[BreachExchange] WannaCry hero malware trial postponed

Destry Winant destry at riskbasedsecurity.com
Thu Aug 10 05:13:39 EDT 2017


http://www.computerweekly.com/news/450424153/WannaCry-hero-malware-trial-postponed

US authorities have postponed the court appearance of Briton Marcus
Hutchins, who is under charges of helping to develop and maintain the
password-stealing malware Kronos between July 2014 and July 2015.

The 23-year-old security researcher from Ilfracombe in Devon was
expected to appear in court on 8 August 2017, but a new court date of
14 August 2017has been set, reports Reuters.

Hutchins will have to wait another week for formal charges to be put
to him and enter his plea in a court in Milwaukee, Wisconsin. He is
not allowed to leave the US or access the internet and is under
24-hour GPS monitoring.

A six-count indictment against Hutchins was filed on 12 July 2017, but
made public only after his arrest, which comes after a two-year FBI
investigation.

He was arrested at Las Vegas airport as he prepared to return to the
UK after attending a series of security conferences, and was released
on $30,000 bail after spending the weekend in detention.

He faces one count of conspiracy to commit computer fraud and abuse,
three counts of distributing and advertising an electronic
communication interception device, one count of endeavouring to
intercept electronic communications, and one count of attempting to
access a computer without authorisation.

The arrest came just weeks after Hutchins was hailed as a hero for
discovering that WannaCry was connecting to an unregistered domain,
which he then registered and took control of to stop the ransomware
worm from spreading.

His lawyer Adrian Lobo said her client would plead not guilty to all
charges, although prosecutors reportedly claimed he had admitted to
writing the Kronos code.

Kronos was designed to steal online banking credential to enable those
behind the malware to drain victims’ bank accounts.

Since its creation, Kronos is thought to have stolen user credentials
associated with banking systems in several countries, including the
UK, Canada, Germany, Poland, France and India.

Prosector Dan Cowhig said Hutchins and an unnamed co-defendant were
caught in a sting operation by undercover officers, according to the
Telegraph. Cohig said other evidence includes chat logs between
Hutchins and his co-defendant, who is reportedly still at large.

After his arrest, the cyber security research community rallied in
support of Hutchins. His mother said his guilt was “highly unlikely”
considering the “enormous amounts of time” he spent stopping cyber
attacks.


More information about the BreachExchange mailing list