Was British hacker facing 40 years in jail DUPED into giving malware virus to criminals posing as researchers? Techies fear Wannacry hero was 'set up' as he faces Las Vegas court

  • Marcus Hutchins, the hero who stopped WannaCry virus, held by FBI in USA 
  • 23-year-old, who lives with parents in Devon, will appear in a Nevada court today
  • He was grabbed in a first class airport lounge and stopped from flying to the UK
  • Hacking expert had been partying with friends at a Vegas hacking convention
  • Star IT expert rented a £5m mansion, a Lamborghini and went shooting guns  
  • Department of Justice has said he was arrested for working on 'banking Trojan' 
  • This year his actions saved hundreds of thousands of people from PC infection
  • Supporters claim he's been set up and arrested in US to avoid extradition case

A British hacker is set to appear in a Las Vegas court today accused of creating malicious software used to raid bank accounts - but family, friends and supporters claim it is a set up.

Marcus Hutchins, 23, was arrested by the FBI in a first class airport lounge and now faces a maximum of 40 years in jail if convicted.

He is the hero who saved the NHS after finding the 'kill switch' that paralysed the WannaCry 'ransomware' that hit more than 300,000 computers in 150 countries in May.

Hutchins is now charged with six counts of making a 'Trojan' program that captures computer users' passwords and personal information and was sold online for £1,500 - but many believe federal officers have the wrong man.

His mother Janet Hutchins said it was 'hugely unlikely' that her son was involved because he has spent 'enormous amounts of time' combating such attacks. 

Jake Williams, a respected US cybersecurity researcher, said they have worked on various projects, including training material, and the Briton always refused payment.

He said: 'He's a stand-up guy. I can't reconcile the charges with what I know about him. I don't doubt that some of his code found it's way into malware. He might have even helped criminals posing as researchers'.

Friend Andrew Mabbitt, a British digital security specialist who had been staying in a £5million rented Las Vegas mansion with Hutchins, said: 'I refuse to believe the charges. He spent his career stopping malware, not writing it'.  

Marcus Hutchins, 23, had been partying at a hackers' convention in Las Vegas when he was arrested by the FBI

Marcus Hutchins, 23, had been partying at a hackers' convention in Las Vegas when he was arrested by the FBI

During his time in the US Mr Hutchins Tweeted that he rented this bright orange Lamborghini worth £200,000

During his time in the US Mr Hutchins Tweeted that he rented this bright orange Lamborghini worth £200,000

He had also been ¿partying¿ before his arrest and staying at a £1,950-a-night mansion rented with seven friends with Vegas' largest private pool

He had also been 'partying' before his arrest and staying at a £1,950-a-night mansion rented with seven friends with Vegas' largest private pool

The 23-year-old filmed himself swimming in the largest private pool in Vegas
He also decided to fire machine guns at a Nevada range

The 23-year-old filmed himself swimming in the largest private pool in Vegas and also decided to fire machine guns at a Nevada range

Court documents accuse him of being responsible for creating the Kronos banking Trojan - but this tweet from the time shows he asks for a sample, with his friends questioning why he would do that when he was supposed to have created it

Court documents accuse him of being responsible for creating the Kronos banking Trojan - but this tweet from the time shows he asks for a sample, with his friends questioning why he would do that when he was supposed to have created it

Hutchins, 23, will appear in a Nevada court today and was held after a week partying at a hacking conference in Vegas where he took over a £5million mansion with the city's biggest private pool and rented a £200,000 Lamborghini Huracan to race around in.

The so-called malware, called Kronos, has reportedly been used to steal money from bank accounts in France and Hutchins is accused of writing the virus, known as malware, in 2014.

Britain's IT hero arrested for hacking in the US could face 40 years in American jail

Marcus Hutchins now faces months battling the American courts and could be jailed for 40 years if found guilty of taking part in a hacking conspiracy to steal bank details.

The Devon-born computer expert, who lives with his mum and dad, was held as he tried to leave the US on a first class Virgin Atlantic flight two days ago. 

Federal agents took him into custody and he appeared in the Las Vegas court on Thursday but the hearing was adjourned to be continued today.

An indictment was issued by a grand jury impanelled by the US Attorney in the Eastern District of Wisconsin, Gregory Haanstad. 

