A British hacker credited with helping to stop the global WannaCry attack has been arrested by the FBI and indicted on several criminal counts, US officials have said.

Marcus Hutchins was charged with creating and distributing banking malware, according to court filings.

The case is unrelated to the WannaCry attack that struck the NHS in May, the US Justice Department said.

Hutchins was arrested at McCarran International Airport in Las Vegas after he tried to fly back from the Def Con hacking conference, according to a friend in the IT security industry.

The security website Motherboard, which first reported news of his arrest, said Hutchins was initially held at the Henderson Detention Centre in Nevada and then moved to another facility.


A UK Foreign and Commonwealth Office spokesman said: "We are in touch with local authorities in Las Vegas following reports of a British man being arrested."

Image: The message demanding payment seen on NHS computers in some parts of the country. Pic: HSJ

Court filings accuse Hutchins, known online as MalwareTech, of advertising, distributing and profiting from malware code known as Kronos that stole online banking credentials and credit card data.

Such malware infects web browsers, then captures usernames and passwords when an unsuspecting user visits a bank's website or another trusted location.

The suspected activity took place between July 2014 and July 2015, according to the court documents.

Attorney Tor Ekeland told The Associated Press that the facts in the indictment fail to show intent.

"This is a very, very problematic prosecution to my mind, and I think it's bizarre that the United States government has chosen to prosecute somebody who's arguably their hero in the WannaCry malware attack and potentially saved lives and thousands, hundreds of thousands, if not millions, of dollars over the sale of alleged malware," Mr Ekeland said.

"This is just bizarre, it creates a disincentive for anybody in the information security industry to cooperate with the government."

Hutchins' mother, Janet Hutchins, said she was "outraged" by the charges.

She described any involvement by her son in the alleged activity as "hugely unlikely", saying he has spent "enormous amounts of time and even his free time" fighting such attacks.

Mrs Hutchins said she has been "frantically calling America" trying to contact her son.

Hutchins, a 23-year-old from Ilfracombe, Devon, gained worldwide attention for detecting a "kill switch" that effectively disabled the WannaCry worm in May.

The attack crippled the NHS and infected hundreds of thousands of computers worldwide, causing disruption at car factories, hospitals, shops and schools in more than 150 countries.

Some in the cyber community expressed concern at the arrest.

Naomi Colvin, from civil liberties campaign group Courage, said: "In halting the spread of WannaCry before the US woke up, MalwareTech did the world an enormous service - and to American businesses in particular.

"The US treats hackers far worse than other countries do, with much longer prison sentences, a dearth of vital healthcare and rampant solitary confinement."

May: Cyberattack hero says lack of patch caused hack

Experts have connected the May ransomware attack to Lazarus, a group also linked to the 2014 Sony Pictures hack.

The software, called WannaCry or Wanna Decryptor, exploited a vulnerability in the Windows operating system.

It allowed the malware to automatically spread across networks, so it can quickly infect large numbers of machines at the same organisation.