Marcus Hutchins, The Hacker Who Saved The NHS, Spared Jail Sentence For Creating Malware

The Brit was hailed as a hero in May 2017 when he found a “kill-switch” that slowed the effects of the WannaCry virus.
|
Open Image Modal
Associated Press

A British cyber-security researcher credited with stopping a worldwide computer virus in 2017 has been spared a jail sentence by a US federal court judge for developing malware to steal banking information.

Marcus Hutchins, 24, from Ilfracombe, Devon, who is also known as Malwaretech, appeared in a Wisconsin court for sentencing.

In May he pleaded guilty to developing a malware called Kronos and conspiring to distribute it from 2012 to 2015. Prosecutors dismissed eight more charges in exchange for his plea.

He could have received a sentence of 10 years. Reacting to the verdict, Hutchins tweeted on Friday: “Sentenced to time served! Incredibly thankful for the understanding and leniency of the judge, the wonderful character letter you all sent, and everyone who helped me through the past two years, both financially and emotionally.”

The cyber expert had been hailed as a hero in May 2017 when he found a “kill-switch” that slowed the effects of the WannaCry virus that hit more than 300,000 computers in 150 countries and crippled the NHS.

Just months later, he was arrested by FBI agents in a first-class lounge at McCarran International Airport in Las Vegas as he waited to board a flight back to the UK on August 2 2017.

He had been in the US to attend the Def Con hacking convention.

Documents from a court in Wisconsin say Hutchins helped create and sell “malicious computer code” known as Kronos.

It said: “The malware was designed to target banking information and to work on many types of web browsers, including Internet Explorer, Firefox, and Chrome.

“Since 2014, Kronos has been used to infect numerous computers around the world and steal banking information.”

Both counts carry maximum punishments of five years in prison and fines of up to 250,000 dollars (£190,000).

In a statement on his website, Hutchins wrote: “I regret these actions and accept full responsibility for my mistakes.

“Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes.

“I will continue to devote my time to keeping people safe from malware attacks.”