I'm no hero, says Marcus Hutchins, who halted global cyber attack but failed IT in school

Mr Hutchins is now working with the UK government's National Cyber Security Centre to prevent a new strain of the malicious software from emerging
Mr Hutchins is now working with the UK government's National Cyber Security Centre to prevent a new strain of the malicious software from emergingPHOTO: YOUTUBE

It may come as a surprise that the young British computer expert credited with halting the global WannaCry cyber attack failed IT in school.

Speaking to The Daily Mail in an interview published on Monday (May 15), 22-year-old Marcus Hutchins said that in 2010 he was suspended by teachers after being accused of hacking his school's system.

"The school server had been attacked and the network was down. I was actually online at the time and I saw the network slowing down. They handed me some papers which showed I was online at the time and chatting with my friends on the school network.

"Then that was it, I was suspended for something I never did," said Mr Hutchins, who hails from south-west England and now works as a researcher at Kryptos logic, a Los-Angeles-based threat intelligence company.

Get The Straits Times
newsletters in your inbox

He added that he was subsequently banned from using Internet-connected computers, which meant he had to complete his GCSE, the British equivalent of O-levels, in IT on paper - an exam he later failed.

The self-taught cybersecurity expert is now working with the UK government's National Cyber Security Centre to prevent a new strain of the malicious software from emerging, The Daily Mail reported, adding that he has no plans to leave his current job despite having been inundated with job offers.

Friday's cyber attack, whose targets ranged from Russia's banks to British hospitals and a French carmaker's factories, used a technique called ransomware that locks users' files unless they pay the attackers a given sum using cryptocurrency Bitcoin.

 

The attack stopped spreading when Mr Hutchins, helped by Mr Darien Huss from security firm Proofpoint, registered a domain name used by the malware.

In a face-to-face interview with The Associated Press on Monday (May 15), Mr Hutchins said he doesn't consider himself a hero, but fights malware because "it's the right thing to do".

"I'm definitely not a hero," he said. "I'm just someone doing my bit to stop botnets."

Kryptos Logic's chief executive Salim Neino said Mr Hutchins took over the "kill switch" on Friday afternoon European time, before it could fully affect the United States.

"Marcus, with the program he runs at Kryptos Logic, not only saved the United States but also prevented further damage to the rest of the world," The Associated Press quoted Mr Neino as saying.

"Within a few moments, we were able to validate that there was indeed a kill switch. It was a very exciting moment. This is something that Marcus validated himself."

Mr Hutchins has long tweeted under the handle MalwareTech, which features a profile photo of a cat with huge sunglasses.

Earlier on, he told The Guardian that he wanted to stay anonymous "because it just doesn't make sense to give out my personal information, obviously we're working against bad guys and they're not going to be happy about this".

His newfound fame soon bought an end to that anonymity.

Friday's attack used a piece of malicious software called WanaCrypt0r 2.0 or WannaCry, which exploits a vulnerability in Windows. While Microsoft had already released a patch (a software update that fixes the problem) in March, computers that had not installed the security update were still vulnerable.

Attacks have been recorded in at least 150 countries, including the UK, Russia, Ukraine, India, China, Italy, and Egypt. Europe and Russia have been the hardest hit so far. More than 200,000 victims have been affected, said the head of the European Union's police agency on Sunday.

 

Related Stories: