MalwareTech loses bid to suppress damning statements made after days of partying

Marcus Hutchins, the widely acclaimed security researcher charged with creating malware that sold for thousands of dollars on the Internet, has lost his bid to suppress self-incriminating statements he made following days of heavy partying at the 2017 Defcon hacker convention in Las Vegas.

Hutchins—who, under the moniker MalwareTech, unwittingly helped neutralize the virulent WannaCry ransomware worm—was charged with developing the Kronos banking trojan and an advanced spyware program known as the UPAS Kit. The then-23-year-old UK citizen was arrested in August 2017 at McCarran International Airport as he was about to fly home. He had spent the previous week attending the Black Hat and Defcon conferences. Hutchins has pleaded not guilty to the charges.

According to court documents, federal agents questioned Hutchins in an airport interview room shortly after he was arrested. When asked about his involvement in developing malware, the court records show, Hutchins grew visibly confused about the purpose of the interrogation. Eventually, prosecutors said, Hutchins acknowledged that, when he was younger, he wrote code that ended up in malware, but he denied that he had developed the malware itself. After reviewing some source code produced by the agents, Hutchins asked if the investigators were looking for the developer of Kronos. Hutchins then told the interrogators he didn't develop Kronos and had "gotten out" of writing code for malware before he turned 18.

Allegedly, Hutchins then said he had feared law enforcement authorities would pursue him instead of the actual developer, because pieces of his code appeared in Kronos and that implicated him in the investigation into its creation. Still, he continued to voice confusion about why he was being detained. Almost 80 minutes into the interrogation, agents finally provided Hutchins with his arrest warrant and told him it had nothing to do with WannaCry. During the remainder of the interview, which lasted for another 20 minutes, Hutchins continued trying to be helpful but again noted he had been "out" of "blackhat" hacking for so long that he didn't have any useful information.

Jailed

Hutchins was then taken to jail, where he made two phone calls. Despite being informed the calls were subject to monitoring and recording, Hutchins allegedly "made incriminating statements," court records showed, without elaborating.

In a motion filed in US District Court for the Eastern District of Wisconsin, attorneys for Hutchins moved to suppress the statements and any evidence that may have been obtained as a result of them. Hutchins' grounds are that he didn't waive his Miranda rights against self-incrimination and that his intoxication and limited understanding of the US criminal procedural system made it impossible for him to voluntarily waive those rights.

In a ruling issued Monday, US District Judge J.P. Stadtmueller of the Eastern District of Wisconsin denied the motion. The 32-page decision cited Hutchins' own acknowledgment that he was read his Miranda rights, although the ruling noted there was insufficient evidence to establish if Hutchins received his rights at the beginning of the interrogation. The judge also noted that FBI agents testified under oath that the rights were issued at the beginning of the interrogation.

"In light of Hutchins's admission that he received his Miranda rights, and in light of the agents' corroborating testimony that this occurred before the interrogation, as well as the lack of any indication of when else he may have received them, the court finds that Hutchins was sufficiently apprised of his rights before the interrogation," Judge Stadtmueller wrote.

Hungover? Maybe. Drunk? No.

The judge went on to rule that there were sufficient grounds to find Hutchins's waiver of rights was voluntary. While intoxication, exhaustion, or physical discomfort can all be reasons a waiver might not be considered voluntary, Stadtmueller said it was unlikely Hutchins' alleged impairment significantly factored into his ability to give a voluntary waiver or to make him more susceptible to coercive interrogation practices.

The FBI agents, the judge said, monitored Hutchins continually since the beginning of the day of his arrest to ensure he was sober when he was detained. They then walked him to two separate locations inside the airport and engaged him in conversations to assess whether he was intoxicated.

"Hutchins appeared to be alert, engaged, coordinated, and coherent," Stadtmueller wrote. "There is no evidence in the record to the contrary. There is also no evidence, nor does Hutchins claim, that he was under the influence of drugs that day—only that he was exhausted. But a terrible hangover alone does not, as a matter of law, render someone unable to exercise or waive their Miranda rights. This factor does not weigh in Hutchins's favor."

Judge Stadtmueller went on to rule against Hutchins' claim that he was unable to make a voluntary waiver because of his unfamiliarity of suspect rights in US criminal proceedings. The judge also said Hutchins had failed to meet his burden of presenting "clear and convincing evidence" that FBI agents misled him about the true intentions of the interrogation. Hutchins, the judge said, received his Miranda rights and understood he was under arrest for alleged criminal activity that somehow related to Kronos.

What's more, Stadtmueller said, even though the FBI agents didn't present the warrant at the outset, the interrogation lasted another 20 minutes. During that time, Hutchins continued to consent to searches and answer questions.

The judge went on to acknowledge that it wasn't always clear whether Hutchins understood or remembered the criminal charges against him. "At one point in the interrogation, he made a comment that showed that he did not realize he had even been indicted." But ultimately, Stadtmueller said the scope of the questions should have put Hutchins on notice about the true purpose of the interview.