Getty
Show Hide image

Marcus Hutchins: What we know so far about the arrest of the hero hacker

The 23-year old who stopped the WannaCry malware which attacked the NHS has been arrested in the US. 

In May, Marcus Hutchins - who goes by the online name Malware Tech - became a national hero after "accidentally" discovering a way to stop the WannaCry virus that had paralysed parts of the NHS.

Now, the 23-year-old darling of cyber security is facing charges of cyber crime following a bizarre turn of events that have left many baffled. So what do we know about his indictment?

Arrest

Hutchins, from Ilfracombe in Devon, was reportedly arrested by the FBI in Las Vegas on Wednesday before travelling back from cyber security conferences Black Hat and Def Con.

He is now due to appear in court in Las Vegas later today after being accused of involvement with a piece of malware used to access people's bank accounts.

"Marcus Hutchins... a citizen and resident of the United Kingdom, was arrested in the United States on 2 August, 2017, in Las Vegas, Nevada, after a grand jury in the Eastern District of Wisconsin returned a six-count indictment against Hutchins for his role in creating and distributing the Kronos banking Trojan," said the US Department of Justice.

"The charges against Hutchins, and for which he was arrested, relate to alleged conduct that occurred between in or around July 2014 and July 2015."

His court appearance comes after he was arraigned in Las Vegas yesterday. He made no statement beyond a series of one-word answers to basic questions from the judge, the Guardian reports. A public defender said Hutchins had no criminal history and had previously cooperated with federal authorities. 

The malware

Kronos, a so-called Trojan, is a kind of malware that disguises itself as legitimate software while harvesting unsuspecting victims' online banking login details and other financial data.

It emerged in July 2014 on a Russian underground forum, where it was advertised for $7,000 (£5,330), a relatively high figure at the time, according to the BBC.

Shortly after it made the news, a video demonstrating the malware was posted to YouTube allegedly by Hutchins' co-defendant, who has not been named. Hutchins later tweeted: "Anyone got a kronos sample."

His mum, Janet Hutchins, told the Press Association it is "hugely unlikely" he was involved because he spent "enormous amounts of time" fighting attacks.

Research?

Meanwhile Ryan Kalember, a security researcher from Proofpoint, told the Guardian that the actions of researchers investigating malware may sometimes look criminal.

“This could very easily be the FBI mistaking legitimate research activity with being in control of Kronos infrastructure," said Kalember. "Lots of researchers like to log in to crimeware tools and interfaces and play around.”

The indictment alleges that Hutchins created and sold Kronos on internet forums including the AlphaBay dark web market, which was shut down last month.

"Sometimes you have to at least pretend to be selling something interesting to get people to trust you,” added Kalember. “It’s not an uncommon thing for researchers to do and I don’t know if the FBI could tell the difference.”

It's a sentiment echoed by US cyber-attorney Tor Ekeland, who told Radio 4's Today Programme: "I can think of a number of examples of legitimate software that would potentially be a felony under this theory of prosecution."

Hutchins could face 40 years in jail if found guilty, Ekelend said, but he added that no victims had been named.

This article also appears on NS Tech, a new division of the New Statesman focusing on the intersection of technology and politics.

Oscar Williams is editor of the NewStatesman's sister site NSTech.

Photo: Getty
Show Hide image

The science and technology committee debacle shows how we're failing women in tech

It would be funny if it wasn’t so depressing.

Five days after Theresa May announced, in her first Prime Minister’s Questions after the summer recess, that she was "particularly keen to address the stereotype about women in engineering", an all-male parliamentary science and technology committee was announced. You would laugh if it wasn’t all so depressing.

It was only later, after a fierce backlash against the selection, that Conservative MP Vicky Ford was also appointed to the committee. I don’t need to say that having only one female voice represents more than an oversight: it’s simply unacceptable. And as if to rub salt into the wound, at the time of writing, Ford has still not been added to the committee list on parliament's website.

To the credit of Norman Lamb, the Liberal Democrat MP who was elected chair of the committee in July, he said that he didn't "see how we can proceed without women". "It sends out a dreadful message at a time when we need to convince far more girls to pursue Stem [Science, Technology, Engineering and Mathematics] subjects," he added. But as many people have pointed out already, it’s the parties who nominate members, and that’s partly why this scenario is worrying. The nominations are a representation of those who represent us.

Government policy has so far completely failed to tap into the huge pool of talented women we have in this country – and there are still not enough women in parliament overall.

Women cannot be considered an afterthought, and in the case of the science and technology committee they have quite clearly been treated as such. While Ford will be a loud and clear voice on the committee, one person alone can’t address the major failings of government policy in improving conditions for women in science and technology.

Study after study has shown why it is essential for the UK economy that women participate in the labour force. And in Stem, where there is undeniably a strong anti-female bias and yet a high demand for people with specialist skills, it is even more pressing.

According to data from the Women’s Engineering Society, 16 per cent of UK Stem undergraduates are female. That statistic illustrates two things. First, that there is clearly a huge problem that begins early in the lives of British women, and that this leads to woefully low female representation on Stem university courses. Secondly, unless our society dramatically changes the way it thinks about women and Stem, and thereby encourages girls to pursue these subjects and careers, we have no hope of addressing the massive shortage in graduates with technical skills.

It’s quite ironic that the Commons science and technology committee recently published a report stating that the digital skills gap was costing the UK economy £63bn a year in lost GDP.

Read more: Why does the science and technology committee have no women – and a climate sceptic?

Female representation in Stem industries wasn’t addressed at all in the government’s Brexit position paper on science, nor was it dealt with in any real depth in the digital strategy paper released in April. In fact, in the 16-page Brexit position paper, the words "women", "female" and "diversity" did not appear once. And now, with the appointment of the nearly all-male committee, it isn't hard to see why.

Many social issues still affect women, not only in Stem industries but in the workplace more broadly. From the difficulties facing mothers returning to work after having children, to the systemic pay inequality that women face across most sectors, it is clear that there is still a vast amount of work to be done by this government.

The committee does not represent the scientific community in the UK, and is fundamentally lacking in the diversity of thought and experience necessary to effectively scrutinise government policy. It leads you to wonder which century we’re living in. Quite simply, this represents a total failure of democracy.

Pip Wilson is a tech entrepreneur, angel investor and CEO of amicable