The federal prosecutor in Nevada is likely to ask federal judge Nancy Koppe to have Hutchins extradited to Milwaukee to be arraigned. 

He faces six hacking charges that each carry a six-and-a-half-year prison sentence meaning he could face decades in a US jail if convicted. 

Mr Hutchins is likely to have to pay a huge bail to be released and will not be able to leave America.

His friends and supporters say that he has been set up. 

They have found tweets where he asks for samples of the malware he is accused of creating.

Some have said that the way he killed off the WannaCry 'ransomware' that swept across the globe embarrassed America's own security services.

NSA security researchers initially developed the tool to hack into the computers of suspected terrorists and spies,  but it was taken on by criminals who then used it to take over computers and extort cash from victims if they wanted control back.

 

Advertisement

Court documents obtained by DailyMail.com show that a second defendant, not yet named by the FBI, is accused of selling it on dark web marketplace AlphaBay, which was shut down by the US government last month, and creating a YouTube video showing how it worked.

The six charges Mr Hutchins faces relate to an alleged conspiracy between July 2014 and July 2015.

It is not known why his co-defendant's name has been redacted in court documents - it could be because he has not been arrested or is helping the FBI with their investigation. 

Hutchins appeared in the Las Vegas court on Thursday but the hearing was adjourned and he will appear again at 3pm today. 

An indictment for his arrest was issued in Wisconsin on July 12 - around ten days before his arrest in Las Vegas.

Federal officers were able to see he entered the country by matching his name and date of birth with flight rosters and were waiting for him as arrived to fly home from Nevada.

Marcus' supporters including his mother say Mr Hutchins, who is known online by the name MalwareTech, is innocent and claim a tweet from July 2014 proves he could not have written the software.

Janety Hutchins added that she is 'outraged' by the charges and has been 'frantically calling America' trying to contact her son from Devon. 

Some are using the hashtag #freemalwaretech and say he was arrested in America to avoid extradition proceedings in the UK.

His work to end the WannaCry 'ransomware' crisis embarrassed America's own security services because they created it first but lost control and it was used by criminals to extort cash, friends say.

Andrew Mabbitt, a British digital security specialist who had been staying in Las Vegas with Hutchins, said he and his friends grew worried when they got 'radio silence' from Hutchins for hours. 

The worries deepened when Hutchins' mother called to tell him the young researcher hadn't made his flight home.

Mabbitt said he eventually found Hutchins' name on a detention center website. News of his indictment Thursday left colleagues scrambling to understand what happened.

He also says that they were staying together in the £5million mansion and Hutchins' did not have to pay. 

'We don't know the evidence the FBI has against him, however we do have some circumstantial evidence that he was involved in that community at the time,' said computer security expert Rob Graham. 

Before his arrest Mr Hutchins had been in Las Vegas for Def Con, one of the largest hacking conventions in the world.

He had been 'partying' before his arrest and staying at a £1,950-a-night mansion worth £5million having rented it with seven friends.

Court documents obtained by DailyMail.com show that an indictment was issued on July 12 - weeks before his arrest - and claims that he was involved in a conspiracy that saw Kronos Malware he allegedly created then sold for up to $3,000 a pop. The final documents shows he is due back in court today at 3pm Las Vegas time

Court documents obtained by DailyMail.com show that an indictment was issued on July 12 - weeks before his arrest - and claims that he was involved in a conspiracy that saw Kronos Malware he allegedly created then sold for up to $3,000 a pop. The final documents shows he is due back in court today at 3pm Las Vegas time

The Airbnb five minutes from 'The Strip' has the largest private pool in all of Las Vegas and Mr Hutchins used his iPhone 7 to film himself swimming around it.

According to the website 'it is the epitome of modern luxury real estate, offering all the amenities of a five-star luxury hotel with the privacy and security of a private estate.'

On the drive was Marcus rented bright orange Lamborghini Huracan LP610-4 Spyder, which cost at £200,000 to buy.

He posted a picture of the car online and wrote: 'Is there any tracks or anything in Vegas where we can drive this car properly without being arrested?'

According to The Outline he wasn't even planning to attend the the DEF CON hacking conference and instead partied at a nightclub where his wallet was stolen. 

Other delegates asked him to pose for pictures calling him the 'WannaCrySlayer' and he also tweeted about getting drunk and eating lobster.  

