Months after stopping a global cyberattack, British security researcher Marcus Hutchins was arrested by the FBI for involvement in another malware crime.
Hutchins is most known for stopping the WannaCry ransomware attack back in May. The cyberattack hit 70,000 machines around the world — including the Russian Interior Ministry and British National Health Service. After a day, Hutchins discovered the kill switch and prevented more infections.
According to the Department of Justice, Hutchins was arrested for building the 2014 Kronos banking Trojan, selling it online and conspiring to use it maliciously. The Trojan stole credentials from banks all around the world.
If found guilty, Hutchins could face a maximum of 40 years in prison.
But experts say the charges against the security researcher are odd and unprecedented. Some speculate there might not be enough evidence to fully prove Hutchins conspired to commit computer fraud — even if he did actually create and sell the malware.
And that's another thing. Some people still aren't sure Hutchins created Kronos in the first place.
When Kronos came out, Hutchins asked for a sample of the malware on Twitter.
The New York Times reports Hutchins' involvement with Kronos is unclear, but it's possible the researcher could have been looking for vulnerabilities in the code — like he did with WannaCry.
With this in mind, many people in the cybersecurity community are criticizing the DOJ for its decision. They're arguing its actions will dissuade other researchers and experts from identifying threats and sharing information regarding cybersecurity.