed it was searching for a web address that had not been registered.

He then bought the domain name for about $10 and found that by registering it triggered a kill switch that temporarily stopped the worm's spread.

A Justice Department official said his arrest was unrelated to WannaCry.

Reuters was unable to immediately reach Hutchins or an attorney representing him.

Andrew Mabbitt, founder of cyber firm Fidus Information Security, said on Twitter that he was working to obtain a lawyer for Mr Hutchins, who he said lacked legal representation.

Mr Mabbitt did not respond to a request for further comment.

"I refuse to believe the charges against @MalwareTechBlog," Mr Mabbitt said on Twitter.

"He spent his career stopping malware, not writing it."

Mr Hutchins' arrest was first reported by Vice Media website Motherboard.

- Reuters

Get the RNZ app

for ad-free news and current affairs