Describing one event he said: 'They pick you up in a bus and take you to an undisclosed location with activities and loads of free food trucks'.

And in another message about visiting the Grand Canyon he said: 'Apparently I can get a 5 person helicopter tour for $1600 and we get to land at the bottom of the canyon'. 

The 23-year-old also went to a shooting range and fired a range of weapons including a number of machine guns, which he filmed.

Marcus stayed on in Vegas for a few days after the conference but was then stopped by the FBI in Virgin's Upper Class lounger as he was about to board a flight back to the UK on Wednesday when he was arrested.

The IT star was grabbed by the FBI in a first class airport lounge and stopped from flying back to the UK where he lives with his parents in Devon (pictured)

The IT star was grabbed by the FBI in a first class airport lounge and stopped from flying back to the UK where he lives with his parents in Devon (pictured)

Marcus' trip was played out on Twitter where he lived and partied like a star before his arrest

Marcus' trip was played out on Twitter where he lived and partied like a star before his arrest

This police inmate information screen shows that Mr Hutchins was arrested at 4.42pm on August 2 and is in custody

This police inmate information screen shows that Mr Hutchins was arrested at 4.42pm on August 2 and is in custody

Hutchins discovered a 'kill-switch' for the virus after it paralysed thousands of NHS computers and claimed hundreds of thousands of victims around the world - including US courier service FedEx and German rail company Deutsche Bahn - in May. 

What is the Kronos virus Marcus Hutchins is accused of creating in his bedroom? 

Marcus Hutchins is accused of creating the malware known as the Kronos banking Trojan, according to the federal court indictment.

It infects web browsers, then captures usernames and passwords when an unsuspecting user visits a bank or other trusted location, enabling cybertheft.

Kronos first appeared for sale on a Russian cybercrime forum in 2014 for a $7,000. 

For that money you get the software and a developer to help you update and improve it. 

The malware appears on a victim's desktop as a harmless programme while grabbing sensitive details including usernames, passwords and other details from banking websites. 

Advertisement

According to tech website Motherboard, which broke the news of the arrest, an eight-page federal complaint was filed against Mr Hutchins on July 12 in a US District Court in Wisconsin.

It accuses him of being responsible for creating the Kronos banking Trojan, which was then sold online by an unnamed co-defendant.

The software is a malicious program that infects a computer if the user inadvertently clicks on an email attachment. 

It then sits on the computer to monitor for banking passwords and personal information, which it sends to the hackers. 

Mr Hutchins' mother Janet said she was trying to find out what had happened to her son. She said: 'I think I'm going to be rather busy tonight.'

Her son's supporters said on social media that his activities could have been 'white hat' hacking in which hackers expose security flaws for good ends.

Mr Hutchins' friend Andrew Mabbit said he was 'in the Las Vegas FBI field office' and appealed for lawyers to help him.

He said on Twitter that he refused to believe the charges. 'He spent his career stopping malware, not writing it,' said Mr Mabbit.

Hutchins was being held at the Henderson Detention Center after being arrested at Las Vagas's McCarran International Airport but has since been moved to another facility, a friend told Motherboard.

The friend, who also works in the cyber security industry, was attending the Def Con event in the Nevada city with Hutchins.

He said: 'He checked into his flight and I think he was sitting in the Virgin upper class lounge.

'He was escorted out of the airport and never made his flight.'    

The mansion he rented with friends is described as 'the epitome of modern luxury real estate'

The mansion he rented with friends is described as 'the epitome of modern luxury real estate'

The computer expert rented one of the most luxurious properties in Vegas, which has ten bedrooms like this

The computer expert rented one of the most luxurious properties in Vegas, which has ten bedrooms like this

The giant pool is in an acre of land the owner says is a 'south-of-France meets-Las Vegas getaway'

The giant pool is in an acre of land the owner says is a 'south-of-France meets-Las Vegas getaway'

Pictured: An example of a phishing email (with an attachment containing malware) used to transmit the Kronos banking Trojan

Pictured: An example of a phishing email (with an attachment containing malware) used to transmit the Kronos banking Trojan

The cyber community expressed their concern over his arrest with Naomi Colvin, from civil liberties campaign group Courage, praising him for his earlier work.

