Skip to Content
Computing

A light sentence for a famous hacker has actually made the world safer

Marcus Hutchins
Marcus Hutchins
Marcus HutchinsAP Photo/Frank Augstein, File

Marcus Hutchins has seen both sides of the law. On Friday, the 25-year-old was sentenced to no prison time and one year of supervised release for his role as a malware developer from 2012 to 2015, TechCrunch reported. Hutchins faced the potential of up to 10 years in prison.

Before delivering the sentence, Judge J. P. Stadtmueller spoke at length about the complexity of the case in front of him. On the one hand, an admitted criminal hacker. On the other hand, a reformed adult and cybersecurity expert who played the key role in stopping one of the worst cybersecurity incidents of the last decade.

Hutchins came to worldwide prominence for his role in stopping the global WannaCry ransomware outbreak in May 2017. The incident, which ended up costing billions of dollars in losses, was caused by North Korea, according to American, British, and Australian intelligence assessments. The losses could have been significantly worse. Called an accidental hero for his actions, Hutchins said, “I’m just someone doing my bit to stop botnets.”

Hutchins was arrested in August later in 2017 at the cybersecurity conference DefCon in Las Vegas for his role of creating and selling UPAS Kit and Kronos malware that was used to steal banking passwords. The Kronos malware is still in use today, according to the US Department of Homeland Security.

Hutchins, known online as MalwareTech, faced up to 10 years in prison. He pleaded guilty and accepted responsibility in April, several months before the sentencing hearing. 

“It’s going to take individuals like yourself who have the skill set to come up with solutions, because that is the only way we’re going to eliminate this subject of woefully inadequate security protocols for the entire panoply of infotech systems,” Judge Stadtmueller said immediately before sentencing.

Prosecutors credited Hutchins with finding the “kill switch” that stopped the spread of WannaCry. Judge Stadtmueller said in court that Hutchins’s role in stopping WannaCry figured significantly into his sentencing decision, TechCrunch journalist Zack Whittaker reported.

“Your honor, when I was a teenager I made series of bad decisions,” Hutchins said in court on Friday, according to reporter Marcy Wheeler. “I deeply regret [the] conduct and harm which resulted.”

Deep Dive

Computing

Russia is risking the creation of a “splinternet”—and it could be irreversible

If Russia disconnects from—or is booted from— the internet’s governing bodies, the internet may never be the same again for any of us.

Conceptual illustration of quantum computing circuity, in multiple colors
Conceptual illustration of quantum computing circuity, in multiple colors

Quantum computing has a hype problem

Quantum computing startups are all the rage, but it’s unclear if they’ll be able to produce anything of use in the near future.

winning team for Pwn2own 2022
winning team for Pwn2own 2022

These hackers showed just how easy it is to target critical infrastructure

Two Dutch researchers have won a major hacking championship by hitting the software that runs the world’s power grids, gas pipelines, and more. It was their easiest challenge yet.

white house regulates cyber concept
white house regulates cyber concept

Inside the plan to fix America’s never-ending cybersecurity failures

The specter of Russian hackers and an overreliance on voluntary cooperation from the private sector means officials are finally prepared to get tough.

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.