Marcus Hutchins: from hero to criminal
'MalwareTech' was praised as the man who stoped WannaCry, but was charged for createing Kronos years earlierEuropost
In 2017, Marcus Hutchins went from being a relatively unknown 23-year-old, to being a worldwide hero, to facing criminal charges all in a span of a few months. After 'MalwareTech' shut down the rapidly spreading WannaCry malwareby finding a killswitch domain in the software, UK tabloids exposed his real name. Then in August of that year, just as he was about to leave Las Vegas after the Defcon event there, US authorities arrested Hutchins, claiming he'd played a part in creating a different type of malware, Kronos, years earlier.
Today he pleaded guilty to a pair of charges related to the malware, for which he faces up to ten years in prison.
"As you may be aware, I've pleaded guilty to two charges related to writing malware in the years prior to my career in security. I regret these actions and accept full responsibility for my mistakes. Having grown up, I've since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks," a statement posted on his personal website reads.
As described in court documents published by ZDNet, the government's case was that Hutchins developed the malware, known both as UPAS Kit and Kronos, to collect info, while targeting banking information. He worked with partners to distribute and sell the malware to others who made use of the tools.
According to ThreatPost, Kronos harvested banking credentials using "web injects made for every major browser to modify legitimate banking websites." When you log in to your bank, "the web injects look for additional information from the victim, details that are generally not required upon log-in such as ATM PINs or personal information to help with security questions." Kronos came with a built-in security system that fights off other trojans, as well as updates for those who purchased and ran the trojan - it was a black-market product with a price tag of $2K (at the time-period the indictment covers). Yet, besides Hutchins' confessions there are hardly any evidence that Hutchins actually has anything to do with Kronos.
The case, however, has shaken up security research communities as it raises serious concers. People who write, reverse and research malware are both scared and angry. Because to get the experience needed to shut down malware that threatened computers worldwide, one might follow a career that includes some steps outside the lines. And many of the biggest names in the cybersecurity field have done that. And this may make fighting for legitimacy even tougher.