Skip to Content
Computing

A light sentence for a famous hacker has actually made the world safer

Marcus Hutchins
Marcus HutchinsAP Photo/Frank Augstein, File

Marcus Hutchins has seen both sides of the law. On Friday, the 25-year-old was sentenced to no prison time and one year of supervised release for his role as a malware developer from 2012 to 2015, TechCrunch reported. Hutchins faced the potential of up to 10 years in prison.

Before delivering the sentence, Judge J. P. Stadtmueller spoke at length about the complexity of the case in front of him. On the one hand, an admitted criminal hacker. On the other hand, a reformed adult and cybersecurity expert who played the key role in stopping one of the worst cybersecurity incidents of the last decade.

Hutchins came to worldwide prominence for his role in stopping the global WannaCry ransomware outbreak in May 2017. The incident, which ended up costing billions of dollars in losses, was caused by North Korea, according to American, British, and Australian intelligence assessments. The losses could have been significantly worse. Called an accidental hero for his actions, Hutchins said, “I’m just someone doing my bit to stop botnets.”

Hutchins was arrested in August later in 2017 at the cybersecurity conference DefCon in Las Vegas for his role of creating and selling UPAS Kit and Kronos malware that was used to steal banking passwords. The Kronos malware is still in use today, according to the US Department of Homeland Security.

Hutchins, known online as MalwareTech, faced up to 10 years in prison. He pleaded guilty and accepted responsibility in April, several months before the sentencing hearing. 

“It’s going to take individuals like yourself who have the skill set to come up with solutions, because that is the only way we’re going to eliminate this subject of woefully inadequate security protocols for the entire panoply of infotech systems,” Judge Stadtmueller said immediately before sentencing.

Prosecutors credited Hutchins with finding the “kill switch” that stopped the spread of WannaCry. Judge Stadtmueller said in court that Hutchins’s role in stopping WannaCry figured significantly into his sentencing decision, TechCrunch journalist Zack Whittaker reported.

“Your honor, when I was a teenager I made series of bad decisions,” Hutchins said in court on Friday, according to reporter Marcy Wheeler. “I deeply regret [the] conduct and harm which resulted.”

Deep Dive

Computing

Inside the hunt for new physics at the world’s largest particle collider

The Large Hadron Collider hasn’t seen any new particles since the discovery of the Higgs boson in 2012. Here’s what researchers are trying to do about it.

Why China is betting big on chiplets

By connecting several less-advanced chips into one, Chinese companies could circumvent the sanctions set by the US government.

How Wi-Fi sensing became usable tech

After a decade of obscurity, the technology is being used to track people’s movements.

VR headsets can be hacked with an Inception-style attack

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.