MalwareTech is back online, as he pleads not guilty to Kronos malware charges

Marcus Hutchins denies charges, and returns to Twitter.

MalwareTech is back online, as he pleads not guilty to Kronos malware charges

Marcus Hutchins, the “accidental hero” who helped curb the spread of the WannaCry ransomware attack that struck the UK’s NHS hard in May, pleaded not guilty in a Milwaukee court yesterday to charges related to a separate piece of malware, named Kronos.

Hutchins, who goes by the moniker “MalwareTech” online, was arrested in Las Vegas earlier this month, as he attempted to return from the DEF CON hacking conference.

The 23-year-old’s arrest, and claims that he might have been involved with the creation of the Kronos banking malware, shocked the infosecurity community, many of whom have questioned whether the FBI has put a strong enough case together to pursue Hutchins, and why it does not appear to have found any US-based victims of the malware.

The part played by Hutchins’ unnamed co-defendant, who law enforcement allegedly purchased a copy of the Kronos banking trojan from via the now defunct dark web AlphaBay marketplace, and appears to play a larger role in the indictment against Hutchins, also remains uncertain.

At the earlier court hearing in Las Vegas (transcript here), prosecutors said:

In his interview following his arrest, Mr Hutchins admitted that he was the author of the code that became the Kronos malware and admitted that he had sold that code to another.”

That’s curious wording: “…admitted that he was the author of the code that became the Kronos malware”. That’s not the same as admitting being the author of the Kronos banking malware. Questions may inevitably be asked as to whether the writing of software code can be directly linked to crimes later allegedly committed with assistance from the code.

And although the authorities claim that they will present evidence of chat logs from 2014 where Hutchins allegedly discusses with his unnamed co-defendant splitting the proceeds of the “sale of the Kronos banking trojan through his associate” we will have to see whether a clear link can be made between the security researcher and any crime.

While he awaits trial, Hutchins is required to stay in the United States and wear a GPS tracker. He has been allowed back online, and is for now basing himself in Los Angeles, home of his employer Kryptos Logic, where he hopes to continue working as a security researcher.

Get the popcorn folks, this one is going to run for a while… Either the FBI have made an enormous screw-up of their investigation of the Kronos malware, or a young man - hailed as a hero by many - made some very dumb decisions a few years ago.

For further discussion on this story, make sure to listen to this episode of the “Smashing Security” podcast:

Listen on Apple Podcasts | Google Podcasts | Other… | RSS

Tags: , , , ,

Share this article:

   Join thousands of others and sign up to our free "GCHQ" newsletter.

Smashing Security podcast
Check out "Smashing Security", the award-winning weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"It's brilliant!" • "Three people having fun in an industry often focused on bad news" • Winner of the Best Security Podcast 2018

Latest episodes:
Listen on Apple Podcasts Listen on Google Podcasts

, , , ,

One Response

  1. Doug Revell

    August 15, 2017 at 11:46 am #

    These “admissions” sound a bit like a gun manufacturer “admitting” they made and sold the mechanism of the gun that shot Kennedy - interesting, but not a crime. What, i wonder, is in it for his - unnamed and apparently unarrested - so-called co-defendant?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.