Who Is Marcus Hutchins?: Security Researcher Community Worried?

Marcus Hutchins, the security researcher best known for his efforts to stop the spread of the WannaCry ransomware attack, was arrested Wednesday by law enforcement in the United States while attempting to return home to the United Kingdom.

Hutchins, a 23-year-old British national and security researcher employed by cybersecurity firm Kryptos Logic and known online by his Twitter handle MalwareTechBlog, was detained at the Las Vegas airport for his alleged role in creating and distributing a banking trojan called Kronos.

Read: Security Researcher Who Stopped WannaCry Ransomware Arrested In US

The arrest of the young researcher with a rising star shocked the tech community. Hutchins, along with a number of security researchers and experts from around the world, were in Las Vegas for the Black Hat information security conference.

Word of Hutchins’ arrest began spreading Thursday, when an indictment from the U.S. Department of Justice was made public. The document accused Hutchins of creating the Kronos trojan in July 2014 and updating the malicious software in or around February 2015. A second defendant, whose name is redacted in the document, is accused of selling the malware on dark web forums and marketplaces.

Rendition Infosec founder and president Jake Williams, known on Twitter by his handle MalwareJake, immediately raised questions as to the legitimacy of Hutchins’ arrest, noting that he had exchanged emails and direct messages with Hutchins around the time he allegedly created the Kronos trojan.

Williams also surfaced a tweet from Hutchins in which the researcher asked for a sample of Kronos to examine its code, suggesting that Hutchins didn’t have a hand in making it.

Read: WannaCry Ransomware Update: $143,000 Withdrawn From Ransom Wallets

A number of other security researchers vouched for Hutchins’ character and struggled to come to terms with the accusations levied against him. While Hutchins’ involvement in the Kronos trojan—be it as creator or just as a curious researcher, will play out in court, a number of members of the security community expressed concern for their work in the wake of the arrest.

“I hope whatever the Feds think @MalwareTechBlog did was worth burning their good-will in the white hat community,” a security researcher who goes by the handle ra6bit said. Those sentiments were echoed by security researcher Daniel Gallagher who warned the arrest of Hutchins “could severely impact trust in sharing intel.”

Hector Monsegur, a security researcher and the director of assessment services at Rhino Security Labs, told IBT that it's unfortunate how one's past can come back to haunt them, especially in Hutchins' case. "It is obvious that he moved away from his previous life and tried to do right in the community," he said.

Monsegur, who was once known online as Sabu, founded the hacking group LulzSec before becoming an FBI informant and serving as a white hat security researcher. "I'm all for former blackhats being able to turn over a new leaf, and starting their lives over," he said. Monsegur noted that he hoped Hutchins' history of doing good would help him in the long run.

Eva Galperin, the director of cybersecurity at the Electronic Frontier Foundation, said on Twitter the arrest of Hutchins “concerns us a lot.” A spokesperson for EFF told International Business Times it “is deeply concerned about the arrest of Marcus Hutchins and is “looking into the matter and attempting to help Mr. Hutchins obtain good legal counsel."

A poll posted on Twitter by security data scientist Russell Thomas asking security experts how the arrest of Hutchins affects their likelihood to cooperate with the federal government found a near even split among the more than 140 people to participate.

Thirty-three percent of respondents said the arrest of Hutchins will not change their relationship with federal authorities, while 30 percent said it made them less likely to collaborate or cooperate. Another 32 percent said they would never work with federal agencies in the first place, while five percent said the arrest would make the more likely to reach out to law enforcement.

While many security researchers expressed the possibility of a chilling effect between researchers and federal agencies in the wake of the arrest, those working at the intersection of cybersecurity and law were less moved by the incident.

Peter Swire, Professor of Law and Ethics at the Georgia Institute of Technology, told IBT Hutchins highly publicized role as the person who stopped the WannaCry outbreak—an attack that hit more than one million computer systems in 153 countries when it spread in May—doesn’t give him immunity for other, potentially nefarious actions.

“Being a hero for one crime does not create immunity if you commit other crimes,” Swire said. “The criminal courts are full of people who have helped the police some time, but went ahead and got caught for something else.”

Dr. Richard Forno, director of Graduate Cybersecurity Program at the University of Maryland, Baltimore County, offered a similar response, telling IBT bonafide white hat security researchers “have no business developing and then selling malware on dark web sites—let alone launching or managing a malware outbreak” as the indictment against Hutchins alleges.

“At the very least, other than the legality, such actions bring the person's professional ethics into question and can, as we're seeing today, backfire on them and certainly challenge one's status as a ‘white hat’ in the industry,” he said.

Forno did not foresee the arrest of Hutchins as an issue for security researchers, including those who regularly work to analyze malicious software and programs. He said researchers “will, and should” continue their work.

At the same time, he warned that law enforcement shouldn’t overstep their bounds and pursue those doing legitimate security research.

“Incidents like this should not be used by governments or industry to clamp down on cybersecurity research activities, since they provide a necessary value and public safety function for our modern world,” Forno said.