Marcus Hutchins, a UK-based security researcher who was instrumental in stopping the spread of the WannaCry ransomware earlier this year, has been arrested while attending the DEFCON security conference in Las Vegas. Hutchins, who goes by the handle MalwareTech online, was arrested by the FBI in connection with Kronos, a malware package that he allegedly helped write and sell on dark web forums.
Motherboard reports that Hutchins, 23, was detained by the FBI in Las Vegas. An indictment was filed in Wisconsin District Court, alleging Hutchins’ involvement with Kronos, a “banking Trojan” that was written to steal user credentials and logins from computers.
According to the indictment, Hutchins wrote Kronos sometime in 2014. In August of that year, Hutchins offered to sell the malware to a user on an internet forum, and posted a video showing off the malware’s capabilities. Tellingly, the indictment also mentions that Hutchins sold Kronos on AlphaBay, a dark web site that was shut down by a global law enforcement operation in July. Evidence and testimony from that takedown may have led to Hutchins’ arrest.
It’s a bittersweet moment for a young security researcher who just months ago was catapulted to international fame after stopping a cyberattack in its tracks. During the WannaCry ransomware attack, Hutchins noticed that a control server coded into the malware wasn’t registered — basically, just an administrative oversight by the WannaCry authors. Hutchins was able to register the server and then prevent the WannaCry malware from spreading any further.