Marcus Hutchins, the 23-year-old from Ilfracombe, Devon has pleaded not guilty to six charges relating to the development and distribution of a malware called Kronos.
The malware gathers financial information from the computers it infects by snooping on victims’ banking logins.
Hutchins, appearing in court in Milwaukee, Wisconsin, rose to fame earlier this year as he stalled the global WannaCry ransomware attack that wreaked havoc on NHS Trusts – and other firms across the globe.
He discovered a kill switch that stopped WannaCry, and worked with GCHQ’s National Cyber Security Centre (NCSC) to mitigate the threat in the days after the attack.
The “accidental hero”, if found guilty, could face jail. However, cyber security researchers has rallied behind Hutchins, with experts stating disbelief that he would have knowingly engaged in this criminal conspiracy.
This has caused a wedge between governments and the cyber security researchers they rely on.
For example, British cyber security researcher Kevin Beaumont said in a blogpost that he would not share cyber threat intelligence with the UK government until the situation is resolved.
“Many of us in the cyber security community openly and privately share information about new methods of attacks to ensure the security for all, and I do not wish to place myself in danger,” Beaumont wrote.
“Whatever else he may have done, this guy saved hundreds of thousands if not millions of dollars of loss in the US – and over the world by stopping WannaCry,” Ekeland added. “The indictment sends a message: if you help the government shut down malware, the reward is you will be arrested.”