The British security expert hailed a hero for derailing a global cyber attack admitted to police he created a code which harvests bank details and hinted he sold it, a prosecutor told his US court hearing.
But Marcus Hutchins, from Ilfracombe, Devon, plans to plead not guilty to all six counts of creating and distributing the Kronos malware, his lawyer said after his appearance in Las Vegas on Friday.
The 23-year-old, who found a “kill-switch” that curbed the WannaCry ransomware that crippled the NHS and spread to 150 countries in May, was granted bail for 30,000 dollars (£23,000) on the condition he stays in the country.
Dan Cowhig, prosecuting, detailed evidence against Hutchins, which included an alleged confession during a police interview.
“He admitted he was the author of the code of Kronos malware and indicated he sold it,” Cowhig said.
He said the researcher also known as MalwareTech and his unnamed co-defendant, who is still at large, were caught in a sting operation when undercover officers bought the code.
Prosecutors claim the software was sold for 2,000 dollars (£1,522) in digital currency in June 2015.
Other evidence comes from chat logs where he complains to the co-defendant that he did not receive a fare share of the money, Cowhig said.
After the hearing, Hutchins’ lawyer Adrian Lobo denied he is the author and said he would plead not guilty to all of the charges, which date between July 2014 and July 2015.
She said: “He has dedicated his life to researching malware, not trying to harm people. Use the internet for good is what he has done.
“He was completely shocked, this isn’t’ something he anticipated. He came here for a work-related conference and he was fully anticipating to go back home and had no reason to be fearful of coming or going from the United States.”
Hutchins smiled to the press packing the public gallery as he was led into the court dressed in a prison-issued yellow jumpsuit with “detainee” stamped on the back, and bright orange Crocs shoes.
The surfer spoke softly as he answered procedural questions and confirmed his identity.
District judge Nancy Koppe ordered his release on bail considering he has no criminal history and because the allegations date back two years.
She was also impressed by letters from cybersecurity colleagues.
He cannot access the internet, must be monitored by GPS, surrender his passport and only reside in Clark County, Nevada, and within the Eastern District of Wisconsin where he will appear in court on Tuesday.
At that hearing Hutchins, who works for Los Angeles-based computer security firm Kryptos Logic, is expected to formally enter his pleas.
Friends, family and colleagues were unable to raise the bond money in the brief period of time between the hearing and the court’s closure so he will be released on Monday.