This is Profoundly Weird

Marcus Hutchins, a white hat hacker who shut down the WannaCry ransomware, was just arrested by the FBI, and charged with creating and distributing a banking Trojan 3 years ago:

On Wednesday, US authorities detained a researcher who goes by the handle MalwareTech, best known for stopping the spread of the WannaCry ransomware virus.

In May, WannaCry infected hospitals in the UK, a Spanish telecommunications company, and other targets in Russia, Turkey, Germany, Vietnam, and more. Marcus Hutchins, a researcher from cybersecurity firm Kryptos Logic, inadvertently stopped WannaCry in its tracks by registering a specific website domain included in the malware’s code.

Hutchins was arrested for allegedly creating the Kronos banking malware.

Motherboard verified that a detainee called Marcus Hutchins, 23, was being held at the Henderson Detention Center in Nevada early on Thursday. A few hours after, Hutchins was moved to another facility, according to a close personal friend.

The friend told Motherboard they “tried to visit him as soon as the detention centre opened but he had already been transferred out.” Motherboard granted the source anonymity due to privacy concerns.

“I’ve spoken to the US Marshals again and they say they have no record of Marcus being in the system. At this point we’ve been trying to get in contact with Marcus for 18 hours and nobody knows where he’s been taken,” the person added. “We still don’t know why Marcus has been arrested and now we have no idea where in the US he’s been taken to and we’re extremely concerned for his welfare.”

So, they have arrested him, and are holding him incommunicado, and at this time it appears that he has not been allowed to talk to a lawyer.

Also note that “MalWareTech” seemed to confirm that the WannaCry code originated with the NSA, which might imply that there some institutional imperative to go after him that was not strictly judicial.

Also, at the time of the Kronos release, Marcus Hutchins was casting about on Twitter for a copy of the code, which seems to an awfully odd thing to do if he wrote the code in the first place:

Anyone got a kronos sample?

— MalwareTech (@MalwareTechBlog) July 13, 2014

Marcy Wheeler also noticed an odd coincidence that corresponded to his arrest:

In remarkably timed news, between 3:10 and 3:25 AM UTC this morning (8 PM last night Mountain Time), someone emptied out all the WannaCry accounts.

So, while Hutchins was detained, someone took all the ransom money that 

This is all profoundly odd.

Leave a Reply