Marcus Hutchins was still recovering from the night before as he settled into a lounge at the Las Vegas airport one afternoon this past August. Hutchins, a 23-year-old cybersecurity researcher, had come from his home in rural England in part to attend DefCon, the world’s biggest computer-hacking conference, and in part to take a well-deserved vacation.
Three months earlier, a North Korean cyberattack known as WannaCry had crippled the British health-care system and caused a billion dollars in losses across 150 countries. The damage could have been much worse — tens of billions, by one estimate — but a few hours after the attack began, Hutchins figured out how to stop it, almost by accident, while sitting at a computer in his bedroom at his parents’ house.
That act made Hutchins the closest thing cybersecurity had ever had to a global celebrity. “Oops! I Saved the World,” read the cover of the New York Daily News. “Cyber Geek Accidentally Stops Huge Hack Attack.” Edward Snowden congratulated Hutchins, and strangers recognized him at Heathrow. Hutchins had gone to DefCon the year before and found the convention unpleasant — “I remember slowly moving down a packed hall in a sea of people who smelled like they hadn’t showered in days” — but in 2017, Cisco invited him into the VIP section at its party. “A year earlier, I’d never have gotten in,” Hutchins said. At six-foot-four, with hair that adds an inch or two, Hutchins was easy to spot, and conferencegoers asked him to pose for photos that they put online with the tag #WannaCrySlayer.