Since <a href="https://news.ycombinator.com/item?id=14922563" rel="nofollow">https://news.ycombinator.com/item?id=14922563</a> adds significant new information (or at least I assume it does), the discussion can shift there now.
CNN got the indictment:<p><i>On Wednesday, 22-year-old Marcus Hutchins -- also known as MalwareTech -- was arrested in Las Vegas for "his role in creating and distributing the Kronos banking Trojan," according to a spokesperson from the U.S. Department of Justice.<p>The charges relate to alleged conduct occurring between July 2014 and July 2015.<p>According to an indictment provided to CNN Tech, Hutchins created the malware and shared it online. </i><p><a href="http://money.cnn.com/2017/08/03/technology/culture/malwaretech-arrested-las-vegas-trojan/index.html" rel="nofollow">http://money.cnn.com/2017/08/03/technology/culture/malwarete...</a>
> "I've spoken to the US Marshals again and they say they have no record of Marcus being in the system. At this point we've been trying to get in contact with Marcus for 18 hours and nobody knows where he's been taken," the person added. "We still don't know why Marcus has been arrested and now we have no idea where in the US he's been taken to and we're extremely concerned for his welfare."<p>What the hell? How does something like this even happen? Surely they can't just take somebody away and keep it a secret?
FYI, if you've committed any form of cybercrime in the previous 3 years (edit: the statute of limitations is 5 years for most federal computer crimes, as pointed out below), you should avoid such conferences in the US for exactly this reason. You probably aren't as smart as you think, and there may be a sealed arrest warrant for you.<p>The FBI waits for these kinds of conferences to do exactly what they did here. Another Las Vegas DEF CON victim was Dmitry Sklyarov [1]. They won't bother with all of the problems associated with international arrest warrants and extradition if they know you're coming to them.<p>[1] <a href="https://en.wikipedia.org/wiki/United_States_v._Elcom_Ltd" rel="nofollow">https://en.wikipedia.org/wiki/United_States_v._Elcom_Ltd</a>.
No good deed goes unpunished. But why is DefCon still in the US? I think the creators of the conference might want to seriously think about holding it somewhere that isn't so hostile to pretty much everyone who attends.
The Guardian has more:<p><a href="https://www.theguardian.com/technology/2017/aug/03/researcher-who-stopped-wannacry-ransomware-detained-in-us" rel="nofollow">https://www.theguardian.com/technology/2017/aug/03/researche...</a><p>He may have a shady past:<p><pre><code> According to an indictment released by the US Department of Justice, Hutchins is accused of having helped to spread and maintain the banking trojan Kronos between 2014 and 2015"</code></pre>
Bitcoin wallets associated with WannaCry have been emptied: <a href="https://arstechnica.com/gadgets/2017/08/wannacry-operator-empties-bitcoin-wallets-connected-to-ransomware/" rel="nofollow">https://arstechnica.com/gadgets/2017/08/wannacry-operator-em...</a>
UK's National Cyber Security Centre on MalwareTech's arrest:
"We are aware of the situation. This is a law enforcement matter and it would be inappropriate to comment further."<p><a href="https://twitter.com/josephfcox/status/893160214664445952" rel="nofollow">https://twitter.com/josephfcox/status/893160214664445952</a>
Reading the indictment, it seems like his partner ratted him out. Curious though, the indictment seems to list the redacted partner as doing most of the incriminating things (posting a video demonstration, advertising the sale on AlphaBay, etc), it merely accused Marcus as being the author and co-conspirator.<p>I wonder if his partner/friend got caught, and plea bargained to turn state's evidence against Marcus.
Maybe this is the reason he did not appreciate people revealing his identity online (basically DOXing him for fun, some journalist did it if I recall correctly). It really sucks when somebody that is trying to do well (stopping the WannaCry Ransomware as he did) is detained, even though we don't know more details at this points, this hits him rather personally and probably not for the good, I am very sorry for him and I hope he gets out soon and that all is well.
They're surprisingly clever, to arrest after DefCon. Typical stupid USA LEOs would arrest ASAP, so the unjust detention could be a cause célèbre hyped up by half the talks.
This reminds me of Kevin Mitnick: <a href="https://en.wikipedia.org/wiki/Kevin_Mitnick#Arrest.2C_conviction.2C_and_incarceration" rel="nofollow">https://en.wikipedia.org/wiki/Kevin_Mitnick#Arrest.2C_convic...</a><p>Do we need to create some "Free Marcus" bumper stickers?
The bitcoin ransom wallets for WannaCry were just emptied today as well. What was the time difference between these two events? It seems possible that Hutchins could have had control of the wallets and fed seized the coins.
Why are people in this thread so outraged without knowing any of the facts? For all we know there might be a legitimate charge on which he was arrested.<p>As per him being untraceable, if he was not read his rights then the FBI just jeopardized their own case. If no one knows where he is, it's more likely that it's what Marcus wants at the moment rather than what the FBI wants.
better summary: <a href="http://www.reuters.com/article/us-usa-cyber-arrest-idUSKBN1AJ2IC" rel="nofollow">http://www.reuters.com/article/us-usa-cyber-arrest-idUSKBN1A...</a><p>insightful thread also delving into wannacry: <a href="https://twitter.com/3L3V3NTH/status/893181445824446464" rel="nofollow">https://twitter.com/3L3V3NTH/status/893181445824446464</a><p>edit: there is a nice HN discussion already about the bitcoin: <a href="https://news.ycombinator.com/item?id=14918545" rel="nofollow">https://news.ycombinator.com/item?id=14918545</a>
As much as this article contains very little information,this sounds very much like something the US will do.<p>Whenever someone has to be the butt of some global joke .....somehow the US has to be the one to step up. Taking someone into custody for 18 hours without giving the family or press any information. How different is this from Iran or North Korea?<p>Two things could've happened here IMO. They asked for the domain to turned over to them and were politely refused, or they're about to punish an accidental hero for white hat work/previous black hat work not related to WannaCry
I like how this malware writer/researcher claims he "found" the address and "miraculously saved" everyone by grabbing the domain.<p>Not sure why everyone says he isn't the malware writer. What proof do you have that he didn't write it? Maybe he left a trail that you missed.