MILWAUKEE, Wis. (WLS) -- A computer expert who rode to the rescue of Britain's National Health Service during a crippling cyber-attack, has been indicted by a Wisconsin grand jury for allegedly unleashing another computer virus.
Marcus Hutchins, 22, was arrested by the FBI on Wednesday in Las Vegas and is being held there.
Hutchins was credited last June with shutting down the notorious Wanna Cry ransomware virus in the UK. He found a hidden 'kill switch' in the virus that hit more than 300,000 computers in 150 countries-and was hailed as a hero.
The UK native who is known as "Malwaretech" on the internet and lives with his parents, is now is charged with being on the wrong side of the law.
"Marcus Hutchins ... was arrested in the United States on August 2, 2017, in Las Vegas, Nevada, after a grand jury in the Eastern District of Wisconsin returned a six-count indictment against Hutchins for his role in creating and distributing the Kronos banking Trojan," said a spokesman for the U.S. Department of Justice on Thursday afternoon.
Hutchins was arrested by FBI agents while attending the Def Con hacking conference in Las Vegas where he was a celebrity attendee.
Hutchins is accused of developing, selling, and maintaining the malware, in collaboration with an unnamed codefendant, between July 2014 and July 2015. It is not certain why the case was charged out of southeastern Wisconsin, although law enforcement sources reported an FBI cybercrimes task force in Milwaukee had investigated the case. The indictment alleges Hutchins created the malware and attempted to sell it for $3,000. He is also accused of advertising the malware through videos and market forums.
The Kronos malware was used to steal banking passwords from infected computers, allowing hackers to take money with ease. Authorities say in June Hutchins' co-defendant posted a "how-to" instructional video on the "Dark Web," a portion of the internet that is intentionally hidden from search engines and frequently used for illegal drug advertising, child pornography and other criminal ventures. Authorities say the Kronos virus was then spread via infected email attachments.
The "AlphaBay" dark web site, one of the world's largest illicit marketplaces and where Kronos was sold, was recently shut down after an international law enforcement operation. Hutchins may have been uncovered during that investigation. When U.S. agents took down the service, they obtained electronic records that could have led to Kronos' creators. According to Justice Department officials, Kronos victims were located in the U.S., Canada, the UK and several European nations.
According to the indictment, Hutchins computer crimes occurred between July 2014 and July 2015. But prosecutors in Milwaukee on Thursday said Kronos presents "an ongoing threat to privacy and security."
They say "the Kronos banking Trojan was designed to harvest and transfer the username and password associated with banking websites as they are entered on an infected computer to a control panel hosted on another computer inaccessible to the victim."
Wisconsin grand jury indicts cyber attack savior
An ABC7 I-Team Investigation