WannaCry Hero Deserves a Pardon, Not A Conviction

A British cybersecurity researcher, Marcus Hutchins, credited with stopping a worldwide computer virus WannaCry in 2017 has pleaded guilty in Wisconsin federal court to developing malware to steal banking information.

Hutchins appeared in court May 2nd after he agreed last month to plead guilty to developing a malware called Kronos and conspiring to distribute it from 2012 to 2015. 

Two years later, the ‘WannaCry hero’ is unable to breathe easily, Hutchins, now 24, is on bail in the US, waiting to be sentenced on July 26 for computer crimes he allegedly committed as a teenager. The FBI arrested him three months after the WannaCry attack at Las Vegas McCarran Airport, as he travelled home from DefCon, the world’s largest hacker conventions.

Prosecutors dismissed eight more charges in exchange for his plea. Sentencing for Hutchins is set for July 26.
He faces up 10 years in prison but could receive a more lenient sentence for accepting responsibility.

Hutchins' arrest in Las Vegas in August 2017 came as a shock because months earlier he was hailed as a hero for finding a "kill switch" to the WannaCry virus that crippled computers worldwide. He was accused of writing malicious software Kronos, designed to steal money from banks, and selling it to a fraudster for a few thousand pounds when he was 17, though there is no accusation that he used it to steal money himself.

Hutchins is currently living in Los Angeles, where his former employer Kryptos Logic is based. He rents an apartment from his savings and documents his life in exile on Twitter, interspersing security research with humorous updates that bely a deep sense of unease.

He recently joking that it didn’t matter if he spent all his money on Japanese food, because “there won’t be any sushi in jail”. He has also posted about being unable to sleep, feeling stressed, and having depression. Hutchins has spent over $100,000 (£77,000) on fighting the legal case, with one recent flight for a “procedural court hearing” in Milwaukee costing $1,100 (£845). He has also had support from crowdfunding, including someone he didn’t know posting his $30,000 (£23,000) bail.

The charges themselves have been widely criticised, with Tor Ekeland, a US criminal lawyer who specialises in cyber-crime and supported British hacker Lauri Love’s recent fight against extradition, saying they are akin to “holding a gun manufacturer liable for murder.

Prior to his arrest, Hutchins would share information with GCHQ and his blog post about stopping WannaCry was shared on the National Crime Agency’s website. Reports say GCHQ knew the FBI was going to arrest Hutchins, but didn’t alert him.  

A few days after Hutchins entered his guilty plea, he was contemplating his future.

“I kept my blog all these years because it acts as a place for people to learn about malware and hacking, away from shady forums full of criminals,” he wrote. “Once I’ve done my time... I can focus more time on teaching for free.”

Hutchins is not likely to receive a heavy sentence, but even a sentence without any prison time will come with consequences. He has been released on bail since 2017, residing in the United States on an expired tourist visa while waiting for his case to be resolved.

That in itself will likely make it difficult to return to the United States in the future, and the felony will hamper his movements further.

The Star:        Telegraph:         New York Times

You Might Also Read: 

Preventing Another Wannacry:

« The US Can't Stop China Copying Its Cyber Weapons
US Army Identifies How To Improve Cybersecurity »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

AdNovum Informatik

AdNovum Informatik

AdNovum Informatik provides a full set of IT services, ranging from consulting, the conception and implementation of customized business and security solutions to maintenance and support.

enSilo

enSilo

enSilo secures customers data on premise or in the cloud. Regardless of the where the threat comes from, enSilo can protect your data.

Sintef Digital

Sintef Digital

Sintef Digital carries out research in Information and Communication Technology for industry and the public sector.

Government Communications Security Bureau (GCSB)

Government Communications Security Bureau (GCSB)

GCSB contributes to New Zealand’s national security by providing information assurance and cyber security to the New Zealand Government and critical infrastructure organisations.

CyberStream

CyberStream

CyberStream, a division of the TechStream Group, is an information & cybersecurity talent acquisition solution provider.

Veracity Industrial Networks

Veracity Industrial Networks

Veracity provides an innovative industrial network platform that improves the reliability, efficiency, and security of industrial networks and devices.

CyberSAFE Malaysia

CyberSAFE Malaysia

CyberSAFE Malaysia is an initiative to educate and enhance the awareness of the general public on the technological and social issues and risks facing internet users.

Apozy

Apozy

Apozy replaces a secure web gateway to nullify phishing, malware and impersonation attacks.

Cynance

Cynance

Cynance are an award-winning, independent cyber security specialist and part of the Transputec family of companies.

Aigner Business Solutions

Aigner Business Solutions

Aigner Business Solutions GmbH is a specialist in IT-Security and Data Protection. Concise and focussed.

AlJammaz Technologies

AlJammaz Technologies

AlJammaz Technologies is the leading Technology Value-Added Distributor, which distributes advanced technology products, solutions and services in area including networking and cybersecurity.

SEMNet

SEMNet

SEMNet is an IT solutions provider and an infrastructure and security consulting firm.

Leostream

Leostream

Leostream's Remote Desktop Access Platform enables seamless work-from-anywhere flexibility while maintaining security and constant visibility of users.

NewEvol

NewEvol

Don’t React, Evolve! Outsmart threats with real-time AI-powered dynamic defense capability of NewEvol all-in-one cybersecurity platform.

DNSFilter

DNSFilter

DNSFilter is the most accurate threat detection and content filtering tool on the market today.

ZehnTek

ZehnTek

ZehnTek is a premier technology solutions provider, committed to offering comprehensive IT services tailored to meet the diverse needs of businesses.