Weekend in jail for 'accidental hero' hacker

Marcus Hutchins is facing charges of selling malicious code used to steal banking and credit card data.
Marcus Hutchins is facing charges of selling malicious code used to steal banking and credit card data.

LAS VEGAS • The British cyber-security researcher who gained celebrity status in May when he was credited with neutralising the global WannaCry ransomware attack was due to spend the weekend in jail.

A judge in Las Vegas set his bail at US$30,000 (S$40,800) over charges that he advertised and sold malicious code used to pilfer banking and credit card information.

Two months ago, Marcus Hutchins was an "accidental hero", a young computer whiz living with his parents in Britain who found the "kill switch" for WannaCry.

But his arrest last week stunned the computer security community and shines a light on the shadowy world of those who sometimes straddle the line between legal and illegal activities.

Hutchins could not be released after bail was set last Friday because the clerk's office for the court closed 30 minutes after his hearing concluded. His lawyer, Ms Adrian Lobo, said Hutchins would be released tomorrow and is expected to be on a flight on Tuesday to Wisconsin, where a six-count indictment against him was filed in the United States District Court.

He was receiving support from a "variety of sources" around the world to post his bail, she said.

Judge Nancy Koppe dismissed a federal prosecutor's claim that Hutchins was a flight risk, though she did order him to surrender his passport. If released, Hutchins would be barred from computer use or Internet access.

Hutchins, also known online as MalwareTech, was indicted with an unnamed co-defendant on July 12. The case remained under seal until Thursday, a day after his arrest in Las Vegas, where he and tens of thousands of others flocked to for the annual Black Hat and Def Con security conventions.

Hutchins allegedly advertised, distributed and profited from malware code known as "Kronos" between July 2014 and 2015, according to the indictment.

If downloaded from e-mail attachments, Kronos left victims' systems vulnerable to theft of banking and credit card credentials, which could have been used to siphon money from bank accounts.

Hutchins' arrest shocked many researchers who did not believe he engaged in cyber crime.


A version of this article appeared in the print edition of The Sunday Times on August 06, 2017, with the headline 'Weekend in jail for 'accidental hero' hacker'. Print Edition | Subscribe