Secretive electronic spy agency GCHQ was aware that accused malware author Marcus Hutchins, aka MalwareTechBlog, was due to be arrested by US authorities when he travelled to United States for the DEF CON hacker conference, according to reports.
The Sunday Times – the newspaper where the Brit government of the day usually floats potentially contentious ideas – reported that GCHQ was aware that Hutchins was under surveillance by the American FBI before he set off from his home in the UK to Las Vegas.
Hutchins, 23, was arrested on August 2 as he boarded his flight home. He had previously been known to the public as the man who stopped the WannaCry ransomware outbreak.
Government sources told The Sunday Times that Hutchins' arrest in the US had freed the British government from the "headache of an extradition battle" with the Americans. This is a clear reference to the cases of alleged NASA hacker Gary McKinnon, whose attempted extradition to the US failed in 2012, and accused hacker Lauri Love, who is currently fighting an extradition battle along much the same lines as McKinnon.
One person familiar with the matter told the paper: "Our US partners aren't impressed that some people who they believe to have cases against [them] for computer-related offences have managed to avoid extradition."
Hutchins had previously worked closely with GCHQ through its public-facing offshoot, the National Cyber Security Centre, to share details of how malware operated and the best ways of neutralising it. It is difficult to see this as anything other than a betrayal of confidence, particularly if British snoopers were happy for the US agency to make the arrest – as appears to be the case.
American prosecutors charged Hutchins with six counts related to the creation of the Kronos banking malware. He faces a potential sentence of 40 years in prison. He pleaded not guilty to the charges last week.
Hutchins' bail conditions are unusually lenient for an accused hacker, with the Milwaukee court hearing his plea more or less relaxing all restrictions on him – with the exception of not allowing him to leave the US and prohibiting him from visiting the domain that sinkholed the WannaCry malware.
The man himself has been active on Twitter again since his bail restrictions were lifted:
"Just walk down the freeway bro, no sweat."— MalwareTech (@MalwareTechBlog) August 20, 2017
Previously, FBI agents had tried claiming Hutchins might try obtaining firearms to commit crimes, based solely on his having tweeted about visiting a shooting range in Las Vegas – a common tourist pastime in Sin City. ®