Marcus Hutchins, who is perhaps best known by the hacker alias MalwareTech, has pleaded guilty to two criminal charges related to the creation and distribution of malware. Hutchins became something of a modern folk hero in 2017 when he helped to stop the spread of the WannaCry ransomware virus that crippled personal computers, government institutions, and even hospitals.
His status as a hero was tarnished when he was arrested by the FBI following the Black Hat and Def Con security conferences in Las Vegas. He was arrested at the Las Vegas McCarran International Airport and charged with crimes that shocked everyone in the industry, given his history. As well as helping to combat Wannacry, it emerged that Hutchins had created the Kronos malware. Kronos was used to hack the passwords of online banking customers. He was handed another charge some ten minutes later; this time he was charged with the creation of the UPAS Kit malware, and was charged with helping to distribute these malware packages across the black market.
ZDNet writer Catalin Cimpanu obtained court documents that showed Hutchins is looking at up to ten years in prison after pleading guilty to two of the ten counts against him. He specifically pleaded guilty to distributing Kronos and conspiracy to create and distribute malware.
Hutchins released his statement on the matter through MalwareTech. His statement reads “I've pleaded guilty to two charges related to writing malware in the years prior to my career in security. I regret these actions and accept full responsibility for my mistakes."
Hutchins elaborated, saying that having grown up he began using the destructive skills he misused in years past for constructive purposes. He committed to devoting his time to keeping people safe from malware in the future. This statement is sure to resonate in the security industry, and it’s sure to polarize opinion as well. Many companies have employed “black hat” hackers to protect data and networks, similar to how former thieves are employed to protect against future thievery. There are obvious benefits to this kind of thing, but some people believe that criminal hackers should never be trusted to serve “white hat” roles.
If Hutchins was truly unrepentant about his days as a black hat hacker though, he would never have worked to stop Wannacry. He has already proven his intent to protect people from malware. It’s up to individual people whether or not they can overlook the fact that he also once helped to create and distribute that same malware.