Researcher Who Stopped WannaCry Arrested in US After Def Con...

Motherbaord is reporting: "Researcher Who Stopped WannaCry Ransomware Detained [Arrested] in US After Def Con...

On Wednesday, US authorities detained [arrested] a researcher who goes by the handle MalwareTech, best known for stopping the spread of the WannaCry ransomware virus...

...it is not clear what charges, if any, Hutchins may face...

Motherboard verified that a detainee called Marcus Hutchins, 23, was being held at the Henderson Detention Center in Nevada early on Thursday. A few hours after, Hutchins was moved to another facility, according to a close personal friend....

A US Marshals spokesperson told Motherboard in an email, 'My colleague in Las Vegas says this was an FBI arrest...'

'We are aware a UK national has been arrested but it's a matter for the authorities in the US,' a spokesperson for the UK's National Crime Agency told Motherboard in an email".

https://motherboard.vice.com/en_us/...nacry-ransomware-detained-in-us-after-def-con

NB: FWIW: As of this time Motherboard is the only media outlet reporting this story. It is fair to assume that a story of this magnitude, if true, would be widely reported. Time will tell.

 

The Motherbaord story is now being carried by several media outlets, but Motherboard remains the sole source.

 

They probably want to offer him a job

 

Perhaps Relevant:

Arrest of Material Witness:

"18 U.S. Code § 3144 - Release or detention of a material witness

If it appears from an affidavit filed by a party that the testimony of a person is material in a criminal proceeding, and if it is shown that it may become impracticable to secure the presence of the person by subpoena, a judicial officer may order the arrest of the person and treat the person in accordance with the provisions of section 3142 of this title. ...

(Added Pub. L. 98–473, title II, §?203(a), Oct. 12, 1984, 98 Stat. 1982; amended Pub. L. 99–646, §?55(e), Nov. 10, 1986, 100 Stat. 3609.)"

https://www.law.cornell.edu/uscode/text/18/3144

 

Confirmed

From Wired:

"...Following the news that Hutchins had been arrested, Andrew Mabbitt‏, the founder of security firm Fidus tweeted to confirm this. Mabbitt says the researcher was 'detained' on August 2 but US officials wouldn't tell him where he had been moved to.

'I'm working on getting a lawyer for @MalwareTechBlog as he has no legal representation and no visitors,' Mabbitt continued to say..."

http://www.wired.co.uk/article/malware-tech-arrest-fbi-marcus-hutchins

"wouldn't tell him where he had been moved to" + "no visitors" = National Security or protective custody

From ZDnet:

"...Multiple friends of Hutchins' have been contacted by ZDNet and confirmed this arrest. The British Consulate in LA is reportedly assisting Hutchins, according to a friend."

http://www.zdnet.com/article/researcher-who-stopped-wannacry-outbreak-arrested-in-us/

Gonna need a USB Popcorn Maker today.

 

Detailed story including confirmation by The UK's National Crime Agency

"WannaCry kill-switch hero Marcus Hutchins collared by FBI on way home from DEF CON...

It's understood Hutchins, aka MalwareTechBlog on Twitter, was just about to board a flight back to the UK on Wednesday when the Feds swooped and took him away to an undisclosed location. His worried friends say they still have no idea where he is being held nor why..."

https://www.theregister.co.uk/2017/08/03/wannacry_killer_hutchins_arrested/?mt=1501781738931

Welcome to Cyberworld Mystery Theater

 

As far as section 3142 goes:

So any foreign national visiting the U.S. can be locked up pending a release disposition hearing if deemed a "material witness." Actually, this is not much different than most countries in that they won't let you leave the country(passport confiscated) if you are in like circumstances. Kid made the mistake of leaving the U.K..

​

 

"...The Electronic Frontier Foundation (EFF) said it was trying to get in touch with Hutchins too. The EFF has provided legal assistance to hackers facing legal threats in the U.S. before..."

https://www.forbes.com/sites/thomas...nnacry-killswitch-hero-arrested/#51c5c0d24222

 

"...'Finally located @MalwareTechBlog, he's in the Las Vegas FBI field office. Can anyone provide legal representation?

— Andrew Mabbitt [founder of security firm Fidus] (@MabbsSec) August 3, 2017' ..."

