San Francisco (AFP) - A British computer security researcher hailed as a hero for thwarting the "WannaCry" ransomware onslaught was in US custody on Thursday after being indicted on charges of creating malware to attack banks.
Marcus Hutchins, known by the alias "Malwaretech," was charged in an indictment dated July 12 and unsealed this week by federal authorities in Wisconsin.
The US Justice Department said in a statement Hutchins was arrested Wednesday in Las Vegas, where a major Def Con hacker security conference took place over the weekend.
Twitter postings from other security researchers said he was detained as he prepared to fly back to Britain.
Hutchins faces criminal charges including conspiracy to commit computer fraud, according to the US Department of Justice.
The indictment accuses Hutchins and another individual of making and distributing Kronos "banking Trojan," a reference to malicious software designed to steal user names and passwords used at online banking sites.
Since it was created, Kronos has been configured to work on banking systems in Britain, Canada, Germany, Poland, France, and other countries, according to the DOJ.
The indictment set the time of the activity by Hutchins as being from July 2014 to July of the following year.
- 'Dark markets' -
Hutchins was part of a conspiracy to distribute the hacking tool on so-called dark markets, according to the indictment signed last month by US Attorney Gregory Haanstad.
Kronos was evidently first made available through certain internet forums in early 2014, and was marketed and distributed through a hidden online AlphaBay marketplace, according to US prosecutors.
AlphaBay was shut down by US and European police in a crackdown on two huge "dark web" marketplaces that allowed the anonymous online trade of drugs, hacking software and guns.
The timing of the indictment of Hutchins raises questions as to whether insights mined from the AlphaBay probe lead to his arrest.
Underground websites AlphaBay and Hansa Market had tens of thousands of sellers of deadly drugs like fentanyl and other illicit goods serving more than 200,000 customers worldwide.
AlphaBay, the largest dark web market, had been run out of Thailand, and filled a gap left behind by the notorious Silk Road online market, shut down by authorities in 2013.
Officials at the time said shutting down the two markets and the arrests of administrators enabled them to collect extensive intelligence on buyers and sellers, including criminal gangs. Their names were being distributed to law enforcement in 37 countries.
- From hero to accused -
Lawyers at the San Francisco-based online rights group Electronic Frontier Foundation said they were looking to contact Hutchins.
"The EFF is deeply concerned about the arrest of Marcus Hutchins, a security researcher known for shutting down the WannaCry ransomware. We are looking into the matter, and are reaching out to Hutchins," a statement from the group said.
A spokesperson for the British Embassy in Washington said only that they "are in touch with local authorities in Las Vegas following reports of a British man being arrested."
Hutchins was hailed as a hero in May for finding and triggering a "kill switch" for a WannaCry ransomware attack that was spreading wildly around the world, locking away data on computers and demanding money for its release.
Andrew Mabbitt, another security researcher who was with Hutchins in Las Vegas, said he did not believe the allegations.
"He spent his career stopping malware, not writing it," Mabbitt said on Twitter.