Security researcher Marcus Hutchins pleaded guilty on Wednesday to writing malware and helping sales with a partner.
Hutchins is better known for his crucial role in destroying the worldwide distribution of WannaCry and his online persona [19459006MalwareTech by interacting with the information security community by helping users get into the field, Disseminate information about new threats and publish malware analysis tutorials.
Hutchins was arrested at Las Vegas airport on August 2, 201
Possible Prison and Significant Fines
The guilty verdict filed on Friday is for Count One and counts two out of a total of ten charges brought in a redundant indictment by the US Attorney's Office.
These relate to the development of malware (UPAS Kit and Kronos Banking Trojans) and help disseminate in partnership with a co-conspirator known as "Vinny", "VinnyK", "Aurora 123 ", is known. Gone with the wind "Cocaine" and "Jack of All Trades". According to court documents, these activities took place between July 2012 and September 2015.
Each of the charges has a maximum sentence of five years imprisonment, fines of up to $ 250,000, one year of supervised release, and a $ 100 USD special offer. Overall, Hutchins risked ten years in prison and $ 500,000 in fines. Following this plea, the remainder of the charges will be dismissed in court.
It should be noted that regardless of the outcome of this agreement, Hutchins is not exempted from further civil or administrative proceedings from the US or local governments.
In a public statement on his blog, the researcher says he regrets his actions before his career in cybersecurity and takes full responsibility for his mistakes.
"I grew up and grew up ever since. I use the same skills that I abused for constructive purposes a few years ago, and I will continue to work to protect people from malware attacks."
Support is still strong
Although this has not always been open and forever granted For this reason, many security researchers have to do with cybercriminals. In every profession wearing a white hat, there is often a drop of blackhat. This is especially true for older generations of security experts who have no current information resources. They also did so at a time when the laws for cyber incidents were too vague or did not exist.
Today's Internet, however, provides sufficient learning opportunities to reach experts without having to break the law, and even for free. Hutchins agrees:
It is a misconception that as a security expert you have to try your luck on the dark side. It is not true. You can learn everything you need to know legally. Stay on the good side.
– MalwareTech (@MalwareTechBlog) April 20, 2019
After his arrest, numerous researchers gathered to help him. Even his local Conservative Member of Parliament Peter Heaton-Jones and a dozen more sent support letters on his behalf. Hutchins has relied on crowdfunding to cover his legal fees.
Even now, Hutchins has a large crowd in his corner. A cursory glance at the answers he received after he tweeted his statement about the recent development of the case shows mostly positive comments. They would have to look harder to find a negative answer.
Stay strong, you will come back
– x0rz (@ x0rz) 19 April 2019
Hoping for the best.
– Moose (@LitMoose) April 19, 2019
You are honest, you deserve to be at home.
– DEY! (@ronindey) April 19, 2019
I think many of us acknowledge that this case has always been a bad use of the prosecutor's discretion. Right and wrong have always been a completely different standard than legal and illegal. I hope to see you back in a good fight soon.
– Jacob Riggs (@Riggsbit) April 19, 2019
Still in your corner, kid. And I do not mean that lovingly in a decreasing way. Just come home. I want that for you. And so that your family can hug and see you. All my love and support. I will always believe in you.
– BlackRoomSec (@blackroomsec) April 19, 2019
A closer look reveals that most are in computer security: trainers, malware researchers, penetration testers, reverse engineering, security consultants, nerds
After abandoning criminal life, Hutchins dedicated himself to the fight against malware threats and applied for a job with the British intelligence service, the General Communications Headquarters (GCHQ) cybersecurity firm Kryptos Logic, following his analysis of the Kelihos botnet recruited.
Hutchins published technical articles demonstrating his reverse engineering skills prior to his application, often revealing the tricks of various types of malware and their components;
In an article about the impending expiration of the Carberp Banking Malware source code in 2013, Hutchins wrote:
"Leakage like this is not going to be good." AV companies get one. A massive increase in infected users usually occurs and spin-off bots […] I think we can only hope that big antivirus vendors can update their software to deal with this threat before more damage is done The first 5 people asking me From where I get the source, a virtual slap (all paid expenses) and my eternal refusal will be received. "
Even after he was arrested, he further contributed to the fight against cybercrime: identification and understanding topology of command and control Control servers (Emotet), bot (Hide and Seek) tracking, Reverse engineering tool review (GHIDRA by NSA) and vulnerability analysis.
All of these efforts led to a consortium of supporters who not only became off-kilter words, but also pulled together to pay his lawyer's fees (after his arrest, he was denied work for his employer).
In addition to the already expired time, this can also count when the court sentences the sentence for which no date is currently set.