All articles

If you could stop a devastating cyberattack, would you think about yourself first, or just act? This is the uncensored story of the WannaCry ransomware attack, how Marcus Hutchins went from cyber celebrity to wanted cyber criminal overnight and where he is now.

The story of WannaCry and hacker Marcus Hutchins

“I was shaking, I think I sweated through my T-shirt and blazer. I did not know how to feel – it just felt like everything was coming to an end, but not in a good way…”

For Marcus Hutchins, a dream that turned into a nightmare ended in July 2019 with a compassionate sentence by a Milwaukee judge. “I just got out of my court hearing for the sentencing. I wasn’t sure how it would go down. I was very, very nervous,” he told us after leaving the courtroom. “But the judge took a broad view of the entire circumstances. He weighed up my past work helping security. He ended up ruling ‘time served,’ which was a big surprise to me. But it does make sense, when you weigh in that I’ve been forced to stay in a foreign country for two years.”

Marcus’s story starts with what strangely became his downfall – stopping a catastrophic ransomware attack called WannaCry.

What is the WannaCry ransomware attack?

Hutchins became an overnight cybersecurity celebrity in 2017. “I came back from lunch, saw all the news about something targeting the NHS and decided to dig a little deeper, which was when I noticed an unregistered domain inside the code.” He registered the domain and the infection count went down. He had found the ‘kill switch’ for the WannaCry epidemic.

WannaCry cyberhero or Marcus Hutchins, cybercriminal?

It changed his life. He became a hero, then fell to zero a few weeks later. “I woke up to see my face over a two-page spread of the Daily Mail. Media had posted my address in the paper, which meant the bad guys I am fighting know where I live.”

Marcus Hutchins arrested at Defcon 2017

After saving the world from the worst ransomware attack in history, Hutchins became a cyber hero. The pinnacle of his fame was global hacker conference Defcon 2017. Marcus had become a demi-god among cyber researchers, journalists and the public before the event. After a week in the Las Vegas sun, partying and rubbing shoulders with the industry’s biggest names, everything would come crashing down.

Big Mac to banged up – WannaCry ransomware attack continued

That week, Marcus Hutchins had shared a mansion with his friends – think huge pool, all-night parties and legal marijuana. Allegedly, while picking up a McDonalds delivery outside the mansion one morning, he noticed an unmarked FBI vehicle.

At the airport, his suspicions were confirmed, “I am completely exhausted. I have no idea what’s going on and I’m just relaxing waiting for my flight. And a man and two other people in uniform approached me and asked, “Are you Marcus Hutchins?” I said yes, and they asked me to come with them. It turned out the guy was an FBI agent and that’s when they arrested me.”

At this point, Hutchins is in a sleep-deprived state of shock. Things aren’t looking good. The FBI showed a warrant for his arrest on conspiracy to commit computer fraud and abuse. It wasn’t for his role in WannaCry, but for a cyber ghost from his past: malware called Kronos, created on the sunny shores of Devon, UK, was of critical importance to the FBI.

Marcus Hutchins’ arrest – a global phenomenon

When the world got hold of Hutchins’ arrest, social media was awash with support and slander. One cybersecurity researcher suggested Hutchins created WannaCry himself only to stop it as it spiraled out of control. But as supporters who raised the alarm on the FBI’s treatment of Hutchins, Twitter bulged with support for Marcus’ character.

Eventually, Hutchins was bailed to a halfway house with a curfew and GPS monitoring. The Twitter community again came to his aid and two lawyers took Hutchins’ case for free. They were able to overturn the curfew and GPS monitoring.

Would prosecutors persuade Hutchins to squeal?

The FBI said if Hutchins called out other hackers he knew of, they’d let him off. On principle, Marcus opposed snitching. Instead, he set his sights on a criminal trial. Hutchins’ cybersecurity background, diligence and good heart played in his favor when the day came.

Much to Hutchins’ surprise, the judge ruled his hero status could almost warrant a full pardon, but that was out of the question. Rather than a 10-year prison sentence and a 500,000 US dollar fine, Marcus stepped out of the courtroom with one year supervised release.

