Cyber expert seeks to suppress statements in malware case (Update)

May 16, 2018 by Ivan Moreno
Cyber expert seeks to suppress statements in malware case
This May 15, 2017, file photo shows British cybersecurity expert Marcus Hutchins during an interview in Ilfracombe, England. Hutchins, accused of creating and distributing malware designed to steal banking passwords, is headed to court Wednesday, May 16, 2018, in Milwaukee for a hearing on what evidence may be used in the case. Federal prosecutors in Milwaukee say Hutchins acknowledged in recorded jailhouse phone calls that code he wrote wound up in malware, and they want to introduce that evidence. (AP Photo/Frank Augstein, File)

A British cybersecurity expert credited with stopping the worldwide WannaCry computer virus was headed to court Wednesday for a hearing about statements prosecutors say he made in a recorded jailhouse phone call acknowledging that code he wrote wound up in malware.

A grand jury indictment accuses Marcus Hutchins of creating and distributing malware known as Kronos, designed to steal banking passwords. Hutchins, 23, has pleaded not guilty.

Federal prosecutors in Milwaukee want to introduce as evidence statements he made to an unidentified person hours after FBI agents detained him in Las Vegas before he boarded a flight home to England last year. The statements are included in a transcript filed in court Tuesday, on the eve of the hearing where Hutchins will ask for the phone conversation to be suppressed, along with a two-hour FBI interview.

Prosecutors have said Hutchins also made incriminating statements during the FBI interview. His attorneys have argued Hutchins didn't fully understand Miranda warnings because he's a foreigner and was also sleep-deprived after a week partying in Vegas.

Hutchins' arrest last August came as a shock because only four months earlier he was lauded as a cybercrime-fighting hero for finding a "kill switch" to slow the outbreak of the WannaCry virus, which crippled computers worldwide, encrypting files and making them inaccessible unless people paid a ransom ranging from $300 to $600.

Hutchins' attorney Brian Klein did not respond to an email Tuesday seeking comment. Assistant U.S. Attorney Michael Chmelar said he couldn't comment.

In the jailhouse call, which Hutchins was told was being recorded, he said he "used to write malware" years before.

According to the transcript, Hutchins said: "So I wrote code for a guy a while back who then incorporated it into a banking malware, so they have logs of that, and essentially they want to know my part of the banking operation or if I just sold the code onto some guy then they wanted me to, once then found I sold the code to someone, they wanted me to give them his name, and I don't actually know anything about him."

The indictment said the crimes happened between July 2014 and July 2015, but prosecutors have not offered any details about the number of victims. Prosecutors also said in recent court filings that Hutchins is suspected to have sold the Kronos software to someone in Wisconsin and that he "personally delivered" the software to someone in California.

Details of Hutchins' arrest and the crimes he's accused of committing have otherwise been sparse—and Hutchins' attorneys have repeatedly criticized prosecutors for it in court documents.

During the jailhouse call, Hutchins also said he repaid a debt of about $5,000 by giving someone logs that had the compiled binary of the code he created for the person who used it for banking malware. He said both happened when he was about 18.

"I knew it was always going to come back," Hutchins said on the call, adding that he didn't "think it would be so soon."

Robert Graham, a computer security expert not connected to the case, warned against concluding that Hutchins had done something wrong simply because his code wound up in malware.

"I'm not saying he didn't cross a legal line somewhere, but the quotes (in the filing) are still consistent with somebody who is a security researcher rather than a malware kingpin," Graham said in a text to The Associated Press.

In addition to computer fraud, the indictment lists five other charges, including attempting to intercept electronic communications and trying to access a computer without authorization. Hutchins faces decades in prison if convicted of all the charges. He has been barred from returning home and has been living in California, where he works as a cybersecurity consultant while awaiting trial.

Explore further: British cybersecurity expert faces key hearing in US case

Related Stories

British cybersecurity expert faces key hearing in US case

April 19, 2018

A British cybersecurity expert once heralded as a hero for stopping the WannaCry worldwide computer virus is due in a Milwaukee courtroom Thursday, where he will ask the judge to toss statements he made to the FBI after his ...

British cybersecurity expert pleads not guilty to US charges

August 14, 2017

A British cybersecurity researcher credited with helping curb a recent worldwide ransomware attack pleaded not guilty Monday to federal charges accusing him of creating malicious software to steal banking information three ...

UK cyber-researcher still held in Las Vegas in malware case

August 7, 2017

An official says a British cybersecurity researcher remains jailed in Nevada, a day before he's due to face charges in federal court in Milwaukee that he created and distributed malicious software designed to steal banking ...

Lawyer: British hacking suspect will be vindicated

August 14, 2017

A lawyer for a 23-year-old British computer security researcher accused of creating malware to attack the banking system on Monday called him a "hero" and predicted he would be "fully vindicated."

Recommended for you

Robots as tools and partners in rehabilitation

August 17, 2018

In future decades, the need for effective strategies for medical rehabilitation will increase significantly, because patients' rate of survival after diseases with severe functional deficits, such as a stroke, will increase. ...

Security gaps identified in internet protocol IPsec

August 15, 2018

In collaboration with colleagues from Opole University in Poland, researchers at Horst Görtz Institute for IT Security (HGI) at Ruhr-Universität Bochum (RUB) have demonstrated that the internet protocol IPsec is vulnerable ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.