British cyber expert to be sentenced for creating malware

  • TECH
  • Friday, 26 Jul 2019

FILE - This Monday, May 15, 2017, file photo shows Marcus Hutchins, a British cybersecurity expert during an interview in Ilfracombe, England. Hutchins, credited with stopping a worldwide computer virus in 2017 is about to learn his sentence for creating malware designed to steal banking information. He appears in federal court in Milwaukee on Friday, July 26. He pleaded guilty in May to conspiring to distribute malware called Kronos from 2012 to 2015. (AP Photo/Frank Augstein, File)

MILWAUKEE: Just as Marcus Hutchins was hailed as a hero for helping stop a worldwide computer virus in May 2017, his criminal past as a malware developer was about to catch up to him. 

FBI agents had been investigating the 25-year-old British cybersecurity wunderkind for years. Less than two months after his claim to fame, they arrested him and accused him of creating malware to steal banking passwords – charges for which he will be sentenced July 27. 

“It is this darker side of Hutchins’ life that brings him before the Court for sentencing in this case,” prosecutors said in a filing ahead of his sentencing hearing in federal court in Milwaukee. The filing makes no sentencing recommendation, only that it “should be sufficient, though not greater than necessary”. Prosecutors note Hutchins accepted responsibility for his actions during a plea deal in April, and they also gave him credit for his role in finding a “kill switch” to the WannaCry virus. 

He faces up to 10 years in prison. 

Hutchins no longer develops malware attacks and works to stop them, but that does not diminish the seriousness of what he did, prosecutors said. While his case was pending, prosecutors barred Hutchins from returning home, so he worked as a cybersecurity consultant in California. 

“Like a man who spent years robbing banks, and then one day came to realise that was wrong, and even worked to design better security systems, he deserves credit for his epiphany. But he still bears responsibility for what he did,” prosecutors said. 

Hutchins, who was arrested in Las Vegas on Aug 2, 2017 as he was about to board a flight to England, also faces deportation. 

Presentencing documents from Hutchins’ attorneys and the US Probation Office are sealed. 

Hutchins was indicted on 10 charges for developing two pieces of malware and lying to the FBI. Prosecutors said Hutchins conspired to distribute the malware – UPAS Kit and Kronos – from 2012 to 2015 and that he sold Kronos to someone in Wisconsin. He also “personally delivered” the software to someone in California, prosecutors said. 

Hutchins initially pleaded not guilty to all charges and was scheduled to go on trial this month. 

As part of the plea deal, Hutchins pleaded guilty to two charges for creating Kronos – and an updated version of UPAS – and conspiring to distribute it. In exchange, prosecutors dismissed the other eight charges. 

“As you may be aware, I’ve pleaded guilty to two charges related to writing malware in the years prior to my career in security,” Hutchins said in a statement on his website after the plea deal was announced. “I regret these actions and accept full responsibility for my mistakes. Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks.” 

Kronos was “used to infect numerous computers around the world and steal banking information”, prosecutors said, without providing an exact number. It’s unclear how much Hutchins profited from creating the malware, but in online chats the FBI intercepted on November 2014, Hutchins lamented he had only made US$8,000 (RM32,960) from five sales. Hutchins said he thought he would be making around US$100,000 (RM412,000) annually by selling Kronos with one of his conspirators, who is named in the indictment only by his aliases, “Vinny”, “VinnyK” and “Aurora123”. – AP

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!

Next In Tech News

The first SMS was sent 30 years ago. When will the last one be?
How to start a WhatsApp chat without, ugh, creating a new contact
Where to turn off some of Windows 11's biggest annoyances
Exclusive-Twitter exec says moving fast on moderation, as harmful content surges
FTX's LedgerX attracts interest from, Gemini- Bloomberg
Will Netflix and its rivals succeed in stamping out password sharing?
France's Macron discussed Twitter content rules in meeting with Musk
U.S. says Swiss engineering group ABB to pay over $315 million to resolve bribery case
From tweeting to 'tooting': The switch from Twitter to Mastodon
Activision Blizzard game testers vote to form union

Others Also Read