The British security researcher who stopped a global ransomware attack admitted to police that he wrote the code of a malware that targeted bank accounts, US prosecutors said during a hearing on Friday, but his attorneys said that he planned to plead not guilty.
Marcus Hutchins, the 23-year-old hailed as a hero for stopping the WannaCry ransomware attack, is accused of helping to create, spread and maintain the banking trojan Kronos between 2014 and 2015 and is facing six counts of hacking-related charges from the US Department of Justice (DoJ), according to a recently unsealed indictment.
A judge ruled on Friday that Hutchins — who had been in Las Vegas for the annual Def Con hacking conference — could be released on $30,000 bail. The judge said the defendant was not a danger to the community nor a flight risk and ordered him to remain in the US with GPS monitoring.
Dan Cowhig, the prosecutor, argued in federal court that Hutchins should not be freed because he is a “danger to the public,” adding: “He admitted he was the author of the code of Kronos malware and indicated he sold it.”
As part of a sting operation, undercover officers had bought the code from Hutchins and his co-defendant, who is still at large, Cowhig said in court. The prosecutor said there is also evidence from chat logs between Hutchins and the co-defendant, revealing that Hutchins complained about the money he received for the sale.
After the hearing, Adrian Lobo, Hutchins’ defense attorney, said: “We intend to fight the case.”
She added: “He has dedicated his life to researching malware, not to trying to harm people.”
The attorney also told reporters that Hutchins’ supporters were raising money for his bond and that he should be released on Monday.
“He has tremendous community support, local and abroad and in the…