WannaCry Hero Says He Didn’t Hack People’s Bank Data

IHG Investigates Hack

Marcus Hutchins, a 23-year-old British cybersecurity researcher and employee of L.A.-based Kryptos Logic, was arrested earlier this month in Las Vegas for building and selling malicious code known as “Kronos,” which was used to hack into and steal banking credentials between July 2014 and 2015.

The Kronos malware was distributed as an email attachment. Once downloaded, it opened victims’ systems up to theft of sensitive banking and credit card data, enabling fraudsters to siphon money from bank accounts.

On Monday (Aug. 14), the U.K. cybersecurity researcher pleaded “not guilty” to the federal charges, Reuters reported.

This is a dramatic turn of events for the young hacker, who was briefly a hero after discovering the kill switch for the global ransomware attack “WannaCry” in May. The WannaCry hack infected hundreds of thousands of computers and crippled factories, hospitals, stores and schools in over 150 countries.

Hutchins, then just an anonymous U.K. hacker, was one of hundreds of computer experts who labored through the weekend to fight the virus. He noticed that the WannaCry code was linked to an unregistered web address and registered the domain, which stopped the worm from spreading further.

But now, the British cyber researcher — formerly credited with saving the United States and, to an extent, the world (yes, that was an actual quote from Hutchins’ boss, Salim Neino, CEO of Kryptos Logic) — may be indicted for cybercrime by the FBI.

“Marcus, with the program he runs at Kryptos Logic, not only saved the United States but also prevented further damage to the rest of the world,” Neino said in an interview with CBS. “Within a few moments, we were able to validate that there was indeed a kill switch. It was a very exciting moment.”

The hacker community doesn’t like the implications of Hutchins’ possible indictment. Relationships between cyber researchers (“ethical hackers”) and law enforcement are already tense, they say, and this cybercrime news can only make it worse.



Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.

Click to comment