Mark Hutchins, better known by the Twitter handle @MalwareTech, was detained by U.S. authorities Wednesday, according to a Motherboard report. Hutchins made headlines, and was called an “accidental hero” earlier this year, when he found the “kill switch” to WannaCry, a massive ransomware attack that spread throughout the world infecting hospitals and telecom companies, among other businesses.
Motherboard said it verified that Hutchins, 23, was being held at the Henderson Detention Center in Nevada on Thursday. A “close personal friend” of the researcher said he was later moved to another facility. The unnamed friend then tried to visit him, but he had already been transferred to another location.
“I’ve spoken to the U.S. Marshals again and they say they have no record of Marcus being in the system,” the friend told Motherboard. “At this point we’ve been trying to get in contact with Marcus for 18 hours and nobody knows where he’s been taken. We still don’t know why Marcus has been arrested and now we have no idea where in the U.S. he’s been taken to and we’re extremely concerned for his welfare.”
Hutchins was in Las Vegas for two large security conferences: Black Hat and DEF CON. An avid Twitter user, Hutchins has not posted in the last 24 hours. Andrew Mabbitt, a co-founder of Fidus, said he was working to get the security researcher a lawyer.
I'm working on getting a lawyer for @MalwareTechBlog as he has no legal representation and no visitors. I'll be crowdfunding legal fees soon— Andrew Mabbitt (@MabbsSec) August 3, 2017
Motherboard reached out to U.S. Marshals, but was told by a spokesperson that it was an FBI arrest, and he was not in their custody.
The FBI refused a request for comment from Motherboard. The United Kingdom’s National Crime Agency told the publication that it was aware a U.K. citizen was arrested, but said it was a “matter for the authorities in the U.S.” It is not known whether Hutchins faces any charges.
We will update this article as we learn more.
Update 2:43pm CT, Aug. 3: According to an indictment released by the U.S. Department of Justice, Hutchins and an unnamed co-defendant were arrested for helping create, maintain, and spread the banking trojan malware “Kronos” between 2014 and 2015. The malware spread through email attachments and was used to steal online banking credentials, ATM pin numbers, and other personal information.
Hutchins is accused of six counts of hacking-related charges, including the creation of Kronos. Hutchins tweeted about the malware in 2014:
Update 4:59pm CT, Aug. 3: The indictment, filed on behalf of the Eastern District Court of Wisconsin, clarifies the charges against Hutchins, which were compiled during a two-year FBI investigation.
“Hutchins was charged with one count of conspiracy to commit computer fraud and abuse, three counts of distributing and advertising an electronic communication interception device, one count of endeavoring to intercept electronic communications, and one count of attempt to access a computer without authorization,” it reads.
The Kronos banking trojan was designed to harvest and transfer the username and password associated with banking accounts from one infected computer to the control panel of another. It has been configured to attack computers in Canada, Germany, Poland, France, and the United Kingdom, among others, according to the formal charge.
Here is a link to the full indictment.