Submitted by Micah Smith on Mon, 01/15/2018 - 12:17
@MalwareTech – #CyberHero or #CyberVillain?
@MalwareTech – #CyberHero or #CyberVillain?

It feels like since it happened, 'WannaCry' has been the only thing on everyone's lips, and for good reason.

The 'WannaCry' attack was huge, the ransomware virus hit more than 300,000 computers in over 150 countries. CBS news claim that the damage from these attacks could "swell into the billions", estimated at $4 billion by Cyence, the cyber risk modeling firm.

The costs include lost productivity, the cost of conducting investigations, restoration of data and of course, extortion and blackmail.

One area that has been completely overlooked in the ransomware crisis was the team that was responsible for bringing the 'WannaCry' attack to a standstill and when I say team, I actually mean one-man show.

Marcus Hutchin, known as @MalwareTech on Twitter, an active and respectable expert in both the cyber community and on social media, pretty much single-handedly saved the day.

How did Marcus stop the attack?

Marcus found a hole in the code where the malware was depending on one specific domain. If the link between the malware and the domain is broken then the software proceeds to infect the system.

Marcus found the domain and registered it, then created a sinkhole tactic to redirect all traffic to a controlled system.

A really great save which brought a crisis under control.  Followed shortly by his arrest in the airport on his way home to the U.K. by the F.B.I and ironically after his visit to Def Con, the hacking conference in Las Vegas, where legitimate cyber security experts meet.

What’s going on here?

In a somewhat shocking turn of events, Marcus Hutchins' superhero status has been cut incredibly short.

His arrest, due to his alleged involvement in developing and writing code for the Kronos banking Trojan between 2014-2015 may permanently flip his hero status to villain.

The Kronos malware was distributed via emails with an attachment containing the code, and was used to hijack banking passwords. The trojan, first found to be sold for $7,000 in a Russian underground forum, later was found responsible for a point-of-sale malware (ScanPOS) that was used for the same purpose.

Is he guilty?

Marcus has recently pleaded guilty, more than likely to be allowed out on a $30,000 bail, but there are significant question marks here.


  • Can Marcus be found guilty for writing code that was then used multiple times on different occasions?


  • A stronger question is once the code is sold for the first time, couldn’t it be sold numerous times to many different people?


  • How could Marcus be blamed for the other transactions?


  • Interestingly, Marcus sent a tweet a few years back asking for a copy of the Kronos software. Why would he ask for the code if he wrote it?

In a world of so many international cyber threats it would seem the U.S. government would need all the help they could get. It is interesting that they haven’t yet tried to cut a deal with Marcus, well not that we are aware of anyway.

The lines between a good hacker and a bad hacker do get very blurry now-a-days in the 21st century and skills can be used on both sides of the bit-coin.

Let us know your thoughts on @MalwareTech in the comments below.