OFFICE A TRUE JUL 201 Dev It cm UNITED STATES DISTRICT COURT Ag 3 Eastern District of Wisconsin EASTERN DISTRICT OF WISCONSIN UNITED STATES OF AMERICA Plaintiff v Case N1 7 2 Title 18 United States Code Sections 371 lO30 a 5 A and 2511 a 1 and 2512 1 a and MARCUS HUTCHINS aka Malwaretech Defendants INDICTMENT COUNT ONE THE GRAND JURY CHARGES 1 At times material to this indictment DEFENDAN TS b Defendant MARCUS HUTCHINS was a citizen and resident of the United Kingdom HUTCHINS used various online aliases including Malwaretech RELEVANT TERMS c A protected computer was a computer in or affecting interstate or foreign commerce or communications including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communions of the United States Case Filed 07 11 17 Page 1 of 8 Document 1 Malware was a term used to describe malicious computer code installed on protected computers without authorization that allowed unauthorized access to the protected computer e Kronos was the name given to a particular type of malware that recorded and ex ltrated user credentials and personal identifying information from protected computers Kronos malware was commonly referred to as a banking Trojan f was a term used to describe computer code used to conceal the existence of malware from anti-virus software The Conspiracy 2 Between in or around July 2014 and July 2015 in the state and Eastern District of Wisconsin and elsewhere and MARCUS HUTCHINS aka Malwaretech knowingly conspired and agreed with each other to commit an offense against the United States namely to knowingly cause the transmission of a program information code and command and as a result of such conduct intentionally cause damage without authorization to 10 or more protected computers during a 1-year period in violation of Title 18 United States Code Sections 1030 a 5 A and Manner and Means of Conspiracy 3 The manner and means sought to accomplish the object and purpose of the conspiracy included a Advertising the availability of the Kronos malware on intemet forums b Selling the Kronos malware Case Filed 07 11 17 Page 2 of 8 Document 1 0 Receiving and distributing the proceeds obtained from selling the Kronos malware and d Acts done in furtherance of the conspiracy were concealed and hidden and caused to be concealed and hidden Overt Acts in Furtheranee of the Consniraey 4 In furtherance of the conspiracy and to accomplish the object and purpose of the conspiracy the following overt acts among others were committed and were caused to be committed a Defendant MARCUS HUTCHINS created the Kronos malware b On or about July 13 2014 a video showing the functionality of the Kronos Banking troj an was posted to a publically available website - Defendant used the video to demonstrate how Kronos worked 6 In or around August 2014 on an internet forum defendant -offered to sell the Kronos Banking trojan for $3 000 d In or around February 2015 defendants MARCUS HUTCHINS and - updated the Kronos malware e On or about April 29 2015 defendant using the name the availability of the Kronos malware on the AlphaBay market forum f On or about June 11 2015 defendant sold a version of the Kronos malware in exchange for approximately $2 000 in digital currency g On or about July 17 2015 defendant Offered services for Kronos All in Violation of Title 18 United States Code Section 371 Case Filed 07 11 17 Page 3 of 8 Document 1 aryw v rum COUNT TWO THE GRAND JURY FURTHER CHARGES Between in or around July 2014 and August 2014 in the state and Eastern District of Wisconsin and elsewhere and MARCUS HUTCHINS aka Malwaretech knowingly disseminated by electronic means an advertisement of any electronic mechanical or other device knowing and having reason to know that the design of such device renders it priman'ly useful for the purpose of the surreptitious interception of electronic communications knowing the content of the advertisement and having reason to know that such advertisement will be transported in interstate and foreign commerce In violation of Title 18 United States Code Sections 2512 1 c i and 2 Case Filed 07 11 17 Page 4 of 8 Document 1 COUNT THREE THE GRAND JURY FURTHER CHARGES On or about June 11 2015 in the state and Eastern District of Wisconsin and elsewhere and MARCUS HUTCHINS aka Malwaretech - intentionally any electronic mechanical or other device in interstate and foreign commerce knowing and having reason to know that the design of such device renders it primarily useful for the purpose of the surreptitious interception of electronic communications In violation of Title 18 United States Code Sections 2512 l a and 2 Case Filed 07 11 17 Page 5 of 8 Document 1 COUNT FOUR THE GRAND JURY FURTHER CHARGES On or about June 11 2015 in the state and Eastern District of Wisconsin and elsewhere and MARCUS HUTCHINS aka Malwaretech intentionally sold any electronic mechanical or other device knowing and having reason to know that the design of such device renders it primarily useful for the purpose of the surreptitious interception of electronic communications and that such device and any component thereof was transported in interstate and foreign Commerce In violation of Title 18 United States Code Sections 2512 1 b and 2 Case Filed 07 11 17 Page 6 of 8 Document 1 COUNT FIVE THE GRAND JURY FURTHER CHARGES On or about June 11 2015 in the state and Eastern District of Wisconsin and elsewhere and MARCUS HUTCHINS aka Malwaretech knowingly and intentionally endeavored to intercept and procure any other person to intercept certain electronic communications namely computer keystrokes of others without the knowledge or consent of said others In violation of Title 18 United States Code Sections 2511 1 a and 2 Case Filed 07 11 17 Page '7 Of 8 Document 1 COUNT SIX THE GRAND JURY FURTHER CHARGES On or about June 1 l 2015 in the state and Eastern District of Wisconsin and elsewhere and MARCUS HUTCHINS aka Malwaretcch knowingly caused the transmission of a program information code and command and as a result of such conduct attempted to cause damage without authorization to 10 or more protected computers during a 1-year period In Violation of Title 18 United States Code Sections 1030 a 5 A and 1030 b and 2 A TRUE BILL F0 EPERSON ar- GREGM HAANSTAD United States Attomey Case Filed 07 11 17 Page 8 of 8 Document 1                     National Security Archive    Suite 701  Gelman Library  The George Washington University    2130 H Street  NW  Washington  D C  20037    Phone  202 994‐7000  Fax  202 994‐7005  nsarchiv@gwu edu