British malware researcher, 24, plead guilty to two of the FBI’s charges in exchange for authorities dropping the other eight
Marcus Hutchins, the malware researcher also known by his handle MalwareTech, has pleaded guilty to criminal charges laid against him by the FBI after his arrest in 2017.
Hutchins, 24, from Ilfracombe in Devon, is best known for having inadvertently stopped the global spread of the WannaCry ransomware in in May 2017 while analysing it in the course of his work as a researcher for Los Angeles-based Kryptos Logic.
His actions brought him to international attention, but in August 2017, after attending the DefCon and Black Hat security conferences in Las Vegas, he was arrested in at the Las Vegas international airport whilst awaiting his return flight.
The FBI charged him with involvement in writing and distributing two banking Trojans, Kronos and UPAS-Kit, along with a co-conspirator identified only by handles such as “Vinny” and “VinnyK”.
Hutchins’ arrest and prosecution have been controversial, with Hutchins claiming the FBI interrogated him whilst he was sleep-deprived and intoxicated.
The FBI claimed his malware-writing activities began in 2012, when Hutchins was a minor.
Hutchins has now plead guilty to two of the FBI’s ten charges, with authorities agreeing in exchange to drop the other eight.
“As you may be aware, I’ve pleaded guilty to two charges related to writing malware in the years prior to my career in security,” Hutchins said in a short statement on his website.
“I regret these actions and accept full responsibility for my mistakes. Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes.”
For each count Hutchins faces up to five years in prison, up to $250,000 in fines and up to one year of supervised release.
Since his arrest Hutchins has resided in Los Angeles, where he has produced tutorials on malware analysis.