“Voice ID is probably one of the least future-proof password alternatives there is. The technology already exists to recreate someone’s voice from snippets of them talking. In a few years anyone will just be able to call you, record you talking, then rebuild your voice from that.” Marcus Hutchins – A.K.A. MalwareTech – Cyber Threat Intelligence at Redacted
About Marcus Hutchins:
Marcus Hutchins (born 1994), also known online as MalwareTech, is a British computer security researcher known for temporarily stopping the WannaCry ransomware attack. He was employed by cybersecurity firm Kryptos and Redacted Logic. Hutchins is from Ilfracombe in Devon. He became involved with an online forum that promoted malware development, more as a means to show off their skills to each other rather than for nefarious purposes. When he was about 14 years old, he created his own contribution, a password stealer based on Internet Explorer’s AutoFill feature, which was met with approval by the forum. He spent much of his time with this community to the extent his school work began to fail. When the school’s systems were compromised, the school authorities claimed Hutchins was the culprit. Though he denied any involvement, school authorities permanently suspended him from using the computers at school, which further pushed Hutchins to skip school more often and spend more time in the malware forums.
The WannaCry cryptoworm attack had started around 12 May 2017; using an exploit in Microsoft Windows’ Server Message Block, it quickly spread from its initial point of injection believed to be in North Korea to over 230,000 computers in 150 countries within the day. Computers infected were seemingly locked out from use and could be unlocked only if the user sent a quantity of bitcoin to a given account.
Hutchins had become aware of WannaCry the afternoon of 12 May, and though he had been on vacation, he began reverse engineering the code from his bedroom. He discovered that the malware was tied to an odd-looking domain name, suggesting the malware would be part of a command-and-control structure common to botnets, but to his surprise, the domain name was not registered.
He quickly registered the domain and set up servers at Kryptos Logic within it to act as honeypots, allowing them to track the infected computers. While the WannaCry worm continued to spread over the next few hours, security researchers found that because Hutchins had registered the domain name when he did, WannaCry would not execute further, effectively becoming the worm’s killswitch.
Hutchins and Kryptos, along with the UK’s National Cyber Security Centre, spent the next several days maintaining the honeypot servers from additional DDoS attacks, some restarted by ongoing Mirai botnets as to make sure the killswitch remained active while Microsoft and other security workers rushed to patch the exploit in the Server Message Block and issue it to end users. A separate effort from French cybersecurity researchers found a method to unlock and decrypt affected computers without having to pay the ransom.