While Crypto Insider does not generally focus on breaking news – we felt it was important to give exposure to MalwareTech, as well as to shed light on another case of aggressively expanding US regulation in and around the crypto space

Latest Developments

Here is a partial transcript of the most recent news on the indictment, published on August 4th, 11:54 PM UTC and detailing the results of MalwareTech’s initial hearing:

The hearing today was to determine whether or not Marcus would be detained as a result of the charges of the indictment. The judge agreed with me and said that he was going to be released pending certain conditions attached to the bond and that he has to post a $30,000 dollar cash bond. That’s coming from a variety of sources, he has tremendous community support, local and abroad, in the computer world… [The bail] could have happened [today], but unfortunately the clerk’s office closes at 4 PM. Adrian Lobo, MalwareTech Attorney

This means that Marcus is not going to get out of US custody until Monday, August 7th. Looks like the hero of WannaCry is spending the weekend in jail.

The background

The next hit on the now worldwide cyber-security sting operation by US agencies is Marcus Hutchins, a British national. He’s also known by his online handle as MalwareTech from MalwareTechBlog.

The actions of the US regulators on BTC-e and Vinnik and the ICO crackdown are possibly defensible – however, this unwarranted and sudden arrest is causing an uproar in the community – and prompts questions of people’s security on US soil when dealing in spaces like cryptocurrency.

To catch everyone up to speed, in May 2017, Marcus Hutchins became the “accidental hero” of the WannaCry saga when he discovered a backdoor which allowed him to activate a “killswitch” to the WannaCry ransomware. He effectively saved all infected computers from their unsolicited encryption and many lives in the process, considering the majority of the UK’s National Healthcare Service’s computers were incapacitated.

The story

On August 2nd, Marcus had finished attending the DEFCON convention in Las Vegas and had made his way to the airport. He was checked in and ready to board his flight back to the UK when he was suddenly detained.

A bold and coordinated move from the FBI shows the ever-growing reach of the US administration, especially when considering Marcus is a British national. His selfless and incisive actions coming out of WannaCry has left him highly favoured in the cybersecurity space, and the fallout from the arrest on the Twitter feed is evidence of this.

Screenshooted at 01h30 UTC

The key charge on Marcus’ arrest:

[REDACTED] and MARCUS HUTCHINS, aka “MalwareTech” knowingly conspired and agreed with each other to commit an offense against the United States, namely, to knowingly cause the transmission of a program, information, code, and command and as a result of such conduct, intentionally cause damage without authorization, to 10 or more protected computers during a 1-year period, in violation of Title 18, United States Code, Sections 1030(a)(5)(A), (c)(4)(B)(i) and (c)(4)(A)(i)(VI). US Indictment of Marcus Hutchins of MalwareTechBlog and redacted co-conspirator



Select terms of the indictment charge Marcus with:

Creating the Kronos malware (banking trojan) Advertising, selling and profiting from the Kronos malware Being complicit in the sale of the Kronos malware on AlphaBay for “digital currency”

Questionable activity surrounding the arrest

Big questions are raised when we notice that the sealed indictment calling for Hutchins’ arrest was issued on July 11th. This is suspect on two points:

Marcus Hutchins had been in the US for over 12 days (Jul 21-Aug 2) by the time of his arrest.

All the while the sealed indictment was not put into effect. The arrest was made after his various appearances at DEFCON and around Las Vegas.

It’s clear this was a very deliberate decision from the Feds – maybe they thought it wouldn’t be a good idea to have a bunch of angry hackers and programmers gathered up in a large room with enough computing power to shut down the Pentagon ten times over. Without hyperbole – it’s clear there are some underhanded elements of cunning in the nature and timing of the arrest from the federal arm of the US.



MalwareTech’s arrival in Las Vegas timestamped at July 21st on his Twitter feed

The date of the indictment was around the proximate time of the AlphaBay sting operation.

Either the US cybersecurity branch managed to decipher some kind of information that links MalwareTech to the charges being issued – or just as likely, this is a “flash arrest” to send a message on the US regulatory crack down of cyberspace activities.

Regardless, I’m not going to entertain the discussion surrounding MalwareTech’s guilt or innocence in creating and/or distributing the Kronos banking virus – even in the two short days after his arrest this topic has been beaten like a dead horse without cause. Everything to go by thus far has been blatant speculation and discussion revolving around a single tweet:

MalwareTech asking for a sample of the Kronos trojan in 2014

Whatever anyone wants to speculate, this is not damning evidence one way or another. It could be a low-effort attempt at an alibi, or it could be a genuine interest in learning more about some malicious code from an enthusiastic whitehat – no one knows.

The main thing to understand is this –

The public is reminded that an indictment contains only charges and is not evidence of guilt. The defendant is presumed innocent and is entitled to a fair trial at which the government has the burden of proving guilt beyond a reasonable doubt. Department of Justice release

Abuse and mistreatment

With this in mind, what is damning is the abusive treatment of Marcus Hutchins while under custody of the US administration. Public media shows the way MalwareTech has been treated is not indicative of someone who is “presumed innocent”. See below a tweet from a close friend, Andrew Mabbit, who has played an ongoing role in clarifying the situation, rallying the legal fees necessary to bail Marcus out, and exposing the injustices he’s faced so far:

Andrew Mabbit on Twitter

Look at points #5 and #6 specifically. Firstly, there is the unqualified detaining of a non-dangerous and non-US national who has not been proven guilty. This has been followed by no issuance of legal representation and a complete restriction from the outside world for over 48 hours. This all reeks of foul play. It’s a message that comes in loud-and-clear to the cryptocurrency community at large: you’re not on an even playing field while on US soil.

Outside of the indictment, one thing I can for certain is that it’s clear Marcus Hutchins did a good thing to a whole lot of people by shutting down WannaCry. It could be argued that if Marcus Hutchins had not become the “accidental hero” of WannaCry, he might not have been put in the limelight that led to this arrest. Well, you know what they say, no good deed goes unpunished.



To end on a whimsical note – there are possibilities that Marcus’ sixth sense was pre-empting this entirely unpredictable arrest

An additional irony is that his holiday activities while at Las Vegas, including going to a tourist gun range and driving fast cars were being used to restrict him from bail by the prosecution.

Hilarious!

Photo by James Walsh on Unsplash