When the WannaCry cyber attack had unfolded, there was chaos in many countries but one cyber-expert named Marcus Hutchins was hailed as a hero. Hutchins managed to find a kill switch for the dreaded cyber attack. But now Hutchins has been arrested by the FBI for his role in creating and spreading a malware named Kronos, which was used to attack banking websites. So what has happened in this case? Here’s a quick look at everything you need to know.
Who is Marcus Hutchins? How did he stop WannaCry cyberattack?
Marcus Hutchins has been blogging under the name MalwareTech, and he has a Twitter handle as well. Till the time of the WannaCry cyber attack, he had remained anonymous, but eventually had given interviews to the media.
Hutchins had risen to fame in May 2017 after he helped stop the WannaCry cyber attack, which crippled the National Health Services (NHS) in the UK and many other enterprises, governments across the world. Others on the list included: FedEx, Nissan Motor company, Renault. India too was impacted by the ransomware attack.
Over 300,000 computers were infected by the WannaCry ransomware globally, which had encrypted people’s data on infected computers. Users would have to pay a ransom of $300 bitcoins to get back the data. Many people were locked out of their computers, and could not retrieve important data.
Hutchins had managed to stop the attack by registering an Internet domain, which served as ‘kill switch’ for the malware. This domain secret was hidden in the ransomware’s code and once Hutchins bought the domain the attack ended.
So why has Hutchins been arrested? What is the FBI saying in this case?
According to Wired, Hutchins was arrested Las Vegas, while he was flying home to the UK. Hutchins had just finished attending the Black Hate and Def Con hacker conference in Las Vegas. He lives in the UK and works with security firm Kryptos Logic.
According to the FBI, Hutchins created the Kronos Malware which was used to hack banking systems in Canada and Europe. The indictment papers put Hutchins as a co-accused in the case, but the other person’s name has been redacted from the document.
The indictment accuses Hutchins of “knowingly” conspiring with this other person to commit an offense against the United States, and says the hacker created the Kronos Malware and that in February 2015, he also updated the malware. By 2015, it was known that this was indeed a malware being used to commit crimes against banking websites.
Interestingly the FBI has not accused Hutchins with the online selling or video demonstrating how Kronos Malware worked. Under these charges the name of the second accused is listed in the document. However, the name remains redacted from the entire document.
So what is the Kronos Malware? Is it linked to WannaCry?
Hutchins arrest is not linked to the WannaCry cyber attack at all, but rather to an entirely different malware, which he is accused of creating in 2013 and updating in 2015. Kronos Malware is a banking trojan, which has been around since 2014, and used to steal data like usernames, passwords from banking websites. So Hutchins is not accused of actually hacking computers with the malware, but rather of creating something that he knew would be used in online crime.
Kronos Malware was listed on AlphaBay, which is an online crimeplace the FBI shut down last month. This was apparently sold on the website for $3000, though some listings also priced this at $7000.
Where Kronos is concerned, it has been around since 2014. In a blogpost IBM Security team explained Kronos malware was linked to Russian underground forum members, and it had also given a detailed description of this malware. The malware relies on “form grabbing and HTML injection” and would work on most of the popular browsers like Internet Explorer, Firefox and Chrome and could avoid detection by anti-viruses as well.
The blogpost which was published in 2014, also highlighted how authors of this malware were promising new modules, which would be charged extra along with updates as well. A post by the hackers who had put this up for sale said they would accept payments in “Perfect Money, Bitcoin, WMZ, BTC-E.com.”
So what are the reactions to the Hutchins arrest?
According to a Guardian report, Hutchins’ mother has said she was not convinced her son was involved in this malware. She also said she was “outrage” over the arrest and trying to contact her son.
The Electronic Frontier Foudation, which is a legal advocacy group told Bloomberg they were trying to reach Hutchins to help him out. “The EFF is deeply concerned about the arrest of Marcus Hutchins” said Jeanne Carstensen, a spokeswoman for the group, according to Bloomberg. A friend of Hutchins told the Guardian, he was shocked to hear about Hutchins’ arrest.