British cybersecurity expert faces key hearing in Milwaukee in US case

MILWAUKEE — A British cybersecurity expert once heralded as a hero for stopping the WannaCry worldwide computer virus is due in a Milwaukee courtroom Thursday, where he will ask the judge to toss statements he made to the FBI after his arrest for allegedly writing and distributing malicious software use to steal banking passwords.

Marcus Hutchins, 23, pleaded not guilty after his arrest last August in Las Vegas before he boarded a flight home to England. U.S. prosecutors say Hutchins created and distributed the Kronos malware and made incriminating statements after his arrest.

Hutchins' arrest came as a shock, as four months earlier, he was lauded as a cybercrime-fighting hero for finding a "kill switch" to slow the outbreak of the WannaCry virus, which crippled computers worldwide, encrypting files and making them inaccessible unless people paid a ransom ranging from $300 to $600.

Details of Hutchins' arrest and the crimes he's accused of committing have been sparse, but court documents prosecutors filed Wednesday seeking to preserve Hutchins' post-arrest statements include new revelations. For example, prosecutors say Hutchins signed a consent form allowing the FBI to search his backpack, phones, and laptops and that he "was lucid and answered many detailed questions" during a nearly two-hour interview with agents.

Hutchins' defense attorneys are trying to get those statements suppressed, saying he was sleep-deprived after a week of partying in Las Vegas, where he had attended a cybersecurity convention, and that he didn't fully understand Miranda warnings because he's a foreigner.

At least one FBI agent is expected to testify at Thursday's hearing, providing one of the first public accounts of Hutchins' arrest and what he said during his initial detention.

In the new court filings, prosecutors also say Hutchins knew he was being recorded when he made two phone calls in which he "made multiple incriminating statements ... including writing the code for the banking Trojan and compiling malware binaries and sending to someone."

It wasn't initially clear why the case was filed in Wisconsin, but prosecutors say in the court documents filed Wednesday that Hutchins is suspected to have sold the Kronos software to someone in the state. He also "personally delivered" the software to someone in California, prosecutors say.

The indictment says the crimes happened between July 2014 and July 2015, but prosecutors have still not offered any details about the number of victims.

In addition to computer fraud, the indictment lists five other charges, including attempting to intercept electronic communications and trying to access a computer without authorization. Some of the new details released in the case have come in response to defense attorneys' motions to dismiss some of the charges for various reasons.

Hutchins faces decades in prison if convicted of all the charges. He has been barred from returning home and has been living in California, where he works as a cybersecurity consultant while he awaits trial.