Marcus Hutchins has seen both sides of the law. On Friday, the 25-year-old was sentenced to no prison time and one year of supervised release for his role as a malware developer from 2012 to 2015, TechCrunch reported. Hutchins faced the potential of up to 10 years in prison.
Before delivering the sentence, Judge J. P. Stadtmueller spoke at length about the complexity of the case in front of him. On the one hand, an admitted criminal hacker. On the other hand, a reformed adult and cybersecurity expert who played the key role in stopping one of the worst cybersecurity incidents of the last decade.
Hutchins came to worldwide prominence for his role in stopping the global WannaCry ransomware outbreak in May 2017. The incident, which ended up costing billions of dollars in losses, was caused by North Korea, according to American, British, and Australian intelligence assessments. The losses could have been significantly worse. Called an accidental hero for his actions, Hutchins said, “I’m just someone doing my bit to stop botnets.”
Hutchins was arrested in August later in 2017 at the cybersecurity conference DefCon in Las Vegas for his role of creating and selling UPAS Kit and Kronos malware that was used to steal banking passwords. The Kronos malware is still in use today, according to the US Department of Homeland Security.
Hutchins, known online as MalwareTech, faced up to 10 years in prison. He pleaded guilty and accepted responsibility in April, several months before the sentencing hearing.
“It’s going to take individuals like yourself who have the skill set to come up with solutions, because that is the only way we’re going to eliminate this subject of woefully inadequate security protocols for the entire panoply of infotech systems,” Judge Stadtmueller said immediately before sentencing.
Prosecutors credited Hutchins with finding the “kill switch” that stopped the spread of WannaCry. Judge Stadtmueller said in court that Hutchins’s role in stopping WannaCry figured significantly into his sentencing decision, TechCrunch journalist Zack Whittaker reported.
“Your honor, when I was a teenager I made series of bad decisions,” Hutchins said in court on Friday, according to reporter Marcy Wheeler. “I deeply regret [the] conduct and harm which resulted.”
Russia is risking the creation of a “splinternet”—and it could be irreversible
If Russia disconnects from—or is booted from— the internet’s governing bodies, the internet may never be the same again for any of us.
Quantum computing has a hype problem
Quantum computing startups are all the rage, but it’s unclear if they’ll be able to produce anything of use in the near future.
These hackers showed just how easy it is to target critical infrastructure
Two Dutch researchers have won a major hacking championship by hitting the software that runs the world’s power grids, gas pipelines, and more. It was their easiest challenge yet.
Inside the plan to fix America’s never-ending cybersecurity failures
The specter of Russian hackers and an overreliance on voluntary cooperation from the private sector means officials are finally prepared to get tough.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.