This article is more than 1 year old
WannaCry-killer Marcus Hutchins denies Feds' malware claims
He admitted writing software nasty code, FBI allege. Brit's lawyers say he's innocent
Marcus Hutchins, the WannaCry ransomware killer and now suspected malware developer, was told by a Las Vegas court on Friday he can be released on bail. He also denied any wrongdoing.
The British citizen was sensationally arrested and taken into custody on Wednesday by the FBI. The agents swooped as he was about to board a flight back home to the UK from America after attending the DEF CON hacking conference in Nevada last week. The Feds have accused him of creating, developing, and selling the Kronos banking malware from 2014 to 2015 with an unnamed associate.
On Thursday, he appeared in court for a five-minute hearing, and the case was adjourned for a day to give him more time with his lawyers. On Friday, at 3pm Pacific Time, he appeared before a judge, and indicated he will plead not guilty to the charges against him. He was told he could be released on bail under certain conditions with a $30,000 bond.
However, even though that hearing finished at 3.30pm, Hutchins and his lawyers weren't able to get to the bail office in time as it closes at 4pm. Thus, he will not be released today – and will spend the weekend behind bars as the office will not reopen until Monday. He's also due to be flown to Wisconsin for his next court appearance on Tuesday.
"He's dedicated his life to researching malware and not trying to harm people," said one of his attorneys, Adrian Lobo. "Using the internet for good is what he's done."
Lobo also told journalists Hutchins was able to raise bail money from his supporters, and that his family are still in the UK. We understand the Brit has still not been able to speak to his friends or relatives.
Prior to the hearing, Hutchins filed a motion to allow him to appear in court without wearing full shackles. It's a measure of how paranoid the US court system is that a 23-year-old computer expert with no violent past could be shackled hand and foot for an administrative hearing. As it was, he appeared in a yellow jumpsuit and orange Crocs.
US Department of Justice prosecutors cited Hutchins' recent trip to a gun range as proof that he should be denied bail and kept in jail, we're told. Lobo said the government's argument was "garbage."
Crucially, prosecutors are also claiming that Hutchins admitted during interrogation, in which he did not have a lawyer, to writing malware, and allege the Brit hinted he also sold software nasties. That sounds bad, however bear in mind that Hutchins, who goes by MalwareTechBlog on Twitter, has written and shared malware code online for research purposes.
In April 2014, well before Kronos hit, Hutchins, who works as an antivirus researcher, published a blog post titled: "Coding Malware for Fun and Not for Profit (Because that would be illegal)." In it he explained how to write a bootkit for years-old Windows XP, and took steps to make sure it was next to useless.
"Before you get on the phone to your friendly neighborhood FBI agent, I'd like to make clear a few things: The bootkit is written as a proof of concept, it would be very difficult to weaponize, and there is no weaponized version to fall into the hands of criminals," he blogged at the time.
And in 2015, Hutchins revealed on Twitter his shock at finding some other code he wrote being used within malware – Kronos, to be exact.
2015-01-08 MWT posted hooking codehttps://t.co/dilxdGobZE
— Nate ╯彡┻━┻ (@natesantos) August 4, 2017
2015-02-06 new Kronos posted online
2015-02-07 this tweet-https://t.co/dgg1H3cgrU
Hutchins' lawyers say he is not in any way behind the Kronos Trojan, which silently infects Windows PCs to siphon off funds from victims' online banking accounts. It is typically sold to crooks, who spread it in emails and malicious downloads and then pocket the stolen loot. It is based loosely on the Zeus Trojan, and was announced on Russian-language hacker forums in July 2014.
When free, whenever that will be, Hutchins will have to wear a GPS tag at all times, can't use the internet, and can have no contact with his unnamed accused co-conspirator. He's also confined to the US for the time being. ®