ArticlesBlog

hacker:HUNTER – Wannacry: The Marcus Hutchins Story – All 3 Chapters

hacker:HUNTER – Wannacry: The Marcus Hutchins Story – All 3 Chapters


I think the FBI was trying to make an example of Marcus. But I think they bit off more than they could chew. So, we’re just going to go through the entire thing? If you don’t mind. F***! The WannaCry events became apparent within minutes of me pitching up for work on that day. I went into the office to make a coffee and put my bag down and people at their computers showed me a screen, we were talking about it, everything had gone down. Within minutes we realized by talking to people and listening to the news that this was more than a local problem, it was something that was affecting a big part of the NHS. 39 hospital trusts and GPs in Scotland and across England have had to cancel routine operations, send patients home and divert ambulances. All the computers have been stopped. They’re not sure whether the doctors can see you. There’s no appointments apart from emergency appointments. I first heard about it actually when I was in the middle of my clinic, and at that point, that was about 4:00 pm I think 16 organizations had been affected. By 11:00 am, I think we got some screenshots from the affected machines, the famous red screen shots. This ransomware takes over computers and demands $300 in Bitcoin for people to get access to their files again. Well the 12th of May 2017, we were actually in the middle of a general election in the United Kingdom, but coincidentally, I had actually been trying to contact my own GP to make an appointment for one of my children and they were saying “Well, we can’t access the systems at the moment” and then I just thought they’ve got problem locally and I didn’t really — I didn’t realize till later how serious this had been. I’ve just chaired Cobra to ensure that we have a cross-government response to this virus attack. This has been an international attack, it’s impacted a hundred countries. It looked at first like an attack just on hospitals in the UK, but it’s now becoming clear that this malicious software has run riot around the world. We woke up on the East Coast trying to scramble and understand what was going on; we didn’t really know what was happening. WannaCry’s ability to spread itself is why it is so problematic. Unlike most malware, it doesn’t need you to click on an infected email, it spreads using a vulnerability in outdated versions of Windows. It just seemed like one day in May the Internet is suddenly on fire and there’s this unstoppable worm infecting hundreds of thousands of computers and growing indiscriminately, spreading from continent to continent with no signs of stopping, getting worse by the hour. In that moment it was like “Oh crap what are we going to do?” I was working from my parents’ home at the time, in my bedroom and I checked some messages boards and seen all of this news about something targeting the NHS. So, obviously I was like, “hmm that sounds interesting”, because usually ransomware hits like one or two major targets, but this was just hitting NHS hospitals all around the UK and it was so consistent that I thought like, this could be a worm. So, I decided to jump into kind of looking into it. The Internet had seen massive rapidly spreading worms before, but not for years. So, I asked a friend if I could have a sample of the WannaCry worm. I noticed it made a web request to an unregistered website, so I registered it. And as time went on, we noticed the infection count was steadily declining. After a few hours of that, we noticed a tweet by someone suggesting that the URL in fact, was a kill switch that just disabled the malware. So, the ransomware itself WannaCry had this kill switch. It was a domain name. which when you registered that domain name, it would kill the ransomware dead in its tracks. Usually these kill switches or these mechanisms are built for the authors itself to make sure that they don’t infect themselves. I think that it was designed as a safeguard, so they can stop the spreading of WannaCry if the need arises. So, I kind of went in and I looked for myself and sure enough this domain simply responding was enough to disable the malware itself. It was the biggest hack attack the world has ever seen, but attempts to stop the virus spreading appear to be working. And then suddenly it was over. With no warning, with no explanation. So, I believe I woke up on I think, Sunday morning to see my face across a two-page spread in the Daily Mail which is the biggest newspaper in the UK and after that things kind of just went off the rails. No one really knew who he was or what his name was. He went by this online handle @MalwareTech and he would publish vulnerability research and reverse engineering blog posts and everyone knew his work, but it was only after