It’s no surprise the man behind the MalwareTech moniker is sounding tired. He’s had six hours sleep in three days.
The cause of his deprivation is on the one hand heroic: he’s the 22-year-old responsible for stopping the WannaCry ransomware epidemic from getting much worse than it could have been. By registering a domain set up by the hackers, he inadvertently found a killswitch that stopped most infected Microsoft Windows computers communicating with the criminals behind the outbreak.
But that led to something he didn’t expect: an onslaught of media interest in who he was. His decision to remain anonymous is an innocent one. He simply doesn’t want fame. It’s now been thrust upon him, as media outlets including the Daily Telegraph, The Sun and The Daily Mail collectively outed his real name and his home town. Though they’re out in the public domain, Forbes won’t republish those details here.
This morning, MalwareTech is stuck at home contemplating some shuteye, but certain media outlets continue to pursue him doggedly. This morning, at his house where he lives with his parents, there have been knocks at the door, almost certainly from journalists wanting a hot exclusive, though it’s been three days since he effectively killed WannaCry and few secrets remain (the malware is yet to return in earnest today despite new variants). “I was expecting something a little above normal, a fair bit of media interest, not this sort of complete hounding from the global press,” he tells me.
Even his friends are being asked to cough up information that would help add some color to their reports. The Daily Mail, for instance, ran an image of MalwareTech with a friend. That friend was tracked down at her home and asked to comment. Others were asked the same over the web. One claimed that one reporter had fabricated the fact that they’d confirmed MalwareTech’s real name. MalwareTech says it appears another journalist even went to his old school to get more details to add colour to their stories, like the astonishing facts that he’s a fan of pizza and surfing. His parents, unused to press attention like MalwareTech is after previous anti-malware work, are a little perturbed but bearing up, he adds.
The sheer wave of people attempting to get information on or about his work has been overwhelming. He says he’s had about 3,000 emails and has responded to thousands of direct messages over Twitter. From the BBC alone, which has myriad local and national outlets, he’s received hundreds of enquiries. “It’s caused a fair bit of stress… I’m pleased we’ve stopped the ransomware but the fame I’m not happy about.”
For now, he’s planning on getting some sleep as other researchers help prevent another outbreak of the WannaCry malware that took down 48 hospital trusts in the U.K. as well as manufacturing plants at Renault and Nissan, amongst many others. He’s planning an imminent holiday too. So, in a disturbing twist of fate, the man who was on the front lines defending the attack, has now been forced to retreat by an overzealous media wanting to publicize his good work. Instead of being celebrated, he’s being harassed.
But even that irony is utterly lost on certain press organizations, such as the Mail, which reported via its Metro publication that MalwareTech was concerned for his safety due to his identity being splashed across news organizations. He feared that in being outed, he might be tracked down by the criminals running WannaCry. That same report contained his name, numerous images of his face in close-up, and even pictures from inside his home.
Since registering the 2nd killswitch yesterday, we stopped ~10K machines from spreading further – mainly from Russia. #WannaCry #OKLM pic.twitter.com/eQziRoq8UN
— Matthieu Suiche (@msuiche) May 15, 2017
This isn’t the first time MalwareTech has helped fight a massive security event. Forbes has used MalwareTech’s research for previous stories, most memorably when he tracked the outbreak of the Mirai malware that was used in massive Distributed Denial of Service attacks that caused substantial internet downtime across the world.
At least others who’re doing their best to fight the outbreak aren’t paying much attention to who’s behind the MalwareTech mask. Matthieu Suiche, founder of security firm Comae Technologies, has been doing similar work in registering domains used by new variants and shutting them down. “I don’t care about that… if he’s Madonna or not,” Suiche said. “Tell them to harass me, I want more followers than The Grugq [a well-known security expert with a large Twitter following].”
Unmasking criminal hackers’ identities is understandable, commendable even. But doing the same to the hackers who’re trying to quietly save the internet every day? Most in the security community see that as beyond the pale.