US judge sets bail for UK researcher in malware case

Marcus Hutchins is accused of creating malware – unrelated to the ransomware attack he was credited with halting in May.

British IT expert Marcus Hutchins
Hutchins denies the allegations and faces decades in prison if he is convicted [AP]

A US judge has set bail of $30,000 for a well-known British cybersecurity researcher accused of creating and distributing software designed to steal online banking credentials and credit card information.

Marcus Hutchins, gained celebrity status within the hacker community in May when he was credited with neutralising the global “WannaCry” ransomware attack which brought servers in Britain’s National Health Service to a standstill – and later spread to 150 countries. 

Hutchins, who is also known as MalwareTech, was arrested by the FBI while he was returning to the UK after joining Def Con 25, the annual international cybersecurity gathering, at Las Vegas.

The 23-year-old’s Twitter account shows he sent several tweets on Wednesday, but later went silent.

His lawyer said the 23-year-old hacker would contest the charges but added he would not be released until Monday because there was not enough time to post bail after Friday’s afternoon ruling in Las Vegas.

Hutchins has broad support in the information-security community.

WATCH: Who is to blame for the massive ransomware attack? (24:45)

Lawyer Adrian Lobo said: “He is going to be released pending certain conditions that he has attached to the bond, and that he has to post a $30,000 cash bond – that’s coming from a variety of sources, he has tremendous community support, local and abroad and in the computer world.”

Support from MP

In a statement issued on Friday, British MP Peter Heaton-Jones expressed his concern at Hutchins’ arrest.

He says in his statement he had written to British Foreign Minister Alan Duncan seeking urgent assurance that Hutchins was receiving consular assistance and would get independent legal representation.

“I will continue to monitor his case carefully and to seek the necessary assurances from the government that the UK is doing everything in its power to assist Marcus and his family at this very difficult time,” he said.

‘Fundraising campaign’

Activists and friends of Marcus have initiated a fundraising campaign for his legal support.

“This campaign is intended to fund MalwareTech’s legal fees, costs, and expenses,” wrote hacker Tara Wheeler on Lawpay. 

“These funds are to be spent solely on Marcus’ legal fees, costs, and expenses, or in the event it’s not all used up, donated to the Electronic Frontier Foundation,” she added. 

Nicholas Thompson, the editor of Wired Magazine, voiced doubts about the circumstances of Hutchins’ arrest.

“Three months ago, Marcus Hutchins was a hacking hero. Now he’s arrested and something seems fishy,” he wrote on Twitter

READ MORE: Ransomware attack causes disruptions across globe

‘Kronos trojan’

US prosecutors say Hutchins created the malware known as Kronos – marketed as a way to steal logins for banking websites – and sold it for $2,000 back in 2015. 

If downloaded from email attachments, Kronos left victims’ systems vulnerable to theft of banking and credit card credentials, which could have been used to siphon money from bank accounts.

Hutchins’ lawyer says he denies all charges and many cybersecurity experts say arresting him could backfire.

It creates a disincentive for anybody in the information security industry to cooperate with the government

by Tor Ekeland, Cybersecurity lawyer

“They are essentially saying ‘don’t cooperate with us, because if you do, you are going to attract our attention and we’ll, potentially, going to throw you in jail.’ I just don’t understand why they are doing this,” said Tor Ekeland, the managing partner of Tor Ekeland PC.

READ MORE: Global cyberattack alert as experts warn of more havoc

The so-called WannaCry ransomware attack had infected about 200,000 computer systems in 150 countries, with Russia, Ukraine and Taiwan being the top targets.

Hutchins came up with a way of stopping the ransomware when he accidentally discovered a “kill switch”.

According to a US official, the allegations are unrelated to the WannaCry attack he was credited with halting.

The hacker might face decades in prison in the United States if he is found guilty.

Source: Al Jazeera, News Agencies