the ransomware attack happened when the media essentially doxxed him and they published his name and photos and even his home address, online for anyone to find. After that things kind of just went off the rails, I had journalists turning up at my house to interview me. I had all kinds of media queries in every inbox I had. Yeah so I’ve had people sort of inundating me with messages thanking me, saying that I’m a hero. I mean I sort of just registered this domain for tracking and I didn’t intend for it to like sort of blow up and me to be all over the media. I was just sort of doing my job and I don’t really think that I’m a hero at all. A lot of people in the security community are private. And so his personal life, everything about him, was exposed in that moment. So, while it was great, and he was the hero of the day, I don’t think he wanted that. So, yeah we’re just pretty much business as usual, except I have not had any sleep in 3 days. So, long as the domain isn’t revoked this particular strain will no longer cause harm, but patch your systems ASAP as they will try again. Although we’d actually stopped the malware, there was a lot of other things that needed to be done, we needed to like, notify people that their networks were infected. So, I was working all week and I just kind of asked my mum to politely tell anyone who turns up at the door to go away. Still seeing more than a hundred thousand unique IPS per day connecting to our sinkhole. Even after Marcus registered this domain his work wasn’t really over. For weeks afterwards, all manner of hackers were attacking the domain with distributed denial-of-service attacks that try to flood it with junk traffic and knock it offline, who knows why? So, he had an active role in protecting that and that put him in a hard situation, so there was a lot of pressure. If any of them had succeeded with one of these cyberattacks and that domain had gone offline, then WannaCry could have restarted and begun infecting machines all over again. It was so important to keep this domain active, even to this day. The moment that the domain name goes down, another outbreak will just happen again. We are very pleased to welcome our illustrious team of witnesses here this afternoon. How can you be sure that the virus has been eliminated from all the NHS systems? Well, I don’t think we can guarantee that the threat has gone away. We were very concerned to learn partly during the WannaCry incident and afterwards, when we were looking at it, that the NHS was really woefully underprepared. None of the NHS organizations that were inspected had met the standards set by NHS digital. That was dismaying, to say the least. Can we guarantee future security? No we can’t. Just like every other organization, cyberattacks and cybercrime are the fact of life. I think that WannaCry could have been so much worse. We got away with it relatively lightly, compared with how serious it could have been had it not been for an individual who was able to switch it off by, you know, good luck, good skill and good fortune. I just like to go about my work, I’m kind of a lone wolf when it comes to research. So the fame really just added to stuff I didn’t need. I just felt like I would have preferred that the whole WannaCry fame never happened. Now that you are internationally celebrated security researcher, what’s your what’s your reception been like? It’s been very positive, I’m not really used to the sort of like, the spotlight, I’ve always been anonymous, so it’s very different, but everyone has been very accommodating, very nice, I’ve enjoyed it a little bit. After WannaCry blew over I went on vacation in Vegas for a hacker conference. DEF CON is basically one big week-long hacker party with some talks in between. We had to spend a lot of time just out and around Vegas partying, we rented some sports cars, we went to some shooting ranges. Also, a few of my friends had figured out that if we pulled all our money together, we could get an entire mansion with 30 bedrooms and the biggest pool in Vegas. Towards the end of my week in Vegas, as I was waiting for my flight home, someone in CBP uniform approached me and asked me my name. They led me to an interrogation room built into the airport. And it turned out that the guy was actually an FBI agent. At this point like, I’m completely exhausted, I have no idea what’s going on anymore. I’ve been drinking for days solid. Most of the interrogation, it seemed like they were looking to leverage me to get to someone else, something which I was not able or wanted to do. They asked me a huge bunch of questions, but it wasn’t until about an hour into the interrogation that they actually told me what it was about, and showed me an arrest warrant. People weren’t immediately quite sure why he had been arrested. Initially we thought that he got arrested