Marcus Hutchins, the 23 year old British cyber security researcher who was credited with thwarting the WannaCry global cyber attack, has been arrested by the FBI over his alleged involvement in another malicious software targeting bank accounts.
On Wednesday Hutchins, who who goes by the handle MalwareTech, was in Las Vegas where he had been attending Black Hat and DEF CON which are cyber security and hacking conferences. Hutchins was about to board a plane back to the UK when was arrested (August 2nd) by the FBI.
Motherboard reported that Hutchins, ‘was being held at the Henderson Detention Center in Nevada early on Thursday. A few hours after, Hutchins was moved to another facility, according to a close personal friend.’ A friend had to gone to the detention centre to try to visit Hutchins but found he’d already been transferred out.
According to an indictment released by the US Department of Justice on Thursday, Hutchins is accused of helping to create, spread and maintain the banking trojan Kronos, between 2014 and 2015.
— Lo?enzo Franceschi-Bicchierai (@lorenzoFB) August 3, 2017
What Is Kronos?
Kronos is a form of malicious computer software, known as a banking trojan, that is designed to steal people’s financial details when they sign into online services such as internet banking. It emerged in 2014, when security researchers first spotted that it was being advertised on Russian forums for $7,000 (£5,300). The name derives from the mythical Greek titan, the father of Zeus.
The original ad seen on a Russian forum in 2014 revealed that Kronos can steal credentials from browsing sessions in Internet Explorer, Firefox and Chrome using so-called “form-grabbing” and HTML content injection techniques. Form-grabbing captures all data before it’s sent and is a more sophisticated alternative to keylogging.
The first announcement of Kronos was on exploit.im back July 1st 2014. pic.twitter.com/UglzzjTyfP
— Kevin Beaumont (@GossiTheDog) August 3, 2017
A Trojan is a form of malware that masquerades as a benign application. Its strength lies in tricking victims into downloading and running malicious code via attachments on, for example, emails.
Trojans are often bundled with legitimate software or bookmark bars downloaded online. The original software works as it should, to avoid suspicion. Once installed, a Trojan can be used by hackers to install other malicious software, steal usernames and passwords and log keystrokes.
How Does The Kronos Malware Spread?
Kronos’ behaviour is typical of a banking Trojan. In November 2016, security researchers at Proofpoint spotted several large email campaigns sending tens of thousands of messages, targeting various industries, from universities to banks and hospitals.
These campaigns were sent globally but primarily targeted the UK and North America. The Kronos malware was sent via attachments that looked legitimate. If an email recipient clicked on the attachment, the Trojan infected their machine.
Something Seems Fishy
Three months ago, Marcus Hutchins was a hacking hero. Now he’s arrested and something seems fishy. Hutchins tweeted the following on July 13, 2014, adding a twist to the plot. Why would he ask for samples of Kronos malware if he developed it?
What Kind Of Time Is He Looking At If Guilty?
“The maximum statutory sentence he could face is decades, roughly 40 years,” said Tor Ekeland, a US lawyer who specialises in defending alleged cyber criminals. “Would he get that? I doubt it, it would be a bizarre outcome. Is it possible? It sure is.”
According to the Telegraph,
“If he pleads guilty he could be sentenced to a short prison sentence or supervised release. If he pleads not guilty, he will be moved to Wisconsin, where the charges have been brought, to face trial, which could start any time between three months and three years, Ekeland said.”
Lawyers say Hutchins is unlikely to be granted bail since, as a British citizen, he could be deemed a flight risk.
Hutchins Disliked His Past ‘Five Minutes Of Fame’
Hutchins rose to fame in May 2017 when he stopped The WannaCry worm which infected machines across the globe and crippled organizations such as the NHS (National Health Service), in the UK. He did not enjoy his initial ‘five minutes of fame’, so one can postulate that he is even more unhappy now.
Cyber Community In Shock
News of his arrest shocked the cyber community, as Hutchins had been hailed a hero for helping to control the spread of the WannaCry attack.
In response to being dubbed a “hero” for discovering the “kill switch” that slowed the effects of the WannaCry worm, he said, “I’m definitely not a hero. I’m just someone doing my bit to stop botnets.”
— mpgn (@mpgn_x64) August 4, 2017
Hutchins works for Los Angeles-based Kryptos Logic but is from Ilfracombe in north Devon. Kryptos Logic describes itself as a ‘company of recognized strategic computer security experts’.
Let us know what you think about this in the comments. How do you feel about what happened?