You either die a hero or live long enough to become the villain, I guess. A blogger and security researcher who was described as a “hero” for his work in stopping the WannaCry ransomware which plagued PCs earlier this year has been arrested for creating other malware.
22-year-old Marcus Hutchins, who runs a security blog called MalwareTech, was arrested in Las Vegas for “his role in creating and distributing the Kronos banking Trojan.”
The Kronos malware spread through compromised Word documents and similar email attachments, and then hijacked credentials such as Internet banking details.
Hutchins was credited with helping to stop the WannaCry malware in its tracks by identifying a so-called ‘killswitch’ in the malware. At the time, he told The Guardian that his identification of the weak spot in the malicious software was a pretty casual thing.
I was out having lunch with a friend and got back about 3pm and saw an influx of news articles about the NHS and various UK organisations being hit.
I had a bit of a look into that and then I found a sample of the malware behind it, and saw that it was connecting out to a specific domain, which was not registered. So I picked it up not knowing what it did at the time.
I will confess that I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental. So I can only add ‘accidentally stopped an international cyber-attack’ to my resume.
WannaCry exploited a vulnerability in Windows to lock down a user’s computer, then demand $300 payment in Bitcoin to allow access to the data. It wreaked havoc on automated systems and servers as well as personal computers – including the speed camera system used by Victoria Police here in Australia.
Social media users quickly uncovered a tweet Hutchins made back in 2014 asking for a Kronos ‘sample’ – i.e. all or part of the code of the malware. This implies neither guilt or innocence, but it is the only mention on his social feeds of the malware he stands accused of helping create.
https://twitter.com/MalwareTechBlog/status/488373794168254464
Hutchins was arrested after the Def Con security / hacking conference in Las Vegas. He was indicted alongside an unnamed co-defendant, and is accused of six hacking-related crimes.
Pretty wild stuff. We’ll keep you updated.