because he registered the WannaCry domain. It had caught me so off guard, I still didn’t really know what was happening or why. I was just sat there in this haze. It transpired that it was because of his work, very much prior to WannaCry. They didn’t have the cell for me so they handcuffed me to a chair. So, I spent most of that night trying to doze off and then getting woken up by the alarm that goes off every 20 minutes. This call is subject to recording and monitoring. Hey, Marcus, can you hear me? Hey, I’m in jail. Okay, so they detained you? Yeah, I used to write malware and they picked me up on some old shit. Have you talked to them at all? Have you got a lawyer yet? No, I don’t have a lawyer. They have some chat logs of me with some other guy. I don’t know how they got them. Look, I’m going to work on it, you’ll have a lawyer tomorrow, and you’ll speak with the lawyer. Alright see you man. I’ll talk to you soon. Bye. There was a moment of fuck, I’m really actually in jail. But after that, I came to the conclusion that this is how my life is now, I’m in jail, I might as well get used to it. It didn’t take long for an indictment to drop and he was accused of creating the Kronos malware. That was very much a holy shit moment. So, the charges turned out to relate to something that I believe started around kind of the age of 17
till maybe like 19 or 20, in relation to writing a piece of malware called Kronos. Kronos malware is banking malware. It essentially infects your computer and hooks into your web browser and tries to figure out your usernames and passwords for your banking login. I don’t think he’s ever been behind the keyboard trying to steal credentials or tried to extract money out of bank accounts himself. He was that person enabling somebody else through tools. So, it’s a very kind of scientific kind of hobby interest kind of exploration. I never had actually intended to write banking malware, I had written malicious code in the past which I had not actually sold or given away. But there came a point when I made the mistake of selling the code to someone. This code was then incorporated with banking malware code that someone else had written to make banking Trojan. And kind of it was at that moment where I realized, like,
there is no going back. This is going to catch up with me at some point. So, the hearing today was to determine whether or not Marcus would be detained as a result of the charges and the indictment. And the judge agreed with me in saying that he is going to be released pending certain conditions that he has attached to the bond, and that he has to post a $30,000 cash bond. I started to look about how I would actually go about paying the bail. But before I could get to that, I found out that someone from the community had actually paid it for me. I thought that like, this was it. I was going to be stuck in some prison for the foreseeable future. And I had no idea all of these great people had to come together to support me. I had mixed feelings about the case. Most of the issue I had personally, is why now? Like why bring up this stuff from years in the past? I think the FBI was trying to make an example of Marcus. But I think they bit off more than they could chew. I was born in the UK and I spent all of my life living there. And other than a couple of conferences, I had never really even been abroad. Lived in England, got arrested while on vacation in Vegas, was later moved to Milwaukee, then to LA. At this point, I don’t actually feel like anywhere is home. That 18-month period where Marcus was in this immigration black hole, he wasn’t able to leave the United States, he wasn’t able to work. Being stuck in the US, not legally allowed to work for money has made me realize I’m one of those weird people who just enjoys working regardless. Don’t want to be rich, just want an apartment, food, clothes and some travel. I was based in the Venice area and I’d begun to love this area of LA. I wasn’t living with my parents; I had my own place now. I feel like it’s more of a new life it didn’t feel like at all like my old one. The security community very much rallied around Marcus. A lot of people weren’t sure whether he had done the crimes that the government was alleging and some people were adamant that he was innocent. And at that point, he pleaded not guilty. Me and my team of three lawyers we were going to fight a lot of the charges because most of them I did not agree with. So, I wanted to actually go to trial and fight all of the charges. Marcus Hutchins is a brilliant young man and a hero. He is going to vigorously defend himself against these charges. And when the evidence comes to light, we’re confident that he will be fully vindicated. There’s been voices in the community, for him, and let’s say and against him, but I think if we’re honest then our whole community