The internet is the modern Library of Alexandria,
serving as a massive archive of human knowledge, communication, and resources. Every day, billions of people log on and communicate
with people a world away as they work, learn, shop, and create. It’s become as much a part of everyday life
as the car or electricity. So what would happen if it all suddenly went
away? The internet is a complex network of hardware
and software that’s connected to all our homes through cables and cellular data. But while the internet is a lot more durable
than it used to be, it still has its weak spots - chief among them malware. Software designed to cause damage to a computer,
server, or computer network, malware has been around since the earliest days of the internet. Of course, in the early days malware wasn’t
quite so sophisticated. One of the first computer worms, or software
bugs, the Morris Worm, was eventually contained on a floppy disk and is stored in a museum. Today’s computer viruses are much harder
to contain, uploaded through sophisticated software that disguises their true purposes
and spread through many channels. And one, the WannaCry ransomware attack, nearly
caused incalculable damage to the internet - if it wasn’t for the help of the unlikeliest
of cyber-heroes. It was May 2017 and the internet was humming
along, with billions of people using it daily. But many people were using old computers,
and that created a vulnerability. Older computers are using outdated security
measures, which may have been effective at protecting from viruses and hackers when they
were released but not as technology evolved. So a mysterious group of black-hat hackers
- hackers who infiltrate security systems for blackmail and extortion purposes - decided
to take advantage. They decided to create a cryptoworm targeting
Microsoft Windows operating systems, the most popular operating system in the world. Most viruses rely on the person who receives
them to do something to let them in - like clicking on a suspicious link in an e-mail. Why, yes, I would like to inherit a billion
dollars from a Nigerian prince. This isn’t suspicious at all! But not WannaCry. WannaCry was unique - because it would spread
itself. It used a transport mechanism to search operating
systems, use a backdoor exploit to gain access, and then install and execute a copy of itself
without the user ever needing to let it in. And once it was in - all hell broke loose. It would immediately encrypt all data on the
computer system, locking it up and turning the computer into a very expensive brick. The only way to fix it, according to the hackers? Pay a hefty ransom in the cryptocurrency bitcoin,
and get a code to unlock your computer. There was only one problem - people submitted
their payments, but never seemed to get their data back. It didn’t take long for security experts
to say that this was a scam, and not to pay the ransom, but that didn’t help those people
who’d had their systems destroyed. For the average person, this was a massive
inconvenience - especially if you were in the middle of trying to submit a term paper. But for corporations and institutions, it
was much worse. Many organizations found out the wrong way
that they were using outdated software, and found years of data vulnerable. Universities, government organizations, hospitals,
and major corporations all found themselves kneecapped by WannaCry. Even boldface names like FedEx, Deutsche Bahn,
and Nissan were hit. The worm was spreading fast, and if it was
allowed to keep hitting systems, the damage would be incalculable. That’s when into the breach, an unlikely
hero stepped. There’s only one way to stop an attack from
a malicious hacker - and that’s with another hacker who can outsmart them. Marcus Hutchins was your ordinary British
lad, the son of a Scottish mother and a Jamaican father. But from an early life, when he wasn’t enjoying
the waves and working as a lifeguard, he displayed a great skill with computers. He got started with hacking early when he
was a boy, hacking his school computers to install video game software. But it wasn’t long before his interest in
cracking computer codes led him to more sinister figures. By the time he was a teenager, he was joining
forums that taught him about developing malware. Marcus was about to take his first big step
into the hacking world, and his school was the first to be hit. Marcus created a code that would steal people’s
passwords using an AutoFill feature on Microsoft computers. He became so fixated with developing code
that his grades started to suffer despite being more than smart enough to tackle the
material. When the school’s computer systems got hacked,
Marcus was quickly blamed. Although the school could never prove he was
behind it, they still banned him from using their computers - which led Marcus to pull
away from school and spend more time with his new friends in the malware forums. They were about to lead him down a dangerous
path. Marcus was only fifteen when he joined a bigger,
more dangerous hacking forum, HackForums, and they had high standards for their members. Each member had to create a botnet, an automated
program that distributed bots which stole data or shut down computer systems. This is the same system that was used to distribute
WannaCry, but Marcus’s plans weren’t that apocalyptic. He created a system that would target users
that illegally downloaded things off BitTorrent, giving him the opportunity to take control
of their computers. By 16, Marcus was known as a powerhouse in
the hacking world. He wasn’t the most renowned hacker out there
yet - but he was about to catch their eye. No one knew who “Vinny” was - that was
the point of a hacker forum. Everyone concealed their identity, but Vinny
had use for Marcus’ hacking skills. He wanted him to create a kit of hacker tools
that could be sold on the online marketplace. Hutchins realized that these tools could be
