Marcus Hutchins, the security specialist who brought May’s WannaCry ransomware outbreak to a halt, pleaded not guilty in a US court on Friday to charges of writing and distributing the Kronos banking Trojan. He is expected to be released today after raising the $30,000 bail on Friday.
Hutchins will also need to travel to Wisconsin for a court appearance in front of a grand jury there. The FBI case against him was investigated from its offices in Wisconsin.
Prosecutors had opposed bail for Hutchins after he fired a gun at a gun range without a licence earlier in the week.
Under questioning following his arrest, but without a lawyer present, Hutchins reportedly admitted to writing the malware in question. However, malware is not typically built in its entirety from the ground-up and what parts of the malware, exactly, Hutchins is alleged to have been responsible for remains unclear, despite the publication of the indictment against him.
Old Internet Relay Chat (IRC) logs from around five years ago – when Hutchins would have been 18 – paint a picture of a black hat hacker dabbling in malware, although the links are far from conclusive.
After release on bail, expected later today, Hutchins will not be allowed to leave the US or to use the internet. He will also have to wear a GPS tag and, as a non-US national, won’t be allowed to work, and will therefore be reliant on family and charity to sustain himself.
The Kronos banking Trojan that Hutchins is accused of writing code for is similar to the Zeus banking malware, from which it borrows heavily. Indeed, in Greek mythology Kronos is the father of Zeus.
Access to Kronos for campaigns was sold for $7,000 a time, with the malware focused on stealing banking login credentials from compromised machines. The form-grabbing and HTML content injection element of Kronos was spread via phishing emails.
Kronos also offered modules for evading detection and analysis – and buyers were even given an option to trial it for a week first for $1,000.
IBM-owned Trusteer reported on the Kronos malware in August 2014, based on the seller’s description when it was offered for sale on ‘dark web’ forums – exactly the same time that Hutchins is alleged to have offered it for sale on ‘dark web’ forums.
Computing’s DevOps Summit returns on 19 September. Attendance is free to qualifying IT leaders and other senior IT professionals, but places will go fast, so secure yours now.
Save this article