Ransomware ‘hero’ pleads guilty to US hacking charges
British IT expert Marcus Hutchins AP FILE PHOTO
WASHINGTON — A British computer security researcher once hailed as a “hero” for helping stem a ransomware outbreak and later accused of creating malware to attack the banking system said Friday he pleaded guilty to US criminal charges.
Marcus Hutchins, whose arrest in 2017 stunned the computer security community, acknowledged in a statement pleading guilty to criminal charges linked to his activity in 2014 and 2015.
READ: Warning Issued Over Attacks on Internet Infrastructure
“I regret these actions and accept full responsibility for my mistakes,” the 24-year-old Hutchins, known by his alias “MalwareTech,” wrote, noting that the charges related to his activity prior to his work in security.
“Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks.”
Hutchins in 2017 found a “kill switch” to stem the spread of the devastating WannaCry ransomware outbreak, prompting widespread news reports calling him a hero.
Feel free to give me as much shit as you want for what I've done, I deserve it. But also realize that there are many with personal grudges looking to spread false information, especially trying to claim I did WannaCry.
— MalwareTech (@MalwareTechBlog) April 20, 2019
Months later he was arrested after attending the Def Con gathering of computer hackers in Las Vegas.
The case drew fire from critics who argued that researchers often work with computer code that can be deployed for malicious purposes.
A federal indictment unsealed in Wisconsin accused Hutchins and another individual of making and distributing the Kronos “banking Trojan,” a reference to malicious software designed to steal user names and passwords used on online banking sites.
I have nothing but infinite gratitude for those who have shared kind messages today. I feel undeserving of them, but you really helped me get through today. Thank you ❤️
— MalwareTech (@MalwareTechBlog) April 20, 2019
According to the indictment, Hutchins was part of a conspiracy to distribute the hacking tool on so-called dark markets.
He was released on bail while awaiting trial, allowing him to continue working for a security firm. He had maintained his innocence and won support from many others in his profession.
US prosecutors did not immediately respond to an AFP query about the case. But court documents published by the news site ZDNet showed Hutchins could face up to one year in jail on each of the criminal counts along with financial penalties.
Other counts in the indictment were dismissed, according to the court papers.
