Marcus Hutchins’ Twitter account suddenly went quiet a day ago when the FBI took him into custody in Las Vegas on Wednesday. The 23-year-old British citizen — who was praised earlier this year when he was credited with helping to control a global ransomware attack — was in town attending the Black Hat and DefCon cybersecurity conferences.
According to a court document and a statement from the U.S. Department of Justice, he’s accused of creating and distributing a malware program called Kronos. It’s designed to steal banking log in information and other financial data from infected computers.
The Justice Department statement said “following a two-year long investigation, a federal grand jury returned a six-count indictment against Marcus Hutchins, also known as “Malwaretech,” for his role in creating and distributing the Kronos banking Trojan.” The indictments were handed down in the Eastern District of Wisconsin.
The British researcher is charged with one count of conspiracy to commit computer fraud and abuse, three counts of distributing and advertising an electronic communication interception device, one count of endeavoring to intercept electronic communications, and one count of attempting to access a computer without authorization.
The alleged crime happened between July 2014 and July 2015.
But Hutchins is known as a hacker whose career has been dedicated to stopping cyber attacks, not committing them.
He grew famous in May when he was credited with finding a “kill switch” on a malware program called WannaCry that threatened over 150 countries. The program would infect computers, lock them up and demand ransom to restore the information. The U.K.’s National Health Service was among the victims. Hutchins is a self-described “accidental hero” and fellow researchers expressed shock and disbelief at the accusations.
Andrew Mabbit, founder of cyber firm Fidus Information Security, said on Twitter that he was trying to find Hutchins a lawyer and would soon be crowdfunding cash for his legal representation.
“I refuse to believe the charges against @MalwareTechBlog,” Mabbitt said, referring to Hutchins’ Twitter handle. “He spent his career stopping malware, not writing it.”
Mabbitt didn’t respond to a request for comment.
Another researcher Kevin Beaumont tweeted that the Department of Justice had made a “huge mistake.”
Beaumont tweeted that Hutchins’ business is to infiltrate malware like Kronos, monitor them and sell that data to law enforcement.