WannaCry Hero Marcus Hutchins Loses Evidence Bid

“I was intoxicated” claim by Marcus Hutchins during FBI interview dismissed by American court

US federal prosecutors have defeated what could be a significant legal bid by Marcus Hutchins, the British security researcher.

A US court has ruled (for a second time) against a claim by Hutchins that statements he made after taking ‘intoxicating substances’ should be thrown out.

Hutchins is the British security researcher who is widely credited for stopping the global WannaCry ransomware campaign in May 2017.

Legal bid

But just months later Hutchins was arrested by the FBI on 2 August 2017 in Nevada, after he attended the Black Hat and Def Con hacking conference in Las Vegas.

Hutchins was charged by US authorities of developing and distributing the ‘Kronos’ banking malware.

He has pleaded ‘not guilty’ to the charges and remains on bail in the US.

However Hutchins, otherwise known as ‘Malwaretech’ on social media, reportedly admitted to developing and distributing the ‘Kronos’ banking malware in a phone call made from jail.

He is seeking to prevent that phone conversation he had from used in the court case.

Hutchins is also fighting against the inclusion of a two-hour FBI interview, arguing that he had been “sleep-deprived and intoxicated” at the time and had been “coerced” into a confession.

But now according to Ars Technica a court ruling issued earlier this week threw out that intoxicated request, saying there was no evidence that he was under the influence of drugs.

“Hutchins appeared to be alert, engaged, co-ordinated, and coherent,” Judge JP Stadtmueller reportedly wrote in his ruling. “There is no evidence in the record to the contrary. There is also no evidence, nor does Hutchins claim, that he was under the influence of drugs that day – only that he was exhausted. But a terrible hangover alone does not, as a matter of law, render someone unable to exercise or waive their Miranda rights. This factor does not weigh in Hutchins’s favor.”

The judge also pointed out Hutchins’ own acknowledgement that he had been read his Miranda rights.

But the judge did rebuke FBI agents for failing to meet their obligation under the Federal Rules of Criminal Procedure to tell Hutchins precisely why he was arrested.

“There is certainly an element of deception to this set of events that the court does not endorse,” Stadtmueller wrote.

This is now the second defeat for efforts by Hutchins legal team to dismiss evidence against him.

Wannacry ‘hero’

Hutchins currently works for LA-based company Kryptos Logic, but he was formerly based in Devon.

When the WannaCry ransomware spread rapidly through computer systems around the world in May 2017, it crippled huge swathes of NHS IT infrastructure.

As the ransomware attack began to take hold, Hutchins managed to obtain a sample of the malware from a fellow researcher.

Hutchins then tested the ransomware in a virtual environment and discovered it queried an unregistered domain. He had noted the malware was connecting to multiple IP addresses targeting a server message block (SMB) vulnerability.

He then registered the domain, an action which ultimately resulted in the botnet being terminated. Hutchins actions only emerged days after the first WannaCry attacks.

Do you know all about security? Try our quiz!