Pictured: Hacker hero Marcus Hutchins

Pictured: Hacker hero Marcus Hutchins

She said: 'In May this year, WannaCry malware closed hospitals in the UK, becoming the first ransomware attack to represent an actual threat to life.

'In halting the spread of WannaCry before the US woke up, MalwareTech did the world an enormous service - and to American businesses in particular.'

Ms Colvin said he had been detained for 24 hours before information was released about his arrest and said he has still not been allowed to contact his family or lawyers.

'The US treats hackers far worse than other countries do, with much longer prison sentences, a dearth of vital health care and rampant solitary confinement,' she said. 

The anonymous friend added: 'We still don't know why Marcus has been arrested and now we have no idea where in the US he's been taken to and we're extremely concerned for his welfare.'

The National Crime Agency confirmed Hutchins had been detained but said 'it is a matter for the authorities in the US'.

The Foreign Office said it is supporting Hutchins' family and is in contact with authorities in Las Vegas. 

Marcus Hutchins prevented more than 100,000 computers across the globe from being infected with the WannaCry virus (pictured) in May

Marcus Hutchins prevented more than 100,000 computers across the globe from being infected with the WannaCry virus (pictured) in May

Mr Hutchins was praised in May for stopping the WannaCry attack on the NHS. At its peak the virus attacked 47 health trusts, which were forced to delay operations and turn away patients.

It spread worldwide, affecting 300,000 computers in 150 countries. It froze screens, which the hackers then demanded up to £460 for users to get their unlocked data back.

Banks, government offices and power stations were also brought to their knees in what was described as the largest ransomware attack in history.

Mr Hutchins was arrested on the same day as more than £105,000 in digital currency Bitcoin paid by the victims of WannaCry was removed from the hackers' online wallets. 

It is not clear if there was any relationship between the withdrawal and Mr Hutchins' arrest.  

Hutchins, who works for Los Angeles-based firm Kryptos Logic, spent the weekend in May fighting off the ransomware attack - but stressed he is not a 'hero'. 

After his intervention he began working with the government's National Cyber Security Centre to prevent a new strain of the malicious software emerging.

The security worker spent £8 registering the domain name the virus tried to connect with when it infected a new computer and pointed it at a 'sinkhole server' in Los Angeles.

It caused the malicious software to enact an 'emergency stop', immediately halting its spread - but at first the cyber expert feared he had actually made the virus epidemic worse.

He said: 'Essentially they relied on a domain not being registered and by registering it, we stopped their malware spreading.' 

Speaking of the moment he stopped the virus, the anti-malware expert previously told MailOnline: 'It should have been really nice but someone had made a mistake and told me that our registering of the domain actually caused the infection.

'When I found out that it was actually the opposite it was more a relief.'

WannaCry: The cyber attack that crippled the world

What is ransomware? 

Ransomware is a type of malicious software that criminals use to attack computer systems.

Hackers often demand the victim to pay ransom money to access their files or remove harmful programs.

The aggressive attacks dupe users into clicking on a fake link – whether it's in an email or on a fake website, causing an infection to corrupt the computer.

In some instances, adverts for pornographic website will repeatedly appear on your screen, while in others, a pop-up will state that a piece of your data will be destroyed if you don't pay.

In the case of the NHS attack, the ransomware used was called Wanna Decryptor or 'WannaCry' Virus. 

 

What was the WannaCry virus?

The WannaCry virus targets Microsoft's widely used Windows operating system.

The virus encrypts certain files on the computer and then blackmails the user for money in exchange for the access to the files.

It leaves the user with only two files: Instructions on what to do next and the Wanna Decryptor program itself.

When opened the software tells users that their files have been encrypted and gives them a few days to pay up or their files will be deleted.

It can quickly spread through an entire network of computers in a business or hospital, encrypting files on every PC.

How to protect yourself from ransomware 

Thankfully, there are ways to avoid ransomware attacks, and Norton Antivirus has compiled a list of prevention methods:

1. Use reputable antivirus software and a firewall

2. Back up your computer often

3. Set up a popup blocker

4. Be cautious about clicking links inside emails or on suspicious websites

5. If you do receive a ransom note, disconnect from the Internet

6. Alert authorities

The comments below have not been moderated.

The views expressed in the contents above are those of our users and do not necessarily reflect the views of MailOnline.

We are no longer accepting comments on this article.