Marcus Hutchins has found out the hard way that what happens in Vegas definitely does not stay in Vegas. After being arrested by FBI agents on August 2nd while waiting for a flight out of McCarran International to go back home to England, the cybersecurity expert, who’d been in Las Vegas attending two major conferences on the topic, was transported out of state for the next court appearance on his federal charges.
Hutchins, who was credited with stopping a worldwide ransomware attack earlier in the year, pleaded not guilty on Monday in a Milwaukee court to charges he helped create similar malware. The 23-year-old UK resident appeared in the Wisconsin federal courtroom where he, along with an unnamed co-conspirator, will face a trial scheduled for October 23, although another hearing on October 17 could delay the former’s start.
While Hutchins did not speak with reporters after the short court appearance, his attorney Marcia Hofmann did, saying she was convinced of his innocence. She pointed out that he was responsible for stopping the spread of malicious WannaCry ransomware in May, and that he’d received a $10,000 reward for his efforts, which he donated to charity.
“When the evidence comes to light, we are confident he will be fully vindicated,” Hofman said. “Marcus Hutchins is a brilliant young man and a hero.”
No free on $30,000 bond, the British national is restricted from leaving the US. Magistrate Judge William E. Duffin did allow him access to the internet, something the previous judge had banned. Hutchins wasted no time in taking to social media to make his first comment on his plight.
“I’m still on trial, still not allowed to go home, still on house arrest; but now I am allowed online,” he posted on his Twitter page on Monday. “Will get my computers back soon.”
Arrest Shocks the Internet
His equipment was confiscated when he was arrested in August in Las Vegas.
The Department of Justice contends that between July 2014 and July 2015, Hutchins was soliciting others for the Trojan Kronos, a software program aimed at infecting bank accounts. The bug is reportedly capable of stealing banking logins and other financial information.
News of his detainment stunned his peers, and they immediately started a crowdfunding page to help him raise money for his legal defense. They believe Hutchins is a victim of an overzealous government prosecution team. Jake Williams met him in 2015 and told the UK’s Guardian news site that the two worked on a higher education malware program, but that he declined any money for his work.
“I have a hard time picturing him refusing money for work from me but at the same time taking money for illegal activities.” Williams said “He’s a good guy. I met him face-to-face for the first time in Vegas last year and he struck me as genuine.”
Future Malware Work in Jeopardy
Despite facing decades in prison if convicted, Hutchins has maintained a sense of humor about his plight. He joked on his Twitter page on Monday about his time at the convention.
“Things to do during defcon: Attend parties Visit red rock canyon Go shooting Be indicted by the FBI Rent supercars,” he tweeted. “Defcon” refers to one of the two conferences he attended in late July in Las Vegas, the other being Black Hat.
Some in the cyber security industry have argued that his case presents a serious issue about computer security experts who work with the government. If he is convicted, they will be less eager to provide information or seek out malware, believing it could be used against them later.
“By [arresting Hutchins], they’ve made the internet less safe because nobody in their right mind is likely to help the US Government stop attacks now,” American cyber criminal defense attorney Tor Ekeland told Britian’s Telegraph news site after the takedown.