When he was only 22, Marcus Hutchins became famous by single-handedly stopping the spread of WannaCry, a ransomware attack that hit hundreds of thousands of computers worldwide and effectively shutdown over a dozen British hospitals. But within months of Hutchins stopping it, he was in police custody. Its extraordinary history is the subject of a long innovation in Wiredand it’s absolutely worth reading.
Hutchins was arrested for his youth work on code that would eventually be used in banking Trojan software. But it had been so long that when he was finally interviewed by officials, he initially thought they just wanted to know about his work on WannaCry.
Over the next few minutes, the agents gave a friendly tone and asked Hutchins about his education and Kryptos Logic, the security company he worked for. For these minutes, Hutchins allowed himself to believe that the agents might just want to know more about his work on WannaCry, that this was just a particularly aggressive way to get his work together to investigate this earth-shattering cyberattack. Then, 11 minutes after the interview, his interrogators asked him about a program called Kronos.
“Kronos,” said Hutchins. “I know that name.” And it began to dawn on him with a kind of numbness that he didn’t go home after all.
Hutchins had never intended to produce bank malware, but after spending years of his life on various hacking forums, he tried to compete with the hackers with whom he made contacts. He was talented and almost started learning and doing malware out of boredom. Then he started working freelance for other forum members and everything escalated.
Hutchins developed a reputation as a talented malware ghostwriter. Then, when he was 16, he was approached by a more serious client, a character the teenager would meet under the pseudonym Vinny.
Although Hutchins claims that you can be a good cybersecurity researcher with no criminal history, it’s interesting to see how many of his skills appear to have come from writing malware. It is a fascinating story and you can and should read it again Wired.