Just three months ago, British cybersecurity analyst Marcus Hutchins was widely hailed as a hero for stopping the spread of a virulent ransomware attack known as WannaCry, which crippled systems across the globe, most notably the U.K.’s health service.
Hutchins was arrested by the FBI at Las Vegas’s McCarran International Airport Wednesday as he prepared to board a flight to the U.K., after spending a week in the city during the annual DefCon and Black Hat hacker conferences — though Hutchins didn’t actually attend the events.
The Kronos malware that Hutchins is accused of creating was sold on Russian hacking forums and was capable of stealing victims online backing details, PIN numbers, and credit card information.
The eight-page indictment, dated July 11 and unsealed Thursday, accuses the U.K. security researcher and another unnamed defendant of “creating and distributing the Kronos banking trojan.” Kronos was first discovered in July 2014 and was advertised on Russian hacking forums for as much as $7,000.
The indictment centers on a YouTube video allegedly posted Hutchins’ co-conspirator on July 13, 2014, to promote the malware’s features. The original video was removed, but security researcher Mikko Hypponen has published a new copy:
The same day the video was originally posted, Hutchins tweeted about Kronos:
The indictment accuses Hutchins and his conspirator of deliberately creating damage by distributing the malware rather than specifically profiting from its sale. The charges also mention that Kronos was advertised for sale on the AlphaBay dark web market, which was recently taken down as part of a coordinated operation by the FBI and other law enforcement agencies.
Hutchins will be arraigned Friday and has yet to indicate whether or not he will be pleading guilty to the charges. The Electronic Frontier Foundation said it was “deeply concerned” about Hutchins’ arrest.
Many in the cybersecurity world were shocked by Hutchins arrest and some suggested he was simply conducting research, which was misinterpreted as creating malware.