A 24-year-old
blogger and malware researcher Marcus Hutchins arrested in 2017 for allegedly authoring and
selling malware designed to steal online banking credentials, has pleaded
guilty to criminal charges of conspiracy and to making, selling or advertising
illegal wiretapping devices.
Hutchins, who authors
the popular blog MalwareTech, was virtually unknown to most in the security
community until May 2017 when the U.K. media revealed him as the “accidental
hero” who inadvertently halted the global spread of WannaCry, a ransomware contagion that had taken the world by
storm just days before.In
August 2017, Hutchins was arrested by FBI agents in Las Vegas on suspicion of
authoring and/or selling “Kronos,” a strain of malware designed to steal online banking
credentials. A British citizen, Hutchins has been barred from leaving the
United States since his arrest.
In a statement posted to his
Twitter feed and to
malwaretech.com, Hutchins said today he had pleaded guilty to two charges
related to writing malware in the years prior to his career in security. “I
regret these actions and accept full responsibility for my mistakes,” Hutchins
wrote. “Having grown up, I’ve since been using the same skills that I misused
several years ago for constructive purposes. I will continue to devote my time
to keeping people safe from malware attacks.”
Hutchins
pleaded guilty to two of the 10 counts for which he was originally accused,
including conspiracy charges and violating U.S.C. Title 18, Section 2512, which involves the manufacture,
distribution, possession and advertising of devices for intercepting online
communications.
Creating malware is a
form of protected speech in the United States, but selling it and disseminating
it is another matter. University of Southern California law professor Orin Kerr‘s 2017 dissection of the government’s charges is worth a
read for a deep dive on this sticky legal issue.
According to a copy of
Hutchins’ plea agreement, both charges each carry a maximum of up to five years
in prison, up to a $250,000 fine, and up to one year of supervised release.
However, those charges are likely to be substantially tempered by federal
sentencing guidelines and may take into account time already served in
detention. It remains unclear when he will be sentenced.
The
plea agreement is here (PDF). “Attachment A” beginning on page 15 outlines
the government’s case against Hutchins and an alleged co-conspirator. The
government says between July 2012 and Sept. 2015, Hutchins helped create and
sell Kronos and a related piece of malware called UPAS Kit.
Despite what many readers
here have alleged, I hold no ill will against Hutchins. He and I spoke briefly
in a friendly exchange after a chance encounter at last year’s DEF CON security
conference in Las Vegas, and I said at the time I was rooting for him to beat
the charges. I sincerely hope he is able to keep his nose clean and put this
incident behind him soon.
If you would like help with your Malware Protection for your websites then we're here to help.
Just Contact Us
Just Contact Us
Best Regards ,
Web Admin
LATVIK SECURE
LATVIK TECHNOLOGIES ™
www.latvikhost.com | https://latviksecure.blogspot.com 
No comments:
Post a Comment