MalwareTech is back online, as he pleads not guilty to Kronos malware charges

Graham Cluley

MalwareTech is back online, as he pleads not guilty to Kronos malware charges

MalwareTech is back online, as he pleads not guilty to Kronos malware charges

Marcus Hutchins, the “accidental hero” who helped curb the spread of the WannaCry ransomware attack that struck the UK’s NHS hard in May, pleaded not guilty in a Milwaukee court yesterday to charges related to a separate piece of malware, named Kronos.

Hutchins, who goes by the moniker “MalwareTech” online, was arrested in Las Vegas earlier this month, as he attempted to return from the DEF CON hacking conference.

The 23-year-old’s arrest, and claims that he might have been involved with the creation of the Kronos banking malware, shocked the infosecurity community, many of whom have questioned whether the FBI has put a strong enough case together to pursue Hutchins, and why it does not appear to have found any US-based victims of the malware.

The part played by Hutchins’ unnamed co-defendant, who law enforcement allegedly purchased a copy of the Kronos banking trojan from via the now defunct dark web AlphaBay marketplace, and appears to play a larger role in the indictment against Hutchins, also remains uncertain.

At the earlier court hearing in Las Vegas (transcript here), prosecutors said:

“In his interview following his arrest, Mr Hutchins admitted that he was the author of the code that became the Kronos malware and admitted that he had sold that code to another.”

That’s curious wording: “…admitted that he was the author of the code that became the Kronos malware”. That’s not the same as admitting being the author of the Kronos banking malware. Questions may inevitably be asked as to whether the writing of software code can be directly linked to crimes later allegedly committed with assistance from the code.

And although the authorities claim that they will present evidence of chat logs from 2014 where Hutchins allegedly discusses with his unnamed co-defendant splitting the proceeds of the “sale of the Kronos banking trojan through his associate” we will have to see whether a clear link can be made between the security researcher and any crime.

While he awaits trial, Hutchins is required to stay in the United States and wear a GPS tracker. He has been allowed back online, and is for now basing himself in Los Angeles, home of his employer Kryptos Logic, where he hopes to continue working as a security researcher.

Get the popcorn folks, this one is going to run for a while… Either the FBI have made an enormous screw-up of their investigation of the Kronos malware, or a young man – hailed as a hero by many – made some very dumb decisions a few years ago.

For further discussion on this story, make sure to listen to this episode of the “Smashing Security” podcast:

Listen on Apple Podcasts | Google Podcasts | Other... | RSS
More episodes...

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “MalwareTech is back online, as he pleads not guilty to Kronos malware charges”

  1. These "admissions" sound a bit like a gun manufacturer "admitting" they made and sold the mechanism of the gun that shot Kennedy – interesting, but not a crime. What, i wonder, is in it for his – unnamed and apparently unarrested – so-called co-defendant?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.