Marcus Hutchins: Life Lessons from the Cyber Hero’s Story

In May 2020, the full story of a cyberhero hit the internet. His name; Marcus Hutchins. Though he was celebrated for his glorious feat against a dreadful malware named WannaCry, he was soon caught up by his dark past.

Here is a timeline of Marcus Hutchins, right up to the happening of the event:

At age 6, Marcus Hutchins had begun to dismantle the family’s computer and grew curious to know more about the HTML characters behind websites. Hutchins learnt to program his way out of restricted sites on his school’s computer, just to install games without anyone knowing. He could run any code he wanted after realizing how to write scripts on Visual basic.

On his 13th birthday, he was given computer components by his parents to build his computer himself. After building his computer, he spent more time on the internet. At 14 years, he was exploring minor hacking forum on the web which created mayhem to MSN platform.

At age 15, he was banned from using his school’s computer, after which he was suspended from school for 2 weeks, based on the accusation of creating cyber attack on the school’s network.

In 2009, he moved on to HackForums where the users lacked repute in their ethics and were advanced in their skills. He discovered ways of running his botnets on 8000 computers, causing distributed denial of service (DDoS) attack and got his monthly fee for selling web host services.

Age 16, he developed a reputation as a malware ghostwriter, where he had paying customers and met pseudonym Vinny. Vinny and Hutchins became business partners and with time, Hutchins shared his address and personal information to Vinny.

In 2012, Vinny wanted Hutchins to create a bank Trojan; UPAS kit 2.0 version which Hutchins did without adding a web inject, unknowing to him that Vinny had hired another hacker to create it. After much threats and fear from being exposed to the FBI, Hutchins helped Vinny program the web inject made by the other programmer into their malware. Vinny later decided to change the name of the UPAS kit to Kronos.

Hutchins met another hacker named Randy on TrojanForge, a hacker’s forum. In this case unlike Vinny, Randy was open about his personal life and made Hutchins comfortable in sharing his. Randy asked Hutchins to create an educational app for some legitimate business after Hutchins refused to create a banking malware for him.

Randy sent $10,000 worth of cryptocurrency to Hutchins to use for bitcoin daytrading, knowing he had a few tricks. In 2015, bitcoin price crashed and cleared about $5,000 of Randy’s saving. In a bit to make it up, Hutchins told Randy that he had created the Kronos and offered the rootkit to Randy to make even.

Hutchins had stopped cybercrime in 2013 and created a site called MalwareTech where he shared posts of technical minor malware that allowed whitehats and blackhats visit. He built a Kelihos botnet tracker that got him a job at a cybersecurity firm based in Los Angeles called Kryptos Logic. Hutchins continued working on his site MalwareTech and sharing updates on twitter where he had thousands of followers.

In 2016, a malware called Mirai affected Dyn, a server provider that acts like a type of phone book for the internet. When Dyn went down, Amazon, Netflix, PayPal, Reddit and other telecoms went down but Hutchins and a colleague at work tracked Mirai while he shared his progress using twitter feeds.

In May 2017, there was a cyber attack that hit about 5 hospital’s network across East London and multiple NHS hospitals. It was an automated worm spreading across the internet. The worm was named WannaCry. Hutchins found and activated the kill switch contained in its code, thereby neutralizing WannaCry’s threat immediately.

After much celebration, Hutchins arrived early at the airport to take his flight back to the UK to visit his family. As he awaited his flight, he was handcuffed and taken to the interrogation room after identifying himself to men in customs uniform, thereafter, interrogated by the FBI.

When he was asked about a program called Kronos, Hutchins was shocked. Although, he knew this day would come, he just did not know when. It was his chat with Randy the FBI offered as proof of evidence during his arrest.

April 2019, Hutchins accepted a bargain for a plea, making him guilty for 2 counts out of 10 charges. In July that same year, he had his hearing and the Judge decided to give him a second chance.

Lessons and life hacks you can learn from this

Though this story was published on May 5th, 2020 by www.wired.com, these are the lessons we can learn from Marcus Hutchins’ story.

• Be careful whom and how you give out your personal details and information to over the internet and avoid making the same mistakes twice.
• Social media can be used as a weapon: Hutchins used twitter to share updates of his new findings. When the news of Hutchins arrest leaked to a news reporter, it stormed on twitter. People took up Hutchins’ cause. Two cybersecurity professionals, Fatah Wheeler and Deviant Ollam took it upon themselves to pay for his bail which was set at $30,000.
• Know your business partners. Don’t partner with people you know little or nothing about. Learn to have accurate information of whoever you choose to partner with.
• Ensure you have strong cybersecurity system for your company that cannot be hacked into.
• Legitimate jobs and businesses pay. Hutchins discovered this after taking his job at Kryptos Logic that legitimate jobs pay way better than cybercrime. You can always be the good guy and still earn a lot.
• Be the best at what you do.
• Take others along and impact people with your skills. This is what Hutchins did on his site and his tweets. That was why thousands of people could vouch for him despite not knowing him.
• Help those in need. Hutchins did not stop WannaCry because it was his job or he needed money, he did it because he knew people could die and decided to help them. Fortunately in return, he had help when he needed it, even from total strangers.

Lastly, no matter how much of a villain you have been, it’s not too late to be a hero.