Marcus Hutchins, WannaCry ‘Hero’, Freed After Guilty Plea Over Banking Malware

Marcus Hutchins, WannaCry 'Hero', Freed After Guilty Plea Over Banking Malware

Photo Credit: Twitter/ @Doctor_Tran

Marcus Hutchins, seen here celebrating

  • Marcus Hutchins 25, served just a few days in jail
  • He was arrested in Las Vegas in 2017
  • Hutchins was sentenced to time served

A British cybersecurity expert who admitted writing and selling malware was spared prison Friday by a judge who said the misconduct was outweighed by his help in stopping a worldwide computer virus in 2017.

Marcus Hutchins, who was hailed as a hero for his role in stopping the “WannaCry” virus, was sentenced to time served by US District Judge J.P. Stadtmueller. The judge noted Hutchins had pleaded guilty in April and accepted responsibility for his past actions.

“Mr. Hutchins turned the corner with regard to the conduct that led to these charges,” Stadtmueller said.

Hutchins, 25, served just a few days in jail after being arrested in Las Vegas in 2017, but had been required to stay in the US while his case was pending.

Hutchins spoke briefly Friday, apologising to his victims.

“I deeply regret my conduct and the crimes in which I was involved.” Later in his statement he said: “My plan is to continue my work in security but if possible I would like to dedicate more time to teaching the next generation of security experts.”

His attorney said afterward he intended to return to Great Britain. But during the hearing, Stadtmueller reminded him that his conviction in the case would make it difficult to return to the US, unless he gets a waiver or a pardon, because the crimes he pleaded guilty to are deportable offences. His attorneys say they’ll pursue a pardon from the federal government.

In a tweet after the hearing, Hutchins said he hopes he’s able to return to the US someday.

FBI agents had been investigating Hutchins for years before his arrest. Less than two months after his claim to fame, they arrested him and accused him of creating malware to steal banking passwords.

But Stadtmueller said the crimes Hutchins committed paled to the damage the WannaCry virus did by infecting billions of computers worldwide. He praised Hutchins’ “foresight and ability to put in place in a matter of hours a kill switch” to stop the virus.

“It makes the facts of the case that’s before the court today virtually pale in comparison,” the judge said.

Hutchins was indicted on 10 charges for developing two pieces of malware and lying to the FBI. Prosecutors said Hutchins conspired to distribute the malware — UPAS Kit and Kronos — from 2012 to 2015 and that he sold Kronos to someone in Wisconsin. He also “personally delivered” the software to someone in California, prosecutors said.

Prosecutors in Milwaukee had made no specific sentence recommendation. They also credited Hutchins for his role in stopping the WannaCry virus and for accepting responsibility for his actions during a plea deal in April , but said he still deserved to be punished.

The fact that Hutchins now works to stop malware attacks should not diminish the seriousness of what he did, prosecutors insisted.

“Like a man who spent years robbing banks, and then one day came to realize that was wrong, and even worked to design better security systems, he deserves credit for his epiphany. But he still bears responsibility for what he did,” prosecutors said.

While his case was pending, prosecutors barred Hutchins from returning home, so he worked as a cybersecurity consultant in California.

He had faced up to 10 years in prison, but presentencing documents from the U.S. Probation Office recommended he serve 14 months at most.

Hutchins initially pleaded not guilty to all charges and was scheduled to go on trial this month. As part of the deal, Hutchins pleaded guilty to two charges for creating Kronos — and an updated version of UPAS — and conspiring to distribute it. In exchange, prosecutors dismissed the other eight charges.