Latest in Gear

Image credit: Bloomberg via Getty Images

'WannaCry hero' faces more federal malware charges

The FBI claims Marcus Hutchins lied about creating Kronos.
326 Shares
Share
Tweet
Share
Save
Bloomberg via Getty Images

Marcus Hutchins, the cybersecurity researcher credited with helping stop last year's WannaCry virus, is facing four new charges related to malware he allegedly created to steal financial information. Now, the FBI says Hutchins lied about creating the malware called Kronos, and that he conspired with others to promote it online, including via YouTube.

The researcher, also known as MalwareTech, is now facing ten charges following a revised grand jury indictment in the Eastern District of Wisconsin. After it was filed, Hutchins asked his Twitter followers to consider donating to help with legal fees and called the charges "bullshit." One of his attorneys said the new charges were "meritless," and insisted they "highlight the serious flaws in this prosecution." Hutchins has pleaded not guilty, though prosecutors say he admitted creating Kronos.

The latest indictment includes the aliases of people he's accused of conspiring with to sell Kronos. According to prosecutors, Hutchins and another person known as "VinnyK" appeared in a YouTube video in 2014 showing how Kronos worked. They also allegedly used the video "to promote the sale of Kronos." The indictment notes that the alleged crimes took place between July 2014 and July 2015. It also claims Hutchins created and distributed other malware called UPAS Kit in 2012; that was also designed to steal personal information and credit card details, prosecutors say.

Journalist Marcy Wheeler, who has been following the case, broke down the new indictment and some potential issues with it. Wheeler suggested that the alleged 2012 crimes both fall outside a five-year statute of limitations and were carried out while Hutchins was a minor. She added that VinnyK allegedly sold UPAS Kit to someone in July 2012, and Kronos to someone else in 2015. Prosecutors claim Hutchins provided Kronos to VinnyK and another person known as "Randy" (or "Individual B" in the indictment).

Wheeler wrote that prosecutors should be pursuing VinnyK as the true perpetrator of the crimes, but instead are targeting Hutchins. Additionally, "in an attempt to limit or avoid his own criminal exposure, Randy implicated Hutchins," she said. Wheeler also pointed out that Kronos does not have any known US victims.

Defense attorneys have urged a federal judge to suppress statements Hutchins made to the FBI when he was detained on August 2nd, claiming that he wasn't correctly advised of his rights. The FBI apprehended him as he was headed home to England from the DefCon security conference in Las Vegas -- Hutchins' attorneys said the timing of his arrest was designed "to create confusion and mislead Mr. Hutchins." Agents said he spoke with them voluntarily but lied about his part in Kronos' creation.

From around the web

ear iconeye icontext filevr