Cyber expert in WannaCry virus case seeks to suppress statements in malware case

MILWAUKEE (AP) — A British cybersecurity expert credited with stopping the worldwide WannaCry computer virus was headed to court Wednesday for a hearing about statements prosecutors say he made in a recorded jailhouse phone call acknowledging that code he wrote wound up in malware.

A grand jury indictment accuses Marcus Hutchins of creating and distributing malware known as Kronos, designed to steal banking passwords. Hutchins, 23, has pleaded not guilty.

Federal prosecutors in Milwaukee want to introduce as evidence statements he made to an unidentified person hours after FBI agents detained him in Las Vegas before he boarded a flight home to England last year. The statements are included in a transcript filed in court Tuesday, on the eve of the hearing where Hutchins will ask for the phone conversation to be suppressed, along with a two-hour FBI interview.

Prosecutors have said Hutchins also made incriminating statements during the FBI interview. His attorneys have argued Hutchins didn't fully understand Miranda warnings because he's a foreigner and was also sleep-deprived after a week partying in Vegas.

Hutchins' arrest last August came as a shock because only four months earlier he was lauded as a cybercrime-fighting hero for finding a "kill switch" to slow the outbreak of the WannaCry virus, which crippled computers worldwide, encrypting files and making them inaccessible unless people paid a ransom ranging from $300 to $600.

Hutchins' attorney Brian Klein did not respond to an email Tuesday seeking comment. Assistant U.S. Attorney Michael Chmelar said he couldn't comment.

In the jailhouse call, which Hutchins was told was being recorded, he said he "used to write malware" years before.

According to the transcript, Hutchins said: "So I wrote code for a guy a while back who then incorporated it into a banking malware, so they have logs of that, and essentially they want to know my part of the banking operation or if I just sold the code onto some guy then they wanted me to, once then found I sold the code to someone, they wanted me to give them his name, and I don't actually know anything about him."

The indictment said the crimes happened between July 2014 and July 2015, but prosecutors have not offered any details about the number of victims. Prosecutors also said in recent court filings that Hutchins is suspected to have sold the Kronos software to someone in Wisconsin and that he "personally delivered" the software to someone in California.

Details of Hutchins' arrest and the crimes he's accused of committing have otherwise been sparse — and Hutchins' attorneys have repeatedly criticized prosecutors for it in court documents.

During the jailhouse call, Hutchins also said he repaid a debt of about $5,000 by giving someone logs that had the compiled binary of the code he created for the person who used it for banking malware. He said both happened when he was about 18.

"I knew it was always going to come back," Hutchins said on the call, adding that he didn't "think it would be so soon."

Robert Graham, a computer security expert not connected to the case, warned against concluding that Hutchins had done something wrong simply because his code wound up in malware.

"I'm not saying he didn't cross a legal line somewhere, but the quotes (in the filing) are still consistent with somebody who is a security researcher rather than a malware kingpin," Graham said in a text to The Associated Press.

In addition to computer fraud, the indictment lists five other charges, including attempting to intercept electronic communications and trying to access a computer without authorization. Hutchins faces decades in prison if convicted of all the charges. He has been barred from returning home and has been living in California, where he works as a cybersecurity consultant while awaiting trial.