[BreachExchange] British 'hero' hacker who helped stop worldwide WannaCry virus outbreak admits US charges of making malware to attack America's banking system

Mon Apr 22 10:15:57 EDT 2019

https://www.dailymail.co.uk/news/article-6941347/Ransomware-hero-pleads-guilty-US-hacking-charges.html

A British computer security researcher once hailed as a 'hero' for
helping stem a ransomware outbreak, and later accused of creating
malware to attack the American banking system, said Friday he has
pleaded guilty to US criminal charges.

Marcus Hutchins, from Ilfracombe, Devon and whose arrest in 2017
stunned the computer security community, pleaded guilty to criminal
charges linked to his activity in 2014 and 2015 - via a statement.

Marcus Hutchins, who was charged on 10 counts in the United States,
pleaded guilty to two of them, with the U.S. government agreeing to
move towards dismissing the remaining counts at the time of the
sentencing, according to a filing

'I regret these actions and accept full responsibility for my
mistakes,' the 24-year-old Hutchins, known by his alias 'MalwareTech,'
wrote, noting that the charges related to his activity prior to his
work in security.

'Having grown up, I've since been using the same skills that I misused
several years ago for constructive purposes. I will continue to devote
my time to keeping people safe from malware attacks.'

Hutchins in 2017 found a 'kill switch' to stem the spread of the
devastating WannaCry ransomware outbreak, prompting widespread news
reports calling him a hero.

The WannaCry ransomware attack was a May 2017 worldwide cyberattack
which targeted computers running the Microsoft Windows operating
system by encrypting data and demanding ransom payments in the Bitcoin
cryptocurrency.

Months after Hutchin's helped stem it, hex was arrested after
attending the Def Con gathering of computer hackers in Las Vegas.

Hutchins was arrested by FBI agents in a first-class lounge at
McCarran International Airport in Las Vegas as he waited to board a
flight back to the UK on August 2 2017.

The case drew fire from critics who argued that researchers often work
with computer code that can be deployed for malicious purposes.

A federal indictment unsealed in Wisconsin accused Hutchins and
another individual of making and distributing the Kronos 'banking
Trojan,' a reference to malicious software designed to steal user
names and passwords used on online banking sites.

According to the indictment, Hutchins was part of a conspiracy to
distribute the hacking tool on so-called dark markets.

He was released on bail while awaiting trial, allowing him to continue
working for a security firm. He had maintained his innocence and won
support from many others in his profession.

US prosecutors did not immediately respond to an query about the case.

But court documents published by the news site ZDNet showed Hutchins
could face up to one year in jail on each of the criminal counts along
with financial penalties.

Other counts in the indictment were dismissed, according to the court papers.

Both counts carry maximum punishments of five years in prison and
fines of up to 250,000 dollars (£190,000).

Hutchins said that sentencing is 'yet to be scheduled'.