Wait, what? After months of anxiety, Marcus was a free-ish man. The judge smiled on him that day, understanding Hutchins had already served a type of sentence being kept in the US without the right to go home.

Where is Marcus Hutchins now?

Hutchins has retreated from the public spotlight for now. Keep an eye on his Twitter, @MalwareTechBlog, for updates on what he’ll do next. From a recent interview in WIRED, it sounds like a return to his childhood love, surfing:

“Someday, I’d like to be able to live in a house by the ocean like this, where I can look out the window and if the waves are good, go right out and surf.”

The WannaCry documentary – Marcus Hutchins’ untold story

There’s much more to Marcus Hutchins’ story, in his own words. The cybersecurity hero who stopped WannaCry turned cybercrime defendant speaks in our exclusive documentary.

Explore more of history’s craziest and most mysterious cybercrime with our hacker:HUNTER series.

Read More Show Less

If you could stop a devastating cyberattack, would you think about yourself first, or just act? This is the uncensored story of the WannaCry ransomware attack, how Marcus Hutchins went from cyber celebrity to wanted cyber criminal overnight and where he is now.

The story of WannaCry and hacker Marcus Hutchins

“I was shaking, I think I sweated through my T-shirt and blazer. I did not know how to feel – it just felt like everything was coming to an end, but not in a good way…”

For Marcus Hutchins, a dream that turned into a nightmare ended in July 2019 with a compassionate sentence by a Milwaukee judge. “I just got out of my court hearing for the sentencing. I wasn’t sure how it would go down. I was very, very nervous,” he told us after leaving the courtroom. “But the judge took a broad view of the entire circumstances. He weighed up my past work helping security. He ended up ruling ‘time served,’ which was a big surprise to me. But it does make sense, when you weigh in that I’ve been forced to stay in a foreign country for two years.”

Marcus’s story starts with what strangely became his downfall – stopping a catastrophic ransomware attack called WannaCry.

What is the WannaCry ransomware attack?

Hutchins became an overnight cybersecurity celebrity in 2017. “I came back from lunch, saw all the news about something targeting the NHS and decided to dig a little deeper, which was when I noticed an unregistered domain inside the code.” He registered the domain and the infection count went down. He had found the ‘kill switch’ for the WannaCry epidemic.

WannaCry cyberhero or Marcus Hutchins, cybercriminal?

It changed his life. He became a hero, then fell to zero a few weeks later. “I woke up to see my face over a two-page spread of the Daily Mail. Media had posted my address in the paper, which meant the bad guys I am fighting know where I live.”

Marcus Hutchins arrested at Defcon 2017

After saving the world from the worst ransomware attack in history, Hutchins became a cyber hero. The pinnacle of his fame was global hacker conference Defcon 2017. Marcus had become a demi-god among cyber researchers, journalists and the public before the event. After a week in the Las Vegas sun, partying and rubbing shoulders with the industry’s biggest names, everything would come crashing down.

Big Mac to banged up – WannaCry ransomware attack continued

That week, Marcus Hutchins had shared a mansion with his friends – think huge pool, all-night parties and legal marijuana. Allegedly, while picking up a McDonalds delivery outside the mansion one morning, he noticed an unmarked FBI vehicle.

At the airport, his suspicions were confirmed, “I am completely exhausted. I have no idea what’s going on and I’m just relaxing waiting for my flight. And a man and two other people in uniform approached me and asked, “Are you Marcus Hutchins?” I said yes, and they asked me to come with them. It turned out the guy was an FBI agent and that’s when they arrested me.”

At this point, Hutchins is in a sleep-deprived state of shock. Things aren’t looking good. The FBI showed a warrant for his arrest on conspiracy to commit computer fraud and abuse. It wasn’t for his role in WannaCry, but for a cyber ghost from his past: malware called Kronos, created on the sunny shores of Devon, UK, was of critical importance to the FBI.