is made up of people, on the good side of things, and on the gray side of things, and sometimes also on the bad side of things. I started out very young learning about the security and hacking aspect of technology. And back then there wasn’t a lot of the kind of good side around. As with any skill, being able to practice for thousands of hours on a certain thing can make you the best at what you do. And so if you’re a security researcher, you’re going to have to practice and practice and practice before you’re good enough to play in the big league. I learned how to understand malware by making my own versions, which at the time I wasn’t actually using or releasing. And there came a point where I got involved with a crowd of malware developers and other kinds of criminal hackers. And that kind of led me down a path that ended up with me selling malicious code at one point. It was when my code was added to the Kronos banking malware, I realised this is not what I want to be doing. After I was arrested, I got quite a lot of people privately reaching out to me to tell me like, “Yeah, I did the same kind of things you did in your past, but it never caught up to me”. So, I got the impression that there was a good percentage of people in the industry who had had like a less than white past. Monday is the two year anniversary of WannaCry. A journalist asked me about what I’ve done since WannaCry and I realized literally nothing of value. I had had a lot of anxiety from the stress, I had been not really sleeping at all for the the years I’d been in the US. At this point, I was already considering giving up. My first lawyer, I gave me an estimate about $1 to $1.5 million for the entire case. I knew I could not fund that kind of legal defense. And I just figured, then I’m going to just have to fault. Two months before trial, I decided to take a plea deal. It was really just too much uncertainty for me and I decided that it just was not worth the risk. Did not expect that, did not expect that. I genuinely thought he was not guilty. Legitimately terrified, but also looking forward to all this being over at some point. He’s going to be sentenced today for creating and selling the Kronos banking malware. Seeing him sent away to prison, when he’s got so much to offer, is going to be quite a sad day. Heading into court now, no matter what happens, I love y’all. I appreciate the fact that one might view the ignoble conduct that underlies this case, as against the backdrop of what some have described as the work of a hero. It was a very tense situation in that courtroom, I think there wasn’t a single person in there who thought for a second that he was going to be able to walk out of there. You could be 140 IQ and have all the requisite talent to do great things, but commensurate with all of the ability to do those great things, is the ability to acquire the most important of traits. And that is the exercise of good judgment. I was shaking, I think I sweat through my T shirt and through my blazer. Yeah, I did not know how to feel, it just felt like kind of everything was coming to an end, but not in, not in a good way. There have been millions of individuals whose credit ratings have been affected as a result of hacking of systems. And it’s going to take individuals like yourself to come up with solutions. The judge understood every nuance of this case. The judge took a very kind of broad view of the entire circumstances, rather than just the case at hand. He weighed up my past work helping security. Marcus Hutchins turned the corner with regard to any further conduct that would be remotely connected to what led to the charges in this case ever occurring again. We are thrilled that the judge today recognize Marcus’ very important contributions to keeping the world safe and let him go home a free man today. So, Marcus was sentenced to time served. He’s been released, he’s a free man. What’s your reaction, how do you feel? Just thank you to everyone who supported me and the judge for his leniency. You’re here with your parents? I am. Maybe if Marcus hadn’t found the WannaCry, kill switch, he never would have come to the attention of the FBI, he never would have been arrested, he never would have faced this long legal ordeal about his past, essentially cybercriminal, acts. But on the other hand, saving the world from WannaCry is what allowed him to walk away free in the end, thanks to one judge who understood these series of events and the kind of ultimate equation that put him on top in terms of the good he’d done versus the harm. He not only saved the world from WannaCry, but he saved himself, in a way. I think today I share absolutely nothing in common with the me back then. It feels almost like a completely different person. It’s only that once you grow older, you realize what actually is right and wrong.

