MILWAUKEE — British cybersecurity expert Marcus Hutchins, once credited with stopping the worldwide WannaCry computer virus, said in a jailhouse phone call that he wrote code for someone who used it for the malware Hutchins is now charged with, according to federal court documents released Tuesday.
The disclosure is contained in a transcript of the call between Hutchins and an unidentified person, hours after FBI agents detained him in Las Vegas before he boarded a flight home to England last year. A grand jury indictment accuses Hutchins of creating and distributing malware known as Kronos, designed to steal banking passwords.
Hutchins, 23, has pleaded not guilty. Prosecutors filed the transcript in court on the eve of a hearing where Hutchins will ask for the phone conversation to be suppressed, along with a two-hour FBI interview. His attorneys have argued Hutchins didn't fully understand Miranda warnings because he's a foreigner and was also sleep-deprived after a week partying in Vegas.
Prosecutors have said Hutchins made incriminating statements during the FBI interview.
Hutchins' arrest last August came as a shock because only four months earlier he was lauded as a cybercrime-fighting hero for finding a "kill switch" to slow the outbreak of the WannaCry virus, which crippled computers worldwide, encrypting files and making them inaccessible unless people paid a ransom ranging from $300 to $600.
Hutchins Attorney Brian Klein did not immediately respond to an email. Assistant U.S. Attorney Michael Chmelar said he couldn't comment.
In the jailhouse call, which Hutchins was told was being recorded, he said he "used to write malware" years before.
According to the transcript, Hutchins said: "So I wrote code for a guy a while back who then incorporated it into a banking malware, so they have logs of that, and essentially they want to know my part of the banking operation or if I just sold the code onto some guy then they wanted me to, once then found I sold the code to someone, they wanted me to give them his name, and I don't actually know anything about him."
The indictment said the crimes happened between July 2014 and July 2015, but prosecutors have still not offered any details about the number of victims. Prosecutors also said in recent court filings that Hutchins is suspected to have sold the Kronos software to someone in Wisconsin and that he "personally delivered" the software to someone in California.
But details of Hutchins' arrest and the crimes he's accused of committing have otherwise been sparse — and Hutchins' attorneys have repeatedly criticized prosecutors for it in court documents.
During the jailhouse call, Hutchins also said he repaid a debt of about $5,000 by giving someone logs that had the compiled binary of the code he created for the person who used it for banking malware. Both happened when Hutchins was about 18, he said in the call.
"I knew it was always going to come back," Hutchins said on the call, adding that he didn't "think it would be so soon."
In addition to computer fraud, the indictment lists five other charges, including attempting to intercept electronic communications and trying to access a computer without authorization. Hutchins faces decades in prison if convicted of all the charges. He has been barred from returning home and has been living in California, where he works as a cybersecurity consultant while he awaits trial.