Marcus Hutchins’ arrest – a global phenomenon

When the world got hold of Hutchins’ arrest, social media was awash with support and slander. One cybersecurity researcher suggested Hutchins created WannaCry himself only to stop it as it spiraled out of control. But as supporters who raised the alarm on the FBI’s treatment of Hutchins, Twitter bulged with support for Marcus’ character.

Eventually, Hutchins was bailed to a halfway house with a curfew and GPS monitoring. The Twitter community again came to his aid and two lawyers took Hutchins’ case for free. They were able to overturn the curfew and GPS monitoring.

Would prosecutors persuade Hutchins to squeal?

The FBI said if Hutchins called out other hackers he knew of, they’d let him off. On principle, Marcus opposed snitching. Instead, he set his sights on a criminal trial. Hutchins’ cybersecurity background, diligence and good heart played in his favor when the day came.

Much to Hutchins’ surprise, the judge ruled his hero status could almost warrant a full pardon, but that was out of the question. Rather than a 10-year prison sentence and a 500,000 US dollar fine, Marcus stepped out of the courtroom with one year supervised release.

Wait, what? After months of anxiety, Marcus was a free-ish man. The judge smiled on him that day, understanding Hutchins had already served a type of sentence being kept in the US without the right to go home.

Where is Marcus Hutchins now?

Hutchins has retreated from the public spotlight for now. Keep an eye on his Twitter, @MalwareTechBlog, for updates on what he’ll do next. From a recent interview in WIRED, it sounds like a return to his childhood love, surfing:

“Someday, I’d like to be able to live in a house by the ocean like this, where I can look out the window and if the waves are good, go right out and surf.”

The WannaCry documentary – Marcus Hutchins’ untold story

There’s much more to Marcus Hutchins’ story, in his own words. The cybersecurity hero who stopped WannaCry turned cybercrime defendant speaks in our exclusive documentary.

Explore more of history’s craziest and most mysterious cybercrime with our hacker:HUNTER series.

Read More Show Less

If you could stop a devastating cyberattack, would you think about yourself first, or just act? This is the uncensored story of the WannaCry ransomware attack, how Marcus Hutchins went from cyber celebrity to wanted cyber criminal overnight and where he is now.

The story of WannaCry and hacker Marcus Hutchins

“I was shaking, I think I sweated through my T-shirt and blazer. I did not know how to feel – it just felt like everything was coming to an end, but not in a good way…”

For Marcus Hutchins, a dream that turned into a nightmare ended in July 2019 with a compassionate sentence by a Milwaukee judge. “I just got out of my court hearing for the sentencing. I wasn’t sure how it would go down. I was very, very nervous,” he told us after leaving the courtroom. “But the judge took a broad view of the entire circumstances. He weighed up my past work helping security. He ended up ruling ‘time served,’ which was a big surprise to me. But it does make sense, when you weigh in that I’ve been forced to stay in a foreign country for two years.”

Marcus’s story starts with what strangely became his downfall – stopping a catastrophic ransomware attack called WannaCry.

What is the WannaCry ransomware attack?

Hutchins became an overnight cybersecurity celebrity in 2017. “I came back from lunch, saw all the news about something targeting the NHS and decided to dig a little deeper, which was when I noticed an unregistered domain inside the code.” He registered the domain and the infection count went down. He had found the ‘kill switch’ for the WannaCry epidemic.

WannaCry cyberhero or Marcus Hutchins, cybercriminal?

It changed his life. He became a hero, then fell to zero a few weeks later. “I woke up to see my face over a two-page spread of the Daily Mail. Media had posted my address in the paper, which meant the bad guys I am fighting know where I live.”

Marcus Hutchins arrested at Defcon 2017

After saving the world from the worst ransomware attack in history, Hutchins became a cyber hero. The pinnacle of his fame was global hacker conference Defcon 2017. Marcus had become a demi-god among cyber researchers, journalists and the public before the event. After a week in the Las Vegas sun, partying and rubbing shoulders with the industry’s biggest names, everything would come crashing down.

