Published on July 26th, 2019 📆 | 4129 Views ⚑0
British Wannacry killer held in US on malware dev rap set free by judge • DigitalMunition
Marcus Hutchins is on his way home to the England after a judge spared him a stretch behind bars in America for developing the Kronos banking trojan.
Hutchins, the British malware reverse-engineer who shot to fame in May 2017 for thwarting a global Wannacry epidemic by discovering and activating its kill switch, was facing up to 10 years in the clink after earlier admitting he crafted the online-bank-account-raiding software nasty years ago as a teenager.
Today, however, Judge Joseph Stadtmueller, in a Wisconsin federal district court, sentenced Hutchins, 25, to one year of supervised release, and time served, plus ordered him to cough up $100 for each count as restitution to victims of his code. This effectively spared the Brit prison in the US, a country he has been forced to live in while awaiting trial since his dramatic arrest by the FBI in Las Vegas in August 2017.
“We see all sides of the human existence, both young, old, career criminals, those who strayed,” Judge Stadtmueller said, investigative journalist Marcy Wheeler reported from the courtroom. “I appreciate the fact that one might view ignoble conduct against backdrop as work a hero, a true hero. That is, at the end of the day, what gives this case its uniqueness.”
The judge acknowledged that Hutchins had already turned from the dark side of malware development during his teenage years, and was now a professional white-hat infosec researcher, before the Feds collared him, and was now using his intimate knowledge of malware and related skills to study and kill off software nasties, rather than creating more of them. Such skills are sorely needed, the judge noted, before passing sentence.
It appears Hutchins will be able to serve his year of probation his home in the UK, after spending the last two years in the US without his passport. Judge Stadtmueller said that he should now be able to go home, but warned that the sentence may well preclude him from ever visiting the US again – though he suggested Hutchins may consider seeking a pardon or a waiver – a comment Hutchins' legal team called "unprecedented."
WannaCry kill-switch hero Marcus Hutchins collared by FBI on way home from DEF CON
Hutchins became a computer security celebrity when he discovered that by registering a particular domain name, the existence of which was checked by Wannacry, he could stop the ransomware worm from spreading. The malicious code had hit computer users in more than 70 countries, and had crippled large chunks of the UK’s National Health Service. By spotting references to the domain the worm, and registering it, he was able to kill off what would be a global epidemic.
Later that year, he was invited to the DEF CON conference in Las Vegas, USA< and spent the week hobnobbing with fellow hackers and doing the usual tourist stuff. When he was about to board the flight home, the FBI swooped and arrested him.
Unbeknownst to Hutchins, the g-men had been investigating him, and suspected he had played a role in the creation of two pieces of malware: the Kronos bank-account-draining trojan, and the UPAS Kit malware. The agents had obtained chat logs showing Hutchins had developed part of the code as a teenager, and had sold copies of it to crooks for a few thousand quid.
While Hutchins initially denied the charges, he later admitted his role. That guilty plea, and his work fighting malware before he was even aware the Feds had him in their sights, counted heavily towards today’s verdict.
“Incredibly thankful for the understanding and leniency of the judge, the wonderful character letter you all sent, and everyone who helped me through the past two years, both financially and emotionally,” Hutchins said after the verdict.
"Hopefully I can work on finding some way to come back to the US. But until then, back to work!"
Meanwhile, his lawyers tweeted:
.@MalwareTechBlog is going home a free man. @brianeklein and I are thrilled that Judge Stadtmueller recognized Marcus’ important contributions to society and sentenced him to time served, even suggesting Marcus should seek a pardon.
— Marcia Hofmann (@marciahofmann) July 26, 2019
Hutchins’ mother was in court to see her son freed and he will now be heading home to Blighty, after returning to Los Angeles, where he has been staying, to pick up his stuff.
Today’s verdict is a rare sign of sense from an American legal system that all too often seems more focused on punishment rather than perspicacity. There seems little sense in locking away a talented researcher, who has much to offer the world, over a few youthful indiscretions. ®
PS: The judge was keen to allow Hutchins to smoothly return to the UK, via LA to pick up his belongings, without having him intercepted by America's feisty border cops, ICE. "Nothing in the judgment requires he stay in US. I'm seeking to avoid him being taken into custody by ICE. We don't need any more publicity or another statistic," he said.
MCubed - The ML, AI and Analytics conference from DigitalMunition.