In an interesting development last week, the British cybersecurity researcher Marcus Hutchins, who had neutralized the global “WannaCry” ransomware attack in 2017, has been charged with and pleaded guilty to writing malware. These charges were made in the US, and he has pleaded guilty to two of the ten charges. The US government has agreed to dismiss the remaining counts at the time of the sentencing, in exchange for this guilty plea.
This report was filed at the U.S. District Court in the eastern district of Wisconsin. His fame as a cybersecurity savior, known online as MalwareTech, reached heights after he helped defang the global “WannaCry” ransomware attack in May 2017, which infected hundreds of thousands of computers, globally. The malware had caused disruptions at factories, companies as well as non-corporate users like hospitals, shops, and schools in more than 150 countries. At the time, he said that combatting malware was “the right thing to do.”
In an episode reminiscent of a cinematic melodrama, Hutchins was arrested in Las Vegas in August 2017, just as he was to board a flight to England. It was on unrelated charges of having built and sold malicious code. He admitted to creating software designed to damage or gain unauthorized access to a computer system, in this case, targeted at stealing banking credentials.
According to U.S. prosecutors, he and a co-defendant advertised and distributed malware code known as “Kronos” between July 2014 and 2015. They had made big profits off it as well, they said.
“I regret these actions and accept full responsibility for my mistakes. Having grown up, I have since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks,” Hutchins has been quoted as saying.
According to the legal prosecutors, Hutchins had sold the Kronos software to someone in Wisconsin. The malware, that was designed “to intercept communications and collect personal information, including usernames, passwords, email addresses, and financial data” from computers, was then sold to a buyer in California.
According to AP, Hutchins’ sentence could be up to a decade in prison, but since he has accepted responsibility, there are chances that he could receive a more lenient sentence. He is also aware and so is his attorneys, that he could also face deportation due to these accusations.
Through the last few years, as the world has rapidly moved to be digital and cybersecurity has become a key issue for both companies as well as individuals. Precious data can be compromised, and even more valuable financial information could be at risk. Given that there is an infinite number of cybercriminals existing globally today, it is difficult to classify this is a real attack. As in the case of Hutchins, a security expert that can defang a major malware, can also be the father of another!
Of course, the most successful cybercriminals are the ones who are super-careful to never be caught. They do not even leave a clue to their presence when the crime is committed, which is easy in the cyber world. The only way a malware expert can be caught is when they are careless (highly unlikely), or if they WANT to be caught. Like all supervillains, it is an ego rush like no other.
Nevertheless, even if they consider themselves masterminds, it is more of an annoyance than super-villainy. After all, Gary McKinnon hacking into the NSA and costing the US $700,000 was an issue, but that is a small problem compared to the still-anonymous author of the SoBig.F Worm, which was responsible for $37.1 billion in damages around the globe.
In an increasingly technology-dependent world, hackers like the group calling themselves Anonymous, who started in 2003, are a nagging reminder of our rising vulnerability.
They got their name from the fact that anyone who posted on their forums without a proper username was credited as “Anonymous”. Over time, they went on to create really big issues – the hacking of Arab Spring uprisings and the Occupy Wall Street movements in 2011, shutting down Hunter Moore’s revenge porn site in 2012 and shut down Ferguson City Hall’s internet following the shooting of Michael Brown in 2014. Since then, their activity has grown, targeting everyone from North Korea to child pornography sites.
The biggest danger with anonymous is, that all participants are legitimate by definition these and many other groups, some legitimate and some not, are on the mammoth wed, lurking to strike.
Some of what they do could help the online world stay secure, given their intimate knowledge of the net. However, they choose to go the destruction way and sometimes be caught- like Hutchins.