This case is turning out to be rather bizarre.
Black hat or White Hat?Of course, this is all speculation, since the grand jury indictment is so thin on the details. The criminal complaint against Hutchins, which will present more detail on the charges, remains under seal. The only details the indictment provides are in Count 1, which alleges that Hutchins and his co-defendant engaged in a conspiracy to “knowingly cause the transmission” of code that would intentionally “cause damage without authorization” to over ten computers—a felony under the Computer Fraud and Abuse Act of 1986.
But that part of the indictment focuses mostly on overt acts by Hutchins’ co-defendant, whose name remains under seal. (“Overt acts” are facts necessary to support a conspiracy charge, and are meant to show the defendants’ participation in the conspiracy). Little is known at this time, but it may be an indication that the co-defendant is cooperating with the government, and has offered evidence of Hutchins’ involvement in the creation and sale of the Kronos malware.
--------------------
The indictment lists Marcus Hutchins and another "unknown" defendant. The charges are
a) Marcus Hutchins created the Kronos malware
b) On or about July 13, 2014, a video showing the functionality of the Kronos Banking trojan was posted to a publicly available website. Defendant XXXXXX used the video to demonstrate how Kronos works.
c) In or around August 2014 on an internet forum defendant XXXXXX offered to sell the Kronos Banking trojan for $3000
d) In or around February 2015 defendants Marcus Hutchins and XXXXXX updated the Kronos malware
e) On or about April 29,2015, defendant XXXXXX using the name xxxxxx advertised the availability of the Kronos malware on the AlphaBay market forum.
f) On or about June 11, 2015 defendant XXXXXX sold a version of the Kronos malware in exchange for approximately $2000 in digital currency.
g) On or about July 17, 2015, defendant XXXXXX offered crypting services for Kronos.
Kronos was discovered early July 2014 supposedly coming from the Russian Underground -
link - July 11th 2014.
What appears to be incriminating, is that on the 13th of July 2014 evidence is available that Malware Tech is asking if anyone has a sample of Kronos on his twitter account.
TBF I dont find it in the least bit strange that he was wanting a sample - its what he did and by having a sample of WannaCry its how he was able to stop it.
The latter charges all mostly revolve around an unnamed person XXXXX
------------------
Rumours are flying left right and centre amongst both the blackhat and whitehat communities. Ranging from he was the original author of WannaCry to he was stitched up by the blackhatters for stopping WannaCry (something Marcus himself feared and why he didnt want his name public).