WannaCry Hero Deserves a Pardon, Not A Conviction

A British cybersecurity researcher, Marcus Hutchins, credited with stopping a worldwide computer virus WannaCry in 2017 has pleaded guilty in Wisconsin federal court to developing malware to steal banking information.

Hutchins appeared in court May 2nd after he agreed last month to plead guilty to developing a malware called Kronos and conspiring to distribute it from 2012 to 2015. 

Two years later, the ‘WannaCry hero’ is unable to breathe easily, Hutchins, now 24, is on bail in the US, waiting to be sentenced on July 26 for computer crimes he allegedly committed as a teenager. The FBI arrested him three months after the WannaCry attack at Las Vegas McCarran Airport, as he travelled home from DefCon, the world’s largest hacker conventions.

Prosecutors dismissed eight more charges in exchange for his plea. Sentencing for Hutchins is set for July 26.
He faces up 10 years in prison but could receive a more lenient sentence for accepting responsibility.

Hutchins' arrest in Las Vegas in August 2017 came as a shock because months earlier he was hailed as a hero for finding a "kill switch" to the WannaCry virus that crippled computers worldwide. He was accused of writing malicious software Kronos, designed to steal money from banks, and selling it to a fraudster for a few thousand pounds when he was 17, though there is no accusation that he used it to steal money himself.

Hutchins is currently living in Los Angeles, where his former employer Kryptos Logic is based. He rents an apartment from his savings and documents his life in exile on Twitter, interspersing security research with humorous updates that bely a deep sense of unease.

He recently joking that it didn’t matter if he spent all his money on Japanese food, because “there won’t be any sushi in jail”. He has also posted about being unable to sleep, feeling stressed, and having depression. Hutchins has spent over $100,000 (£77,000) on fighting the legal case, with one recent flight for a “procedural court hearing” in Milwaukee costing $1,100 (£845). He has also had support from crowdfunding, including someone he didn’t know posting his $30,000 (£23,000) bail.

The charges themselves have been widely criticised, with Tor Ekeland, a US criminal lawyer who specialises in cyber-crime and supported British hacker Lauri Love’s recent fight against extradition, saying they are akin to “holding a gun manufacturer liable for murder.

Prior to his arrest, Hutchins would share information with GCHQ and his blog post about stopping WannaCry was shared on the National Crime Agency’s website. Reports say GCHQ knew the FBI was going to arrest Hutchins, but didn’t alert him.  

A few days after Hutchins entered his guilty plea, he was contemplating his future.

“I kept my blog all these years because it acts as a place for people to learn about malware and hacking, away from shady forums full of criminals,” he wrote. “Once I’ve done my time... I can focus more time on teaching for free.”

Hutchins is not likely to receive a heavy sentence, but even a sentence without any prison time will come with consequences. He has been released on bail since 2017, residing in the United States on an expired tourist visa while waiting for his case to be resolved.

That in itself will likely make it difficult to return to the United States in the future, and the felony will hamper his movements further.

The Star:        Telegraph:         New York Times

You Might Also Read: 

Preventing Another Wannacry:

« The US Can't Stop China Copying Its Cyber Weapons
US Army Identifies How To Improve Cybersecurity »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

AusCERT

AusCERT

AusCERT is the premier Computer Emergency Response Team (CERT) in Australia and a leading CERT in the Asia/Pacific region

BPC Banking Technologies

BPC Banking Technologies

BPC’s advanced fraud prevention solution helps card issuers and acquirers combat the growing threat by monitoring 100% of transactions, online, in real-time across all channels.

Cycura

Cycura

Cycura provide advanced, customized, and confidential cyber security services, cyber investigation services, and digital forensic services to governments, companies, and organizations.

Business Continuity

Business Continuity

Business Continuity delivers integrated IT solutions for cybersecurity, virtualization, cloud platforms and operational security solutions.

GM Security Technologies

GM Security Technologies

GM Security Technologies provides leading managed security services of the highest quality to every type of individual and organization in Puerto Rico, Caribbean and Latin America.

BrandProtections.Online

BrandProtections.Online

BrandProtections.online offer end-to-end customer support solutions to help protect against threats which may affect your brand online.

Zercurity

Zercurity

Zercurity is on a mission to build the ultimate cybersecurity operations platform for businesses. To help protect against a growing number of internal and external threats.

Vijilan Security

Vijilan Security

Vijilan provides 24/7 SOC services to MSPs/VARs. Our Security Operations Center is global, and our services are exclusive to the Channel.

Centre for Cyber Security Belgium (CCB)

Centre for Cyber Security Belgium (CCB)

The Centre for Cyber Security Belgium is the central authority for cyber security in Belgium.

Avancer Corporation

Avancer Corporation

Avancer Corporation is a multi-system integrator focusing on Identity and Access Management (IAM) Technology. Founded in 2004.

Automation Workz

Automation Workz

Automation Workz has been ranked as a top 10 Cybersecurity Bootcamp in the US by Career Karma.

Kyndryl

Kyndryl

Kyndryl has a comprehensive portfolio that leverages hybrid cloud solutions, business resiliency, and network services to help optimize your IT workloads and transformations.

Pratum

Pratum

Pratum is an information security services firm that helps clients solve challenges based on risk, not fear.

CyberX9

CyberX9

CyberX9 helps you protect against a wide range of cyber attacks whether you are a business or a high-net worth individual under risk.

Cybercentry

Cybercentry

Cybercentry is a specialist information security, data protection and cyber security consultancy.

WBM Technologies

WBM Technologies

WBM Technologies is a Western Canadian leader in the provision of outcomes-driven information technology solutions.