'https://threatpost.com/wannacry-bitcoin-withdrawn-killswitch-researcher-detained-in-nevada/127182/

 

Moral of this story is if you "play" with malware ............. you'll be sorry and:

1. Don't go outside during daylight hours.
2. Install motion detectors in your house and yard.
2. At night, venture no more than 10 feet from the perimeter of you house. Block all windows from outside viewing.
3. Install "bug" monitoring detectors throughout your house.
4. Stop using anything connected to the Internet in any form.
5. Definitely do not order any food/drink for home delivery.

 

HUTCHINS INDICTED !!!!!!!!!!!!!!!!!!!!

"...According to an indictment released by the US Department of Justice on Thursday, Hutchins is accused of having helped to create, spread and maintain the banking trojan Kronos between 2014 and 2015...

Hutchins, who is indicted with another un-named co-defendant, stands accused of six counts of hacking-related crimes as a result of his alleged involvement with Kronos. “Defendent Marcus Hutchins created the Kronos malware,” the indictment, filed on behalf of the Eastern District Court of Wisconsin, alleges..."

https://www.theguardian.com/technol...ho-stopped-wannacry-ransomware-detained-in-us

 

via Sky News:

"Sky News Newsdesk‏Verified account @SkyNewsBreak

U.S. court filing says Marcus Hutchins has been indicted on several criminal counts over advertising and selling hacking tools"

11:54 AM - 3 Aug 2017

https://twitter.com/SkyNewsBreak/status/893183220266749952

 

Appears the guy is a vivid description of a "Trojan Horse." Nothing in the malware world is what it appears to be.

 

Guess his white hat deed didn't throw the hounds off his back, huh. Will his kill-switch discovery mitigate his sentence? He's a sorta like a bank robber, hope his black-ish hat doesn't clash with the orange jumpsuit too much.

Admittedly, this turn of events was a surprise, you know?

 

Tragic.

 

Copy of The Indictment is here:

https://www.documentcloud.org/documents/3912520-Marcus-Hutchinson-Indictment.html

They really threw the book at him.

Sad.

 

Why is the other person's name blacked out?

 

For whatever the reason the names apparently have not yet been made public and the full indictment remains under seal

"...The conspiracy, according to the eight-page indictment, involved Hutchins and two other individuals, who names still have not been made public. After Hutchins alleged created the banking trojan dubbed Kronos, a video circulated in July 2014 on a publicly available website that demonstrated how the malware worked. A month later, one of the unnamed co-conspirators put the malware up for sale at a price of $3,000. Hutchins and one of the co-conspirators allegedly updated Kronos around February 2015...."

https://arstechnica.co.uk/tech-poli...worm-detained-under-mysterious-circumstances/

 

hawki, why do you find this sad and tragic? What's strange is the trojan's name: Kronos. It means "time," but of a much different kind now. Weird.

 

"...Tellingly, the indictment also mentions that Hutchins [conspired to sell]... Kronos on AlphaBay, a dark web site that was shut down by a global law enforcement operation in July. Evidence and testimony from that takedown may have led to Hutchins’ arrest..."

http://bgr.com/2017/08/03/wannacry-... TheBoyGeniusReport (BGR | Boy Genius Report)

 

I guess cuz we got to know so much personal stuff about him as the young, self-taught, surfing-fan, living with his mother "Accidental Hero." It's like someone we knew and liked so well, who up until today was destined to a great career, has fallen from grace because of past serious misdeeds. This to hawki is sad.

 

BBC news on the topic..

http://www.bbc.co.uk/news/uk-england-40820837

 

Time will tell on this one. It is possible he was framed. Remember the Brian Kreb's incident?

Published material to date has him being traced to selling the malware on Alpha Bay. So appears there is a "money trail" leading to him. In any case, he will now enjoy an extended stay in the U.S. at taxpayer expense. ~Comment removed.~

 

If he has a British Passport (and it seems so) he does not have to apply for a Visa. He gets an ESTA through the Visa Waiver Program to visit the USA. He was obviously not denied. If the FBI had him on their list of 'bad guys' they would have been alerted by this process. It is possible that he could work out a deal with the FBI if he has networked the shadows and has info of value.

Maybe he outed some of his previous associates out of revenge when he stopped WannaCry. Wouldn't this be a plot thickener.

 

If this is not the pinnacle definition of hypocricy in motion I don't know what is. Marcus Hutchins accused of developing the kronos malware by the government responsible for creating some of the most prolific malware in the entire world !!
Do they think everyone has already forgotten who created the malware used in the wanna cry attacks in the first place ?
Vault 7 anyone?