WannaCry Hero Deserves a Pardon, Not A Conviction

A British cybersecurity researcher, Marcus Hutchins, credited with stopping a worldwide computer virus WannaCry in 2017 has pleaded guilty in Wisconsin federal court to developing malware to steal banking information.

Hutchins appeared in court May 2nd after he agreed last month to plead guilty to developing a malware called Kronos and conspiring to distribute it from 2012 to 2015. 

Two years later, the ‘WannaCry hero’ is unable to breathe easily, Hutchins, now 24, is on bail in the US, waiting to be sentenced on July 26 for computer crimes he allegedly committed as a teenager. The FBI arrested him three months after the WannaCry attack at Las Vegas McCarran Airport, as he travelled home from DefCon, the world’s largest hacker conventions.

Prosecutors dismissed eight more charges in exchange for his plea. Sentencing for Hutchins is set for July 26.
He faces up 10 years in prison but could receive a more lenient sentence for accepting responsibility.

Hutchins' arrest in Las Vegas in August 2017 came as a shock because months earlier he was hailed as a hero for finding a "kill switch" to the WannaCry virus that crippled computers worldwide. He was accused of writing malicious software Kronos, designed to steal money from banks, and selling it to a fraudster for a few thousand pounds when he was 17, though there is no accusation that he used it to steal money himself.

Hutchins is currently living in Los Angeles, where his former employer Kryptos Logic is based. He rents an apartment from his savings and documents his life in exile on Twitter, interspersing security research with humorous updates that bely a deep sense of unease.

He recently joking that it didn’t matter if he spent all his money on Japanese food, because “there won’t be any sushi in jail”. He has also posted about being unable to sleep, feeling stressed, and having depression. Hutchins has spent over $100,000 (£77,000) on fighting the legal case, with one recent flight for a “procedural court hearing” in Milwaukee costing $1,100 (£845). He has also had support from crowdfunding, including someone he didn’t know posting his $30,000 (£23,000) bail.

The charges themselves have been widely criticised, with Tor Ekeland, a US criminal lawyer who specialises in cyber-crime and supported British hacker Lauri Love’s recent fight against extradition, saying they are akin to “holding a gun manufacturer liable for murder.

Prior to his arrest, Hutchins would share information with GCHQ and his blog post about stopping WannaCry was shared on the National Crime Agency’s website. Reports say GCHQ knew the FBI was going to arrest Hutchins, but didn’t alert him.  

A few days after Hutchins entered his guilty plea, he was contemplating his future.

“I kept my blog all these years because it acts as a place for people to learn about malware and hacking, away from shady forums full of criminals,” he wrote. “Once I’ve done my time... I can focus more time on teaching for free.”

Hutchins is not likely to receive a heavy sentence, but even a sentence without any prison time will come with consequences. He has been released on bail since 2017, residing in the United States on an expired tourist visa while waiting for his case to be resolved.

That in itself will likely make it difficult to return to the United States in the future, and the felony will hamper his movements further.

The Star:        Telegraph:         New York Times

You Might Also Read: 

Preventing Another Wannacry:

« The US Can't Stop China Copying Its Cyber Weapons
US Army Identifies How To Improve Cybersecurity »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CDW

CDW

CDW is a leading multi-brand provider of information technology solutions to business, government, education and healthcare customers in the United States, the United Kingdom and Canada.

SonicWall

SonicWall

SonicWall provide products for network security, access security, email security & encryption.

Morphisec

Morphisec

Morphisec's world leading prevention-first software stops ransomware and other advanced attacks from endpoint to the cloud.

Inspired eLearning

Inspired eLearning

Inspired eLearning deliver solutions that help clients nurture and enhance workforce skills, protect themselves against cyberattacks and regulatory violations.

Cyber Threat Intelligence Network (CTIN)

Cyber Threat Intelligence Network (CTIN)

CTIN provides cyber threat intelligence services including training, platform evaluation, ISAC/ISAO systems development and counter botnet operations.

Northwave

Northwave

Northwave offers an Intelligent combination of cyber security services to protect your information.

Digital Arts

Digital Arts

Digital Arts provides internet security software and appliance products for companies and individuals.

Accertify

Accertify

Accertify is a leading provider of fraud prevention, chargeback management, and payment gateway solutions.

Snowflake

Snowflake

Empower your cybersecurity and compliance teams with Snowflake. Gain full visibility into security logs, at massive scale, while reducing costs of Security Information and Event Management systems.

PCS Security (PCSS)

PCS Security (PCSS)

PCS Security provides secure, reliable and state-of-the-art security solutions to help our customers address their security concerns.

Tidal Cyber

Tidal Cyber

We formed Tidal for one simple reason—we believe that defenders need and deserve tools and services that make achieving the benefits of threat-informed defense practical and sustainable.

Vector Choice Technologies

Vector Choice Technologies

Vector Choice Technology Solutions has a long standing reputation in cyber security consulting since 2008.

WireGuard

WireGuard

WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks (VPNs).

Silverse

Silverse

At Silverse, we specialize in building a comprehensive cybersecurity journey, anchored by our extensive experience, industry expertise, and an ecosystem of trusted partners.

Finlaw Associates

Finlaw Associates

Finlaw Associates is a trusted cybercrime law firm providing a wide range of taxation, legal, advisory and regulatory services to the financial, commercial and industrial communities.

Backslash Security

Backslash Security

With Backslash, AppSec teams gain visibility into critical risks in their apps based on reachability and exploitability.