A British computer expert who helped shut down the WannaCry cyber attack that crippled the NHS has been arrested in the US for his alleged role in an unrelated malware attack.
Marcus Hutchins, also known as MalwareTech on social media, found a hidden ‘kill switch’ in the WannaCry ransomware virus that hit more than 300,000 computers in 150 countries.
But the US Department of Justice (DOJ) said he has now been detained on six charges concerning the spread of a different form of malware.
“Marcus Hutchins … was arrested in the United States on August 2, 2017, in Las Vegas, Nevada, after a grand jury in the Eastern District of Wisconsin returned a six-count indictment against Hutchins for his role in creating and distributing the Kronos banking Trojan,” DOJ spokesperson Wyn Hornbuckle said in a statement to The Independent.
The Kronos malware was used to steal banking passwords from infected computers, allowing hackers to take money with ease. The malware is spread via infected email attachments.
Mr Hutchins is accused of creating, selling, and maintaining the malware, in collaboration with an unnamed codefendant, between July 2014 and July 2015.
Gadgets and tech news in pictures
The 22-year-old was detained by the FBI after a trip to the Def Con hacking conference in Las Vegas, where he reportedly bragged to The Outline about staying in local real estate mogul’s mansion and renting high-end cars.
The UK’s National Crime Agency confirmed on Thursday that a British citizen was being held in the US.
“We are aware a UK national has been arrested but it’s a matter for the authorities in the US,” a spokesman said.
Andrew Mabbitt, a cyber security company founder who travelled to the conference with Mr Hutchins, says he does not believe the charges against him.
“He spent his career stopping malware, not writing it,” Mr Mabbitt tweeted on Thursday.
In an interview with the website MotherBoard, which first reported the story, friends described a frantic search for Mr Hutchins in the hours after his arrest. They claimed he had been detained at the Henderson Detention Centre in Nevada, and later moved to an undisclosed location.
The detention centre told The Independent they only keep records of current detentions.
“At this point we’ve been trying to get in contact with Marcus for 18 hours and nobody knows where he’s been taken,” one friend told MotherBoard.
He added: “We still don’t know why Marcus has been arrested and now we have no idea where in the US he’s been taken to and we’re extremely concerned for his welfare.”
The indictment alleges Mr Hutchins created the malware and attempted to sell it for $3,000. He is also accused of advertising the malware through videos and market forums.
Mr Hutchins became an unexpected celebrity after he caused major delays to the international ransomware attack that affected the NHS, as well as other targets around the world.
He first wrote about finding the Wannacry “kill switch” on his anonymous blog, using the name MawareTech.
When his identiy was revealed, however, the low-profile computer security worker was flooded by interview requests, and even had reporters stake out his house.
“I knew 5 minutes of fame would be horrible but honestly i misjudge just how horrible,” he tweeted in May.