Belfast Telegraph

Home News World

Expert who beat cyber attack: I'm not a hero

A young British computer expert credited with cracking the WannaCry cyber attack has said he does not consider himself a hero but fights malware because "it's the right thing to do".

In his first face-to-face interview, Marcus Hutchins, who works for Los Angeles-based Kryptos Logic, said that hundreds of computer experts worked throughout the weekend to fight the virus, which paralysed computers in some 150 countries.

"I'm definitely not a hero," he told The Associated Press. "I'm just someone doing my bit to stop botnets."

The 22-year-old surfer discovered a so-called "kill switch" that slowed the unprecedented outbreak on Friday. He has spent the next three days fighting the worm that crippled Britain's hospital network as well as computer systems around the world.

WannaCry paralysed computers running mostly older versions of Microsoft Windows in some 150 countries. It encrypted users' computer files and displayed a message demanding anywhere from 300 US dollars to 600 US dollars to release them; failure to pay would leave the data mangled and likely beyond repair.

Mr Hutchins said he stumbled across the solution when he was analysing a sample of the malicious code and noticed it was linked to an unregistered web address. He promptly registered the domain, something he regularly does to discover ways to track or stop cyber threats, and found that stopped the worm from spreading.

Salim Neino, chief executive of Kryptos Logic, said Mr Hutchins took over the "kill switch" on Friday afternoon European time, before it could fully affect the United States.

"Marcus, with the program he runs at Kryptos Logic, not only saved the United States but also prevented further damage to the rest of the world," Mr Neino said. "Within a few moments, we were able to validate that there was indeed a kill switch. It was a very exciting moment. This is something that Marcus validated himself."

Kryptos Logic is one of hundreds of companies working to combat online threats for companies, government agencies and individuals around the world.

Mr Hutchins himself is part of a global community that constantly watches for attacks and works to thwart them, often sharing information on Twitter. It is not uncommon for members to use aliases, to protect from retaliatory attacks and ensure privacy.

Mr Hutchins has long tweeted under the handle MalwareTech, which features a profile photo of a pouty-faced cat wearing enormous sunglasses.

But he realises his newfound fame will mean an end to the anonymity.

Security researchers are looking at possible connections between the global "ransomware" attack and North Korea, though one firm cautions that the connection is "weak".

The security company Kaspersky Lab said portions of the "WannaCry" ransomware use the same code as malware previously distributed by Lazarus, a group behind the 2014 Sony hack blamed on North Korea.

But it is possible the code was simply copied from the Lazarus malware without any other direct connection.

Another security company, Symantec, has also found similarities between WannaCry and Lazarus tools, but said "they so far only represent weak connections. We are continuing to investigate for stronger connections."

Later Taiwanese state media said the WannaCry cyber attack infected computers in 10 schools, the national power company, a hospital and at least one private business.

However, the Central News Agency said the ransomware program caused no damage to the schools' core database systems.

The news agency said WannaCry also infected computers at an office of the Taiwan Power Company, a hospital and a business in the central city of Taichung. The business, whose name was not given, reported paying 1,000 dollars in bitcoin to unlock files held hostage by the program. It was not clear whether the files had been recovered.

The news agency said there have been no reported incidents of the ransomware affecting government agencies.


Daily News Headlines Newsletter

Today's news headlines, directly to your inbox.


From Belfast Telegraph