On August 2, authorities arrested British cybersecurity researcher Marcus Hutchins, 22, at the Las Vegas airport. Hutchins, who works for the cybersecurity firm Kryptos Logic, was in Las Vegas attending the Black Hat and Defcon security conferences for the week.
The Department of Justice unsealed an indictment against Hutchins upon his arrest that alleges the security researcher was part of a conspiracy to create and distribute the Kronos banking Trojan, a widespread malware attack that security experts believe was created in early 2014 and distributed through the cryptocurrency marketplace AlphaBay, whose servers the DOJ seized just last month. For his alleged involvement in the Kronos scheme, the indictment charges Hutchins with “one count of conspiracy to commit computer fraud and abuse, three counts of distributing and advertising an electronic communication interception device, one count of endeavoring to intercept electronic communications, and one count of attempting to access a computer without authorization.”
Hutchins is hailed as somewhat of a hero in the cybersecurity community for his role in single-handedly crippling the worldwide WannaCry ransomware attack. Three months ago, he discovered a kill switch in the WannaCry code that immediately halted the spread of the bug. His arrest thus comes as a shock to members of the cybersecurity community, many of whom have taken to social media to voice their skepticism regarding the charges.