used for cybercrime, and this would make him an accessory. But the lure of money was too big, and he
made the kit - which sold like crazy! Vinny thanked him with a box of illegal drugs. But Marcus was about to find out that the
only thing harder than getting into the hacking deep web...is getting out. Vinny soon came back to Marcus to ask him
to develop a second, more powerful rootkit that would be used to target financial transactions
and banks. Marcus didn’t want to take the risk, but
Vinny revealed he knew exactly where Marcus lived and would turn him over to the FBI if
he didn’t help him. Marcus put his hacking skills to work, developing
a powerful keylogging program that didn’t include the original request for a web inject
system that would steal payment info directly. This would come to be known as Kronos, one
of the most powerful hacking tools on the internet. Marcus Hutchins had played with fire, and
he was too deep in the hacker world to get out. But his deep dive into cybercrime turned out
to be exactly what was needed to save the internet. Now 19, Marcus continued to be involved in
cybercrime thanks to Vinny’s blackmail, and had become addicted to drugs. When he met a mystery man named Randy online,
he learned that Randy was a philanthropic hacker. When a hacking mishap cost Randy $5000, Marcus
revealed he created Kronos and gave Randy a free copy. He distanced himself from Vinny and developed
a new identity as the author of a blog called MalwareTech, where he analyzed the strengths
and weaknesses of hacking devices. That gained him the attention of Salim Neino,
the CEO of the tech firm Kryptos Logic, and they worked together to stop powerful hacking
attacks that shut down institutions like Lloyd’s Bank. But his biggest test as a hacker was still
to come. It was May 12th, 2017 when the WannaCry attack
began, and it had spread to over 150 countries in under a day. No one was sure how to unlock the computers
or how to stop the virus, but Marcus Hutchins had been one of the first people to become
aware of it. He knew what malware looked like, and he had
tracked it to an unregistered domain name - the giveaway of a botnet. When he registered the domain, he was able
to set up decoy servers at Kryptos Logic to lure the worm in, allowing them to track it. Hutchins and his coworkers at Kryptos Tech
partnered with the UK’s National Cyber Security Centre, and they were able to keep the worm
from progressing further. Only a few days later, they released a patch
that would protect users with outdated computers from the virus. French cybersecurity experts soon joined in,
and were able to unlock the affected computers. All’s well that ends well - except that
Marcus Hutchins had just become a cyber superstar. And his past was about to come back to haunt
him. Marcus was one of the most sought after people
in cyber-security, and although he wanted to stay under the radar, he agreed to give
an interview to the Associated Press. Everyone wanted to talk to the guy who stopped
WannaCry, and there was no bigger event for cybersecurity than the DEF CON conference
in Las Vegas. The quiet English boy with a dark past was
about to enter the biggest state in the tech world, and he spent the conference hobnobbing
with the biggest names in the industry. Everyone wanted to hear his story. But they weren’t the only people waiting
for him in America. After a whirlwind conference, Hutchins was
more than ready to get back to England. But as he was waiting in the airport, he was
approached by several well-dressed men who asked to talk to him. He was taken into a stairwell, where they
put him into handcuffs. He wondered if they found marijuana in his
bag, or something else petty. But as they questioned him, it was clear they
wanted to know about one thing - Kronos. It turns out that being the world’s most
famous white hat hacker didn’t get you immunity from your time as a black hat hacker. The FBI had been lying in wait for Marcus
for a while, staking him out at his Air BNB in Las Vegas and even working with airport
security to make sure he wasn’t delayed in the line. Everyone knew he wouldn’t be getting on
a plane to London any time soon. It turned out that “Randy” had identified
him as the developer of Kronos after he was caught up in another hacking site bust. Hutchins had made powerful enemies, and they
intended to send him to prison for a long time. The good news was, he had powerful friends
as well. When Hutchins contacted Neino, the cybersecurity
world sprung into action to pay his bail - although many of them tried to pay with stolen credit
cards and bitcoin. Marcus was released to house arrest, and was
charged with six felony counts. But he wasn’t the one the FBI really wanted. They wanted his initial handler, Vinny - a
powerful cyber-criminal. But Marcus didn’t know much about Vinny
and didn’t want to report on the other hackers he knew. So the FBI played hardball - they added four
more charges. The man who saved the internet, ironically,
had exposed himself to serious jail time by his cyber-heroics. The pre-trial period went on for over a year,
as the FBI wanted to force Marcus into a deal. But as it became clear that Marcus didn’t
have the information they wanted, and support for him online grew, the FBI agreed to a plea
deal. He would plead guilty to two of the ten charges
and apologize, and he would be sentenced to time served instead of jail time, plus a year
of supervised release. That means he’s still a guest of the United
States and will likely be deported to the UK when it’s over - only delayed by three
years. Marcus Hutchins played with fire, unleashing
dangerous hacking tools on the internet. And without that knowledge, the internet itself
might not have survived WannaCry. For how Marcus Hutchins would compare to other
legends of cyberwarfare, check out “10 Most Dangerous Hackers of All Time”, or try this
video instead.
