When he was just 22, Marcus Hutchins rose to fame by single-handedly stopping the spread of WannaCry, a ransomware attack that hit hundreds of thousands of computers worldwide and effectively shut down over a dozen UK hospitals. But within months of stopping it, Hutchins was in police custody. His extraordinary story is the subject of a lengthy new feature in Wired, and it’s absolutely worth a read in its entirety.
Hutchins was arrested because of his teenage work on code that would end up being used in banking trojan software. But so much time had passed, that when he was finally questioned by officers he initially thought they just wanted to learn about his work on WannaCry.
For the next few minutes, the agents struck a friendly tone, asking Hutchins about his education and Kryptos Logic, the security firm where he worked. For those minutes, Hutchins allowed himself to believe that perhaps the agents wanted only to learn more about his work on WannaCry, that this was just a particularly aggressive way to get his cooperation into their investigation of that world-shaking cyberattack. Then, 11 minutes into the interview, his interrogators asked him about a program called Kronos.
“Kronos,” Hutchins said. “I know that name.” And it began to dawn on him, with a sort of numbness, that he was not going home after all.
Hutchins had never intended to end up making banking malware, but after spending years of his life on various hacking forums he found himself trying to compete with the hackers he was socializing with. He was talented, and started studying and making malware almost out of boredom. Then, he started doing freelance work for other forum members, and everything escalated.
Hutchins began to develop a reputation as a talented malware ghostwriter. Then, when he was 16, he was approached by a more serious client, a figure that the teenager would come to know by the pseudonym Vinny.
Although Hutchins maintains that you can be a good cybersecurity researcher without a criminal past, it’s interesting to see how many of his skills seem to have come from writing malware in the first place. It’s a fascinating story, and you can and should read it over on Wired.