Marcus Hutchins, the cyber expert who helped top WannaCry was arrested while boarding a flight back from the Defcon Hacker Conference in Las Vegas. He was arrested and charged by the FBI for his alleged involvement in the creation and distribution of a banking malware named Kronos. Kronos is a banking malware that steals your banking credentials for fraud.
Also known as MalwareTech, Hutchins is a british-based security expert who works as a researcher for the security firm Kryptos Logic. He figured out a specific domain in the ransomware’s code and registered it, which effectively stopped the spread of WannaCry ransomware in May this year.
According to Wired, Kronos was designed to not only function as a keylogger, in which it would collect user credentials from web banking interfaces. But also to alter bank web pages in any major browser to add fields for additional information, like PIN codes. It would then transmit this information to a remote server. Kronos promised to bypass any of the ‘sandbox’ protections designed to isolate apps from interference. It could even protect the data it collected from being hijacked by other trojans on the same machine.
According to Motherboard, Hutchins was being held at the Henderson Detention Center in Nevada early on Thursday. A personal friend of Hutchins told the website that the cyber expert was moved to another facility a few hours later. "I've spoken to the US Marshals again and they say they have no record of Marcus being in the system. At this point we've been trying to get in contact with Marcus for 18 hours and nobody knows where he's been taken," the person added. "We still don't know why Marcus has been arrested and now we have no idea where in the US he's been taken to and we're extremely concerned for his welfare."
A spokesperson for the UK’s National Crime Agency stated that they were aware of a UK national being arrested. They also said it was matter for the authorities in the US. Another spokesperson from the UK's National Cyber Security Centre told Motherboard in an email of being aware of the situation and this is a law enforcement matter and it would be inappropriate to comment further. You can learn more about the WannaCry ransomware here.