NHS cyber-defender arrested in US


The 23-year-old cyber-security whizzkid Marcus Hutchins, who battled the WannaCry attack against the NHS in May, is due to appear in a US court charged with cyber-crime offenses.

According to the indictment, Hutchins (who also goes by the moniker 'MalwareTech') has been accused of creating and distributing Kronos malware, which is used to steal banking logins from victims' computers, and could face up to 40 years in prison.

Kronos is a 'trojan' which means it disguises itself as legitimate software. It first came to light in 2014 when it was advertised on a Russian underground forum. Since then, it's faded in and out of prominence until it was spotted again being distributed via email to various institutions.

The emails contained attachments that purported to be links to Microsoft Sharepoint documents, but actually led victims to more malware including a credit card number-stealing tool.

The malware was being sold for thousands of dollars and was advertised across many hacker forums, including the recently busted AlphaBay.

The US Department of Justice released a statement which said: "Marcus Hutchins… a citizen and resident of the United Kingdom, was arrested in the United States on 2 August, 2017, in Las Vegas, Nevada, after a grand jury in the Eastern District of Wisconsin returned a six-count indictment against Hutchins for his role in creating and distributing the Kronos banking Trojan," the US Department of Justice (DoJ) said in a statement.

"The charges against Hutchins, and for which he was arrested, relate to alleged conduct that occurred between in or around July 2014 and July 2015."

Mr Hutchins had been attending the Black Hat and Def Con cyber-security conferences in Las Vegas at the time, but it's not known where he's being held in custody.

A second defendant was also arrested, but no name has been released.

His mother, Janet Hutchins, said it was "hugely unlikely" that her son was involved, saying he had spent "enormous amounts of time and even his free time" stopping attacks like these. Others in the cyber-security world have expressed similar scepticism; citing such evidence as a 2014 tweet from Hutchins in which he asked for a 'sample' of the malware, despite US authorities claiming he made it himself.

Mr Hutchins colleagues who work with him in investigating malware have said "it looks like the US justice system has made a huge mistake", while digital rights groups are said to be "deeply concerned" with Mr Hutchin's situation.

The British consulate are currently working with local authorities on the case and are providing support to his family.

About Lee Hazell

Lee Hazell is a cyber security consultant with a keen interest in anything tech or security related. Follow Lee on .

Leave a Reply

Your email address will not be published. Required fields are marked *