[Update: Indicted for Creating Banking Malware] FBI Detains the “Accidental Hero” Who Stopped WannaCry Outbreak
We just reported that criminals behind May's WannaCry ransomware outbreak have been emptying their bitcoin wallets. In another relevant news, the US authorities have detained a researcher who accidentally stopped the spread of the WannaCry ransomware.
Marcus Hutchins, the "accidental hero" detained by the FBI
Marcus Hutchins who goes by the handle of MalwareTechBlog on Twitter and is a researcher from a cybersecurity firm Kryptos Logic, stopped the WannaCry attack by registering a website domain that was included in the ransomware's code. The 23-year from south-west England has been dubbed an "accidental hero" for inadvertently activating a “kill switch” in the ransomware outbreak that wreaked havoc on businesses globally in May this year.
According to Motherboard, the US authorities have now detained Hutchins but it isn't clear on what charges. When contacted by the publication, a US Marshals spokesperson said that "this was an FBI arrest" and that "Mr. Hutchins is not in U.S. Marshals custody".
Hutchins was held at the Henderson Detention Center in Nevada early on Thursday but has been moved to another facility now. His friends "tried to visit him as soon as the detention centre opened but he had already been transferred out". Talking to Motherboard, they added:
"I've spoken to the US Marshals again and they say they have no record of Marcus being in the system. At this point we've been trying to get in contact with Marcus for 18 hours and nobody knows where he's been taken," the person added. "We still don't know why Marcus has been arrested and now we have no idea where in the US he's been taken to and we're extremely concerned for his welfare."
While the FBI is yet to comment on the story, the UK's National Crime Agency has said that it's aware that a "UK national has been arrested but it's a matter for the authorities in the US".
Hutchins was in the country for the Black Hat and the Def Con hacking conferences.
[Update]: Arrested for allegedly creating banking malware
Spokesperson for the US Department of Justice has said that Hutchins was arrested for "his role in creating and distributing the Kronos banking Trojan," between July 2014 and July 2015. Kronos malware was designed to steal banking credentials.
"Defendant MARCUS HUTCHINS created the Kronos malware," the indictment (shared below) claims. The indictment alleges that the security researcher advertised Kronos on internet forums and sold the malware. The indictment also mentions an "overt act" taken by the Hutchins and a second defendant by creating a video explaining how Kronos works.
The indictment alleges that on April 29, 2015, the defendants sold and advertised the Kronos malware on the AlphaBay dark web marketplace that was recently taken down by the law enforcement agencies. In one instance, the indictment claims, the defendants sold Kronos for $2,000 in digital currency.
Hutchins' friends and family still haven't been able to speak with him. (Latest coverage here)