ILFRACOMBE, England—A young British computer expert credited with cracking the WannaCry cyber attack told The Associated Press he doesn’t consider himself a hero, but fights malware because “it’s the right thing to do”.
In his first face-to-face interview, Marcus Hutchins, who works for Los Angeles-based Kryptos Logic, said on Monday that hundreds of computer experts worked throughout the weekend to fight the virus, which paralyzed computers in some 150 countries.
“I’m definitely not a hero,” he said. “I’m just someone doing my bit to stop botnets.”
The 22-year-old computer whiz from the south coast of England, discovered a so-called kill switch that slowed the unprecedented outbreak on Friday. He then spent the next three days fighting the worm that crippled Britain’s hospital network, as well as computer systems around the world.
WannaCry paralyzed computers running mostly older versions of Microsoft Windows by encrypting users’ computer files and displaying a message demanding anywhere from $300 to $600 to release them; failure to pay would leave the data mangled, and likely beyond repair.
Hutchins said he stumbled across the solution when he was analyzing a sample of the malicious code and noticed it was linked to an unregistered web address. He promptly registered the domain, something he regularly does to discover ways to track or stop cyber threats, and found that stopped the worm from spreading.
Salim Neino, CEO of Kryptos Logic, said Hutchins took over the kill switch on Friday afternoon European time, before it could fully affect the US.
“Marcus, with the program he runs at Kryptos Logic, not only saved the US, but also, prevented further damage to the rest of the world,” Neino said. “Within a few moments, we were able to validate that there was indeed a kill switch. It was a very exciting moment. This is something that Marcus validated himself.” He said the company was not able to identify “Patient Zero”, the first system infected, which would give researchers more information about who was behind the attack.
Nevertheless, he said the worm was “poorly designed”—patched together and a “sum of different parts” with an unsophisticated payment system.
Kryptos Logic is one of hundreds of companies working to combat online threats for companies, government agencies and individuals around the world.
Hutchins himself is part of a global community that constantly watches for attacks and works to thwart them, often sharing information on Twitter. It’s not uncommon for members to use aliases, to protect from retaliatory attacks and ensure privacy. Hutchins has long tweeted under the handle MalwareTech, which features a profile photo of a pouty-faced cat wearing enormous sunglasses. But he realizes his newfound fame will mean an end to the anonymity.
After all, now he’s a computer celebrity. He’s been in touch with the Federal Bureau of Investigation, as well as British national cyber security officials.
“I don’t think I’m ever going back to the MalwareTech that everyone knew,” said the curly haired young man, shrugging and flashing a winning smile.
It is likely to be a big adjustment. Hutchins lives with his family in this seaside town, where he works out of his bedroom on a sophisticated computer setup with three enormous screens. He will soon become a local hero—but if you ask him, his life of celebrity will be short lived.
“I felt like I should agree to one interview,” he said. But even that made the fame-averse Hutchins so nervous that he initially misspelled his last name, leaving out the letter “n’’ when doing a sound-level for the cameras.
His mother Janet, a nurse, couldn’t be prouder—and was happy to have the veil of anonymity lifted.
“I wanted to scream, but I couldn’t,” she said. Many will be following his next moves though. CyberSecurity Ventures, which tracks the industry, estimates global spending on cyber security will jump to $120 billion this year from just $3.5 billion in 2004.
It forecasts expenditures will grow between 12 percent and 15 percent annually for the next five years.
“While all other technology sectors are driven by reducing inefficiencies and increasing productivity, cyber security spending is driven by cyber crime,” the firm said in a February report. “The unprecedented cyber-criminal activity we are witnessing is generating so much cyber spending, it’s become nearly impossible for analysts to keep track.”
After more analysis, Hutchins, an avid surfer, plans to take a vacation—traveling to Las Vegas and California on the company dime. One guess on what he’ll be doing: Yes, surfing. On waves this time.
Image credits: AP/Frank Augstein