British researcher Marcus Hutchins, who helped combat WannaCry, has been arrested in the U.S. for allegedly designing malicious software to collect passwords. Hutchins, who has almost achieved hero status in the cyber-security world, was detained in Las Vegas when he was returning to Britain after attending the annual gathering of hackers and information security gurus, authorities said on Thursday.

Marcus Hutchins
HypnoArt / Pixabay

Several charges against Marcus Hutchins

An indictment filed in a U.S. District Court in Wisconsin claims that Hutchins designed the malware known as Kronos, which makes its way through web browsers and thereafter steals their username and password when a user visits their bank. Further, the indictment says that a co-defendant who has not yet been identified put an advertisement for the Kronos malware on AlphaBay, an illegal web marketplace shut down by international authorities just last month. According to investigators, the website was used to carry on global trade in firearms, hacking tools and trade in drugs, along with various other illegal activities.

According to the Justice Department, the federal jury has pressed six-count indictments against Marcus Hutchins after an investigation which lasted for two years. The celebrated researcher has been pressed with one count of conspiracy to commit computer fraud and abuse. He is also accused of distributing and advertising an electronic communication interception device, attempting to access a computer without authorization and attempting to intercept electronic communications. As per the reports, all these crimes were allegedly committed between July 2014 and July 2015.

Hutchins appeared before U.S. Judge Nancy Koppe in Las Vegas on Thursday. Hutchins was previously detained in the Henderson Detention Center after being arrested at Las Vegas McCarran International Airport, but later he was transferred to another facility, reports Motherboard.

A fallen hero?

Hutchins’ mother Janet told The Telegraph that she does not know what exactly happened to her son, but she is looking to find out.

“I think I’m going to be rather busy tonight,” she said.

Janet has been trying to contact the U.S. to connect with her son. Meanwhile, a spokesperson for the U.K.’s National Crime Agency stated that they are aware of a U.K. national arrest in the United States, but it comes under the jurisdiction of the U.S.

Praising Hutchins’ earlier work, Naomi Colvin from the civil liberties campaign group Courage said he was detained 24 hours before information of his arrest was released, and since then, he has not been allowed to contact his family.

“The U.S. treats hackers far worse than other countries do, with much longer prison sentences, a dearth of vital health care and rampant solitary confinement,” Colvin said.

Hutchins, a native of England, was on vacation in May when WannaCry broke, hijacking Windows machines. The malware encrypted all the files on affected systems, and to decrypt them, the user had to pay between $300 and $600. Hutchins reportedly saved at least 10 million computers from infection, earnings accolades and a bounty from the security industry. Hutchins stated he would donate the financial reward to charity, notes the Los Angeles Times.