Attorneys for WannaCry hero turned suspect request discovery evidence

Marcus Hutchins' attorneys filed a motion requesting discovery, expecting to get information to prove Hutchins was coerced to talk.

Attorneys for WannaCry hero turned suspect request discovery evidence

Attorneys for Marcus Hutchins, aka MalwareTech — the guy hailed as a hero after finding the WannaCry ransomware kill switch — filed a motion to compel the government to turn over five types of previously withheld discovery. They believe there’s evidence to prove Hutchins was coerced into his alleged confession.

Hutchins faces various charges and is awaiting trial for creating the banking trojan Kronos. When Hutchins was arrested in August, he was at the airport awaiting a flight home after attending Def Con. His attorneys noted that while the government has not denied conducting pre-arrest surveillance, it won’t turn over any discovery on that surveillance. That surveillance, they believe, likely included the fact that the agents knew Hutchins was both intoxicated and sleep-deprived when they came to arrest him. If you’ve ever attended Def Con, then you know that both of those states are highly probable.

The defense requested all materials and communications relating to Hutchins’ surveillance and arrest. The motion filed Friday stated:

The defense believes the requested discovery will show the government was aware of Mr. Hutchins’ activities while he was in Las Vegas, including the fact that he had been up very late the night before his arrest, and the high likelihood that the government knew he was exhausted and intoxicated at the time of his arrest.

In addition, the motion stated:

The defense intends to argue that the government coerced Mr. Hutchins, who was sleep-deprived and intoxicated, to talk. As such, his decision to speak with the agents was not knowing, intelligent, and made in full awareness of the nature of the right given up and the consequences of giving up that right, as the law requires.

Furthermore, the agents recorded audio of most of the interview with Hutchins. Yet they failed to record audio of them giving his Miranda rights. The U.K.’s version of Miranda doesn’t mention the right to counsel, and in the U.K., if the defendant doesn’t talk, then their silence can be used against them. Since Hutchins was exhausted and drunk, his attorneys argued that if he wasn’t advised of his Miranda rights, then he was coerced to waive his rights.

Defense wants discovery information about alleged WannaCry conspirator

The motion requested more discovery information about Hutchins’ unnamed co-defendant and alleged conspirator, as the government’s theory “has them joined at the hip.” Five of the counts against Hutchins accuse him of “acting in concert” with this co-defendant who has not yet been apprehended.

If there is proof that the co-defendant operated independently of Hutchins — as the government alleges the other person advertised and sold Kronos malware independently of Hutchins — then that doesn’t mean they conspired to commit computer fraud and abuse. The government, they argued, cannot hold back this information because it might impede the co-defendant’s arrest, as they need to prepare for Hutchins’ trial. After all, the government might be holding back information that could potentially exonerate Hutchins.

The defense is also seeking materials about “Randy,” the pseudonym referring to the government informant. “Randy” is expected to testify, as he allegedly had “extensive online chats” with Hutchins in which Hutchins purportedly talked about his criminal activity. So far, the only material handed over was a heavily redacted FBI interview of “Randy.”

Marcy Wheeler, aka @emptywheel, made an excellent point.

Hutchins’ attorney also asked for the “portions of grand jury transcripts dealing with legal instructions for the crimes charged in the pending indictment.” This is needed for potentially filing a motion to dismiss as “at least two of the charged counts are defective on their face.” They need to find out if the legal instructions given to the grand jury were correct, as the government didn’t seem to grasp the laws and the indictment was misstated.

The last requested discovery item deals with “all materials and communications relating to the search warrants and Mutual Legal Assistance Treaty” (MLAT). So far, the government handed over only one MLAT request and not the MLAT itself.

Copyright © 2018 IDG Communications, Inc.

What is security's role in digital transformation?