A young English cybersecurity researcher globally recognized in May for stopping a worldwide cyberattack appeared Friday in federal court for the second time since his Wednesday arrest in Las Vegas — this time with a newly hired lawyer.
The researcher, Marcus Hutchins, also known as MalwareTech, was arrested in connection with the Kronos banking Trojan, which compromised banking systems in countries including Canada, Germany, Poland, France and the United Kingdom between 2014 and 2015, according to his indictment.
In court Friday, prosecutors argued Hutchins created and sold the malware. His defense attorney, Adrian Lobo, disputed his involvement. “He pled not guilty, which was the purpose of yesterday’s hearing, and so today was all about whether or not he would be detained or released pending the next court date,” said Lobo.
The indictment came at the close of a two-year federal investigation. During the short court hearing, prosecutors described Hutchins — who stood before U.S. Magistrate Nancy Koppe wearing yellow jail garb and orange Crocs — as a “flight risk” and a “danger” to the community.
“If he is a risk of non-appearance and a danger to the community, this court is unsure why it took two years to indict him,” Koppe said.
The judge ultimately ruled Hutchins could be released on $30,000 bond before his upcoming trial in Wisconsin, where the federal investigation was based. He must surrender his passports, remain under house arrest, use only his real name and not use the internet, according to the conditions of his release.
Internet [accidental] superhero rocking the @NorthSec_io badge. #BHUSApic.twitter.com/22XXr0YUCo
— NorthSec (@NorthSec_io) July 27, 2017
Although it was ruled that he would be released, Hutchins remains in custody until Monday. “It could have happened today but unfortunately the clerk's office closes at 4:00 p.m,” said Lobos.
The indictment includes one other unnamed defendant. Both Hutchins and the unnamed defendant face one count of conspiracy to commit computer fraud and abuse, three counts of distributing and advertising an electronic communication interception device, one count of endeavoring to intercept electronic communications and one count of attempting to access a computer without authorization.
“If he is a risk of non-appearance and a danger to the community, this court is unsure why it took two years to indict him.”
Hutchins was vacationing in Las Vegas during the hacking convention DEF CON when he was taken into custody. He and seven friends indulged in a pricey Airbnb mansion and rented supercars, although his friend Andrew Mabbitt says Hutchins wasn’t paying for it.
Las Vegas FBI spokeswoman Sandra Breault declined Friday to elaborate on the circumstances of his arrest.
“He was completely shocked, this isn’t something he anticipated. He came here for a work related conference, and he was fully anticipating to go back home and had no reason to be fearful about coming and going to the United States,” said Lobos.
When word spread that Hutchins was in federal custody, several members of the cybersecurity community took to social media to rally around him.
Mabbitt posted on Twitter that he'd be “crowdfunding legal fees soon.”
In May, Hutchins was globally recognized after finding a kill switch that helped stop the WannaCry ransomware attack, which affected hospital networks and government agencies in more than 150 countries, according to a previous U.S. government alert.
He is slated to appear in federal court in Milwaukee early Tuesday.
Members of the cybersecurity community have expressed concern that the arrest represents a hostile attitude toward researchers who play around with malware in order to understand and fight it. Multiple attorneys have pointed out what they say are flaws in the indictment.
