SAN FRANCISCO (Reuters) – British cyber security researcher Marcus Hutchins pleaded not guilty on Monday to federal charges he built and sold malicious code used to steal banking credentials.
Hutchins, 23, rose to overnight fame within the hacker community in May when he helped defang the global “WannaCry” ransomware attack, which infected hundreds of thousands of computers in May and caused disruptions at factories, hospitals, shops and schools in more than 150 countries.
He was arrested earlier this month in Las Vegas on unrelated hacking charges. U.S. prosecutors have claimed that he and an unnamed co-defendant advertised, distributed and profited from malware code known as “Kronos” between July 2014 and 2015.
The case has drawn intense interest from the hacker community for the implications it may pose for cyber research and concerns it may deteriorate an often tense relationship between hackers and law enforcement.
Hutchins is a “brilliant young man and a hero,” his attorney, Marcia Hoffman, told reporters on Monday shortly after the arraignment.
“He is going to vigorously defend himself against these charges, and when the evidence comes to light, we are confident he will be fully vindicated,” she said.
If downloaded from email attachments, Kronos left victims’ systems vulnerable to theft of banking and credit card credentials, which could then be used to siphon money from bank accounts.
Reporting by Dustin Volz, editing by G Crosse