WannaCry reverse-engineer Marcus Hutchins hit with fresh charges

Accused of creating UPAS Kit and lying to FBI

Marcus Hutchins

WannaCry ransomware killswitch hero* Marcus Hutchins faces fresh charges in relation to separate malware the security researcher is alleged to have created.

Hutchins, a British citizen, has been held in the US since August last year, after visiting the Black Hat and DEF CON security conferences in Las Vegas. He was collared at the airport on his way home, and has since been charged with multiple felony counts related to the 2014 development of the Kronos banking trojan. He denies any wrongdoing.

According to a new filing, submitted to the US district court in eastern Wisconsin, Hutchins is now also accused of creating a second piece of malware, known as UPAS Kit, and distributing it with the help of another individual.

The document states the UPAS Kit, created in 2012, was the name given "to a particular type of malware that was advertised as a 'modular HTTP bot' and "was marketed to 'install silently and not alert antivirus engines'."

It allowed for "the unauthorized exfiltration of information from protected computers" and used "a form grabber and web injects to intercept and collect personal information from a protected computer."

Two other new charges also relate to the alleged creation, sale, and distribution of the UPAS Kit.

He is also accused of lying to the FBI by "knowingly and wilfully" making a "materially false, fictitious and fraudulent statement" when he was arrested on 2 August, by stating "he did not know his computer code was part of Kronos until he reverse-engineered the malware some time in 2016."

The additional four charges in the superseding indictment amount to a total of 10 counts made against Hutchins.

In a statement on Twitter, his lawyer Brian Klein said:

We are disappointed the govt has filed this superseding indictment, which is meritless. It only serves to highlight the prosecution’s serious flaws. We expect @MalwareTechBlog to be vindicated and then he can return to keeping us all safe from malicious software.

Hutchins appealed for crowd funding help to fight the case. He tweeted:

Last month, Hutchins appeared during a hearing, in which he tried to throw out phone transcripts and legal documents used against him by US prosecutors. ®

* The WannaCry ransomware took down a large chunk of the UK's National Health Service in early 2017, among other orgs across the world. Hutchins discovered a "kill switch" in the code, and stopped its worldwide spread by registering a web domain specified in the reverse-engineered binary.




Biting the hand that feeds IT © 1998–2018