A British cybersecurity researcher credited with stopping a worldwide computer virus last year faces new charges, including lying to the FBI, in an updated indictment Wednesday accusing him of developing malware to steal banking information.
Marcus Hutchins now faces 10 charges alleging that he created and distributed malware known as Kronos, including four new ones in the revised indictment in the Eastern District of Wisconsin. The prosecutors' updated filing comes as a federal judge weighs a request from Hutchins' attorneys to suppress the statements he made to the FBI when the agents detained him Aug. 2. His attorneys argue he wasn't properly informed of his rights.
Moments after the charges were filed, he sent tweets asking for donations for his defense and disparaging prosecutors. He used profanity to describe prosecutors in one tweet he has since deleted.
Hutchins, 23, has pleaded not guilty. One of his attorneys, Brian Klein, called the updated indictment "meritless."
"It only serves to highlight the serious flaws in this prosecution," he said in a statement. "We expect Marcus to be vindicated and then he can return to doing what he loves: keeping us all safe from malicious software."
Hutchins arrest was a shock because months earlier he had been lauded as a hero for finding a "kill switch" to the WannaCry virus which crippled computers worldwide, encrypting files and making them inaccessible unless people paid a ransom ranging from $300 to $600.
FBI agents detained him in Las Vegas before he boarded a flight home to England and interrogated him for nearly two hours. The agents have said Hutchins spoke to them voluntarily but lied by denying that he was involved in the creation of Kronos.
The updated indictment contains new details of the FBI's investigation of Hutchins, including aliases of people he allegedly conspired with online to advertise and sell Kronos. Prosecutors say Hutchins and another individual posted a video on YouTube in 2014 to "demonstrate how Kronos worked and to promote the sale of Kronos" — a detail not disclosed in the original indictment.
The indictment said the crimes happened between July 2014 and July 2015, but prosecutors have not offered any details about the number of victims.
In Wednesday's filing, prosecutors accuse Hutchins of also creating and distributing malware called UPAS Kit, designed to collect people's credit card information and other personal information. Prosecutors allege that happened on July 2012.