Big Mac to banged up – WannaCry ransomware attack continued

That week, Marcus Hutchins had shared a mansion with his friends – think huge pool, all-night parties and legal marijuana. Allegedly, while picking up a McDonalds delivery outside the mansion one morning, he noticed an unmarked FBI vehicle.

At the airport, his suspicions were confirmed, “I am completely exhausted. I have no idea what’s going on and I’m just relaxing waiting for my flight. And a man and two other people in uniform approached me and asked, “Are you Marcus Hutchins?” I said yes, and they asked me to come with them. It turned out the guy was an FBI agent and that’s when they arrested me.”

At this point, Hutchins is in a sleep-deprived state of shock. Things aren’t looking good. The FBI showed a warrant for his arrest on conspiracy to commit computer fraud and abuse. It wasn’t for his role in WannaCry, but for a cyber ghost from his past: malware called Kronos, created on the sunny shores of Devon, UK, was of critical importance to the FBI.

Marcus Hutchins’ arrest – a global phenomenon

When the world got hold of Hutchins’ arrest, social media was awash with support and slander. One cybersecurity researcher suggested Hutchins created WannaCry himself only to stop it as it spiraled out of control. But as supporters who raised the alarm on the FBI’s treatment of Hutchins, Twitter bulged with support for Marcus’ character.

Eventually, Hutchins was bailed to a halfway house with a curfew and GPS monitoring. The Twitter community again came to his aid and two lawyers took Hutchins’ case for free. They were able to overturn the curfew and GPS monitoring.

Would prosecutors persuade Hutchins to squeal?

The FBI said if Hutchins called out other hackers he knew of, they’d let him off. On principle, Marcus opposed snitching. Instead, he set his sights on a criminal trial. Hutchins’ cybersecurity background, diligence and good heart played in his favor when the day came.

Much to Hutchins’ surprise, the judge ruled his hero status could almost warrant a full pardon, but that was out of the question. Rather than a 10-year prison sentence and a 500,000 US dollar fine, Marcus stepped out of the courtroom with one year supervised release.

Wait, what? After months of anxiety, Marcus was a free-ish man. The judge smiled on him that day, understanding Hutchins had already served a type of sentence being kept in the US without the right to go home.

Where is Marcus Hutchins now?

Hutchins has retreated from the public spotlight for now. Keep an eye on his Twitter, @MalwareTechBlog, for updates on what he’ll do next. From a recent interview in WIRED, it sounds like a return to his childhood love, surfing:

“Someday, I’d like to be able to live in a house by the ocean like this, where I can look out the window and if the waves are good, go right out and surf.”

The WannaCry documentary – Marcus Hutchins’ untold story

There’s much more to Marcus Hutchins’ story, in his own words. The cybersecurity hero who stopped WannaCry turned cybercrime defendant speaks in our exclusive documentary.

Explore more of history’s craziest and most mysterious cybercrime with our hacker:HUNTER series.

Read More Show Less

Getting ready for the Unexpected

On July 8th an expedition to one of the most untouched places on earth set sails in the town of Petropavlovsk in Kamchatka headed towards the Kuril Islands to explore the environmental impact on this remote area of the earth, try first ascents and raise awareness for the protection of the islands. Tomorrow Unlocked accompanied the adventurers on their journey and reported on their insights, feeling, and challenges.

Scientist Rishi Sugla on how big data and machine learning can save places like the Kuril Islands by making us understand them better.

Revisit the crew’s stories #fromkurilswithlove.

If you fell in love with the Kuril Islands just like we did, help the scientists in preserving this beautiful place with your donation.

hacker:HUNTER

In August we introduced our very first web documentary series hacker:HUNTER by telling the infamous Carbanak story. An incredible heist that cost banks millions of dollars. A few weeks later we premiered the second documentary titled hacker:HUNTER – Wannacry: The Marcus Hutchins Story. An exclusive Tomorrow Unlocked documentary. Both documentaries have more than 2.345.500 views on YouTube today. Watch all episodes here.

