Exclusive A new crowdfunding appeal to help security researcher Marcus Hutchins has begun, after persons unknown spammed his old one with potentially ruinous credit card spam.
Hutchins was the security researcher who found a way to cripple the WannaCry ransomware that took down a large chunk of Britain's National Health Service, amongst other organizations and companies. He is currently under house arrest in Los Angeles after being accused by the FBI of writing and selling the Kronos banking malware.
The researcher was arrested by the Feds as he was about to board an airplane home after visiting the Black Hat and DEF CON security conferences in Las Vegas. He has since been charged and released on a $30,000 bond with a GPS cuff, but without the usual restrictions on internet use that usually accompany computer crime accusations. He has pled not guilty.
A donation site was set up shortly after his arrest – legal costs in the US can be insane and the 23-year-old isn't that well off – but it was quickly drowned in a sea of stolen credit card numbers. As a result, Tarah Wheeler, a friend of Hutchins and a fellow security specialist, wanted to find a better way.
"We checked out the crowdfunding site CrowdJustice for two and a half weeks to make sure this would work," she told The Register. "I began the phone call to them by saying 'Look, I'm sorry, but we're going to need to do some pentesting.'"
The fund went live on Monday morning and has already met over half of its $10,000 goal, although there's a stretch goal of $15,000. The money is solely to pay legal fees, not Hutchins' living expenses, and Wheeler said small pop-up fundraisers will be held later on to keep the legal fund topped up.
"Thank you doesn't seem enough," said Marcus's mother Janet Hutchins. "We have been overwhelmed by the support and generosity shown to Marcus and ourselves."
Given that Hutchins is living in a strange city and a new apartment with very little in the way of support, it might be nice to set up some kind of Amazon wishlist, you might think, or maybe a plane ticket for his relatives to visit him. But legally that's complicated, so his friends are concentrating on getting the lawyers paid before Hutchins is back in court next month.
"It's so wonderful to see the community coming together to see them help a kid," Wheeler said. "This is not about innocent or guilty – it's about someone being prosecuted under the Computer Fraud and Abuse Act, a flawed law that's being used as a mallet over the head of security researchers." ®