Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Tracking & Law Enforcement

UK Security Researcher ‘Hero’ Accused of Creating Bank Malware

A British computer security researcher hailed as a hero for thwarting the “WannaCry” ransomware onslaught was in US custody on Thursday after being indicted on charges of creating malware to attack banks.

A British computer security researcher hailed as a hero for thwarting the “WannaCry” ransomware onslaught was in US custody on Thursday after being indicted on charges of creating malware to attack banks.

Marcus Hutchins, known by the alias “Malwaretech,” was charged in an indictment dated July 12 and unsealed by federal authorities in Wisconsin.

The US Justice Department said in a statement Hutchins was arrested Wednesday in Las Vegas, where a major Def Con hacker security conference took place over the weekend.

Twitter postings from other security researchers said he was detained as he prepared to fly back to Britain.

Hutchins faces criminal charges including conspiracy to commit computer fraud, according to the US Department of Justice.

The indictment accuses Hutchins and another individual of making and distributing Kronos “banking Trojan,” a reference to malicious software designed to steal user names and passwords used at online banking sites.

Since it was created, Kronos has been configured to work on banking systems in Britain, Canada, Germany, Poland, France, and other countries, according to the DOJ.

The indictment set the time of the activity by Hutchins as being from July 2014 to July of the following year.

Advertisement. Scroll to continue reading.

– ‘Dark markets’ –

Hutchins was part of a conspiracy to distribute the hacking tool on so-called dark markets, according to the indictment signed last month by US Attorney Gregory Haanstad.

Kronos was evidently first made available through certain internet forums in early 2014, and was marketed and distributed through a hidden online AlphaBay marketplace, according to US prosecutors.

AlphaBay was shut down by US and European police in a crackdown on two huge “dark web” marketplaces that allowed the anonymous online trade of drugs, hacking software and guns.

The timing of the indictment of Hutchins raises questions as to whether insights mined from the AlphaBay probe lead to his arrest.

Underground websites AlphaBay and Hansa Market had tens of thousands of sellers of deadly drugs like fentanyl and other illicit goods serving more than 200,000 customers worldwide.

AlphaBay, the largest dark web market, had been run out of Thailand, and filled a gap left behind by the notorious Silk Road online market, shut down by authorities in 2013.

Officials at the time said shutting down the two markets and the arrests of administrators enabled them to collect extensive intelligence on buyers and sellers, including criminal gangs. Their names were being distributed to law enforcement in 37 countries.

– From hero to accused –

Lawyers at the San Francisco-based online rights group Electronic Frontier Foundation said they were looking to contact Hutchins.

“The EFF is deeply concerned about the arrest of Marcus Hutchins, a security researcher known for shutting down the WannaCry ransomware. We are looking into the matter, and are reaching out to Hutchins,” a statement from the group said.

A spokesperson for the British Embassy in Washington said only that they “are in touch with local authorities in Las Vegas following reports of a British man being arrested.”

Hutchins was hailed as a hero in May for finding and triggering a “kill switch” for a WannaCry ransomware attack that was spreading wildly around the world, locking away data on computers and demanding money for its release.

Andrew Mabbitt, another security researcher who was with Hutchins in Las Vegas, said he did not believe the allegations. “He spent his career stopping malware, not writing it,” Mabbitt said on Twitter.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.