Imagine Beyond

IT security expert Marco Preuss takes us all on a journey to unlock how tomorrow may look like in his web series Imagine Beyond. Marco talks with experts about how technology may shape our humanity in the future, and the potentials of human augmentation. We are at an exciting stage of evolution: What was science-fiction is now becoming fact and it is happening faster than most of us expected.

Dive into our augmented future with Marco!

Digitizing Art

Art is never easy. A work that fascinates and inspires one could insult and annoy the other. Social media offers creatives a perfect place to showcase their art to a completely different and international crowd. Street art in particular is a great example of this. In our web documentary Leaving the Underground we follow a group of artists to understand how technology and social media shape their art and made their creative movement possible.

TWELVE

With Covid-19 taking over the world and a lot of countries in lockdown 2020 has been a challenging year for all of us – but it also is one major historical moment we are all experiencing as a collective, be it in Russia, Germany, Nigeria or the US. We partnered up with The Community Creatives and asked creatives all over the world to capture one hour of their life in lockdown in a one-minute short film. In three rounds we managed to capture TWELVE minutes of history, creativity, and connection with entries from all over the globe, showing us that we are all the same with our fears and hopes.

Watch the finalists of the three rounds of TWELVE.

Discover the world of TWELVE in our interactive world map.

Heroes of tomorrow!

In a world where everything becomes more digital and intertwined it has become more important to protect ourselves against hackers and cybercriminals. Our web series Defenders of Digital portraits heroes like Eva Galperin and Salvi Pascual, who take a dive into the dark side of the web and combat bad guys to protect our technological future. Meet our heroes on YouTube.

More to come!

We’re celebrating our first year of Tomorrow Unlocked on a high and are more than happy to walk into our second year with brand new ideas to inform, inspire, and enrichen you. Stay tuned and let’s unlock our future together.

Follow us on YouTube, Twitter, Facebook, and Instagram.

Do we not all dread the moment when we show a friend a photo on our phone and they start swiping to see the next picture? And usually there is nothing alarming in our gallery – maybe a few hundred snapshots of us trying to (unsuccessfully) take a cute selfie with a pet. But on the other hand, all those pictures are backed up on a private cloud, such as iCloud or Google Cloud. Not just pictures: our search history, contacts, location data, social media activities or expenses are stored online, as well. The leaking of our data is not the biggest issue here, as we may secure it very easily with the right security software – the main problem which none of us seems to grasp is that we trust that this information will not be used against us.

Behavioral Data and Analytics

As most of you already know, every time we do anything online our data is being collected and analyzed in order to gain insights on our behavior. It is mainly used for ecommerce platforms, online gaming, apps, and IoT devices, to give users an ideal experience. In China retailer Alibaba uses the Zhima Credit system to create a social score where people can voluntarily choose being scored on their behavior. Citizens use it, as a huge number of them does not own a traditional credit history. A positive Zhyma score allows banks to score their credit risk. On the other hand, people with a positive score also have opportunities to get better deals in general. People use the Zhima Credit system because they are sure to earn high scores, and if they do not, they can still choose to conceal the information, right?

Are you trustworthy?

Once something is online it stays online, and it can and will be used against you. A recent international study by Kaspersky shows that out of 10.000 people, 30 pc already experienced issues because of social rating systems, like not getting a job or getting different prices for the same product online. I myself remember an issue my friend faced from an online retailer a few years back: There was this online shop I recommended to my friend, as you could order a bunch of cloths to try them on and only have to pay after you know which pieces you want to keep. While I could just create an account and shop ahead, my friend was denied the final step for ordering, and had to allow them getting insights into his SCHUFA score (SCHUFA: The General Credit Protection Association in Germany) or paying upfront. So, my friend’s online behavior gave the online retail company the impression, that he may not be trustworthy or able to pay them, and therefore denied him the service I thought was regular. Professor Chengyi Lin, Affiliate Professor at INSEAD: “If we have a holistic view on individual’s life and integrate it in one score that score could have a huge impact on all of these aspects, from financials, how you get a mortgage, getting your next job, to how you interact with others through a social setting.”

