Prosecutors Claim 'WannaCry Hero' Marcus Hutchins Admitted He Wrote Banking Malware

By Tom Pritchard on at

Here's an update in a story we haven't heard from since last August, regarding the accusations levelled at Marcus Hutchins, the security researcher who shot to fame after discovering a way to halt the spread of the WannaCry ransomware that affected systems all over the world last year. Hutchins himself was later arrested by the FBI while visiting the US, accused of writing the code for banking trojan Kronos, and later pleaded not-guilty after being released on bail.

The prosecution is still pursuing its case, and has apparently filed documents that claim Hutchins admitted to having written the code during a phone call he made in prison. Code that was allegedly used to create Kronos, which went on to harvest banking details. The recipient of the call hasn't been identified, but the documents include a transcript of what Hutchins allegedly said:

"So I wrote code for a guy a while back who then incorporated it into a banking malware, so they have logs of that, and essentially they want to know my part of the banking operation or if I just sold the code on to some guy... once they found I sold the code to someone, they wanted me to give them his name, and I don't actually know anything about him."

He's also alleged to have said that there are chat logs showing he has given software called "compiled binary" to someone "to repay a debt" of "about five grand". Supposedly the debt was accumulated as a result of a glitch that caused Hutchins to lose Bitcoin he had been holding onto for someone else. Of them both, the transcript allegedly says:

"I think the coding part I was less than 18, but I think giving him the binary I might have been older than 18.

I knew it was always going to come back, I just didn't think it would be so soon."

Meanwhile Hutchins' lawyers insist that he was actually coerced by prosecutors, which makes the phone call inadmissible as evidence. According to the defence he was sleep-deprived and intoxicated at the time of the call, also stating that Hutchins' status as a British citizen meant he was unaware of the American legal system and how his comments might affect his case. They've requested the transcript and post-arrest statements be dismissed.

In the past the prosecution has claimed Hutchins admitted he wrote the code, and hinted that he later sold it, during a police interview. The case also involves a second unnamed co-defendant, whom the prosecution alleges conspired with Hutchins to sell and advertise the Kronos on online forums. The FBI alleges that the defendant sold the software for $2,000 (£1,750) worth of cryptocurrency.

This case is still ongoing, and clearly will be for quite some time, so we'll bring you any more updates as and when they happen. [The Telegraph]