As Marcus Hutchins was on his way home to the UK after attending Def Con and Black Hat in Las Vegas, NV, the FBI arrested him. This event sparked immediate internet outcry, especially among the cybersecurity community, as Hutchins was better known as MalwareTech and had just made cybersecurity fame by stopping the WannaCry ransomware outbreak a few months prior. So, why did the FBI arrest a newly famous cybersecurity expert?

A look into the indictment that was unsealed as part of Marcus’s arrest provides the first clues. In the copy dated to August 2017, the same month as the arrest, the FBI leveled six charges against Marcus and a partner whose name was redacted. Those charges included the creation of the Kronos banking trojan. The investigation into Kronos itself began two or three years before the arrest. Most of the charges relate to the laws around computer crimes, naturally enough. The first charge in the indictment, however, is a charge of conspiracy.

The indictment claims that Hutchins and his partner conspired to create, advertise and sell the malware known as Kronos, all of which are violations of the Computer Fraud & Abuse Act (CFAA). This first charge also alleged that Hutchins alone created the Kronos malware and that his partner was brought in specifically to act as a middleman for the advertising and sale of the malware. A video posted in July of 2014 by Hutchins’s partner demonstrated the proof of concept for Kronos and advertised the malware for $3,000 USD.

The second charge brought against Hutchins and his partner was for violating a section of the Electronic Communications Protection Act (ECPA) that dealt with advertisement as a means of intercepting electronic, wire or oral communications. 

The third charge was related to the same section, except that it (Read more...)