Information security experts are expressing surprise and dismay at yesterday’s FBI arrest of Marcus Hutchins, aka “MalwareTech,” the young U.K. researcher whose actions in May found the kill switch to the WannaCry ransomware attack that crippled tens of thousands of computer systems across the U.K., Russia, Ukraine, and many other countries.
Hutchins and an unnamed co-defendant were charged in connection with the creation and distribution of Kronos, malware that first appeared in 2014 and targets banking Web sites. Hutchins was arrested yesterday in Las Vegas as he was preparing to return home after attending the Defcon and Black Hat security conferences.
The U.S. Department of Justice filed its indictment against Hutchins and the other defendant on July 12. A week later, the agency shut down and seized AlphaBay, a dark Web marketplace on which Kronos had been offered for sale.
On the same day Hutchins was arrested, the hacker or hackers responsible for the WannaCry attack also apparently moved their Bitcoin ransom payments to other accounts, records show. According to the latest information posted by sources on Twitter, Hutchins is currently being held in custody at the FBI field office in Las Vegas.
‘Pushing the Envelope’
The grand jury indictment against Hutchins and the other defendant charges the two with conspiracy to commit computer fraud and abuse, endeavoring to intercept electronic communications, attempting to access a computer without authorization, and three counts of distributing and advertising an electronic communication interception device.
According to the indictment, between July 2014 and July 2015, Hutchins and the other defendant “knowingly conspired and agreed with each other to commit an offense against the United States, namely, to knowingly cause the transmission of a program, information, code, and command and as a result of such conduct, intentionally cause damage without authorization, to 10 or more protected computers…