Back to a few years ago, everyone would clearly remember a “technology pandemic” that had swept the global internet system: the WannaCry malware. More than 230,000 computers in more than 150 countries were infected, with no small economic loss.
Contributing to this “pandemic” was Marcus Hutchins, thanks to the discovery of the kill-switch feature hidden in the virus code, in order to stop this devastation. Three months after Hutchins rescued the Internet from one of the worst cyber attacks in the world, he had a “visit” from the FBI, and was asked about a malware called Kronos.
Before Hutchins became what we know today, he was a child with innate technological talent. While studying computer science at the school, he discovered a feature in Microsoft Word that allows writing scripts in the language of Visual Basic, so that he can run any code he wants and install unacceptable software. pros.
At age 13, Hutchin’s parents bought him his own computer. A year of wandering on internet forums, Hutchins has achieved the first result of a tool that steals website users’ passwords, although he himself doesn’t know what the stolen password is for.
At the age of 15, he joined the HackForums community, which shares a lot of botnets – a network of infected computers. Hutchins created the first botnet with 8,000 phantom computers, then provided web hosting services for illegal websites.
A member of HackForums was impressed by Hutchin’s ability and asked him to write anti-virus software, for $ 200. Another customer paid 800USD to create a rootkit to steal web passwords. When he was 16, he had a more serious client, nicknamed Vinny.
Vinny proposed a multifunctional rootkit for sale on hackers’ black markets, in exchange for sharing half of the profits in the rootkit business. Hutchins completed the UPAS Kit rootkit in 9 months and by the summer of 2012, this malware began to be sold. Vinny pays thousands of dollars in the form of bitcoin. At this point, Hutchins decided to drop out.
Vinny suggested upgrading UPAS Kit 2.0 by keylogger recording the victim’s typing activity, and a technique of inserting content into a website called web inject. Web injections often aim to perform bank scams, helping hackers through two layers of security when making bank transfers. Obviously, this is illegal, and Vinny’s request is not accepted. The man hinted at a threat: if their business relationship ended, he would send the information to the FBI.
Hutchins still refused this request, and updated the UPAS Kit without web injecting. After the new version of UPAS Kit was completed, Vinny announced that he hired someone else to create a web inject. Hutchins was stunned, and he wanted to stop cooperating, but Vinny continued to sell malicious code but this time Hutchins received no remuneration.
During that time, Zeus was a notorious bank trojan, so Vinny decided to change UPAS Kit’s name to Kronos – Zeus’ father in Greek mythology.
At age 19, Hutchins met someone named Randy. At first, he received an offer similar to Vinny, but after being rejected, this person asked him to write some business and educational applications, and Hutchins agreed because it was legal. The two became close, Randy trusted Hutchins to send him virtual money worth more than $ 10,000 to ask for help. In 2015, an outage caused Hutchins to lose $ 5,000 in bitcoins. After confessing to Randy, he revealed himself to be the author of Kronos, and offered to recoup the money, he would give him a free copy.
By reputation, Malware Tech, which shares malware-related techniques, Salim Neino – CEO of security firm Kryptos Logic has invited him to work, to build a botnet tracking system to alert victims if their IP address appears on a ghost computer network. Once completed, he built the second botnet tracking tool, his salary up to six digits.
Before WannaCry, Hutchins faced the Mirai malware, spread on IoT devices and caused devastating destruction, even knocking down Liberia’s national network infrastructure. In January 2017, a similar attack on Britain’s largest bank Lloyds left the system paralyzed for days.
After finding the person behind the Mirai malware, he quickly contacted this hacker. The bank attacks have stopped.
On May 12, 2017, Hutchins was on vacation for one week. This is also the time when Wanna Cry malware was released. It is dangerous because it can destroy all data and has a terrible rate of spread. It affects health systems, railroads, car factories, police departments, telecommunications, even Boeing.
After updating the panic situation on the Internet, a hacker friend sent Hutchins a copy of the WannaCry code. He discovered that before encrypting the file, the malicious code sent the command to a page of another website, meaning it was communicating with a remote control server and issuing a command. In the browser, this site address does not exist. He immediately went to the Namecheap domain registration service and bought the domain name, hoping to partially control the infected WannaCry computers, at least to track the number and location of the infected computer. By connecting to Hutchin’s web address, the information on the infected computer will not be destroyed. Hutchins found the “switch” to turn off the malware.
Shortly thereafter, one of the malicious malware’s botnets launched a DDoS attack with the goal of bringing down the holding Hutchins domain. For more than a week, Hutchin hardly slept to keep the “switch” off WannaCry from being touched.
At this point, Hutchins’ identity was also discovered, and the British press began publishing “users who saved the world from their bedrooms”. Hutchins even had to jump over the back fence to avoid reporters. Tense of public opinion and fear of fear of those behind WannaCry will launch a new version to remove his “switch”, Hutchins’ health is in a worrying situation. A week after WannaCry broke out, he was paid more than $ 1,000 for every hour of sleep by the CEO to stay healthy.
After the incident, many people became aware of the name Marcus Hutchins and praised him as a hero. Three years have passed since the Kronos incident, his life is still good, until the day the FBI appears. The “captured WannaCry hero” was the title of a series of articles the next day. However, during the trial in Milwaukee (USA) in July 2019, Hutchins was released without penalty.