Marcus Hutchins, also known as MalwareTech, was shockingly arrested at the airport after Def Con.
Monday, the well-known security researcher who became famous after helping to stop the destructive WannaCry ransomware outbreak pleaded "not guilty" to creating software that would later become banking malware.
Marcus Hutchins—better known by his online nickname MalwareTech—was arrested in early August in Las Vegas after the hacking conference Def Con. The US government accuses Hutchins of writing software in 2014 that would later become the banking malware Kronos. After getting out on bail and traveling to Milwaukee, he stood in front a judge on Monday for his arraignment. Prosecutors also allege he helped a still unknown co-defendant market and sell Kronos.
Hutchins's lawyer Brian Klein declared in a packed courtroom in Milwaukee that Hutchins was "not guilty" of six charges related to the alleged creation and distribution of malware. Hutchins will be allowed to travel to Los Angeles, where he will live while he awaits trial. He will also be represented by Marcia Hofman, formerly of the Electronic Frontier Foundation. Under the terms of his release, which were renegotiated by his lawyers and the prosecutors, Hutchins will be tracked by GPS but will be allowed full internet access so he can continue to work as a security researcher; the only restriction is he will no longer be allowed to access the "sinkhole" he used to stop the outbreak of the WannaCry ransomware.
"Marcus Hutchins is a brilliant young man and hero," Hofman told reporters outside the court room after the hearing. "He is going to vigorously defend himself against these charges and when the evidence comes to light we are confident he will be fully vindicated."
Assistant U.S. Attorney Michael Chmelar described Hutchins' alleged crimes as "historic," in an apparent admission that Hutchins does not represent a threat anymore. He also said they have recordings of Hutchins interviews with FBI agents. On August 4, in a hearing in Las Vegas, the prosecution said that Hutchins had admitted "that he was the author of the code that became the Kronos malware" when he spoke to FBI agents.
Hutchins is a well-known British security researcher who works for the Los Angeles-based Kryptos Logic. He became famous in May when he almost unwittingly activated the killswitch for WannaCry, a disruptive ransomware outbreak that was hitting thousands of computers all over the world. Hours after the beginning of the outbreak, Hutchins registered a domain that was coded into the malware. That domain was designed to be a sort of killswitch: if the malware could connect to it, it would stop working. And so it did.
That's how Hutchins stopped the outbreak and became an overnight celebrity. British tabloids chased his friends down and eventually found out his house and his previously unknown real name.
In a shock to the hacking community, the FBI arrested him at Las Vegas's McCarren International Airport on August 2. The US Department of Justice unsealed an indictment that accuses him of six counts of hacking and wiretapping crimes.
Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at firstname.lastname@example.org, or email email@example.com
Uncertainty surrounds Hutchins case. Legal experts questioned the government's charges, arguing that it's unclear that simply writing software—and not actively participating in using it to hack anyone—is a crime at all. Moreover, as well-known security blogger Marcy Wheeler noted, why is a British researcher being indicted in the United States for a malware that apparently had no American victims?
For now, the trial is scheduled to start in October in Milwaukee.
A few hours after the hearing, Hutchins resurfaced online tweeting out a joke about his arrest.
This post has been updated with more details from the hearing.
Get six of our favorite Motherboard stories every day by signing up for our newsletter.