WannaCry reverse-engineer Marcus Hutchins hit with fresh charges

[steven36]

Accused of creating UPAS Kit and lying to FBI

 

 

WannaCry ransomware killswitch hero* Marcus Hutchins faces fresh charges in relation to separate malware the security researcher is alleged to have created.

 

Hutchins has been held in the US since August last year, after visiting the Black Hat and DEF CON security conferences in Las Vegas. He was collared at the airport and has since been charged with multiple felony counts related to the 2014 development of the Kronos banking trojan. He denies any wrongdoing.

 

According to a new filing, for the US District Court Eastern District of Wisconsin, Hutchins is now also accused of creating a second piece of malware, known as UPAS Kit, and distributing it with the help of another individual.

 

The document states the UPAS Kit, created in 2012, was the name given "to a particular type of malware that was advertised as a 'modular HTTP bot' and "was marketed to 'install silently and not alert antivirus engines'".

 

It allowed for "the unauthorized exfiltration of information from protected computers" and used "a form grabber and web injects to intercept and collect personal information from a protected computer".

Two other new charges also relate to the alleged creation, sale and distribution of the UPAS Kit.

 

He is also accused of lying to the FBI by "knowingly and wilfully" making a "materially false, fictitious and fraudulent statement" when he was arrested on 2 August, by stating "he did not know his computer code was part of Kronos until he reverse-engineered the malware some time in 2016".

 

The additional four charges in the superseding indictment amount to a total of 10 counts made against Hutchins.

 

In a statement on Twitter, his lawyer Brian Klein said:

Quote

"We are disappointed the govt has filed this superseding indictment, which is meritless. It only serves to highlight the prosecution’s serious flaws. We expect @MalwareTechBlog to be vindicated and then he can return to keeping us all safe from malicious software."

 

Hutchins appealed for crowd funding help to fight the case. He tweeted:

Quote

Spend months and $100k+ fighting this case, then they go and reset the clock by adding even more bullshit charges like "lying to the FBI".

We require more minerals.
— MalwareTech (@MalwareTechBlog) June 6, 2018

 

Last month Hutchins appeared in a hearing, in which he tried to throw out phone transcripts and legal documents used against him by US prosecutors.

 

* The WannaCry ransomware took down a large chunk of the UK's National Health Service in early 2017, amongst other orgs across the world. Hutchins discovered a "kill switch" in the code, and stopped its worldwide spread by registering a web domain specified in the reverse-engineered binary.

 

Source

[straycat19]

That's what hapens when you write malware and it gets out of hand to the extent that you want to stop it.  You then become a 'hero' which puts you and the code in the spotlight and your original crimes are revealed.  He may get out of it do to legal loopholes, but he is as guilty as a malware writer can possibly be.

[dMog]

 may end up working for the FBI??? or some other company specializing in security??

don't really know ..just putting it out there