Marcus Hutchins, 23, was arrested by the FBI in a first class airport lounge and now faces a maximum of 40 years in jail if convicted.
He is the hero who saved the NHS after finding the ‘kill switch’ that paralysed the WannaCry ‘ransomware’ that hit more than 300,000 computers in 150 countries in May.
Hutchins is now charged with six counts of making a ‘Trojan’ program that captures computer users’ passwords and personal information and was sold online for £1,500 – but many believe federal officers have the wrong man.
His mother Janet Hutchins said it was ‘hugely unlikely’ that her son was involved because he has spent ‘enormous amounts of time’ combating such attacks.
Jake Williams, a respected US cybersecurity researcher, said they have worked on various projects, including training material, and the Briton always refused payment.
He said: ‘He’s a stand-up guy. I can’t reconcile the charges with what I know about him. I don’t doubt that some of his code found it’s way into malware. He might have even helped criminals posing as researchers’.
Friend Andrew Mabbitt, a British digital security specialist who had been staying in a £5million rented Las Vegas mansion with Hutchins, said: ‘I refuse to believe the charges. He spent his career stopping malware, not writing it’.
Hutchins, 23, will appear in a Nevada court today and was held after a week partying at a hacking conference in Vegas where he took over a £5million mansion with the city’s biggest private pool and rented a £200,000 Lamborghini Huracan to race around in.
The so-called malware, called Kronos, has reportedly been used to steal money from bank accounts in France and Hutchins is accused of writing the virus, known as malware, in 2014.
Court documents obtained by DailyMail.com show that a second defendant, not yet named by the FBI, is accused of selling it on dark web marketplace AlphaBay, which was shut down by the US government last month, and creating a YouTube video showing how it worked.
The six charges Mr Hutchins faces relate to an alleged conspiracy between July 2014 and July 2015.
It is not known why his co-defendant’s name has been redacted in court documents – it could be because he has not been arrested or is helping the FBI with their investigation.
Hutchins appeared in the Las Vegas court on Thursday but the hearing was adjourned and he will appear again at 3pm today.
An indictment for his arrest was issued in Wisconsin on July 12 – around ten days before his arrest in Las Vegas.
Federal officers were able to see he entered the country by matching his name and date of birth with flight rosters and were waiting for him as arrived to fly home from Nevada.
Marcus’ supporters including his mother say Mr Hutchins, who is known online by the name MalwareTech, is innocent and claim a tweet from July 2014 proves he could not have written the software.
Janety Hutchins added that she is ‘outraged’ by the charges and has been ‘frantically calling America’ trying to contact her son from Devon.
Some are using the hashtag #freemalwaretech and say he was arrested in America to avoid extradition proceedings in the UK.
His work to end the WannaCry ‘ransomware’ crisis embarrassed America’s own security services because they created it first but lost control and it was used by criminals to extort cash, friends say.
Andrew Mabbitt, a British digital security specialist who had been staying in Las Vegas with Hutchins, said he and his friends grew worried when they got ‘radio silence’ from Hutchins for hours.
The worries deepened when Hutchins’ mother called to tell him the young researcher hadn’t made his flight home.
Mabbitt said he eventually found Hutchins’ name on a detention center website. News of his indictment Thursday left colleagues scrambling to understand what happened.
He also says that they were staying together in the £5million mansion and Hutchins’ did not have to pay.
‘We don’t know the evidence the FBI has against him, however we do have some circumstantial evidence that he was involved in that community at the time,’ said computer security expert Rob Graham.
Before his arrest Mr Hutchins had been in Las Vegas for Def Con, one of the largest hacking conventions in the world.
He had been ‘partying’ before his arrest and staying at a £1,950-a-night mansion worth £5million having rented it with seven friends.