Yesterday, something big happened that made people who were made about it fall into shock. Marcus Hutchins, a researcher from Kryptos Logic who stopped the WannaCry ransomware spread. Has been arrested for alledgedly creating the Kronos banking malware.
US authorities detained the researcher who went by the handle MalwareTech, has been accused by authorities of creating and distributing the banking Trojan between July 2014 and July 2015. Marcus as being held at the Henderson Detention Center in Nevada early on Thursday. A few hours after, Hutchins was moved to another facility, according to a close personal friend.
The Indictment of the Kronos Creation Accusation
“Defendant MARCUS HUTCHINS created the Kronos malware,” This is the main claim that the indictment Marcus got speaks about. The indictment also includes information on, but does not name, a second defendant. The conspiracy allegedly included advertising Kronos on internet forums and selling the malware itself.
There are also allegations of the second defendant selling the malware in various darkweb places. Like the now-defunct AlphaBay. The way this virus was advertised was through a Youtube video that was posted in July 13, 2014 according to the indictment. The video has since been removed from the website.
Hutchins was arrested in Las Vegas, during Black Hat and Def Con. Which are hacking events that happen annually. A person who remains to be anonymous told tech website Motherboard “I’ve spoken to the US Marshals again and they say they have no record of Marcus being in the system. At this point we’ve been trying to get in contact with Marcus for 18 hours and nobody knows where he’s been taken.”
And while this was a concern of an outsider being arrested. The UK National Crime Agency also spoke about the situation and how their hands were tied. “We are aware a UK national has been arrested but it’s a matter for the authorities in the US” with the UK National Cyber Security Centre adding “We are aware of the situation. This is a law enforcement matter and it would be inappropriate to comment further.”
If these accusations turn out to be true, I have a few questions in regards to this. Why would the person who helped cover one of the biggest ransomware attacks which affected infrastructures of many working places create such a lethal virus? Perhaps the easy answer would be for personal gain. But there are a lot of questions that need answering, however. Hutchins’s fate and further statements are left for the future.