US arraignment of British cybersecurity expert postponed (UPDATE)

Listen to this article

By KEN RITTER and IVAN MORENO
Associated Press

MILWAUKEE (AP) — The arraignment planned for Tuesday of a British cybersecurity researcher, who was arrested last week in Las Vegas on federal charges that he created and distributed a malware program to obtain banking passwords from unsuspecting computer users, has been postponed until next week.

The court date for Marcus Hutchins, 23, of Ilfracombe, England, was reset for Aug. 14 in U.S. District Court in Milwaukee, according to Elizabeth Makowski, a spokeswoman for the U.S. attorney’s office.

Hutchins was released on Monday from a jail outside Las Vegas, where he had been held following his arrest last week at McCarran International Airport on his way home from the Def Con computer security convention in Las Vegas.

Kayla Gieni, a prison spokeswoman, said on Tuesday that jailers at the Nevada Southern Detention Center outside Las Vegas no longer knew where Hutchins was. Makowski also did not know where Hutchins is now.

Kurt Opsahl, general counsel for the Electronic Frontier Foundation, said on Monday he was awaiting word that bail had been posted and that Hutchins had been released from federal custody. The foundation, a digital civil-liberties nonprofit group, was helping Hutchins obtain legal counsel.

Hutchins’ attorney in Las Vegas, Adrian Lobo, didn’t immediately respond to telephone and email messages from The Associated Press.

Hutchins is facing six federal charges dating to 2014, including conspiracy to commit computer fraud. He is accused of developing and distributing malicious software called Kronos designed to steal banking passwords.

Hutchins was credited with helping in May to curb the spread of WannaCry ransomware during an attack that crippled thousands of computers worldwide.

U.S. Magistrate Judge Nancy Koppe in Las Vegas on Friday set Hutchins’ bail at $30,000. The judge ruled that Hutchins was not a danger to the community and wasn’t a risk not to appear for future court proceedings.

But Koppe ordered Hutchins to surrender his passport and not use any device that has access to the internet. She restricted Hutchins’ travel to Nevada’s Clark County and, for court purposes, to Milwaukee. He was also ordered to stay at a halfway house until he secures a residence, where he would be subject to home detention and would have to wear an ankle-monitoring bracelet.

Hutchins did not enter a plea at Friday’s hearing. Other charges he faces are distributing and advertising a device used for intercepting electronic communications, attempting to intercept electronic communications and trying to access a computer without authorization. If he is convicted, he could face decades in federal prison.

The indictment filed last month in Milwaukee alleges that Hutchins and another defendant, whose name was blacked out, conspired between July 2014 and July 2015 to advertise, sell and profit from the Kronos banking Trojan malware.

Hutchins is accused of creating the malware and enabling cybertheft by spreading a program that can infect web browsers and capture usernames and passwords.

Hutchins has support in the information-security trade, where some call him a principled, ethical hacker.

His mother, Janet, said it was unlikely that her son was involved in illegalities because he spends much of his time combating malware attacks.

In May he was credited with discovering a so-called “kill switch” that slowed the unprecedented WannaCry outbreak, and with continuing for several days to fight the worm, which crippled British hospitals and factories, government agencies, banks and other businesses around the world.

Although Hutchins previously worked under the alias MalwareTech, cracking WannaCry led to the loss of his anonymity and propelled him to cyber stardom, public appearances and a $10,000 cash prize that he said he planned to give to charity.

He told The Associated Press at the time that he doubted he would ever return to being the “MalwareTech” that everyone knew.