Skip to Content
Computing

A light sentence for a famous hacker has actually made the world safer

Marcus Hutchins
Marcus HutchinsAP Photo/Frank Augstein, File

Marcus Hutchins has seen both sides of the law. On Friday, the 25-year-old was sentenced to no prison time and one year of supervised release for his role as a malware developer from 2012 to 2015, TechCrunch reported. Hutchins faced the potential of up to 10 years in prison.

Before delivering the sentence, Judge J. P. Stadtmueller spoke at length about the complexity of the case in front of him. On the one hand, an admitted criminal hacker. On the other hand, a reformed adult and cybersecurity expert who played the key role in stopping one of the worst cybersecurity incidents of the last decade.

Hutchins came to worldwide prominence for his role in stopping the global WannaCry ransomware outbreak in May 2017. The incident, which ended up costing billions of dollars in losses, was caused by North Korea, according to American, British, and Australian intelligence assessments. The losses could have been significantly worse. Called an accidental hero for his actions, Hutchins said, “I’m just someone doing my bit to stop botnets.”

Hutchins was arrested in August later in 2017 at the cybersecurity conference DefCon in Las Vegas for his role of creating and selling UPAS Kit and Kronos malware that was used to steal banking passwords. The Kronos malware is still in use today, according to the US Department of Homeland Security.

Hutchins, known online as MalwareTech, faced up to 10 years in prison. He pleaded guilty and accepted responsibility in April, several months before the sentencing hearing. 

“It’s going to take individuals like yourself who have the skill set to come up with solutions, because that is the only way we’re going to eliminate this subject of woefully inadequate security protocols for the entire panoply of infotech systems,” Judge Stadtmueller said immediately before sentencing.

Prosecutors credited Hutchins with finding the “kill switch” that stopped the spread of WannaCry. Judge Stadtmueller said in court that Hutchins’s role in stopping WannaCry figured significantly into his sentencing decision, TechCrunch journalist Zack Whittaker reported.

“Your honor, when I was a teenager I made series of bad decisions,” Hutchins said in court on Friday, according to reporter Marcy Wheeler. “I deeply regret [the] conduct and harm which resulted.”

Deep Dive

Computing

Erik Prince wants to sell you a “secure” smartphone that’s too good to be true

MIT Technology Review obtained Prince’s investor presentation for the “RedPill Phone,” which promises more than it could possibly deliver.

Corruption is sending shock waves through China’s chipmaking industry

The arrests of several top semiconductor fund executives could force the government to rethink how it invests in the sector.

Inside the software that will become the next battle front in US-China chip war

The US has moved to restrict export of EDA software. What is it, and how will the move affect China?

Hackers linked to China have been targeting human rights groups for years

In a new report shared exclusively with MIT Technology Review, researchers expose a cyber-espionage campaign on “a tight budget” that proves simple can still be effective.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.