British computer whiz and cybersecurity researcher Marcus Hutchins was hailed as a hero in June for preventing the spread of the infamous WannaCry malware.
Last Wednesday, Hutchins was treated more like a villain.
He was arrested in Las Vegas by the FBI for his alleged involvement in creating and distributing a different malware known as Kronos. He will appear in court in Milwaukee on on Aug. 14.
The U.K. citizen was in Las Vegas for the Defcon Hacking Conference. His arrest followed a two-year investigation, which was led by the FBI’s Milwaukee-based Cyber Crime Task.
Hutchins’ indictment was issued July 12 by a grand jury in the Eastern District of Wisconsin. He is being charged with six counts, including conspiracy to commit computer fraud and abuse.
Kronos is used to steal banking information from infected computers. The indictment focuses mostly on an unnamed co-defendant, who allegedly sold the malware in 2015 for about $2,000 in digital currency on a dark web marketplace.
According to the indictment, Hutchins created Kronos and later updated it. Further details on Hutchins’ involvement are absent from the district court document.
The crimes allegedly committed by Hutchins and the unnamed co-defendant occurred between July 2014 and July 2015 in the Eastern District of Wisconsin and elsewhere, according to the indictment.
Hutchins lives in the U.K. and works remotely for a security firm based in California. The FBI’s Milwaukee arm conducted the investigation, but beyond that, it is unclear at this point how eastern Wisconsin fits into the picture.
Given that alleged criminal activity occurred in Wisconsin, it is possible the unnamed co-defendant lives and/or works in Wisconsin. However, that possibility is currently nothing more than speculation.
U.S. Attorney Gregory J. Haanstad, who is the chief federal law enforcement official for the Eastern District of Wisconsin, said via an Aug. 3 press release that Kronos presents an ongoing threat to privacy and security.
Cybercrime, said Special Agent in Charge Justin Tolomeo, remains a top priority for the FBI.
"Cybercriminals cost our economy billions in losses each year," Tolomeo said. "The FBI will continue to work with our partners, both domestic and international, to bring offenders to justice."
The cybersecurity community is backing the 23-year-old Hutchins, who is known online as "MalwareTech." Some of his supporters set up a crowd-funding campaign to help cover Hutchins’ legal fees and expenses.
Hutchins rose to prominence in security research circles after his WannaCry takedown. Hundreds of thousands of computers in 150 countries fell victim to the WannaCry malware, according to CNET.
WannaCry essentially held computers hostage, asking victims for bitcoin ransom in return for the safe return of files from their computers. Hutchins’ role in stopping the attack elevated him to rock-star status at the hacking event in Las Vegas.
The case against Hutchins and the unnamed co-defendant is being prosecuted by Assistant United States Attorneys Michael J Chmelar and Benjamin W. Proctor.