WannaCry ‘Hero’ Marcus Hutchins Pleads Not Guilty to Kronos Malware Hacking Charges
A lawyer for a 23-year-old British computer security researcher accused of creating malware to attack the banking system on Monday called him a “hero” and predicted he would be “fully vindicated.”
The lawyer’s remarks came after Marcus Hutchins – who three months ago found a “kill switch” to stem the spread of the devastating WannaCry ransomware outbreak – pleaded not guilty to US charges of creating and distributing malicious software.
Hutchins was arrested earlier this month in Las Vegas after attending the Def Con gathering of computer hackers.
The case stunned the computer security community and drew fire from critics who argued that researchers often work with computer code which can be deployed for malicious purposes.
“Marcus Hutchins is a brilliant young man and a hero,” said Marcia Hofmann, an attorney affiliated with the Electronic Frontier Foundation, a digital rights group, who represented Hutchins at the hearing.
“He is going to vigorously defend himself against these charges. And when the evidence comes to light, we are confident he will be fully vindicated.”
Hours after the hearing, Hutchins resumed activity on Twitter.
“I’m still on trial, still not allowed to go home, still on house arrest; but now i am allowed online,” he wrote.
He also joked about the experience with a sarcastic “to do” list from his US visit: “Things to do during defcon: Attend parties. Visit red rock canyon. Go shooting. Be indicted by the FBI. Rent supercars.”
A federal indictment accuses Hutchins and another individual of making and distributing the Kronos “banking Trojan,” a reference to malicious software designed to steal user names and passwords used at online banking sites.
The indictment set the time of the activity by Hutchins as being from July 2014 to July 2015.
A trial date was set for the case for October 23, according to participants at the hearing, who added that a federal magistrate agreed to allow Hutchins to reside in California while the case is pending.
Hutchins, who lives in Britain and remains free on $30,000 bail, works for a California-based computer security firm. A court official said his bail terms were modified allowing Hutchins to travel within the United States and to access the internet.
“We are very pleased that the court modified the terms (of bail) allowing him to return to his important work,” said Brian Klein, the second attorney for Hutchins.
His arrest has sparked criticism from some researchers who argue that the case could dissuade “white hat hackers” – those who find security flaws to help fix them – from cooperating with authorities.
Hutchins, known by the alias “Malwaretech,” was charged in an indictment that was dated July 12 and unsealed in early August by federal authorities in Wisconsin.
According to the indictment, Hutchins was part of a conspiracy to distribute the hacking tool on so-called dark markets.