10 Things To Know About The Story Of Marcus Hutchins, The Hacker Who Stopped A Cyberattack And Was Arrested By The FBI
When he was 22, Marcus Hutchins of the U.K. was single-handedly putting a stop to the worst cyberattack the world had ever seen.
At the age of 22, most people are graduating from college and about to embark on a career journey.
Known as the WannaCry ransomware attack, a cryptoworm targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in Bitcoin.
In May 2017, Hutchins discovered a kill switch that prevented infected computers from spreading WannaCry further. The attack affected more than 200,000 computers in 150 countries, with total damages ranging from hundreds of millions to billions of dollars.
If it had not been stopped by Hutchins, much more would have been lost.
So was Hutchins is a cyber hero? Well, for a short time. Soon after this feat, he was arrested by the FBI while visiting the U.S. in August 2017. He was arrested on 10 hacking-related federal charges for creating and spreading Kronos banking malware in 2014 and 2015 when he was a teenager, the Seattle Times reported.
There’s a lot to the story of the now 24-year-old Hutchins, also known online as MalwareTech. Here are 10 things you should know.
The Kronos affair
Hutchins pleaded guilty to two of the 10 criminal charges against him. He pleaded guilty to conspiracy and to making, selling, or advertising illegal wiretapping devices — malware designed to steal online banking credentials. He was accused of creating the software in 2014, and selling it in 2015 via the AlphaBay forums, Wikipedia reported. Hutchins said he had been paid to work between 2011 and spring of 2015 as the main developer on the banking malware Kronos and its predecessor — malware tool UPAS Kit.
Blogging it all
Hutchins writes the popular blog MalwareTech. He goes by the name Malware and describes the blog as “Life of a Malware Analyst.”
What happens in Vegas doesn’t always stay in Vegas
Hutchins had come to Vegas reveling in his newfound fame as the person who stopped WannaCry. He had been invited to attend the famed hacker convention DEF CON. On his way back to the U.K. after the event, the British citizen was arrested by the FBI at McCarran International Airport in Las Vegas.
In a statement posted to his Twitter feed and to Malwaretech.com, Hutchins said, “I regret these actions and accept full responsibility for my mistakes. Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks.”
The two charges he pled guilty to each carried a maximum of up to five years in prison, up to a $250,000 fine, and up to one year of supervised release. During his federal trial, Judge J. P. Stadtmueller said Hutchins was a “talented” but “youthful offender.” Hutchins announced on Twitter he was “sentenced to time served,” AfroTech reported.
Who is Marcus Hutchins?
He is the oldest son of Janet, a Scottish nurse, and Desmond Hutchins, a Jamaican social worker. He has a younger brother. For a while, the family lived on a farm, his parents believing a rural life would be best for their two sons, Wired reported.
Hutchins always had a fascination with computers. He was just 6 years old when his attention was focused on his mother using Windows 95 on the family’s Dell tower desktop.
“His father was often annoyed to find him dismantling the family PC or filling it with strange programs,” Wired reported. Hutchins started to be curious about the mysterious HTML characters behind the websites he visited. He began coding rudimentary “Hello world” scripts in Basic.
As a young student, Hutchins would get bored in computer class as he was far ahead of his peers who were still learning to use word processors.
“The school’s computers prevented him from installing the games he wanted to play, like Counterstrike and Call of Duty, and they restricted the sites he could visit online,” Wired reported. Of course, Hutchins figured out a way to program around those constraints. Within Microsoft Word, he found a feature that let him write scripts in a language called Visual Basic. Using Visual Basic, he could run whatever code he desired as well as install unapproved software.
When he turned 13, Hutchins’ parents agreed to buy him his own computer — kind of. They bought him the components he requested, piece by piece, to build a computer himself.
Hutchins didn’t just surf the Web. He took up a sport called surf lifesaving, which is a kind of competitive lifeguarding, eventually winning a handful of medals at the national level, Wired reported.
Hutchins’ parents began to worry about his obsession with computers and the internet. His mother said she “feared how the darker fringes of the web — what she only half-jokingly calls the ‘internet boogeyman’ — might influence her son, who she saw as relatively sheltered in their rural English life,” Wired reported.
She tried to install parental controls on his computer but he figured out how to turn off the controls. She tried limit his online time by cutting off the router. Hutchins, of course, figured out how to turn it back on. And in turn, he booted his mother offline.
“After that, we had a long chat,” Janet said. They came to a truce. “We agreed that if he reinstated my internet access, I would monitor him in another way,” she said. “But in actual fact, there was no way of monitoring Marcus. Because he was way more clever than any of us were ever going to be.”
Listen to GHOGH with Jamarlin Martin | Episode 71: Jamarlin Martin Jamarlin Martin discusses how J. Edgar Hoover’s goal to water down and neutralize strong Black politics involved informants and agents trading money and status for the water-down.
Hutchins was around the age of 14 when he created his first piece of malware. It could steal passwords. Whose passwords did he imagine might be stolen with his invention? “I didn’t, really,” Hutchins told Wired. “I just thought, ‘This is a cool thing I’ve made.’”