Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

UK Security Researcher ‘Hero’ Accused of Creating Bank Malware

A British computer security researcher hailed as a hero for thwarting the “WannaCry” ransomware onslaught was in US custody on Thursday after being indicted on charges of creating malware to attack banks.

A British computer security researcher hailed as a hero for thwarting the “WannaCry” ransomware onslaught was in US custody on Thursday after being indicted on charges of creating malware to attack banks.

Marcus Hutchins, known by the alias “Malwaretech,” was charged in an indictment dated July 12 and unsealed by federal authorities in Wisconsin.

The US Justice Department said in a statement Hutchins was arrested Wednesday in Las Vegas, where a major Def Con hacker security conference took place over the weekend.

Twitter postings from other security researchers said he was detained as he prepared to fly back to Britain.

Hutchins faces criminal charges including conspiracy to commit computer fraud, according to the US Department of Justice.

The indictment accuses Hutchins and another individual of making and distributing Kronos “banking Trojan,” a reference to malicious software designed to steal user names and passwords used at online banking sites.

Since it was created, Kronos has been configured to work on banking systems in Britain, Canada, Germany, Poland, France, and other countries, according to the DOJ.

The indictment set the time of the activity by Hutchins as being from July 2014 to July of the following year.

– ‘Dark markets’ –

Hutchins was part of a conspiracy to distribute the hacking tool on so-called dark markets, according to the indictment signed last month by US Attorney Gregory Haanstad.

Kronos was evidently first made available through certain internet forums in early 2014, and was marketed and distributed through a hidden online AlphaBay marketplace, according to US prosecutors.

AlphaBay was shut down by US and European police in a crackdown on two huge “dark web” marketplaces that allowed the anonymous online trade of drugs, hacking software and guns.

The timing of the indictment of Hutchins raises questions as to whether insights mined from the AlphaBay probe lead to his arrest.

Underground websites AlphaBay and Hansa Market had tens of thousands of sellers of deadly drugs like fentanyl and other illicit goods serving more than 200,000 customers worldwide.

AlphaBay, the largest dark web market, had been run out of Thailand, and filled a gap left behind by the notorious Silk Road online market, shut down by authorities in 2013.

Officials at the time said shutting down the two markets and the arrests of administrators enabled them to collect extensive intelligence on buyers and sellers, including criminal gangs. Their names were being distributed to law enforcement in 37 countries.

– From hero to accused –

Lawyers at the San Francisco-based online rights group Electronic Frontier Foundation said they were looking to contact Hutchins.

“The EFF is deeply concerned about the arrest of Marcus Hutchins, a security researcher known for shutting down the WannaCry ransomware. We are looking into the matter, and are reaching out to Hutchins,” a statement from the group said.

A spokesperson for the British Embassy in Washington said only that they “are in touch with local authorities in Las Vegas following reports of a British man being arrested.”

Hutchins was hailed as a hero in May for finding and triggering a “kill switch” for a WannaCry ransomware attack that was spreading wildly around the world, locking away data on computers and demanding money for its release.

Andrew Mabbitt, another security researcher who was with Hutchins in Las Vegas, said he did not believe the allegations. “He spent his career stopping malware, not writing it,” Mabbitt said on Twitter.

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Cybercrime

The owner of China-based cryptocurrency exchange Bitzlato was arrested in Miami along with five associates in Europe

Cyberwarfare

Google Project Zero has disclosed the details of three Samsung phone vulnerabilities that have been exploited by a spyware vendor since when they still...

Cybercrime

A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of...

Application Security

Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...