Comments (100)

  1. He contributed to the corse….. Les, dthr, awewe….good man

  2. This script kid can be happy he didnt end up rotting in jail.

  3. lol. 3:57 they added some of the Matrix to the cool effects screen.

  4. Re-enactments are so corny, can't believe producers think it makes for good television.

  5. Media should be banned from publishing someone's address.

  6. "I'm a really private guy, I hate all the fame".

    Of course I'll agree to these highly publicized interviews!

  7. I pressed pause 1 second in… im not giving in to your demands, put it back in my suggested 6 years from now

  8. 9:36 notice his headphone hair

  9. Its kinda interesting that ONLY when he solved the wannacry exploit, the FBI arrested him for his past. "Oh we couldnt find him" BS. The media found him, the users found him. They just wanted another notch on their belt so they could say "hey, we caught so and so" What a joke.

  10. In jail in the US. Makes a call on a 1990s BT payphone. I guess the producers never figured a bunch of phone phreaks would be watching…

  11. Why write malicious software in the first place? Just because you can? Even if you have no bad intentions, the person who wants to buy your code surely wants to rob innocent people of their money. If I build a gun and then somebody buys it and kills multiple people with it, I should not be surprised and say "I didn't want a person to lose its life"

  12. Some hackers hack not because of money. They hack because of self fulfillment, ego, they wanna know how far can they go in hacking

  13. Clearly the solution is to move all data and systems to the cloud

  14. Wells Fargo gives so much money to politicians that they can steal with legal impunity The Federal Pigs go after the easy targets

  15. HE did not use the malware He just wrote it

  16. The criminals are the banksters who pay themselves fortunes while shortshrifting cyber security of their organizations

  17. His bail got paid because they’re turning him

  18. @02:39 lives in Khazad-dûm

  19. I didnt know sam roberts was a hacker

  20. People who are paid hundreds and thousands of £ yet they don't have clue!! Someone in their bedroom had to save the health service of a nation. What a surprise , then someone gets embarrassed and they need to save face.

  21. should've just plead guilty the first time instead of accepting all of that legal defense money when you knew what you did

  22. THIS is how america lives in the past votes for people who are bible bumpers america is pathetic when it comes to the future they have laws that are so behind everyone else just look at facebook

  23. just on a no-proof-hunch…. marcus had been groomed for a long time to be a patsy

  24. Marcus reminds me of "Mos" from IT Crowd

  25. What a nice guy 🙂

  26. "an exploit developed by the United States National Security Agency (NSA) for older Windows systems. " wow funny how they dont get in trouble

  27. fair play, credit to the judge

  28. There should be a movie about this man's case

  29. He should have done time I think, he's hurt a lot of people and there's no amount of good that can make up for that

  30. This guy lies through his teeth, he signed a proffer and snitched on his co-conspirator.

  31. I'm glad this didn't end up like Aaron Swartz.

  32. VENICE called to you… Your in the right place at the right time.

  33. 1:44 makes me wanna 😢

  34. The way I see it is they don’t arrest a gun company when someone uses that gun to rob a bank so why arrest him

  35. 10:56 MIKE EHRMANTRAUT?

  36. what is wrong with americans? do they love being the most hated??

  37. Irony, fixing a maleware called wannacry then wanna cry because you fixed it

  38. Very good story and info about the industry but, did anyone stop to think why the FBI/CIA went after Marcus in the first place?????

  39. This is only proof how system is corrupted what bias and drama for no reason

  40. And when i thought all hope was lost, Kelvin Douglas the best Hacker I've ever come across came to my rescue. He has restored me back to my financial position and saved me from financial debt. He unimaginably turned 0.65BTC to 18.37BTC in less than an hour. I was initially uncertain when i first heard about him from a friend who stays in Texas. If you need him you can get through him via his email address: [email protected] or you can text him on: 210 460 7944.

  41. The FBI was doing what they do best………..making examples of people to boost their reputation.

  42. That’s a great story an even better end , he knew what he had done an had never done it again an glad the judiciary system worked for this young man, our governments need folks like him to help secure our records an what ever else we need to protect.

  43. I had not actually heard that he was arrested afterward..
    Lesson: Dont come to the US. We're a bunch of morons. Almost everyone in power is on a power trip. It really does feel like a police state now compared to when I grew up in the 80s and 90s.

  44. These people are really smart! Glad I'm not that smart!

  45. As the saying goes, “No good deed goes unpunished.”

  46. I'll have a liter of cola

  47. 15:30 "After his release from "jail" NOT "prison". Huge difference. You can't go to prison BEFORE losing at trial.

  48. Because he disabled a malware executed probably by Microsoft or the governments themselves. They didn't consider him a hero.

  49. I noticed something as I was about to doze off last night.. that Andy Greenberg's head is MASSIVE compared to his body. Then I doze off to bed, until I watched this today. Holy sh** his head is HUGE!!!

  50. 3:52
    Director: "Make it look as hacky as possible"
    Guy behind computer, runs 100 instances of "tree" and "htop" and a 2nd screen with a world map…..

  51. wannacry?! this story made me cry! thank goodness for a happy ending!

  52. Amazing dude! Nice documentary

  53. the US government are a joke

  54. That's America LOL charge you with a bunch of s*** make you spend every dime to fight it or they give you a "deal", which is usually probation kind of wave to them to bleed money out of your overtime.

