Login | July 23, 2018

Hacker or Hero or Both? The saga of Marcus Hutchins

Technology for Lawyers

Published: September 22, 2017

A funny thing happened as the 2017 DEF CON hacker’s and cybersecurity professional’s conference ended in Las Vegas a few weeks ago. One of the world’s latest cybersecurity (white hat) heroes was arrested by US authorities and accused of actually being a black hat dude.

He denies it, and has a lot of people in cybersecurity on his side.

Marcus Hutchins, a British citizen and employee of a British cybersecurity firm, was arrested and charged with creating malware.

Hutchins was the person who identified a weakness in the WannaCry virus and stopped the attack by registering a website, if you recall. He works for Los Angeles-based Krypto Logic, which is where he was employed when he stopped WannaCry (although he apparently lives with his parents in England). He donated his $10,000 prize to charity.

In Vegas, Hutchins was arrested for, according to federal officers, creating a virus called Kronos that targeted banks. Facing six counts of hacking with a potential 40 years in prison, he pled not guilty in Nevada, made bond and was arraigned in Wisconsin on the charges where he again pled not guilty. He is under house arrest, can move freely around the US but cannot return to England and is set for trial in October.

So—two sides to every story, right? Hutchins apparently admitted creating at least some of the code for Kronos as an experiment, but he is saying that his code was misused by subsequent hackers and turned into bank hijacking software without his knowledge or participation. In fact, he had already tweeted about this problem in 2015.

The government has apparently acknowledged the “historic” nature of this case in its presentation to the Wisconsin court, and the court allowed Hutchins access to the Internet, including his famous @malwaretech Twitter account.

Hutchins is being backed by a number of cybersecurity experts, who have posted here and there that uploading bits of malware to sites frequented by hackers is a typical behavior for a white hat cybersecurity worker looking to contact and find out about the black hats.

This case exposes a little-known part of cybersecurity, and it’ll be instructive and maybe fun to watch as it progresses. We’ll keep you posted.