Boing Boing Staging

After Defcon, the FBI arrested the UK national who stopped Wannacry

Update: Here is the indictment. Hutchins is accused of making and selling a keylogger called the “Kronos banking trojan.”


Marcus Hutchins is the 23 year old security researcher behind the @MalwareTechBlog Twitter account; he’s the guy who figured out that the Wannacry worm had an accidental killswitch built in and then triggered it, stopping the ransomware epidemic in its tracks.

According to a US Marshals spokesman, Hutchins was arrested by the FBI shortly after the Defcon/Blackhat conference in Las Vegas, though no one has disclosed the charge. His friends cannot locate him.


I’ve just run a series of searches on the Defcon and Blackhat schedules and couldn’t find any presentations that Hutchins was on the program for, but that doesn’t mean he didn’t present there — many of the presenters are on side-tracks whose schedules aren’t easy to search.

The friend told Motherboard they “tried to visit him as soon as the detention centre opened but he had already been transferred out.” Motherboard granted the source anonymity due to privacy concerns.

“I’ve spoken to the US Marshals again and they say they have no record of Marcus being in the system. At this point we’ve been trying to get in contact with Marcus for 18 hours and nobody knows where he’s been taken,” the person added. “We still don’t know why Marcus has been arrested and now we have no idea where in the US he’s been taken to and we’re extremely concerned for his welfare.”

A US Marshals spokesperson told Motherboard in an email, “my colleague in Las Vegas says this was an FBI arrest. Mr. Hutchins is not in U.S. Marshals custody.”


Researcher Who Stopped WannaCry Ransomware Detained in US After Def Con
[Joseph Cox/Motherboard]

Exit mobile version