  55. See what they do to hero's who save the world,, Next time don't save the world they will put you in jail. Wtf

  56. 3:58 LOL – is the the "Hollywood Technodrama" activity simulator script running?

  57. This is why you shouldn't DRINK! And have a clean mind all the time.!

  58. See what most people don't know & understand is that the USA GOV is NASTY…. It don't matter how good you are are what good you have done. In their eyes you are the attacker! This is why I wouldn't fight for the US gov for nothing. If I was called to WAR, So help me I would run to the hills… They would have to kill me 1st!

  59. The real crime was this guys beard 1:42

  60. 7:07 said what ddos meant probably to sound smarter. Just say ddos XD

  61. I can use a computer but most of this stuff is way over my head.

    He wrote a code to hack banks, so surely thats a very wrong thing to go & do??

    Fuck governments and all that, but when they come knocking you got to face the music.

  62. Literally all he did was read the code and register a domain. Yeah, he stopped the attack but he is not necessarily a 'hacker' solely for that reason.

  63. Love the cmatrix utility running at 3:59

  64. 1:43 LMAO! Did that guy spray his beard on? 😄

  65. Ginger lives matter

  66. He should of Sued the shit out of anyone who doxxed him and even those who shared his information, breaking his right to privacy and confidentiality in his field

  67. the headline he got was "surfer dude saves the day " ….god the media are such asswipes

  68. How Can a plea deal ever be considered justice!
    I find that so absurd that The so called Land of the Free operates that way!
    And how fucking stupid are you when you trying to make an example out of a person who clearly didn’t have any intent of harm!

  69. Too many titles and I dont know about the re-enactment scenes but cool story

  70. 15:37 wait a minute.. i was there!

  71. The uk should bring him home to work for GCHQ

  72. 😂 as I’m watching this, the video has 66,066 views xD

  73. We need more of hacker:HUNTER ☺️

  74. Now he probably works for the American government

  75. the UK is so irrelevant, anyone notice? Their KINGDOM (lol) is always in the news, and its always such weak, cringey shit, like weird "just woke up" Boris, or the "Royal Family" (outside of Kate, they are all fkn weirdos and Harry is trying to escape with his girl to live a real rich persons life, none of this 'Oooh, carry me to brunch in the horse drawn coach, cheers shall we hasten for thy queen? No no, she lives on radiation and childrens souls, carry on!"

    FK!

  76. you would imagine that being a Dentist practice, with an Orthodontist and Endodontist in the same building, you would $$$$ kill it…but nooooo, the NHS doesnt allow for corrective procedures, nor do they allow for preventative, they just clean your crooked ass teeth and send you on your way

  77. Maybe the NHS should update their shit systems then. By keeping old shit versions of windows you're asking for it.

  78. The FBI frequently blames the hero. They need to be disbanded.

  79. They give us stats on how many computers were infected worldwide but no stats just concerning America. We all know America is the only thing that maters. JK lol.

  80. They should have just turned it off and then turned it back on again.

  81. We all know right from wrong, even as children. It's the context that keeps changing around us, from immature matters to more subtle, important and wider views.
    Practice makes perfect and doing right has a self perpetuating, positive energy.

  82. 10:20 so he's posh then. I'm not saying that's a bad thing growing up rich is not his fault.

  83. "Its not until you get older do you realize what's good." Not true for everybody. Some people never committ serious crimes.
    That said f the system.

  84. good thing he is playing Football at BVB now

  85. You petty narcissists deleting my comments is evidence of utter weakness. Pathetic nothings.

  86. i feel like we didnt get the full story

  87. TLDW;

    So you clicked on invoice.exe in an email on your stupid windows box. Well…

  88. this man is litterally the cyber version of atlas. he literally held the weight of the entire cyber world for god knows how long.

  89. If another "Wannacry" situation happens and somebody had the answer to fix it, they would be too scared to do so because the damn FBI will ruin you even though you've changed and can make the world a better place.

  90. He got busted, as usual, because someone else put him in.

Comment here