researcher Marcus Hutchins, who was integral in stopping the WannaCry ransomware outbreak, has pleaded guilty to creating and distributing and now faces as many as years in prison.

Hutchins, better known as MalwareTech, was charged with 10 counts related to the creation and distribution of the Kronos banking Trojan. The plea deal ended with eight counts being dropped — according to court documents — while Hutchins pleaded guilty to two counts of entering a conspiracy to create and distribute the malware.

“I regret these actions and accept full responsibility for my mistakes. Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes,” Hutchins wrote in a public statement. “I will continue to devote my time to keeping people safe from malware attacks.”

The two guilty pleas in Hutchins’ case each bring potential penalties of up to $20,000 in fines and up to five years in prison with as much as one year of supervised release. It is unclear how time served may impact these penalties as Hutchins spent time under house arrest after his arrest in August 2017.

Hutchins was notably arrested in Las Vegas on Aug. 3, 2017, after he had attended the Def Con 25 security conference. He was later placed under house arrest in Milwaukee before being released on bail and relocating to Los Angeles. The original indictment in the case included six charges and another four charges were added in June 2018.

Operating anonymously under the name “MalwareTech,” Hutchins successfully sinkholed a domain used by the WannaCry ransomware during its outbreak in the spring of 2017. MalwareTech became an infosec media star after being credited with stopping the spread of the notorious ransomware; Hutchins’ identity was later revealed by two separate media reports.

The MalwareTech case has been a source of debate in the infosec community because of the prominence Hutchins achieved for helping find a hardcoded kill switch that limited the damage caused by WannaCry.

Kevin Beaumont, a security architect based in the U.K., expressed support on Twitter, saying, “I stand by [MalwareTech] (not that he needs it). He’s been integral to the fight against real world threats like Emotet while an adult.”

Daniel Miessler, cybersecurity expert and formerly a project leader at the OWASP Foundation, also stood behind Hutchins on Twitter.

Additionally, some worried that the charges would have a chilling effect on others trying to break into cybersecurity research. The illegal activities for which Hutchins was charged occurred between July 2012 and September 2015, before Hutchins began working for Kryptos Logic, a cybersecurity based in Hermosa Beach, Calif.





Source link
Based Blockchain Network

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here