British cyber-security researcher hailed as a hero for neutralising the global “WannaCry” ransomware attack in 2017 has pleaded guilty to US charges of writing malware. Marcus Hutchins, who was charged on 10 counts in the United States, pleaded guilty to two of them, with the US government agreeing to move towards dismissing the remaining counts at the time of the sentencing, according to a filing at the US District Court in the eastern district Wisconsin.
“I’ve pleaded guilty to two charges related to writing malware in the years prior to my career in security”, Hutchins, also known online as MalwareTech, said in a statement. “I regret these actions and accept full responsibility for my mistakes,” he added. He did not give details.
Hutchins had risen to overnight fame within the hacker community in May 2017 when he helped de-fang the global “WannaCry” ransomware attack, which infected hundreds of thousands of computers and caused disruptions at factories, hospitals, shops and schools in more than 150 countries.
He was arrested later that year in Las Vegas on unrelated charges that he had built and sold malicious code used to steal banking credentials. US prosecutors had claimed that he and a co-defendant advertised, distributed and profited from malware code known as “Kronos” between July 2014 and 2015. He was later freed on bail, and had plead not guilty to the charges.
The case stunned the computer security community and drew fire from critics who argued that researchers often work with computer code which can be deployed for malicious purposes. His arrest had sparked criticism from some researchers who argue that the case could dissuade “white hat hackers” – those who find security flaws to help fix them – from cooperating with authorities.
Written with agency inputs