Skip to Content
MIT Technology Review

A light sentence for a famous hacker has actually made the world safer

Category:
Marcus HutchinsMarcus Hutchins

Marcus Hutchins has seen both sides of the law. On Friday, the 25-year-old was sentenced to no prison time and one year of supervised release for his role as a malware developer from 2012 to 2015, TechCrunch reported. Hutchins faced the potential of up to 10 years in prison.

Before delivering the sentence, Judge J. P. Stadtmueller spoke at length about the complexity of the case in front of him. On the one hand, an admitted criminal hacker. On the other hand, a reformed adult and cybersecurity expert who played the key role in stopping one of the worst cybersecurity incidents of the last decade.

Hutchins came to worldwide prominence for his role in stopping the global WannaCry ransomware outbreak in May 2017. The incident, which ended up costing billions of dollars in losses, was caused by North Korea, according to American, British, and Australian intelligence assessments. The losses could have been significantly worse. Called an accidental hero for his actions, Hutchins said, “I’m just someone doing my bit to stop botnets.”

Hutchins was arrested in August later in 2017 at the cybersecurity conference DefCon in Las Vegas for his role of creating and selling UPAS Kit and Kronos malware that was used to steal banking passwords. The Kronos malware is still in use today, according to the US Department of Homeland Security.

Hutchins, known online as MalwareTech, faced up to 10 years in prison. He pleaded guilty and accepted responsibility in April, several months before the sentencing hearing. 

“It’s going to take individuals like yourself who have the skill set to come up with solutions, because that is the only way we’re going to eliminate this subject of woefully inadequate security protocols for the entire panoply of infotech systems,” Judge Stadtmueller said immediately before sentencing.

Prosecutors credited Hutchins with finding the “kill switch” that stopped the spread of WannaCry. Judge Stadtmueller said in court that Hutchins’s role in stopping WannaCry figured significantly into his sentencing decision, TechCrunch journalist Zack Whittaker reported.

“Your honor, when I was a teenager I made series of bad decisions,” Hutchins said in court on Friday, according to reporter Marcy Wheeler. “I deeply regret [the] conduct and harm which resulted.”