Marcus Hutchins prosecutors outline secret evidence to be introduced

The evidence is under a protective order. A pre-trial hearing is set for Oct. 17.

Prosecutors in the case against Marcus Hutchins, the British cybersecurity researcher recently arrested in the U.S. on charges of creating the Kronos banking malware, were this week granted a protective order keeping much of their evidence out of the public eye.

The Justice Department asked the Wisconsin federal judge hearing the case for restrictions on releasing the evidence because it includes “information related to other ongoing investigations, malware, and investigative techniques.” The defense didn’t contest the request and the judge granted the order.

While Hutchins, his lawyers, and any outside experts they engage will be able to see the evidence in a pre-trial procedure known as discovery, they are not allowed to share anything with anyone outside the defense team — and the expert witnesses will have to sign a copy of the order, showing they agree to its terms.

Hutchins, better known by his Twitter handle MalwareTechBlog, pleaded not guilty, to the charges last week.


Prosecutors say discovery will include “150 pages of Jabber chats between the defendant and an individual (somewhat redacted). Business records from Apple, Google and Yahoo. Statements (350 pages) to the defendant from another internet forum which were seized by the government in another district. 3-4 samples of malware. [And] a search warrant executed on a third party which may contain some privileged information.”

Arrested on Aug. 2 in Last Vegas, Hutchins had already become famous as the man who found the kill switch that deactivated WannaCry and stopped its spread. He is currently out of jail on $30,000 bail and residing in Los Angeles with GPS tracking. He’s continuing his work as a security researcher — except he can no longer work on or access the WannaCry sinkhole used to stop the ransomware.

A pre-trial hearing by phone is set for Oct. 17.

Latest Podcasts