His online avatar is a cat in sunglasses, he drools over surf pictures from Cornwall and orders three takeaway pizzas for lunch. But unlike other home-based computer whizzes trawling the internet for amusing Twitter memes and the latest hacking strategies, the 22-year-old known only as Malware Tech this weekend stopped a potentially devastating international cyber-attack in its tracks.
He wants to remain anonymous – not least because he may have got in the way of some serious international criminals – but is believed to be a malware expert working for a US company, living close to his beloved coastline in south-west England.
After the ransomware attack started affecting UK hospitals on Friday afternoon, he did not sleep for 48 hours as, together with a handful of friends online, he was instrumental in the fightback, identifying the “kill switch” that stopped the attack in many cases.
“I’m not a graduate,” he told one reporter. “I had planned to go to university but ended up getting offered a job in security a year prior, so I took it. I’m completely self-taught so in hindsight university would probably not have been worth the time or money.”
His is a world of digital “sinkholes”, botnets and wormcode, and judging by his extensive Twitter profile he likes to programme to the music of Taylor Swift, and enjoys vodka and freshly ground coffee. Pictures of his workspace show stacks of servers and tangles of wires, decorated – at least at Christmas time – with fairy lights. He has apparently resisted the urgings of his employer to move to Los Angeles, citing inflated property prices on the US west coast and pointing out that he can buy an eight-bedroom house where he lives for $400,000 (£310,000).
“My job is to look for ways we can track and potentially stop botnets (and other kinds of malware), so I’m always on the lookout to pick up unregistered malware control server (C2) domains,” he explains on his blog. “In fact I registered several thousand of such domains in the past year.”
It was this knowledge that helped him stop the WannaCry malware, at first by accident, with a domain name he found buried in the malware.
“I will confess that I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental,” he said. “So I can only add ‘accidentally stopped an international cyber attack’ to my resume.”