“This stays between us, okay?”

We all have this friend who we trust and share everything with, and are sure, even without saying, that the information shared is confidential. But we also have this one friend, that no matter how often you tell them “This stays between us, okay?” a few weeks later everyone knows, because they share it with their best friend, and they share it with their best friend, and so on. This is kind of what happens online. No matter how many buttons we click to deactivate being followed or how many script blockers we use, online platforms have a lot of data about you, and are very fine with sharing them for the right amount of money with other platforms to present you the perfect ad. But the perfect ad or a different price are not the most troubling part. In November 2019 Facebook reported that a number of 128.617 demands for user data by governments all over the world were made in the first half of 2019 – a record high! So, you could land on the no flight list just for posting the wrong meme or befriending the wrong people on Facebook without really knowing why.

Share with caution

Just like you would not share everything with everyone in real life, you need to be cautious of what you share online. “Take a second, think about your own data. What are you willing to exchange for the value of your data?”, suggests Prof. Chengyi Lin. It is not just likes or comments, but also your pictures: “Right now in the US a lot of protests are being monitored through a facial recognition system that could indicate on how police and others treat the protestors,” (Chengyi Lin). Social rating is not really something we can escape as easily as we may think, as it will play a much bigger part in our future, than now. All we can do is be aware of the possible consequences and think twice, if we really have to post this fun picture from last night’s party or that meme about how much month is left at the end of the money.

Do you know that feeling, when you are searching for a new apartment, then step into the perfect one and instantly start to imagine how your favorite cozy chair would look like by that window? It is kind of the same when we are using our digital devices: We place our favorite apps where we can open them quickly, create a background picture of our pet or dream vacation destination, and buy the devices that make our life easier – if you are used to iOS you are probably not going to switch to Android and it is the same the other way round. We humans like comfort, and there is no shame in wanting everything to be as comfortable as possible, so we can actually concentrate on the really important things.

But with social isolation, we hang out two more hours online than we used to, broadening our networks via online communities or social dating apps. The worst part is not having to go online to maintain a social life – on the contrary it is great, that we have this opportunity nowadays. The problem is, that we know how much information they want from us: you need to sign in with your social media profile and you cannot use them without an active mobile number for “security reasons” (for real?). And with all that, we give up staying safe, because we think this NSA guy (hey Paul) already knows everything about us, and there is nothing we could actually do against it.

You get my data! And you get my data! Everybody gets my data!

A recent study by Kaspersky shows, that even though 60 pc of us millennials are concerned about our security while dating online, only 36 pc are actually admitting they should do more to protect their digital privacy. To be honest, I am one of those people: I download all kinds of apps when I am bored at home: “You want my location data? Whatever, as long as I can have Talking Tom repeating everything I say in a funny high-pitched voice!” But okay, I am old enough to know better and not put everything online, and even if I am okay with people collecting my data by feeding me with targeted apps, this is just the tip of the iceberg. And don’t we all know, it was not the visible part of the iceberg that sunk the Titanic?

Filter Fun or Stranger Danger?

I personally know nobody who does not use social media. But the younger generations are certainly more at home and comfortable with using all the different platforms and having fun with filters. As more children have to stay indoors due to the pandemic about 33 pc of parents have become more lenient with the amount of time their children are spending online. Which is totally fine, if your children are aware of the potential dangers that may come in a public place like the Internet. But: about 52 pc of families trust their children to keep themselves safe online. Some of those children are able to set the right privacy settings and keep their accounts private, so their content is not available for everyone online. However, a thing we all know from funny video pages on social media: there are a lot of children creating insane content which is being shared all over the Internet to make fun of them, opening the doors for cyberbullying or even cyber-grooming. So yes it’s absolutely okay to let your children be on social media and grow their abilities and understanding of modern media. Yet, it is also important to talk to them about the dangers online – which are nowadays as real as the dangers we face offline – and with that have them live in their personal digital comfort zone, where they are safe and secure.

How at home do you feel in the digital world