A British security expert hailed as a hero after helping stop a global cyber attack ‘admitted’ creating software which steals bank details, US prosecutors have said.
Marcus Hutchins, of Ilfracombe, Devon, is alleged to have created and sold the Kronos malware between July 2014 and July 2015.
But the 23-year-old, who found a “kill-switch” that derailed the ‘WannaCry’ ransomware attack that crippled the NHS in May, plans to deny all six charges when he returns to court in Las Vegas on Tuesday.
Wearing a prison-issued yellow jumpsuit, with “detainee” stamped on the back, and bright orange Crocs shoes Hutchins appeared in court yesterday where a prosecutor said he had admitted creating the code in interview and ‘indicated’ he sold it on.
Dan Cowhig, prosecuting, also told the federal court he should not be released because he is a “danger to the public”.
But district judge Nancy Koppe ordered his release on a $30,000 (£23,000) bond due to his previous good character and historic nature of the allegations.
He is also subject to strict conditions meaning he is banned from accessing the internet, must be monitored by GPS, surrender his passport and only reside in Clark County, Nevada, and within the Eastern District of Wisconsin.
Hutchins and his unnamed co-defendant, who is still at large, were caught in a sting operation when undercover officers brought the code, Mr Cowhig added.
The prosecutor also referred to chat logs in which Hutchins complains about the money he received for the sale.
Speaking after the hearing, Hutchins’ lawyer Adrian Lobo said: “He fights the charges and we intend to fight the case.
“He has dedicated his life to researching malware, not trying to harm people. Use the internet for good is what he has done.”
The charges against Hutchins, also known as MalwareTech, and his co-defendant are unrelated to his work halting the WannaCry attack that hit more than 300,000 computers in 150 countries.
He is accused of creating the malware that can side-step anti-virus software and steal banking usernames and passwords and conspiring to sell it on internet forums for $2,000 (£1,522) in digital currency.
Janet Hutchins, the researcher’s mother, said it is “hugely unlikely” he is involved because he has dedicated “enormous amounts of time and even his free time” combating such software.
The FBI arrested Hutchins at McCarran International Airport where he was trying to fly back to Briton from the Def Con hacking conference, a friend said.
Hutchins, who works for Los Angeles-based computer security firm Kryptos Logic, was not released yesterday because the clerk’s office for the court closed before his defense team could post the bail.
Ms Lobo said Hutchins was “doing well, considering what’s gone on,” adding it was “unexpected in his mind to ever be in this situation.”
News of Hutchins’ arrest on Wednesday shocked other researchers, many of whom rallied to his defense and said they did not believe he had ever engaged in cyber crime.