WannaCry Hero Deserves a Pardon, Not A Conviction

A British cybersecurity researcher, Marcus Hutchins, credited with stopping a worldwide computer virus WannaCry in 2017 has pleaded guilty in Wisconsin federal court to developing malware to steal banking information.

Hutchins appeared in court May 2nd after he agreed last month to plead guilty to developing a malware called Kronos and conspiring to distribute it from 2012 to 2015. 

Two years later, the ‘WannaCry hero’ is unable to breathe easily, Hutchins, now 24, is on bail in the US, waiting to be sentenced on July 26 for computer crimes he allegedly committed as a teenager. The FBI arrested him three months after the WannaCry attack at Las Vegas McCarran Airport, as he travelled home from DefCon, the world’s largest hacker conventions.

Prosecutors dismissed eight more charges in exchange for his plea. Sentencing for Hutchins is set for July 26.
He faces up 10 years in prison but could receive a more lenient sentence for accepting responsibility.

Hutchins' arrest in Las Vegas in August 2017 came as a shock because months earlier he was hailed as a hero for finding a "kill switch" to the WannaCry virus that crippled computers worldwide. He was accused of writing malicious software Kronos, designed to steal money from banks, and selling it to a fraudster for a few thousand pounds when he was 17, though there is no accusation that he used it to steal money himself.

Hutchins is currently living in Los Angeles, where his former employer Kryptos Logic is based. He rents an apartment from his savings and documents his life in exile on Twitter, interspersing security research with humorous updates that bely a deep sense of unease.

He recently joking that it didn’t matter if he spent all his money on Japanese food, because “there won’t be any sushi in jail”. He has also posted about being unable to sleep, feeling stressed, and having depression. Hutchins has spent over $100,000 (£77,000) on fighting the legal case, with one recent flight for a “procedural court hearing” in Milwaukee costing $1,100 (£845). He has also had support from crowdfunding, including someone he didn’t know posting his $30,000 (£23,000) bail.

The charges themselves have been widely criticised, with Tor Ekeland, a US criminal lawyer who specialises in cyber-crime and supported British hacker Lauri Love’s recent fight against extradition, saying they are akin to “holding a gun manufacturer liable for murder.

Prior to his arrest, Hutchins would share information with GCHQ and his blog post about stopping WannaCry was shared on the National Crime Agency’s website. Reports say GCHQ knew the FBI was going to arrest Hutchins, but didn’t alert him.  

A few days after Hutchins entered his guilty plea, he was contemplating his future.

“I kept my blog all these years because it acts as a place for people to learn about malware and hacking, away from shady forums full of criminals,” he wrote. “Once I’ve done my time... I can focus more time on teaching for free.”

Hutchins is not likely to receive a heavy sentence, but even a sentence without any prison time will come with consequences. He has been released on bail since 2017, residing in the United States on an expired tourist visa while waiting for his case to be resolved.

That in itself will likely make it difficult to return to the United States in the future, and the felony will hamper his movements further.

The Star:        Telegraph:         New York Times

You Might Also Read: 

Preventing Another Wannacry:

« The US Can't Stop China Copying Its Cyber Weapons
US Army Identifies How To Improve Cybersecurity »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Portnox

Portnox

In 2007, Portnox set out to create one of the world’s easiest to use, most loved, value-driven network security solutions — and our customers will tell you we’ve succeeded.

CERT.BY

CERT.BY

The National Computer Emergency Response Team of the Republic of Belarus.

TestFort

TestFort

TestFort QA Lab is a specialized software testing company offering independent quality assurance and software testing services.

GE Digital

GE Digital

GE Digital is a leading software company for the Industrial Internet. Products include Industrial Cyber Security for Operational Technology (OT).

Excelerate Systems

Excelerate Systems

Excelerate Systems is a leading provider of IT services with a focus on Big Data, Cloud Services and Security.

Yelbridges

Yelbridges

Yelbridges offer high quality IT security & risk management services to mitigate business risks.

Kippeo Technologies

Kippeo Technologies

Kippeo is a security systems integrator providing innovative solutions that look at all the parameters and connect all the dots.

OffSec

OffSec

OffSec have defined the standard of excellence in penetration testing training. Elite security instructors teach our intense training scenarios and exceptional course material.

NGN International

NGN International

NGN International is a full-fledged systems integrator and managed security services provider established in 2015 in Bahrain.

International Cyber Threat Task Force (ICTTF)

International Cyber Threat Task Force (ICTTF)

The International Cyber Threat Task Force is a not-for-profit initiative promoting the ecosystem of an International independent non-partisan cyber security community.

ThreatNG Security

ThreatNG Security

ThreatNG is redefining external attack surface management (EASM) and digital risk protection with a platform of unmatched breadth, depth, and capabilities in thwarting technical and business threats.

Sababa Security

Sababa Security

Sababa Security is the first Italian innovation cyber security vendor, that provides security products, training, and managed services to protect diverse IT and OT environments.

AuditBoard

AuditBoard

AuditBoard is the leading cloud-based platform transforming audit, risk, ESG, and InfoSec management.

CyberAI Group

CyberAI Group

CyberAI's mission is to pioneer the evolution of the cybersecurity landscape globally, by strategically acquiring and elevating IT consulting firms into leaders of cybersecurity innovation.

Clango

Clango

Clango employs an identity-centric approach to optimizing your cybersecurity investment while minimizing risk.

Skylark

Skylark

Skylark is a leading global IT services provider, transforming client’s businesses through innovative and advanced technology solutions.