British computer expert who stopped NHS cyber attack 'admits creating malware code'

Hutchins was praised in May for halting a worldwide cyber attack that affected NHS computers. Credit: AP

A British computer expert who was hailed a hero after helping shut down a worldwide cyber attack that paralysed NHS computers has admitted in a police interview that he created the code of a malware that harvests bank details, a Las Vegas court has heard.

A prosecutor at Hutchins' US hearing also told the court that he had "indicated" that he sold the malware.

However, the 23-year-old plans to plead not guilty to all six counts of creating and distributing the Kronos malware, his lawyer said after Friday's hearing.

The US Department of Justice said Hutchins had been charged with one count of conspiracy to commit computer fraud and abuse, three counts of distributing and advertising an electronic communication interception device, one count of endeavouring to intercept electronic communications, and one count of attempting to access a computer without authorisation.

Hutchins was granted bail under strict conditions that he pay £23,000 and remain in the US.

However, Hutchins' friends, family and colleagues were unable to raise the bail money before the court closed for the weekend, and so he will not be released until Monday.

Dan Cowhig, prosecuting, told the federal court Hutchins should not be freed because he is a "danger to the public".

"He admitted he was the author of the code of Kronos malware and indicated he sold it," Mr Cowhig said.

Hutchins' lawyer said he plans to plead not guilty to all six offences. Credit: PA

Hutchins and an unnamed co-defendant who is being sought by police, were caught in a sting operation when undercover officers brought the code, the prosecutor added.

Prosecutors claim the co-defendant sold the software for £1,522 in digital currency in June 2015.

Other evidence comes from chat logs between him and a co-defendant during which Hutchins complains about the money he received for the sale, Mr Cowhig said.

After the hearing, Hutchins' lawyer Adrian Lobo denied he is the author and said he would be pleading not guilty to all of the charges, which date between July 2014 and July 2015.

She said: "He fights the charges and we intend to fight the case.

"He has dedicated his life to researching malware, not trying to harm people. Use the internet for good is what he has done."

The charges come just months after Hutchins helped find the "kill switch" that halted a ransomware virus called 'WannaCry' that had infected more than 300,000 computers in 150 countries.

The computer expert, who goes by the computer handle MalwareTech, had been in the US attending the Def Con event in Nevada city before his arrest.

Hutchins' friend, who works in the cyber security industry and was with him at the time, said the 22-year-old "was escorted out of the airport and never made his flight."

Hutchins is due back in court on Tuesday where he is expected to formally enter his pleas.